cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mathias Mullins <mathias.mull...@citrix.com>
Subject Re: consoleproxy.url.domain not updating
Date Mon, 31 Dec 2012 14:45:47 GMT
Rob,

Did you populate your DNS server with all of the A records for each IP in your range?

Information is in this document. http://docs.cloudstack.org/Knowledge_Base/Replacing_realhostip.com_with_your_own_domain

Thanks,
Matt

On Dec 31, 2012, at 9:01 AM, "Robert Booth" <robert.booth@trebortech.com<mailto:robert.booth@trebortech.com>>
wrote:

Kirk,

When I try to connect via the UI "View Console" link I get

This webpage is not available

The webpage at *https://......my console server dns
name......../ajax?token=Gt3DTg7XXUFOpQjQX1hY9tyik9hj-No8TbP2jveS5VNPdMaqHnAwasJJhHOkX0QSUFHPcWfTlT9dgbd5AUvKfr0knkdeS51Ghb4u6DzBkq8iwUipstcz4JG5FOCKPO4VtDW3tne4FRcqkhJWwOvCc9Tl0LYv9Q3qg50ssYG3mrg7BBYmV8iJy7VmNxPmMQ38jqIRk4N4gbB3HwHQcxi3TY3G9BwKVcFkY4i06X4sIG_fe4C1ugAnSAy0F94hekCV5wPaaGu4kWA
* might be temporarily down or it may have moved permanently to a new web
address.

Error 501 (net::ERR_INSECURE_RESPONSE): Unknown error.


Funny thing is when I hover over the "View Console" button the url shown in
the browser status bar is http://CloudManagement:8080/client/#. Using the
chrome developer tools I found the href tag is set to "#".


-Rob


On Sun, Dec 30, 2012 at 10:51 PM, Kirk Kosinski <kirkkosinski@gmail.com<mailto:kirkkosinski@gmail.com>>wrote:

Opening a browser window directly to HTTPS on a console proxy will
normally give a 404 error.  Try accessing a VM console through the
CloudStack UI (which should generate and use a valid URL to the console
proxy) and ignore the cert error to see what happens.

Kirk

On 12/30/2012 08:37 PM, Robert Booth wrote:
Kirk,

When I open a browser window directly to the console server I get an
invalid certificate error.

"This certificate was signed by an unknown authority"

I need to get that correct but will that stop me in my tracks?

When I click to ignore I get a 404 Not Found error message "No context
found for request".

-Rob


On Sun, Dec 30, 2012 at 10:17 PM, Kirk Kosinski <kirkkosinski@gmail.com<mailto:kirkkosinski@gmail.com>
wrote:

What is the error in the browser?  Can you connect to 443/tcp on the
console proxy from your desktop?

Best regards,
Kirk

On 12/30/2012 11:10 AM, Robert Booth wrote:
Thanks Kirk,

Yes that did it. My domain name is now updated but I still feel no love
with the console proxy. The URL has been updated and everything is
resolving correctly but I still can't connect via the remote console.
I used a self-signed CA and server cert so I'm wondering if that is my
problem. I'm going to keep digging and what I'm missing. My guess is
the
Root CA I created is not trusted in the system.

As a side not for anyone trying to update the cert in the UI and
getting
an
error the it's an invalid cert I did the following.

1. Created CA private key
- openssl genrsa -des3 -out mydomain.priv.key 2048   * Remember
password
you will need it

2. Created CA certificate request file
- openssl req -new -key mydomain.priv.key -out mydomain.req

3. Self-sign my CA request
- openssl x509 -req -days 7305 -sha1 -extfile /etc/ssl/openssl.cnf
-extensions v3_ca -signkey mydomain.priv.key -in mydomain.req -out
mydomain.crt

4. Created a server key
- openssl genrsa -out cloud.mydomain.priv.key 2048

5. Generate Server certificate request file
- openssl req -new -key cloud.mydomain.priv.key -out cloud.mydomain.req

6. Sign my server request
- openssl x509 -req -days 7000 -sha1 -extfile /etc/ssl/openssl.cnf
-extensions v3_req -CA mydomain.crt -CAkey mydomain.priv.key
-CAcreateserial -in cloud.mydomain.req -out cloud.mydomain.crt

*** This last step is what fixed my UI error on an invalid SSL key
7. create a PKCS8 key file
- openssl pkcs8 -topk8 -in cloud.mydomain.priv.key -inform pem -out
cloud.mydomain.pkcs8.key -outform pem -nocrypt


In the UI put the contents of cloud.mydomain.crt into certificate
field.
Put the contents on cloud.mydomain.pkcs8.key into the PKCS#8 Private
Key
and finally put your domain name in.




On Sun, Dec 30, 2012 at 4:55 AM, Kirk Kosinski <kirkkosinski@gmail.com<mailto:kirkkosinski@gmail.com>
wrote:

Hi, Rob.  I don't know what that global setting is supposed to do.  To
update the domain, follow the procedure to update the SSL certificate
(in UI, Infrastructure > Update SSL Certificate), which includes the
option to update the domain.

Best regards,
Kirk

On 12/29/2012 12:36 PM, Robert Booth wrote:
I'm trying to get the remote console view to work but I can't seem to
get
past the realhostip.com<http://realhostip.com> url setting.

I have a fresh install of CloudStack 4.0 on updated Ubuntu 12.04
management
server and host. I'm running KVM on the host.

I've updated the consoleproxy.url.domain setting on the management
server
to a valid external domain name and restarted my management server
and
no
luck.

Things I've tried.

Restarted the management server

Restarted the agent service

Removed all system vms and recreated them.

Rebooted the management server and the host

I still get the realhostip.com<http://realhostip.com> address when I try to console
into a
vm
via
the UI.

Any help would be great!

Thanks,
Rob






Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message