remote-viewer + squid / console hangs (tcp timeout/keepalive?)
Hi, I've got a squid proxy set up for my ovirt console, which works great. However, if I'm connected to a (non-graphic) console and step away for several minutes (somewhere between 15-30 -- I haven't figured out exactly how long), the console will freeze. My TCP connections still seem to be active (they don't disconnect) -- I still see the connection between my remote-console and squid, and between the squid and console host. However if I type into the console I see nothing. Has anyone seen this issue and know how to correct it? This is with ovirt 4.0.5 on centos 7.2. The guest doesn't seem to matter -- I've seen this issue with different guests. Thanks, -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant
Hi again, "Derek Atkins" <derek@ihtfp.com> writes:
Hi,
I've got a squid proxy set up for my ovirt console, which works great. However, if I'm connected to a (non-graphic) console and step away for several minutes (somewhere between 15-30 -- I haven't figured out exactly how long), the console will freeze. My TCP connections still seem to be active (they don't disconnect) -- I still see the connection between my remote-console and squid, and between the squid and console host. However if I type into the console I see nothing.
Has anyone seen this issue and know how to correct it?
This is with ovirt 4.0.5 on centos 7.2. The guest doesn't seem to matter -- I've seen this issue with different guests.
I've done a bit more testing on this. I've tried turing on TCP keepalives within squid, but here's what happens: 1) remote-viewer opens up 4 TCP connections through the proxy 2) About 15 minutes later one connection closes. At this point, the remote console still works. 3) At some point in the future (I'm not exactly sure what triggers this, yet), a second connection closes. It's at this point the remote console stops working. It's still there/visible, but no typing makes it across (the window appears hung). 4) When I close the window, the final two connections close. Here's the squid access log: { Opened remote console at 16:13:37 } { Typed into it again at 16:21 } [2016/11/29 16:28:32.032] 900277 <my client IP> TCP_MISS/200 2828 CONNECT X.Y.Z.70:5910 - HIER_DIRECT/X.Y.Z.70 - { still works after first connection dropped. Left viewer minimized. } { retested at 17:33:08 -- still works when it was minimized. Now leaving open } [2016/11/29 18:26:41.936] 7990181 <my client IP> TCP_MISS/200 12224 CONNECT X.Y.Z.70:5910 - HIER_DIRECT/X.Y.Z.70 - { tested at 18:31: no longer working } So I guess my questions are: 1) Why are there 4 connections opened? 2) Why do two die "early"? 3) How do I keep them open longer/permanently? I'll note that this looks a lot like this email thread, but I know it's got nothing to do with a firewall if for no other reason that not all connections are exiting simultaneously. http://virt-tools-list.redhat.narkive.com/7rE6ZtZ8/virtviewer-and-tcp-keepal... Any suggestions? -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant
On Wed, Nov 30, 2016 at 1:30 AM, Derek Atkins <derek@ihtfp.com> wrote:
Hi again,
Hello, I opened a similar thread here: http://lists.ovirt.org/pipermail/users/2016-November/044142.html
Do you experiment your problem both with user and admin portal? In my case I have the same but only when I opne the remote console from web admin portal. From user portal it is ok. I'm going to do more tests...
Hi, Gianluca Cecchi <gianluca.cecchi@gmail.com> writes:
On Wed, Nov 30, 2016 at 1:30 AM, Derek Atkins <derek@ihtfp.com> wrote:
Hi again,
Hello, I opened a similar thread here: http://lists.ovirt.org/pipermail/users/2016-November/044142.html
This thread seems to be slightly different than mine, at least at first glance. My issue is that I can connect to the console and it works fine for a while, but if it sits idle for "too long" then it stops working (where "too long" seems to vary a bit -- another trial today lasted only 20 minutes).
Do you experiment your problem both with user and admin portal?
I only tried with the admin portal. I just now tried the user portal but something seems to be broken -- when I log in to the user portal with my admin@internal credentials I don't see any of my VMs! I know I tried this at the onset with 4.0.4, but I haven't tried it recently since I upgraded to 4.0.5. Not sure what's going on there. I just tried logging in with another user and I see the authorized VMs. So there's something about admin@internal and the user portal in 4.0.5 that's causing me issues.
In my case I have the same but only when I opne the remote console from web admin portal. From user portal it is ok. I'm going to do more tests...
I just tested from my user account. I opened a console to a VM and let it sit idle. After 15 minutes the first connection closed (the same as the admin portal). The second connection closed after about 70 minutes at which point the console became unusable. This implies to me that user vs admin portal does not affect the console becoming unusable after some period of idle time, after which the second of four connections drops. Is there anything else you'd like me to test? -derek -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant
participants (2)
-
Derek Atkins -
Gianluca Cecchi