[ovirt-users] remote-viewer + squid / console hangs (tcp timeout/keepalive?)
Derek Atkins
derek at ihtfp.com
Wed Nov 30 00:30:43 UTC 2016
Hi again,
"Derek Atkins" <derek at ihtfp.com> writes:
> Hi,
>
> I've got a squid proxy set up for my ovirt console, which works great.
> However, if I'm connected to a (non-graphic) console and step away for
> several minutes (somewhere between 15-30 -- I haven't figured out exactly
> how long), the console will freeze. My TCP connections still seem to be
> active (they don't disconnect) -- I still see the connection between my
> remote-console and squid, and between the squid and console host. However
> if I type into the console I see nothing.
>
> Has anyone seen this issue and know how to correct it?
>
> This is with ovirt 4.0.5 on centos 7.2. The guest doesn't seem to matter
> -- I've seen this issue with different guests.
I've done a bit more testing on this. I've tried turing on TCP
keepalives within squid, but here's what happens:
1) remote-viewer opens up 4 TCP connections through the proxy
2) About 15 minutes later one connection closes. At this point, the
remote console still works.
3) At some point in the future (I'm not exactly sure what triggers this,
yet), a second connection closes. It's at this point the remote
console stops working. It's still there/visible, but no typing makes
it across (the window appears hung).
4) When I close the window, the final two connections close.
Here's the squid access log:
{ Opened remote console at 16:13:37 }
{ Typed into it again at 16:21 }
[2016/11/29 16:28:32.032] 900277 <my client IP> TCP_MISS/200 2828 CONNECT X.Y.Z.70:5910 - HIER_DIRECT/X.Y.Z.70 -
{ still works after first connection dropped. Left viewer minimized. }
{ retested at 17:33:08 -- still works when it was minimized. Now leaving open }
[2016/11/29 18:26:41.936] 7990181 <my client IP> TCP_MISS/200 12224 CONNECT X.Y.Z.70:5910 - HIER_DIRECT/X.Y.Z.70 -
{ tested at 18:31: no longer working }
So I guess my questions are:
1) Why are there 4 connections opened?
2) Why do two die "early"?
3) How do I keep them open longer/permanently?
I'll note that this looks a lot like this email thread, but I know it's
got nothing to do with a firewall if for no other reason that not all
connections are exiting simultaneously.
http://virt-tools-list.redhat.narkive.com/7rE6ZtZ8/virtviewer-and-tcp-keepalives
Any suggestions?
-derek
--
Derek Atkins 617-623-3745
derek at ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant
More information about the Users
mailing list