I think I've found the reason. All system VMs including SSVM and CPVM cannot reach internet. Oddly incoming connection to them from outside works well but they cannot establish outgoing connections to the internet. The host itself can reach and can be reached through Internet but system VMs cannot. You may firstly think that it is an issue with firewall and egress rules, but it isn't! Because guests can reach internet with no problem. I have checked system VMs and found that public interface on them has no gateway set. If I manually set it, it works. But I'm wondering why cloudstack does not set gateway on public interface of system VMs?
Any idea will be appreciated. Regards. On Mon, Sep 10, 2018 at 11:47 AM Fariborz Navidan <[email protected]> wrote: > This is what I get: > > sysctl: cannot stat /proc/sys/kernel/random/entropy_avail: No such file > or directory > > > On Mon, Sep 10, 2018 at 11:37 AM Stephan Seitz <[email protected]> > wrote: > >> You coul check inside the CPVM via >> sysctl kernel.random.entropy_avail >> >> That value should never drop to zero. Keep in mind that a single peek >> wont give you the picture. You have to check that a few times during ssl >> handshakes taking place. >> >> Alternatively,, you could apt-get install haveged without checking. That >> daemon wont take much re,ssources. >> >> Gesendet von meinem BlackBerry 10-Smartphone. >> Originalnachricht >> Von: Fariborz Navidan >> Gesendet: Montag, 10. September 2018 08:44 >> An: [email protected] >> Antwort an: [email protected] >> Betreff: Re: Very slow SSL-enabled console proxy >> >> >> >> > Fariborz Navidan <[email protected]> hat am 10. September 2018 um >> 08:44 geschrieben: >> > >> > >> > Please provide me commands to run on CPVM to check this. >> > >> > Thanks >> > >> > On Mon, Sep 10, 2018 at 11:00 AM Stephan Seitz <[email protected]> >> wrote: >> > >> > > >> > > I'ld check the available entropy inside the console proxy vm. If the >> > > entropy pool is running low, you could install haveged as a gathering >> > > daemon. >> > > >> > > >> > > >> > > � Originalnachricht � >> > > Von: Fariborz Navidan >> > > Gesendet: Montag, 10. September 2018 08:14 >> > > An: [email protected] >> > > Antwort an: [email protected] >> > > Betreff: RE: Very slow SSL-enabled console proxy >> > > >> > > >> > > >> > > > Fariborz Navidan <[email protected]> hat am 10. September 2018 >> um >> > > 08:13 geschrieben: >> > > > >> > > > >> > > > Hello, >> > > > >> > > > It cannot be due to server load because it is fresh cloudstack >> > > installation and no one connects to console. It is something >> regarding SSL >> > > connection. >> > > > >> > > > Regards. >> > > > >> > > > Sent from Mail for Windows 10 >> > > > >> > > > From: Ivan Kudryavtsev >> > > > Sent: Monday, September 10, 2018 4:22 AM >> > > > To: users >> > > > Subject: Re: Very slow SSL-enabled console proxy >> > > > >> > > > Hello, Fariborz. >> > > > >> > > > You can try to create a service offering for CPVM and set its UUID >> in >> > > > global vars, but usually it works fine by default. >> > > > >> > > > пн, 10 сент. 2018 г., 4:17 Fariborz Navidan <[email protected] >> >: >> > > > >> > > > > Hello folks, >> > > > > >> > > > > After enabling console proxy SSL, it is very slow, It takes to >> long to >> > > > > establish https session. What can be the cause? Please help. >> > > > > >> > > > > Best Regards >> > > > > >> > > > >> > > >> >
