Libvirt Connect to XEN from Windows - virtualization

I have setup XEN on SLES12 and created few virtual machines. Using virsh I am able to connect to libvirt from linux but not from windows. I was trying:
# connect xen://hostname
# connect xen://hostname/system
# connect xen+tcp://hostname
# connect xen+tcp://hostname/system
I have recieved following error messages:
# connect xen+tcp://hostname 'Unable to connect to server at 'hostname:16509': Unknown error 107'
# connect xen://hostname 'error: Cannot read CA certificate '/usr/i686-w64-mingw32/sys-root/mingw/etc/pki/CA/cacert.pem': No such file or directory'
Other commands stated above produce same errors. I runned netstat and I cannot find port number 16509. I assume that when I connect from linux it uses different port(?) as there is no problem with that. the only difference is that from linux I use ssh connection:
# connect xen+ssh://root#hostname
Any ideas will be appriciated

It’s likely that your libvirtd is not listening to the TCP port. You must have –listen option while running the libvirtd.
Check following link
Additionally you may need to modify /etc/libvirt/libvirtd.conf
listen_tls = 0 #it's enabled by default. To disable it, set it to be zero
listen_tcp = 1
tcp_port="16509"
listen_addr="192.168.45.22"
# tcp_auth = "sasl"
auth_tcp = "none"
# /usr/sbin/libvirtd –listen

Use command libvirtd -d
It will create libvirtd deamon
and then use libvirtd --listen to make libvirtd listen on TCP port.

Related

Connecting to libvirtd uri from guest to run virsh commands on host

Is connecting to host hypervisor (using libvirt remote uri ) from guest possible ?
From the various documents online, I infer that connecting to a hypervisor uri is possible only locally(,i.e, from the host). Is this understanding correct?
Is there any other way to trigger the run of virsh commands on host from guest ?
On host:
#virsh uri
qemu:///system
#virsh -c qemu:///system list
Id Name State
----------------------------------------------------
4 guest_vm running
On guest:
# curl qemu://user1#192.168.10.1/system -vv
* Protocol qemu not supported or disabled in libcurl
* Closing connection -1
curl: (1) Protocol qemu not supported or disabled in libcurl
Libvirt does not use a HTTP/REST protocol, so your use of 'curl' here is the key problem. Libvirt uses a private binary RPC protocol, so you must always use a libvirt based application to connect to libvirtd. Your URI is right - you simply need to give it to virsh instead - eg 'virsh -c qemu://user1#192.168.10.1/system'. Libvirt supports several different methods to connect - the URI you've used will access libvirt over a TLS encrypted connection - this requires that you configure libvirtd on the host to listen on the IP address, and given it x509 certificates. If you want to avoid using TLS+x509, the simpler approach is to use the SSH tunnel with a 'qemu+ssh://.....' URI. For information about accessing libvirtd remotely see http://libvirt.org/remote.html
This is possible. The command would look like
virsh --connect qemu+ssh://user1#192.168.10.1/system
For more details please refer to http://libvirt.org/uri.html

HiveMQ error when I run it: Could not bind to all interfaces and port 1883, because it is already in use

I'm developing an MQTT based application using HiveMQ, an enterprise broker. I installed it as per the instructions here- http://www.hivemq.com/docs/hivemq/2.0.1/
When I run it using ./bin/run.sh, the server connection is immediately closed due to the error - Could not bind to all interfaces and port 1883, because it is already in use. Stopping HiveMQ
As far as I'm aware, nothing else is using this port. This happens even when I restart my computer and nothing else is running. I'm running in root mode.
Why am I getting this error?
To check if something is already running on the port, please type the following into the terminal if you happen to run a Linux / BSD / OSX:
netstat -an|grep 1883
If you're running a Windows System, type the following:
netstat -an|find "1883"
After running that command you should see which application is using port 1883.
Alternatively you could edit the configuration.properties file in you conf folder of the HiveMQ installation and set the global.port property to a port of your choice.
From those results, do you have d-bus daemon installed? I don't know much about d-bus, but have you tried disabling it or modifying the config and then see if you can restart hivemq on port 1883.

Connecting to Oracle WebLogic Server Instance (Admin Server)

I have just started playing around with Oracle Weblogic. I am trying to do some scripting using WLST , a commandline tool. I have a test environment set up which has Weblogic 10.3 and Linux 2.6.18 on it. I have managed to log into wlst in the offline/interactive mode.
I now want to connect to the AdminServer in my domain. I am having issues doing so.
Following is the command that I am using:
wls:/offline> connect('username','password','localhost:7002')
Once the command is fired it just shows the cursor blinking and the operation does not timeout.
Using the console I have verified the state of the AdminServer , the user defined in security realm and the listen port of the server.
I am wondering why the above command did not work.
On the other hand I created a test managed server using the administration console and successfully made a connection through wlst using the same command.
Am I missing something ?
Thanks !!
I see two things.
On a default installation, port 7002 is a ssl port. It might not be configured and to use it you should specify the t3s protocol, instead of using default t3.
Also, the server is not listening on localhost. That server has an IP address, and chances are the admin server bound to it. It is not listening to 127.0.0.1.
To tell, issue this command (Linux):
#Linux
netstat -plan | grep 7001.*LISTEN
REM Windows
netstat -a -p tcp -n -o | findstr /R 7001.*LISTENING
You will see something like this (Linux):
tcp 0 0 ::ffff:192.168.1.11:7001 :::* LISTEN 20993/java
You can use the IP address, but might as well use the fully qualified name given by:
nslookup 192.168.1.11
Try again connecting :
connect('username','password','t3://myserver-fqdn.example.com:7001')
Or if SSL is configured, this should work:
connect('username','password','t3s://myserver-fqdn.example.com:7002')
Mohan there could be missing in /etc/hosts file. Please check that other reason could be firewall on the Linux box would making issue.
can you show your connect command for managed server? That may hint us to identify issue.
Did you tried with the 1p addresss as well with t3:// protocol?

Site to site OpenSWAN VPN tunnel issues with AWS

We have a VPN tunnel with Openswan between two AWS regions and our colo facility (Used AWS’s guide: http://aws.amazon.com/articles/5472675506466066). Regular usage works OK (ssh, etc), but we are having some MySQL issues over the tunnel between all areas. Using mysql command line client on a linux server and trying to connect using the MySQL Connector J it basically stalls… it seems to open the connection, but then gets stuck. It doesn't get denied or anything, just hangs there.
After initial research thought this was an MTU issue, but I've messed with that a lot and no luck.
Connection to the server works fine, and we can choose a database to use and such, but using the Java connector it appears that the Java client isn't receiving any network traffic after the query is made.
When running a select in the MySQL client on linux we can get a max of 2 or 3 rows before it goes dead.
With this said, I also have a separate openswan VPN on the AWS side for client (mac and iOS) vpn connections. Everything works fantastically through the client VPN and it seems more stable in general. The main difference I've noticed is that the static connection is using "tunnel" as the type and the client is using "transport", but when switching the static tunnel connection to transport it says there's like 30 open connections and doesn't work.
I'm very new to OpenSWAN, so hoping someone can help to point me in the right direction of getting the static tunnel working as well as the client VPN.
As always, here's my config files:
ipsec.conf for BOTH static tunnel servers:
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
virtual_private=
oe=off
# Enable this if you see "failed to find any available worker"
# nhelpers=0
#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
include /etc/ipsec.d/*.conf
VPC1-to-colo tunnel conf
conn vpc1-to-DT
type=tunnel
authby=secret
left=%defaultroute
leftid=54.213.24.xxx
leftnexthop=%defaultroute
leftsubnet=10.1.4.0/24
right=72.26.103.xxx
rightsubnet=10.1.2.0/23
pfs=yes
auto=start
colo-to-VPC1 tunnel conf
conn DT-to-vpc1
type=tunnel
authby=secret
left=%defaultroute
leftid=72.26.103.xxx
leftnexthop=%defaultroute
leftsubnet=10.1.2.0/23
right=54.213.24.xxx
rightsubnet=10.1.4.0/24
pfs=yes
auto=start
Client point VPN ipsec.conf
# basic configuration
config setup
interfaces=%defaultroute
klipsdebug=none
nat_traversal=yes
nhelpers=0
oe=off
plutodebug=none
plutostderrlog=/var/log/pluto.log
protostack=netkey
virtual_private=%v4:10.1.4.0/24
conn L2TP-PSK
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
type=transport
forceencaps=yes
right=%any
rightsubnet=vhost:%any,%priv
rightprotoport=17/0
# Using the magic port of "0" means "any one single port". This is
# a work around required for Apple OSX clients that use a randomly
# high port, but propose "0" instead of their port.
left=%defaultroute
leftprotoport=17/1701
# Apple iOS doesn't send delete notify so we need dead peer detection
# to detect vanishing clients
dpddelay=10
dpdtimeout=90
dpdaction=clear
Found the solution. Needed to add the following IP tables rule on both ends:
iptables -t mangle -I POSTROUTING -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
This along with an MTU of 1400 and we're looking very solid
We had the same issue with a server connecting from the EU region to an RDS instance in the US. This appears to be a known issue with the RDS instances not responding to ICMP which is needed to auto-discover the MTU settings. As a workaround, you'll need to configure a smaller MTU on the instance that is performing the query.
On the server that is making the connection to the RDS instance (not the VPN tunnel instances), run the following command to get a MTU setting of 1422 (which worked for us):
sudo ifconfig eth0 mtu 1422

Apache installation on Windows 7

I am a newbie with Apache. I am learning .. after the installation when I tried to start the service I got the following errors.
The Apache service named reported the following error:
Unable to open logs .
The Apache service named reported the following error:
no listening sockets available, shutting down .
The Apache service named reported the following error:
(OS 10048)Only one usage of each socket address (protocol/network address/port) is normally permitted. : make_sock: could not bind to address 0.0.0.0:80 .
The Apache service named reported the following error:
httpd.exe: Could not reliably determine the server's fully qualified domain name, using 192.168.1.6 for ServerName .
The following error usually means that some other program is listening on the HTTP port (80).
(OS 10048)Only one usage of each
socket address (protocol/network
address/port) is normally permitted. :
make_sock: could not bind to address
0.0.0.0:80 .
In my experience, IM (chat) clients like to connect to port 80.
From a command prompt, (cmd.exe) run the command:
netstat -an
See if there is a listener on port 80 (Look for a line that says:
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING
=== ====
the important thing being TCP and 80. If you find something, you'll need to track it down using something like TcpView
If Skype is your problem and it seems it usually is, alter Skype's port usage.
Click on Tools in Skype,
click on Options,
click Advanced,
click Connections.
In Connection is the option to use another port, I use a high numbered port such as 65432, then un-click the alternative use of port 80 and 443.
Close and restart Skype.
modifying C:\Program Files\Apache Software Foundation\Apache2.2\conf\httpd sloved the problem.
If you had installation problems, note that you might experience some errors such “ no services installed ”
if Apache is trying to share port 80 with another web server or application, such as a locally installed
firewall application. To fix this, you can tell Apache to use a different port. Open your httpd.conf file
in the conf subdirectory ( C:\Program Files\Apache Software Foundation\Apache2.2\conf by
default) and locate the following lines:
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the < VirtualHost >
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
#
#Listen 12.34.56.78:80
Listen 80
Change the last line of this block to read:
Listen 8080
skype uses port 80, try logout and shut down the program...
now run apache
if you are using windows os and believe that skype is not the suspect, then you might want to check the task manager and check the "Show processes from all users" and make sure that there is NO entry for httpd.exe. Otherwise, end its process. That solves my problem.
Changing in the config file every occurrence of the path to apache (eg: "C:/Users/xxxx/Desktop/Apache Software Foundation/") to the new location (in case you shifted directory of apache installation by copy paste) solved my problem. Hope it helps you too..
Please note that, not only http port 80, may your ssl port 443 is being used by any other service or software.
I have installed vmware workstation on my PC, so a process which was initiated by Vmware Workstation was using ssl port 443.
In my case, it was vmware-hostd.exe which was utilizing ssl port 443.
Try shutting down vmware-hostd.exe or simply change your ssl-httpd.conf and modify Listen from 443 to 8080 or something else.
While choosing the port number please be sure that you don't enter any port which can be used by any other software on your PC.
just provide the listen address and port in httpd.conf file. that will not show IP related error as
Listen IP_ADDRESS:PORT
If you change port ( not port 80) then port conflict will not occur and server comes up.
Below blog may help you :-
http://apache2-4-9-webserver-installation.blogspot.com/2014/06/how-to-install-apache-http-server.html
Port 80 conflict. There are a number of well-known Windows programs which use
port 80:
IIS
The most likely culprit is Microsoft Internet Information Server. Stop the
service with the command from the command line on Windows 7/Vista:
net stop was /y
If needed start the services again with the command from the command line on
windows /Vista:
net start was /y

Resources