[Thinlinc-technical] Running ThinLinc inside LXD container

Tomislav Marcinkovic tomislav.marcinkovic at nvteh.com
Mon Dec 12 23:04:31 CET 2016


Hi guys,

I'm having some trouble running ThinLinc inside LXD container, to be more
precise VSM agent gives permission denied error messages in log file.

I'm running Ubuntu 16.04 server (4.4.0-51-generic) on host machine, and
Xubuntu 16.04 in container in which I have setup ThinLinc Server/Agent.

VSM Agent version 4.7.0 build 5280
VSM Server version 4.7.0 build 5280

I have turned on DEBUG log level in both vsmserver and vsmagent
configuration files.

All ThinLinc ports are forwarded using iptables:

-A PREROUTING -i ens3f0 -p tcp -m tcp --dport 20025 -j DNAT
--to-destination 10.0.4.202:22
-A PREROUTING -i ens3f0 -p tcp -m tcp --dport 300 -j DNAT --to-destination
10.0.4.202:300
-A PREROUTING -i ens3f0 -p tcp -m tcp --dport 904 -j DNAT --to-destination
10.0.4.202:904
-A PREROUTING -i ens3f0 -p tcp -m tcp --dport 1010 -j DNAT --to-destination
10.0.4.202:1010
-A PREROUTING -i ens3f0 -p tcp -m tcp --dport 4900:5899 -j DNAT
--to-destination 10.0.4.202:4900-5899
-A PREROUTING -i ens3f0 -p tcp -m tcp --dport 5901:5999 -j DNAT
--to-destination 10.0.4.202:5901-5999
-A PREROUTING -i ens3f0 -p tcp -m tcp --dport 9000 -j DNAT --to-destination
10.0.4.202:9000


These are config options of container:

name: thinserver
profiles:
- default
config:
  boot.autostart: "1"
  security.nesting: "true"
  security.privileged: "true"
  volatile.base_image:
8a8d750322cf660f0cf63924164794ccf493d6e9a63e816c6a92fbc2d7f863fa
  volatile.eth0.hwaddr: 00:16:3e:e3:da:48
  volatile.last_state.idmap: '[]'
devices:
  root:
    path: /
    type: disk
ephemeral: false

This is log from vsmagent and vsmserver:

==> /var/log/vsmagent.log <==
2016-12-12 21:50:54 INFO vsmagent: VSM Agent version 4.7.0 build 5280
started
2016-12-12 21:50:54 INFO vsmagent: My public hostname is 10.0.4.202
2016-12-12 21:50:54 DEBUG vsmagent: IPs allowed to do restricted
operations: ['127.0.1.1', '127.0.0.1']
2016-12-12 21:50:54 DEBUG vsmagent.HA: Allowed HA update IPs: []
2016-12-12 21:50:54 DEBUG vsmagent: Running sysctl -w
net.ipv4.ip_local_port_range=32768 65535

==> /var/log/vsmserver.log <==
2016-12-12 21:50:54 INFO vsmserver: VSM Server version 4.7.0 build 5280
started
2016-12-12 21:50:54 INFO vsmserver.license: Updating license data from disk
to memory
2016-12-12 21:50:54 INFO vsmserver.license: License summary: 10 concurrent
users. Hard limit of 11 concurrent users.
2016-12-12 21:50:54 DEBUG vsmserver: IPs allowed to do restricted
operations: ['127.0.0.1', '127.0.1.1']
2016-12-12 21:50:54 DEBUG vsmserver.HA: Allowed HA update IPs: []
2016-12-12 21:50:54 INFO vsmserver.session: Loaded 0 sessions for 0 users
from file
2016-12-12 21:50:54 DEBUG vsmserver.session: Loaded sessions: []
2016-12-12 21:50:54 WARNING vsmserver.loadinfo: [Errno 111] Connection
refused talking to VSM Agent 127.0.0.1:904 in request for loadinfo. Marking
as down.
2016-12-12 21:50:54 DEBUG vsmserver: Scheduled load update of 127.0.0.1 at
Mon Dec 12 21:51:34 2016
2016-12-12 21:50:54 WARNING vsmserver.loadinfo: [Errno 111] Connection
refused talking to VSM Agent 10.0.4.202:904 in request for loadinfo.
Marking as down.
2016-12-12 21:50:54 DEBUG vsmserver: Scheduled load update of 10.0.4.202 at
Mon Dec 12 21:51:34 2016

==> /var/log/vsmagent.log <==
2016-12-12 21:51:34 DEBUG vsmagent: Handling connection from ('127.0.0.1',
1023)
2016-12-12 21:51:34 DEBUG vsmagent: Handling connection from ('10.0.4.202',
1022)

==> /var/log/vsmserver.log <==
2016-12-12 21:51:34 DEBUG vsmserver: Scheduled load update of 127.0.0.1 at
Mon Dec 12 21:52:14 2016
2016-12-12 21:51:34 WARNING vsmserver.loadinfo: VSM Agent 10.0.4.202:904
responded with permission denied in request for loadinfo. Marking as down.
2016-12-12 21:51:34 DEBUG vsmserver: Scheduled load update of 10.0.4.202 at
Mon Dec 12 21:52:14 2016

==> /var/log/vsmagent.log <==
2016-12-12 21:52:14 DEBUG vsmagent: Handling connection from ('127.0.0.1',
1023)
2016-12-12 21:52:14 DEBUG vsmagent: Handling connection from ('10.0.4.202',
1022)

==> /var/log/vsmserver.log <==
2016-12-12 21:52:14 DEBUG vsmserver: Scheduled load update of 127.0.0.1 at
Mon Dec 12 21:52:54 2016
2016-12-12 21:52:14 WARNING vsmserver.loadinfo: VSM Agent 10.0.4.202:904
responded with permission denied in request for loadinfo. Marking as down.
2016-12-12 21:52:14 DEBUG vsmserver: Scheduled load update of 10.0.4.202 at
Mon Dec 12 21:52:54 2016

Anyone had similar situation?

-- 
*Tomislav Marčinković*
Senior System Architect
www.nvteh.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cendio.se/pipermail/thinlinc-technical/attachments/20161212/7f5be883/attachment.html>


More information about the Thinlinc-technical mailing list