<div dir="ltr">Hi guys,<div><br></div><div>I'm having some trouble running ThinLinc inside LXD container, to be more precise VSM agent gives permission denied error messages in log file.</div><div><br></div><div>I'm running Ubuntu 16.04 server (4.4.0-51-generic) on host machine, and Xubuntu 16.04 in container in which I have setup ThinLinc Server/Agent.</div><div><br></div><div>VSM Agent version 4.7.0 build 5280<br></div><div>VSM Server version 4.7.0 build 5280<br></div><div><br></div><div>I have turned on DEBUG log level in both vsmserver and vsmagent configuration files.</div><div><br></div><div>All ThinLinc ports are forwarded using iptables:</div><div><br></div><div>-A PREROUTING -i ens3f0 -p tcp -m tcp --dport 20025 -j DNAT --to-destination <a href="http://10.0.4.202:22">10.0.4.202:22</a></div><div>-A PREROUTING -i ens3f0 -p tcp -m tcp --dport 300 -j DNAT --to-destination <a href="http://10.0.4.202:300">10.0.4.202:300</a></div><div>-A PREROUTING -i ens3f0 -p tcp -m tcp --dport 904 -j DNAT --to-destination <a href="http://10.0.4.202:904">10.0.4.202:904</a></div><div>-A PREROUTING -i ens3f0 -p tcp -m tcp --dport 1010 -j DNAT --to-destination <a href="http://10.0.4.202:1010">10.0.4.202:1010</a></div><div>-A PREROUTING -i ens3f0 -p tcp -m tcp --dport 4900:5899 -j DNAT --to-destination 10.0.4.202:4900-5899</div><div>-A PREROUTING -i ens3f0 -p tcp -m tcp --dport 5901:5999 -j DNAT --to-destination 10.0.4.202:5901-5999</div><div>-A PREROUTING -i ens3f0 -p tcp -m tcp --dport 9000 -j DNAT --to-destination <a href="http://10.0.4.202:9000">10.0.4.202:9000</a></div><div> </div><div><br></div><div>These are config options of container:</div><div><br></div><div><div>name: thinserver</div><div>profiles:</div><div>- default</div><div>config:</div><div> boot.autostart: "1"</div><div> security.nesting: "true"</div><div> security.privileged: "true"</div><div> volatile.base_image: 8a8d750322cf660f0cf63924164794ccf493d6e9a63e816c6a92fbc2d7f863fa</div><div> volatile.eth0.hwaddr: 00:16:3e:e3:da:48</div><div> volatile.last_state.idmap: '[]'</div><div>devices:</div><div> root:</div><div> path: /</div><div> type: disk</div><div>ephemeral: false</div></div><div><br></div><div>This is log from vsmagent and vsmserver:</div><div><br></div><div><div>==> /var/log/vsmagent.log <==</div><div>2016-12-12 21:50:54 INFO vsmagent: VSM Agent version 4.7.0 build 5280 started</div><div>2016-12-12 21:50:54 INFO vsmagent: My public hostname is 10.0.4.202</div><div>2016-12-12 21:50:54 DEBUG vsmagent: IPs allowed to do restricted operations: ['127.0.1.1', '127.0.0.1']</div><div>2016-12-12 21:50:54 DEBUG vsmagent.HA: Allowed HA update IPs: []</div><div>2016-12-12 21:50:54 DEBUG vsmagent: Running sysctl -w net.ipv4.ip_local_port_range=32768 65535</div><div><br></div><div>==> /var/log/vsmserver.log <==</div><div>2016-12-12 21:50:54 INFO vsmserver: VSM Server version 4.7.0 build 5280 started</div><div>2016-12-12 21:50:54 INFO vsmserver.license: Updating license data from disk to memory</div><div>2016-12-12 21:50:54 INFO vsmserver.license: License summary: 10 concurrent users. Hard limit of 11 concurrent users. </div><div>2016-12-12 21:50:54 DEBUG vsmserver: IPs allowed to do restricted operations: ['127.0.0.1', '127.0.1.1']</div><div>2016-12-12 21:50:54 DEBUG vsmserver.HA: Allowed HA update IPs: []</div><div>2016-12-12 21:50:54 INFO vsmserver.session: Loaded 0 sessions for 0 users from file</div><div>2016-12-12 21:50:54 DEBUG vsmserver.session: Loaded sessions: []</div><div>2016-12-12 21:50:54 WARNING vsmserver.loadinfo: [Errno 111] Connection refused talking to VSM Agent <a href="http://127.0.0.1:904">127.0.0.1:904</a> in request for loadinfo. Marking as down.</div><div>2016-12-12 21:50:54 DEBUG vsmserver: Scheduled load update of 127.0.0.1 at Mon Dec 12 21:51:34 2016</div><div>2016-12-12 21:50:54 WARNING vsmserver.loadinfo: [Errno 111] Connection refused talking to VSM Agent <a href="http://10.0.4.202:904">10.0.4.202:904</a> in request for loadinfo. Marking as down.</div><div>2016-12-12 21:50:54 DEBUG vsmserver: Scheduled load update of 10.0.4.202 at Mon Dec 12 21:51:34 2016</div><div><br></div><div>==> /var/log/vsmagent.log <==</div><div>2016-12-12 21:51:34 DEBUG vsmagent: Handling connection from ('127.0.0.1', 1023)</div><div>2016-12-12 21:51:34 DEBUG vsmagent: Handling connection from ('10.0.4.202', 1022)</div><div><br></div><div>==> /var/log/vsmserver.log <==</div><div>2016-12-12 21:51:34 DEBUG vsmserver: Scheduled load update of 127.0.0.1 at Mon Dec 12 21:52:14 2016</div><div>2016-12-12 21:51:34 WARNING vsmserver.loadinfo: VSM Agent <a href="http://10.0.4.202:904">10.0.4.202:904</a> responded with permission denied in request for loadinfo. Marking as down.</div><div>2016-12-12 21:51:34 DEBUG vsmserver: Scheduled load update of 10.0.4.202 at Mon Dec 12 21:52:14 2016</div><div><br></div><div>==> /var/log/vsmagent.log <==</div><div>2016-12-12 21:52:14 DEBUG vsmagent: Handling connection from ('127.0.0.1', 1023)</div><div>2016-12-12 21:52:14 DEBUG vsmagent: Handling connection from ('10.0.4.202', 1022)</div><div><br></div><div>==> /var/log/vsmserver.log <==</div><div>2016-12-12 21:52:14 DEBUG vsmserver: Scheduled load update of 127.0.0.1 at Mon Dec 12 21:52:54 2016</div><div>2016-12-12 21:52:14 WARNING vsmserver.loadinfo: VSM Agent <a href="http://10.0.4.202:904">10.0.4.202:904</a> responded with permission denied in request for loadinfo. Marking as down.</div><div>2016-12-12 21:52:14 DEBUG vsmserver: Scheduled load update of 10.0.4.202 at Mon Dec 12 21:52:54 2016</div><div><br></div></div><div>Anyone had similar situation?</div><div><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><b><font face="trebuchet ms, sans-serif">Tomislav Marčinković</font></b><div><font face="trebuchet ms, sans-serif">Senior System Architect</font></div><div><font face="trebuchet ms, sans-serif"><a href="http://www.nvteh.com" target="_blank">www.nvteh.com</a></font></div><div><br></div></div></div></div></div>
</div></div>