Xen Orchestra Backup, Single VM Failing
-
@dafyre said:
run XenCenter and communicate with the XenServer over HTTPS through the Nginx proxy
Where is XenCenter running? Local to you, or on a VM in the XenServer? If it's running local to you that might be the issue. XO might be trying to connect to XenServer and nginx is only allowing outside 443 to XenServer.
-
If I undo all my iptables trickery, XenCenter and XO work fine if they are run locally from my home network.
If I leave all my iptables trickery undone, XO works fine if I run it as a VM behind the XenServer, except for backups.
My problem is that XenServer uses ports 80 and 443 for itself on the public IP address. I need those ports to run my web sites from.
-
@dafyre said:
If I undo all my iptables trickery, XenCenter and XO work fine if they are run locally from my home network.
If I leave all my iptables trickery undone, XO works fine if I run it as a VM behind the XenServer, except for backups.
My problem is that XenServer uses ports 80 and 443 for itself on the public IP address. I need those ports to run my web sites from.
Install a software firewall of some sort, and assign that the public IP address. Choose a different subnet for XenServer, and forward different ports from the Public IP software router to XenServer's 80 and 443. I wouldn't want my VM host sitting on the public net. Dunno how easy it is to "go touch the box" if you mess something up along the way, but that'd be the minimum to me.
-
@travisdh1 said:
@dafyre said:
If I undo all my iptables trickery, XenCenter and XO work fine if they are run locally from my home network.
If I leave all my iptables trickery undone, XO works fine if I run it as a VM behind the XenServer, except for backups.
My problem is that XenServer uses ports 80 and 443 for itself on the public IP address. I need those ports to run my web sites from.
Install a software firewall of some sort, and assign that the public IP address. Choose a different subnet for XenServer, and forward different ports from the Public IP software router to XenServer's 80 and 443. I wouldn't want my VM host sitting on the public net. Dunno how easy it is to "go touch the box" if you mess something up along the way, but that'd be the minimum to me.
This is a physical server hosted @ Kimsufi in France, lol. Physical trips are not an option.
If I snafu it that badly, I can wipe & reload the machine through their web interface. Once I get it set up right, I'll be locking down the ports for XenCenter, etc, to only allow connections from my home IP address.
-
@dafyre said:
@travisdh1 said:
@dafyre said:
If I undo all my iptables trickery, XenCenter and XO work fine if they are run locally from my home network.
If I leave all my iptables trickery undone, XO works fine if I run it as a VM behind the XenServer, except for backups.
My problem is that XenServer uses ports 80 and 443 for itself on the public IP address. I need those ports to run my web sites from.
Install a software firewall of some sort, and assign that the public IP address. Choose a different subnet for XenServer, and forward different ports from the Public IP software router to XenServer's 80 and 443. I wouldn't want my VM host sitting on the public net. Dunno how easy it is to "go touch the box" if you mess something up along the way, but that'd be the minimum to me.
This is a physical server hosted @ Kimsufi in France, lol. Physical trips are not an option.
If I snafu it that badly, I can wipe & reload the machine through their web interface. Once I get it set up right, I'll be locking down the ports for XenCenter, etc, to only allow connections from my home IP address.
I haven't tried this myself, but I bet you could get ZeroTier running on a XenServer. I might have to attempt that at work tomorrow actually, would be really handy.
-
I have actually considered that. That doesn't fix my underlying problem though. I can't change the ip or ports that XenServer is listening on through config files, etc that I have found.
-
One more question, are the backups being done on a local folder on the XO server or NFS?
-
@johnhooks said:
One more question, are the backups being done on a local folder on the XO server or NFS?
I started with a local folder on XO, and someone else suggested NFS as well. Either makes no difference. I can see in the XO log files that it is connecting to my public IP and failing because by default, IPTables doesn't like hairpin connections.
-
I'll have to play around with it. I'm using a separate physical NFS share for backups. I wonder if the XO backups don't run through 443? If I get a chance I'll wireshark and see what's going on.
-
Well, a sudden bright idea later, and my backups are running... . I modified the hosts file on the XenServer to point to my internal IP address, and now XenOrchestra seems to be working... My backup is running as we speak. lol.
-
@dafyre said:
Well, a sudden bright idea later, and my backups are running... . I modified the hosts file on the XenServer to point to my internal IP address, and now XenOrchestra seems to be working... My backup is running as we speak. lol.
Nice!
-
The only other thing I have an issue with is that XO still tries to connect to the public IP address when I need to connect to the VM consoles and such. (I can't actually install any VMs at the moment, since I can't get console access).
-
Hi there!
XO just uses the
host.addressvalue from XAPI, for all operations (backup which use the XAPI HTTP handler for export but also import, consoles, etc.)You'll have to find a way to have XAPI telling that
host.addressis the one you want.The XAPI doc says:
The address by which this host can be contacted from any other host in the pool
