Power Panel (VZPP) is not working correctly for containers.
The following errors may be shown:
Forbidden You don't have permission to access /vz/cp/wnd,8503b864-7439-4a7c-a09b-24caeb04c7e7 on this server. Apache Server at 203.0.113.2 Port 4643"
Forbidden The IP address of a physical server cannot be used with its Parallels Power Panel port number. Do one of the following: If you want to open the Parallels Virtual Automation Control Center, use the IP address of the management server with the default port number. If you want to open the Parallels Power Panel, use the IP address or hostname of the Virtual Environment.
Unable to connect Firefox can't establish a connection to the server at 203.0.113.2:4643.
Things to try:
Check CT 1 health; it should be running with 1-4 processes
~# vzlist 1 CTID NPROC STATUS IP_ADDR HOSTNAME 1 3 running 192.168.176.27 -
If CT 1 doesn't exist, reinstall 'PVA Power Panel' component of PVA Agent.
Check that IP address of CT 1 is accessible from virtualization node itself.
Iptables and Private Networks configuration should be reviewed.
By default PVA Agent generates IP address for CT1 that belongs to 192.168.X.X subnet, thus, in most cases avoid using this subnet for Private Networks.
Check CT 1 resources; some counters may be failed:
~# awk '$6' /proc/bc/1/resources privvmpages 61 69570 65536 69632 9
If the output is not empty, it means that this counter has been exceeded. The last column indicates the number of times it was failed.
In this case, increase the failed parameter for the container:
~# vzctl set 1 --privvmpages 131072:131072 --save
Restart Power Panel service:
~# pvapp restart
Check the problem on the network level. Make sure that a connection to the Hardware Node on port 4643 can be established from the outside.
~# telnet <node_ip_address> 4643
Check which process listens on the 4643 port:
# netstat -antp | grep 4643 tcp 0 0 0.0.0.0:4643 0.0.0.0:* LISTEN 433943/init tcp 0 0 :::4643 :::* LISTEN 433943/init
If the process is anything other then
init, update the virtualization software (PCS/PVC/PSBM) on the node to the latest build.
NOTE: Typically, Apache web-server listens the port 4643 on the node, and the command above should list
httpdprocess. However, if there is a container with a process which listens the port 4643, then it can replace node's
httpdprocess. The container #1 from PVA Power Panel component opens the port in this way and the container is started after the node's processes, so it should be shown. Updating PVA installation should restart the container #1, and its process
initshould be shown in the output.
Check that offline management is enabled for the specific CT and that offline services are listed correctly:
~# grep OFF /vz/private/CTID/ve.conf OFFLINE_MANAGEMENT="yes" OFFLINE_SERVICE="vzpp vzpp-desktop"
OFFLINE_SERVICEsetting is absent from the CT's configuration file, check the global settings:
~# grep OFF /etc/vz/vz.conf OFFLINE_SERVICE="vzpp vzpp-plesk vzpp-desktop"
To enable offline management for a specific CT, do the following:
~# vzctl set CTID --offline_management yes --offline_service "vzpp vzpp-desktop" --save
Restart the service container:
~# vzctl restart 1
Check the CT 1 proxy log
/vz/root/1/var/log/pavm/pim-cp-proxy.logfor any errors and possible hints.
- In case Power Panel does not work for some particular containers, check which networking mode is configured for the affected virtual environments. Offline Management for container works only for host-routed networking mode. Offline Management for virtual machines works for both host-routed and bridged modes.