1

I noticed something weird on an Ubuntu Server 16.04 virtual machine running on VMWare ESXi 6.0.

The machine hosts a website running on Apache 2 that is exposed to Internet. Also it runs SSHd to allow us to connect for support.

I'm receiving calls from the owner of that website telling the site is unreachable. What I do to re-enable it is simply loggin-in using SSH and that's it, everything is accessible again.

Today I tried to see if the website is working and found it wasn't reachable, so I logged in to the VM, but also did a check on some logs our app registers on it, and found nothing was logged since yesterday. But after a minute logs started to be generated.

This looks like the machine enters into a paused/suspended state after a while and is re-enable by just loggin in again.

Any hint?.

leonardorame
  • 317
  • 3
  • 14

2 Answers2

1

Did you check your ESX VM logs to validate the theory? Here you have a good guide where to look for: https://www.altaro.com/vmware/introduction-esxi-vm-log-files/

To be honest if your vm would be suspended you wouldn't be able to ssh there either. Is there any firewall/rev proxy in between? If so did you try to access the site from local network?

storminteractive
  • 11
  • 2
  • Hi @storminteractive, yes there's an Microsoft proxy in between (I think it's an IIS). But what confuses me is the lack of new log files when I can't access the machine from HTTP. Of course I'll ask the sysadmin to check IIS and ESXi. – leonardorame Jan 06 '19 at 11:16
  • Hmm, so you have an IIS doing reverse proxy for Apache? A bit unusual configuration. If you actually do have a reverse proxy then it would make sense and the answer would be in its logs. Check (and maybe even scribble a diagram for better visibility) the data flow, as in DNS->IP->FIREWALL->REV_PROXY->BACKEND_WWW. Then validate each of them and look for logs. – storminteractive Jan 06 '19 at 14:25
  • Well, I tried to simplify as much as possible the scenario and created a cronjob that executes a simple script to only log the current date and time, every one minute. Today I found the log file was stopped logging late yesterday. I also found the home directory was encrypted using cryptfs (I've read encrypted filesystems are automatically unmounted after a while), so I removed the encryption and related services and I'll wait again. – leonardorame Jan 08 '19 at 17:18
0

Like @storminteractive said: if you can login to the server, then there probably is no problem with the virtualisation layer.

I would look into the sleep / hibernation settings of Ubuntu. As far as I know, it is possible that the server can go in a sleep mode where it is not available via http and not writing logs, but as soon as there is a ssh connection attempt, the server will wake up. This is depending on the network card settings, but have seen this already.

You could try the commands provided here.

Tobias
  • 1,236
  • 13
  • 25