You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by an...@apache.org on 2020/06/09 20:06:45 UTC

[cloudstack-documentation] 01/01: vnc-ports

This is an automated email from the ASF dual-hosted git repository.

andrijapanic pushed a commit to branch vnc-ports-on-vsphere-firewall
in repository https://gitbox.apache.org/repos/asf/cloudstack-documentation.git

commit ae0aa67ec631a7accabe4e9c1756fc28137886ef
Author: Andrija Panic <45...@users.noreply.github.com>
AuthorDate: Tue Jun 9 22:06:37 2020 +0200

    vnc-ports
---
 source/installguide/hypervisor/vsphere.rst | 65 +++++++++++++++++++++++++-----
 1 file changed, 56 insertions(+), 9 deletions(-)

diff --git a/source/installguide/hypervisor/vsphere.rst b/source/installguide/hypervisor/vsphere.rst
index 4c01b93..8011002 100644
--- a/source/installguide/hypervisor/vsphere.rst
+++ b/source/installguide/hypervisor/vsphere.rst
@@ -339,19 +339,66 @@ port group so that CloudStack can find it:
 Extend Port Range for CloudStack Console Proxy
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-(Applies only to VMware vSphere version 4.x)
-
-You need to extend the range of firewall ports that the console proxy
-works with on the hosts. This is to enable the console proxy to work
-with VMware-based VMs. The default additional port range is 59000-60000.
-To extend the port range, log in to the VMware ESX service console on
-each host and run the following commands:
+In production environments (large number of VMs), 
+it's needed to extend the range of firewall ports that the console proxy
+works with on the hosts. The default additional port range is 50000-50999
+ - see global settings ``vmware.additional.vnc.portrange.size``
+ and ``vmware.additional.vnc.portrange.start``.
+ 
+Change global setting ``vmware.additional.vnc.portrange.size`` to i.e "10000" and restart the 
+management-server service on each management server.
+Add those additional ports to the ESXi firewall on each host.
+Log via SSH to every VMware ESX host and edit file ``/etc/rc.local.d/local.sh``
+by adding the following lines just above the "exit 0" line.:
 
 .. parsed-literal::
 
-   esxcfg-firewall -o 59000-60000,tcp,in,vncextras
-   esxcfg-firewall -o 59000-60000,tcp,out,vncextras
+   cat <<EOF > /etc/vmware/firewall/vncAdditionalPorts.xml
+   <ConfigRoot>
+     <service>
+       <id>vncAdditionalPorts</id>
+       <rule id='0000'>
+         <direction>inbound</direction>
+         <protocol>tcp</protocol>
+         <porttype>dst</porttype>
+         <port>
+           <begin>51000</begin>
+           <end>60000</end>
+         </port>
+       </rule>
+       <enabled>true</enabled>
+       <required>false</required>
+     </service>
+   </ConfigRoot>
+   EOF
+   esxcli network firewall refresh
+
+This will ensure the needed firewall rules are applied on boot of ESXi hosts.
+Repeat the same commands that were just added to local.sh``
+
+.. parsed-literal::
 
+   cat <<EOF > /etc/vmware/firewall/vncAdditionalPorts.xml
+   <ConfigRoot>
+     <service>
+       <id>vncAdditionalPorts</id>
+       <rule id='0000'>
+         <direction>inbound</direction>
+         <protocol>tcp</protocol>
+         <porttype>dst</porttype>
+         <port>
+           <begin>51000</begin>
+           <end>60000</end>
+         </port>
+       </rule>
+       <enabled>true</enabled>
+       <required>false</required>
+     </service>
+   </ConfigRoot>
+   EOF
+   esxcli network firewall refresh
+   
+Run the script ``/sbin/auto-backup.sh``
 
 Configure NIC Bonding for vSphere
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^