You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by an...@apache.org on 2020/06/09 20:06:45 UTC
[cloudstack-documentation] 01/01: vnc-ports
This is an automated email from the ASF dual-hosted git repository.
andrijapanic pushed a commit to branch vnc-ports-on-vsphere-firewall
in repository https://gitbox.apache.org/repos/asf/cloudstack-documentation.git
commit ae0aa67ec631a7accabe4e9c1756fc28137886ef
Author: Andrija Panic <45...@users.noreply.github.com>
AuthorDate: Tue Jun 9 22:06:37 2020 +0200
vnc-ports
---
source/installguide/hypervisor/vsphere.rst | 65 +++++++++++++++++++++++++-----
1 file changed, 56 insertions(+), 9 deletions(-)
diff --git a/source/installguide/hypervisor/vsphere.rst b/source/installguide/hypervisor/vsphere.rst
index 4c01b93..8011002 100644
--- a/source/installguide/hypervisor/vsphere.rst
+++ b/source/installguide/hypervisor/vsphere.rst
@@ -339,19 +339,66 @@ port group so that CloudStack can find it:
Extend Port Range for CloudStack Console Proxy
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-(Applies only to VMware vSphere version 4.x)
-
-You need to extend the range of firewall ports that the console proxy
-works with on the hosts. This is to enable the console proxy to work
-with VMware-based VMs. The default additional port range is 59000-60000.
-To extend the port range, log in to the VMware ESX service console on
-each host and run the following commands:
+In production environments (large number of VMs),
+it's needed to extend the range of firewall ports that the console proxy
+works with on the hosts. The default additional port range is 50000-50999
+ - see global settings ``vmware.additional.vnc.portrange.size``
+ and ``vmware.additional.vnc.portrange.start``.
+
+Change global setting ``vmware.additional.vnc.portrange.size`` to i.e "10000" and restart the
+management-server service on each management server.
+Add those additional ports to the ESXi firewall on each host.
+Log via SSH to every VMware ESX host and edit file ``/etc/rc.local.d/local.sh``
+by adding the following lines just above the "exit 0" line.:
.. parsed-literal::
- esxcfg-firewall -o 59000-60000,tcp,in,vncextras
- esxcfg-firewall -o 59000-60000,tcp,out,vncextras
+ cat <<EOF > /etc/vmware/firewall/vncAdditionalPorts.xml
+ <ConfigRoot>
+ <service>
+ <id>vncAdditionalPorts</id>
+ <rule id='0000'>
+ <direction>inbound</direction>
+ <protocol>tcp</protocol>
+ <porttype>dst</porttype>
+ <port>
+ <begin>51000</begin>
+ <end>60000</end>
+ </port>
+ </rule>
+ <enabled>true</enabled>
+ <required>false</required>
+ </service>
+ </ConfigRoot>
+ EOF
+ esxcli network firewall refresh
+
+This will ensure the needed firewall rules are applied on boot of ESXi hosts.
+Repeat the same commands that were just added to local.sh``
+
+.. parsed-literal::
+ cat <<EOF > /etc/vmware/firewall/vncAdditionalPorts.xml
+ <ConfigRoot>
+ <service>
+ <id>vncAdditionalPorts</id>
+ <rule id='0000'>
+ <direction>inbound</direction>
+ <protocol>tcp</protocol>
+ <porttype>dst</porttype>
+ <port>
+ <begin>51000</begin>
+ <end>60000</end>
+ </port>
+ </rule>
+ <enabled>true</enabled>
+ <required>false</required>
+ </service>
+ </ConfigRoot>
+ EOF
+ esxcli network firewall refresh
+
+Run the script ``/sbin/auto-backup.sh``
Configure NIC Bonding for vSphere
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^