You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by an...@apache.org on 2020/06/09 20:06:44 UTC
[cloudstack-documentation] branch vnc-ports-on-vsphere-firewall
created (now ae0aa67)
This is an automated email from the ASF dual-hosted git repository.
andrijapanic pushed a change to branch vnc-ports-on-vsphere-firewall
in repository https://gitbox.apache.org/repos/asf/cloudstack-documentation.git.
at ae0aa67 vnc-ports
This branch includes the following new commits:
new ae0aa67 vnc-ports
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[cloudstack-documentation] 01/01: vnc-ports
Posted by an...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
andrijapanic pushed a commit to branch vnc-ports-on-vsphere-firewall
in repository https://gitbox.apache.org/repos/asf/cloudstack-documentation.git
commit ae0aa67ec631a7accabe4e9c1756fc28137886ef
Author: Andrija Panic <45...@users.noreply.github.com>
AuthorDate: Tue Jun 9 22:06:37 2020 +0200
vnc-ports
---
source/installguide/hypervisor/vsphere.rst | 65 +++++++++++++++++++++++++-----
1 file changed, 56 insertions(+), 9 deletions(-)
diff --git a/source/installguide/hypervisor/vsphere.rst b/source/installguide/hypervisor/vsphere.rst
index 4c01b93..8011002 100644
--- a/source/installguide/hypervisor/vsphere.rst
+++ b/source/installguide/hypervisor/vsphere.rst
@@ -339,19 +339,66 @@ port group so that CloudStack can find it:
Extend Port Range for CloudStack Console Proxy
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
-(Applies only to VMware vSphere version 4.x)
-
-You need to extend the range of firewall ports that the console proxy
-works with on the hosts. This is to enable the console proxy to work
-with VMware-based VMs. The default additional port range is 59000-60000.
-To extend the port range, log in to the VMware ESX service console on
-each host and run the following commands:
+In production environments (large number of VMs),
+it's needed to extend the range of firewall ports that the console proxy
+works with on the hosts. The default additional port range is 50000-50999
+ - see global settings ``vmware.additional.vnc.portrange.size``
+ and ``vmware.additional.vnc.portrange.start``.
+
+Change global setting ``vmware.additional.vnc.portrange.size`` to i.e "10000" and restart the
+management-server service on each management server.
+Add those additional ports to the ESXi firewall on each host.
+Log via SSH to every VMware ESX host and edit file ``/etc/rc.local.d/local.sh``
+by adding the following lines just above the "exit 0" line.:
.. parsed-literal::
- esxcfg-firewall -o 59000-60000,tcp,in,vncextras
- esxcfg-firewall -o 59000-60000,tcp,out,vncextras
+ cat <<EOF > /etc/vmware/firewall/vncAdditionalPorts.xml
+ <ConfigRoot>
+ <service>
+ <id>vncAdditionalPorts</id>
+ <rule id='0000'>
+ <direction>inbound</direction>
+ <protocol>tcp</protocol>
+ <porttype>dst</porttype>
+ <port>
+ <begin>51000</begin>
+ <end>60000</end>
+ </port>
+ </rule>
+ <enabled>true</enabled>
+ <required>false</required>
+ </service>
+ </ConfigRoot>
+ EOF
+ esxcli network firewall refresh
+
+This will ensure the needed firewall rules are applied on boot of ESXi hosts.
+Repeat the same commands that were just added to local.sh``
+
+.. parsed-literal::
+ cat <<EOF > /etc/vmware/firewall/vncAdditionalPorts.xml
+ <ConfigRoot>
+ <service>
+ <id>vncAdditionalPorts</id>
+ <rule id='0000'>
+ <direction>inbound</direction>
+ <protocol>tcp</protocol>
+ <porttype>dst</porttype>
+ <port>
+ <begin>51000</begin>
+ <end>60000</end>
+ </port>
+ </rule>
+ <enabled>true</enabled>
+ <required>false</required>
+ </service>
+ </ConfigRoot>
+ EOF
+ esxcli network firewall refresh
+
+Run the script ``/sbin/auto-backup.sh``
Configure NIC Bonding for vSphere
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^