When ACS deploys an instance into Vmware cluster it adds VNC configuration into
each VM using VNC port range 5900 to 5999 and then using configurable
additional range 50000-51000
(setting name vmware.additional.vnc.portrange.start). To get available port it
asks Vmware cluster resource for a list of port in use and find first available
one. Later when Console session needs to be established ACS ask vCenter which
vnc port a particular VM listens on and proxies that connection over to the
client. Keep in mind if you have more than a 1000 VMs you will need to use
additional VNC range that is not open on ESXi firewall. You will have to
manually do it on each esx host or write a custom VIB that will open FW for the
whole range ACS is configured to use.
Thanks,
Sergey
On 5/21/20, 5:54 AM, "cristian.c@istream.today" <cristian.c@istream.today>
wrote:
Hello,
I have a simple question regarding console proxy, from where is loading
the IP for VNC, I do not understand from where.. In cloudstack I have the
management IP(10.1.1.31) why is going through ESXI public IP ? If I leave
like this it will not work because of the route.
Log :
2020-05-21 12:45:11,966 INFO [cloud.agent.Agent]
(agentRequest-Handler-4:null) Ready command is processed for agent id = 9
2020-05-21 12:45:11,966 INFO [resource.consoleproxy.ConsoleProxyResource]
(agentRequest-Handler-4:null) Receive ReadyCommand, response with
ReadyAnswer
2020-05-21 12:46:02,371 INFO [cloud.consoleproxy.ConsoleProxy]
(Thread-7:null) Added viewer object
com.cloud.consoleproxy.ConsoleProxyVncClient@f0237ee
2020-05-21 12:46:02,376 INFO [cloud.consoleproxy.ConsoleProxyVncClient]
(Thread-8:null) Connect to VNC server directly. host: 51.79.82.161, port:
5935
2020-05-21 12:46:02,384 INFO [consoleproxy.vnc.VncClient] (Thread-8:null)
Connecting to VNC server 51.xx.xx.161:5935...
2020-05-21 12:48:12,456 ERROR [cloud.consoleproxy.ConsoleProxyVncClient]
(Thread-8:null) Unexpected exception
java.net.ConnectException: Connection timed out (Connection timed out)
root@v-34-VM:~# ip r l
default via 51.xx.xx.190 dev eth2
10.0.0.0/8 via 10.1.1.242 dev eth1
10.1.0.0/16 dev eth1 proto kernel scope link src 10.1.4.131
51.xx.xx.176/28 dev eth2 proto kernel scope link src 51.xx.xx.177
51.xx.xx.161 via 10.1.1.242 dev eth1
158.xx.xx.137 via 10.1.1.242 dev eth1
172.16.0.0/12 via 10.1.1.242 dev eth1
192.168.0.0/16 via 10.1.1.242 dev eth1
I have a different setup where I do not have this problem, I do not
understand why this route is persistent and added back immediately after I
remove ( in case I try to load the vnc console over web)
I have CloudStack 4.13 + VMware 6.0
Thanks in advance!
Cristian
