Created
May 5, 2019 10:26
-
-
Save bjornbouetsmith/2272a4d4fb84ed8744e445de05d60b00 to your computer and use it in GitHub Desktop.
vSphere Integrated Containers notes about firewall
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
vSphere Integrated Containers | |
* requires that firewall on esxi hosts are updated with the following firewall rule, | |
otherwise the containerhosts (vch) cannot communicate properly with the vic host | |
<!-- vSphere Integrated Containers Engine to allow outbound 2377/cp --> | |
<service id='0044'> | |
<id>vic-engine</id> | |
<rule id='0000'> | |
<direction>outbound</direction> | |
<protocol>tcp</protocol> | |
<porttype>dst</porttype> | |
<port> | |
<begin>2377</begin> | |
<end>2377</end> | |
</port> | |
</rule> | |
<enabled>false</enabled> | |
<required>false</required> | |
</service> | |
1. ssh to exsi host | |
2. cd /etc/vmware/firewall | |
3. chmod a+w services.xml | |
4. chmod a+t services.xml | |
5. vi services.xml | |
6. scroll to end of file and paste in the above snippet, just above </ConfigRoot> | |
7. <service id='0044'> - should be changed to <service id='next number'> i.e. look at the previous service's id and add one to that number | |
8. ESC :wq (to save and quit) | |
9. chmod 444 services.xml | |
10. esxcli network firewall refresh | |
Now your container hosts should be able to communicate properly with the VIC host |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment