lunes, 6 de julio de 2015
Usando NAT entre un vCenter Server y un ESXi host
Tuve el choclo de agregar un ESXi host a un vCenter.
El ESXi host estaba detras de un firewall ademas de habilitarle los puertos a 902 903 TCP y UDP, 403 TCP . Tuve que realizar una serie de modificaciones.
Que en la KB de VMware esta:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1010652
Each time you add an ESXi/ESX host to vCenter Server, the IP address of vCenter Server is recorded on the ESXi/ESX host. If the host is behind a NAT and the vCenter Server is on a different network (and thus the address is not accessible due to the NAT), the host disconnects from vCenter Server after about a minute.
For example, the vCenter Server system might be on the main network (10.10.10.0), and a few of the ESXi/ESX hosts might be behind a firewall in the 192.168.5.x network. The hosts cannot reach the main network and thus become disconnected from vCenter Server.
Using NAT between the vCenter Server system and ESXi/ESX hosts is an unsupported configuration. For more information on network requirements, see the Network Prerequisites section under the Prerequisites for Installing vCenter Single Sign-On, Inventory Service, and vCenter Server section in the vSphere Installation and Setup guide.
As a workaround, for each ESXi/ESX host you can specify a reachable address that the host can use to communicate back to vCenter Server. In this case, the reachable address is the NAT address, which you configure to redirect the communication back to vCenter Server.
To configure the IP address to use, you can use two settings named
Note: For ESX 3.5 and VirtualCenter 2.5, Update 3 supports this solution. Install Update 3 before implementing this solution.
Le pusimos estas IP:
<serverIp>192.168.24.2</serverIp>
<preserveServerIp>true</preserveServerIp>
services.sh restart
El ESXi host estaba detras de un firewall ademas de habilitarle los puertos a 902 903 TCP y UDP, 403 TCP . Tuve que realizar una serie de modificaciones.
Que en la KB de VMware esta:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1010652
Details
For example, the vCenter Server system might be on the main network (10.10.10.0), and a few of the ESXi/ESX hosts might be behind a firewall in the 192.168.5.x network. The hosts cannot reach the main network and thus become disconnected from vCenter Server.
Solution
Workaround
Note: This workaround is provided to aid customers in complex environments. It is an unsupported configuration. VMware will only provide best effort support for this configuration.As a workaround, for each ESXi/ESX host you can specify a reachable address that the host can use to communicate back to vCenter Server. In this case, the reachable address is the NAT address, which you configure to redirect the communication back to vCenter Server.
To configure the IP address to use, you can use two settings named
serverIP
and preserveServerIp
. With these settings, you can statically set an IP address, which the ESXi/ESX host will use to communicate back to the vCenter Server.Note: For ESX 3.5 and VirtualCenter 2.5, Update 3 supports this solution. Install Update 3 before implementing this solution.
- Make sure the NAT device is configured to redirect UDP traffic on port 902 to the vCenter Server.
- Add the ESXi/ESX host to the vCenter Server inventory.
Note: This causes the vCenter agent (vpxa
) service to be installed on the host. - Log into the ESXi/ESX host as root.
- Navigate to the
/etc/opt/vmware/vpxa/
directory in the ESXi/ESX file system.
Note: In ESXi 5.x, navigate to/etc/vmware/vpxa
. - Open the
vpxa.cfg
file in a text editor. - In the file, change the
serverIp
setting and add thepreserveServerIp
setting. For theserverIP
tag, enter the NAT IP address. For example:<config>
<vpxa>
...
<serverIp>NAT_IP_address</serverIP>
<preserveServerIp>true</preserveServerIp>
</vpxa>
...
</config> - Save the changes and close the file.
- Restart the vCenter agent service by running this command in the ESXi/ESX service console/SSH session:
For ESX:# service vmware-vpxa restart
For ESXi:# services.sh restart
- Reconnect the ESXi/ESX host.
<serverIp>192.168.24.2</serverIp>
<preserveServerIp>true</preserveServerIp>
services.sh restart
Suscribirse a:
Entradas (Atom)