Fuel for OpenStack

Port range for vnc access is only 200 ports

Bug #1648664 reported by Eugene Nikanorov on 2016-12-09

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Fuel for OpenStack	Fix Committed	Medium	Oleksiy Molchanov	Fuel for OpenStack 11.0
Nominated for Ocata by Oleksiy Molchanov
	Mitaka	Fix Released	Medium	Oleksiy Molchanov	Fuel for OpenStack 9.2
	Newton	Fix Committed	Medium	Oleksiy Molchanov	Fuel for OpenStack 10.1

Bug Description

Found on 9.1
By default there are only 200 ports available for console access to instances (5900-6100).
For powerfull computes that limit can be exceeded.

Need to extend default port range to 500-1000 ports.

See original description

Tags:

Eugene Nikanorov (enikanorov) on 2016-12-09

description:

updated

Revision history for this message

Roman Podoliaka (rpodolyaka) wrote on 2016-12-12:

Looks like that in Nova we rely on libvirtd to allocate a free port for each subsequent VM from the following range (configured in /etc/libvirt/qemu.conf on the compute nodes):

# Override the port for creating both VNC and SPICE sessions (min).
# This defaults to 5900 and increases for consecutive sessions
# or when ports are occupied, until it hits the maximum.
#
# Minimum must be greater than or equal to 5900 as lower number would
# result into negative vnc display number.
#
# Maximum must be less than 65536, because higher numbers do not make
# sense as a port number.
#
#remote_display_port_min = 5900
#remote_display_port_max = 65535

I.e. we would only need to tweak iptables rules.

Oleksiy Molchanov (omolchanov) on 2016-12-12

Changed in fuel:
milestone:	none → 9.2
milestone:	9.2 → 11.0
assignee:	nobody → Oleksiy Molchanov (omolchanov)
importance:	Undecided → Medium
status:	New → Confirmed
tags:	added: area-library

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-12-12: Fix proposed to fuel-library (master)

Fix proposed to branch: master
Review: https://review.openstack.org/409738

Changed in fuel:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-12-16: Fix proposed to fuel-library (stable/newton)

Fix proposed to branch: stable/newton
Review: https://review.openstack.org/411722

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-12-16: Fix proposed to fuel-library (stable/mitaka)

Fix proposed to branch: stable/mitaka
Review: https://review.openstack.org/411723

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-12-16: Fix merged to fuel-library (master)

Reviewed: https://review.openstack.org/409738
Committed: https://git.openstack.org/cgit/openstack/fuel-library/commit/?id=8f85c5894494158f22b4855b39ed7dab01e4eae5
Submitter: Jenkins
Branch: master

commit 8f85c5894494158f22b4855b39ed7dab01e4eae5
Author: Oleksiy Molchanov <email address hidden>
Date: Mon Dec 12 13:28:10 2016 +0200

Open more ports on firewall for nova VNC

    DocImpact
    Change-Id: I2a78a66979a3c3f0107ac1bf08f7c016a53ed728
    Closes-Bug: 1648664

Changed in fuel:
status:	In Progress → Fix Committed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-12-16: Fix merged to fuel-library (stable/mitaka)

Reviewed: https://review.openstack.org/411723
Committed: https://git.openstack.org/cgit/openstack/fuel-library/commit/?id=09b47e520eaf1ff7b3e694d21b905439da294d7e
Submitter: Jenkins
Branch: stable/mitaka

commit 09b47e520eaf1ff7b3e694d21b905439da294d7e
Author: Oleksiy Molchanov <email address hidden>
Date: Mon Dec 12 13:28:10 2016 +0200

Open more ports on firewall for nova VNC

    DocImpact
    Change-Id: I2a78a66979a3c3f0107ac1bf08f7c016a53ed728
    Closes-Bug: 1648664

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2016-12-19: Fix merged to fuel-library (stable/newton)

Reviewed: https://review.openstack.org/411722
Committed: https://git.openstack.org/cgit/openstack/fuel-library/commit/?id=d4a3f067a72c4e8c7d7af69d4ba060237c78d0a5
Submitter: Jenkins
Branch: stable/newton

commit d4a3f067a72c4e8c7d7af69d4ba060237c78d0a5
Author: Oleksiy Molchanov <email address hidden>
Date: Mon Dec 12 13:28:10 2016 +0200

Open more ports on firewall for nova VNC

    DocImpact
    Change-Id: I2a78a66979a3c3f0107ac1bf08f7c016a53ed728
    Closes-Bug: 1648664

TatyanaGladysheva (tgladysheva) on 2016-12-21

tags:

added: on-verification

TatyanaGladysheva (tgladysheva) on 2016-12-21

tags:

removed: on-verification

Alexander Kurenyshev (akurenyshev) on 2017-01-24

tags:

added: on-verification

Revision history for this message

Vladimir Khlyunev (vkhlyunev) wrote on 2017-01-31:

9.2 snapshot 822
ACCEPT tcp -- 10.109.1.0/24 anywhere multiport ports 5900:6900 /* 105 nova vnc from 10.109.1.0/24 */
fixed

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-02-27: Fix included in openstack/fuel-library 11.0.0.0rc1

This issue was fixed in the openstack/fuel-library 11.0.0.0rc1 release candidate.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.