VMware: find how to allocate unique VNC ports per host
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Compute (nova) |
Expired
|
Undecided
|
Unassigned | ||
Bug Description
If VNC is enabled, we must allocate unique VNC ports for each created instance to avoid security issues with port collisions (see bug #1255609).
One way to guarantee uniqueness is to query vCenter for all allocated ports like this:
vnc_port_prop = 'config.
result = session.
and then choose port number which is not in the result set.
The drawback of this approach is that it guarantees uniqueness across the whole vCenter whereas we need uniqueness only per ESX host. As a result the maximum number of VMs (with VNC enabled) that can be provisioned on vCenter would be 65535. Given that the maximum number of registered VMs in vCenter is 15000 (source: http://
One solution I can think of, is to change the spawn() method to do something like this:
1. create VM
2. retrieve the ESX host on which the VM was created
3. create vim session to the ESX, run the query above and choose port number
4. reconfig the VM with the port number from step 3
I am not sure if creating sessions to ESX hosts is something that we want to do ...
| Changed in nova: | |
| status: | New → Confirmed |
| importance: | Undecided → Low |
| importance: | Low → Medium |
| Sagar Ratnakara Nikam (sagar-r-nikam) wrote | #1 |
| kylin chou (shuaizi614) wrote | #2 |
| Markus Zoeller (markus_z) (mzoeller) wrote Cleanup EOL bug report | #3 |
| Changed in nova: | |
| importance: | Medium → Undecided |
| status: | Confirmed → Expired |
Uniqueness should be at cluster level instead of host level , since DRS can migrate the VM to another host and it can result in 2 instances having the same port.