Abiquo Documentation Cookies Policy

Our Documentation website uses cookies to improve your experience. Please visit our Cookie Policy page for more information about cookies and how we use them.


Documentation

Skip to end of metadata
Go to start of metadata

In ESXi 5.0 and later versions, firewall rules are not persisted after a reboot of the hypervisor. This document describes how to generate a custom VIB that will store the firewall rules needed for Abiquo platform VNC connections.

Requirements

To create the VIB, you will need:

Package requirements

Vib-author is only available for i386 architecture. If you are going to use a CentOS 6 on i386, you will only have to upgrade the "file" package. If you have installed a CentOS 6 on x86, you will also need to install the glib package for i386.

First, you will need to install the EPEL repository. You can get the RPM file from http://fedoraproject.org/wiki/EPEL. Installing this package will make the EPEL repository available to your Centos machine.

Then you need to upgrade the "file" package. You can do so with:

#> yum install file

IF you have installed a Centos 6 on x64, you also need to install glib package for i386 with:

#> yum install glibc-2.12-1.107.el6_4.5.i686

** Note: The version of the glibc might change **

Generate the VIB files

First, you need to create the folder tree structure.

#> mkdir -p stage/payloads/payload1/etc/vmware/firewall

Then, you need to create the descriptor.xml, placed in the stage folder (stage/descriptor.xml)

<vib version="5.0">
  <type>bootbank</type>
  <name>enterprisename</name>
  <version>5.0.0-0.0.1</version>
  <vendor>enterprisevendor</vendor>
  <summary>Custom VIB for Abiquo</summary>
  <description>Adds custom firewall rule for enable VNC with Abiquo</description>
  <relationships>
    <depends>
    </depends>
    <conflicts/>
    <replaces/>
    <provides/>
    <compatibleWith/>
  </relationships>
  <software-tags>
  </software-tags>
  <system-requires>
    <maintenance-mode>false</maintenance-mode>
  </system-requires>
  <file-list>
  </file-list>
  <acceptance-level>community</acceptance-level>
  <live-install-allowed>true</live-install-allowed>
  <live-remove-allowed>true</live-remove-allowed>
  <cimom-restart>false</cimom-restart>
  <stateless-ready>true</stateless-ready>
  <overlay>false</overlay>
  <payloads>
    <payload name="payload1" type="vgz"></payload>
  </payloads>
</vib>

After that, you need to create the file Abiquo-vnc.xml, which will contain the filewall rules

<!-- Firewall Rule for Abiquo VNC Console -->
<ConfigRoot>
 <service>         
  <id>Abiquo-VNC</id>   
  <rule id = '0000'>
    <direction>inbound</direction>
    <protocol>tcp</protocol>  
    <porttype>dst</porttype>    
    <port>      
      <begin>5900</begin>       
      <end>5964</end>          
    </port>              
  </rule>                 
  <rule id = '0001'>                       
   <direction>outbound</direction>  
   <protocol>tcp</protocol>      
   <porttype>dst</porttype>           
   <port>               
     <begin>5900</begin>                   
     <end>5964</end>                         
    </port>                                
  </rule>                                    
  <enabled>true</enabled>
  </service>             
</ConfigRoot> 

Now, you are ready to generate the VIB files:

#> vibauthor -C -t stage -v abiquo-vnc.vib -O abiquo-vnc-offline-bundle.zip -f

 

Installing the VIB files on the ESXi

The last step is to install the VIB file on the ESX.

#> esxcli software vib install -v /vmfs/volumes/[datastore-name]/abiquo-vnc.vib -f

Depending on your ESX host security policy you may need to enable "Community Support" in order to install the VIB.

#> esxcli software acceptance set --level=CommunitySupported

 

Example VIB file

For testing purposes you can use the example VIB file provided below. This VIB creates a firewall rule to allow access to VNC port range 5900-5964 in the ESX host.

Example VIB: abiquo-vnc-example.vib

  • No labels