Recently I ran into some strange issues which had to do with the intercell connectivity of vCloud Director. The deployment of a multi VM vApp stalled and deletion of a vApp was not completed successfully.
As you might know, vCD support multi stateless cells which work together to offer IaaS. One of the vCD cells is dedicated to connect to the vCenter Server. In the following example the first cell is connected to the vCenter Server:
To succesfully complete a job, the cells must be able to communicate with eachother and especially with the cell that’s connected to vCenter. According to VMware KB article 2005828, the following inbound ports must be openend on the Red Hat firewall:
- 111 TCP/UDP – For the NFS port mapper
- 920 TCP/UDP – NFS rpc.statd
- 61611 TCP – ActiveMQ (inter cell communication)
- 61616 TCP – ActiveMQ (inter cell communication)
These ports are confirmed in this magnificent vCD Port Diagram. After opening these ports, the issues I mentioned earlier remained. After disabling the firewall, there was no problem at all. Although this is an option in some situations…it’s not always desirable.
After some research (e.g. netstat), I opened two extra ports in the firewall:
- 61613 TCP (Inter cell communication?)
- 5672 TCP (Rabbit MQ)
After opening these ports, problems were resolved.
I think this is a bit odd, adding two extra ports to the firewall (which are not documented). Did anybody else ran into these problems? I am looking forward to your comment!