Search the VMware Knowledge Base (KB)
View by Article ID

User defined xml firewall configurations are not persistent across ESXi host reboots (2007381)

  • 35 Ratings

Symptoms

  • Custom firewall port configurations are not persistent across reboots

Cause

Only files added by VIB installation persist a reboot of ESXi. All files manually added to visorfs do not persist an ESXi host reboot.

Resolution

It is possible to create a custom VIB ( vSphere Installation Bundle) to persist firewall changes using the VMware Labs tool VIB Author. For more information, see http://labs.vmware.com/flings/vib-author.

The custom VIB contains the xml firewall configuration changes.
 
Note: The CommunitySupported acceptance level is for VIBs created by individuals or companies outside of VMware partner programs. VIBs at this level have not gone through any VMware-approved testing program and are not supported by VMware Technical Support or by a VMware partner. When engaging VMware Technical Support to investigate a problem on an ESXi host with a CommunitySupported VIB installed, VMware Support may request that this CommunitySupported VIB be uninstalled as a troubleshooting step to determine if it is related to the problem being investigated.
 
To install this custom VIB, the ESXi host needs to have its acceptance level changed to CommunitySupported. After the custom VIB has been installed, the ESXi host's acceptance level will not be able to be changed back to PartnerSupported. For detailed instructions on using this tool, see the VMware Technical Note Customizing VIBs with VIB Author.

The VIB consists of 3 components:

  • A descriptor.xml file that contains VIB metadata.
  • sig.pkcs7, a gzipped PKCS7 Signature. CommunitySupported VIBs do not need to be signed. If the VIB is not signed, an empty sig.pkcs7 is required.
  • Staging directory. This contains the two files above and a payload sub-directory containing the firewall xml file to be included in the VIB.

The descriptor.xml can be created based on the sample descriptor file located in /opt/vmware/vibtools/sample/descriptor-template.xml .

To create a VIB:

  1. Create a descriptor.xml file by modifying the VIB data template.
  2. Copy all the files to a staging directory.
  3. Run the VIB Author tool to create a VIB file:

    vibauthor -C -t stage-dir -v custom_vib_name.vib [options]

  4. To change the host acceptance level, run this command:

    esxcli software acceptance set --level=CommunitySupported

  5. To install the custom VIB using the command:, run this command:

    esxcli software vib install -n custom_vib_name.vib

Note: For detailed steps on this procedure, see Creating A Custom VIB. This document specifies how to create a VIB to add a custom firewall rule to your vSphere hosts, which allows inbound connections over port 7777.

See Also

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 35 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 35 Ratings
Actions
KB: