Professional VMWare

Found a great resource explaining quite a few of the esxcfg-* commands, what they are and their use. They're copied here for future reference.

NOTE: These will work from the rcli, SSH to the service console, or via VIMA. I've not tested these on ESXi (as the Service Console is 'unsupported')

To get a feel for what commands are available, log on to the console (or via ssh if you like), and type

esxcfg-[TAB][TAB].

[root@vi3host root]# esxcfg-

esxcfg-advcfg esxcfg-firewall esxcfg-module esxcfg-pciid esxcfg-swiscsi esxcfg-vswif

esxcfg-auth esxcfg-info esxcfg-mpath esxcfg-rescan esxcfg-upgrade esxcfg-vswitch

esxcfg-boot esxcfg-init esxcfg-nas esxcfg-resgrp esxcfg-vmhbadevs

esxcfg-dumppart esxcfg-linuxnet esxcfg-nics esxcfg-route esxcfg-vmknic

esxcfg-advcfg

From the man page "…provides an interface to query and modify the advanced options of the VMkernel. These options control a wide variety of different areas in the VMkernel including storage, resource, and networking global settings."

Use esxcfg-info -o (discussed below) to output the advanced parameters to a file for further investigation.

Here are some examples:

[root@vi3host root]# esxcfg-advcfg -g /VMFS3/ZeroedThickVirtualDisks

Value of ZeroedThickVirtualDisks is 1

[root@vi3host root]# esxcfg-advcfg -g /Disk/SupportSparseLUN

Value of SupportSparseLUN is 1

[root@vi3host root]# esxcfg-advcfg -g /Disk/MaxLUN

Value of MaxLUN is 256

[root@vi3host root]# esxcfg-advcfg -g /Scsi/ConflictRetries

Value of ConflictRetries is 80

[root@vi3host root]# esxcfg-advcfg -g /LVM/EnableResignature

Value of EnableResignature is 0

[root@vi3host root]# esxcfg-advcfg -g /Net/NotifySwitch

Value of NotifySwitch is 1

So what can you configure? Read through the output of esxcfg-info -o and look at how the values are listed.

esxcfg-auth

From the man page "…provides an easy way to configure your server to allow network based authentication as well as password complexity settings for your machine. It supports setting up your system to do authentication against an Active Directory Server, but not user management, as well as authentication against a NIS server, a Kerberos server, or an LDAP server. You can configure the way that passwords are stored and the complexity of the password when a user sets a new password.

This utility is experimental. It is likely to change."

So let's do something with it and update vmware-authd as well.

esxcfg-auth -enablead -addomain=domain.net -addc=adserver.domain.net -krb5realm=domain.net -krb5kdc=adserver.domain.net -krb5adminserver=adserver.domain.net

esxcfg-auth -passmaxdays=0

Update vmware-authd to allow AD logon

echo "#%PAM-1.0″ > /etc/pam.d/vmware-authd

echo "# Built by script" >> /etc/pam.d/vmware-authd

echo "auth sufficient /lib/security/pam_unix_auth.so shadow nullok" >> /etc/pam.d/vmware-authd

echo "auth required /lib/security/pam_krb5.so use_first_pass" >> /etc/pam.d/vmware-authd

echo "auth sufficient /lib/security/pam_ldap.so" >> /etc/pam.d/vmware-authd

echo "account required /lib/security/pam_unix_acct.so" >> /etc/pam.d/vmware-authd

echo "account sufficient /lib/security/pam_ldap.so" >> /etc/pam.d/vmware-authd

echo "vmware-authd updated"

esxcfg-boot

esxcfg-boot -h -help

-q -query boot|vmkmod

-p -update-pci

-b -update-boot

-d -rootdev UUID=<uuid>

-a -kernelappend <kernel append>

-r -refresh-initrd

-g -regenerate-grub

Queries cannot be combined with each other or other options.

Passing -p or -d enables -b even if it is not passed explicitly.

-b implies -g plus a new initrd creation.

-b and -r are incompatible, but -g and -r can be combined.

esxcfg-dumppart

From the man page "…provides an interface to query, set, and scan for diagnostic partitions on an ESX Server. That is, it can be used to configure or list the VMkernel crash dump partition."

[root@vi3host root]# esxcfg-dumppart -l

VM Kernel Name Console Name Is Active Is Configured

vmhba0:0:0:10 /dev/sda10 yes yes

[root@vi3host root]# esxcfg-dumppart -f

Partition number 10 on vml.0000000000766d686261303a303a30 -> vmhba0:0:0:10 -> /dev/sda10

esxcfg-firewall

esxcfg-firewall "…provides an interface to query and modify the service console firewall settings."

For example, if you want to open all of the ports on your firewall, issue the following commands:

esxcfg-firewall -allowIncoming

esxcfg-firewall -allowOutgoing

You might then want to re-enable the firewall, by doing the following:

esxcfg-firewall -blockIncoming

esxcfg-firewall -blockOutgoing

Rules are no fun without exceptions, so here's how to add them to your ruleset. ESX comes with a number of pre-canned exceptions that can be added by name. Some examples are below:

esxcfg-firewall -enableService snmpd

esxcfg-firewall -enableService ntpClient

These are the services you can enable by name:

nfsClient

ftpServer

ntpClient

dellom

nisClient

vncServer

tmpLicenseClient

swISCSIClient

CIMHttpsServer

sshClient

snmpd

tmpAAMClient

vpxHeartbeats

smbClient

hpim

tmpHostVmdbServer

tmpHostdSOAPServer

ftpClient

sshServer

ibmdirector

CIMHttpServer

telnetClient

If, however, you want to do something non-standard (in this case for IBM Director), do this:

esxcfg-firewall -openPort 14247,tcp,out,IBMDirector

esxcfg-firewall -openPort 14247,tcp,in,IBMDirector

esxcfg-firewall -openPort 14247,udp,in,IBMDirector

esxcfg-firewall -openPort 14247,udp,out,IBMDirector

esxcfg-firewall -openPort 14248,tcp,out,IBMDirector

esxcfg-firewall -openPort 14248,tcp,in,IBMDirector

Once you've made your changes, restart the firewall service:

service firewall restart

esxcfg-info

From the man page "…provides a view of the internal state of the VMkernel and Service Console components. This tool is designed to provide information used in debugging and troubleshooting VMware ESX Servers."

I suggest you pipe these to a text file, as the output is substantial, and takes an age to scroll through on my terminal.

Usage: esxcfg-info mode

-a, -all Print all information

-w, -hardware Print hardware information

-r, -resource Print resource information

-s, -storage Print storage information

-n, -network Print network information

-y, -system Print system information

-o, -advopt Print advanced options

-h, -help Print this message.

[root@vi3host root]# esxcfg-info -a >esxcfg-info.output

[root@vi3host root]# less esxcfg-info.output

esxcfg-init

From the man page "…is used to initialize pci device names and advanced configuration options for the VMkernel on system boot

and is NOT intended for use outside of initialization scripts."

esxcfg-linuxnet

esxcfg-linuxnet -setup

-remove

-h -help

The -setup option cannot be combined with the -remove option.

Used to replicate the IP parameters assigned to vswif0 to eth0 in Linux troubleshooting mode

esxcfg-module

From the man page "…provides an interface into the driver modules loaded on system startup and allows modules to be disabled or added."

Example usage:

[root@vi3host root]# esxcfg-module -l

Device Driver Modules

Module Type Enabled Loaded

vmkapimod vmkapimod true true

vmklinux linux true true

bnx2 nic true true

aacraid_esx30 scsi true true

[root@vi3host root]# esxcfg-module -q

vmkapimod vmkapimod

vmklinux linux

bnx2 nic

aacraid_esx30 scsi

esxcfg-mpath

esxcfg-mpath configures multipath settings for Fibre Channel or iSCSI LUNs.

This is useful to check your zoning on large SAN implementations.

[root@vi3host root]# esxcfg-mpath -l

Disk vmhba0:0:0 /dev/sda (139900MB) has 1 paths and policy of Fixed

Local 4:0.0 vmhba0:0:0 On active preferred

Disk vmhba1:0:1 /dev/sdb (307200MB) has 2 paths and policy of Most Recently Used

FC 28:0.0 210000e08b9d2a7a<->200400a0b829871d vmhba1:0:1 On active preferred

FC 28:0.1 210100e08bbd2a7a<->200500a0b829871e vmhba2:0:1 Standby

Disk vmhba1:0:2 /dev/sdd (307200MB) has 2 paths and policy of Most Recently Used

FC 28:0.0 210000e08b9d2a7a<->200400a0b829871d vmhba1:0:2 Standby preferred

FC 28:0.1 210100e08bbd2a7a<->200500a0b829871e vmhba2:0:2 On active

Disk vmhba1:0:3 /dev/sde (307200MB) has 2 paths and policy of Most Recently Used

FC 28:0.0 210000e08b9d2a7a<->200400a0b829871d vmhba1:0:3 On active preferred

FC 28:0.1 210100e08bbd2a7a<->200500a0b829871e vmhba2:0:3 Standby

Disk vmhba1:0:4 /dev/sdg (204800MB) has 2 paths and policy of Most Recently Used

FC 28:0.0 210000e08b9d2a7a<->200400a0b829871d vmhba1:0:4 Standby preferred

FC 28:0.1 210100e08bbd2a7a<->200500a0b829871e vmhba2:0:4 On active

Disk vmhba1:0:5 /dev/sdh (204800MB) has 2 paths and policy of Most Recently Used

FC 28:0.0 210000e08b9d2a7a<->200400a0b829871d vmhba1:0:5 On active preferred

FC 28:0.1 210100e08bbd2a7a<->200500a0b829871e vmhba2:0:5 Standby

Disk vmhba1:0:6 /dev/sdi (25600MB) has 2 paths and policy of Most Recently Used

FC 28:0.0 210000e08b9d2a7a<->200400a0b829871d vmhba1:0:6 Standby preferred

FC 28:0.1 210100e08bbd2a7a<->200500a0b829871e vmhba2:0:6 On active

Disk vmhba1:0:7 /dev/sdj (25600MB) has 2 paths and policy of Most Recently Used

FC 28:0.0 210000e08b9d2a7a<->200400a0b829871d vmhba1:0:7 On active preferred

FC 28:0.1 210100e08bbd2a7a<->200500a0b829871e vmhba2:0:7 Standby

Disk vmhba1:0:8 /dev/sdl (691200MB) has 2 paths and policy of Most Recently Used

FC 28:0.0 210000e08b9d2a7a<->200400a0b829871d vmhba1:0:8 On active preferred

FC 28:0.1 210100e08bbd2a7a<->200500a0b829871e vmhba2:0:8 Standby

Disk vmhba1:0:31 /dev/sdf (20MB) has 1 paths and policy of Fixed

FC 28:0.0 210000e08b9d2a7a<->200400a0b829871d vmhba1:0:31 On active preferred

Disk vmhba1:0:10 /dev/sdc (691200MB) has 2 paths and policy of Most Recently Used

FC 28:0.0 210000e08b9d2a7a<->200400a0b829871d vmhba1:0:10 On active preferred

FC 28:0.1 210100e08bbd2a7a<->200500a0b829871e vmhba2:0:10 Standby

Disk vmhba2:0:31 /dev/sdk (20MB) has 1 paths and policy of Fixed

FC 28:0.1 210100e08bbd2a7a<->200500a0b829871e vmhba2:0:31 On active preferred

esxcfg-nas

esxcfg-nas provides an interface to manipulate NAS file systems on an ESX Server.

esxcfg-nas <options> [<label>]

-a|-add Add a new NAS filesystem to /vmfs volumes.

Requires -host and -share options.

-o|-host <host> Set the host name or ip address for a NAS mount.

-s|-share <share> Set the name of the NAS share on the remote system.

-d|-delete Unmount and delete a filesystem.

-l|-list List the currently mounted NAS file systems.

-r|-restore Restore all NAS mounts from the configuration file.

(FOR INTERNAL USE ONLY).

-h|-help Show this message.

For example, if you want to connect to a NAS

[root@vi3host root]# esxcfg-nas -a -o 100.100.100.253 -s /Test NFS02

esxcfg-nics

From the man page "…provides information about the Physical NICs in use by the VMkernel. This will print the VMkernel name for the NIC, its PCI ID, Driver, Link state, Speed, Duplex, and a shore PCI description of the card. It also allows users to set speed and duplex settings for a specific NIC."

[root@vi3host root]# esxcfg-nics

esxcfg-nics <options> [nic]

-s|-speed <speed> Set the speed of this NIC to one of 10/100/1000/10000.

Requires a NIC parameter.

-d|-duplex <duplex> Set the duplex of this NIC to one of 'full' or 'half'.

Requires a NIC parameter.

-a|-auto Set speed and duplexity automatically. Requires a NIC parameter.

-l|-list Print the list of NICs and their settings.

-r|-restore Restore the nics configured speed/duplex settings (INTERNAL ONLY)

-h|-help Display this message.

[root@vi3host root]# esxcfg-nics -l

Name PCI Driver Link Speed Duplex Description

vmnic0 03:00.00 bnx2 Up 1000Mbps Full Broadcom Corporation Broadcom NetXtreme II BCM5708 1000Base-T

vmnic1 06:00.00 bnx2 Up 1000Mbps Full Broadcom Corporation Broadcom NetXtreme II BCM5708 1000Base-T

vmnic2 08:03.00 tg3 Up 1000Mbps Full Broadcom Corporation NetXtreme BCM5704 Gigabit Ethernet

vmnic3 08:03.01 tg3 Up 1000Mbps Full Broadcom Corporation NetXtreme BCM5704 Gigabit Ethernet

esxcfg-pciid

esxcfg-rescan

esxcfg-rescan <vmkernel SCSI adapter name>

[root@vi3host root]# esxcfg-rescan vmhba0

Rescanning vmhba0…done.

On scsi0, removing: 0:0.

On scsi0, adding: 0:0.

[root@vi3host root]# esxcfg-rescan vmhba1

Rescanning vmhba1…done.

On scsi1, removing: 0:1 0:10 0:2 0:3 0:31 0:4 0:5 0:6 0:7 0:8.

On scsi1, adding: 0:1 0:10 0:2 0:3 0:31 0:4 0:5 0:6 0:7 0:8.

[root@vi3host root]# esxcfg-rescan vmhba2

Rescanning vmhba2…done.

On scsi2, removing: 0:31.

On scsi2, adding: 0:31.

[root@vi3host root]#

esxcfg-resgrp

From the man page "…provides an interface to manipulate resource group hierarchy.

Usage: esxcfg-resgrp [options] [resgrp path]

-a, -add rgname Add a new group under the path

-d, -delete Delete the resource group

-l, -list List all the resource groups

Or stats about a specific resource group

-restore Restore all resource groups from configuration

file (FOR INTERNAL USE ONLY).

-h, -help Show this message

esxcfg-route

From the man page "…provides an interface to manipulate VMkernel IP stack's default route entry."

esxcfg-route <options> [<network> [<netmask] <gateway>]

<network> can be specified in 2 ways:

* As a single argument in <Network>/<Mask> format

* Or as a <Network> <Netmask> pair.

<gateway> is either an IP address or 'default'

-a|-add Add route, to the VMkernel,

requires network address (or default)

and gateway IP address

-d|-del Delete route from VMkernel.

Requires network address (or "default")

-l|-list List configured routes for the service console

-r|-restore Restore route setting to configured values

on system start. (INTERNAL USE ONLY)

-h|-help Show this message.

[root@vi3host root]# esxcfg-route -l

VM Kernel Routes:

Network Netmask Gateway

192.168.100.0 255.255.255.0 Local Subnet

default 0.0.0.0 Local Subnet

esxcfg-swiscsi

From the man page "…provides an interface to configure Software iSCSI. if no arguments are given, esxcfg-swiscsi displays the help message."

Usage: esxcfg-swiscsi options

-e, -enable Enable sw iscsi

-d, -disable Disable sw iscsi

-q, -query Check if sw iscsi is on/off

-s, -scan Scan for disk available through sw iscsi interface

-k, -kill Try to forcibly remove iscsi sw stack

-r, -restore Restore sw iscsi configuration from file

(FOR INTERNAL USE ONLY)

-h, -help Show this message

[root@vi3host root]# esxcfg-swiscsi -q

Software iSCSI is enabled

[root@vi3host root]# vmkiscsi-tool -h

vmkiscsi-tool -h -help

-R -discoveryStatus : Print discovery status.

-D -discovery

-S -static: Static Discovery Targets

-A -Authentication

-T -Target

-L -Lun

-P -Phba

-N -Network: network properties

-p -Pnp: Physical Network Portal properties

-t -ipv4AddrType

-i -ipv4Address

-d -dnsserver

-g -gateway

-s -subnetmask

-I -iSCSIname

-k -Alias

-e -ethernet: Link Status

-c -ipconfig: enable/disable DHCP, ARP redirect

-X -Reset

Subcommands

-l -list

-r -remove

-a -add

-m -authMethod : specify method for add/remove

-f -flag: set a discovery or authentication flag

adapterName

Combine -l with an option to display the current information.

[root@vi3host root]# vmkiscsi-tool vmhba40 -P -l

=========PHBA Properties for Adapter vmhba40=========

VENDOR : VMware

MODEL : VMware-Isoft

DESCRIPTION : VMware Software Initiator

SERIAL NUMBER :

=========Node Properties for Adapter vmhba40=========

NODE NAME VALID : 1

NODE NAME : iqn.1998-01.com.vmware:vi3host-3fc07e31

NODE ALIAS VALID : 1

NODE ALIAS : vi3host.network.internal

NODE NAME AND ALIAS SETTABLE: 1

So if you combine this command, vmkiscsi-tool and esxcfg-rescan, you can automate iscsi setup in scripted installs (useful when combined with UDA).

Set-up iSCSI Software Emulator and Force a Rescan of vmhba40

esxcfg-swiscsi -e

vmkiscsi-tool -D -a 192.168.100.139 vmhba40

esxcfg-swiscsi -s

esxcfg-rescan vmhba40

esxcfg-upgrade

esxcfg-upgrade -h -help

-g -convert-grub

-f -convert-fstab

-r -upgrade-pre-vmkernel

-o -upgrade-post-vmkernel

The -g option may only be used with the -r option.

esxcfg-vmhbadevs

From the man page "…provides information about the LUNs available on the ESX Server. By default, the command will print a mapping of vmhbaX:X:X names to console /dev/ names."

This is useful when you want to set VMFS filesystem alignment on EMC CLARiiON arrays but don't know what LUNs are mapped to what devices in fdisk.

esxcfg-vmhbadevs

esxcfg-vmhbadevs <options>

Print the mappings between vmhba names and /dev names

-m|-vmfs Print mappings for VMFS volumes to their

Service Console partitions and vmhba names.

-q|-query Print mapping in 2.5 compatibility mode to mimic

vmkpcidivy -q vmhba_devs.

-h|-help Show this message.

[root@vi3host root]# esxcfg-vmhbadevs -m

vmhba0:0:0:2 /dev/sda2 4667158e-899da7f8-ae73-00145eccccba

vmhba40:1:0:1 /dev/sdd1 4692c9ad-1a501875-f252-00145eccccba

vmhba40:0:0:1 /dev/sdb1 4692c987-14967ce4-a9a1-00145eccccba

[root@vi3host root]# esxcfg-vmhbadevs -q

vmhba0:0:0 /dev/sda

vmhba1:0:1 /dev/sdb

vmhba1:0:2 /dev/sdd

vmhba1:0:3 /dev/sde

vmhba1:0:4 /dev/sdg

vmhba1:0:5 /dev/sdh

vmhba1:0:6 /dev/sdi

vmhba1:0:7 /dev/sdj

vmhba1:0:8 /dev/sdl

vmhba1:0:31 /dev/sdf

vmhba1:0:10 /dev/sdc

vmhba2:0:31 /dev/sdk

esxcfg-vmknic

From the man page "…provides an interface to configure VMkernel NIC. if no arguments are given, esxcfg-vmknic displays the help message. The Portgroup option specifies the portgroup to which the VMkernel NIC is associated."

esxcfg-vmknic <options> [[<portgroup>]]

-a|-add Add a VMkernel NIC to the system,

requires IP parameters and portgroup name.

-d|-del Delete VMkernel NIC on given portgroup.

-e|-enable Enable the given NIC if disabled.

-D|-disable Disable the given NIC if enabled.

-l|-list List VMkernel NICs.

-i|-ip <X.X.X.X> The IP address for this VMkernel NIC.

Setting an IP address requires that the

-netmask option be given in same command.

-n|-netmask <X.X.X.X> The IP netmask for this VMkernel NIC.

Setting the IP netmask requires that the -ip

option be given in the same command.

-r|-restore Restore VMkernel TCP/IP interfaces from

Configuration file (FOR INTERNAL USE ONLY).

-h|-help Show this message.

[root@vi3host root]# esxcfg-vmknic -l

Port Group IP Address Netmask Broadcast MAC Address MTU Enabled

VMOTION 10.0.0.2 255.0.0.0 10.255.255.255 00:50:56:61:d8:2b 1514 true

esxcfg-vswif

From the man page "…provides an interface to configure Service Console NIC. if no arguments are given, esxcfg-vswif displays the help message. VSWIF is the name of the interface. This should begin with 'vswif' followed by a unit number, for example 'vswif0' for the first Service Console interface."

esxcfg-vswitch

From the man page "…provides an interface for adding, removing, and modifying virtual switches and their settings. By default, there is a single virtual switch called vSwitch0."

Sample DEV network configuration script

# !/bin/bash

# Tear down and rebuild network

# Remove current config

echo "Removing current network configuration"

/usr/sbin/esxcfg-vswitch -U vmnic0 vSwitch0

/usr/sbin/esxcfg-vswitch -U vmnic1 vSwitch0

/usr/sbin/esxcfg-vswif -d vswif0

/usr/sbin/esxcfg-vswitch -d vSwitch0

service mgmt-vmware restart

# Recreate SC

echo "Reconfiguring Service Console NIC"

cp /etc/vmware/esx.conf /tmp/esx.conf.bak

/usr/sbin/esxcfg-vswitch -a vSwitch0

/usr/sbin/esxcfg-vswitch vSwitch0 -L vmnic0

/usr/sbin/esxcfg-vswitch vSwitch0 -L vmnic1

/usr/sbin/esxcfg-vswitch vSwitch0 -A "Service Console" -p "Service Console"

/usr/sbin/esxcfg-vswif -a vswif0 -p "Service Console" -i 192.168.100.7 -n 255.255.255.0

route add default gw 192.168.100.253

# echo "GATEWAY=192.168.100.253″ >> /etc/sysconfig/network

echo "Service Console configured"

# Create VM Network

echo "Configuring VM Network"

/usr/sbin/esxcfg-vswitch vSwitch0 -A VMnetwork -p VMnetwork

echo "VM network configured"

# Setup VMotion

echo "Setting up VMotion"

/usr/sbin/esxcfg-vswitch vSwitch0 -A VMotion

/usr/sbin/esxcfg-vmknic -a VMotion -i 10.0.0.3 -n 255.255.255.0

/usr/sbin/esxcfg-route 10.0.0.3

echo "Activating vMotion"

service mgmt-vmware restart

sleep 20

vimsh -n -e "/hostsvc/vmotion/vnic_set portgroup4″

echo "VMotion configured"

# Create internal-only vswitch

echo "Configuring Private Network"

/usr/sbin/esxcfg-vswitch -a vSwitch1

/usr/sbin/esxcfg-vswitch vSwitch1 -A Internal -p Internal

echo "Private network configured"

# Setup iSCSI Network

echo "Configuring iSCSI Network"

esxcfg-vswitch -A iSCSI vSwitch0

esxcfg-vmknic -a iSCSI -i 192.168.200.100 -n 255.255.255.0

esxcfg-vswitch -A iSCSI-COS vSwitch3

esxcfg-vswif -a vswif1 -p iSCSI-COS -i 192.168.200.101 -n 255.255.255.0

Technorati : esx, esx cli config, esxcfg, esxi, rcli, service console, vima

Del.icio.us : esx, esx cli config, esxcfg, esxi, rcli, service console, vima

Zooomr : esx, esx cli config, esxcfg, esxi, rcli, service console, vima

Flickr : esx, esx cli config, esxcfg, esxi, rcli, service console, vima

Professional VMWare

Sunday, November 23, 2008

New Domain! - ProfessionalVMware.com

Wednesday, November 19, 2008

Those esxcfg- commands.

Tuesday, November 18, 2008

VMware Security Updates

Monday, November 17, 2008

Common system management issues in VMware Infrastructure

Update Manager – Changing Default Patch Location

Context Switched Page Faults

VMware VI Network Communications & Port Usage Diagram

About Me

Blog Archive

Followers