TOP VCF technology

VMware Cloud Foundation

VCF

VCF & vSphere Commands

By Kader #vcf commands, #vmware cli, #vmware commands, #vsphere commands

Useful vcf and vsphere commands that I use often.

In sddc manager your product show as – [vrslcm.vcf.sddc.lab] are not in ACTIVE state

ssh to sddc manager via vcf account

su

psql -U postgres -d platform -h localhost -c “select id, status, vrslcm from vrslcm;” id | status | vrslcm

————————————–+———-+———————————————————————————————————————-

4e4a0e6a-7207-42bb-9db5-c9cb6754485e | DISABLED | (4e4a0e6a-7207-42bb-9db5-c9cb6754485e,1669675303181,1669769963266,DISABLED,8.8.2-20080494,”{“”id””:””e60590d5-34b4-44
1a-ac2c-facba89da95b””,””managementIpAddress””:””10.60.0.150″”,””hostname””:””vrslcm.vcf.sddc.lab””,””vmName””:””vrslcm””}”)
(1 row)

psql -U postgres -d platform -h localhost -c “update vrslcm set status = ‘ACTIVE’ where id = ‘4e4a0e6a-7207-42bb-9db5-c9cb6754485e’;”

UPDATE 1

Get mac address of vms in vcenters from powercli

Get-VM | Get-NetworkAdapter  | Select-Object Parent,Name,MacAddress

Reset vRealize Lifecycle Manager (vRLCM) admin@localhost user password
/opt/vmware/share/vami/vami-vlcm-passwd-reset

Update cpu and memory via powershell

get-vm edge1-mgmt | set-vm -memoryGB 32 -NumCpu 8 -Confirm:$false

Legacy switch for edges for powering on issues on old hardware

Connect-VIServer vcenter-mgmt.vcf.sddc.lab
New-AdvancedSetting -Entity edge1-mgmt -Name featMask.vm.cpuid.pdpe1gb -Value Val:1 -Force

vrslcm cli checks

systemctl status vrlcm-server
systemctl restart vrlcm-server
vrlcm-cli –health-status

systemctl status sshd

vCenter root account is locked

reboot vc
on the photon OS splash screen push e
at the end of systemd_cmdline type
rw init=/bin/bash
ctrl x
mount -o remount,rw /
passwd
pam_tally2 –user=root –reset
umount /
chage -I -1 -m 0 -M 99999 -E -1 root
vi /etc/passwd
confirm
root:x:0:0:root:/root:/bin/bash
reboot -f

Check firmware/drivers & vibs versions on esxi command line

esxcli software vib list
esxcfg-scsidevs -a
esxcli storage core adapter list
vmkload_mod -s smartpqi | grep Version
vmkchdev -l | grep vmhba0
esxcli network nic get -n vmnic0
vmkchdev -l | grep vmnic

Lookup passwords from sddc manager

login as vcf

/usr/bin

lookup_passwords

Disk space check sddc manager

 df -h 

vCenter service commands

service-control –start vmware-postgres-archiver 

service-control –start pschealth 

watch service-control –status 

service-control –start –all

check password rotation number

/etc/pam.d 

cat system-password 

crash PSOD location

/var/core

last 50 lines of the log file

tail -n 50 logfilename.

See the update of the file live

tail -f /var/log/vmware/vcf/lcm/lcm.log

Change vcf root password

login root via console 

change password

change back “passwd” 

SOS health and password check sddc manager

su 

/opt/vmware/sddc-support/sos –health-check 

/opt/vmware/sddc-support/sos –password-health  

esxi Restart management

/etc/init.d/hostd restart 

/etc/init.d/vpxa restart  

services.sh restart 

get expirations from nsx

login as admin 

get user admin password-expiration 

get user audit password-expiration 

get user root password-expiration 

set user root password “to change”

check disk space on esxi host

Vdf -h 

View status of account in unix (unlock locked accounts with pam)

/usr/bin/lookup_passwords 

pam_tally2 –user=vcf 

or 

pam_tally2 –reset –user vcf 

Storage command find which bay your fault hard drive is in reported in vcenter

esxcli storage core device physical get -d naa.50000f0b4960

enabled scp on vcenter – file transfer

run the following command to allow scp “chsh -s /bin/bash root” 

Copy script to /var/tmp via winscp using “SCP” with winscp 

In the putty session run “chsh -s /bin/appliancesh root 

Password expiry on vcenter

Login to vcenter

change password when asked

change to new password “passwd”

update in sddc manager via password management, remediate 

password expiry on nsx mgr and edge

set user root password 

set user admin password

set user audit password

update in sddc manager using update in password management

sddc manager log location

/var/log/vmware/vcf/sddc-support/

default passwords expiry notes

By default most passwords are set to 90 days expiration like NSX-T accounts. vcenter, esxi, sddc manager are 1 year

ESXi Network Commands

esxcfg-info -n | less (show cdp and lldp info) 

esxcli network nic down -n vmnicX 

esxcli network nic up -n vmnicX 

esxcli network nic list 

vmkping -I vmk0 IPADDRESS 

esxcli network nic get -n vmnic0 (nic info)  

vIDM – VMware Id Manager and Commands

etc/init.d/pgService status 

service vpostgres status 

curl http://localhost:9200/_cluster/health?pretty 

curl http://localhost:9200/_cluster/state/nodes,master_node?pretty  

vidm command line cluster health

su root -c “echo -e ‘password’|/opt/vmware/vpostgres/current/bin/psql -h localhost -p 9999 -U pgpool postgres -c \”show pool_nodes\””

vrops password rotation

login as root 

passwd 

chage -l root  

may require to change 5 times before expecting the old password 

nsx-t commands

see log files – login as root and switch to /var/log/

get services

get cluster status

Upgrade progress

/var/log/upgrade-coordinator/upgrade-coordinator.log

get upgrade progress-status 

Obtain cert from DC – LDAPS From vcenter

echo -n | openssl s_client -connect ldaps.vmware.local:636 –showcerts 

Remove Failed tasks in VCF

1.Go to your list of tasks and copy the URL of the link to the workflow details 

For example: https://sddc-manager.vrack.vsphere.local/ui/sddc-manager/dashboard(monitoring-panel:monitoring/tasks/subtasks/f298d3d0-f8d3-11e8-ab45-fff01094d867) 

2.Get the task ID from the URL, in the case above that is f298d3d0-f8d3-11e8-ab45-fff01094d867

3. SSH to the SDDC-Manager VM and run the following 

4. curl -X DELETE http://localhost/tasks/registrations/f298d3d0-f8d3-11e8-ab45-fff01094d867

5.Refresh the GUI

Clear password history

echo “” > /etc/security/opasswd

NTP Status on esxi hosts

check ntp on esxi host is working

watch ntpq -p localhost 

ensure no ZEROS or INIT and items change 

CHECK COMMANDS Ports

-u is UDP 

curl -v -s -t ‘DUMMY=1’ –connect-timeout 2 telnet://IPADDRESS:22 

curl -v -telnet://IPADDRESS:22 

nc -z IPADDRESS 8080 – TCP 

nc -u IPADDRESS 123 – UDP 

nc -zuv IPADDRESS 4045 – CHECKS LISTENING UDP 

echo “hello” >/dev/udp/IPADDRESS/123  

vidm sshuser and root to almost never expiry

chage -I -1 -m 0 -M 9999 -E -1 root 

chage -I -1 -m 0 -M 9999 -E -1 sshuser 

check certificate via command line for vcenter

run from vcenter  

su 

for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo STORE $i; sudo /usr/lib/vmware-vmafd/bin/vecs-cli entry list –store $i –text | egrep “Alias|Not After”; done 

generate certificate for esxi host

[root@esxi-mgt-02:~] esxcli system hostname set –host=esxi-mgt-04

[root@esxi-mgt-02:~] esxcli system hostname set –fqdn=esxi-mgt-04.vmware.local

[root@esxi-mgt-02:~] /sbin/generate-certificates

[root@esxi-mgt-02:~] /etc/init.d/hostd restart && /etc/init.d/vpxa restart

[root@esxi-mgt-02:~] reboot

By Kader

Related Post

VCF

Cloud Foundation 5.0 using the Holodeck – DNS Entries

Ray
VCF

Cloud Foundation 5.0 using the Holodeck – additional VLANs for other usecases

Ray
ESXi vCenter VCF vSphere

Useful command for KMS vCenter for ESXi hosts

Kader

You Missed

VCF

Cloud Foundation 5.0 using the Holodeck – DNS Entries

VCF

Cloud Foundation 5.0 using the Holodeck – additional VLANs for other usecases

ESXi vCenter VCF vSphere

Useful command for KMS vCenter for ESXi hosts

VCF

Edge build API / VyOS 1.5 configuration for VLC VCF 2024 for 172.16.x.x network