Useful vcf and vsphere commands that I use often.
In sddc manager your product show as – [vrslcm.vcf.sddc.lab] are not in ACTIVE state
ssh to sddc manager via vcf account
su
psql -U postgres -d platform -h localhost -c “select id, status, vrslcm from vrslcm;” id | status | vrslcm
————————————–+———-+———————————————————————————————————————-
4e4a0e6a-7207-42bb-9db5-c9cb6754485e | DISABLED | (4e4a0e6a-7207-42bb-9db5-c9cb6754485e,1669675303181,1669769963266,DISABLED,8.8.2-20080494,”{“”id””:””e60590d5-34b4-44
1a-ac2c-facba89da95b””,””managementIpAddress””:””10.60.0.150″”,””hostname””:””vrslcm.vcf.sddc.lab””,””vmName””:””vrslcm””}”)
(1 row)
psql -U postgres -d platform -h localhost -c “update vrslcm set status = ‘ACTIVE’ where id = ‘4e4a0e6a-7207-42bb-9db5-c9cb6754485e’;”
UPDATE 1
Get mac address of vms in vcenters from powercli
Get-VM | Get-NetworkAdapter | Select-Object Parent,Name,MacAddress
Reset vRealize Lifecycle Manager (vRLCM) admin@localhost user password
/opt/vmware/share/vami/vami-vlcm-passwd-reset
Update cpu and memory via powershell
get-vm edge1-mgmt | set-vm -memoryGB 32 -NumCpu 8 -Confirm:$false
Legacy switch for edges for powering on issues on old hardware
Connect-VIServer vcenter-mgmt.vcf.sddc.lab
New-AdvancedSetting -Entity edge1-mgmt -Name featMask.vm.cpuid.pdpe1gb -Value Val:1 -Force
vrslcm cli checks
systemctl status vrlcm-server
systemctl restart vrlcm-server
vrlcm-cli –health-status
systemctl status sshd
vCenter root account is locked
reboot vc
on the photon OS splash screen push e
at the end of systemd_cmdline type
rw init=/bin/bash
ctrl x
mount -o remount,rw /
passwd
pam_tally2 –user=root –reset
umount /
chage -I -1 -m 0 -M 99999 -E -1 root
vi /etc/passwd
confirm
root:x:0:0:root:/root:/bin/bash
reboot -f
Check firmware/drivers & vibs versions on esxi command line
esxcli software vib list
esxcfg-scsidevs -a
esxcli storage core adapter list
vmkload_mod -s smartpqi | grep Version
vmkchdev -l | grep vmhba0
esxcli network nic get -n vmnic0
vmkchdev -l | grep vmnic
Lookup passwords from sddc manager
login as vcf
/usr/bin
lookup_passwords
Disk space check sddc manager
df -h
vCenter service commands
service-control –start vmware-postgres-archiver
service-control –start pschealth
watch service-control –status
service-control –start –all
check password rotation number
/etc/pam.d
cat system-password
crash PSOD location
/var/core
last 50 lines of the log file
tail -n 50 logfilename.
See the update of the file live
tail -f /var/log/vmware/vcf/lcm/lcm.log
Change vcf root password
login root via console
change password
change back “passwd”
SOS health and password check sddc manager
su
/opt/vmware/sddc-support/sos –health-check
/opt/vmware/sddc-support/sos –password-health
esxi Restart management
/etc/init.d/hostd restart
/etc/init.d/vpxa restart
services.sh restart
get expirations from nsx
login as admin
get user admin password-expiration
get user audit password-expiration
get user root password-expiration
set user root password “to change”
check disk space on esxi host
Vdf -h
View status of account in unix (unlock locked accounts with pam)
/usr/bin/lookup_passwords
pam_tally2 –user=vcf
or
pam_tally2 –reset –user vcf
Storage command find which bay your fault hard drive is in reported in vcenter
esxcli storage core device physical get -d naa.50000f0b4960
enabled scp on vcenter – file transfer
run the following command to allow scp “chsh -s /bin/bash root”
Copy script to /var/tmp via winscp using “SCP” with winscp
In the putty session run “chsh -s /bin/appliancesh root
Password expiry on vcenter
Login to vcenter
change password when asked
change to new password “passwd”
update in sddc manager via password management, remediate
password expiry on nsx mgr and edge
set user root password
set user admin password
set user audit password
update in sddc manager using update in password management
sddc manager log location
/var/log/vmware/vcf/sddc-support/
default passwords expiry notes
By default most passwords are set to 90 days expiration like NSX-T accounts. vcenter, esxi, sddc manager are 1 year
ESXi Network Commands
esxcfg-info -n | less (show cdp and lldp info)
esxcli network nic down -n vmnicX
esxcli network nic up -n vmnicX
esxcli network nic list
vmkping -I vmk0 IPADDRESS
esxcli network nic get -n vmnic0 (nic info)
vIDM – VMware Id Manager and Commands
etc/init.d/pgService status
service vpostgres status
curl http://localhost:9200/_cluster/health?pretty
curl http://localhost:9200/_cluster/state/nodes,master_node?pretty
vidm command line cluster health
su root -c “echo -e ‘password’|/opt/vmware/vpostgres/current/bin/psql -h localhost -p 9999 -U pgpool postgres -c \”show pool_nodes\””
vrops password rotation
login as root
passwd
chage -l root
may require to change 5 times before expecting the old password
nsx-t commands
see log files – login as root and switch to /var/log/
get services
get cluster status
Upgrade progress
/var/log/upgrade-coordinator/upgrade-coordinator.log
get upgrade progress-status
Obtain cert from DC – LDAPS From vcenter
echo -n | openssl s_client -connect ldaps.vmware.local:636 –showcerts
Remove Failed tasks in VCF
1.Go to your list of tasks and copy the URL of the link to the workflow details
2.Get the task ID from the URL, in the case above that is f298d3d0-f8d3-11e8-ab45-fff01094d867
3. SSH to the SDDC-Manager VM and run the following
4. curl -X DELETE http://localhost/tasks/registrations/f298d3d0-f8d3-11e8-ab45-fff01094d867
5.Refresh the GUI
Clear password history
echo “” > /etc/security/opasswd
NTP Status on esxi hosts
check ntp on esxi host is working
watch ntpq -p localhost
ensure no ZEROS or INIT and items change
CHECK COMMANDS Ports
-u is UDP
curl -v -s -t ‘DUMMY=1’ –connect-timeout 2 telnet://IPADDRESS:22
curl -v -telnet://IPADDRESS:22
nc -z IPADDRESS 8080 – TCP
nc -u IPADDRESS 123 – UDP
nc -zuv IPADDRESS 4045 – CHECKS LISTENING UDP
echo “hello” >/dev/udp/IPADDRESS/123
vidm sshuser and root to almost never expiry
chage -I -1 -m 0 -M 9999 -E -1 root
chage -I -1 -m 0 -M 9999 -E -1 sshuser
check certificate via command line for vcenter
run from vcenter
su
for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo STORE $i; sudo /usr/lib/vmware-vmafd/bin/vecs-cli entry list –store $i –text | egrep “Alias|Not After”; done
generate certificate for esxi host
[root@esxi-mgt-02:~] esxcli system hostname set –host=esxi-mgt-04
[root@esxi-mgt-02:~] esxcli system hostname set –fqdn=esxi-mgt-04.vmware.local
[root@esxi-mgt-02:~] /sbin/generate-certificates
[root@esxi-mgt-02:~] /etc/init.d/hostd restart && /etc/init.d/vpxa restart
[root@esxi-mgt-02:~] reboot