Command Line administration…for those times with a good GUI just won’t work!

esxcfg-* Commands

·      esxcfg-advcfg Sets advanced VMkernel options

·      esxcfg-auth Authentication configuration

·      esxcfg-boot† Configure boot, including PCI allocation

·      esxcfg-dumppart Set, activate, deactivate, list potential and current VMkernel dump partitions

·      esxcfg-firewall Configure firewallingoptions.

·      esxcfg-info Prints information about the service console, the VMkernel, various subsystems in the virtual network and storage resource hardware

·      esxcfg-init† Perform initialization steps in the initrd

·      esxcfg-linuxnet Converts vswifdevices to eth when booting into Linux debugging mode

·      esxcfg-upgrade† Upgrade from ESX Server 2.X to 3.0

†Should not be run unless instructed to do so by VMware Technical Support Representative

·      esxcfg-mpath Multipathingconfiguration

·      esxcfg-nas Add, delete or manage NAS file systems

·      esxcfg-nics Presents physical NIC information

·      esxcfg-rescan Rescan LUNs on SCSI device

·      esxcfg-resgrp Create, delete and list resource groups

·      esxcfg-route Enable or disable routing for vmknics

·      esxcfg-swscsi Configures software iSCSIadapters

·      esxcfg-vmhbadevs Maps COS device files to vmhbanames

·      esxcfg-vmknic Create & configure VMkernel NICs

·      esxcfg-vswif Create & configure vswifsfor the COS

·      esxcfg-vswitch Create & configure virtual switches and port groups

NETWORKING

The biggest issue I see with networking is on the initial setup when the service console is not accessible from the network. The following will help correct this so that it can be accessed via the GUI where you can use the GUI to configure as ultimately needed.

When service console networking problems require manual virtual switch reconfiguration from the physical console use the esxcfg-vswitch command to reassign physical NICs to virtual switches

·      Display current configurations:

o   # esxcfg-vswitch-l

·      Detach a physical NIC from a virtual switch:

o   # esxcfg-vswitch–U <pnic> <vSwitch_name>

·      Link a physical NIC to a virtual switch:

o   • # esxcfg-vswitch–L <pnic> <vSwitch_name>

Modifying Service Console Networking

·      # esxcfg-nics–l

Name    PCI      Driver Link Speed    Duplex Description

vmnic0 02:02.00 tg3     Up   1000Mbps Full   Broadcom …

vmnic1 02:02.01 tg3     Up   1000Mbps Full   Broadcom …

vmnic2 0a:01.00 tg3     Up   1000Mbps Full   Broadcom …

·      # esxcfg-vswitch–l

Switch Name Num Ports Used Ports …   Uplinks

vSwitch0    64        3           …   vmnic0

PortGroupName    Internal ID … Uplinks

Service Console   portgroup0      vmnic0

·      # esxcfg-vswitch–U vmnic0 vSwitch0

·      # esxcfg-vswitch–L vmnic2 vSwitch0

·      # esxcfg-vswitch–l

Switch Name Num Ports Used Ports …   Uplinks

vSwitch1    64        3           …   vmnic2

PortGroupName    Internal ID … Uplinks

Service Console   portgroup1      vmnic2

Service Console Firewall

The service console in ESX 3.0 is protected by an iptablesfirewall use esxcfg-firewall to administer

By default, only services required by VMware Infrastructure are enabled; all other services must be activated by the administrator via the VI Client or CLI

Service ports are opened either by known service name or by individual port number

Opening a port by service name:

·      # esxcfg-firewall –e smbClient

·     

Opening a port by service name:

·      # esxcfg-firewall –o 123,udp,out,ntp

iptablesKnown Services

AAMClient*

CIMHttpServer*

CIMHttpsServer*

CIMSLP*

commvaultDynamic

commvaultStatic

ftpClient

ftpServer

LicenseClient*

nfsClient

nisClient

ntpClient

smbClient

snmpd

sshClient

sshServer*

swISCSIClient

telnetClient

TSM

veritasBackupExec

veritasNetBackup

vncServer

vpxHearbeats*

* Indicates the service is enabled by default

Networking Diagnostics

Diagnostics: VMKernel TCP/IP Stats

# cat /proc/vmware/net/tcpip/ifconfig

ping command uses service console TCP/IP Stack

vmkping uses VMKernel TCP/IP stack

# vmkping -D -v

Diagnostics: Collecting Network Traces

Run tcpdump/ethereal/netmoninside the guest or in the service console

Traffic visibility depends on the portgrouppolicy settings

Portgroup with VLAN id 0 (No VLAN)

• Sees all the traffic on the virtual switch without VLAN tags

Portgroup with VLAN id ‘X’ (1-4094)

• Sees all the traffic on the virtual switch with VLAN id ‘X’

Portgroup with VLAN id 4095

• Sees all traffic on the virtual switch

• Traffic is captured with VLAN tags

Promiscuous mode

• Accept: All visible traffic

• Reject: Only traffic matching the client MAC address

Storage

esxcfg-dumppart

esxcfg-mpath

esxcfg-nas

Service Console Administration

esxcfg-info

esxcfg-advcfg

esxcfg-resgrp

esxcfg-vswif

esxcfg-vswitch

esxcfg-nics

esxcfg-swiscsi

esxcfg-vmhbadevs