Adding replica to vrops cluster:
https://sivasankar.org/2018/1802/part-2-vmware-vrops-6-7-replica-node-installation-ha-configuration-steps/
Freeing space on the vrealize database parition
Run the following command to find Java heapdump files that can be removed:
find / -name \*.hprof -exec ls -lah {} \;
The files should be in the /storage/db/vcops/heapdump/ directory. Verify that the files are not current with ls -l and remove the files with rm.
Verify disk space has been freed with df -h
Source:
Safely cleaning /storage/db space in vRealize Operations (2093903) (vmware.com)
Verify that Photon OS can see the new disk added:
lsblk
Add the device to the physical volume group:
pvcreate /dev/sdd
Verify that the volume was added:
pvs
View the volume group:
vgs
Extend the data volume group:
vgextend data /dev/sdd
View the logical volumes:
lvs
The database logical volume name is db. Find this logical volume's full path:
findmnt or df -h
Add the additional storage space to the database logical volume:
lvextend -l +100%FREE /dev/mapper/data-db
Make it usable:
resize2fs /dev/mapper/data-db
The above command works to extend an EXT filesystem. To extend an XFS filesystem use:
xfs_growfs /dev/mapper/data
List of all ports and protocols used by VMware products:
https://ports.esp.vmware.com/
Vcenter Upgrade Notes
Pre-req reading:
https://luchodelorenzi.com/category/psc/
Handy commands:
Partner replication status:
/usr/lib/vmware-vmdir/bin/vdcrepadmin -f showpartnerstatus -h vcenterhostname -u administrator
Show replication topology:
/usr/lib/vmware-vmafd/bin/dir-cli nodes list --server-name vcenter.beareware.com
Directory server state:
/usr/lib/vmware-vmafd/bin/dir-cli state get --server-name localhost
Resetting root password on vcenter with administrator via SSH:
https://kb.vmware.com/s/article/75174
Resetting root password via GRUB when administrator password unknown:
https://kb.vmware.com/s/article/2147144
How to unlock and reset SSO administrator password in vSphere:
Run /usr/lib/vmware-vmdir/bin/vdcadmintool
https://kb.vmware.com/s/article/2146225
Vcenter server status and how to start failed ones:
service-control --status --all
service-control --start --all
Enabling the shell in vcenter:
shell.set --enabled true
Unlocking the root account in vcenter:
pam_tally2 --user root --reset
ESXi show NIC IPs:
esxcli network ip interface ipv4 get
Enabling SFTP in vcenter:
In order to SFTP to a vcenter you have to set root's shell as bash on vcenter:
chsh -s /bin/bash root
Ls Doctor:
https://kb.vmware.com/s/article/80469
Identifying Orphan VMs:
get-vm * | where {$_.ExtensionData.Summary.Runtime.ConnectionState -eq "orphaned"} | out-file c:\users\username\orphans2.txt
Resetting VMs script:
Connect-VIServer -Server vcenter
$computers = Get-Content c:\Temp\computers.txt
foreach ($computer in $computers) {
Restart-VM -VM $computer -Confirm:$False
}
Disconnect-VIServer
Grabbing Tasks/Events from vCenter:
Connect-VIServer -Server servername
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false
#Get VM Events
$filename = "c:\temp\FILENAME.csv"
$entity = get-vm -name servername
Get-VIEvent -entity $entity -maxsamples 2500 |
select createdtime,username,fullformattedmessage | Export-Csv -Path $filename -NoTypeInformation -UseCulture
Vrops shutdown/startup procedure:
https://captainvops.com/2017/03/20/shutdown-and-startup-sequence-for-a-vrealize-operations-manager-cluster/
Vrops database health checks:
https://captainvops.com/2017/07/28/performing-a-database-health-check-on-vrealize-operation-manager-vrops-6-5/
Vrops status check:
vrops-status
Enabling TFTPD on vCenter to support AutoDeploy:
Login as root and run this command to start the TFTP server:
service atftpd start
And to make this permanent to start after the appliance is rebooted execute this command:
insserv atftpd (ignore any messages about syslog for runlevel 2, not relevant to this service)
Next you need to enable the firewall rule to allow clients to access this service:
iptables -A port_filter -p udp -m udp --dport 69 -j ACCEPT
To make the firewall rules persistent:
iptables-save > /etc/iptables.rules
Next edit the file /etc/init.d/after.local and add this line:
iptables-restore -c < /etc/iptables.rules
Finding certificate expiration dates in vCenter:
These includes the STS, Solutions Users and Web UI certificates:
for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
Useful commands on ESXi:
esxcli network ip interface list
esxcli network ip interface ipv4 get
Ping example (up to 254 addresses - fourth octet):
for i in $(seq 254); do ping 192.168.1.$i -c1 -W1 & done | grep from
Ping Example (1 through 10 addresses - fourth octet):
for i in $(seq 1 10); do ping 192.168.1.$i -c1 -W1 & done | grep from
PowerShell script that can be used to set VMK IP addresses:
###
$csvFile = "C:\replaceHostIP.csv"
$hostData = Import-Csv -Path $csvFile
Connect-VIServer -Server vcenter
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false
#Loop begin
foreach($entry in $hostData){
$hostName = $entry.esxHost
$VMK = $entry.vmk
$newIP = $entry.newvmkIP
Get-VMHost -Name $hostName | Get-VMHostNetworkAdapter -Name $VMK | Set-VMHostNetworkAdapter -IP $newIP -Confirm:$false
}
Disconnect-VIServer * -Confirm:$false
###
Sample CSV file headers:
esxHost,vmk,newvmkIP
Useful VMware websites for Vsphere/Vcenter patching:
Download patches here:
https://customerconnect.vmware.com/patch
Release notes:
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3o-release-notes/index.html
ESXi Build numbers:
https://kb.vmware.com/s/article/2143832
Vcenter Build numbers:
https://kb.vmware.com/s/article/2143838
Download custom images and vendor addons (you can also download vmware product versions here):
https://customerconnect.vmware.com/downloads/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/7_0#addons
Links now moved to Broadcom, the above may not work.
Security Advisories:
https://support.broadcom.com/group/ecx/security-advisory?