ESX Commands – esxcfg-linuxnet

The guide from VMware.com says

esxcfg-linuxnet
Converts vswif to eth when booting ESX Server into service-console-only mode rather than into ESX mode. This command is used for the bootstrap process and is intended for VMware Technical Support use only. You should not issue this command unless instructed to do so by a VMware Technical Support representative.
There is no VI Client equivalent for this command.

Wow I should have saved all these for one post called stuff you don’t use unless someone smart tells you to.

Don’t worry though I checked ahead esxcfg-module has more too it. I actually slightly looked at it when I covered esxcfg-boot.

ESX Commands – esxcfg-init

Wow, this was a good one eh?
check out the help.

[[email protected] root]# esxcfg-init -h
Usage: esxcfg-init
This program is used to initialize device names and advanced configuration options for the VMkernel on system boot.It is NOT intended for use outside of initialization scripts.
[[email protected] root]#

I decided to google the command to see if anyone had insight. Not much more than what I give here. The help command then nothing. So for real I might get 2 blog posts in one day since this is so short.

ESX Commands – esxcfg-info

This is a great command to give you a whole bunch of information. Sort of like trying to drink from a fire hose. Go ahead and type esxcfg-info as root from your console. Wasn’t that fun?
You can follow this article and redirect the output to a file to make it a little easier. If there is a specific area that you need information about you can check the help and use a handy switch t print just the info you need. Which in all honesty may still be more than you can handle.

[[email protected] root]# esxcfg-info -h
Usage: esxcfg-info mode
-a, –all Print all information
-w, –hardware Print hardware information
-r, –resource Print resource information
-s, –storage Print storage information
-n, –network Print network information
-y, –system Print system information
-o, –advopt Print advanced options
-u, –hwuuid Print hardware uuid
-b, –bootuuid Print boot partition uuid
-e, –boottype Print boot type
-c, –cmdline Print vmkernel command line
-F, –format Print the information in the given format
Valid values are “xml” and “perl”
-h, –help Print this message.

A sample from doing esxcfg-info -r (this is just a snippet of output)

==+Host Memory Stats :
|—-Managed…………………………………………..707.97 MB
|—-Kernel……………………………………………94.43 MB
|—-Free……………………………………………..612.89 MB
|—-Minimum Free………………………………………42.47 MB
|—-Excess……………………………………………570.43 MB
|—-Reserved………………………………………….47.95 MB
|—-Available…………………………………………565.60 MB
|—-State…………………………………………….High
|—-Total Swap Read……………………………………0 KB
|—-Total Swap Written…………………………………0 KB
|—-Total Overhead…………………………………….0 KB
|—-Total Size………………………………………..1.59 MB
|—-Total COW…………………………………………1.28 MB
|—-Total Zero………………………………………..0 KB
|—-Total Shared………………………………………0 KB
|—-Total Balloon……………………………………..0 KB
|—-Total Swapped……………………………………..0 KB
|—-Total Touched……………………………………..1.59 MB
|—-Total Allocated……………………………………5.48 MB
|—-Total Target………………………………………5.48 MB
|—-Total Swap Target………………………………….0 KB
|—-Total Balloon Target……………………………….0 KB

ESX Commands – esxcfg-hwiscsi

Next in the order of commands is esxcfg-hwiscsi. This command according to the iSCSI SAN configuration guide will let you set certain settings as required by your SAN on your hardware iSCSI HBA.

esxcfg-hwiscsi -h – this is the help. Not a ton there but enough.

esxcfg-hwiscsi -l – lists the current settings.

esxcfg-hwiscsi -a – allow arp redirection on the HW iSCSI HBA. This is used be some sans to move traffic between ports.

esxcfg-hwiscsi -j – Will enable a jumbo frame (MTU 9000 bytes) when it is disabled the frame is 1500 bytes.

I will bet if these settings are required you till be directed to use them be the SAN vendor or HBA vendor. IF something bizarre is happening on your iSCSI SAN with hardware HBA’s one of these might not match the SAN.

ESX Commands – esxcfg-firewall

I have really forgot to keep up on my VCDX study path. So today a quick tidbit on the esxcfg-firewall command.
Many of us today will use the vCenter Client to change firewall ports on the ESX. One instance where I exclusively mess with the firewall from the command line using esxcfg-firewall is when I install Dell OpenManage. I am already in the console to install the agents so I might as well open the firewall from the console too.
This really applies to any kind of agent or software you add to your ESX installation. So if you find yourself already in the console why not save a step and do it from the cli?

Lets look at the command

# esxcfg-firewall -o 1311,tcp,in,OpenManageRequest

First is the command, esxcfg-firewall, -o is for openport, the 1311 is the port number, tcp is protocol, in is the direction and the final part is the name of the service.

Now if you want to see all of your esxcfg-firewall settings try:
esxcfg-firewall -q

Show if specifig service is enabled.
esxcfg-firewall -q [service name]

Of course typing esxcfg-firewall -h gives lots of good help.

Some links: (You can google and find a ton more)

ESX Guide
VMware Land
Yellow Bricks
Vritualization Admin

ESX Commands – esxcfg-dumppart

Finally have a second to log into the test ESX and mess with esxcfg- commands again.

Today, esxcfg-dumppart, this command can be used to list, create and activate dump partitions used by the VMKernel during a crash. I would bet almost everyone automatically creates one of these during the install of ESX. What I mean is I never even tried to not create a dump part on installation. I was trying to think of a practical use for this. Maybe we want the dump to go to a SAN partition or a some other drive? I would guess this would make is possible.

I found a neat PDF from VMware while researching this command.

ESX Commands – esxcfg-boot

What in the world does this command do?

esxcfg-boot
esxcfg-boot
-h –help
-q –query bootvmkmod
-p –update-pci
-b –update-boot
-d –rootdev UUID=
-a –kernelappend
-r –refresh-initrd
-g –regenerate-grub
Queries cannot be combined with each other or other options. Passing -p or -d enables -b even if it is not passed explicitly. -b implies -g plus a new initrd creation. -b and -r are incompatible, but -g and -r can be combined.


Here is some output from my lab:
[[email protected] root]# esxcfg-boot -q boot
272 0:*; UUID=96c048d7-ee1d-4455-b6a5-801bfbaabbdc /vmlinuz-2.4.21-7.ELvmnix /initrd-2.4.21-57.ELvmnix.img

[[email protected] root]# esxcfg-boot -q vmkmod vmklinuxmptscsi_2xx.oe1000.olvmdrivervmfs3etherswitchshapertcpipcosShadow.omigrationnfsclientdeltadiskvmfs2

I am picturing these commands to be much like kernel options, modprobe and bootloader settings you would set up when you compile your kernel in Linux. Most hardcore linux guys would let you know you are a real man when you recompile your own kernel. In VMware, I would be hesitant to mess with any of this unless I broke something. Then again, with all of my VM’s on the SAN, if I bombed out an ESX host this bad, I would take 20 minutes to rebuild it.

Then I noticed from the B2V Guide that I would make use of this when I changed my queue depth on my hba’s. Which I have done before. I followed this note on the forums.

What other device driver options beside the hba will you every change?
Here is some things I found:
More HBA problems
And even more queue depth fun
And this list could be longer, just searching VMware Community.
I would guess that the reason we don’t jack with the drivers with ESX and the hardware is becuase of the very good compatibility list. You don’t just run ESX 3.5 on anything (at least not for production).

ESX Commands – esxcfg-auth

Following my alphabetical method of learning.

esxcfg-auth
usage: esxcfg-auth [options]

options:
–enablemd5 Enable MD5 password storage
–disablemd5 Disable MD5 password storage
–enableshadow Enable Shadow password storage
–disableshadow Disable Shadow password storage
–enablenis Enable NIS Authentication
–disablenis Disable NIS Authentication
–nisdomain=domain Set the NIS domain
–nisserver=server Set the NIS server
–enableldap Enable LDAP User Management
–disableldap Disable LDAP User Management
–enableldapauth Enable LDAP Authentication
–disableldapauth Disable LDAP Authentication
–ldapserver=server Set the LDAP Server
–ldapbasedn=basedn Set the base DN for the LDAP server
–enableldaptls Enable TLS connections for LDAP
–disableldaptls Disable TLS connections for LDAP
–enablekrb5 Enable Kererbos Authentication
–disablekrb5 Disable Kererbos Authentication
–krb5realm=domain Set the Kerberos Realm
–krb5kdc=server Set the Kebreros Key Distribution Center
–krb5adminserver=server
Set the Kerberos Admin Server
–enablead Enable Active Directory Authentication
–disablead Disable Active Directory Authentication
–addomain=domain Set the Active Directory Domain
–addc=server Set the Active Directory Domain Controller
–usepamqc=values Enable the pam_passwdqc module
–usecrack=values Enable the pam_cracklib module
–enablecache Enables caching of login credentials
–disablecache Disables caching of login credentials
–passmaxdays=days Set the maximum number of days a password remains valid.
–passmindays=days Set the minimum number of days a password remains valid.
–passwarnage=days Set the number of days a warning is given before a
password expires.
–maxfailedlogins=count
Sets the maximum number of login failures before the
account is locked out, setting to 0 will disable this
-p, –probe Print the settings to the console
-v, –verbose Enable verbose logging
-h, –help show this help message and exit

For more actual usage I would defer to one of the most useful vm blogs around from Scott Lowe. The common usage for most of us daily users would be to enable active directory authentication on the ESX. So your team of admins can get in and do work in certain situations. Now when your team is one (still looking for that other VCP, hopefully he passes the test this week) or two this is not a huge requirement.
Additional authentication requirements can be set here depending on your environments reqs. I would generally let clients know this is available but have not had anyone demand to have the maxfailedlogsin set to 5 or something.

ESX Commands – esxcfg-advcfg


Everything I find out in the VM Blogosphere about studying for the VCDX says to know your esxcfg- commands. Ok. So here I go.
The first command as I start out was the one on the top: esxcfg-advcfg.

[[email protected] root]# esxcfg-advcfg
Usage: esxcfg-advcfg []
-g|–get Get the value of the config option
-s|–set Set the value of the config option
-d|–default Reset Config option to default
-q|–quiet Suppress output
-k|–set-kernel Set a VMkernel load time option value.
-j|–get-kernel Get a VMkernel load time option value.
-m|–set-message Set DCUI welcome message.
-u|–uuid Ensure the Vmkernel system UUID is set and print it.
-h|–help Show this message.
-r|–restore Restore all advanced options from the configuration
file. (FOR INTERNAL USE ONLY).

A great wealth of info about this command (and all esxcfg- commands) from b2vGuide2vmware3. So not wanting to repeat anything written on the site. I would ask what is the common usage situation for this command?
We can see how to use the command but exactly why would I do those changes?
I guess from the looks of things this command might be the hardest one to explain.
Anyone out there able to fully explain this?

Maybe alphabetical was the wrong way to start.