ESX Commands – esxcfg-module

After the last two entries being somewhat boring and not useful at least in my opinion. I am glad this command has a little more to it.

[root@esx1 root]# esxcfg-module -h
Usage: esxcfg-module
-g–get-options Get the options for a given module and whether it is loaded on boot.
-s–set-options Set the options for a given module. WARNING this may be overwritten by per device options.
-e–enable Enable a given module, indicating it should be loaded on boot.
-d–disable Disable a given module, indicating it should not be loaded on boot.
-q–query Query enabled modules options.
-l–list List all modules and whether they are enabled.
-h–help Show this message.
[root@esx1 root]# esxcfg-module -l
Device Driver Modules
Module Enabled Loaded
vmklinux true true
cciss true true
tg3 true true
qla4022 true true
e1000 true true
qla2300_707_vmwtrue truel
vmdriver true true
vmfs3 true true
etherswitch true true
shaper true true
tcpip true true
cosShadow true true
migration true true
nfsclient true true
deltadisk true true
vmfs2 true true
iscsi_mod true true
[root@esx1 root]#

So a common use I have seen with this command is to turn off unused modules. Go ahead and free up some resources turn off vmfs2! You don’t use it.
Another use is to change HBA options.

/usr/sbin/esxcfg-module -s ql2xmaxqdepth=64 qla2300_707_vmw
Remember to follow it with:
/usr/sbin/esxcfg-boot -b

Check out VCDX Master Ninja/Jedi Duncan Epping using this command combo in a scripted install.

ESX Commands – esxcfg-linuxnet

The guide from VMware.com says

esxcfg-linuxnet
Converts vswif to eth when booting ESX Server into service-console-only mode rather than into ESX mode. This command is used for the bootstrap process and is intended for VMware Technical Support use only. You should not issue this command unless instructed to do so by a VMware Technical Support representative.
There is no VI Client equivalent for this command.

Wow I should have saved all these for one post called stuff you don’t use unless someone smart tells you to.

Don’t worry though I checked ahead esxcfg-module has more too it. I actually slightly looked at it when I covered esxcfg-boot.

ESX Commands – esxcfg-init

Wow, this was a good one eh?
check out the help.

[root@esx1 root]# esxcfg-init -h
Usage: esxcfg-init
This program is used to initialize device names and advanced configuration options for the VMkernel on system boot.It is NOT intended for use outside of initialization scripts.
[root@esx1 root]#

I decided to google the command to see if anyone had insight. Not much more than what I give here. The help command then nothing. So for real I might get 2 blog posts in one day since this is so short.

ESX Commands – esxcfg-info

This is a great command to give you a whole bunch of information. Sort of like trying to drink from a fire hose. Go ahead and type esxcfg-info as root from your console. Wasn’t that fun?
You can follow this article and redirect the output to a file to make it a little easier. If there is a specific area that you need information about you can check the help and use a handy switch t print just the info you need. Which in all honesty may still be more than you can handle.

[root@esxlab1 root]# esxcfg-info -h
Usage: esxcfg-info mode
-a, –all Print all information
-w, –hardware Print hardware information
-r, –resource Print resource information
-s, –storage Print storage information
-n, –network Print network information
-y, –system Print system information
-o, –advopt Print advanced options
-u, –hwuuid Print hardware uuid
-b, –bootuuid Print boot partition uuid
-e, –boottype Print boot type
-c, –cmdline Print vmkernel command line
-F, –format Print the information in the given format
Valid values are “xml” and “perl”
-h, –help Print this message.

A sample from doing esxcfg-info -r (this is just a snippet of output)

==+Host Memory Stats :
|—-Managed…………………………………………..707.97 MB
|—-Kernel……………………………………………94.43 MB
|—-Free……………………………………………..612.89 MB
|—-Minimum Free………………………………………42.47 MB
|—-Excess……………………………………………570.43 MB
|—-Reserved………………………………………….47.95 MB
|—-Available…………………………………………565.60 MB
|—-State…………………………………………….High
|—-Total Swap Read……………………………………0 KB
|—-Total Swap Written…………………………………0 KB
|—-Total Overhead…………………………………….0 KB
|—-Total Size………………………………………..1.59 MB
|—-Total COW…………………………………………1.28 MB
|—-Total Zero………………………………………..0 KB
|—-Total Shared………………………………………0 KB
|—-Total Balloon……………………………………..0 KB
|—-Total Swapped……………………………………..0 KB
|—-Total Touched……………………………………..1.59 MB
|—-Total Allocated……………………………………5.48 MB
|—-Total Target………………………………………5.48 MB
|—-Total Swap Target………………………………….0 KB
|—-Total Balloon Target……………………………….0 KB

ESX Commands – esxcfg-hwiscsi

Next in the order of commands is esxcfg-hwiscsi. This command according to the iSCSI SAN configuration guide will let you set certain settings as required by your SAN on your hardware iSCSI HBA.

esxcfg-hwiscsi -h – this is the help. Not a ton there but enough.

esxcfg-hwiscsi -l – lists the current settings.

esxcfg-hwiscsi -a – allow arp redirection on the HW iSCSI HBA. This is used be some sans to move traffic between ports.

esxcfg-hwiscsi -j – Will enable a jumbo frame (MTU 9000 bytes) when it is disabled the frame is 1500 bytes.

I will bet if these settings are required you till be directed to use them be the SAN vendor or HBA vendor. IF something bizarre is happening on your iSCSI SAN with hardware HBA’s one of these might not match the SAN.

ESX Commands – esxcfg-firewall

I have really forgot to keep up on my VCDX study path. So today a quick tidbit on the esxcfg-firewall command.
Many of us today will use the vCenter Client to change firewall ports on the ESX. One instance where I exclusively mess with the firewall from the command line using esxcfg-firewall is when I install Dell OpenManage. I am already in the console to install the agents so I might as well open the firewall from the console too.
This really applies to any kind of agent or software you add to your ESX installation. So if you find yourself already in the console why not save a step and do it from the cli?

Lets look at the command

# esxcfg-firewall -o 1311,tcp,in,OpenManageRequest

First is the command, esxcfg-firewall, -o is for openport, the 1311 is the port number, tcp is protocol, in is the direction and the final part is the name of the service.

Now if you want to see all of your esxcfg-firewall settings try:
esxcfg-firewall -q

Show if specifig service is enabled.
esxcfg-firewall -q [service name]

Of course typing esxcfg-firewall -h gives lots of good help.

Some links: (You can google and find a ton more)

ESX Guide
VMware Land
Yellow Bricks
Vritualization Admin

ESX Commands – esxcfg-dumppart

Finally have a second to log into the test ESX and mess with esxcfg- commands again.

Today, esxcfg-dumppart, this command can be used to list, create and activate dump partitions used by the VMKernel during a crash. I would bet almost everyone automatically creates one of these during the install of ESX. What I mean is I never even tried to not create a dump part on installation. I was trying to think of a practical use for this. Maybe we want the dump to go to a SAN partition or a some other drive? I would guess this would make is possible.

I found a neat PDF from VMware while researching this command.

ESX Commands – esxcfg-configcheck

The ESX Quick reference has information on this command.

I didn’t find any posts in the VMware Communities or the Knowledge base with any reference to this command. From what I can cypher it checks the settings of the /etc/vmware/esx.conf . I wonder if it does any more or less.

http://screencast.com/t/flViWgGth3

So really, does anyone know the insides of this command?

ESX Commands – esxcfg-boot

What in the world does this command do?

esxcfg-boot
esxcfg-boot
-h –help
-q –query bootvmkmod
-p –update-pci
-b –update-boot
-d –rootdev UUID=
-a –kernelappend
-r –refresh-initrd
-g –regenerate-grub
Queries cannot be combined with each other or other options. Passing -p or -d enables -b even if it is not passed explicitly. -b implies -g plus a new initrd creation. -b and -r are incompatible, but -g and -r can be combined.


Here is some output from my lab:
[root@esxlab2 root]# esxcfg-boot -q boot
272 0:*; UUID=96c048d7-ee1d-4455-b6a5-801bfbaabbdc /vmlinuz-2.4.21-7.ELvmnix /initrd-2.4.21-57.ELvmnix.img

[root@esxlab2 root]# esxcfg-boot -q vmkmod vmklinuxmptscsi_2xx.oe1000.olvmdrivervmfs3etherswitchshapertcpipcosShadow.omigrationnfsclientdeltadiskvmfs2

I am picturing these commands to be much like kernel options, modprobe and bootloader settings you would set up when you compile your kernel in Linux. Most hardcore linux guys would let you know you are a real man when you recompile your own kernel. In VMware, I would be hesitant to mess with any of this unless I broke something. Then again, with all of my VM’s on the SAN, if I bombed out an ESX host this bad, I would take 20 minutes to rebuild it.

Then I noticed from the B2V Guide that I would make use of this when I changed my queue depth on my hba’s. Which I have done before. I followed this note on the forums.

What other device driver options beside the hba will you every change?
Here is some things I found:
More HBA problems
And even more queue depth fun
And this list could be longer, just searching VMware Community.
I would guess that the reason we don’t jack with the drivers with ESX and the hardware is becuase of the very good compatibility list. You don’t just run ESX 3.5 on anything (at least not for production).

ESX Commands – esxcfg-auth

Following my alphabetical method of learning.

esxcfg-auth
usage: esxcfg-auth [options]

options:
–enablemd5 Enable MD5 password storage
–disablemd5 Disable MD5 password storage
–enableshadow Enable Shadow password storage
–disableshadow Disable Shadow password storage
–enablenis Enable NIS Authentication
–disablenis Disable NIS Authentication
–nisdomain=domain Set the NIS domain
–nisserver=server Set the NIS server
–enableldap Enable LDAP User Management
–disableldap Disable LDAP User Management
–enableldapauth Enable LDAP Authentication
–disableldapauth Disable LDAP Authentication
–ldapserver=server Set the LDAP Server
–ldapbasedn=basedn Set the base DN for the LDAP server
–enableldaptls Enable TLS connections for LDAP
–disableldaptls Disable TLS connections for LDAP
–enablekrb5 Enable Kererbos Authentication
–disablekrb5 Disable Kererbos Authentication
–krb5realm=domain Set the Kerberos Realm
–krb5kdc=server Set the Kebreros Key Distribution Center
–krb5adminserver=server
Set the Kerberos Admin Server
–enablead Enable Active Directory Authentication
–disablead Disable Active Directory Authentication
–addomain=domain Set the Active Directory Domain
–addc=server Set the Active Directory Domain Controller
–usepamqc=values Enable the pam_passwdqc module
–usecrack=values Enable the pam_cracklib module
–enablecache Enables caching of login credentials
–disablecache Disables caching of login credentials
–passmaxdays=days Set the maximum number of days a password remains valid.
–passmindays=days Set the minimum number of days a password remains valid.
–passwarnage=days Set the number of days a warning is given before a
password expires.
–maxfailedlogins=count
Sets the maximum number of login failures before the
account is locked out, setting to 0 will disable this
-p, –probe Print the settings to the console
-v, –verbose Enable verbose logging
-h, –help show this help message and exit

For more actual usage I would defer to one of the most useful vm blogs around from Scott Lowe. The common usage for most of us daily users would be to enable active directory authentication on the ESX. So your team of admins can get in and do work in certain situations. Now when your team is one (still looking for that other VCP, hopefully he passes the test this week) or two this is not a huge requirement.
Additional authentication requirements can be set here depending on your environments reqs. I would generally let clients know this is available but have not had anyone demand to have the maxfailedlogsin set to 5 or something.