Hola a todos,
Esta vez voy a mostrarte cómo utilizar la aplicación vSphere Diagnostic Tool, esta herramienta es utilizada para realizar verificaciones de diagnóstico sobre el servidor de VMware vCenter Server Appliance. Este herramienta consiste en un script en python que ejecuta comandos de diagnóstico para validar el estado de salud del servicio de vCenter.
Nota: Como requisito mínimo en necesario tener una versión de vCenter Server 6.5 o mayor.
Esta herramienta realiza las siguientes validaciones:
- vCenter Basic Info
- Lookup Service Check
- AD Check
- vCenter Certificate Check
- Core File Check
- Disk Check
- vCenter DNS Check
- vCenter NTP Check
- vCenter Port Check
- Root Account Check
- vCenter Services Check
- VCHA Check
Aquí les dejo el enlace para que puedas ver las características de esta herramienta.
El primer paso será descargar la herramienta desde el portal de VMware Fling
Luego de descargar el archivo es necesario copiar el mismo al servidor de vCenter. En mi caso utilizaré el comando scp pero pueden utilizar cualquier herramienta que soporte conexiones ssh como por ejemplo:
- WinSCP
- FileZilla
- Cyberduck
- CrossFTP
Ejemplo de como copiar archivo de VDT:
[rebelinux@rebelpc Downloads]$ scp ./vdt-v1.1.4.zip root@192.168.5.2:/root
VMware vCenter Server 8.0.0.10100
Type: vCenter Server with an embedded Platform Services Controller
(root@192.168.5.2) Password:
vdt-v1.1.4.zip 100% 106KB 1.8MB/s 00:00
[rebelinux@rebelpc Downloads]$
Luego es necesario conectarse a través de ssh al servidor de vcenter. Para esto utilizamos el comando ssh o cualquier herramienta de emulación de terminal (Putty, etc..)
[rebelinux@rebelpc Downloads]$ ssh -l root (IP/FQDN of vCenter Server)
VMware vCenter Server 8.0.0.10100
Type: vCenter Server with an embedded Platform Services Controller
(root@192.168.5.2) Password:
Last login: Tue Dec 27 20:30:20 2022 from 192.168.70.2
root@vcenter-01v [ ~ ]#
Una vez conectados al servidor de vCenter es necesario el descomprimir el archivo de la herramienta de VDT que cargamos con el comando SCP
root@vcenter-01v [ ~ ]# cd /root/
root@vcenter-01v [ ~ ]# ls
`vdt-v1.1.4.zip`
root@vcenter-01v [ ~ ]# unzip vdt-v1.1.4.zip
Archive: vdt-v1.1.4.zip
3557676756cffd658fd61aab5a6673269104e83c
creating: vdt-v1.1.4/
inflating: vdt-v1.1.4/README.md
creating: vdt-v1.1.4/cfg/
inflating: vdt-v1.1.4/cfg/config_log.ini
extracting: vdt-v1.1.4/formerly_pulse.txt
creating: vdt-v1.1.4/lib/
inflating: vdt-v1.1.4/lib/__init__.py
inflating: vdt-v1.1.4/lib/cisutils.py
inflating: vdt-v1.1.4/lib/lstool_parse.py
inflating: vdt-v1.1.4/lib/lstool_scan.py
inflating: vdt-v1.1.4/lib/pformatting.py
inflating: vdt-v1.1.4/lib/utils.py
creating: vdt-v1.1.4/scripts/
extracting: vdt-v1.1.4/scripts/__init__.py
inflating: vdt-v1.1.4/scripts/__vc_info_auth.py
inflating: vdt-v1.1.4/scripts/_vc_dns.sh
inflating: vdt-v1.1.4/scripts/lsreport.py
inflating: vdt-v1.1.4/scripts/vc_ad_check.py
inflating: vdt-v1.1.4/scripts/vc_auth_cert_check.py
inflating: vdt-v1.1.4/scripts/vc_auth_vmdir_check.py
inflating: vdt-v1.1.4/scripts/vc_corefile_check.py
inflating: vdt-v1.1.4/scripts/vc_db_check.py
inflating: vdt-v1.1.4/scripts/vc_disk_space.py
inflating: vdt-v1.1.4/scripts/vc_ntp.sh
inflating: vdt-v1.1.4/scripts/vc_ports.py
inflating: vdt-v1.1.4/scripts/vc_root_check.py
inflating: vdt-v1.1.4/scripts/vc_services.py
inflating: vdt-v1.1.4/scripts/vc_syslog_check.py
inflating: vdt-v1.1.4/scripts/vc_vcha_check_auth.py
creating: vdt-v1.1.4/templates/
inflating: vdt-v1.1.4/templates/python_template.py
inflating: vdt-v1.1.4/vdt.py
root@vcenter-01v [ ~ ]# ls
`vdt-v1.1.4` vdt-v1.1.4.zip
root@vcenter-01v [ ~ ]#
El próximo paso seria movernos a la carpeta de vdt-vX.X.X
root@vcenter-01v [ ~ ]# cd vdt-v1.1.4
root@vcenter-01v [ ~/vdt-v1.1.4 ]# ls
cfg formerly_pulse.txt lib README.md scripts templates `vdt.py`
root@vcenter-01v [ ~/vdt-v1.1.4 ]#
El archivo inportante en esta carpeta es el llamado vdt.py que es el que utilizaremos para ejecutar el diagnostigo. Una vez dentro de la carpeta vdt-vx.x.x podemos ejecutar el comando python vdt.py
root@vcenter-01v [ ~/vdt-v1.1.4 ]# python vdt.py
_________________________
RUNNING PULSE CHECK
Today: Tuesday, December 27 20:42:42
Version: 1.1.4
Log Level: INFO
Provide password for administrator@vsphere.local:
________________________
VCENTER BASIC INFO
BASIC:
Current Time: 2022-12-27 20:42:47.424017
vCenter Uptime: up 5:19
vCenter Load Average: 0.04, 0.18, 0.22
Number of CPUs: 2
Total Memory: 11.7
vCenter Hostname: vcenter-01v.pharmax.local
vCenter PNID: vcenter-01v.pharmax.local
vCenter IP Address: 192.168.5.2
Proxy Configured: "no"
NTP Servers: 192.168.5.1
vCenter Node Type: vCenter with Embedded PSC
vCenter Version: 8.0.0.10100 - 20920323
DETAILS:
vCenter SSO Domain: vsphere.local
vCenter AD Domain: No DOMAIN
Number of ESXi Hosts: 3
Number of Virtual Machines: 128
Number of Clusters: 3
Disabled Plugins: None
__________________
VC DNS CHECK
[FAIL] Running script: /root/vdt-v1.1.4/scripts/_vc_dns.sh timed out. Please re-run with --force.
__________________________
Lookup Service Check
[FAIL] Running script: /root/vdt-v1.1.4/scripts/lsreport.py timed out. Please re-run with --force.
_________________
VC AD CHECK
Domain Report:
No domain(s) detected
Domain Exclusion List:
None
DC Exclusion List:
None
__________________________
VC CERTIFICATE CHECK
[PASS] ESXi Certificate Management Mode: vmca
Checking MACHINE_SSL_CERT
[PASS] Supported Signature Algorithm
[PASS] Certificate trust check
[PASS] Certificate expiration check
[PASS] Certificate SAN check
Checking Other Certificate Stores
MACHINE
[PASS] Supported Signature Algorithm
[PASS] Certificate trust check
[PASS] Certificate expiration check
[INFO] Certificate SAN check
DETAILS: SAN contains hostname but not IP.
VSPHERE-WEBCLIENT
[PASS] Supported Signature Algorithm
[PASS] Certificate trust check
[PASS] Certificate expiration check
[INFO] Certificate SAN check
DETAILS: SAN contains hostname but not IP.
VPXD
[PASS] Supported Signature Algorithm
[PASS] Certificate trust check
[PASS] Certificate expiration check
[INFO] Certificate SAN check
DETAILS: SAN contains hostname but not IP.
VPXD-EXTENSION
[PASS] Supported Signature Algorithm
[PASS] Certificate trust check
[PASS] Certificate expiration check
[PASS] Check extended key usage
[INFO] Certificate SAN check
DETAILS: SAN contains hostname but not IP.
Checking VC Extension Thumbprints
[PASS] com.vmware.vim.eam Thumbprint Check
[PASS] com.vmware.rbd Thumbprint Check
[PASS] com.vmware.imagebuilder Thumbprint Check
DATA-ENCIPHERMENT
[PASS] Supported Signature Algorithm
[PASS] Certificate trust check
[PASS] Certificate expiration check
[INFO] Certificate SAN check
DETAILS: SAN contains hostname but not IP.
SMS
[PASS] Supported Signature Algorithm
[PASS] Certificate expiration check
BACKUP_STORE
NOTE: If you do not need your old certs, you can delete this store.
Command: /usr/lib/vmware-vmafd/bin/vecs-cli store delete --name BACKUP_STORE
HVC
[PASS] Supported Signature Algorithm
[PASS] Certificate trust check
[PASS] Certificate expiration check
[INFO] Certificate SAN check
DETAILS: SAN contains hostname but not IP.
WCP
[PASS] Supported Signature Algorithm
[PASS] Certificate trust check
[PASS] Certificate expiration check
Checking TRUSTED_ROOTS certificates
Alias: 33081c78da512bdb7716bb537e7b5c9cb33e15ba
[PASS] Supported Signature Algorithm
[PASS] Certificate is self-signed
[PASS] Certificate expiration check
[PASS] Certificate is a CA
Alias: 22e9c5e5d583b37ca1da12c5e71433136a7ea420
[PASS] Supported Signature Algorithm
[PASS] Certificate is self-signed
[PASS] Certificate expiration check
[PASS] Certificate is a CA
Alias: 62a73d6d9de388d14f8faad569b4ff9532158f87
[PASS] Supported Signature Algorithm
[PASS] Certificate is self-signed
[PASS] Certificate expiration check
[PASS] Certificate is a CA
Alias: 88849bc0f586e78423f17765703ee262c33b78a9
[PASS] Supported Signature Algorithm
[PASS] Certificate is self-signed
[PASS] Certificate expiration check
[PASS] Certificate is a CA
Alias: 0d46751c3b70a1aeeff774f501f29722a31c25d3
[PASS] Supported Signature Algorithm
[PASS] Certificate is self-signed
[PASS] Certificate expiration check
[PASS] Certificate is a CA
Alias: 0f6d4d3b8c71290e76b6b6c0661275f6f37b9ce0
[PASS] Supported Signature Algorithm
[PASS] Certificate is self-signed
[PASS] Certificate expiration check
[PASS] Certificate is a CA
Alias: 3f9f239ead6b20745042fbbd8b93b9045c5071f0
[PASS] Supported Signature Algorithm
[PASS] Certificate is self-signed
[PASS] Certificate expiration check
[PASS] Certificate is a CA
Alias: 0c9d572dd410ecb72bec5587854f3914cf8be65c
[PASS] Supported Signature Algorithm
[PASS] Certificate is self-signed
[PASS] Certificate expiration check
[PASS] Certificate is a CA
Checking local LDAP cert
VMDIR CERT
[PASS] Certificate expiration check
Checking STS Certs
[PASS] Certificate expiration check
_________________
VMdir Check
[INFO] VMdir database size: 70.39MB
[INFO] VMdir Status Check (No partners)
[PASS] VMdir State Check
[PASS] VMdir Arguments Check
_____________________
CORE FILE CHECK
INFO:
These core files are older than 72 hours. consider deleting them
at your discretion to reduce the size of log bundles.
FILES:
/storage/core/core.python.116972 Size: 275.04MB Last Modified: 2022-12-17T16:45:21
/storage/core/core.vpxd-worker.65394 Size: 653.33MB Last Modified: 2022-11-01T09:57:50
/storage/core/core.vpxd-worker.4747 Size: 723.52MB Last Modified: 2022-11-01T09:57:22
[INFO] Number of core files: 3
[PASS] Number of hprof files: 0
______________________________
vCenter PostgresDB Check
Top 10 Largest Tables:
tablename | size
------------------+---------
vpx_proc_log | 45 MB
vpx_event_arg_6 | 30 MB
vpx_event_arg_9 | 30 MB
vpx_event_arg_5 | 27 MB
pk_vpx_proc_log | 11 MB
vpx_event_arg_7 | 5912 kB
vpx_event_arg_26 | 5488 kB
vpx_event_arg_14 | 4904 kB
vpx_event_arg_10 | 4760 kB
vpx_hist_stat3_6 | 4576 kB
Total Postgres Size:
208M /storage/db/vpostgres/
679M /storage/seat/vpostgres/
858M Interpreted by vPostgres
________________
DISK CHECK
[PASS] DISK CAPACITY
[PASS] INODE USAGE
RESULT: [PASS]
Please see KB: https://kb.vmware.com/s/article/1003564
__________________
VC NTP CHECK
[PASS] NTP service is running
NTP Server Check
[PASS] 192.168.5.1
NTP Status Check
+-----------------------------------LEGEND-----------------------------------+
| remote: NTP peer server |
| refid: server that this peer gets its time from |
| when: number of seconds passed since last response |
| poll: poll interval in seconds |
| delay: round-trip delay to the peer in milliseconds |
| offset: time difference between the server and client in milliseconds |
+-----------------------------------PREFIX-----------------------------------+
| * Synchronized to this peer |
| # Almost synchronized to this peer |
| + Peer selected for possible synchronization |
| – Peer is a candidate for selection |
| ~ Peer is statically configured |
+----------------------------------------------------------------------------+
remote refid st t when poll reach delay offset jitter
==============================================================================
*192.168.5.1 198.137.202.32 3 u 373 1024 377 0.232 -64.346 16.835
RESULT: [PASS]
________________________
vCenter Port Check
Checking ports: 443, 389, 2012, 2020
For port information, please see KB: https://kb.vmware.com/s/article/52963
[PASS] Port check for host vcenter-01v.pharmax.local
________________________
Root Account Check
[PASS] Root password never expires
_______________________
VC SERVICES CHECK
Printing only services that are stopped and should be started.
KB: https://kb.vmware.com/s/article/2109887
RESULT: [PASS]
__________________
Syslog Check
Remote Syslog config: None configured
[PASS] Local Syslog Functional Check
________________
VCHA CHECK
[INFO] VCHA is not enabled.
Report written to /var/log/vmware/vdt/vdt-report-2022-12-27-204242
Please send feedback / feature requests to project_pulse@vmware.com
Revise los resultados en la ventana. El significado, los resultados y las instrucciones de cada prueba se explican por sí mismos.