2vcps and a Truck

So I was updating some of my blog posts on the esxcfg-* commands with any changes in ESX 4. I wrote earlier I did not know much about the esxcfg-advcfg command. Since writing that post at the end of 2008, I found Duncan Epping used esxcfg-advcfg in 3.5 to set the option rescan all the Hba’s. I thought this was a great shortcut and decided to try it out in vSphere but:

[root@esx4 ~]# esxcfg-advcfg -s 1 /Scsi/ScsiRescanAllHbas
Exception occured: Unable to find option ScsiRescanAllHbas

So I looked through vCenter 4 and did not find the option under Scsi I looked around some in the other Advanced Options and it is no where to be found.

Has this been removed or moved somewhere else? If you know hit me up on twitter @2vcps

Want to change the Service Console IP address from the command line real quick like?

esxcfg-vswif -i [new IP] -n [netmask] [vswif]
example (as root)
esxcfg-vswif -i 172.25.100.92 -n 255.255.255.0 vswif0

Q: How do I know what is my vswif?
A: esxcfg-vswif -l
output

you can also use esxcfg-vswif -l to verify the ip of your service console.

A good reference is also available here.

UPDATE: Eric Siebert wrote an almost identical article here for techtarget. Since I don’t want people to think I just lift ideas from other blogs I would like to credit this article at the top. Although I have been using this procedure for nearly 2 years for snapshots. I would like to say I didn’t see his article before I posted mine. Next time I will do more googling. I try to keep this blog from regurgitating ideas that can be found elsewhere.

Do you ever have to commit gigantic snapshots that the vCenter client times out before it is finished. After the initial panic a while ago I learned the snapshots continue to delete even if the client times out. So how do you know what they are finished?
Answer ssh in the service console and look.

A ‘ls’ of a normal virtual machine:

A ‘ls’ of the vm with a snapshot:

Now a try – watch -n 30 ‘ls -alh’
This will re-run the ls -alh command every 30 seconds.
In action:

Now if you VI Client times out you can leave this window running so you will know the snapshots are gone when the vmdk with the “delta” in the filename are gone.

Notice the additional delta files that appear. When deleting snapshots the vCenter will create a new delta file for changes that occur during the delete of the original delta. Then it deletes this new delta. I know I know an awesome video. I really like playing with Jing though.
The watch command can be used with an linux command you want to repeat over and over and over.

Following my alphabetical method of learning.

esxcfg-auth
usage: esxcfg-auth [options]

options:
–enablemd5 Enable MD5 password storage
–disablemd5 Disable MD5 password storage
–enableshadow Enable Shadow password storage
–disableshadow Disable Shadow password storage
–enablenis Enable NIS Authentication
–disablenis Disable NIS Authentication
–nisdomain=domain Set the NIS domain
–nisserver=server Set the NIS server
–enableldap Enable LDAP User Management
–disableldap Disable LDAP User Management
–enableldapauth Enable LDAP Authentication
–disableldapauth Disable LDAP Authentication
–ldapserver=server Set the LDAP Server
–ldapbasedn=basedn Set the base DN for the LDAP server
–enableldaptls Enable TLS connections for LDAP
–disableldaptls Disable TLS connections for LDAP
–enablekrb5 Enable Kererbos Authentication
–disablekrb5 Disable Kererbos Authentication
–krb5realm=domain Set the Kerberos Realm
–krb5kdc=server Set the Kebreros Key Distribution Center
–krb5adminserver=server
Set the Kerberos Admin Server
–enablead Enable Active Directory Authentication
–disablead Disable Active Directory Authentication
–addomain=domain Set the Active Directory Domain
–addc=server Set the Active Directory Domain Controller
–usepamqc=values Enable the pam_passwdqc module
–usecrack=values Enable the pam_cracklib module
–enablecache Enables caching of login credentials
–disablecache Disables caching of login credentials
–passmaxdays=days Set the maximum number of days a password remains valid.
–passmindays=days Set the minimum number of days a password remains valid.
–passwarnage=days Set the number of days a warning is given before a
password expires.
–maxfailedlogins=count
Sets the maximum number of login failures before the
account is locked out, setting to 0 will disable this
-p, –probe Print the settings to the console
-v, –verbose Enable verbose logging
-h, –help show this help message and exit

For more actual usage I would defer to one of the most useful vm blogs around from Scott Lowe. The common usage for most of us daily users would be to enable active directory authentication on the ESX. So your team of admins can get in and do work in certain situations. Now when your team is one (still looking for that other VCP, hopefully he passes the test this week) or two this is not a huge requirement.
Additional authentication requirements can be set here depending on your environments reqs. I would generally let clients know this is available but have not had anyone demand to have the maxfailedlogsin set to 5 or something.