Monday, January 5, 2009

ESX Engineer Configuration Commands Cheat Sheet

I periodically set up ESX servers for customers. Over time I have developed a document that helps me when I am performing configurations on-site. This is by no means an inclusive list of commands, this is more a brain dump for me so I have access to this in case my laptop isn’t handy. If anybody has any additions, I would love to hear them!!

  • Edit an ESX server to allow root SSH and SFTP access

    • vi /etc/ssh/sshd_config
    • Change PermitRootLogin no to yes
    • Restart ssh service using the command: service sshd restart

  • Edit an ESX Server for NTP access (Internet in this case, could be a customer NTP server)

    • vi /etc/ntp.conf
    • Change OUR TIMESERVERS section, enter the server names – For the Internet use the following:

      • server
      • server
      • server

    • Pipe the NTP Servers into step-tickers so NTP will update at NTP start using the following the commands:

      • Echo >> /etc/ntp/step-tickers
      • Echo >> /etc/ntp/step-tickers
      • Echo >> /etc/ntp/step-tickers

    • Set NTP to start: chkconfig ntpd on
    • Set ESX Firewall to allow NTP Traffic: esxcfg-firewall –e ntpClient
    • Run an manual update: ntpdate

  • Patch the ESX Server with the latest patches (Update Manager is MUCH easier!)
  • NOTE: The patches must be installed in “groups” based on their date starting with the oldest to the newest (i.e. apply the Septmber 9th patches, then the September 21st patches, etc)

    • SFTP the Patches into a directory on the server
    • Change into the folder and run the following as root
    • For ESX 3.0.X: tar –xvzf (name of patch).tgz
    • For ESX 3.5.X: unzip *.zip
    • change into the directory it creates
    • esxupdate –(2 dashes)noreboot update
    • change back to the root patch folder, rinse, repeat
    • When complete enter the following command to check the patch status: esxupdate query

  • Commands to change the server ip, name, dns, gatewat, etc.

    • To check the config of the server from the command line: esxcfg-info
    • To check the vSwitch settings from the command line: esxcfg-nics -l
    • To change the hostname of the server or the default gateway

      • vi /etc/sysconfig/network
      • vi /etc/hosts with the new name

    • To change the DNS entries of the ESX server: vi /etc/resolv.conf
    • To change the IP Address and the Subnet Mask of the ESX Server:

      • esxcfg-vswif –i (IP Address) –n (Subnet Mask) (vswitch-name -> vswif0 for the Service Console by default)

    • To change the VLAN tag of the service console port:

      • esxcfg-vswitch vSwitch0 –p “Service Console” –v (VLAN NUMBER)

    • NOTE: If you modify the above settings, make sure you also modify the network section of the /root/anaconda-ks.cfg file as well (ESX 3.5 only)
    • To see what services the ESX firewall will allow: esxcfg-firewall –s
    • To change the root password from the command line: passwd
    • If you have changed the ip address or name and HA is acting up:

      • /opt/vmware/aam/bin/ft_gethostbyname
      • rename and/or delete FT_HOSTS file under /etc/opt/vmware/aam/

      Scott has more information at this link for network configuration.

No comments: