If you are using ESX server 2.x, you can
click here for the command line guide to ESX 2.x The esxcfg- Commands esxcfg- There are a new set of command line tools in ESX 3.x which all start with "esxcfg-". These tools are used to configure each part of the ESX 3.x configuration. For example, esxcfg-firewall is used to manage the service console firewall while the esxcfg-nic is used to manage the physical Ethernet adapters present in the server.
esxcfg-advcfg The
esxcfg-advcfg command is interesting as there is not a huge amount of help about this command. However, we can figure out that it is meant to do advanced configuration and we can figure out some settings that can be made. The -g switch is used to "get" settings; the -s switch is used to "set" settings.
Here are a few examples of some VMkernel parameters which can be interrogated.
[root@esx1host vmware]# esxcfg-advcfg -g /Misc/BlueScreenTimeout
Value of BlueScreenTimeout is 0
[root@esx1host vmware]# esxcfg-advcfg -g /Misc/HostName
Value of HostName is esx1.vmlab.net
[root@esx1host vmware]# esxcfg-advcfg -g /VMFS3/ZeroedThickVirtualDisks
Value of ZeroedThickVirtualDisks is 1
[root@esx1host vmware]# esxcfg-advcfg –g /Disk/SupportSparseLUN
Value of SupportSparseLUN is 1
[root@esx1host vmware]# esxcfg-advcfg –g /Disk/MaxLUN
Value of MaxLUN is
[root@esx1host vmware]# esxcfg-advcfg –g /Scsi/ConflictRetries
Value of ConflictRetries is
[root@esx1host vmware]# esxcfg-advcfg –g /LVM/EnableResignature
Value of EnableResignature is
The question is, how much is configurable? To figure out what is configurable, we recommend that you look in the directory /proc/vmware/config which you will find in the service console command line and then you will see the following directories
BufferCache
Cpu
Disk
FileSystem
Irq
LVM
Mem
Migrate
Misc
Net
NFS
Numa
Scsi
User
VMFS3
From these directories and the files within, you can work out the paths to be supplied to the esxcfg-advcfg command as parameters. Alternatively, you could also use the command
esxcfg-info –o
to list the advanced options.
When using the esxcfg-advcfg command, remember case sensitivity!
Usage: esxcfg-advcfg <options> [<adv cfg Path>]
-g|--get Get the value of the config option
-s|--set <value> Set the value of the config option
-d|--default Reset Config option to default
-q|--quiet Suppress output
-k|--set-kernel Set a VMkernel load time option value.
-j|--get-kernel Get a VMkernel load time option value.
-h|--help Show this message.
-r|--restore Restore all advanced options from the configuration file. (FOR INTERNAL USE ONLY).
esxcfg-firewall
The service console in ESX 3 now has a firewall enabled by default. The network packet filtering found in Red Hat Linux is called
iptables. As the management of
iptables is not entirely straightforward, the
esxcfg-firewall command makes things a load easier.
We use this command to view and configure the firewall rules.
The most popular switch will be the -q switch to query the firewall for its settings.
[root@esxhost1 root]# esxcfg-firewall -q
<output>
The -s switch will allow you to enable or disable network services that may traverse the firewall successfully. The list of known services are shown below - very case sensitive!....
nfsClient
ftpServer
ntpClient
dellom
nisClient
vncServer
tmpLicenseClient
swISCSIClient
CIMHttpsServer
sshClient
snmpd
tmpAAMClient
vpxHeartbeats
smbClient
hpim
tmpHostVmdbServer
tmpHostdSOAPServer
ftpClient
sshServer
ibmdirector
CIMHttpServer
telnetClient
The -l switch loads the firewall and enables the IP tables.
The -u switch unloads the firewall and disables the IP tables.
We use the -e switch to enable a particular known service, so if we wanted to enable ssh outbound connections from the service console we would simply enter
[root@esxhost1 root]# esxcfg-firewall -e sshClient
We use the -d switch to disable a service. In the following example, we prevent outbound connections
[root@esxhost1 root]# esxcfg-firewall -d smbClient
If we need to open a TCP or UDP port that is not described by a defined friendly name like "sshClient", then we can explicitly open that port with the -o switch. The service console firewall is bidirectional and so when opening a port you must also specify direction of incoming or outgoing. Equally, we can close an explicit port with the -c switch.
[root@esxhost1 root]# esxcfg-firewall -o tcpport,out,name
In the following example, we are opening a unique port which we are calling "customapp"
[root@esxhost1 root]# esxcfg-firewall -o 12345,out,custom-app The service names such as
sshClient and
smbClient are defined in the file
/etc/vmware/firewall/services.xml .
esxcfg-module
This command produces an output similar to
vmkload_mod -list [root@esx1host tools-isoimages]# esxcfg-module -l
Module Type Enabled Loaded
vmkapimod vmkapimod true true
vmklinux linux true true
cciss.o scsi true false
tg3.o nic true false
qla2300_7xx.o fc true false Although if you compare the output with the old command, things don't exactly match up. Not sure why just yet....
esxcfg-rescan
This command is used to perform a rescan of a host bus adapter (HBA). Specifically it scans a named vmkernel hba device, i.e. a vmhba. This command does a similar job to
vmkfstools -rescan.
In this example the esxcfg-rescan command is used to rescan the iSCSI software initiator vmhba.
[root@esx1host]# esxcfg-rescan vmhba40
See all the ways you can stay connected
to friends and family