vcap5-dca command line guide - vikernel.files.wordpress.com...
TRANSCRIPT
Command Line Guide – VCAP5-‐DCA www.viKernel.com, Gareth Hogarth Purpose: The purpose of this document is to provide the necessary supporting knowledge for the VCAP5-‐DCA exam. The information provided is not intended as a comprehensive study guide, but can be used to assist you with some of the topics highlighted in the exam blueprint. Version Date Author Description 1.0 14/05/2014 Gareth Hogarth vSphere 5.0, 5.1 specific content.
Table of Contents
Classify and Claim SCSI device as SSD ........................................................................................................................................ 2
Remove SSD Tag ....................................................................................................................................................................... 3
Using ESXTOP ........................................................................................................................................................................... 4
vscsiStats Tool .......................................................................................................................................................................... 5
Enable and Configure SNMP (ESXi Host) ................................................................................................................................... 6
Configure Syslog (ESXi Host) ..................................................................................................................................................... 6
Query ESXi Configuration File ................................................................................................................................................... 7
Configure Core Dump Collector ................................................................................................................................................. 7
ESXi Firewall Rules .................................................................................................................................................................... 7
Restart Core ESXi Services ......................................................................................................................................................... 8
Log File Locations ...................................................................................................................................................................... 8
Checking vmkernel Configuration ............................................................................................................................................. 9
Query Kernel Modules .............................................................................................................................................................. 9
Update Manager Download Service .......................................................................................................................................... 9
List NFS Datastores ................................................................................................................................................................. 10
Enable SSH .............................................................................................................................................................................. 10
SSL Generation (ESXi Host) ..................................................................................................................................................... 10
Setting SSL Timeouts .............................................................................................................................................................. 11
Manage ESXi Host Password Complexity ................................................................................................................................ 11
Using the VMA ....................................................................................................................................................................... 11
PowerCLI: Commandlet Examples ........................................................................................................................................... 12
PowerCLI : Identify Environment Variables ............................................................................................................................. 12
PowerCLI: Update Manager Commandlets .............................................................................................................................. 13
Using the ESXi Image Builder .................................................................................................................................................. 13
Using Auto Deploy .................................................................................................................................................................. 14
Advanced Boot Loader Options .............................................................................................................................................. 15
LUN Masking .......................................................................................................................................................................... 15
Add Multipath Claim Rules ..................................................................................................................................................... 16
Masking Paths ........................................................................................................................................................................ 16
Define NMP SATP Rules .......................................................................................................................................................... 18
Classify and Claim SCSI device as SSD Reference Documentation: vSphere 5.1 Storage Guide – Page 146. Recommendations:
• Use Datastores that are created on SSD Storage Devices to allocate space for ESXi Host Cache • Make sure the SSD firmware is up to date (check with your storage vendor) • Carefully monitor how intensively you use the SSD Device and calculate its estimated lifetime (which is dependent on
how frequently it is used). See vmware doc Storage Guide page 151. We need to use the PSA SATP claim rule to tag devices that cannot be autodetected.
1. First we need to identify the SCSI device you want to tag as an SSD. ~ # esxcli storage nmp device list From this command we need the following information:
-‐ Storage Array Type : VMW_SATP_DEFAULT_AA -‐ Device Name: naa.6000eb3b66d179ac000000000000001f -‐ Path (optional): vmhba33:C0:T0:L0
2. Create a new claim rule esxcli storage nmp satp rule add -‐s SATP -‐-‐device device_name -‐-‐option=enable_ssd ~ # esxcli storage nmp satp rule add -‐s VMW_SATP_DEFAULT_AA -‐-‐device=naa.6000eb3b66d179ac000000000000001f -‐-‐option=enable_ssd
3. Next we want to check if the rule has been added. ~ # esxcli storage nmp satp rule list As you can see from the image below the drive (device naa.6000..) has now been enabled_ssd / user information.
Now we need to run the reclaim rule : ~ # esxcli storage core claiming reclaim -‐d naa.6000eb3b66d179ac000000000000001f
4. If you go into vCenter the drive should now be tagged as SSD –
Remove SSD Tag
1. To unclaim the device as SSD: Reference Command: esxcli storage nmp satp rule remove -‐s VMW_SATP_CX -‐-‐device naa.600.. ~ # esxcli storage nmp satp rule remove -‐s VMW_SATP_DEFAULT_AA -‐-‐device naa.6000eb3b66d179ac000000000000001f Or: ~ # esxcli storage nmp satp rule remove -‐d naa.6000eb3b66d179ac000000000000001f -‐s VMW_SATP_DEFAULT_AA -‐o disable_ssd This can be checked by running the following command to ensure the claim rule has been removed:
2. Unclaim the device esxcli storage core claiming unclaim -‐-‐type device -‐-‐device naa. ~ # esxcli storage core claiming unclaim -‐-‐type device -‐-‐device naa.6000eb3b66d179ac000000000000001f
3. Reclaim the device by a standard NMP – ~ # esxcli storage core claimrule load ~ # esxcli storage core claimrule run
4. Check that the device is no longer showing up as SSD esxcli storage core device list -‐d device_name ~ # esxcli storage core device list -‐d naa.6000eb3b66d179ac000000000000001f
Checking the health of SSD devices using smart Reference guide: vSphere 5.1 Storage Guide Page 150
Using ESXTOP There are three modes:
• Interactive: Default Mode • Batch: Captures metrics for later analysis (.csv) • Replay back: Shows information captured by the vm-‐support command.
Displays:
• c CPU • m Memory • n Network • d Disk Adapter • u Disk Device (Includes NFS) • v VM virtual disk • f Add and remove fields • Change the order of the fields • W Save the settings (prompted to specify filename • C Load saved file • You can also kill worlds (using ‘k’)
Batch Mode esxtop -‐b -‐a 5 -‐n 200 > capture.csv (This will capture all performance data every 5 seconds 200 times).
• -‐d delay • -‐n number of iterations • -‐a all performance data
esxtop -‐b -‐a -‐d 5 -‐n 60 > /vmfs/volumes/Synology-‐NFS01/esxtop_analysis.csv duaration x 60 / n (iterations) Replay Mode Here we use the vm-‐support command, after completion we can use ESXTOP to replay back the performance metrics. vm-‐support -‐p -‐d 300 -‐i 4 –w /vmfs/volumes/Synology-‐NFS01/
• -‐p Capture Performance Data • -‐d Duration (seconds) • -‐i Interval (like delay in esxtop) • -‐w Sets working directory
This will produce a concatenated file, which is also compressed (tgz). Next we need to extract the file as follows:
tar zxvf
• Reconstruct the file to make sure it’s consistent. • Browse to the directory of the extracted file and you will see the reconstruct.sh shell script – run it. • After the file has been reconstructed we can use ESXtop to show us the data.
esxtop -‐R /vmfs/volumes/Synology-‐NFS01/extracted dir
vscsiStats Tool How to calculate VM i/o profile, obtain random vs sequential, latency We can capture the following:
• all • ioLength I/O size (4KB, 8, 16KB) • seekDistance How much of the data is sequential • outstandingIOs • latency ms
~ # vscsiStats –l Virtual Machine worldGroupID: 189694, Virtual Machine Display Name: XPGuest01, Virtual Machine Config File: /vmfs/volumes/432929f8-‐cecadab5/XPGuest01/XPGuest01.vmx, { Virtual SCSI Disk handleID: 8210 (ide0:0) Next start the stat collection with ‘-‐s’ flag and enter the worldGroupID and if you want the handleID for a particular disk. Let this run for 5-‐15 min ~ # vscsiStats -‐s -‐w 189694 -‐i 8210 vscsiStats: Starting Vscsi stats collection for worldGroup 189694, handleID 8210 (ide0:0) Success. ~ # We have two options, either print to screen ‘–p’ or dump to file ‘–c’ ~ # vscsiStats -‐p iolength The output will provide you a sumaary of ioLenght (size) in three summaries (total, reads, writes) From the summary we can see that the majority of the I/O size is 4096Bytes (4K) with some also at 32K.
~ # vscsiStats -‐p seekDistance -‐c > /tmp/vscsiStats_xp01_report.csv
Enable and Configure SNMP (ESXi Host) Reference Document: vSphere Monitoring and Performance – 5.1 : Page 172/173 Reference Command: esxcli system snmp set -‐-‐targets target.example.com@162/public. esxcli system snmp set -‐-‐enable true. esxcli system snmp test.
~ # esxcli system snmp set -‐e true ~ # esxcli system snmp get Authentication: Communities: public Enable: true Engineid: 00000063000000a100000000 Hwsrc: indications Loglevel: info Notraps: Port: 161 Privacy: Remote users: Syscontact: Syslocation: Targets: 192.168.12.11@514 public Users: V3targets: ~ #
Configure Syslog (ESXi Host) Use the mark command to send a test # esxcli system syslog config set -‐-‐loghost=192.168.12.11 # esxcli system syslog config get Default Network Retry Timeout: 180 Local Log Output: /scratch/log Local Logging Default Rotation Size: 1024 Local Logging Default Rotations: 8 Log To Unique Subdirectory: false Remote Host: 192.168.12.11
Query ESXi Configuration File This file stores configuration information about the ESXi host, the information is read at boot and can hold useful information for scripting or amending mappings – for example: You can edit the mapping of physical network cards adapters to vmnics. Location: /etc/vmware/esx.conf/ /device/000:002:04.0/vmkname = "vmnic1" /device/000:002:01.0/vmkname = "vmnic0" /device/000:002:08.0/vmkname = "vmnic5" /device/000:002:06.0/vmkname = "vmnic3" /device/000:002:05.0/vmkname = "vmnic2" /device/000:002:07.0/vmkname = "vmnic4"
Configure Core Dump Collector Note – to use this you need the core dump service installed, and you need a vmkernel interface that is on the same network as the coredump collector. # esxcli system coredump network set -‐e=true # esxcli system coredump network set -‐-‐server-‐ipv4=192.168.12.11 -‐v=vmk0 -‐o=6500 # esxcli system coredump network get Enabled: true Host VNic: vmk0 Network Server IP: 192.168.12.11 Network Server Port: 6500
ESXi Firewall Rules Rules can be viewed via the vi-‐client or the esxcli command tools, minor modifications can be made using the vi-‐client. New rules can only be created using command line. List firewall rule sets (vi-‐client or esxcli) # esxcli network firewall ruleset list # esxcli network firewall ruleset rule list Show default firewall state: ~ # esxcli network firewall get Default Action: DROP Enabled: true Loaded: true ~ # esxcli network firewall set -‐-‐enabled=false (firewall is off) ~ # esxcli network firewall set -‐-‐enabled=true (firewall is on) # esxcli network firewall set -‐-‐default-‐action=true (sets default action to allow) ~ # esxcli network firewall get Default Action: PASS (= lower security) Enabled: true Loaded: true ~ # ~ # esxcli network firewall set -‐-‐default-‐action=false ~ # esxcli network firewall get Default Action: DROP (= higher security) Enabled: true Loaded: true ~ #
Create custom firewall rule: cd /etc/vmware/firewall cp fdm.xml new_firewall_rule.xml vi new_firewall_rule.xml change file permissions if necessary, modify xml file as needed make sure in config file you set rule to enable true! ~ # esxcli network firewall refresh ~ # esxcli network firewall unload ~ # esxcli network firewall load ~ # ~ # esxcli network firewall ruleset list new_firewall_rule true ~ # esxcli network firewall ruleset rule list Ruleset Direction Protocol Port Type Port Begin Port End -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐ new_firewall_rule Inbound TCP Dst 1234 1234 new_firewall_rule Outbound TCP Dst 1234 1234 new_firewall_rule Inbound UDP Dst 1234 1234 new_firewall_rule Outbound UDP Dst 1234 1234
Restart Core ESXi Services /etc/init.d # ./vpxa restart watchdog-‐vpxa: Terminating watchdog process with PID 44544 vpxa stopped. /etc/init.d # ./hostd restart watchdog-‐hostd: Terminating watchdog process with PID 44177 hostd stopped. hostd started. To reboot all the services – use the services.sh restart command
Log File Locations vCenter: Area: C:\ProgramData\VMware\VMware VirtualCenter\Logs (note: directory is hidden) .vpxd -‐ main vCenter log file (vcenter service wont start) ESXi /var/log/vmkernel Main log (storage, , vmotion issues, vm startup) /var/log/shell.lof Tracking shell
/var/log/auth.log Logs all connections /var/log/esxupdate.log Troubleshooting Update Manager Host Patch/Deployments /var/log/hostd.log Host management service logs (host and VM tasks and events) /var/log/vpxa.log Host unable to communicate with vCenter Server
Checking vmkernel Configuration # esxcli network ip interface list
Query Kernel Modules ~ # esxcli system module parameters list -‐m=nfsclient Name Type Value Description -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐ -‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ oneRequest bool Only allow one outsanding request at a time (debugging only) ~ #
Update Manager Download Service Use cases:
• Security requirements dictate that update manager cannot connect to internet directly. • A team needs to verify and test all patches. • The downloaded patches are then exported and can be copied via USB key. To Update manager. • Its is recommended that windows task scheduler be used to script the download of updates.
Procedure (page 52) Update Manager Guide
1. Open command prompt on server you installed umds 2. Navigate to the installation directory
To setup a download of all the ESX/ESXi host updates and all virtual appliance upgrades run the following command: vmware-‐umds –S –-‐enable-‐host –enable-‐va To download ESX/ESXi patches but disable virtual appliance updates: vmware-‐umds –S –-‐enable-‐host –disable-‐va To start the download of patches use: vmware-‐umds –D (-‐d for download) -‐ This should be scheduled using windows task scheduler. EXPORT downloaded data vmware-‐umds –E –-‐export-‐store folderpath (setup xcopy to sync, transfer via USB key, Setup webserver: IIS/Apache
List NFS Datastores Just make sure all NFS datastores are mounted the same ~ # esxcli storage nfs list Volume Name Host Share Accessible Mounted Read-‐Only Hardware Acceleration -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ Synology-‐NFS01 172.16.80.1 /volume1/NFS true true false Not Supported ~ #
Enable SSH Disabled by default – enabled via the vi-‐client under Security Profile -‐> ESXiShell (TSM) set to start SSH (TSM) set to start SSH configuration areas: /etc/ssh/sshd_config (grant non-‐root account access to shell) /etc/vmware/ssl/ SSH Timeouts Reference Document: vSphere ESXi vCenter Server 5.1 Security Guide Page: SSH Timeouts can be set via the vi-‐client or via the command line – vi-‐client -‐> Host -‐> Software -‐> Advanced Settings -‐> UserVars –ESXiShellTimeOut Two areas:
• UserVars.ESXiShellInteractiveTimeOut – basically an idle timeout if logged in, just kills SSH session if idle. • UserVars.ESXIShellTimeOut – used to automatically stop service after ‘x’ amount of seconds. Example 1 hour
This can also be set using esxcfg-‐advcfg or via the DCUI
SSL Generation (ESXi Host) Reference Document: vSphere ESXi vCenter Server 5.1 Security Guide Page: 119 Generate new SSL certificates, or replace the certificates with your own. Location : /etc/vmware/ssl/ Two files: rui.crt & rui.key Important: Take a copy of the certificate & key file, before replacing. mv rui.crt orig.rui.crt mv rui.key orig.rui.key Replace these keys with the CA-‐based key file and crt file.
Restart the hosts of connect to the DCUI and restart the management services. To generate new SSL certificates run: /sbin/generate-‐certificates Then restart the host. vCenter SSL Cert location: c:\Program Data\VMware\VMware Virtual Center\SSL
Setting SSL Timeouts Configure SSL timeout for ESXi Two values:
• ‘The Read Timeout‘ setting applies to connections that have completed the SSL handshake process on 443. • ‘The Handshake Timeout’ setting applies to connections that have not completed the SSL handshake process on 443.
Set in milliseconds cd /etc/vmware/hostd/config.xml vi config.xml
Manage ESXi Host Password Complexity Reference Document: vSphere ESXi vCenter Server 5.1 Security Guide Page: 153 ESXi host password complexity can be changed by editing the following file: /etc/pam.d/passwd template: password requisite /lib/security/$ISA/pam_passwdqc.so retry=N min=N0,N1,N2,N3,N4 example: password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=12,9,8,7,6 With this setting in effect, the password requirements are: retry=3: A user is allowed 3 attempts to enter a sufficient password N0=12: Passwords containing characters from one character class must be at least 12 characters long. N1=9: Passwords containing characters from two character classes must be at least nine characters long. N2=8: Passphrases must contain words that are each at least eight characters long. N3=7: Passwords containing characters from three character classes must be at least seven characters long. N4=6: Passwords containing characters from all four character classes must be at least six characters long.
Using the VMA Reference Document: vSphere Management Assistant Guide – Page 17 The vma requires an IP pool, which is created under the datacenter object. Join vma to AD sudo domainjoin-‐cli join geminilocal [email protected] Login as vi-‐admin # Not as root Add vCenter Server using AD Credentials: vifp addserver vcenter01.sunnydale.local –authpolicy adauth –username <Domain>\\<UserName> vifp listservers –l # List connected servers vifptarget -‐s esx01.geminilocal.com # Set the default target and makes it so you don’t have to type the password in each time.
Updates can be Performed via web ui https://vma.whatever.local:5480 Execute command using the vma esxcli -‐-‐server vcenter -‐-‐vihost esx01.geminilocal.com network nic list Rotate Passwords (vi-‐admin vi-‐user) vifp rotatepassword -‐-‐now -‐-‐server esx01.geminilocal.com
PowerCLI: Commandlet Examples PowerCLI uses a Verb/Noun Structure – Command -‐paramenter1 -‐parameter2argument1 -‐argument2 Setting Execution mode to remote signed: PowerCLI C:\> Set-‐ExecutionPolicy RemoteSigned PowerCLI C:\> Connect-‐VIServer vCenter PowerCLI C:\> Get-‐VICommand PowerCLI C:\> Get-‐VM | get-‐snapshot | format-‐list | out-‐file c:\output (can also use the >) PowerCLI C:\> ConvertTo-‐HTML (or csv, xml) PowerCLI C:\> Get-‐VM | get-‐snapshot | format-‐list | ConvertTo-‐HTML > c:\output
PowerCLI : Identify Environment Variables PowerCLI C:\> Get-‐Item Env: In order to use the listed Environment variables “$env:” should be placed in the front : Ie: cd $env:commonprogramfiles PowerCLI C:\> $env:commonprogramfiles C:\Program Files\Common Files PowerCLI C:\>
PowerCLI C:\> Get-‐Help Get-‐VM (This is a good commend for showing help on a cmdlet.) PowerCLI C:\> Get-‐Help Get-‐VM -‐Detailed or full (For a detailed list of the command and examples) VMStore Command (VMFS Datastore Browser Tool) PowerCLI C:\> cd vmstore:
PowerCLI: Update Manager Commandlets Must be installed separately To see list of all update manager commands: PowerCLI C:\> Get-‐Command -‐PSSnapin VMware.VUMAutomation
/walk through vCenter inventory. vi vis
Using the ESXi Image Builder Reference Document : vSphere Installation and Setup Guide : Page 155 ESXi Image Builder Add-‐EsxSoftwareDepot C:\Images\VMware-‐ESXi-‐5.5….zip # Add depot to PowerCLI session Get-‐EsxImageProfile # List current image profiles New-‐EsxImageProfile –CloneProfile “HP-‐ESXi-‐5.5..” –Name “VCAP” –Vendor “MeddInc” # Clone existing profile Add-‐EsxSoftwareDepot C:\Images\BCD-‐Bfa….zip # Add extra driver VIB Get-‐EsxSoftwarePackage | Sort Vendor # Check new driver is included Add-‐EsxSoftwarePackage –ImageProfile “VCAP” –SoftwarePackage “scsi-‐bfa” # Add driver above to cloned image Get-‐ESXIMageProfile “VCAP” | Select –ExpandProperty Viblist | Where {$_.Vendor –eq ‘Brocade’} # Check driver added to image Export-‐EsxImageProfile –ImageProfile “VCAP” –ExportToIso –Filepath C:\Images\VCAP.iso # Export custom image to ISO file Export-‐EsxImageProfile –ImageProfile “VCAP” –ExportToBundle –Filepath C:\Images\VCAP.zip # Export custom image to offline-‐bundle Software Depot -‐ Collection of VIBs and Image Profiles, can be accessed via HTTP URL or a zip file (offline depot). VIB -‐ (vSphere installation bundle), software package made for vSphere containing a driver or application Image Profile -‐ ESXi Image that has the base image and possible other VIBs Download vSphere 5.1 ESXi Offline Bundle and extract Download any additional VIBs (drivers you want to install). Add-‐EsxSoftwareDepot (provide location of extracted zip files).
Get-‐EsxImageProfile | Format-‐List (or Select Name) (you want the standard without the s).
New-‐EsxImageProfile –CloneProfile ESXi-‐5.1.0-‐201…… -‐Standard –Name “Build01-‐VCAP” –vendor vikernel
Get-‐ESXiSoftwarePackage (to list the 3rdparty vibs located in the other software depot)
Ref command: Add-‐EsxSoftwarePackage -‐ImageProfile My_Profile -‐SoftwarePackage partner-‐package Add-‐EsxSoftwarePackage –ImageProfile Build01-‐VCAP -‐SoftwarePackage scsi-‐qla2xxx Exporting Image as Offline Bundle (AutoDeploy) or an ISO Reference Command: Export-‐EsxImageProfile -‐ImageProfile "myprofile" -‐ExportToIso -‐FilePath iso_name
Removing an ESXi Software Package: Get-‐EsxSoftwarePackage (This will give you a list of all the packages, identify the name of the one you want to remove)
Then re-‐export the profile and an .iso or .zip
Using Auto Deploy Reference Document: vSphere Installation and Setup Page 82 Add software depot: Add-‐EsxSoftwareDepot E:\VMwareSoftwareDepot\update-‐from-‐esxi5.1-‐5.1_update02 Get-‐EsxImageProfile | Select-‐Object Name
1. New-‐DeployRule –Name “AutoDeplpoy-‐Rule –Item AutoDeployBuild –AllHosts 2. Add-‐DeployRule -‐
(Assign Host Profile to Host – Assumes you have created one first!)
Connect-‐VIServer vcenter # Create a new rule based on custom ImageProfile New-‐DeployRule –Name “VCAP” –Item “VCAP” (Previous ImageProfile) –AllHosts # Create a new rule based on IP range New-‐DeployRule –Name Cluster –Item VCAP –Pattern “ipv4=192.168.200.1-‐192.168.200.254” Add-‐DeployRule “VCAP” # Make the rule active Add-‐DeployRule “Cluster” –At 1 # Make the rule active and first in the list Get-‐DeployRuleSet # View Live Rules
Advanced Boot Loader Options Reference Document: vSphere Installation and Setup – vSphere 5.1 : Page 50 During the installation boot prompt you can hit shift-‐o to enter advanced boot options So for example if you wanted to run a kickstart script you could enter the following: ks=http://00.00.00.00/kickstart/ks-‐osdc-‐pdp101.cfg nameserver=00.00.0.0 ip=00.00.00.000 netmask=255.255.255.0 gateway=00.00.00.000
LUN Masking Scenario, you need to mask a LUN from an ESXi Host: Use cases: Testing in a LAB. Troubleshooting: LUN not visible from Host A but is from Host B, LUN is correctly presented. Someone may have forgotten to remove the LUN Mask. Add esxcfg-‐scsidevs –m # find naa…. Tip: Put naa… into Notepad esxcfg-‐mpath -‐L | grep naa.5000144fd4b74168 # find paths, e.g. C 2 T 0 L 0
esxcli storage core claimrule list # check for claim rule numbers esxcli storage core claimrule add -‐r 500 -‐t location -‐A vmhba35 -‐C 0 -‐T 1 -‐L 0 –P MASK_PATH # add LUN Mask rule. Note: number 3 in examples esxcli storage core claimrule load # load the rule into runtime esxcli storage core claimrule list # check for claim rule numbers esxcli storage core claiming reclaim -‐d naa.5000144fd4b74168 # Disassociate esxcfg-‐mpath -‐L | grep naa.5000144fd4b74168 # check paths Remove esxcli storage core claimrule remove -‐r 500 # remove rule esxcli storage core claimrule load # load the rules into runtime esxcli storage core claiming unclaim -‐t location -‐A vmhba35 -‐C 0 -‐T 1 -‐L 0 # unclaim esxcli storage core adapter rescan -‐A vmhba35 # rescan adapter
Add Multipath Claim Rules Reference documentation: vSphere Storage Guide – Page 208 Add a new multipathing PSA Claim Rule to the set of claim rules on the system. Define new claim rule: Examples: ~ # esxcli storage core claimrule add -‐r 500 -‐t vendor -‐V viKernel -‐M FlashArray1000 -‐P NMP esxcli storage core claimrule load esxcli storage core claimrule run esxcli storage core claimrule list MP 500 runtime vendor NMP vendor=viKernel model=FlashArray1000 MP 500 file vendor NMP vendor=viKernel model=FlashArray1000 Delete Multipathing Claim Rules MP 500 runtime vendor MASK_PATH vendor=viKernel model=FlashArray1000 MP 500 file vendor MASK_PATH vendor=viKernel model=FlashArray1000 ~ # esxcli storage core claimrule remove -‐r 450
Masking Paths Reference document: vSphere 5 Storage Guide -‐ Page 211 You can prevent a host from accessing storage devices or LUNs or from using individual paths to a LUN. When you mask paths, you create claim rules that assign the MASK_PATH plugin to the specified path. Procedure: Check what the next available rule ID is: ~ # esxcli storage core claimrule list Rule Class Rule Class Type Plugin Matches -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐ -‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐-‐ MP 0 runtime transport NMP transport=usb MP 1 runtime transport NMP transport=sata
MP 2 runtime transport NMP transport=ide MP 3 runtime transport NMP transport=block MP 4 runtime transport NMP transport=unknown MP 101 runtime vendor MASK_PATH vendor=DELL model=Universal Xport MP 101 file vendor MASK_PATH vendor=DELL model=Universal Xport MP 65535 runtime vendor NMP vendor=* model=* ~ # Next available rule = 101, but we can use 110 – 200. Note: The claim rules that you use to mask paths should have rule IDs in the range of 101 – 200!!! See example: Page 211 Example: Procedure: Identify the device you want to mask (normally a LUN), but could be a type of array. This procedure will provide two examples, one for LUN, and the other for devices from a particular vendor. Identify device paths: ~ # esxcfg-‐mpath -‐l -‐d naa.6000eb3b66d179ac000000000000001f iqn.1998-‐01.com.vmware:esx01-‐2e2b94f9-‐00023d000002,iqn.2003-‐10.com.lefthandnetworks:mgmt-‐group:31:datastore04,t,1-‐naa.6000eb3b66d179ac000000000000001f Runtime Name: vmhba33:C1:T0:L0 Device: naa.6000eb3b66d179ac000000000000001f Device Display Name: LEFTHAND iSCSI Disk (naa.6000eb3b66d179ac000000000000001f) Adapter: vmhba33 Channel: 1 Target: 0 LUN: 0 Adapter Identifier: iqn.1998-‐01.com.vmware:esx01-‐2e2b94f9 Target Identifier: 00023d000002,iqn.2003-‐10.com.lefthandnetworks:mgmt-‐group:31:datastore04,t,1 Plugin: NMP State: active Transport: iscsi Adapter Transport Details: iqn.1998-‐01.com.vmware:esx01-‐2e2b94f9 Target Transport Details: IQN=iqn.2003-‐10.com.lefthandnetworks:mgmt-‐group:31:datastore04 Alias= Session=00023d000002 PortalTag=1 iqn.1998-‐01.com.vmware:esx01-‐2e2b94f9-‐00023d000001,iqn.2003-‐10.com.lefthandnetworks:mgmt-‐group:31:datastore04,t,1-‐naa.6000eb3b66d179ac000000000000001f Runtime Name: vmhba33:C0:T0:L0 Device: naa.6000eb3b66d179ac000000000000001f Device Display Name: LEFTHAND iSCSI Disk (naa.6000eb3b66d179ac000000000000001f) Adapter: vmhba33 Channel: 0 Target: 0 LUN: 0 Adapter Identifier: iqn.1998-‐01.com.vmware:esx01-‐2e2b94f9 Target Identifier: 00023d000001,iqn.2003-‐10.com.lefthandnetworks:mgmt-‐group:31:datastore04,t,1 Plugin: NMP State: active Transport: iscsi Adapter Transport Details: iqn.1998-‐01.com.vmware:esx01-‐2e2b94f9 Target Transport Details: IQN=iqn.2003-‐10.com.lefthandnetworks:mgmt-‐group:31:datastore04 Alias= Session=00023d000001 PortalTag=1 ~ # We have identified two paths: vmhba33:C1:T0:L0 vmhba33:C0:T0:L0 (back to document): page 211 – vSphere 5.1 Storage Guide. From the example:
~ # esxcli storage core claimrule add -‐P MASK_PATH -‐r 110 -‐t location -‐A vmhba33 -‐C 1 -‐T 0 -‐L 20 ~ # esxcli storage core claimrule add -‐P MASK_PATH -‐r 111 -‐t location -‐A vmhba33 -‐C 0 -‐T 0 -‐L 20 ~ # esxcli storage core claimrule load ~ # esxcli storage core claimrule list Next we need to unclaim the device : ~ # esxcli storage core claiming unclaim -‐t device -‐d naa.6000eb3b66d179ac000000000000001f ~ # esxcli storage core claimrule run The LUN will now be ignored.
Define NMP SATP Rules The NMP SATP claim rules specify which SATP should manage a particular storage device. You might need to create a SATP rule when you install a third-‐party SATP for a specific storage array. The NMP supports all storage arrays listed on the VMware storage Hardware Compatibility List (HCL) and provides a path selection algorithm based on the array type. The NMP associates a set of physical paths with a storage device (LUN). A Storage Array Type Plugin (SATP) determines how path failover is handled for a specific storage array. A Path Selection Plugin (PSP) determines which physical path is used to issue an I/O request to a storage device. SATPs and PSPs are plugins within the NMP plugin. SATP http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1017760 esxcli storage nmp satp list # List SATP esxcli storage nmp satp set -‐s VMW_SATP_CX -‐P VMW_PSP_RR # set default PSP for SATP Important: Host must be rebooted to apply changes. PSP esxcli storage nmp device list -‐d naa.5000144fd4b74168 # list details of device esxcli storage nmp device set -‐d naa.5000144fd4b74168 -‐P VMW_PSP_FIXED #set PSP for device esxcli storage nmp psp roundrobin deviceconfig set -‐d naa.5000144fd4b74168 -‐I 2500 -‐t iops # Set roundrobin device to 2500 iops esxcli storage nmp psp roundrobin deviceconfig get -‐d naa.5000144fd4b74168 # list details alt