vCenter Server Appliance Configuration 17 APR 2018 VMware vSphere 6.7 VMware ESXi 6.7 vCenter Server 6.
vCenter Server Appliance Configuration You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments about this documentation, submit your feedback to docfeedback@vmware.com VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com Copyright © 2009–2018 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc.
Contents About vCenter Server Appliance Configuration 5 1 vCenter Server Appliance Overview 6 2 Using the Appliance Management Interface to Configure the vCenter Server Appliance 8 Log In to the vCenter Server Appliance Management Interface View the vCenter Server Appliance Health Status 9 Reboot or Shut Down the vCenter Server Appliance Create a Support Bundle 10 10 Monitor CPU and Memory Use Monitor Disk Use 9 11 11 Monitor Network Use 11 Monitor Database Use 12 Enable or Disable SSH and
vCenter Server Appliance Configuration 4 Using the Appliance Shell to Configure the vCenter Server Appliance Access the Appliance Shell 31 31 Enable and Access the Bash Shell from the Appliance Shell Keyboard Shortcuts for Editing Commands 32 32 Get Help About the Plug-Ins and API Commands in the Appliance Plug-Ins in the vCenter Server Appliance Shell 33 34 Browse the Log Files By Using the showlog Plug-In 35 API Commands in the vCenter Server Appliance Shell Configuring SNMP for the vCenter Se
About vCenter Server Appliance Configuration vCenter Server Appliance Configuration provides information about configuring the VMware vCenter Server Appliance™. ® Intended Audience This information is intended for anyone who wants to use the vCenter Server Appliance to run VMware ® ® vCenter Server and VMware Platform Services Controller . The information is written for experienced Windows or Linux system administrators who are familiar with virtual machine technology and data center operations.
vCenter Server Appliance Overview 1 The vCenter Server Appliance is a preconfigured Linux virtual machine, which is optimized for running ® VMware vCenter Server and the associated services on Linux. During the deployment of the appliance, you select a deployment type of vCenter Server with an embedded Platform Services Controller, Platform Services Controller, or vCenter Server with an external Platform Services Controller.
vCenter Server Appliance Configuration In vSphere 5.5, this user is administrator@vsphere.local. In vSphere 6.0, when you install vCenter Server or deploy the vCenter Server Appliance with a new Platform Services Controller, you can change the vSphere domain. Do not use the same domain name as the domain name of your Microsoft Active Directory or OpenLDAP domain name.
Using the Appliance Management Interface to Configure the vCenter Server Appliance 2 After you deploy the vCenter Server Appliance, you can log in to the vCenter Server Appliance Management Interface and edit the appliance settings. For information about patching the vCenter Server Appliance and enabling automatic checks for vCenter Server Appliance patches, see the vSphere Upgrade documentation.
vCenter Server Appliance Configuration Log In to the vCenter Server Appliance Management Interface Log in to the vCenter Server Appliance Management Interface to access the vCenter Server Appliance configuration settings. Note The login session expires if you leave the vCenter Server Appliance Management Interface idle for 10 minutes. Prerequisites n Verify that the vCenter Server Appliance is successfully deployed and running. n If you are using Internet Explorer, verify that TLS 1.0, TLS 1.
vCenter Server Appliance Configuration 2 In the Health Status pane, view the Overall Health badge. Table 2‑1. Health Status Badge Icon Description Good. All components in the appliance are healthy. Warning. One or more components in the appliance might become overloaded soon. View the details in the Health Messages pane. Alert. One or more components in the appliance might be degraded. Nonsecurity patches might be available. View the details in the Health Messages pane. Critical.
vCenter Server Appliance Configuration 2 From the top menu pane, click the Actions drop-down menu. 3 Click Create Support Bundle and save the bundle on your local machine. The support bundle is downloaded as a .tgz file on your local machine. Monitor CPU and Memory Use You can use the vCenter Server Appliance Management Interface to monitor the overall CPU and memory use of the vCenter Server Appliance. Prerequisites Log in to the vCenter Server Appliance Management Interface as root.
vCenter Server Appliance Configuration Procedure 1 In the vCenter Server Appliance Management Interface, click Monitor. 2 On the Monitor page, click the Network tab. 3 From the date range drop-down menu, select the time period for generating the network utilization graph. 4 From the table below the graph grid, select a packet or transmit byte rate to monitor. The options vary depending on your network settings. The network utilization graph refreshes to display the use of the item you select.
vCenter Server Appliance Configuration Prerequisites Log in to the vCenter Server Appliance Management Interface as root. Procedure 1 In the vCenter Server Appliance Management Interface, click Access, and click Edit. 2 Edit the access settings for the vCenter Server Appliance. 3 Option Description Enable SSH login Enables SSH access to the vCenter Server Appliance. Enable DCUI Enables DCUI access to the vCenter Server Appliance.
vCenter Server Appliance Configuration 6 7 Edit the IPv4 address settings. Option Description Disable IPv4 settings Disables the IPv4 address. The appliance uses only an IPv6 address. Obtain IPv4 settings automatically Obtains the IPv4 address for the appliance automatically from the network. Enter IPv4 settings manually Uses an IPv4 address that you set manually. You must enter the IP address, subnet prefix length, and the default gateway. Edit the IPv6 address settings.
vCenter Server Appliance Configuration When you deploy the vCenter Server Appliance, you either use the time settings of the ESXi host on which the appliance is running or you configure the time synchronization based on an NTP server. If the time settings in your vSphere network change, you can edit the time zone and time synchronization settings in the appliance.
vCenter Server Appliance Configuration 2 Select a service and click Start, Stop, or Restart, then click OK. Restarting some services may lead to functionality becoming temporarily unavailable. Configure Update Settings You can use the vCenter Server Appliance Management Interface to configure your update settings and check for new updates. Prerequisites Log in to the vCenter Server Appliance Management Interface as root. Procedure 1 In the vCenter Server Appliance Management Interface, click Update.
vCenter Server Appliance Configuration 4 Configure the password expiration settings for the root user. a In the Password expiration settings section, click Edit and select the password expiration policy. Option Description Yes The password of the root user expires after a specified number of days. You must provide the following information: n Root password validity (days) The number of days after which the password expires.
vCenter Server Appliance Configuration 4 From the Protocol drop-down menu, select the protocol to use. Menu Item Description TLS Transport Layer Security TCP Transmission Control Protocol RELP Reliable Event Logging Protocol UDP User Datagram Protocol 5 In the Port text box, enter the port number to use for communication with the destination host. 6 In the Create Forwarding Configuration pane, click Add to enter another remote syslog server. 7 Click Save.
Using the vSphere Client and vSphere Web Client to Configure the vCenter Server Appliance 3 After you deploy the vCenter Server Appliance, you can perform some configuration operations from the vSphere Client and the vSphere Web Client such as joining the appliance to an Active Directory domain, managing the services that are running in the vCenter Server Appliance, networking, and other settings.
vCenter Server Appliance Configuration If you want to configure permissions so that users and groups from an Active Directory can access the vCenter Server components, you must join the Platform Services Controller instance to the Active Directory domain.
vCenter Server Appliance Configuration 8 Click OK to join the vCenter Server Appliance to the Active Directory domain. The operation silently succeeds and you can see the Join button turned to Leave. 9 Right-click the node you edited and select Reboot to restart the appliance so that the changes are applied. Important If you do not restart the appliance, you might encounter problems when using the vSphere Web Client. 10 Navigate to Administration > Single Sign-On > Configuration.
vCenter Server Appliance Configuration What to do next You can configure permissions so that users and groups from the joined Active Directory domain can access the vCenter Server components. For information about managing permissions, see the vSphere Security documentation. Leave an Active Directory Domain After you joined the vCenter Server Appliance, you can log in to the vSphere Web Client and set up the vCenter Server Appliance to leave the Active Directory domain.
vCenter Server Appliance Configuration Procedure 1 Use the vSphere Client to log in as administrator@your_domain_name to the vCenter Server instance in the vCenter Server Appliance. The address is of the type http://appliance-IP-address-or-FQDN/ui. 2 Click Administration. 3 Under Single Sign-On, click Users and Groups. 4 On the Groups tab, select the SystemConfiguration.BashShellAdministrators group. 5 In the Group Members pane, click the Add member icon.
vCenter Server Appliance Configuration 6 Select how you can access the vCenter Server Appliance. Option Description Enable local login Enables local login to the vCenter Server Appliance console. Enable SSH login Enables SSH access to the vCenter Server Appliance. Enable Bash shell access Enables Bash shell access to the vCenter Server Appliance for the number of minutes that you enter.
vCenter Server Appliance Configuration 6 Expand DNS and edit the settings. Option Description Obtain DNS server address automatically Obtains the DNS settings automatically from the network. Enter settings manually Lets you specify the DNS address settings manually. If you select this option, you must provide: n Hostname for the vCenter Server Appliance machine. n Preferred DNS server IP address. n Alternate DNS server IP address.
vCenter Server Appliance Configuration What to do next You need to restart the dnsmasq service to flush the old cache data. 1 Connect to the vCenter Server Appliance using SSH. 2 Change the BASH shell by entering the shell command. 3 Run service dnsmasq restart to restart the dnsmasq service. Edit the Firewall Settings of the vCenter Server Appliance After you deploy the vCenter Server Appliance, you can edit its firewall settings and create firewall rules using the vSphere Web Client.
vCenter Server Appliance Configuration 7 Option Action Prioritize the rules a Click the down or up arrows to move a rule downwards or upwards in the list of rules. Delete a firewall rule a Select a rule from the list, and click the Delete icon ( ). b Click OK. Click OK to save your edits. Edit the Startup Settings of a Service The Message Bus Configuration, ESXi Dump Collector, and Auto Deploy services are optional services in the vCenter Server Appliance and they are not running by default.
vCenter Server Appliance Configuration Prerequisites Verify that the user you use to log in to the vCenter Server instance is a member of the SystemConfiguration.Administrators group in the vCenter Single Sign-On domain. Procedure 1 Log in as administrator@your_domain_name to the vCenter Server instance in the vCenter Server Appliance by using the vSphere Web Client. 2 On the vSphere Web Client Home page, click System Configuration.
vCenter Server Appliance Configuration 3 (Optional) In the Services Health and Nodes Health panes, click the hyperlink next to the health badge to view all services and nodes in this health state. For example, in the Services Health pane, click the hyperlink of the Warning health status. In the dialog box that pops up, select a service to view more information about the service and attempt to resolve the health issues of the service.
vCenter Server Appliance Configuration Export a Support Bundle If you have deployed the vCenter Server Appliance with an embedded Platform Services Controller, you can export a support bundle containing the log files for a specific product included in the vCenter Server Appliance or for a specific service in the Platform Services Controller.
Using the Appliance Shell to Configure the vCenter Server Appliance 4 You can access all of the vCenter Server Appliance API commands and plug-ins that you can use for monitoring, troubleshooting, and configuring the appliance by using the appliance shell. You can run all commands in the appliance shell with or without the pi keyword.
vCenter Server Appliance Configuration 2 Enter a user name and password recognized by the appliance. You are logged in to the appliance shell and can see the welcome message. Enable and Access the Bash Shell from the Appliance Shell If you log in to the appliance shell as a user who has a super administrator role, you can enable access to the Bash shell of the appliance for other users. The root user has access to the appliance Bash shell by default.
vCenter Server Appliance Configuration Table 4‑1. Keyboard Shortcuts and Function (Continued) Keyboard Shortcut Details Ctrl+D Deletes the character selected by the cursor. Ctrl+W Deletes the word next to the cursor. Ctrl+K Deletes the line forward. When you press Ctrl+K, everything that you entered starting from the cursor location to the end of the command line is deleted. Ctrl+U or Ctrl+X Deletes the line backward.
vCenter Server Appliance Configuration 3 To get help about the API commands, run the help api list or the ? api list command. You receive a list with all the API commands in the appliance. 4 To get help about a particular API command, run the help api api_name or the ? api api_name command. For example, to receive help about the com.vmware.appliance.version1.timesync.set command, run help api timesync.set or ? api timesync.set.
vCenter Server Appliance Configuration Table 4‑2. Plug-Ins Available in the vCenter Server Appliance (Continued) Plug-In Description com.vmware.support-bundle A plug-in that you can use to create a bundle on the local file system and export it to a remote Linux system. If you use the plug-in with the stream command, the support bundle is not created on the local file system, but is directly exported to the remote Linux system. com.vmware.top A plug-in that displays process information.
vCenter Server Appliance Configuration Table 4‑3. API Commands Available in the vCenter Server Appliance (Continued) API Command Description com.vmware.appliance.health.mem.get Get the memory health. com.vmware.appliance.health.softwarepackages.get Get the health of the system update. com.vmware.appliance.health.storage.get Get the overall storage health. com.vmware.appliance.health.swap.get Get the swap health. com.vmware.appliance.health.system.get Get the system health. com.vmware.appliance.
vCenter Server Appliance Configuration Table 4‑3. API Commands Available in the vCenter Server Appliance (Continued) API Command Description com.vmware.appliance.version1.access.shell.set Set enabled state of Bash shell, that is, access to Bash shell from within the controlled CLI. com.vmware.appliance.version1.access.ssh.get Get enabled state of the SSH-based controlled CLI. com.vmware.appliance.version1.access.ssh.set Set enabled state of the SSH-based controlled CLI. com.vmware.appliance.
vCenter Server Appliance Configuration Table 4‑3. API Commands Available in the vCenter Server Appliance (Continued) API Command Description com.vmware.appliance.version1.networking.firewall.addr.inbound.add Add a firewall rule to allow or deny access from an incoming IP address. com.vmware.appliance.version1.networking.firewall.addr.inbound.delete Delete a specific rule at a given position or delete all rules. com.vmware.appliance.version1.networking.firewall.addr.inbound.
vCenter Server Appliance Configuration Table 4‑3. API Commands Available in the vCenter Server Appliance (Continued) API Command Description com.vmware.appliance.version1.ntp.get Get NTP configuration settings. If you run the tymesync.get command, you can retrieve the current time synchronization method (by using NTP or VMware Tools). The ntp.get command always returns the NTP server information, even when the time synchronization method is not set to NTP.
vCenter Server Appliance Configuration Table 4‑3. API Commands Available in the vCenter Server Appliance (Continued) API Command Description com.vmware.appliance.version1.resources.softwarepackages.health.get Get the health of the update component. com.vmware.appliance.version1.resources.storage.health.get Get storage health statistics. com.vmware.appliance.version1.resources.storage.stats.list Get storage statistics for each logical disk. com.vmware.appliance.version1.resources.swap.health.
vCenter Server Appliance Configuration Configure the SNMP Agent for Polling If you configure the vCenter Server Appliance SNMP agent for polling, it can listen for and respond to requests from SNMP management client systems, such as GET, GETNEXT, and GETBULK requests. By default, the embedded SNMP agent listens on UDP port 161 for polling requests from management systems. You can use the snmp.set --port command to configure an alternative port.
vCenter Server Appliance Configuration Configure SNMP Communities To enable the vCenter Server Appliance SNMP agent to send and receive SNMP v1 and v2c messages, you must configure at least one community for the agent. An SNMP community defines a group of devices and management systems. Only devices and management systems that are members of the same community can exchange SNMP messages. A device or management system can be a member of multiple communities.
vCenter Server Appliance Configuration Here target_address, port, and community are the address of the target system, the port number to send the notifications to, and the community name, respectively. The port value is optional. If you do not specify a port, the default port,161, is used. Each time you specify a target with this command, the settings you specify overwrite all previously specified settings. To specify multiple targets, separate them with a comma.
vCenter Server Appliance Configuration If you do not specify an engine ID before you enable the SNMP agent, when you enable the standalone SNMP agent, an engine ID is generated. Procedure 1 Access the appliance shell and log in as a user who has the administrator or super administrator role. The default user with super administrator role is root. 2 Run the snmp.set --engineid command to configure the target. For example, run the following command: snmp.
vCenter Server Appliance Configuration Configure SNMP Users You can configure up to five users who can access SNMP v3 information. User names must be no more than 32 characters long. While configuring a user, you generate authentication and privacy hash values based on the user's authentication and privacy passwords and on the SNMP agent's engine ID.
vCenter Server Appliance Configuration Configure SNMP v3 Targets Configure SNMP v3 targets to allow the SNMP agent to send SNMP v3 traps. You can configure a maximum of three SNMP v3 targets, in addition to a maximum of three SNMP v1 or v2c targets. To configure a target, you must specify a host name or IP address of the system that receives the traps, a user name, a security level, and whether to send traps.
vCenter Server Appliance Configuration 2 Run the snmp.set --notraps command to filter traps. n To filter specific traps, run the following command: snmp.set --notraps oid_list Here, oid_list is a list of object IDs for the traps to filter, separated by commas. This list replaces any object IDs that were previously specified using this command. n To clear all trap filters, run the following command: snmp.
vCenter Server Appliance Configuration 5 Load the VMware MIBs into the management software to view the symbolic names for the vCenter Server Appliance variables. To prevent lookup errors, load these MIB files in the following order before loading other MIB files: a VMWARE-ROOT-MIB.mib b VMWARE-TC-MIB.mib c VMWARE-PRODUCTS-MIB.mib The management software can now receive and interpret traps from the vCenter Server Appliance.
vCenter Server Appliance Configuration Native time synchronization software, such as Network Time Protocol (NTP), is typically more accurate than VMware Tools periodic time synchronization and is therefore preferred. You can use only one form of periodic time synchronization in the vCenter Server Appliance. If you decide to use native time synchronization software, vCenter Server Appliance VMware Tools periodic time synchronization is disabled, and the reverse.
vCenter Server Appliance Configuration Here IP-addresses-or-host-names is a comma-separated list of IP addresses or host names of the NTP servers. This command adds NTP servers to the configuration. If the time synchronization is based on an NTP server, then the NTP daemon is restarted to reload the new NTP servers. Otherwise, this command just adds the new NTP servers to the existing NTP configuration.
vCenter Server Appliance Configuration Procedure 1 Access the appliance shell and log in as a user who has the administrator or super administrator role. The default user with super administrator role is root. 2 Run the command to enable NTP-based time synchronization. timesync.set --mode NTP 3 (Optional) Run the command to verify that you successfully applied the NTP synchronization. timesync.get The command returns that the time synchronization is in NTP mode.
vCenter Server Appliance Configuration 2 Run the localaccounts.user.list command. You can see a list of the local users. The information about a user includes the user name, status, role, status of the password, full name, and email. Note The list of local users includes only the local users who have their default shell as appliance shell. Create a Local User Account in the vCenter Server Appliance You can create a new local user account in the vCenter Server Appliance.
vCenter Server Appliance Configuration 2 Run the localaccounts.user.password.update --username user name --password command. For example, to change the password of a user with user name test, run the following command: localaccounts.user.password.update --username test --password 3 Enter and confirm the new password when prompted. Update a Local User Account in the vCenter Server Appliance You can update an existing local user account in the vCenter Server Appliance.
vCenter Server Appliance Configuration Delete a Local User Account in the vCenter Server Appliance You can delete a local user account in the vCenter Server Appliance. Procedure 1 Access the appliance shell and log in as a user who has a super administrator role. The default user with a super administrator role is root. 2 Run the localaccounts.user.delete --username command. For example, to delete the user with user name test, run the following command: localaccounts.user.
vCenter Server Appliance Configuration n To view the health of the update component in the vCenter Server Appliance, run the softwarepackages.health.get command. Important If you do not perform regular checks for available patches, the health status of the update component might become out-of-date. For information about checking for vCenter Server Appliance patches and enabling automatic checks for vCenter Server Appliance patches, see vSphere Upgrade.
vCenter Server Appliance Configuration Interactive Mode Command-Line Options You can use various command-line options when you run the vimtop command to enter the plug-in interactive mode. Table 4‑4. Interactive Mode Command-Line Options Option Description -h Prints help for the vimtop command-line options. -v Prints the vimtop version number. -c filename Loads a user-defined vimtop configuration file. If the -c option is not used, the default configuration file is /root/vimtop/vimtop.xml.
vCenter Server Appliance Configuration Table 4‑5. Interactive Mode Single-Key Commands (Continued) Key Names Description Enter Select a service to view additional details. n Show or hide names of the headers in the main panel. u Show or hide the measurement units in the headers in the main panel. left, right arrows Select columns. up, down arrows Select rows. <,> Move a selected column. Delete Remove selected column. c Add a column to the current view of the main panel.
Using the Direct Console User Interface to Configure the vCenter Server Appliance 5 After you deploy the vCenter Server Appliance, you can reconfigure the network settings and enable access to the Bash shell for troubleshooting. To access the Direct Console User Interface, you must log in as root. The home page of the Direct Console User Interface contains a link to the support bundle of the vCenter Server Appliance.
vCenter Server Appliance Configuration You logged in to the Direct Console User Interface. You can change the password of the root user of the vCenter Server Appliance, edit the network settings, and enable access to the vCenter Server Appliance Bash shell. Change the Password of the Root User To prevent unauthorized access to the vCenter Server Appliance Direct Console User Interface, you can change the password of the root user.
vCenter Server Appliance Configuration Prerequisites To change the IP address of the appliance, verify that the system name of the appliance is an FQDN. If, during the deployment of the appliance, you set an IP address as a system name, you cannot change the IP address after the deployment. The system name is always used as a primary network identifier. Procedure 1 Log in to the Direct Console User Interface of the vCenter Server Appliance. 2 Select Configure Management Network and press Enter.
vCenter Server Appliance Configuration 2 Select Restart Management Network and press Enter. 3 Press F11. Enable Access to the Appliance Bash Shell You can use the appliance Direct Console User Interface to enable local and remote access to the appliance Bash shell. Bash shell access enabled through Direct Console User Interface remains enabled for 3600 seconds. Procedure 1 Log in to the Direct Console User Interface of the vCenter Server Appliance. 2 Select Troubleshooting Options and press Enter.
vCenter Server Appliance Configuration Procedure 1 Log in to the Windows host machine on which you want to download the bundle. 2 Open a Web browser and enter the URL to the support bundle displayed in the DCUI. https://appliance-fully-qualified-domain-name:443/appliance/support-bundle 3 Enter the user name and password of the root user. 4 Click Enter. The support bundle is downloaded as .tgz file on your Windows machine. VMware, Inc.
