vmware-vdt - Fill Gaps

# VMware vSphere Diagnostic Tool (VDT) > [!question]- VDT vCenter 诊断工具 ## 1 部署 VDT - 前提条件 - vCenter Appliance `root` 凭据 - vSphere 超级管理员凭据, 如 `[email protected]` - 下载 [>>](https://knowledge.broadcom.com/external/article?legacyId=83896) - vdt-v2.0.4-03_08_2024.zip 支持 vCenter Appliance 7.0 and 8.0 - vdt-1.1.6.zip 支持 vCenter Appliance 7.0 and 8.0 - vdt-v1.1.4.zip 支持 ==vCenter Appliance 6.5, 6.7==, and 7.0 - vdt ==不支持 vCenter for Windows== - 安装 - 传输文件到 vCenter Appliance `root` 目录 [[vsv-operating-tricks#1.2 向 vCenter 传输文件|>>]] - `unzip vdt-xxx.zip`,`cd /root/vdt-xxx` - 使用 VDT 收集数据 - `python vdt.py` - 结果 `vdt-report-xxx` ## 2 快速参考 ### 2.1 VDT 检查结果示例 ``` 2024-03-12T15:30:56 INFO Vdt: Today: Thursday, March 12 15:30:55 Version: 1.1.4 Log Level: INFO 2024-03-12T15:31:13 INFO Vdt: Running __vc_info_auth.py 2024-03-12T15:31:13 INFO Vdt: ________________________ VCENTER BASIC INFO 2024-03-12T15:31:15 INFO Vdt: BASIC: Current Time: 2024-03-12 15:31:15.236137 vCenter Uptime: up 45 days vCenter Load Average: 1.85, 1.09, 0.77 Number of CPUs: 16 Total Memory: 31.41 vCenter Hostname: vsv-vcs-01.fillgaps.pro vCenter PNID: vsv-vcs-01.fillgaps.pro vCenter IP Address: 172.16.0.100 Proxy Configured: "no" NTP Servers: 172.16.0.22 vCenter Node Type: vCenter with Embedded PSC vCenter Version: 6.7.0.53000 - 19832974 DETAILS: vCenter SSO Domain: vsphere.local vCenter AD Domain: fillgaps.pro Number of ESXi Hosts: 128 Number of Virtual Machines: 7035 Number of Clusters: 10 Disabled Plugins: None 2024-03-12T15:31:15 INFO Vdt: Running _vc_dns.sh 2024-03-12T15:31:15 INFO Vdt: __________________ VC DNS CHECK 2024-03-12T15:31:16 INFO Vdt: NOTE: If the script hangs here, it means none of the DNS servers are responding. If this is the case, You should CTRL+C and investigate. Nameservers 172.16.0.30 Entries in /etc/hosts 127.0.0.1 vsv-vcs-01.fillgaps.pro vsv-vcs-01 localhost ::1 vsv-vcs-01.fillgaps.pro vsv-vcs-01 localhost ipv6-localhost ipv6-loopback 172.16.0.106 vdv-hcs-01.fillgaps.pro 172.16.0.107 vdv-hcs-02.fillgaps.pro 172.16.0.108 vdv-hcs-03.fillgaps.pro 172.16.0.109 vdv-hcs-04.fillgaps.pro Non-standard entries in /etc/hosts [WARN] 172.16.0.106 vdv-hcs-01.fillgaps.pro [WARN] 172.16.0.107 vdv-hcs-02.fillgaps.pro [WARN] 172.16.0.108 vdv-hcs-03.fillgaps.pro [WARN] 172.16.0.109 vdv-hcs-04.fillgaps.pro Testing all non-standard entries with 'ping'... [PASS] Basic Port Testing [PASS] Port TCP 53 open to nameserver 172.16.0.30 Nameserver Queries 172.16.0.30 [PASS] DNS with UDP - resolved vsv-vcs-01.fillgaps.pro to 172.16.0.100 [PASS] Reverse DNS - resolved 172.16.0.100 to vsv-vcs-01.fillgaps.pro [PASS] DNS with TCP - resolved vsv-vcs-01.fillgaps.pro to 172.16.0.100 Commands used: dig +short <fqdn> <nameserver> dig +noall +answer -x <ip> <namserver> dig +short +tcp <fqdn> <nameserver> RESULT: [PASS] 2024-03-12T15:31:16 INFO Vdt: Running lsreport.py 2024-03-12T15:31:16 INFO Vdt: __________________________ Lookup Service Check 2024-03-12T15:31:16 INFO _svc_log: Get services status, svcnames=['vmdird'] 2024-03-12T15:31:23 INFO live_checkCerts: Checking services for trust mismatches... 2024-03-12T15:31:23 INFO Vdt: Please remember to check if a node shows up in more than one SSO site. If a node exists in more than one SSO site, you will need to run lsdoctor.py -r option 2 (https://knowledge.broadcom.com/external/article?legacyId=80469) MACHINE ID CHECK [PASS] Machine ID matches vpxd solution user in vpxd.cfg REGISTRATION CHECK SSO Site: default-first-site [PASS] Node: vsv-vcs-01.fillgaps.pro (Embedded) 2024-03-12T15:31:23 INFO Vdt: Running vc_ad_check.py 2024-03-12T15:31:24 INFO Vdt: _________________ VC AD CHECK 2024-03-12T15:31:24 INFO _svc_log: Get services status, svcnames=['lwsmd'] 2024-03-12T15:31:34 ERROR Vdt: Running script: /tmp/vdt-v1.1.4/scripts/vc_ad_check.py timed out. Please re-run with --force. 2024-03-12T15:31:34 INFO Vdt: Running vc_auth_cert_check.py 2024-03-12T15:31:34 INFO Vdt: __________________________ VC CERTIFICATE CHECK 2024-03-12T15:31:34 INFO _svc_log: Get services status, svcnames=['vmafdd'] 2024-03-12T15:31:36 INFO checkCerts: Found vpxd-extension. 2024-03-12T15:31:37 INFO Vdt: [PASS] ESXi Certificate Management Mode: vmca Checking MACHINE_SSL_CERT [PASS] Supported Signature Algorithm [PASS] Certificate trust check [PASS] Certificate expiration check [INFO] Certificate SAN check DETAILS: SAN contains hostname but not IP. Checking Other Certificate Stores DATA-ENCIPHERMENT [PASS] Supported Signature Algorithm [PASS] Certificate trust check [FAIL] Certificate expiration check 6E:C3:9B:4B:A3:B5:55:95:C2:C4:34:AD:CA:FE:0D:EE:65:D4:7E:B0: Cert expired 178 days ago! For information on renewing certificates, see: https://knowledge.broadcom.com/external/article?legacyId=68171 [INFO] Certificate SAN check DETAILS: SAN contains hostname but not IP. MACHINE [PASS] Supported Signature Algorithm [PASS] Certificate trust check [PASS] Certificate expiration check [INFO] Certificate SAN check DETAILS: SAN contains hostname but not IP. VPXD [PASS] Supported Signature Algorithm [PASS] Certificate trust check [PASS] Certificate expiration check [INFO] Certificate SAN check DETAILS: SAN contains hostname but not IP. VPXD-EXTENSION [PASS] Supported Signature Algorithm [PASS] Certificate trust check [PASS] Certificate expiration check [PASS] Check extended key usage [INFO] Certificate SAN check DETAILS: SAN contains hostname but not IP. Checking VC Extension Thumbprints [PASS] com.vmware.vim.eam Thumbprint Check [PASS] com.vmware.rbd Thumbprint Check [INFO] com.vmware.imagebuilder Thumbprint Check com.vmware.imagebuilder not found in registered extensions (not in use). VSPHERE-WEBCLIENT [PASS] Supported Signature Algorithm [PASS] Certificate trust check [PASS] Certificate expiration check [INFO] Certificate SAN check DETAILS: SAN contains hostname but not IP. SMS [PASS] Supported Signature Algorithm [PASS] Certificate expiration check Checking TRUSTED_ROOTS certificates Alias: 58442e583dc8b4fd1210944627d34b159272931c [PASS] Supported Signature Algorithm [PASS] Certificate is self-signed [PASS] Certificate expiration check [PASS] Certificate is a CA Alias: 528df0115ae0f6acc70826b5a8401175710daa9c [PASS] Supported Signature Algorithm [PASS] Certificate is self-signed [PASS] Certificate expiration check [PASS] Certificate is a CA Checking local LDAP cert VMDIR CERT [FAIL] Certificate expiration check 26:49:46:9A:19:4F:9A:A6:C4:B1:8B:E1:E0:DD:EE:13:7C:30:A0:CB: Cert expired 177 days ago! For information on renewing the vmdir certificate, see: https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.security.doc/GUID-585CF428-2BBC-47CE-A386-9A39D3DFE0BF.html Checking STS Certs [PASS] Certificate expiration check 2024-03-12T15:31:37 INFO Vdt: Running vc_auth_vmdir_check.py 2024-03-12T15:31:37 INFO Vdt: _________________ VMdir Check 2024-03-12T15:31:37 INFO _svc_log: Get services status, svcnames=['vmdird'] 2024-03-12T15:31:38 INFO Vdt: [INFO] VMdir database size: 138.27MB [INFO] VMdir Status Check (No partners) [PASS] VMdir State Check [PASS] VMdir Arguments Check 2024-03-12T15:31:38 INFO Vdt: Running vc_corefile_check.py 2024-03-12T15:31:38 INFO Vdt: _____________________ CORE FILE CHECK 2024-03-12T15:31:39 INFO Vdt: INFO: These core files are older than 72 hours. consider deleting them at your discretion to reduce the size of log bundles. FILES: /storage/core/core.systemd-journal.754 Size: 11.96MB Last Modified: 2022-06-23T17:44:08 [INFO] Number of core files: 1 [PASS] Number of hprof files: 0 2024-03-12T15:31:39 INFO Vdt: Running vc_db_check.py 2024-03-12T15:31:39 INFO Vdt: ______________________________ vCenter PostgresDB Check 2024-03-12T15:31:39 INFO _svc_log: Get services status, svcnames=['vmware-vpostgres'] 2024-03-12T15:31:40 INFO Vdt: Top 10 Largest Tables: tablename | size ------------------------------+--------- vpx_task | 7216 MB vpxi_task_username | 837 MB vpxi_task_start_time | 570 MB vpxi_root_task_id | 492 MB vpxi_task_datacenter_id | 492 MB vpxi_parent_task_id | 492 MB vpxi_change_tag_id | 491 MB vpxi_task_computeresource_id | 490 MB vpx_task_f1 | 487 MB vpxi_task_host_id | 484 MB Total Postgres Size: 3.9G /storage/db/vpostgres/ 43G /storage/seat/vpostgres/ 46G Interpreted by vPostgres 2024-03-12T15:31:40 INFO Vdt: Running vc_disk_space.py 2024-03-12T15:31:40 INFO Vdt: ________________ DISK CHECK 2024-03-12T15:31:41 INFO Vdt: [PASS] DISK CAPACITY [PASS] INODE USAGE RESULT: [PASS] Please see KB: https://knowledge.broadcom.com/external/article?legacyId=1003564 2024-03-12T15:31:41 INFO Vdt: Running vc_ntp.sh 2024-03-12T15:31:41 INFO Vdt: __________________ VC NTP CHECK 2024-03-12T15:31:42 INFO Vdt: [PASS] NTP service is running NTP Server Check [PASS] 172.16.0.22 NTP Status Check +-----------------------------------LEGEND-----------------------------------+ | remote: NTP peer server | | refid: server that this peer gets its time from | | when: number of seconds passed since last response | | poll: poll interval in seconds | | delay: round-trip delay to the peer in milliseconds | | offset: time difference between the server and client in milliseconds | +-----------------------------------PREFIX-----------------------------------+ | * Synchronized to this peer | | # Almost synchronized to this peer | | + Peer selected for possible synchronization | | – Peer is a candidate for selection | | ~ Peer is statically configured | +----------------------------------------------------------------------------+ remote refid st t when poll reach delay offset jitter ============================================================================== *172.16.0.22 172.16.0.105 3 u 572 1024 377 0.502 +0.280 0.086 RESULT: [PASS] 2024-03-12T15:31:42 INFO Vdt: Running vc_ports.py 2024-03-12T15:31:42 INFO Vdt: ________________________ vCenter Port Check 2024-03-12T15:31:45 INFO Vdt: Checking ports: 443, 389, 2012, 2020 For port information, please see KB: https://knowledge.broadcom.com/external/article?legacyId=52963 [PASS] Port check for host vsv-vcs-01.fillgaps.pro 2024-03-12T15:31:45 INFO Vdt: Running vc_root_check.py 2024-03-12T15:31:45 INFO Vdt: ________________________ Root Account Check 2024-03-12T15:31:45 INFO Vdt: [PASS] Root password never expires 2024-03-12T15:31:45 INFO Vdt: Running vc_services.py 2024-03-12T15:31:45 INFO Vdt: _______________________ VC SERVICES CHECK 2024-03-12T15:31:45 INFO _svc_log: Get services status, svcnames=None 2024-03-12T15:31:48 INFO Vdt: Printing only services that are stopped and should be started. KB: https://knowledge.broadcom.com/external/article?legacyId=2109887 [FAIL] vmware-pod IS STOPPED RESULT: [FAIL] 2024-03-12T15:31:48 INFO Vdt: Running vc_syslog_check.py 2024-03-12T15:31:48 INFO Vdt: __________________ Syslog Check 2024-03-12T15:31:48 INFO Vdt: Remote Syslog config: None configured [PASS] Local Syslog Functional Check 2024-03-12T15:31:48 INFO Vdt: Running vc_vcha_check_auth.py 2024-03-12T15:31:48 INFO Vdt: ________________ VCHA CHECK 2024-03-12T15:31:48 INFO _svc_log: Get services status, svcnames=['vmware-vcha'] 2024-03-12T15:31:49 INFO Vdt: [INFO] VCHA is not enabled. ``` ### 2.2 VDT 检查清单 - vCenter Basic Info - SSO Checks (Lookup Service and Machine ID) - Active Directory Integration - vCenter Certificates - VMdir Functionality - Core Files - vPostgres Database Usage - Disk Space Usage - DNS Functionality - Time Sync & NTP Functionality - Root Account Validity - vCenter Services - VCHA Check - Syslog Functionality - IWA/AD Checks - Local Identity Source Check --- > [!info] 本页面永久链接 https://fillgaps.pro/vsv-references/vsv-tools/vmware-vdt > [!info] 本页面最新 [PDF](https://file.fillgaps.pro/vmware-vdt_2404v1.pdf) 和 [Web](https://file.fillgaps.pro/vmware-vdt_2404v1.mht) 下载 > [!info] 本页面如有纠正或补充建议, 请发[邮件](mailto:[email protected])或公众号私信 --- ## 3 参考资源 - VMware 知识库 [[vsv-kb-contents|>>]] - [Using the vSphere Diagnostic Tool (VDT) (83896)](https://knowledge.broadcom.com/external/article?legacyId=83896) - VMware 技术资源 [[vsv-tec-resources-contents|>>]] - [vSphere Diagnostic Tool | VMware Flings](https://flings.vmware.com/vsphere-diagnostic-tool) (失效)