轉載至 http://tryserver.blogspot.tw/2012/03/note-esxi.html
*查看版本
#vmware -v
列出 esx 裡知道的服務
#esxconfig-firewall -s
查看具體服務的情況
#esxcfg-firewall -q sshclinet
-sh: esxcfg-firewall: not found
重新啟動 vmware 服務
#service mgmt-vmware restart
*修改 root 的密碼
#passwd root
*列出你當前的虛擬交換機
#esxcfg-vswitch –l
查看控制台的設置
#esxcfg-vswif -1
*列出系統的網卡
#esxcfg-nics –l
實作案例 :
添加一個虛擬交換機,名字叫(internal)連接到兩塊物理網卡(重新啟動服務,vi就能看見了)
#esxcfg-vswitch -a vSwitch1
#esxcfg-vswitch -A internal vSwitch1
#esxcfg-vswitch -L vmnic1 vSwitch1
#esxcfg-vswitch -L vmnic2 vSwitch1
刪除交換機,(注意,別把控制台的交換機也刪了
#esxcfg-vswitch -D vSwitch1
刪除交換機上的網卡
#esxcfg-vswitch -u vmnic1 vswitch2
刪除 portgroup
#esxcfg-vswitch -D internel vswitch1
創建 vmkernel switch ,如果你希望使用 vmotion,iscsi 的這些功能,你必須創建(通常是不需要添加網關的)
#esxcfg-vswitch -l
#esxcfg-vswitch -a vswitch2
#esxcfg-vswitch -A "vm kernel" vswitch2
#esxcfg-vswitch -L vmnic3 vswitch2
#esxcfg-vmknic -a "vm kernel" -i 172.16.1.141 -n 255.255.252.0
#esxcfg-route 172.16.0.254
打開防火牆 ssh 端口
#esxcfg-firewall -e sshclient
#esxcfg-firewall -d sshclient
創建控制台
#esxcfg-vswitch -a vSwitch0
#esxcfg-vswitch -A "service console" vSwitch0
#esxcfg-vswitch -L vmnic0 vSwitch0
#esxcfg-vswif -a vswif0 -p "service console" -i 172.16.1.140 -n 255.255.252.0
添加 nas 設備(a 添加標籤,-o,是 nas 伺服器的名字或 ip,-s 是 nas 輸入的共用名稱字)
#esxcfg-nas -a isos -o nas.vmwar.cn -s isos
列出 nas 連接
#esxcfg-nas –l
強迫 esx 去連接 nas 服務器(用 esxcfg-nas -l 來看看結果)
#esxcfg-nas -r
#esxcfg-nas –l
連接 iscsi 設備(e:enable q:查詢 d:disable s:強迫搜索)
#esxcfg-swiscsi –e
設置 targetip
#vmkiscsi-tool -D -a 172.16.1.133 vmhba40
列出和 target 的連接
#vmkiscsi-tool -l -T vmhba40
列出當前的磁盤
#ls -l /vmfs/devices/disks
Esxcfg command help
Networking: Esxcfg-firewall Esxcfg-nics Esxcfg-vswitch Esxcfg-vswif Esxcfg-route Esxcfg-vmknic
Esxcfg-firewall
Description: Configures the service console firewall ports
Syntax: esxcfg-firewall <options>
Options:
-q Lists current settings
-q <service> Lists settings for the specified service
-q incoming|outgoing Lists settings for non-required incoming/outgoing ports
-s Lists known services
-l Loads current settings
-r Resets all options to defaults
-e <service> Allows specified service through the firewall (enables)
-d <service> Blocks specified service (disables)
-o <port, tcp|udp,in|out,name> Opens a port
-c <port, tcp|udp,in|out> Closes a port previously opened by –o
-h Displays command help
-allowincoming Allow all incoming ports
-allowoutgoing Allow all outgoing ports
-blockincoming Block all non-required incoming ports (default value)
-blockoutgoing Block all non-required outgoing ports (default value)
Default Services:
AAMClient Added by the vpxa RPM: Traffic between ESX Server hosts for VMware High Availability (HA) and EMC Autostart Manager – inbound and outbound TCP and UDP Ports 2050 – 5000 and 8042 – 8045
activeDirectorKerberos Active Directory Kerberos - outbound TCPs Port 88 and 464
CIMHttpServer First-party optional service: CIM HTTP Server - inbound TCP Port 5988
CIMHttpsServer First-party optional service: CIM HTTPS Server - inbound TCP Port 5989
CIMSLP First-party optional service: CIM SLP - inbound and outbound TCP and UDP Ports 427
commvaultDynamic Backup agent: Commvault dynamic – inbound and outbound TCP Ports 8600 – 8619
commvaultStatic Backup agent: Commvault static – inbound and outbound TCP Ports 8400 – 8403
ftpClient FTP client - outbound TCP Port 21
ftpServer FTP server - inbound TCP Port 21
kerberos Kerberos - outbound TCPs Port 88 and 749
LicenseClient FlexLM license server client - outbound TCP Ports 27000 and 27010
nfsClient NFS client - outbound TCP and UDP Ports 111 and 2049 (0 – 65535)
nisClient NIS client - outbound TCP and UDP Ports 111 (0 – 65535)
ntpClient NTP client - outbound UDP Port 123
smbClient SMB client - outbound TCP Ports 137 – 139 and 445
snmpd SNMP services - inbound TCP Port 161 and outbound TCP Port 162
sshClient SSH client - outbound TCP Port 22
sshServer SSH server - inbound TCP Port 22
swISCSIClient First-party optional service: Software iSCSI client - outbound TCP Port 3260
telnetClient NTP client - outbound TCP Port 23
TSM Backup agent: IBM Tivoli Storage Manager – inbound and outbound TCP Ports 1500
veritasBackupExec Backup agent: Veritas BackupExec – inbound TCP Ports 10000 – 10200
veritasNetBackup Backup agent: Veritas NetBackup – inbound TCP Ports 13720, 13732, 13734, and 13783
vncServer VNC server - Allow VNC sessions 0-64: inbound TCP Ports 5900 – 5964
vpxHeartbeats vpx heartbeats - outbound UDP Port 902
Note: You can configure your own services in the file /etc/vmware/firewall/services.xml
防火牆指令範例
esxcfg-firewall examples:
Enable ssh client connections from the Service Console:
# esxcfg-firewall -e sshClient
Disable the Samba client connections:
# esxcfg-firewall -d smbClient
Allow syslog outgoing traffic:
# esxcfg-firewall -o 514,udp,out,syslog
Turn off the firewall:
# esxcfg-firewall -allowIncoming
# esxcfg-firewall -allowOutgoing
Re-enable the firewall:
# esxcfg-firewall -blockIncoming
# esxcfg-firewall –blockOutgoing
Esxcfg-nics
Description: Prints a list of physical network adapters along with information on the driver, PCI device, and link state of each NIC. You can also use this command to control a physical network adapter’s speed and duplexing.
Syntax: esxcfg-nics <options> [nic]
Options:
-s <speed> Set the speed of this NIC to one of 10/100/1000/10000. Requires a NIC parameter.
-d <duplex> Set the duplex of this NIC to one of 'full' or 'half'. Requires a NIC parameter.
-a Set speed and duplex automatically. Requires a NIC parameter.
-l Print the list of NICs and their settings.
-r Restore the NICs configured speed/duplex settings. (Internal use only)
-h Displays command help
查看實際本機系統的網卡
esxcfg-nics examples:
Set the speed and duplex of a NIC (vmnic2) to 100/Full:
#esxcfg-nics -s 100 -d full vmnic2
Set the speed and duplex of a NIC (vmnic2) to auto-negotiate:
#esxcfg-nics -a vmnic2
#esxcfg-vswitch -L vmnic1 vSwitch1
#esxcfg-vswitch -L vmnic2 vSwitch1
刪除交換機,(注意,別把控制台的交換機也刪了
#esxcfg-vswitch -D vSwitch1
刪除交換機上的網卡
#esxcfg-vswitch -u vmnic1 vswitch2
刪除 portgroup
#esxcfg-vswitch -D internel vswitch1
創建 vmkernel switch ,如果你希望使用 vmotion,iscsi 的這些功能,你必須創建(通常是不需要添加網關的)
#esxcfg-vswitch -l
#esxcfg-vswitch -a vswitch2
#esxcfg-vswitch -A "vm kernel" vswitch2
#esxcfg-vswitch -L vmnic3 vswitch2
#esxcfg-vmknic -a "vm kernel" -i 172.16.1.141 -n 255.255.252.0
#esxcfg-route 172.16.0.254
打開防火牆 ssh 端口
#esxcfg-firewall -e sshclient
#esxcfg-firewall -d sshclient
創建控制台
#esxcfg-vswitch -a vSwitch0
#esxcfg-vswitch -A "service console" vSwitch0
#esxcfg-vswitch -L vmnic0 vSwitch0
#esxcfg-vswif -a vswif0 -p "service console" -i 172.16.1.140 -n 255.255.252.0
添加 nas 設備(a 添加標籤,-o,是 nas 伺服器的名字或 ip,-s 是 nas 輸入的共用名稱字)
#esxcfg-nas -a isos -o nas.vmwar.cn -s isos
列出 nas 連接
#esxcfg-nas –l
強迫 esx 去連接 nas 服務器(用 esxcfg-nas -l 來看看結果)
#esxcfg-nas -r
#esxcfg-nas –l
連接 iscsi 設備(e:enable q:查詢 d:disable s:強迫搜索)
#esxcfg-swiscsi –e
設置 targetip
#vmkiscsi-tool -D -a 172.16.1.133 vmhba40
列出和 target 的連接
#vmkiscsi-tool -l -T vmhba40
列出當前的磁盤
#ls -l /vmfs/devices/disks
Esxcfg command help
Networking: Esxcfg-firewall Esxcfg-nics Esxcfg-vswitch Esxcfg-vswif Esxcfg-route Esxcfg-vmknic
Esxcfg-firewall
Description: Configures the service console firewall ports
Syntax: esxcfg-firewall <options>
Options:
-q Lists current settings
-q <service> Lists settings for the specified service
-q incoming|outgoing Lists settings for non-required incoming/outgoing ports
-s Lists known services
-l Loads current settings
-r Resets all options to defaults
-e <service> Allows specified service through the firewall (enables)
-d <service> Blocks specified service (disables)
-o <port, tcp|udp,in|out,name> Opens a port
-c <port, tcp|udp,in|out> Closes a port previously opened by –o
-h Displays command help
-allowincoming Allow all incoming ports
-allowoutgoing Allow all outgoing ports
-blockincoming Block all non-required incoming ports (default value)
-blockoutgoing Block all non-required outgoing ports (default value)
Default Services:
AAMClient Added by the vpxa RPM: Traffic between ESX Server hosts for VMware High Availability (HA) and EMC Autostart Manager – inbound and outbound TCP and UDP Ports 2050 – 5000 and 8042 – 8045
activeDirectorKerberos Active Directory Kerberos - outbound TCPs Port 88 and 464
CIMHttpServer First-party optional service: CIM HTTP Server - inbound TCP Port 5988
CIMHttpsServer First-party optional service: CIM HTTPS Server - inbound TCP Port 5989
CIMSLP First-party optional service: CIM SLP - inbound and outbound TCP and UDP Ports 427
commvaultDynamic Backup agent: Commvault dynamic – inbound and outbound TCP Ports 8600 – 8619
commvaultStatic Backup agent: Commvault static – inbound and outbound TCP Ports 8400 – 8403
ftpClient FTP client - outbound TCP Port 21
ftpServer FTP server - inbound TCP Port 21
kerberos Kerberos - outbound TCPs Port 88 and 749
LicenseClient FlexLM license server client - outbound TCP Ports 27000 and 27010
nfsClient NFS client - outbound TCP and UDP Ports 111 and 2049 (0 – 65535)
nisClient NIS client - outbound TCP and UDP Ports 111 (0 – 65535)
ntpClient NTP client - outbound UDP Port 123
smbClient SMB client - outbound TCP Ports 137 – 139 and 445
snmpd SNMP services - inbound TCP Port 161 and outbound TCP Port 162
sshClient SSH client - outbound TCP Port 22
sshServer SSH server - inbound TCP Port 22
swISCSIClient First-party optional service: Software iSCSI client - outbound TCP Port 3260
telnetClient NTP client - outbound TCP Port 23
TSM Backup agent: IBM Tivoli Storage Manager – inbound and outbound TCP Ports 1500
veritasBackupExec Backup agent: Veritas BackupExec – inbound TCP Ports 10000 – 10200
veritasNetBackup Backup agent: Veritas NetBackup – inbound TCP Ports 13720, 13732, 13734, and 13783
vncServer VNC server - Allow VNC sessions 0-64: inbound TCP Ports 5900 – 5964
vpxHeartbeats vpx heartbeats - outbound UDP Port 902
Note: You can configure your own services in the file /etc/vmware/firewall/services.xml
防火牆指令範例
esxcfg-firewall examples:
Enable ssh client connections from the Service Console:
# esxcfg-firewall -e sshClient
Disable the Samba client connections:
# esxcfg-firewall -d smbClient
Allow syslog outgoing traffic:
# esxcfg-firewall -o 514,udp,out,syslog
Turn off the firewall:
# esxcfg-firewall -allowIncoming
# esxcfg-firewall -allowOutgoing
Re-enable the firewall:
# esxcfg-firewall -blockIncoming
# esxcfg-firewall –blockOutgoing
Esxcfg-nics
Description: Prints a list of physical network adapters along with information on the driver, PCI device, and link state of each NIC. You can also use this command to control a physical network adapter’s speed and duplexing.
Syntax: esxcfg-nics <options> [nic]
Options:
-s <speed> Set the speed of this NIC to one of 10/100/1000/10000. Requires a NIC parameter.
-d <duplex> Set the duplex of this NIC to one of 'full' or 'half'. Requires a NIC parameter.
-a Set speed and duplex automatically. Requires a NIC parameter.
-l Print the list of NICs and their settings.
-r Restore the NICs configured speed/duplex settings. (Internal use only)
-h Displays command help
查看實際本機系統的網卡
esxcfg-nics examples:
Set the speed and duplex of a NIC (vmnic2) to 100/Full:
#esxcfg-nics -s 100 -d full vmnic2
Set the speed and duplex of a NIC (vmnic2) to auto-negotiate:
#esxcfg-nics -a vmnic2
沒有留言:
張貼留言