vSphere Diagnostic Tool(VDT)是一個診斷工具,主要用於對vCenter系統的配置進行一系列檢查、識別和報告可能存在的問題。
透過該工具,在每次檢查時可以提供友好的顯示結果。這些結果分為PASS(表示檢查成功)、FAIL(表示檢查失敗)和 WARN(表示可能不重要但需要注意的警告)。除了PASS/FAIL/WARN結果外,VDT 還可以提供資訊性訊息(INFO),這些訊息可以用於提供判斷所檢查配置專案的相關詳細資訊。
VDT 的作用是透過提供可能難以收集或在問題解決過程中可能無法立即發現的資訊來幫助使用者進行故障排除。它還可以檢測vCenter Server Appliance 配置中的不一致之處。這對於維護穩定且配置良好的虛擬化環境來說至關重要。
以友好的方式顯示結果提供給使用者,VDT 增強了對vCenter Server Appliance執行狀況和配置的可見性,使管理員能夠更輕鬆地識別和解決潛在的問題。VDT是其他故障排除和診斷過程的補充工具,它提供了一組集中檢查,以快速評估vCenter Server配置的某個特定方面。定期使用VDT可以成為系統主動維護方法的一部分,幫助管理員在可能配置問題而導致更嚴重的問題之前發現並解決它們。
使用VDT時,必須仔細檢查結果,解決任何失敗或警告的檢查,以維護穩定可靠的vCenter Server環境。請注意,該工具的可用性取決於vCenter Server的版本以及隨時間的推移對VDT所做的任何更新或增強。
VDT 發行版本與vCenter Server相容性
- vdt 1.1.4 - vCenter Server 6.5、6.7 和 7.0
- vdt 1.1.6 - vCenter Server 7.0 和 8.0
- vdt 2.0.x - vCenter Server 7.0 和 8.0
VDT 診斷或檢測的專案
- vCenter Basic Info(vCenter基本資訊)
- SSO Checks (Lookup Service and Machine ID)(SSO檢查)
- Active Directory Integration(AD活動目錄整合檢查)
- vCenter Certificates(vCenter證書檢查)
- VMdir Functionality(VMdir檢查)
- Core Files(核心檔案檢查)
- vPostgres Database Usage(vPostgres資料庫使用率)
- Disk Space Usage(vCenter磁碟空間使用率)
- DNS Functionality(DNS域名解析檢查)
- Time Sync & NTP Functionality(NTP時鐘同步檢查)
- Root Account Validity(vCenter Root有效期檢查)
- vCenter Services(vCenter服務檢查)
- VCHA Check(vCenter HA檢查)
- Syslog Functionality(vCenter日誌伺服器檢查)
- IWA/AD Checks(IWA/AD身份認證檢查)
- Local Identity Source Check(本地身份認證檢查)
- Solution User Checks(使用者解決方案證書檢查)
VDT 安裝和使用指南
1.透過上面的連結下載環境所對應的支援版本。
2.透過SFTP客戶端將工具包上傳至vCenter Server的root目錄。
3.進入工具上傳所在的目錄,然後解壓縮檔案。
unzip vdt-v2.0.4-03_08_2024.zip
4.使用以下命令執行該工具。
python vdt.py
5.執行診斷工具後,可以得到如下vCenter Server相關類似的診斷結果。
檢視診斷結果
________________________________
"VDT FOR VCENTER (V2.0.3)"
Today: Tuesday, March 19 16:26:07
Log Level: DEBUG
_______________________________
APPLIANCE INFO AND CONFIG
[INFO] vCenter Basic Info
Current Time: 2024-03-19 16:26:18.657412
vCenter Uptime: up 1 day
vCenter Load Average: 0.76, 0.50, 0.48
Number of CPUs: 8
Total Memory: 23.45
vCenter Hostname: vcsa8-01.lab.com.60.168.192.in-addr.arpa
vCenter PNID: vcsa8-01.lab.com
vCenter IP Address: 192.168.60.150
NTP Servers: 192.168.60.10
vCenter Version: 8.0.2.00200 - 23319993
vCenter SSO Domain: vsphere.local
vCenter AD Domain: No DOMAIN
Disabled Plugins: None
[INFO] Inventory Summary
Number of ESXi Hosts: 8
Number of Virtual Machines: 12
Number of Clusters: 2
[FAIL] vCenter PNID Check
The PNID (vcsa8-01.lab.com) does not match the hostname (vcsa8-01.lab.com.60.168.192.in-addr.arpa)!
Documentation: https://kb.vmware.com/s/article/2130599
[PASS] vCenter Proxy Check (Not Enabled)
[PASS] Root Account Check (Exp: never)
________________
NTP CHECKS
[PASS] NTP Service Check
NTP service is running
[PASS] NTP Server Check
192.168.60.10 - OK
[INFO] NTP Status Check
+-----------------------------------LEGEND-----------------------------------+
| remote: NTP peer server |
| refid: server that this peer gets its time from |
| when: number of seconds passed since last response |
| poll: poll interval in seconds |
| delay: round-trip delay to the peer in milliseconds |
| offset: time difference between the server and client in milliseconds |
+-----------------------------------PREFIX-----------------------------------+
| * Synchronized to this peer |
| # Almost synchronized to this peer |
| + Peer selected for possible synchronization |
| – Peer is a candidate for selection |
| ~ Peer is statically configured |
+----------------------------------------------------------------------------+
remote refid st t when poll reach delay offset jitter
==============================================================================
*192.168.60.10 114.118.7.161 2 u 904 1024 377 0.455 -0.354 0.438
________________
DNS CHECKS
[INFO] Entries in /etc/hosts
127.0.0.1 vcsa8-01.lab.com.60.168.192.in-addr.arpa vcsa8-01 localhost
127.0.0.1 vsphereclient.vmware.com
::1 vcsa8-01.lab.com.60.168.192.in-addr.arpa vcsa8-01 localhost ipv6-localhost ipv6-loopback
[PASS] Checking for non-standard /etc/hosts entries
Nameserver Checks
• 192.168.60.10
[FAIL] DNS with UDP - testing if vcsa8-01.lab.com.60.168.192.in-addr.arpa resolves to 192.168.60.150
VC uses UDP 53 for DNS queries by default, but will switch to TCP if UDP fails, causing a delayed response
[FAIL] DNS with TCP - testing if vcsa8-01.lab.com.60.168.192.in-addr.arpa resolves to 192.168.60.150
VC uses TCP 53 for DNS queries when UDP fails, or if the size is too large for a single UDP packet
[PASS] Reverse DNS - testing if 192.168.60.150 resolves to vcsa8-01.lab.com.60.168.192.in-addr.arpa
[INFO] Commands used:
dig +short <fqdn> <nameserver>
dig +noall +answer -x <ip> <namserver>
dig +short +tcp <fqdn> <nameserver>
________________________
FILE SYSTEM CHECKS
[PASS] Disk Space Check
[PASS] Inode Check
[PASS] VMAFDD Log Rotation
_____________________
CORE FILE CHECK
[INFO] Core File Check
These core files are older than 72 hours. consider deleting them
at your discretion to reduce the size of log bundles.
Core files:
/storage/core/core.envoy-sidecar.17081 Size: 96.83MB Last Modified: 2024-02-21T09:32:06
/storage/core/core.envoy-hgw.16506 Size: 54.83MB Last Modified: 2024-02-21T09:32:06
[PASS] HPROF File Check
__________________________
SERVICE STATUS CHECK
[PASS] Services Check
[PASS] Service Start Priority
__________________
SYSLOG CHECK
[INFO] Remote Syslog config: None Configured
[PASS] Local Syslog Functional Check
_____________________
POSTGRES CHECKS
[INFO] Top 20 Largest Tables
relation | total_size
----------------------------------------------+------------
vc.vpx_host_vm_config_option | 33 MB
vc.vpx_event_arg_88 | 6864 kB
vsanhealth.vsan_historical_health_2024_03_15 | 5472 kB
vc.vpx_proc_log | 5216 kB
vsanhealth.vsan_historical_health_2024_03_16 | 5112 kB
vc.vpx_event_arg_87 | 4744 kB
vc.vpx_event_arg_89 | 4232 kB
vsanhealth.vsan_historical_health_2024_03_14 | 3984 kB
vc.vpx_task | 3832 kB
vc.vpx_journal_entry | 3664 kB
vc.vpx_event_arg_4 | 3320 kB
vsanhealth.vsan_historical_health_2024_03_13 | 3272 kB
vc.vpx_event_arg_1 | 2776 kB
vc.vpx_event_arg_18 | 2744 kB
vc.vpx_event_arg_2 | 2440 kB
vc.vpx_event_arg_90 | 2440 kB
vc.vpx_event_arg_92 | 2432 kB
vc.vpx_event_arg_3 | 2432 kB
vc.vpx_event_arg_91 | 2416 kB
vc.vpx_topn_past_week | 2224 kB
[INFO] Total Postgres Size
313M Interpreted by Postgres
138M /storage/db/vpostgres/
207M /storage/seat/vpostgres/
__________________________
VCENTER CERTIFICATES
VC VECS Check
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: skipping __MACHINE_CERT, error was: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: Traceback (most recent call last):
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 803, in checkCerts
'checks': checkCert(cert, myhostname, myip, alias=alias).execute()})
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 517, in execute
output.append(self.sanCheck())
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 254, in sanCheck
details = "SAN contains neither hostname nor IP!" % self.cert_name
TypeError: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: skipping machine, error was: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: Traceback (most recent call last):
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 803, in checkCerts
'checks': checkCert(cert, myhostname, myip, alias=alias).execute()})
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 517, in execute
output.append(self.sanCheck())
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 254, in sanCheck
details = "SAN contains neither hostname nor IP!" % self.cert_name
TypeError: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: skipping vsphere-webclient, error was: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: Traceback (most recent call last):
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 803, in checkCerts
'checks': checkCert(cert, myhostname, myip, alias=alias).execute()})
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 517, in execute
output.append(self.sanCheck())
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 254, in sanCheck
details = "SAN contains neither hostname nor IP!" % self.cert_name
TypeError: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: skipping vpxd, error was: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: Traceback (most recent call last):
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 803, in checkCerts
'checks': checkCert(cert, myhostname, myip, alias=alias).execute()})
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 517, in execute
output.append(self.sanCheck())
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 254, in sanCheck
details = "SAN contains neither hostname nor IP!" % self.cert_name
TypeError: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: skipping vpxd-extension, error was: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: Traceback (most recent call last):
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 803, in checkCerts
'checks': checkCert(cert, myhostname, myip, alias=alias).execute()})
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 517, in execute
output.append(self.sanCheck())
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 254, in sanCheck
details = "SAN contains neither hostname nor IP!" % self.cert_name
TypeError: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: skipping hvc, error was: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: Traceback (most recent call last):
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 803, in checkCerts
'checks': checkCert(cert, myhostname, myip, alias=alias).execute()})
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 517, in execute
output.append(self.sanCheck())
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 254, in sanCheck
details = "SAN contains neither hostname nor IP!" % self.cert_name
TypeError: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: skipping data-encipherment, error was: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: Traceback (most recent call last):
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 803, in checkCerts
'checks': checkCert(cert, myhostname, myip, alias=alias).execute()})
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 517, in execute
output.append(self.sanCheck())
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 254, in sanCheck
details = "SAN contains neither hostname nor IP!" % self.cert_name
TypeError: not all arguments converted during string formatting
• MACHINE_SSL_CERT
• MACHINE
• VSPHERE-WEBCLIENT
• VPXD
• VPXD-EXTENSION
• HVC
• DATA-ENCIPHERMENT
• SMS
• sms_self_signed
[PASS] Certificate SAN Check
[PASS] Certificate Expiration Check - (Expires 02-20-2034)
• sps-extension
[PASS] Certificate SAN Check
[PASS] Certificate Expiration Check - (Expires 02-14-2034)
• b3280742-fa28-8d1a-fd56-d782276925b9
[PASS] Certificate SAN Check
[PASS] Certificate Expiration Check - (Expires 02-14-2034)
• 99e90742-9dd7-2efd-fe67-e4d6553eb6fb
[PASS] Certificate SAN Check
[PASS] Certificate Expiration Check - (Expires 02-14-2034)
• db300742-5ef7-dea0-54f8-e71ddcb7aaad
[PASS] Certificate SAN Check
[PASS] Certificate Expiration Check - (Expires 02-14-2034)
• 54670742-3032-0a17-7c55-63e5f4721de3
[PASS] Certificate SAN Check
[PASS] Certificate Expiration Check - (Expires 02-14-2034)
• WCP
• wcp
[PASS] Certificate SAN Check
[PASS] Certificate Trust Check (TRUSTED BY ISSUER NAME)
[PASS] Certificate Expiration Check - (Expires 02-14-2034)
VC Root CA Check
• 712e54af3903f0e0481d7b45a6c2f431ff654c62
[PASS] Certificate SAN Check
[PASS] Certificate Trust Check (SELF-SIGNED)
[PASS] Certificate Expiration Check - (Expires 02-14-2034)
[PASS] Certificate Authority Parameter Check
VC CRLs Check
[PASS] TRUSTED_ROOT_CRLS Check [Count: 1]
ESXi Certificate Mode Check
[PASS] ESXi Certificate Mode Check [vmca]
VC Extensions Check
[PASS] VPXD Extension Thumbprint Check
[PASS] com.vmware.vim.eam: thumbprint match
[PASS] com.vmware.rbd: thumbprint match
[INFO] com.vmware.imagebuilder is not in use.
VC STS Certificate Check
2024-03-19T16:26:22CST ERROR VC STS Certificate Check get_certs: certificate verify failed: Hostname mismatch, certificate is not valid for 'vcsa8-01.lab.com.60.168.192.in-addr.arpa'. (_ssl.c:997)
[FAIL] STS Certificate Check
('Failed to contacting STS service. Are the STS services running?', 'fail')
Solution User Cert Parity Checks
[PASS] machine-68655f38-217c-4b1a-af38-fa6eb4f98ba4: vecs and vmdir match
[PASS] vsphere-webclient-68655f38-217c-4b1a-af38-fa6eb4f98ba4: vecs and vmdir match
[PASS] vpxd-68655f38-217c-4b1a-af38-fa6eb4f98ba4: vecs and vmdir match
[PASS] vpxd-extension-68655f38-217c-4b1a-af38-fa6eb4f98ba4: vecs and vmdir match
[PASS] hvc-68655f38-217c-4b1a-af38-fa6eb4f98ba4: vecs and vmdir match
[PASS] wcp-68655f38-217c-4b1a-af38-fa6eb4f98ba4: vecs and vmdir match
________________
SSO CHECKS
VC Lookup Service Check
• SSO Site: default-first-site
• [PASS] vcsa8-01.lab.com (VC Server or CGW)
VC Machine ID Check
[PASS] Machine ID Check
____________________________
IDENTITY SOURCE CHECKS
[PASS] Local OS identity source exists
[PASS] STS connection string okay
___________________
IWA/AD CHECKS
Detected Domain Checks
[INFO] Joined Domain Report (No domain(s) detected)
Other Domain Checks
[INFO] Domain Exclusions (None)
[INFO] DC Exclusions (None)
__________________
VMDIR CHECKS
Local VMdir Checks
[INFO] VMdir database size: 19.23MB
[PASS] VMdir Arguments Check
[PASS] Stale PSC HA Check
[PASS] VMdir DFL Check
[PASS] VMdir Local State Check (Normal)
VMdir Replication Checks
[INFO] No partners
_________________________
HOST CLUSTER CHECKS
[PASS] Legacy SSL Cluster Settings Check
_________________
VCHA CHECKS
[INFO] 'VCHA Check' Skipped [Reason: service disabled]
---
Report location: /var/log/vmware/vdt/vdt.log-2024-03-19-162618
JSON location: /var/log/vmware/vdt/vdt.log-2024-03-19-162618.json
Log location: /var/log/vmware/vdt/vdt.log
Feedback Contact: vcf-gs-sa-vdt.PDL@broadcom.com
---6.同時,完成診斷後,工具將建立報告並儲存在/var/log/vmware/vdt/目錄下。
VDT 故障排除
VDT 2.x
1.診斷超時或診斷時間過長問題。
v2版本內建超時時間為10秒鐘(可在vdt/vcenter/vc_cfg/vc_vdt.ini中配置),如果超時並詢問您是要繼續進行強制檢查還是跳過它,如果選擇強制診斷並繼續掛起,請參閱步驟2中的說明。
2.診斷掛起或任何導致指令碼執行的問題。
如果診斷掛起的時間過長或失敗,無法執行下一步的診斷,則可以在指令碼中按ctrl-c 鍵,然後在“vcenter/vc_cfg/vc_vdt.ini”檔案中禁用檢查。例如,要禁用IWA/AD檢查,請執行以下操作:
在VDT 2目錄中,修改vc_vdt.ini檔案:
vi ./vcenter/vc_cfg/vc_vdt.ini
找到以下行:
[category:vc_iwa_checks]
name = "IWA/AD Checks"
在每行前放置一個分號:
;[category:vc_iwa_checks]
;name = "IWA/AD Checks"
儲存檔案:
:wq!3.一個或多個診斷專案出現錯誤。
- 收集日誌包
- 繼續進行傳統故障排除
- 將問題報告給 vcf-gcs-sa-vdt.pdl@broadcom.com
4.您可能會在任何檢查中遇到不準確或得到奇怪的結果。
- 繼續進行傳統故障排除
- 將問題報告給 vcf-gcs-sa-vdt.pdl@broadcom.com
VDT 1.x
1.診斷超時或診斷時間過長問題。
v1.1.6版本內建超時時間為20秒鐘,如果超時並詢問您是要繼續進行強制檢查還是跳過它,如果選擇強制診斷並繼續掛起,請參閱步驟2中的說明。
2.在更早的VDT版本中,診斷超時時間是10 秒。
如果診斷掛起的時間不合理,可以按ctrl-c 鍵退出指令碼診斷,然後將有問題的專案從需要執行診斷的“scripts”目錄移出。例如:
mv scripts/vc_ad_check.py /tmp/3.一個或多個診斷專案出現錯誤。
- 收集日誌包
- 繼續進行傳統故障排除
- 將問題報告給 vcf-gcs-sa-vdt.pdl@broadcom.com
4.您可能會在任何檢查中遇到不準確或得到奇怪的結果。
- 繼續進行傳統故障排除
- 將問題報告給 vcf-gcs-sa-vdt.pdl@broadcom.com
參考:
Using the VCF Diagnostic Tool for vSphere (VDT) (83896)
How to use the vSphere Diagnostic Tool (VDT)