SoS Utility
Options
This section lists
the specific options you can use with the SoS utility.
For information about collecting log files
using the SoS utility, see Collect Logs for Your VMware Cloud Foundation System.
SoS Utility Help
Options
Use these options to see information about the SoS
utility itself. For these options, SSH in to the SDDC Manager VM using the
vcf
user account and enter the following command:
Enter thesudo /opt/vmware/sddc-support/sos --option-name
vcf
password when prompted.Option
| Description
|
|---|---|
--help -h | Provides a summary of the available SoS
utility options
|
--version -v | Provides the SoS utility's version number.
|
SoS Utility Generic Options
These are generic options for the SoS
utility. For these options, SSH in to the SDDC Manager VM using the
vcf
user account and enter the following command:
Enter thesudo /opt/vmware/sddc-support/sos --option-name
vcf
password when prompted. Option | Description |
|---|---|
--history | Displays the last 20 SoS operations performed. |
--force | Allows SoS operations to
be performed while workflows are running. It is recommended
that you do not use this option. |
--configure-sftp | Configures SFTP for logs. |
--setup-json SETUPJSON | Custom setup-json file
for log collection. setup.json file and pass the file as input to SoS. A
sample JSON file is available on the SDDC Manager appliance at /opt/vmware/sddc-support/setup.sample.json . |
--log-folder LOGFOLDER | Specifies the name of the log directory. |
--log-dir LOGDIR | Specifies the directory to store the logs.
|
--enable-stats | Activate SoS execution stats collection. |
--debug-mode | Runs the SoS utility in debug mode. |
--zip | Creates a zipped TAR file for the output. |
--short | Display detailed health results only for failures
and warnings. |
--domain-name DOMAINNAME | Specify the name of the
workload domain name on which to perform the SoS operation. To run the operation on
all workload domains, specify --domain-name
ALL . If you omit the
--domain-name flag and workload domain name,
the SoS operation is performed only on the management
domain. You can combine
--domain-name with
--clusternames to further limit the scope
of an operation. This can be useful in a scaled environment with
a large number of ESXi hosts. |
--clusternames
CLUSTERNAMES | Specify the vSphere
cluster names associated with a workload domain for which you
want to collect ESXi and Workload Management (WCP) logs. Enter a
comma-separated list of vSphere clusters. For example,
--clusternames cluster1, cluster2 . If you specify
--domain-name ALL then the
--clusternames option is ignored. |
--skip-known-host-check | Skips the specified check for SSL thumbprint for
host in the known host. |
--include-free-hosts | Collect logs for free ESXi hosts, in addition to
in-use ESXi hosts. |
--include-precheck-report | This option runs LCM upgrade prechecks and
includes the LCM upgrade prechecks run report in SoS health check
operations. |
SoS Utility VMware Cloud Foundation Summary Options
These options provide summary details of the SDDC Manager instance, including components,
services, and tasks.. For these options, SSH in to the SDDC Manager VM using the
vcf
user account and enter the following command:
Enter thesudo /opt/vmware/sddc-support/sos --option-name
vcf
password when prompted.Option
| Description
|
|---|---|
--get-vcf-summary | Returns information about your VMware
Cloud Foundation system, including CEIP,workload
domains, vSphere clusters, ESXi hosts, licensing, network pools,
SDDC Manager, and VCF services. |
--get-vcf-tasks-summary | Returns information about VMware
Cloud Foundation
tasks, including the time the task was created and the status of the
task. |
--get-vcf-services-summary | Returns information about SDDC Manager uptime and when VMware
Cloud Foundation
services (for example, LCM) started and stopped. |
SoS Utility Fix-It-Up Options
Use these options to manage ESXi hosts and vCenter
Servers, including enabling SSH and locking down hosts. For these options, SSH in to
the SDDC Manager VM using the
vcf
administrative user
account, enter su
to switch to the root user, navigate to the
/opt/vmware/sddc-support
directory, and type the following
command:./sos --option-name
For Fix-It-Up options, if you do not
specify a workload domain, the command affects only the management domain.
Option | Description |
|---|---|
--enable-ssh-esxi | Applies SSH on all ESXi nodes in the specified
workload domains.
|
--disable-ssh-esxi | Deactivates SSH on all ESXi nodes in the
specified workload domains.
|
--enable-ssh-vc | Applies SSH on vCenter Server in the
specified workload domains.
|
--disable-ssh-vc | Deactivates SSH on vCenter Servers in the
specified workload domains.
|
--enable-lockdown-esxi | Applies normal lockdown mode on all ESXi nodes in
the specified workload domains.
|
--disable-lockdown-esxi | Deactivates normal lockdown mode on ESXi nodes in
the specified workload domains.
|
--ondemand-service ONDEMANDSERVICE | Execute commands on ESXi hosts, vCenter Servers. or SDDC Manager
entities for a given workload domain. Specify the workload domain
using --domain-name
.DOMAINNAME Replace
ONDEMANDSERVICE with the path to a
.yml input file. (Sample file available
at:
/opt/vmware/sddc-support/ondemand_service.yml ).Contact VMware Support before using this option. |
--ondemand-service JSON file
path | Include this flag to execute commands in the JSON
format on all ESXi hosts in a workload domain. For example,
/opt/vmware/sddc-support/<JSON file name> |
--refresh-ssh-keys | Refreshes the SSH keys. |
SoS Utility Health Check Options
These SoS commands are used for checking the health
status of various components or services, including connectivity, compute, storage,
database, workload domains, and networks. For these options, SSH in to the SDDC
Manager VM using the
vcf
user account and enter the following
command:
Enter thesudo /opt/vmware/sddc-support/sos --option-name
vcf
password when prompted.A green status indicates that
the health is normal, yellow provides a warning that attention might be
required, and red (critical) indicates that the component needs immediate
attention.
Option
| Description
|
|---|---|
--health-check | Performs all available health checks. Can be combined with
--run-vsan-checks . For
example:
|
--connectivity-health | Performs connectivity
checks and validations for SDDC resources (NSX Managers, ESXi
hosts, vCenter Servers, and so on). This check performs a ping
status check, SSH connectivity status check, and API
connectivity check for SDDC resources. |
--services-health | Performs a services
health check to confirm whether services within the SDDC Manager
(like Lifecycle Management Server) and vCenter Server are
running. |
--compute-health | Performs a compute health
check, including ESXi host licenses, disk storage, disk
partitions, and health status. |
--storage-health | Performs a check on the vSAN disk health of the
ESXi hosts and vSphere clusters. Can be combined with
--run-vsan-checks . For example:
|
--run-vsan-checks | This option cannot be run on its own and must be combined with
--health-check or
--storage-health .Runs a VM creation
test to verify the vSAN cluster health. Running the test creates
a virtual machine on each host in the vSAN cluster. The test
creates a VM and deletes it. If the VM creation and deletion
tasks are successful, assume that the vSAN cluster components
are working as expected and the cluster is functional. You must not
conduct the proactive test in a production environment as it
creates network traffic and impacts the vSAN workload.
|
--ntp-health | Verifies whether the time
on the components is synchronized with the NTP server in the
SDDC Manager appliance . It also ensures that the hardware
and software time stamp of ESXi hosts are within 5 minutes of
the SDDC Manager appliance . |
--dns-health | Performs a forward and reverse DNS health
check. |
--general-health | Checks ESXi for error
dumps and gets NSX Manager and cluster status. |
--certificate-health | Verifies that the component certificates are
valid and when they are expiring.
|
--composability-infra-health | Performs an API
connectivity health check of the composable infrastructure. If
no composable infrastructure exists, this flag is ignored. If
found, the utility checks connectivity status through the
composable infrastructure API, such as Redfish. |
--get-host-ips | Returns host names and IP
addresses of ESXi hosts. |
--get-inventory-info | Returns inventory details
for the VMware
Cloud Foundation components, such as vCenter
Server NSX , SDDC Manager, and ESXi hosts. Optionally,
add the flag --domain-name ALL to return
details for all workload domains. |
--password-health | Checks the status of passwords across VMware
Cloud Foundation components. It lists components with passwords
managed by VCF, the date a password was last changed, the
password expiration date, and the number of days until
expiration.
|
--hardware-compatibility-report | Validates ESXi hosts and vSAN devices and exports
the compatibility report. |
--version-health | This operation checks the version of BOM
components (vCenter Server, NSX-T Data Center, ESXi, and SDDC
Manager). It compares the SDDC Manager inventory, the actual
installed BOM component version, and the BOM component versions to
detect any drift. |
--json-output-dir JSONDIR | Outputs the results of any health check as
a JSON file to the specified directory,
JSONDIR .
|
Example Health Check Commands:
- Check the password health on the management domain only:./sos --password-health
- Check the connectivity health for all workload domains:./sos --connectivity-health --domain-name ALL
- Check the DNS health for the workload domain namedsfo-w01:./sos --dns-health --domain-name sfo-w01