【VMware vCenter】使用vSphere Diagnostic Tool(VDT)诊断工具检查vCenter Server。
vSphere Diagnostic Tool(VDT)是一个诊断工具,主要用于对vCenter系统的配置进行一系列检查、识别和报告可能存在的问题。
通过该工具,在每次检查时可以提供友好的显示结果。这些结果分为PASS(表示检查成功)、FAIL(表示检查失败)和 WARN(表示可能不重要但需要注意的警告)。除了PASS/FAIL/WARN结果外,VDT 还可以提供信息性消息(INFO),这些消息可以用于提供判断所检查配置项目的相关详细信息。
VDT 的作用是通过提供可能难以收集或在问题解决过程中可能无法立即发现的信息来帮助用户进行故障排除。它还可以检测vCenter Server Appliance 配置中的不一致之处。这对于维护稳定且配置良好的虚拟化环境来说至关重要。
以友好的方式显示结果提供给用户,VDT 增强了对vCenter Server Appliance运行状况和配置的可见性,使管理员能够更轻松地识别和解决潜在的问题。VDT是其他故障排除和诊断过程的补充工具,它提供了一组集中检查,以快速评估vCenter Server配置的某个特定方面。定期使用VDT可以成为系统主动维护方法的一部分,帮助管理员在可能配置问题而导致更严重的问题之前发现并解决它们。
使用VDT时,必须仔细检查结果,解决任何失败或警告的检查,以维护稳定可靠的vCenter Server环境。请注意,该工具的可用性取决于vCenter Server的版本以及随时间的推移对VDT所做的任何更新或增强。
VDT 发行版本与vCenter Server兼容性
- vdt 1.1.4 - vCenter Server 6.5、6.7 和 7.0
- vdt 1.1.6 - vCenter Server 7.0 和 8.0
- vdt 2.0.x - vCenter Server 7.0 和 8.0
VDT 诊断或检测的项目
- vCenter Basic Info(vCenter基本信息)
- SSO Checks (Lookup Service and Machine ID)(SSO检查)
- Active Directory Integration(AD活动目录集成检查)
- vCenter Certificates(vCenter证书检查)
- VMdir Functionality(VMdir检查)
- Core Files(内核文件检查)
- vPostgres Database Usage(vPostgres数据库使用率)
- Disk Space Usage(vCenter磁盘空间使用率)
- DNS Functionality(DNS域名解析检查)
- Time Sync & NTP Functionality(NTP时钟同步检查)
- Root Account Validity(vCenter Root有效期检查)
- vCenter Services(vCenter服务检查)
- VCHA Check(vCenter HA检查)
- Syslog Functionality(vCenter日志服务器检查)
- IWA/AD Checks(IWA/AD身份认证检查)
- Local Identity Source Check(本地身份认证检查)
- Solution User Checks(用户解决方案证书检查)
VDT 安装和使用指南
1.通过上面的链接下载环境所对应的支持版本。
2.通过SFTP客户端将工具包上传至vCenter Server的root目录。
3.进入工具上传所在的目录,然后解压缩文件。
unzip vdt-v2.0.4-03_08_2024.zip
4.使用以下命令运行该工具。
python vdt.py
5.运行诊断工具后,可以得到如下vCenter Server相关类似的诊断结果。
查看诊断结果
________________________________
"VDT FOR VCENTER (V2.0.3)"
Today: Tuesday, March 19 16:26:07
Log Level: DEBUG
_______________________________
APPLIANCE INFO AND CONFIG
[INFO] vCenter Basic Info
Current Time: 2024-03-19 16:26:18.657412
vCenter Uptime: up 1 day
vCenter Load Average: 0.76, 0.50, 0.48
Number of CPUs: 8
Total Memory: 23.45
vCenter Hostname: vcsa8-01.lab.com.60.168.192.in-addr.arpa
vCenter PNID: vcsa8-01.lab.com
vCenter IP Address: 192.168.60.150
NTP Servers: 192.168.60.10
vCenter Version: 8.0.2.00200 - 23319993
vCenter SSO Domain: vsphere.local
vCenter AD Domain: No DOMAIN
Disabled Plugins: None
[INFO] Inventory Summary
Number of ESXi Hosts: 8
Number of Virtual Machines: 12
Number of Clusters: 2
[FAIL] vCenter PNID Check
The PNID (vcsa8-01.lab.com) does not match the hostname (vcsa8-01.lab.com.60.168.192.in-addr.arpa)!
Documentation: https://kb.vmware.com/s/article/2130599
[PASS] vCenter Proxy Check (Not Enabled)
[PASS] Root Account Check (Exp: never)
________________
NTP CHECKS
[PASS] NTP Service Check
NTP service is running
[PASS] NTP Server Check
192.168.60.10 - OK
[INFO] NTP Status Check
+-----------------------------------LEGEND-----------------------------------+
| remote: NTP peer server |
| refid: server that this peer gets its time from |
| when: number of seconds passed since last response |
| poll: poll interval in seconds |
| delay: round-trip delay to the peer in milliseconds |
| offset: time difference between the server and client in milliseconds |
+-----------------------------------PREFIX-----------------------------------+
| * Synchronized to this peer |
| # Almost synchronized to this peer |
| + Peer selected for possible synchronization |
| – Peer is a candidate for selection |
| ~ Peer is statically configured |
+----------------------------------------------------------------------------+
remote refid st t when poll reach delay offset jitter
==============================================================================
*192.168.60.10 114.118.7.161 2 u 904 1024 377 0.455 -0.354 0.438
________________
DNS CHECKS
[INFO] Entries in /etc/hosts
127.0.0.1 vcsa8-01.lab.com.60.168.192.in-addr.arpa vcsa8-01 localhost
127.0.0.1 vsphereclient.vmware.com
::1 vcsa8-01.lab.com.60.168.192.in-addr.arpa vcsa8-01 localhost ipv6-localhost ipv6-loopback
[PASS] Checking for non-standard /etc/hosts entries
Nameserver Checks
• 192.168.60.10
[FAIL] DNS with UDP - testing if vcsa8-01.lab.com.60.168.192.in-addr.arpa resolves to 192.168.60.150
VC uses UDP 53 for DNS queries by default, but will switch to TCP if UDP fails, causing a delayed response
[FAIL] DNS with TCP - testing if vcsa8-01.lab.com.60.168.192.in-addr.arpa resolves to 192.168.60.150
VC uses TCP 53 for DNS queries when UDP fails, or if the size is too large for a single UDP packet
[PASS] Reverse DNS - testing if 192.168.60.150 resolves to vcsa8-01.lab.com.60.168.192.in-addr.arpa
[INFO] Commands used:
dig +short <fqdn> <nameserver>
dig +noall +answer -x <ip> <namserver>
dig +short +tcp <fqdn> <nameserver>
________________________
FILE SYSTEM CHECKS
[PASS] Disk Space Check
[PASS] Inode Check
[PASS] VMAFDD Log Rotation
_____________________
CORE FILE CHECK
[INFO] Core File Check
These core files are older than 72 hours. consider deleting them
at your discretion to reduce the size of log bundles.
Core files:
/storage/core/core.envoy-sidecar.17081 Size: 96.83MB Last Modified: 2024-02-21T09:32:06
/storage/core/core.envoy-hgw.16506 Size: 54.83MB Last Modified: 2024-02-21T09:32:06
[PASS] HPROF File Check
__________________________
SERVICE STATUS CHECK
[PASS] Services Check
[PASS] Service Start Priority
__________________
SYSLOG CHECK
[INFO] Remote Syslog config: None Configured
[PASS] Local Syslog Functional Check
_____________________
POSTGRES CHECKS
[INFO] Top 20 Largest Tables
relation | total_size
----------------------------------------------+------------
vc.vpx_host_vm_config_option | 33 MB
vc.vpx_event_arg_88 | 6864 kB
vsanhealth.vsan_historical_health_2024_03_15 | 5472 kB
vc.vpx_proc_log | 5216 kB
vsanhealth.vsan_historical_health_2024_03_16 | 5112 kB
vc.vpx_event_arg_87 | 4744 kB
vc.vpx_event_arg_89 | 4232 kB
vsanhealth.vsan_historical_health_2024_03_14 | 3984 kB
vc.vpx_task | 3832 kB
vc.vpx_journal_entry | 3664 kB
vc.vpx_event_arg_4 | 3320 kB
vsanhealth.vsan_historical_health_2024_03_13 | 3272 kB
vc.vpx_event_arg_1 | 2776 kB
vc.vpx_event_arg_18 | 2744 kB
vc.vpx_event_arg_2 | 2440 kB
vc.vpx_event_arg_90 | 2440 kB
vc.vpx_event_arg_92 | 2432 kB
vc.vpx_event_arg_3 | 2432 kB
vc.vpx_event_arg_91 | 2416 kB
vc.vpx_topn_past_week | 2224 kB
[INFO] Total Postgres Size
313M Interpreted by Postgres
138M /storage/db/vpostgres/
207M /storage/seat/vpostgres/
__________________________
VCENTER CERTIFICATES
VC VECS Check
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: skipping __MACHINE_CERT, error was: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: Traceback (most recent call last):
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 803, in checkCerts
'checks': checkCert(cert, myhostname, myip, alias=alias).execute()})
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 517, in execute
output.append(self.sanCheck())
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 254, in sanCheck
details = "SAN contains neither hostname nor IP!" % self.cert_name
TypeError: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: skipping machine, error was: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: Traceback (most recent call last):
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 803, in checkCerts
'checks': checkCert(cert, myhostname, myip, alias=alias).execute()})
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 517, in execute
output.append(self.sanCheck())
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 254, in sanCheck
details = "SAN contains neither hostname nor IP!" % self.cert_name
TypeError: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: skipping vsphere-webclient, error was: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: Traceback (most recent call last):
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 803, in checkCerts
'checks': checkCert(cert, myhostname, myip, alias=alias).execute()})
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 517, in execute
output.append(self.sanCheck())
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 254, in sanCheck
details = "SAN contains neither hostname nor IP!" % self.cert_name
TypeError: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: skipping vpxd, error was: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: Traceback (most recent call last):
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 803, in checkCerts
'checks': checkCert(cert, myhostname, myip, alias=alias).execute()})
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 517, in execute
output.append(self.sanCheck())
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 254, in sanCheck
details = "SAN contains neither hostname nor IP!" % self.cert_name
TypeError: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: skipping vpxd-extension, error was: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: Traceback (most recent call last):
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 803, in checkCerts
'checks': checkCert(cert, myhostname, myip, alias=alias).execute()})
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 517, in execute
output.append(self.sanCheck())
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 254, in sanCheck
details = "SAN contains neither hostname nor IP!" % self.cert_name
TypeError: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: skipping hvc, error was: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: Traceback (most recent call last):
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 803, in checkCerts
'checks': checkCert(cert, myhostname, myip, alias=alias).execute()})
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 517, in execute
output.append(self.sanCheck())
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 254, in sanCheck
details = "SAN contains neither hostname nor IP!" % self.cert_name
TypeError: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: skipping data-encipherment, error was: not all arguments converted during string formatting
2024-03-19T16:26:20CST ERROR VC VECS Check checkCerts: Traceback (most recent call last):
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 803, in checkCerts
'checks': checkCert(cert, myhostname, myip, alias=alias).execute()})
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 517, in execute
output.append(self.sanCheck())
File "/root/vdt-v2.0.4-03_08_2024/vcenter/vc_scripts/vc_cert_check.py", line 254, in sanCheck
details = "SAN contains neither hostname nor IP!" % self.cert_name
TypeError: not all arguments converted during string formatting
• MACHINE_SSL_CERT
• MACHINE
• VSPHERE-WEBCLIENT
• VPXD
• VPXD-EXTENSION
• HVC
• DATA-ENCIPHERMENT
• SMS
• sms_self_signed
[PASS] Certificate SAN Check
[PASS] Certificate Expiration Check - (Expires 02-20-2034)
• sps-extension
[PASS] Certificate SAN Check
[PASS] Certificate Expiration Check - (Expires 02-14-2034)
• b3280742-fa28-8d1a-fd56-d782276925b9
[PASS] Certificate SAN Check
[PASS] Certificate Expiration Check - (Expires 02-14-2034)
• 99e90742-9dd7-2efd-fe67-e4d6553eb6fb
[PASS] Certificate SAN Check
[PASS] Certificate Expiration Check - (Expires 02-14-2034)
• db300742-5ef7-dea0-54f8-e71ddcb7aaad
[PASS] Certificate SAN Check
[PASS] Certificate Expiration Check - (Expires 02-14-2034)
• 54670742-3032-0a17-7c55-63e5f4721de3
[PASS] Certificate SAN Check
[PASS] Certificate Expiration Check - (Expires 02-14-2034)
• WCP
• wcp
[PASS] Certificate SAN Check
[PASS] Certificate Trust Check (TRUSTED BY ISSUER NAME)
[PASS] Certificate Expiration Check - (Expires 02-14-2034)
VC Root CA Check
• 712e54af3903f0e0481d7b45a6c2f431ff654c62
[PASS] Certificate SAN Check
[PASS] Certificate Trust Check (SELF-SIGNED)
[PASS] Certificate Expiration Check - (Expires 02-14-2034)
[PASS] Certificate Authority Parameter Check
VC CRLs Check
[PASS] TRUSTED_ROOT_CRLS Check [Count: 1]
ESXi Certificate Mode Check
[PASS] ESXi Certificate Mode Check [vmca]
VC Extensions Check
[PASS] VPXD Extension Thumbprint Check
[PASS] com.vmware.vim.eam: thumbprint match
[PASS] com.vmware.rbd: thumbprint match
[INFO] com.vmware.imagebuilder is not in use.
VC STS Certificate Check
2024-03-19T16:26:22CST ERROR VC STS Certificate Check get_certs: certificate verify failed: Hostname mismatch, certificate is not valid for 'vcsa8-01.lab.com.60.168.192.in-addr.arpa'. (_ssl.c:997)
[FAIL] STS Certificate Check
('Failed to contacting STS service. Are the STS services running?', 'fail')
Solution User Cert Parity Checks
[PASS] machine-68655f38-217c-4b1a-af38-fa6eb4f98ba4: vecs and vmdir match
[PASS] vsphere-webclient-68655f38-217c-4b1a-af38-fa6eb4f98ba4: vecs and vmdir match
[PASS] vpxd-68655f38-217c-4b1a-af38-fa6eb4f98ba4: vecs and vmdir match
[PASS] vpxd-extension-68655f38-217c-4b1a-af38-fa6eb4f98ba4: vecs and vmdir match
[PASS] hvc-68655f38-217c-4b1a-af38-fa6eb4f98ba4: vecs and vmdir match
[PASS] wcp-68655f38-217c-4b1a-af38-fa6eb4f98ba4: vecs and vmdir match
________________
SSO CHECKS
VC Lookup Service Check
• SSO Site: default-first-site
• [PASS] vcsa8-01.lab.com (VC Server or CGW)
VC Machine ID Check
[PASS] Machine ID Check
____________________________
IDENTITY SOURCE CHECKS
[PASS] Local OS identity source exists
[PASS] STS connection string okay
___________________
IWA/AD CHECKS
Detected Domain Checks
[INFO] Joined Domain Report (No domain(s) detected)
Other Domain Checks
[INFO] Domain Exclusions (None)
[INFO] DC Exclusions (None)
__________________
VMDIR CHECKS
Local VMdir Checks
[INFO] VMdir database size: 19.23MB
[PASS] VMdir Arguments Check
[PASS] Stale PSC HA Check
[PASS] VMdir DFL Check
[PASS] VMdir Local State Check (Normal)
VMdir Replication Checks
[INFO] No partners
_________________________
HOST CLUSTER CHECKS
[PASS] Legacy SSL Cluster Settings Check
_________________
VCHA CHECKS
[INFO] 'VCHA Check' Skipped [Reason: service disabled]
---
Report location: /var/log/vmware/vdt/vdt.log-2024-03-19-162618
JSON location: /var/log/vmware/vdt/vdt.log-2024-03-19-162618.json
Log location: /var/log/vmware/vdt/vdt.log
Feedback Contact: vcf-gs-sa-vdt.PDL@broadcom.com
---6.同时,完成诊断后,工具将创建报告并保存在/var/log/vmware/vdt/目录下。
VDT 故障排除
VDT 2.x
1.诊断超时或诊断时间过长问题。
v2版本内置超时时间为10秒钟(可在vdt/vcenter/vc_cfg/vc_vdt.ini中配置),如果超时并询问您是要继续进行强制检查还是跳过它,如果选择强制诊断并继续挂起,请参阅步骤2中的说明。
2.诊断挂起或任何导致脚本执行的问题。
如果诊断挂起的时间过长或失败,无法执行下一步的诊断,则可以在脚本中按ctrl-c 键,然后在“vcenter/vc_cfg/vc_vdt.ini”文件中禁用检查。例如,要禁用IWA/AD检查,请执行以下操作:
在VDT 2目录中,修改vc_vdt.ini文件:
vi ./vcenter/vc_cfg/vc_vdt.ini
找到以下行:
[category:vc_iwa_checks]
name = "IWA/AD Checks"
在每行前放置一个分号:
;[category:vc_iwa_checks]
;name = "IWA/AD Checks"
保存文件:
:wq!3.一个或多个诊断项目出现错误。
- 收集日志包
- 继续进行传统故障排除
- 将问题报告给 vcf-gcs-sa-vdt.pdl@broadcom.com
4.您可能会在任何检查中遇到不准确或得到奇怪的结果。
- 继续进行传统故障排除
- 将问题报告给 vcf-gcs-sa-vdt.pdl@broadcom.com
VDT 1.x
1.诊断超时或诊断时间过长问题。
v1.1.6版本内置超时时间为20秒钟,如果超时并询问您是要继续进行强制检查还是跳过它,如果选择强制诊断并继续挂起,请参阅步骤2中的说明。
2.在更早的VDT版本中,诊断超时时间是10 秒。
如果诊断挂起的时间不合理,可以按ctrl-c 键退出脚本诊断,然后将有问题的项目从需要运行诊断的“scripts”目录移出。例如:
mv scripts/vc_ad_check.py /tmp/3.一个或多个诊断项目出现错误。
- 收集日志包
- 继续进行传统故障排除
- 将问题报告给 vcf-gcs-sa-vdt.pdl@broadcom.com
4.您可能会在任何检查中遇到不准确或得到奇怪的结果。
- 继续进行传统故障排除
- 将问题报告给 vcf-gcs-sa-vdt.pdl@broadcom.com
参考:
