This section lists the specific options you can use with the SoS utility.

SoS Utility Help Options

Use these options to see information about the SoS utility itself. For these options, SSH in to the SDDC Manager VM using the vcf administrative user account and enter the following command:
sudo /opt/vmware/sddc-support/sos --option-name
Enter the vcf password when prompted.
Option Description

--help

-h

Provides a summary of the available SoS utility options

--version

-v

Provides the SoS utility's version number.

SoS Utility VMware Cloud Foundation Summary Options

These options provide information about the Cloud Foundation system and tasks. For these options, SSH in to the SDDC Manager VM using the vcf administrative user account and enter the following command:
sudo /opt/vmware/sddc-support/sos --option-name
Enter the vcf password when prompted.
Option Description
--get-vcf-summary Returns information about your Cloud Foundation system, including CEIP, domains and clusters, hosts, licensing, network pools, SDDC Manager, VCF services, and solutions (vRealize Log Insight, vRealize Automation, and so on).
--get-vcf-tasks-summary Returns information about Cloud Foundation tasks, including the time the task was created and the status of the task.

SoS Utility Generic Options

These are generic options for the SoS utility. For these options, SSH in to the SDDC Manager VM using the vcf administrative user account and enter the following command:
sudo /opt/vmware/sddc-support/sos --option-name
Enter the vcf password when prompted.
Note: For generic options related to log collection, see Collect Logs for Your Cloud Foundation System.
Option Description
--ceip-tagging-get Returns setting for the VMware CEIP program. For information about the program, see Configuring Customer Experience Improvement Program.
--ceip-tagging-set Enrolls your deployment in the CEIP program.
--configure-sftp Configures SFTP for logs.
--debug-mode Runs the SoS utility in debug mode.
--domain-name DOMAINNAME

Specify the name of the workload domain name on which the SoS operation is to be performed.

To run the operation on all domains, specify --domain-name ALL .

Note:

If you omit the --domain-name flag and domain name, the SoS operation is performed only on the management domain.

--force
Allows SoS operations to be formed while workflows are running.
Note: It is recommended that you do not use this option.
--history Displays the last 20 SoS operations performed.
--ondemand-service Include this flag to execute commands on all ESXi hosts in a domain.
Warning: Contact VMware support before using this option.
--ondemand-service-json JSON file path Include this flag to execute commands in the JSON format on all ESXi hosts in a domain. For example, /opt/vmware/sddc-support/<JSON file name>
--setup-json SETUPJSON

Custom setup-json file for log collection.

SoS prepares the inventory automatically based on the environment where it is running. If you want to collect logs for a pre-defined set of components, you can create a setup.json file and pass the file as input to SoS. A sample JSON file is available on the SDDC Manager VM in the /opt/vmware/sddc-support/ directory.
--skip-known-host-check Skips the specified check for SSL thumbprint for host in the known host.
--zip Creates a zipped TAR file for the output.

SoS Utility Options for Health Check

These SoS commands are used for checking the health status of various components or services, including connectivity, compute, storage, database, domains, and networks. For these options, SSH in to the SDDC Manager VM using the vcf administrative user account and enter the following command:
sudo /opt/vmware/sddc-support/sos --option-name
Enter the vcf password when prompted.

A green status indicates that the health is normal, yellow provides a warning that attention might be required, and red (critical) indicates that the component needs immediate attention.

Option Description
--json-output-dir JSONDIR Outputs the results of any health check as a JSON file to the specified directory, JSONDIR.
--certificate-health

Verifies that the component certificates are valid (within the expiry date).

--connectivity-health

Performs a connectivity health check to inspect whether the different components of the system such as the ESXi hosts, Virtual Center Servers, Inventory Service VMs, Log Insight VM, NSX Manager VMs, PSC VMs, SDDC Manager VM can be pinged.

--composability-infra-health

Performs an API connectivity health check of the composable infrastructure. If no composable infrastructure exists, this flag is ignored. If found, the utility checks connectivity status through the composable infrastructure API, such as Redfish.

--compute-health

Performs a compute health check.

--general-health

Verifies ESXi entries across all sources, checks the Postgres DB operational status for hosts, checks ESXi for error dumps, and gets NSX Manager and cluster status.

--get-host-ips

Returns server information.

--get-inventory-info

Returns in a tabular format inventory details for the specified Cloud Foundation component, such as Platform Services ControllervCenter Server NSX, and ESXi. Optionally, add the flag --domain name ALL to return all details.

--health-check

Performs all available health checks.

--ntp-health

Verifies whether the time on the components is synchronized with the NTP server in the SDDC Manager VM. It also ensures that the hardware and software timestamp of ESXi hosts are within 5 minutes of the SDDC Manager VM.

--password-health

Returns the status of all current passwords, such as Last Changed Date, Expiry Date, and so on.

--services-health

Performs a services health check to confirm whether services within the Inventory Service VM and within SDDC Manager (like Lifecycle Management Server) are running.

--storage-health

Performs a check on the vSAN disk health of the ESXi hosts and vCenter clusters. Also runs proactive vSAN tests to verify the ability to create VMs within the vSAN disks.

--run-vsan-checks Runs proactive vSAN tests to verify the ability to create VMs within the vSAN disks.

SoS Utility Options for vSAN Stretched Clusters

Use create a vSAN stretched cluster, convert a vSAN stretch cluster to a standard vSAN cluster, and add/replace hosts in a vSAN stretched cluster. See Stretching Clusters. For these options, SSH in to the SDDC Manager VM using the vcf administrative user account, enter su to switch to the root user, navigate to the /opt/vmware/sddc-support directory, and type the following command:
./sos --option-name
Option Description
--expand-stretch-cluster Add hosts to or replace a host in a vSAN stretch cluster. Used with --sc-domain --sc-cluster --sc-hosts --esxi-license-key. For example, --expand-stretch-cluster --sc-domain MGMT --sc-cluster SDDC-Cluster1 --sc-hosts esxi-9.vrack.vsphere.local, esxi-10.vrack.vsphere.local --esxi-license-key AAAAA-BBBBB-CCCCC-DDDDD-EEEEE.

--show-clusters

Shows all domains and clusters.

--show-free-hosts

Shows all free hosts.

--stretch-vsan

Create a vSAN stretch cluster. Used with --sc-domain --sc-cluster --sc-hosts --witness-host-fqdn --witness-vsan-ip --witness-vsan-cidr --esxi-license-key. For example, --stretch-vsan --sc-domain MGMT --sc-cluster SDDC-Cluster1 --sc-hosts esxi-5.vrack.vsphere.local,esxi-6.vrack.vsphere.local --witness-host-fqdn esxi-11.vrack.vsphere.local --witness-vsan-ip 10.0.12.96 --witness-vsan-cidr 10.0.12.0/24 --esxi-license-key AAAAA-BBBBB-CCCCC-DDDDD-EEEEE, where AAAAA-BBBBB-CCCCC-DDDDD-EEEEE is a valid ESXi license key.

--sc-domain SCDOMAIN

Specify the domain, SCDOMAIN, to use for stretched vSAN. For example, --sc-domain MGMT.

--sc-cluster SCCLUSTER

Specify the cluster, SCCLUSTER, to use for stretched vSAN. For example, --sc-cluster SDDC-Cluster1.

--sc-hosts SCHOSTS [SCHOST1, SCHOST2 ...]

Specify the hosts, SCHOSTS, to use for stretched vSAN. For example, --sc-hosts esxi-5.vrack.vsphere.local,esxi-6.vrack.vsphere.local.

--witness-host-fqdn WITNESSHOSTFQDN

Specify the fully qualified domain name, WITNESSHOSTFQDN, of the witness host. For example, --witness-host-fqdn esxi-11.vrack.vsphere.local .

--witness-vsan-ip WITNESSHOSTVSANIP

Specify the IP address, WITNESSHOSTVSANIP, of the witness host. For example, --witness-vsan-ip 10.0.12.96.

--witness-vsan-cidr WITNESSHOSTVSANCIDR

Specify the Classless Inter-Domain Routing (CIDR) block, WITNESSHOSTVSANCIDR, of the witness host. For example, --witness-vsan-cidr 10.0.12.0/24.

--esxi-license-key ESXILICENSEKEY

Specify the license key, ESXILICENSEKEY, to use for ESXi hosts. For example, --esxi-license-key AAAAA-BBBBB-CCCCC-DDDDD-EEEEE.

SoS Utility Options for Fixing vSAN Partitions

Use this option to clean up vSAN partitions on one or more ESXi hosts. These options can be run only from the SDDC Manager VM. For these options, SSH in to the SDDC Manager VM using the vcf administrative user account, enter su to switch to the root user, navigate to the /opt/vmware/sddc-support directory, and type the following command:
./sos --option-name
Option Description

--cleanup-vsan

Cleans up vSAN Partitions in ESXi hosts. Optionally, you can specify the ESXi hosts, by IP address, to run the vSAN cleanup. Use commas (with no spaces) to separate multiple IP addresses.

SoS Utility Options for Managing ESXi Hosts

Use these options to clean up and manage ESXi hosts, including enabling SSH, cleaning up dirty hosts, and locking down hosts. For these options, SSH in to the SDDC Manager VM using the vcf administrative user account, enter su to switch to the root user, navigate to the /opt/vmware/sddc-support directory, and type the following command:
./sos --option-name
Option Description

--cleanup-decommissioned-host

Performs clean-up on the specified, decommissioned ESXi hosts by passing the JSON.

For example: --cleanup-decommissioned-host /opt/vmware/sddc-support/decommissioned_host_cleanup_sample.json

--cleanup-host

Performs clean-up on all or specified dirty ESXi hosts.

  • To clean up all dirty hosts, include ALL: --cleanup-host ALL.
  • To specify multiple dirty hosts, separate the IP addresses with a comma: --cleanup-host 10.0.0.4,10.0.0.5,10.0.0.6.
Note:

A dirty host is a host that has been removed from a cluster in a workload domain. A dirty host cannot be assigned to another workload domain until it is cleaned up.

--disable-lockdown-esxi

Disables lockdown mode on ESXi nodes in the specified domains.

  • To disable lockdown on ESXi nodes in a specific domain, include the flag --domain-name DOMAINNAME.
  • To disable lockdown on ESXi nodes in all domains, include the flag --domain-name ALL.
Note:

If you do not specify domain, this command affects only the MGMT domain by default.

--enable-lockdown-esxi

Enables lockdown mode on ESXi nodes in the specified domains.

  • To enable lockdown on ESXi nodes in a specific domain, include the flag --domain-name DOMAINNAME.
  • To enable lockdown on ESXi nodes in all domains, include the flag --domain-name ALL.
Note:

If you do not specify domain, this command affects only the MGMT domain by default.

--disable-ssh-esxi

Disables SSH on ESXi nodes in the specified domains.

  • To disable SSH on ESXi nodes in a specific domain, include the flag --domain-name DOMAINNAME.
  • To disable SSH on ESXi nodes in all domains, include the flag --domain-name ALL.
Note:

If you do not specify domain, this command affects only the MGMT domain by default.

--enable-ssh-esxi

Enables SSH on ESXi nodes in the specified domains.

  • To enable SSH on ESXi nodes in a specific domain, include the flag --domain-name DOMAINNAME.
  • To enable SSH on ESXi nodes in all domains, include the flag --domain-name ALL.
Note:

If you do not specify domain, this command affects only the MGMT domain by default.

SoS Utility Options for vRealize Suite Lifecycle Manager

Use these options to redeploy vRealize Suite Lifecycle Manager and monitor the redeployment. For these options, SSH in to the SDDC Manager VM using the vcf administrative user account, enter su to switch to the root user, navigate to the /opt/vmware/sddc-support directory, and type the following command:
./sos --option-name
Note: You should only redeploy vRealize Suite Lifecycle Manager when directed to do so by VMware Support.
Option Description

--vrslcm-redeploy

Redeploys vRealize Suite Lifecycle Manager. Provides a taskID for the operation.

--get-vrslcm-redeploy-task-status <taskID>

Returns vRealize Suite Lifecycle Manager redeployment status for the specified taskID.