This section lists the specific options you can use with the SoS utility.

For information about collecting log files using the SoS utility, see Collect Logs for Your VMware Cloud Foundation System.

SoS Utility Help Options

Use these options to see information about the SoS utility itself. For these options, SSH in to the SDDC Manager VM using the vcf user account and enter the following command:
sudo /opt/vmware/sddc-support/sos --option-name
Enter the vcf password when prompted.
Option Description

--help

-h

Provides a summary of the available SoS utility options

--version

-v

Provides the SoS utility's version number.

SoS Utility Generic Options

These are generic options for the SoS utility. For these options, SSH in to the SDDC Manager VM using the vcf user account and enter the following command:
sudo /opt/vmware/sddc-support/sos --option-name
Enter the vcf password when prompted.
Option Description
--history Displays the last 20 SoS operations performed.
--force
Allows SoS operations to be performed while workflows are running.
Note: It is recommended that you do not use this option.
--configure-sftp Configures SFTP for logs.
--setup-json SETUPJSON

Custom setup-json file for log collection.

SoS prepares the inventory automatically based on the environment where it is running. If you want to collect logs for a pre-defined set of components, you can create a setup.json file and pass the file as input to SoS. A sample JSON file is available on the SDDC Manager appliance at /opt/vmware/sddc-support/setup.sample.json.
--log-folder LOGFOLDER Specifies the name of the log directory.
--log-dir LOGDIR Specifies the directory to store the logs.
--enable-stats Enable SoS execution stats collection.
--debug-mode Runs the SoS utility in debug mode.
--zip Creates a zipped TAR file for the output.
--domain-name DOMAINNAME

Specify the name of the workload domain name on which to perform the SoS operation.

To run the operation on all workload domains, specify --domain-name ALL.

Note:

If you omit the --domain-name flag and workload domain name, the SoS operation is performed only on the management domain.

--clusternames CLUSTERNAMES

Specify the vSphere cluster names associated with a workload domain for which you want to collect ESXi and Workload Management (WCP) logs.

Enter a comma-separated list of vSphere clusters. For example, --clusternames cluster1, cluster2.

Note:

If you specify --domain-name ALL then the --clusternames option is ignored.

--skip-known-host-check Skips the specified check for SSL thumbprint for host in the known host.
--include-free-hosts Collect logs for free ESXi hosts, in addition to in-use ESXi hosts.

SoS Utility VMware Cloud Foundation Summary Options

These options provide summary details of the SDDC Manager instance, including components, services, and tasks.. For these options, SSH in to the SDDC Manager VM using the vcf user account and enter the following command:
sudo /opt/vmware/sddc-support/sos --option-name
Enter the vcf password when prompted.
Option Description
--get-vcf-summary Returns information about your VMware Cloud Foundation system, including CEIP,workload domains, vSphere clusters, ESXi hosts, licensing, network pools, SDDC Manager, and VCF services.
--get-vcf-tasks-summary Returns information about VMware Cloud Foundation tasks, including the time the task was created and the status of the task.
--get-vcf-services-summary Returns information about SDDC Manager uptime and when VMware Cloud Foundation services (for example, LCM) started and stopped.

SoS Utility Fix-It-Up Options

Use these options to manage ESXi hosts and vCenter Servers, including enabling SSH and locking down hosts. For these options, SSH in to the SDDC Manager VM using the vcf administrative user account, enter su to switch to the root user, navigate to the /opt/vmware/sddc-support directory, and type the following command:
./sos --option-name
Note:

For Fix-It-Up options, if you do not specify a workload domain, the command affects only the management domain.

Option Description

--enable-ssh-esxi

Enables SSH on ESXi nodes in the specified workload domains.

  • To enable SSH on ESXi nodes in a specific workload domain, include the flag --domain-name DOMAINNAME.
  • To enable SSH on ESXi nodes in all workload domains, include the flag --domain-name ALL.

--disable-ssh-esxi

Disables SSH on ESXi nodes in the specified workload domains.

  • To disable SSH on ESXi nodes in a specific workload domain, include the flag --domain-name DOMAINNAME.
  • To disable SSH on ESXi nodes in all workload domains, include the flag --domain-name ALL.

--enable-ssh-vc

Enables SSH on vCenter Server in the specified workload domains.

  • To enable SSH on vCenter in a specific workload domain, include the flag --domain-name DOMAINNAME.
  • To enable SSH on vCenter Servers in all workload domains, include the flag --domain-name ALL.

--disable-ssh-vc

Disables SSH on vCenter Servers in the specified workload domains.

  • To disable SSH on vCenter Server in a specific workload domain, include the flag --domain-name DOMAINNAME.
  • To disable SSH on vCenter Servers in all workload domains, include the flag --domain-name ALL.

--enable-lockdown-esxi

Enables lockdown mode on ESXi nodes in the specified workload domains.

  • To enable lockdown on ESXi nodes in a specific workload domain, include the flag --domain-name DOMAINNAME.
  • To enable lockdown on ESXi nodes in all workload domains, include the flag --domain-name ALL.

--disable-lockdown-esxi

Disables lockdown mode on ESXi nodes in the specified workload domains.

  • To disable lockdown on ESXi nodes in a specific workload domain, include the flag --domain-name DOMAINNAME.
  • To disable lockdown on ESXi nodes in all workload domains, include the flag --domain-name ALL.
--ondemand-service Include this flag to execute commands on all ESXi hosts in a workload domain.
Warning: Contact VMware support before using this option.
--ondemand-service JSON file path Include this flag to execute commands in the JSON format on all ESXi hosts in a workload domain. For example, /opt/vmware/sddc-support/<JSON file name>
--refresh-ssh-keys Refreshes the SSH keys.

SoS Utility Health Check Options

These SoS commands are used for checking the health status of various components or services, including connectivity, compute, storage, database, workload domains, and networks. For these options, SSH in to the SDDC Manager VM using the vcf user account and enter the following command:
sudo /opt/vmware/sddc-support/sos --option-name
Enter the vcf password when prompted.

A green status indicates that the health is normal, yellow provides a warning that attention might be required, and red (critical) indicates that the component needs immediate attention.

Option Description
--health-check

Performs all available health checks.

--connectivity-health

Performs a connectivity health check to inspect whether the different components of the system such as the ESXi hosts, vCenter Servers, NSX Managers, and SDDC Manager can be pinged.

--services-health

Performs a services health check to confirm whether services within the SDDC Manager (like Lifecycle Management Server) and vCenter Server are running.

--compute-health

Performs a compute health check, including ESXi host licenses, disk storage, disk partitions, and health status.

--storage-health

Performs a check on the vSAN disk health of the ESXi hosts and vSphere clusters. Also runs proactive vSAN tests to verify the ability to create VMs within the vSAN disks.

--run-vsan-checks Runs proactive vSAN tests to verify the ability to create VMs within the vSAN disks.
--ntp-health

Verifies whether the time on the components is synchronized with the NTP server in the SDDC Manager appliance. It also ensures that the hardware and software time stamp of ESXi hosts are within 5 minutes of the SDDC Manager appliance.

--dns-health Performs a forward and reverse DNS health check.
--general-health

Checks ESXi for error dumps and gets NSX Manager and cluster status.

--certificate-health

Verifies that the component certificates are valid (within the expiry date).

--composability-infra-health

Performs an API connectivity health check of the composable infrastructure. If no composable infrastructure exists, this flag is ignored. If found, the utility checks connectivity status through the composable infrastructure API, such as Redfish.

--get-host-ips

Returns host names and IP addresses of ESXi hosts.

--get-inventory-info

Returns inventory details for the VMware Cloud Foundation components, such as vCenter Server NSX-T Data Center, SDDC Manager, and ESXi hosts. Optionally, add the flag --domain-name ALL to return details for all workload domains.

--password-health

Returns the status of all current passwords, such as Last Changed Date, Expiry Date, and so on.

--hardware-compatibility-report Validates ESXi hosts and vSAN devices and exports the compatibility report.
--json-output-dir JSONDIR Outputs the results of any health check as a JSON file to the specified directory, JSONDIR.

Example Health Check Commands:

  • Check the password health on the management domain only:
    ./sos --password-health
  • Check the connectivity health for all workload domains:
    ./sos --connectivity-health --domain-name ALL
  • Check the DNS health for the workload domain named sfo-w01:
    ./sos --dns-health --domain-name sfo-w01