This section lists the specific options you can use with the SoS utility.
For information about collecting log files using the SoS utility, see Collect Logs for Your VMware Cloud Foundation System.
SoS Utility Help Options
sudo /opt/vmware/sddc-support/sos --option-nameEnter the vcf password when prompted.
Option | Description |
---|---|
|
Provides a summary of the available SoS utility options |
|
Provides the SoS utility's version number. |
SoS Utility Generic Options
sudo /opt/vmware/sddc-support/sos --option-nameEnter the vcf password when prompted.
Option | Description |
---|---|
--history |
Displays the last 20 SoS operations performed. |
--force |
Allows SoS operations to be performed while workflows are running.
Note: It is recommended that you do not use this option.
|
--configure-sftp |
Configures SFTP for logs. |
--setup-json SETUPJSON |
Custom setup-json file for log collection. SoS prepares the inventory automatically based on the environment where it is running. If you want to collect logs for a pre-defined set of components, you can create a setup.json file and pass the file as input to SoS. A sample JSON file is available on the SDDC Manager appliance at /opt/vmware/sddc-support/setup.sample.json. |
--log-folder LOGFOLDER |
Specifies the name of the log directory. |
--log-dir LOGDIR |
Specifies the directory to store the logs. |
--enable-stats |
Activate SoS execution stats collection. |
--debug-mode |
Runs the SoS utility in debug mode. |
--zip |
Creates a zipped TAR file for the output. |
--short |
Display detailed health results only for failures and warnings. |
--domain-name DOMAINNAME |
Specify the name of the workload domain name on which to perform the SoS operation. To run the operation on all workload domains, specify
Note:
If you omit the --domain-name flag and workload domain name, the SoS operation is performed only on the management domain. You can combine |
--clusternames CLUSTERNAMES |
Specify the vSphere cluster names associated with a workload domain for which you want to collect ESXi and Workload Management (WCP) logs. Enter a comma-separated list of vSphere clusters. For example,
Note:
If you specify --domain-name ALL then the |
--skip-known-host-check |
Skips the specified check for SSL thumbprint for host in the known host. |
--include-free-hosts |
Collect logs for free ESXi hosts, in addition to in-use ESXi hosts. |
--include-precheck-report |
This option runs LCM upgrade prechecks and includes the LCM upgrade prechecks run report in SoS health check operations. |
SoS Utility VMware Cloud Foundation Summary Options
sudo /opt/vmware/sddc-support/sos --option-nameEnter the vcf password when prompted.
Option | Description |
---|---|
--get-vcf-summary |
Returns information about your VMware Cloud Foundation system, including CEIP,workload domains, vSphere clusters, ESXi hosts, licensing, network pools, SDDC Manager, and VCF services. |
--get-vcf-tasks-summary |
Returns information about VMware Cloud Foundation tasks, including the time the task was created and the status of the task. |
--get-vcf-services-summary |
Returns information about SDDC Manager uptime and when VMware Cloud Foundation services (for example, LCM) started and stopped. |
SoS Utility Fix-It-Up Options
./sos --option-name
For Fix-It-Up options, if you do not specify a workload domain, the command affects only the management domain.
Option | Description |
---|---|
|
Applies SSH on all ESXi nodes in the specified workload domains.
|
|
Deactivates SSH on all ESXi nodes in the specified workload domains.
|
|
Applies SSH on vCenter Server in the specified workload domains.
|
|
Deactivates SSH on vCenter Servers in the specified workload domains.
|
|
Applies normal lockdown mode on all ESXi nodes in the specified workload domains.
|
|
Deactivates normal lockdown mode on ESXi nodes in the specified workload domains.
|
--ondemand-service ONDEMANDSERVICE |
Execute commands on ESXi hosts, vCenter Servers. or SDDC Manager entities for a given workload domain. Specify the workload domain using --domain-name DOMAINNAME .Replace ONDEMANDSERVICE with the path to a .yml input file. (Sample file available at: /opt/vmware/sddc-support/ondemand_service.yml).
Warning: Contact VMware Support before using this option.
|
--ondemand-service JSON file path |
Include this flag to execute commands in the JSON format on all ESXi hosts in a workload domain. For example, /opt/vmware/sddc-support/<JSON file name> |
--refresh-ssh-keys |
Refreshes the SSH keys. |
SoS Utility Health Check Options
sudo /opt/vmware/sddc-support/sos --option-nameEnter the vcf password when prompted.
A green status indicates that the health is normal, yellow provides a warning that attention might be required, and red (critical) indicates that the component needs immediate attention.
Option | Description |
---|---|
--health-check |
Performs all available health checks.
Can be combined with
--run-vsan-checks . For example:
sudo /opt/vmware/sddc-support/sos --health-check --run-vsan-checks |
--connectivity-health |
Performs connectivity checks and validations for SDDC resources (NSX Managers, ESXi hosts, vCenter Servers, and so on). This check performs a ping status check, SSH connectivity status check, and API connectivity check for SDDC resources. |
--services-health |
Performs a services health check to confirm whether services within the SDDC Manager (like Lifecycle Management Server) and vCenter Server are running. |
--compute-health |
Performs a compute health check, including ESXi host licenses, disk storage, disk partitions, and health status. |
--storage-health |
Performs a check on the vSAN disk health of the ESXi hosts and vSphere clusters.
Can be combined with
--run-vsan-checks . For example:
sudo /opt/vmware/sddc-support/sos --storage-health --run-vsan-checks |
--run-vsan-checks |
This option cannot be run on its own and must be combined with --health-check or --storage-health .Runs a VM creation test to verify the vSAN cluster health. Running the test creates a virtual machine on each host in the vSAN cluster. The test creates a VM and deletes it. If the VM creation and deletion tasks are successful, assume that the vSAN cluster components are working as expected and the cluster is functional.
Note: You must not conduct the proactive test in a production environment as it creates network traffic and impacts the vSAN workload.
|
--ntp-health |
Verifies whether the time on the components is synchronized with the NTP server in the SDDC Manager appliance. It also ensures that the hardware and software time stamp of ESXi hosts are within 5 minutes of the SDDC Manager appliance. |
--dns-health |
Performs a forward and reverse DNS health check. |
--general-health |
Checks ESXi for error dumps and gets NSX Manager and cluster status. |
--certificate-health |
Verifies that the component certificates are valid and when they are expiring.
|
--composability-infra-health |
Performs an API connectivity health check of the composable infrastructure. If no composable infrastructure exists, this flag is ignored. If found, the utility checks connectivity status through the composable infrastructure API, such as Redfish. |
--get-host-ips |
Returns host names and IP addresses of ESXi hosts. |
--get-inventory-info |
Returns inventory details for the VMware Cloud Foundation components, such as vCenter Server NSX-T Data Center, SDDC Manager, and ESXi hosts. Optionally, add the flag |
--password-health |
Checks the status of passwords across VMware Cloud Foundation components. It lists components with passwords managed by VCF, the date a password was last changed, the password expiration date, and the number of days until expiration.
|
--hardware-compatibility-report |
Validates ESXi hosts and vSAN devices and exports the compatibility report. |
--version-health |
This operation checks the version of BOM components (vCenter Server, NSX-T Data Center, ESXi, and SDDC Manager). It compares the SDDC Manager inventory, the actual installed BOM component version, and the BOM component versions to detect any drift. |
--json-output-dir JSONDIR |
Outputs the results of any health check as a JSON file to the specified directory, JSONDIR . |
Example Health Check Commands:
- Check the password health on the management domain only:
./sos --password-health
- Check the connectivity health for all workload domains:
./sos --connectivity-health --domain-name ALL
- Check the DNS health for the workload domain named sfo-w01:
./sos --dns-health --domain-name sfo-w01