How to run Secure Boot Validation Script on an ESXi Host

Help for validation script:

/usr/lib/vmware/secureboot/bin/secureBoot.py -h
usage: secureBoot.py [-h] [-a | -c | -s]

optional arguments:
  -h, --help            show this help message and exit
  -a, --acceptance-level-check
                        Validate acceptance levels for installed vibs
  -c, --check-capability
                        Check if the host is ready to enable secure boot
  -s, --check-status    Check if UEFI secure boot is enabled

Check if the host is ready to enable secure boot

/usr/lib/vmware/secureboot/bin/secureBoot.py -c
Secure boot can be enabled: All vib signatures verified. All tardisks validated. All acceptance levels validated

Check if UEFI secure boot is disabled

/usr/lib/vmware/secureboot/bin/secureBoot.py -s
Disabled

Create Cisco UCS Boot Policy

Check if UEFI secure boot is enabled and working

/usr/lib/vmware/secureboot/bin/secureBoot.py -s
Enabled
vSphere Secure Boot

How to Maxtang’s NX 6412 NUC add to vDS? Fix script /etc/rc.local.d/local.sh

How to fix network after adding to vDS. When you add NX6412 to vDS and reboot ESXi. I don’t have uplink for vDS. You could check it with:

# esxcfg-vswitch -l
DVS Name         Num Ports   Used Ports  Configured Ports  MTU     Uplinks
vDS              2560        6           512               9000    vusb0
--cut
  DVPort ID                               In Use      Client
  468                                     0           
  469                                     0
  470                                     0
  471                                     0

We will have to note DVPort ID 468 – example. vDS is name of your vDS switch.

esxcfg-vswitch -P vusb0 -V 468 vDS

It is necessary add it to /etc/rc.local.d/local.sh before exit 0. You could have similar script from source Persisting USB NIC Bindings

vusb0_status=$(esxcli network nic get -n vusb0 | grep 'Link Status' | awk '{print $NF}')
count=0
while [[ $count -lt 20 && "${vusb0_status}" != "Up" ]]
do
    sleep 10
    count=$(( $count + 1 ))
    vusb0_status=$(esxcli network nic get -n vusb0 | grep 'Link Status' | awk '{print $NF}')
done

esxcfg-vswitch -R
esxcfg-vswitch -P vusb0 -V 468 vDS

exit 0

Maxtang’s NX 6412 NUC – update ESXi 8.0a

VMware ESXi 8.0a release was announced:

How to prepare ESXi Custom ISO image 8U0a for NX6412 NUC?

Download these files:

Run those script to prepare Custom ISO image you should use PowerCLI version 13.0. Problem with upgrade to PowerCLI you could fix with blog PowerCLI 13 update and installation hurdles on Windows:

Add-EsxSoftwareDepot .\VMware-ESXi-8.0a-20842819-depot.zip
Add-EsxSoftwareDepot .\ESXi800-VMKUSB-NIC-FLING-61054763-component-20826251.zip
New-EsxImageProfile -CloneProfile "ESXi-8.0a-20842819-standard" -name "ESXi-8.0.0-20842819-USBNIC" -Vendor "vdan.cz"
Add-EsxSoftwarePackage -ImageProfile "ESXi-8.0.0-20842819-USBNIC" -SoftwarePackage "vmkusb-nic-fling"
Export-ESXImageProfile -ImageProfile "ESXi-8.0.0-20842819-USBNIC" -ExportToBundle -filepath ESXi-8.0.0-20842819-USBNIC.zip

Upgrade to ESXi 8.0

TPM_VERSION WARNING: Support for TPM version 1.2 is discontinued. With Apply –no-hardware-warning option to ignore the warnings and proceed with the transaction.

esxcli software profile update -d  /vmfs/volumes/datastore1/_ISO/ESXi-8.0.1-20842819-USBNIC.zip -p ESXi-8.0.1-20842819-USBNIC --no-hardware-warning
Update Result
   Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.
   Reboot Required: true

vSphere 8 Lab with Cohesity and VMware vExpert gift – Maxtang’s NX 6412 NUC

During VMware Explore 2022 Barcelona, I’ve been given a gift as a vExpert. You could read it in my previous article. NX6412 doesn’t support onboard NICs. We will need Custom ISO with USB Network Native Driver for ESXi. Because of problem using latest PowerCLI 13 release Nov 25, 2022 with export ISO. I decided to install Custom ISO ESXi 7u2e and than upgrade to ESXi 8.0 with depot zip.

Thank You Cohesity. Power consumpion is only 10 Watts …

How to prepare ESXi Custom ISO image 7U2e for NX6412 NUC?

Download these files:

Run those script to prepare Custom ISO image you could use PowerCLI 12.7 or 13.0: You could use create_custom_esxi_iso.ps1 as well.

Add-EsxSoftwareDepot .\VMware-ESXi-7.0U2e-19290878-depot.zip
Add-EsxSoftwareDepot .\ESXi702-VMKUSB-NIC-FLING-47140841-component-18150468.zip
New-EsxImageProfile -CloneProfile "ESXi-7.0U2e-19290878-standard" -name "ESXi-7.0U2e-19290878-USBNIC" -Vendor "vdan.cz"
Add-EsxSoftwarePackage -ImageProfile "ESXi-7.0U2e-19290878-USBNIC" -SoftwarePackage "vmkusb-nic-fling"
Export-ESXImageProfile -ImageProfile "ESXi-7.0U2e-19290878-USBNIC" -ExportToIso -filepath ESXi-7.0U2e-19290878-USBNIC.iso

Create bootable ESXi USB Flash Drive from ESXi-7.0U2e-19290878-USBNIC.iso. More info How to create a bootable ESXi Installer USB Flash Drive

  • For Custom ISO image is necessary select Write in ISO -> ESP mode
Dialog only for Custom ISO image

Install ESXi 7U2e and fix Persisting USB NIC Bindings

Currently there is a limitation in ESXi where USB NIC bindings are picked up much later in the boot process and to ensure settings are preserved upon a reboot, the following needs to be added to /etc/rc.local.d/local.sh based on your configurations.

vusb0_status=$(esxcli network nic get -n vusb0 | grep 'Link Status' | awk '{print $NF}')
count=0
while [[ $count -lt 20 && "${vusb0_status}" != "Up" ]]
do
    sleep 10
    count=$(( $count + 1 ))
    vusb0_status=$(esxcli network nic get -n vusb0 | grep 'Link Status' | awk '{print $NF}')
done

esxcfg-vswitch -R

Prepare ESXi Custom zip depot 8.0 for NX6412 NUC

Download these files:

Run those script to prepare Custom ISO image you could use 13.0. Problem with upgrade to PowerCLI you could fix with blog PowerCLI 13 update and installation hurdles on Windows:

Add-EsxSoftwareDepot .\VMware-ESXi-8.0-20513097-depot.zip
Add-EsxSoftwareDepot .\ESXi800-VMKUSB-NIC-FLING-61054763-component-20826251.zip
New-EsxImageProfile -CloneProfile "ESXi-8.0.0-20513097-standard" -name "ESXi-8.0.0-20513097-USBNIC" -Vendor "vdan.cz"
Add-EsxSoftwarePackage -ImageProfile "ESXi-8.0.0-20513097-USBNIC" -SoftwarePackage "vmkusb-nic-fling"
Export-ESXImageProfile -ImageProfile "ESXi-8.0.0-20513097-USBNIC" -ExportToBundle -filepath ESXi-8.0.0-20513097-USBNIC.zip

Upgrade to ESXi 8.0

esxcli software profile update -d  /vmfs/volumes/datastore1/_ISO/ESXi-8.0.0-20513097-USBNIC.zip -p ESXi-8.0.0-20513097-USBNIC

Hardware precheck of profile ESXi-8.0.0-20513097-USBNIC failed with warnings: <TPM_VERSION WARNING: TPM 1.2 device detected. Support for TPM version 1.2 is discontinued. Installation may proceed, but may cause the system to behave unexpectedly.>

You could fix TPM_VERSION WARNING: Support for TPM version 1.2 is discontinued. With Apply –no-hardware-warning option to ignore the warnings and proceed with the transaction.

esxcli software profile update -d  /vmfs/volumes/datastore1/_ISO/ESXi-8.0.0-20513097-USBNIC.zip -p ESXi-8.0.0-20513097-USBNIC --no-hardware-warning
Update Result
   Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.
   Reboot Required: true
   VIBs Installed: VMW_bootbank_atlantic_1.0.3.0-10vmw.800.1.0.20513097, VMW_bootbank_bcm-mpi3_8.1.1.0.0.0-1vmw.800.1.0.20513097, VMW_bootbank_bfedac-esxio_0.1-1vmw.800.1.0.20513097, VMW_bootbank_bnxtnet_216.0.50.0-66vmw.800.1.0.20513097, VMW_bootbank_bnxtroce_216.0.58.0-27vmw.800.1.0.20513097, VMW_bootbank_brcmfcoe_12.0.1500.3-4vmw.800.1.0.20513097, VMW_bootbank_cndi-igc_1.2.9.0-1vmw.800.1.0.20513097, VMW_bootbank_dwi2c-esxio_0.1-2vmw.800.1.0.20513097, VMW_bootbank_dwi2c_0.1-2vmw.800.1.0.20513097, VMW_bootbank_elxiscsi_12.0.1200.0-10vmw.800.1.0.20513097, VMW_bootbank_elxnet_12.0.1250.0-8vmw.800.1.0.20513097, VMW_bootbank_i40en_1.11.2.5-1vmw.800.1.0.20513097, VMW_bootbank_iavmd_3.0.0.1010-5vmw.800.1.0.20513097, VMW_bootbank_icen_1.5.1.16-1vmw.800.1.0.20513097, VMW_bootbank_igbn_1.4.11.6-1vmw.800.1.0.20513097, VMW_bootbank_ionic-en-esxio_20.0.0-29vmw.800.1.0.20513097, VMW_bootbank_ionic-en_20.0.0-29vmw.800.1.0.20513097, VMW_bootbank_irdman_1.3.1.22-1vmw.800.1.0.20513097, VMW_bootbank_iser_1.1.0.2-1vmw.800.1.0.20513097, VMW_bootbank_ixgben_1.7.1.39-1vmw.800.1.0.20513097, VMW_bootbank_lpfc_14.0.635.3-14vmw.800.1.0.20513097, VMW_bootbank_lpnic_11.4.62.0-1vmw.800.1.0.20513097, VMW_bootbank_lsi-mr3_7.722.02.00-1vmw.800.1.0.20513097, VMW_bootbank_lsi-msgpt2_20.00.06.00-4vmw.800.1.0.20513097, VMW_bootbank_lsi-msgpt35_23.00.00.00-1vmw.800.1.0.20513097, VMW_bootbank_lsi-msgpt3_17.00.13.00-2vmw.800.1.0.20513097, VMW_bootbank_mlnx-bfbootctl-esxio_0.1-1vmw.800.1.0.20513097, VMW_bootbank_mnet-esxio_0.1-1vmw.800.1.0.20513097, VMW_bootbank_mtip32xx-native_3.9.8-1vmw.800.1.0.20513097, VMW_bootbank_ne1000_0.9.0-2vmw.800.1.0.20513097, VMW_bootbank_nenic_1.0.35.0-3vmw.800.1.0.20513097, VMW_bootbank_nfnic_5.0.0.35-3vmw.800.1.0.20513097, VMW_bootbank_nhpsa_70.0051.0.100-4vmw.800.1.0.20513097, VMW_bootbank_nmlx5-core-esxio_4.23.0.36-8vmw.800.1.0.20513097, VMW_bootbank_nmlx5-core_4.23.0.36-8vmw.800.1.0.20513097, VMW_bootbank_nmlx5-rdma-esxio_4.23.0.36-8vmw.800.1.0.20513097, VMW_bootbank_nmlx5-rdma_4.23.0.36-8vmw.800.1.0.20513097, VMW_bootbank_nmlxbf-gige-esxio_2.1-1vmw.800.1.0.20513097, VMW_bootbank_ntg3_4.1.8.0-4vmw.800.1.0.20513097, VMW_bootbank_nvme-pcie-esxio_1.2.4.1-1vmw.800.1.0.20513097, VMW_bootbank_nvme-pcie_1.2.4.1-1vmw.800.1.0.20513097, VMW_bootbank_nvmerdma_1.0.3.9-1vmw.800.1.0.20513097, VMW_bootbank_nvmetcp_1.0.1.2-1vmw.800.1.0.20513097, VMW_bootbank_nvmxnet3-ens-esxio_2.0.0.23-1vmw.800.1.0.20513097, VMW_bootbank_nvmxnet3-ens_2.0.0.23-1vmw.800.1.0.20513097, VMW_bootbank_nvmxnet3-esxio_2.0.0.31-1vmw.800.1.0.20513097, VMW_bootbank_nvmxnet3_2.0.0.31-1vmw.800.1.0.20513097, VMW_bootbank_penedac-esxio_0.1-1vmw.800.1.0.20513097, VMW_bootbank_pengpio-esxio_0.1-1vmw.800.1.0.20513097, VMW_bootbank_pensandoatlas_1.46.0.E.24.1.256-2vmw.800.1.0.20293628, VMW_bootbank_penspi-esxio_0.1-1vmw.800.1.0.20513097, VMW_bootbank_pvscsi-esxio_0.1-5vmw.800.1.0.20513097, VMW_bootbank_pvscsi_0.1-5vmw.800.1.0.20513097, VMW_bootbank_qcnic_1.0.15.0-22vmw.800.1.0.20513097, VMW_bootbank_qedentv_3.40.5.70-4vmw.800.1.0.20513097, VMW_bootbank_qedrntv_3.40.5.70-1vmw.800.1.0.20513097, VMW_bootbank_qfle3_1.0.67.0-30vmw.800.1.0.20513097, VMW_bootbank_qfle3f_1.0.51.0-28vmw.800.1.0.20513097, VMW_bootbank_qfle3i_1.0.15.0-20vmw.800.1.0.20513097, VMW_bootbank_qflge_1.1.0.11-1vmw.800.1.0.20513097, VMW_bootbank_rd1173-esxio_0.1-1vmw.800.1.0.20513097, VMW_bootbank_rdmahl_1.0.0-1vmw.800.1.0.20513097, VMW_bootbank_rste_2.0.2.0088-7vmw.800.1.0.20513097, VMW_bootbank_sfvmk_2.4.0.2010-13vmw.800.1.0.20513097, VMW_bootbank_smartpqi_80.4253.0.5000-2vmw.800.1.0.20513097, VMW_bootbank_spidev-esxio_0.1-1vmw.800.1.0.20513097, VMW_bootbank_vmkata_0.1-1vmw.800.1.0.20513097, VMW_bootbank_vmksdhci-esxio_1.0.2-2vmw.800.1.0.20513097, VMW_bootbank_vmksdhci_1.0.2-2vmw.800.1.0.20513097, VMW_bootbank_vmkusb-esxio_0.1-14vmw.800.1.0.20513097, VMW_bootbank_vmkusb-nic-fling_1.11-1vmw.800.1.20.61054763, VMW_bootbank_vmkusb_0.1-14vmw.800.1.0.20513097, VMW_bootbank_vmw-ahci_2.0.14-1vmw.800.1.0.20513097, VMware_bootbank_bmcal-esxio_8.0.0-1.0.20513097, VMware_bootbank_bmcal_8.0.0-1.0.20513097, VMware_bootbank_clusterstore_8.0.0-1.0.20513097, VMware_bootbank_cpu-microcode_8.0.0-1.0.20513097, VMware_bootbank_crx_8.0.0-1.0.20513097, VMware_bootbank_drivervm-gpu_8.0.0-1.0.20513097, VMware_bootbank_elx-esx-libelxima.so_12.0.1200.0-6vmw.800.1.0.20513097, VMware_bootbank_esx-base_8.0.0-1.0.20513097, VMware_bootbank_esx-dvfilter-generic-fastpath_8.0.0-1.0.20513097, VMware_bootbank_esx-ui_2.5.1-20374953, VMware_bootbank_esx-update_8.0.0-1.0.20513097, VMware_bootbank_esx-xserver_8.0.0-1.0.20513097, VMware_bootbank_esxio-base_8.0.0-1.0.20513097, VMware_bootbank_esxio-combiner-esxio_8.0.0-1.0.20513097, VMware_bootbank_esxio-combiner_8.0.0-1.0.20513097, VMware_bootbank_esxio-dvfilter-generic-fastpath_8.0.0-1.0.20513097, VMware_bootbank_esxio-update_8.0.0-1.0.20513097, VMware_bootbank_esxio_8.0.0-1.0.20513097, VMware_bootbank_gc-esxio_8.0.0-1.0.20513097, VMware_bootbank_gc_8.0.0-1.0.20513097, VMware_bootbank_loadesx_8.0.0-1.0.20513097, VMware_bootbank_loadesxio_8.0.0-1.0.20513097, VMware_bootbank_lsuv2-hpv2-hpsa-plugin_1.0.0-3vmw.800.1.0.20513097, VMware_bootbank_lsuv2-intelv2-nvme-vmd-plugin_2.7.2173-2vmw.800.1.0.20513097, VMware_bootbank_lsuv2-lsiv2-drivers-plugin_1.0.0-12vmw.800.1.0.20513097, VMware_bootbank_lsuv2-nvme-pcie-plugin_1.0.0-1vmw.800.1.0.20513097, VMware_bootbank_lsuv2-oem-dell-plugin_1.0.0-2vmw.800.1.0.20513097, VMware_bootbank_lsuv2-oem-lenovo-plugin_1.0.0-2vmw.800.1.0.20513097, VMware_bootbank_lsuv2-smartpqiv2-plugin_1.0.0-8vmw.800.1.0.20513097, VMware_bootbank_native-misc-drivers-esxio_8.0.0-1.0.20513097, VMware_bootbank_native-misc-drivers_8.0.0-1.0.20513097, VMware_bootbank_qlnativefc_5.2.46.0-3vmw.800.1.0.20513097, VMware_bootbank_trx_8.0.0-1.0.20513097, VMware_bootbank_vdfs_8.0.0-1.0.20513097, VMware_bootbank_vmware-esx-esxcli-nvme-plugin-esxio_1.2.0.52-1vmw.800.1.0.20513097, VMware_bootbank_vmware-esx-esxcli-nvme-plugin_1.2.0.52-1vmw.800.1.0.20513097, VMware_bootbank_vsan_8.0.0-1.0.20513097, VMware_bootbank_vsanhealth_8.0.0-1.0.20513097, VMware_locker_tools-light_12.0.6.20104755-20513097
   VIBs Removed: VMW_bootbank_atlantic_1.0.3.0-8vmw.702.0.0.17867351, VMW_bootbank_bnxtnet_216.0.50.0-34vmw.702.0.20.18426014, VMW_bootbank_bnxtroce_216.0.58.0-20vmw.702.0.20.18426014, VMW_bootbank_brcmfcoe_12.0.1500.1-2vmw.702.0.0.17867351, VMW_bootbank_brcmnvmefc_12.8.298.1-1vmw.702.0.0.17867351, VMW_bootbank_elxiscsi_12.0.1200.0-8vmw.702.0.0.17867351, VMW_bootbank_elxnet_12.0.1250.0-5vmw.702.0.0.17867351, VMW_bootbank_i40enu_1.8.1.137-1vmw.702.0.20.18426014, VMW_bootbank_iavmd_2.0.0.1152-1vmw.702.0.0.17867351, VMW_bootbank_icen_1.0.0.10-1vmw.702.0.0.17867351, VMW_bootbank_igbn_1.4.11.2-1vmw.702.0.0.17867351, VMW_bootbank_irdman_1.3.1.19-1vmw.702.0.0.17867351, VMW_bootbank_iser_1.1.0.1-1vmw.702.0.0.17867351, VMW_bootbank_ixgben_1.7.1.35-1vmw.702.0.0.17867351, VMW_bootbank_lpfc_12.8.298.3-2vmw.702.0.20.18426014, VMW_bootbank_lpnic_11.4.62.0-1vmw.702.0.0.17867351, VMW_bootbank_lsi-mr3_7.716.03.00-1vmw.702.0.0.17867351, VMW_bootbank_lsi-msgpt2_20.00.06.00-3vmw.702.0.0.17867351, VMW_bootbank_lsi-msgpt35_17.00.02.00-1vmw.702.0.0.17867351, VMW_bootbank_lsi-msgpt3_17.00.10.00-2vmw.702.0.0.17867351, VMW_bootbank_mtip32xx-native_3.9.8-1vmw.702.0.0.17867351, VMW_bootbank_ne1000_0.8.4-11vmw.702.0.0.17867351, VMW_bootbank_nenic_1.0.33.0-1vmw.702.0.0.17867351, VMW_bootbank_nfnic_4.0.0.63-1vmw.702.0.0.17867351, VMW_bootbank_nhpsa_70.0051.0.100-2vmw.702.0.0.17867351, VMW_bootbank_nmlx4-core_3.19.16.8-2vmw.702.0.0.17867351, VMW_bootbank_nmlx4-en_3.19.16.8-2vmw.702.0.0.17867351, VMW_bootbank_nmlx4-rdma_3.19.16.8-2vmw.702.0.0.17867351, VMW_bootbank_nmlx5-core_4.19.16.10-1vmw.702.0.0.17867351, VMW_bootbank_nmlx5-rdma_4.19.16.10-1vmw.702.0.0.17867351, VMW_bootbank_ntg3_4.1.5.0-0vmw.702.0.0.17867351, VMW_bootbank_nvme-pcie_1.2.3.11-1vmw.702.0.0.17867351, VMW_bootbank_nvmerdma_1.0.2.1-1vmw.702.0.0.17867351, VMW_bootbank_nvmxnet3-ens_2.0.0.22-1vmw.702.0.0.17867351, VMW_bootbank_nvmxnet3_2.0.0.30-1vmw.702.0.0.17867351, VMW_bootbank_pvscsi_0.1-2vmw.702.0.0.17867351, VMW_bootbank_qcnic_1.0.15.0-11vmw.702.0.0.17867351, VMW_bootbank_qedentv_3.40.5.53-20vmw.702.0.20.18426014, VMW_bootbank_qedrntv_3.40.5.53-17vmw.702.0.20.18426014, VMW_bootbank_qfle3_1.0.67.0-14vmw.702.0.0.17867351, VMW_bootbank_qfle3f_1.0.51.0-19vmw.702.0.0.17867351, VMW_bootbank_qfle3i_1.0.15.0-12vmw.702.0.0.17867351, VMW_bootbank_qflge_1.1.0.11-1vmw.702.0.0.17867351, VMW_bootbank_rste_2.0.2.0088-7vmw.702.0.0.17867351, VMW_bootbank_sfvmk_2.4.0.2010-4vmw.702.0.0.17867351, VMW_bootbank_smartpqi_70.4000.0.100-6vmw.702.0.0.17867351, VMW_bootbank_vmkata_0.1-1vmw.702.0.0.17867351, VMW_bootbank_vmkfcoe_1.0.0.2-1vmw.702.0.0.17867351, VMW_bootbank_vmkusb-nic-fling_1.8-3vmw.702.0.20.47140841, VMW_bootbank_vmkusb_0.1-4vmw.702.0.20.18426014, VMW_bootbank_vmw-ahci_2.0.9-1vmw.702.0.0.17867351, VMware_bootbank_clusterstore_7.0.2-0.30.19290878, VMware_bootbank_cpu-microcode_7.0.2-0.30.19290878, VMware_bootbank_crx_7.0.2-0.30.19290878, VMware_bootbank_elx-esx-libelxima.so_12.0.1200.0-4vmw.702.0.0.17867351, VMware_bootbank_esx-base_7.0.2-0.30.19290878, VMware_bootbank_esx-dvfilter-generic-fastpath_7.0.2-0.30.19290878, VMware_bootbank_esx-ui_1.34.8-17417756, VMware_bootbank_esx-update_7.0.2-0.30.19290878, VMware_bootbank_esx-xserver_7.0.2-0.30.19290878, VMware_bootbank_gc_7.0.2-0.30.19290878, VMware_bootbank_loadesx_7.0.2-0.30.19290878, VMware_bootbank_lsuv2-hpv2-hpsa-plugin_1.0.0-3vmw.702.0.0.17867351, VMware_bootbank_lsuv2-intelv2-nvme-vmd-plugin_2.0.0-2vmw.702.0.0.17867351, VMware_bootbank_lsuv2-lsiv2-drivers-plugin_1.0.0-5vmw.702.0.0.17867351, VMware_bootbank_lsuv2-nvme-pcie-plugin_1.0.0-1vmw.702.0.0.17867351, VMware_bootbank_lsuv2-oem-dell-plugin_1.0.0-1vmw.702.0.0.17867351, VMware_bootbank_lsuv2-oem-hp-plugin_1.0.0-1vmw.702.0.0.17867351, VMware_bootbank_lsuv2-oem-lenovo-plugin_1.0.0-1vmw.702.0.0.17867351, VMware_bootbank_lsuv2-smartpqiv2-plugin_1.0.0-6vmw.702.0.0.17867351, VMware_bootbank_native-misc-drivers_7.0.2-0.30.19290878, VMware_bootbank_qlnativefc_4.1.14.0-5vmw.702.0.0.17867351, VMware_bootbank_vdfs_7.0.2-0.30.19290878, VMware_bootbank_vmware-esx-esxcli-nvme-plugin_1.2.0.42-1vmw.702.0.0.17867351, VMware_bootbank_vsan_7.0.2-0.30.19290878, VMware_bootbank_vsanhealth_7.0.2-0.30.19290878, VMware_locker_tools-light_11.2.6.17901274-18295176
   VIBs Skipped:

And reboot ESXi after upgrade with cmd reboot. Good luck

How to create a bootable ESXi Installer USB Flash Drive

ESXi Image Download

Create a bootable ESXi Installer USB Flash Drive with Windows

  • Press SELECT and open the ESXi ISO image
  • Select your flash drive
  • Control Partition scheme: GPT and Target UEFI
  • Press START
  • For Custom ISO image is necessary select Write in ISO -> ESP mode
Dialog only for Custom ISO image

New ESXCLI Commands Details in vSphere 8.0

In ESXi 8 / vSphere 8.0 the command line interface esxcli has been extended with new features.

esxcli daemon entitlement

[root@ESXI-8:~] esxcli daemon entitlement add --help
Usage: esxcli daemon entitlement add [cmd options]

Description:
  add                   Add Partner REST entitlements to the partner user.

Cmd options:
  -p|--partner-user-name=<str>
                        Specifies the partner's user name. (required)
  -r|--read-acccess     Grant read access to the partner.
  -w|--write-acccess    Grant write access to the partner.
[root@ESXI-8:~] esxcli daemon entitlement list --help
Usage: esxcli daemon entitlement list [cmd options]

Description:
  list                  List the installed DSDK built daemons.

Cmd options:
  -p|--partner-user-name=<str>
                        Specifies the partner's user name. (required)
[root@ESXI-8:~] esxcli daemon entitlement remove --help
Usage: esxcli daemon entitlement remove [cmd options]

Description:
  remove                Remove Partner REST entitlments from the partner user.

Cmd options:
  -p|--partner-user-name=<str>
                        Specifies the partner's user name. (required)
  -r|--read-acccess     Remove read access from the partner.
  -w|--write-acccess    Remove write access from the partner.
[root@ESXI-8:~] esxcli hardware devicecomponent list --help
Usage: esxcli hardware devicecomponent list [cmd options]

Description:
  list                  List all device components on this host.

Cmd options:

esxcli network ip hosts

[root@ESXI-8:~] esxcli network ip hosts add --help
Usage: esxcli network ip hosts add [cmd options]

Description:
  add                   Add association of IP addresses with host names.

Cmd options:
  -A|--alias=[ <str> ... ]
                        The list of aliases of the host.
  -C|--comment=<str>    Comment line of this item
  -H|--hostname=<str>   The name of the host. (required)
  -I|--ip=<str>         The IP address (v4 or v6) of the host. (required)
[root@ESXI-8:~] esxcli network ip hosts list --help
Usage: esxcli network ip hosts list [cmd options]

Description:
  list                  List the user specified associations of IP addresses with host names.

Cmd options:
[root@ESXI-8:~] esxcli network ip hosts remove --help
Usage: esxcli network ip hosts remove [cmd options]

Description:
  remove                Remove association of IP addresses with host names.

Cmd options:
  -H|--hostname=<str>   The name of the host. (required)
  -I|--ip=<str>         The IP address (v4 or v6) of the host. (required)

esxcli nvme

[root@ESXI-8:~] esxcli nvme device config list
ol stats list
Name          Default   Current   Description
------------  --------  --------  -----------
logLevel      0         0         Log level of this plugin.
adminTimeout  60000000  60000000  Timeout in microseconds of the admin commands issued by this plugin.

[root@ESXI-8:~] esxcli nvme device config set --help
Usage: esxcli nvme device config set [cmd options]

Description:
  set                   Set the plugin's parameter

Cmd options:
  -p|--parameter=<str>  Parameter name (required)
  -v|--value=<str>      Parameter value (required)
[root@ESXI-8:~] esxcli nvme device log get --help
Usage: esxcli nvme device log get [cmd options]

Description:
  get                   Get NVMe log page

Cmd options:
  -A|--adapter=<str>    Adapter to operate on (required)
  -l|--length=<long>    Log page length. (required)
  -i|--lid=<str>        Log page ID. Both decimal number and hexadecimal number are accepted. Hexadecimal number should start with '0x' or '0X'. (required)
  -I|--lsi=<long>       Log specific ID. The default value is 0.
  -s|--lsp=<long>       Log specific field. The default value is 0.
  -n|--namespace=<long> Namespace ID. The default value is 0xFFFFFFFF.
  -o|--offset=<long>    Log page offset. The default value is 0.
  -p|--path=<str>       Log path. If set, the raw log data will be wrote to the specified file. If not set, the log data will be printed in hex format.
  -r|--rae=<long>       Retain asynchronous event. The default value is 0.
  -u|--uuid=<long>      UUID index. The default value is 0.
[root@ESXI-8:~] esxcli nvme device log persistentevent get
Error: Missing required parameter -a|--action
       Missing required parameter -A|--adapter

Usage: esxcli nvme device log persistentevent get [cmd options]

Description:
  get                   Get NVMe persistent event log

Cmd options:
  -a|--action=<long>    Action the controller shall take during processing this command. 0: Read log data. 1: Establish context and read log data. 2: Release context. (required)
  -A|--adapter=<str>    Adapter to operate on (required)
  -p|--path=<str>       Persistent event log path. This parameter is required if the --action parameter is 0 or 1.
[root@ESXI-8:~] esxcli nvme device log telemetry controller get --help
Usage: esxcli nvme device log telemetry controller get [cmd options]

Description:
  get                   Get NVMe telemetry controller-initiated data

Cmd options:
  -A|--adapter=<str>    Adapter to operate on (required)
  -d|--data=<long>      Data area to get telemetry data, 3 is selected if not set
  -p|--path=<str>       Telemetry log path (required)
[root@ESXI-8:~] esxcli nvme device log telemetry host get --help
Usage: esxcli nvme device log telemetry host get [cmd options]

Description:
  get                   Get NVMe telemetry host-initiated data

Cmd options:
  -A|--adapter=<str>    Adapter to operate on (required)
  -d|--data=<long>      Data area to get telemetry data, 3 is selected if not set
  -p|--path=<str>       Telemetry log path (required)

esxcli storage core

[root@ESXI-8:~] esxcli storage core nvme device list --help
Usage: esxcli storage core nvme device list [cmd options]

Description:
  list                  List the NVMe devices currently registered with the PSA.

Cmd options:
  -d|--device=<str>     Filter the output of this command to only show a single device.
  -o|--exclude-offline  If set this flag will exclude the offline devices.
  -p|--pe-only          If set this flag will list the mount points of PE type.
  --skip-slow-fields    Do not show the value of some fields that need more time to fetch. The output will show the value <skipped> for such fields.
[root@ESXI-8:~] esxcli storage core nvme path list --help
Usage: esxcli storage core nvme path list [cmd options]

Description:
  list                  List all the NVMe paths on the system.

Cmd options:
  -d|--device=<str>     Limit the output to paths to a specific device. This name can be any of the UIDs for a specific device.
  -p|--path=<str>       Limit the output to a specific path. This name can be either the UID or the runtime name of the path.
[root@ESXI-8:~] esxcli storage core scsi device list
t10.ATA_____Samsung_SSD_850_EVO_M.2_500GB___________S33DNX0J600488T_____
   Display Name: Local ATA Disk (t10.ATA_____Samsung_SSD_850_EVO_M.2_500GB___________S33DNX0J600488T_____)
   Has Settable Display Name: true
   Size: 476940
   Device Type: Direct-Access
   Multipath Plugin: HPP
   Devfs Path: /vmfs/devices/disks/t10.ATA_____Samsung_SSD_850_EVO_M.2_500GB___________S33DNX0J600488T_____
   Vendor: ATA
   Model: Samsung SSD 850
   Revision: 1B6Q
   SCSI Level: 5
   Is Pseudo: false
   Status: on
   Is RDM Capable: false
   Is Local: true
   Is Removable: false
   Is SSD: true
   Is VVOL PE: false
   Is Offline: false
   Is Perennially Reserved: false
   Queue Full Sample Size: 0
   Queue Full Threshold: 0
   Thin Provisioning Status: yes
   Attached Filters:
   VAAI Status: unsupported
   Other UIDs: vml.0100000000533333444e58304a36303034383854202020202053616d73756e
   Is Shared Clusterwide: false
   Is SAS: false
   Is USB: false
   Is Boot Device: true
   Device Max Queue Depth: 31
   IOs with competing worlds: 31
   Drive Type: unknown
   RAID Level: unknown
   Number of Physical Drives: unknown
   Protection Enabled: false
   PI Activated: false
   PI Type: 0
   PI Protection Mask: NO PROTECTION
   Supported Guard Types: NO GUARD SUPPORT
   DIX Enabled: false
   DIX Guard Type: NO GUARD SUPPORT
   Emulated DIX/DIF Enabled: false
[root@ESXI-8:~] esxcli storage core scsi path list
sata.vmhba0-sata.0:0-t10.ATA_____Samsung_SSD_850_EVO_M.2_500GB___________S33DNX0J600488T_____
   UID: sata.vmhba0-sata.0:0-t10.ATA_____Samsung_SSD_850_EVO_M.2_500GB___________S33DNX0J600488T_____
   Runtime Name: vmhba0:C0:T0:L0
   Device: t10.ATA_____Samsung_SSD_850_EVO_M.2_500GB___________S33DNX0J600488T_____
   Device Display Name: Local ATA Disk (t10.ATA_____Samsung_SSD_850_EVO_M.2_500GB___________S33DNX0J600488T_____)
   Adapter: vmhba0
   Controller: Not Applicable
   Channel: 0
   Target: 0
   LUN: 0
   Plugin: HPP
   State: active
   Transport: sata
   Adapter Identifier: sata.vmhba0
   Target Identifier: sata.0:0
   Adapter Transport Details: Unavailable or path is unclaimed
   Target Transport Details: Unavailable or path is unclaimed
   Maximum IO Size: 33554432

esxcli storage osdata

[root@ESXI-8:~] esxcli storage osdata create --help
Usage: esxcli storage osdata create [cmd options]

Description:
  create                Create an OSData partition on a disk.

Cmd options:
  --clearpartitions     Erase existing partitions and force the operation.
  -d|--diskname=<str>   Target disk device on which to create the OSData partition. (required)
  -m|--mediasize=<str>  The size of the created partition.
                            default: 128 GB
                            max: Use whole device
                            min: 32 GB
                            small: 64 GB
                          (required)

esxcli storage vvol stats

[root@ESXI-8:~] esxcli storage vvol stats add --help
Usage: esxcli storage vvol stats add [cmd options]

Description:
  add                   Add entity for stats tracking

Cmd options:
  -e|--entity=<str>     entity Id (required)
  -n|--namespace=<str>  entity namespace (required)
[root@ESXI-8:~] esxcli storage vvol stats disable --help
Usage: esxcli storage vvol stats disable [cmd options]

Description:
  disable               Disable stats for complete namespace
[root@ESXI-8:~] esxcli storage vvol stats enable --help
Usage: esxcli storage vvol stats enable [cmd options]

Description:
  enable                Enable stats for complete namespace
[root@ESXI-8:~] esxcli storage vvol stats get --help
Usage: esxcli storage vvol stats get [cmd options]

Description:
  get                   Get stats for given stats namespace

Cmd options:
  -d|--dump=<str>       Dump the stats in log file with given custom message
  -e|--entity=<str>     entity Id
  -n|--namespace=<str>  node namespace expression
  -r|--raw              Enable raw format output
[root@ESXI-8:~] esxcli storage vvol stats list --help
Usage: esxcli storage vvol stats list [cmd options]

Description:
  list                  List all supported stats

Cmd options:
  -n|--namespace=<str>  node namespace expression
[root@ESXI-8:~] esxcli storage vvol stats remove --help
Usage: esxcli storage vvol stats remove [cmd options]

Description:
  remove                Remove tracked entity

Cmd options:
  -e|--entity=<str>     entity Id (required)
  -n|--namespace=<str>  entity namespace (required)
[root@ESXI-8:~] esxcli storage vvol stats reset --help
Usage: esxcli storage vvol stats reset [cmd options]

Description:
  reset                 Reset stats for given namespace

Cmd options:
  -e|--entity=<str>     entity Id
  -n|--namespace=<str>  node namespace (required)
[root@ESXI-8:~] esxcli storage vvol vmstats get --help
Usage: esxcli storage vvol vmstats get [cmd options]

Description:
  get                   Get the VVol information and statistics for a specific virtual machine.

Cmd options:
  -c|--get-config-vvol  Get config VVol stats along with data VVols.
  -v|--vm-name=<str>    Display name of the virtual machine. (required)

esxcli system health report

[root@ESXI-8:~] esxcli system health report get --help
Usage: esxcli system health report get [cmd options]

Description:
  get                   Displays one or more health reports

Cmd options:
  --all-reports         Retrieve all the health reports. The default behavior is to retrieve only the latest health report.
  -f|--filename=<str>   The absolute path on the ESXi host where the health report(s) should be copied. If multiple reports are specified, they will be concatenated to this file.
  -r|--report-names=[ <str> ... ]
                        Specifies one or more health reports to display. The name(s) of the report can be obtained from the 'esxcli system health report list' command. (required)
[root@ESXI-8:~] esxcli system health report list
Name                    Time
----------------------  ----
vmw.memoryHealth        2022-12-08T01:53:01+00:00
vmw.ssdStorageHealth    2022-12-08T01:53:31+00:00
vmw.coreServicesStatus  2022-12-08T01:54:01+00:00
hostd-health            2022-12-08T01:55:01+00:00
vmw.vpxaStatus          2022-12-08T01:54:31+00:00
vmw.PSODCount           2022-12-08T01:20:01+00:00
vmw.autoscaler          2022-12-08T01:55:01+00:00

esxcli system ntp stats get

[root@ESXI-8:~] esxcli system ntp stats get --help
Usage: esxcli system ntp stats get [cmd options]

Description:
  get                   Report operational state of Network Time Protocol Daemon

esxcli system security

[root@ESXI-8:~] esxcli system security keypersistence disable --help
Usage: esxcli system security keypersistence disable [cmd options]

Description:
  disable               Disable key persistence daemon.

Cmd options:
  --remove-all-stored-keys
                        Confirm deletion of all stored keys. This confirmation is required.
[root@ESXI-8:~] esxcli system security keypersistence enable --help
Usage: esxcli system security keypersistence enable [cmd options]

Description:
  enable                Enable key persistence daemon.
[root@ESXI-8:~] esxcli system settings encryption get --help
Usage: esxcli system settings encryption get [cmd options]

Description:
  get                   Get the encryption mode and policy.
[root@ESXI-8:~] esxcli system settings encryption recovery list --help
Usage: esxcli system settings encryption recovery list [cmd options]

Description:
  list                  List recovery keys.
[root@ESXI-8:~] esxcli system settings encryption recovery rotate --help
Usage: esxcli system settings encryption recovery rotate [cmd options]

Description:
  rotate                Rotate the recover key.

Cmd options:
  -k|--keyid=<str>      The ID of the new recovery key. If no value is specified, the system will generate a new key.
  -u|--uuid=<str>       The UUID of the recovery key to be rotated. (required)
[root@ESXI-8:~] esxcli system settings encryption set --help
Usage: esxcli system settings encryption set [cmd options]

Description:
  set                   Set the encryption mode and policy.

Cmd options:
  -m|--mode=<str>       Set the encryption mode.
  -e|--require-exec-installed-only=<bool>
                        Require executables to be loaded only from installed VIBs.
  -s|--require-secure-boot=<bool>
                        Require secure boot.
[root@ESXI-8:~] esxcli system settings gueststore repository get --help
Usage: esxcli system settings gueststore repository get [cmd options]

Description:
  get                   Get GuestStore repository.
[root@ESXI-8:~] esxcli system settings gueststore repository set --help
Usage: esxcli system settings gueststore repository set [cmd options]

Description:
  set                   Set or clear GuestStore repository.

Cmd options:
  --url=<str>           URL of a repository to set; to clear GuestStore repository, set --url "" (required)

esxcli system syslog config logfilter

[root@ESXI-8:~] esxcli system syslog config logfilter add --help
Usage: esxcli system syslog config logfilter add [cmd options]

Description:
  add                   Add a log filter.

Cmd options:
  -f|--filter=<str>     The filter to be added. Format is: numLogs | ident | logRegexp. 'numLogs' sets the maximum number of log entries for the specified log messages. After reaching this number, the specified log messages are filtered and ignored. 'ident' specifies one or more
                        system components to apply the filter to the log messages that these components generate. 'logRegexp' specifies a case-sensitive phrase with Python regular expression syntax to filter the log messages by their content. (required)
[root@ESXI-8:~] esxcli system syslog config logfilter get --help
Usage: esxcli system syslog config logfilter get [cmd options]

Description:
  get                   Show the current log filter configuration values.
[root@ESXI-8:~] esxcli system syslog config logfilter list --help
Usage: esxcli system syslog config logfilter list [cmd options]

Description:
  list                  Show the added log filters.
[root@ESXI-8:~] esxcli system syslog config logfilter remove --help
Usage: esxcli system syslog config logfilter remove [cmd options]

Description:
  remove                Remove a log filter.

Cmd options:
  -f|--filter=<str>     The filter to be removed. (required)
[root@ESXI-8:~] esxcli system syslog config logfilter set --help
Usage: esxcli system syslog config logfilter set [cmd options]

Description:
  set                   Set log filtering configuration options.

Cmd options:
  --log-filtering-enabled=<bool>
                        Enable or disable log filtering. (required)

esxcli vsan hardware vcg

[[root@ESXI-8:~] esxcli vsan hardware vcg add --help
Usage: esxcli vsan hardware vcg add [cmd options]

Description:
  add                   Map unidentified vSAN hardware device with VCG ID.

Cmd options:
  -d|--device-id=<str>  Unidentified Device ID. It can be seen with command "esxcli storage core device list" (e.g. nqn.2014-08.org.nvmexpress_8086_Dell_Express_Flash_NVMe_P4610_1.6TB_SFF_BTLN9443030C1P6AGN). (required)
  -v|--vcg-id=<long>    VCG ID. (required)
[root@ESXI-8:~] esxcli vsan hardware vcg get
Usage: esxcli vsan hardware vcg get [cmd options]

Description:
  get                   Get the vSAN VCG ID for a vSAN hardware device. Output is VCG ID while "N/A" means device ID is not mapped.

Cmd options:
  -d|--device-id=<str>  Unidentified Device ID. It can be seen command "esxcli storage core device list" (e.g. nqn.2014-08.org.nvmexpress_8086_Dell_Express_Flash_NVMe_P4610_1.6TB_SFF_BTLN9443030C1P6AGN). (required)

esxcli vsan storagepool

[root@ESXI-8:~] esxcli vsan hardware vcg add --help
Usage: esxcli vsan hardware vcg add [cmd options]

Description:
  add                   Map unidentified vSAN hardware device with VCG ID.

Cmd options:
  -d|--device-id=<str>  Unidentified Device ID. It can be seen with command "esxcli storage core device list" (e.g. nqn.2014-08.org.nvmexpress_8086_Dell_Express_Flash_NVMe_P4610_1.6TB_SFF_BTLN9443030C1P6AGN). (required)
  -v|--vcg-id=<long>    VCG ID. (required)
[root@ESXI-8:~] esxcli vsan storagepool list --help
Usage: esxcli vsan storagepool list [cmd options]

Description:
  list                  List vSAN storage pool configuration.

Cmd options:
  -d|--device=<str>     Filter the output of this command to only show a single device with specified device name.
  -u|--uuid=<str>       Filter the output of this command to only show a single device with specified UUID.
[root@ESXI-8:~] esxcli vsan storagepool mount --help
Usage: esxcli vsan storagepool mount [cmd options]

Description:
  mount                 Mount vSAN disk from storage pool.

Cmd options:
  -d|--disk=[ <str> ... ]
                        Name of disk to mount from storage pool. e.g.: mpx.vmhba2:C0:T1:L0. Multiple devices can be provided using format -d device1 -d device2 -d device3.
  -u|--uuid=[ <str> ... ]
                        The vSAN UUID of disk to mount from storage pool. e.g.: 52afa1de-4240-d5d6-17f9-8af1ec8509e5. Multiple UUIDs can be provided using format -u uuid1 -u uuid2 -u uuid3.
[root@ESXI-8:~] esxcli vsan storagepool rebuild --help
Usage: esxcli vsan storagepool rebuild [cmd options]

Description:
  rebuild               Rebuild vSAN storage pool disks.

Cmd options:
  -d|--disk=<str>       Name of disk to rebuild for use by vSAN storage pool. E.g.: mpx.vmhba2:C0:T1:L0.
  -m|--evacuation-mode=<str>
                        Action to take upon removing storage pool from vSAN (default noAction). Available modes are
                            EnsureObjectAccessibility: Evacuate data from the disk to ensure object accessibility in the vSAN cluster, before removing the disk.
                            EvacuateAllData: Evacuate all data from the disk before removing it.
                            NoAction: Do not move vSAN data out of the disk before removing it.
  -u|--uuid=<str>       The vSAN UUID of the disk to rebuild for use by vSAN storage pool. E.g.: 5291022a-ad03-df90-dd0f-b9f980cc005e.
[root@ESXI-8:~] esxcli vsan storagepool remove --help
Usage: esxcli vsan storagepool remove [cmd options]

Description:
  remove                Remove physical disk from storage pool usage. Exactly one of --disk or --uuid param is required.

Cmd options:
  -d|--disk=<str>       Specify individual vSAN disk to remove from storage pool. e.g.: mpx.vmhba2:C0:T1:L0.
  -m|--evacuation-mode=<str>
                        Action the vSAN service must take before the disk can be removed (default noAction). Allowed values are:
                        ensureObjectAccessibility: Evacuate data from the disk to ensure object accessibility in the vSAN cluster, before removing the disk.
                        evacuateAllData: Evacuate all data from the disk before removing it.
                        noAction: Do not move vSAN data out of the disk before removing it.
  -f|--force            Forcefully remove unhealthy disk that has run into permanent metadata read/write errors.
                        Use -f|--force option only if remove disk operation failed repeatedly without force option.
                        Only 'noAction' evacuation mode is supported with -f|--force option.
  -u|--uuid=<str>       Specify UUID of vSAN disk to remove from storage pool. e.g.: 52afa1de-4240-d5d6-17f9-8af1ec8509e5.
[root@ESXI-8:~] esxcli vsan storagepool unmount --help
Usage: esxcli vsan storagepool unmount [cmd options]

Description:
  unmount               Unmount vSAN disk from storage pool.

Cmd options:
  -d|--disk=<str>       Name of disk to unmount from storage pool. e.g.: mpx.vmhba2:C0:T1:L0.
  -m|--evacuation-mode=<str>
                        Action to take upon unmounting storage pool from vSAN (default noAction). Available modes are
                            EnsureObjectAccessibility: Evacuate data from the disk to ensure object accessibility in the vSAN cluster, before unmounting the disk.
                            EvacuateAllData: Evacuate all data from the disk before unmounting it.
                            NoAction: Do not move vSAN data out of the disk before unmounting it.
  -f|--force            Forcefully unmount unhealthy disk that has run into permanent metadata read/write errors.
                        Use -f|--force option only if unmount disk operation failed repeatedly without force option.
                        Only 'noAction' evacuation mode is supported with -f|--force option.
  -u|--uuid=<str>       The vSAN UUID of disk to unmount from storage pool. e.g.: 52afa1de-4240-d5d6-17f9-8af1ec8509e5.

For reference ESXCLI full commands list for ESXi 8.0.

For reference ESXCLI full commands list for ESXi 7.0.

For reference ESXCLI full commands list for ESXi 6.x.

New ESXCLI Commands in vSphere 8.0

In ESXi 8 / vSphere 8.0 the command line interface esxcli has been extended with new features.

Here is list with new and extended namespaces:

NEW ESXi 8.0 ESXCLI Command Reference

The ESXCLI command set allows you to run common system administration commands against vSphere systems from an administration server of your choice. The actual list of commands depends on the system that you are running on. Run esxcli --help for a list of commands on your system.
NamespaceCommandDescriptionNEW
daemon entitlementaddAdd Partner REST entitlements to the partner user.1
daemon entitlementlistList the installed DSDK built daemons.1
daemon entitlementremoveRemove Partner REST entitlments from the partner user.1
hardware devicecomponentlistList all device components on this host.1
network ip hostsaddAdd association of IP addresses with host names.1
network ip hostslistList the user specified associations of IP addresses with host names.1
network ip hostsremoveRemove association of IP addresses with host names.1
nvme device configlistList the configurable parameters for this plugin1
nvme device configsetSet the plugin's parameter1
nvme device loggetGet NVMe log page1
nvme device log persistenteventgetGet NVMe persistent event log1
nvme device log telemetry controllergetGet NVMe telemetry controller-initiated data1
nvme device log telemetry hostgetGet NVMe telemetry host-initiated data1
storage core nvme devicelistList the NVMe devices currently registered with the PSA.1
storage core nvme pathlistList all the NVMe paths on the system.1
storage core scsi devicelistList the SCSI devices currently registered with the PSA.1
storage core scsi pathlistList all the SCSI paths on the system.1
storage osdatacreateCreate an OSData partition on a disk.1
storage vvol statsaddAdd entity for stats tracking1
storage vvol statsdisableDisable stats for complete namespace1
storage vvol statsenableEnable stats for complete namespace1
storage vvol statsgetGet stats for given stats namespace1
storage vvol statslistList all supported stats1
storage vvol statsremoveRemove tracked entity1
storage vvol statsresetReset stats for given namespace1
storage vvol vmstatsgetGet the VVol information and statistics for a specific virtual machine.1
system health reportgetDisplays one or more health reports1
system health reportlistList all the health reports currently generated.1
system ntp statsgetReport operational state of Network Time Protocol Daemon1
system security keypersistencedisableDisable key persistence daemon.1
system security keypersistenceenableEnable key persistence daemon.1
system settings encryptiongetGet the encryption mode and policy.1
system settings encryption recoverylistList recovery keys.1
system settings encryption recoveryrotateRotate the recover key.1
system settings encryptionsetSet the encryption mode and policy.1
system settings gueststore repositorygetGet GuestStore repository.1
system settings gueststore repositorysetSet or clear GuestStore repository.1
system syslog config logfilteraddAdd a log filter.1
system syslog config logfiltergetShow the current log filter configuration values.1
system syslog config logfilterlistShow the added log filters.1
system syslog config logfilterremoveRemove a log filter.1
system syslog config logfiltersetSet log filtering configuration options.1
vsan hardware vcgaddMap unidentified vSAN hardware device with VCG ID.1
vsan hardware vcggetGet the vSAN VCG ID for a vSAN hardware device. Output is VCG ID while "N/A" means device ID is not mapped.1
vsan storagepooladdAdd physical disk for vSAN usage.1
vsan storagepoollistList vSAN storage pool configuration.1
vsan storagepoolmountMount vSAN disk from storage pool.1
vsan storagepoolrebuildRebuild vSAN storage pool disks.1
vsan storagepoolremoveRemove physical disk from storage pool usage. Exactly one of --disk or --uuid param is required.1
vsan storagepoolunmountUnmount vSAN disk from storage pool.1

VMware Cohesity vExpert Gift VMware EXPLORE 2022 Barcelona

During VMware Explore 2022 Barcelona, I’ve been given a gift as a vExpert.

We could start start popcorn party with NX6412 …

A huge shout out to the vExpert program and to Cohesity for supporting with such an amazing gift – a small but powerful quad-CPU Intel NUC. It’s fanless so it will be quiet too. Thank You

NX6412 Specification:

  • CPU: Intel Elkhart Lake J6412 Processor
  • Memory: Dual Channel SO-DIMM DDR4 up to 32GB – 64GB could run – I will have to confirm it lately ….
  • Display via: Intel Integrated Graphics display via 2xHDMI2.0
  • I/O Ports: 2xLAN, 2xUSB3.2, 2xUSB2.0, Type-C, SIM
  • Ethernet: 10/100/1000Mbps
  • Storage: 1x M.2 2242/2280 SSD, SATA optional
  • Power: 12V DC-in
​Hardware: MaxTang N6412,  32gig memory, 512gig SSD, Quad Core Dual Gigabit Ethernet, Dual HDMI2

Based on small form factors, the compact design at 127mm x 127mm x 37mm makes it great for space-saving.

Intel Elkhart Lake J6412 Processor

Powered by Intel Elkhart Lake Celeron J6412 processor, the NX6412 provides you excellent performance with long life expectancies. The processor has 4cores 4threads, 1.5MB L2 Cache, up to 2.60GHz with a 10W TDP rate. It has a 1.7x improvement in single-thread performance and 1.5x improvement in multi-thread performance generation over generation, 2x performance improvement in graphics over the previous generation

CODE2769US Intel NUC Home Lab with Smart Sensors & Tanzu

Links & information

How to Boot ESXi 7.0 on UCS-M2-HWRAID Boot-Optimized M.2 RAID Controller

VMware strongly advises that you move away completely from using SD card/USB as a boot device option on any future server hardware.

SD cards can continue to be used for the bootbank partition provided that a separate persistent local device to store the OSDATA partition (32GB min., 128GB recommended) is available in the host.
Preferably, the SD cards should be replaced with an M.2 or another local persistent device as the standalone boot option.

vSphere 7 – ESXi System Storage Changes

Please refer to the following blog:
https://core.vmware.com/resource/esxi-system-storage-changes

How to setup ESXi boot on UCS-M2-HWRAID ?

Create Disk Group Policies – Storage / Storage Policies / root / Disk Group Policies / M.2-RAID1

Create Storage Profile – Storage / Storage Profiles / root / Storage Profile M.2-RAID1

Create Local LUNs – Storage / Storage Profiles / root / Storage Profile M.2-RAID1

Modify Storage Profile inside Service Profile

Change Boot Order to Local Disk

Links

Fastest workaround instructions to address CVE-2021-44228 (log4j) in vCenter Server

https://logging.apache.org/log4j/2.x/

Apache Log4j open source component has security bug (CVE-2021-44228 – VMSA-2021-0028). It is neccesary to fix vCenter Server 7.0.x, vCenter 6.7.x & vCenter 6.5.x.

Fastest and recommended is workaround with KB 87081 script (vc_log4j_mitigator.py).

Run ssh and create script via vim
Connected to service

    * List APIs: "help api list"
    * List Plugins: "help pi list"
    * Launch BASH: "shell"

Command> shell
Shell access is granted to root
root@localhost [ ~ ]# cd /tmp
root@localhost [ /tmp ]# vim vc_log4j_mitigator.py
Run script python vc_log4j_mitigator.py
root@localhost [ /tmp ]# python vc_log4j_mitigator.py
2021-12-21T10:38:20 INFO main: Script version: 1.6.0
2021-12-21T10:38:20 INFO main: vCenter type: Version: 7.0.2.00500; Build: 18455184; Deployment type: embedded; Gateway: False; VCHA: False; Windows: False;
A service stop and start is required to complete this operation.  Continue?[y]y
2021-12-21T10:38:23 INFO stop: stopping services
2021-12-21T10:38:46 INFO process_jar: Found a VULNERABLE FILE: /opt/vmware/lib64/log4j-core-2.13.0.jar
2021-12-21T10:38:46 INFO backup_file: VULNERABLE FILE: /opt/vmware/lib64/log4j-core-2.13.0.jar backed up to /tmp/tmpxi89fco8/opt/vmware/lib64/log4j-core-2.13.0.jar.bak
2021-12-21T10:38:47 INFO process_jar: VULNERABLE FILE: /opt/vmware/lib64/log4j-core-2.13.0.jar backed up to /tmp/tmpxi89fco8/opt/vmware/lib64/log4j-core-2.13.0.jar.bak
2021-12-21T10:39:03 INFO process_jar: Found a VULNERABLE FILE: /usr/lib/vmware/common-jars/log4j-core-2.13.1.jar
2021-12-21T10:39:03 INFO backup_file: VULNERABLE FILE: /usr/lib/vmware/common-jars/log4j-core-2.13.1.jar backed up to /tmp/tmpxi89fco8/usr/lib/vmware/common-jars/log4j-core-2.13.1.jar.bak
2021-12-21T10:39:04 INFO process_jar: VULNERABLE FILE: /usr/lib/vmware/common-jars/log4j-core-2.13.1.jar backed up to /tmp/tmpxi89fco8/usr/lib/vmware/common-jars/log4j-core-2.13.1.jar.bak
2021-12-21T10:39:04 INFO process_jar: Found a VULNERABLE FILE: /usr/lib/vmware/common-jars/log4j-core-2.8.2.jar
2021-12-21T10:39:04 INFO backup_file: VULNERABLE FILE: /usr/lib/vmware/common-jars/log4j-core-2.8.2.jar backed up to /tmp/tmpxi89fco8/usr/lib/vmware/common-jars/log4j-core-2.8.2.jar.bak
2021-12-21T10:39:04 INFO process_jar: VULNERABLE FILE: /usr/lib/vmware/common-jars/log4j-core-2.8.2.jar backed up to /tmp/tmpxi89fco8/usr/lib/vmware/common-jars/log4j-core-2.8.2.jar.bak
2021-12-21T10:39:06 INFO process_jar: Found a VULNERABLE FILE: /usr/lib/vmware/common-jars/log4j-core-2.11.0.jar
2021-12-21T10:39:06 INFO backup_file: VULNERABLE FILE: /usr/lib/vmware/common-jars/log4j-core-2.11.0.jar backed up to /tmp/tmpxi89fco8/usr/lib/vmware/common-jars/log4j-core-2.11.0.jar.bak
2021-12-21T10:39:06 INFO process_jar: VULNERABLE FILE: /usr/lib/vmware/common-jars/log4j-core-2.11.0.jar backed up to /tmp/tmpxi89fco8/usr/lib/vmware/common-jars/log4j-core-2.11.0.jar.bak
2021-12-21T10:39:07 INFO process_jar: Found a VULNERABLE FILE: /usr/lib/vmware/common-jars/log4j-core-2.11.2.jar
2021-12-21T10:39:07 INFO backup_file: VULNERABLE FILE: /usr/lib/vmware/common-jars/log4j-core-2.11.2.jar backed up to /tmp/tmpxi89fco8/usr/lib/vmware/common-jars/log4j-core-2.11.2.jar.bak
2021-12-21T10:39:07 INFO process_jar: VULNERABLE FILE: /usr/lib/vmware/common-jars/log4j-core-2.11.2.jar backed up to /tmp/tmpxi89fco8/usr/lib/vmware/common-jars/log4j-core-2.11.2.jar.bak
2021-12-21T10:39:08 INFO process_jar: Found a VULNERABLE FILE: /usr/lib/vmware/cis_upgrade_runner/payload/component-scripts/sso/lstool/lib/log4j-core-2.13.1.jar
2021-12-21T10:39:08 INFO backup_file: VULNERABLE FILE: /usr/lib/vmware/cis_upgrade_runner/payload/component-scripts/sso/lstool/lib/log4j-core-2.13.1.jar backed up to /tmp/tmpxi89fco8/usr/lib/vmware/cis_upgrade_runner/payload/component-scripts/sso/lstool/lib/log4j-core-2.13.1.jar.bak
2021-12-21T10:39:08 INFO process_jar: VULNERABLE FILE: /usr/lib/vmware/cis_upgrade_runner/payload/component-scripts/sso/lstool/lib/log4j-core-2.13.1.jar backed up to /tmp/tmpxi89fco8/usr/lib/vmware/cis_upgrade_runner/payload/component-scripts/sso/lstool/lib/log4j-core-2.13.1.jar.bak
2021-12-21T10:39:14 INFO process_jar: Found a VULNERABLE FILE: /tmp/tmpn2a_0ql2/WEB-INF/lib/log4j-core-2.13.3.jar
2021-12-21T10:39:14 INFO backup_file: VULNERABLE FILE: /tmp/tmpn2a_0ql2/WEB-INF/lib/log4j-core-2.13.3.jar backed up to /tmp/tmpxi89fco8/tmp/tmpn2a_0ql2/WEB-INF/lib/log4j-core-2.13.3.jar.bak
2021-12-21T10:39:15 INFO process_war: Found a VULNERABLE WAR file with: /usr/lib/vmware-updatemgr/bin/jetty/webapps/vum-fileupload.war
2021-12-21T10:39:15 INFO backup_file: VULNERABLE FILE: /usr/lib/vmware-updatemgr/bin/jetty/webapps/vum-fileupload.war backed up to /tmp/tmpxi89fco8/usr/lib/vmware-updatemgr/bin/jetty/webapps/vum-fileupload.war.bak
2021-12-21T10:39:15 INFO process_war: VULNERABLE FILE: /usr/lib/vmware-updatemgr/bin/jetty/webapps/vum-fileupload.war backed up to /tmp/tmpxi89fco8/usr/lib/vmware-updatemgr/bin/jetty/webapps/vum-fileupload.war.bak
2021-12-21T10:39:15 INFO process_jar: Found a VULNERABLE FILE: /tmp/tmpxn5_4ah_/WEB-INF/lib/log4j-core-2.13.3.jar
2021-12-21T10:39:15 INFO backup_file: VULNERABLE FILE: /tmp/tmpxn5_4ah_/WEB-INF/lib/log4j-core-2.13.3.jar backed up to /tmp/tmpxi89fco8/tmp/tmpxn5_4ah_/WEB-INF/lib/log4j-core-2.13.3.jar.bak
2021-12-21T10:39:16 INFO process_war: Found a VULNERABLE WAR file with: /usr/lib/vmware-updatemgr/bin/jetty/webapps/root.war
2021-12-21T10:39:16 INFO backup_file: VULNERABLE FILE: /usr/lib/vmware-updatemgr/bin/jetty/webapps/root.war backed up to /tmp/tmpxi89fco8/usr/lib/vmware-updatemgr/bin/jetty/webapps/root.war.bak
2021-12-21T10:39:16 INFO process_war: VULNERABLE FILE: /usr/lib/vmware-updatemgr/bin/jetty/webapps/root.war backed up to /tmp/tmpxi89fco8/usr/lib/vmware-updatemgr/bin/jetty/webapps/root.war.bak
2021-12-21T10:39:16 INFO process_jar: Found a VULNERABLE FILE: /tmp/tmpa4w275ot/WEB-INF/lib/log4j-core-2.13.3.jar
2021-12-21T10:39:16 INFO backup_file: VULNERABLE FILE: /tmp/tmpa4w275ot/WEB-INF/lib/log4j-core-2.13.3.jar backed up to /tmp/tmpxi89fco8/tmp/tmpa4w275ot/WEB-INF/lib/log4j-core-2.13.3.jar.bak
2021-12-21T10:39:17 INFO process_war: Found a VULNERABLE WAR file with: /usr/lib/vmware-updatemgr/bin/jetty/webapps/vum-filedownload.war
2021-12-21T10:39:17 INFO backup_file: VULNERABLE FILE: /usr/lib/vmware-updatemgr/bin/jetty/webapps/vum-filedownload.war backed up to /tmp/tmpxi89fco8/usr/lib/vmware-updatemgr/bin/jetty/webapps/vum-filedownload.war.bak
2021-12-21T10:39:18 INFO process_war: VULNERABLE FILE: /usr/lib/vmware-updatemgr/bin/jetty/webapps/vum-filedownload.war backed up to /tmp/tmpxi89fco8/usr/lib/vmware-updatemgr/bin/jetty/webapps/vum-filedownload.war.bak
2021-12-21T10:39:21 INFO process_jar: Found a VULNERABLE FILE: /tmp/tmpxv_znca3/WEB-INF/lib/log4j-core-2.13.1.jar
2021-12-21T10:39:21 INFO backup_file: VULNERABLE FILE: /tmp/tmpxv_znca3/WEB-INF/lib/log4j-core-2.13.1.jar backed up to /tmp/tmpxi89fco8/tmp/tmpxv_znca3/WEB-INF/lib/log4j-core-2.13.1.jar.bak
2021-12-21T10:39:22 INFO process_war: Found a VULNERABLE WAR file with: /usr/lib/vmware-sso/vmware-sts/webapps/ROOT.war
2021-12-21T10:39:22 INFO backup_file: VULNERABLE FILE: /usr/lib/vmware-sso/vmware-sts/webapps/ROOT.war backed up to /tmp/tmpxi89fco8/usr/lib/vmware-sso/vmware-sts/webapps/ROOT.war.bak
2021-12-21T10:39:24 INFO process_war: VULNERABLE FILE: /usr/lib/vmware-sso/vmware-sts/webapps/ROOT.war backed up to /tmp/tmpxi89fco8/usr/lib/vmware-sso/vmware-sts/webapps/ROOT.war.bak
2021-12-21T10:39:25 INFO process_jar: Found a VULNERABLE FILE: /usr/lib/vmware-sso/vmware-sts/webapps/ROOT/WEB-INF/lib/log4j-core-2.13.1.jar
2021-12-21T10:39:25 INFO backup_file: VULNERABLE FILE: /usr/lib/vmware-sso/vmware-sts/webapps/ROOT/WEB-INF/lib/log4j-core-2.13.1.jar backed up to /tmp/tmpxi89fco8/usr/lib/vmware-sso/vmware-sts/webapps/ROOT/WEB-INF/lib/log4j-core-2.13.1.jar.bak
2021-12-21T10:39:26 INFO process_jar: VULNERABLE FILE: /usr/lib/vmware-sso/vmware-sts/webapps/ROOT/WEB-INF/lib/log4j-core-2.13.1.jar backed up to /tmp/tmpxi89fco8/usr/lib/vmware-sso/vmware-sts/webapps/ROOT/WEB-INF/lib/log4j-core-2.13.1.jar.bak
2021-12-21T10:39:28 INFO process_jar: Found a VULNERABLE FILE: /usr/lib/vmware-dbcc/lib/log4j-core-2.8.2.jar
2021-12-21T10:39:28 INFO backup_file: VULNERABLE FILE: /usr/lib/vmware-dbcc/lib/log4j-core-2.8.2.jar backed up to /tmp/tmpxi89fco8/usr/lib/vmware-dbcc/lib/log4j-core-2.8.2.jar.bak
2021-12-21T10:39:29 INFO process_jar: VULNERABLE FILE: /usr/lib/vmware-dbcc/lib/log4j-core-2.8.2.jar backed up to /tmp/tmpxi89fco8/usr/lib/vmware-dbcc/lib/log4j-core-2.8.2.jar.bak
2021-12-21T10:39:32 INFO process_jar: Found a VULNERABLE FILE: /tmp/tmprq0yfnd1/WEB-INF/lib/log4j-core-2.13.1.jar
2021-12-21T10:39:32 INFO backup_file: VULNERABLE FILE: /tmp/tmprq0yfnd1/WEB-INF/lib/log4j-core-2.13.1.jar backed up to /tmp/tmpxi89fco8/tmp/tmprq0yfnd1/WEB-INF/lib/log4j-core-2.13.1.jar.bak
2021-12-21T10:39:33 INFO process_war: Found a VULNERABLE WAR file with: /usr/lib/vmware-lookupsvc/webapps/ROOT.war
2021-12-21T10:39:33 INFO backup_file: VULNERABLE FILE: /usr/lib/vmware-lookupsvc/webapps/ROOT.war backed up to /tmp/tmpxi89fco8/usr/lib/vmware-lookupsvc/webapps/ROOT.war.bak
2021-12-21T10:39:34 INFO process_war: VULNERABLE FILE: /usr/lib/vmware-lookupsvc/webapps/ROOT.war backed up to /tmp/tmpxi89fco8/usr/lib/vmware-lookupsvc/webapps/ROOT.war.bak
2021-12-21T10:39:34 INFO process_jar: Found a VULNERABLE FILE: /usr/lib/vmware-lookupsvc/webapps/ROOT/WEB-INF/lib/log4j-core-2.13.1.jar
2021-12-21T10:39:35 INFO backup_file: VULNERABLE FILE: /usr/lib/vmware-lookupsvc/webapps/ROOT/WEB-INF/lib/log4j-core-2.13.1.jar backed up to /tmp/tmpxi89fco8/usr/lib/vmware-lookupsvc/webapps/ROOT/WEB-INF/lib/log4j-core-2.13.1.jar.bak
2021-12-21T10:39:35 INFO process_jar: VULNERABLE FILE: /usr/lib/vmware-lookupsvc/webapps/ROOT/WEB-INF/lib/log4j-core-2.13.1.jar backed up to /tmp/tmpxi89fco8/usr/lib/vmware-lookupsvc/webapps/ROOT/WEB-INF/lib/log4j-core-2.13.1.jar.bak
2021-12-21T10:39:37 INFO _patch_file: Found VULNERABLE FILE: /usr/lib/vmware-vmon/java-wrapper-vmon
2021-12-21T10:39:37 INFO backup_file: VULNERABLE FILE: /usr/lib/vmware-vmon/java-wrapper-vmon backed up to /tmp/tmpxi89fco8/usr/lib/vmware-vmon/java-wrapper-vmon.bak
2021-12-21T10:39:37 INFO patch_vum: Found a VULNERABLE FILE: /usr/lib/vmware-updatemgr/bin/jetty/start.ini
2021-12-21T10:39:37 INFO backup_file: VULNERABLE FILE: /usr/lib/vmware-updatemgr/bin/jetty/start.ini backed up to /tmp/tmpxi89fco8/usr/lib/vmware-updatemgr/bin/jetty/start.ini.bak
2021-12-21T10:39:37 INFO print_summary:
=====     Summary     =====
Backup Directory: /tmp/tmpxi89fco8
List of processed java archive files:

/opt/vmware/lib64/log4j-core-2.13.0.jar
/usr/lib/vmware/common-jars/log4j-core-2.13.1.jar
/usr/lib/vmware/common-jars/log4j-core-2.8.2.jar
/usr/lib/vmware/common-jars/log4j-core-2.11.0.jar
/usr/lib/vmware/common-jars/log4j-core-2.11.2.jar
/usr/lib/vmware/cis_upgrade_runner/payload/component-scripts/sso/lstool/lib/log4j-core-2.13.1.jar
/usr/lib/vmware-updatemgr/bin/jetty/webapps/vum-fileupload.war
/usr/lib/vmware-updatemgr/bin/jetty/webapps/root.war
/usr/lib/vmware-updatemgr/bin/jetty/webapps/vum-filedownload.war
/usr/lib/vmware-sso/vmware-sts/webapps/ROOT.war
/usr/lib/vmware-sso/vmware-sts/webapps/ROOT/WEB-INF/lib/log4j-core-2.13.1.jar
/usr/lib/vmware-dbcc/lib/log4j-core-2.8.2.jar
/usr/lib/vmware-lookupsvc/webapps/ROOT.war
/usr/lib/vmware-lookupsvc/webapps/ROOT/WEB-INF/lib/log4j-core-2.13.1.jar

List of processed configuration files:

/usr/lib/vmware-vmon/java-wrapper-vmon
/usr/lib/vmware-updatemgr/bin/jetty/start.ini

Total fixed: 16

    NOTE: Running this script again with the --dryrun
    flag should now yield 0 vulnerable files.

Log file: /var/log/vmsa-2021-0028_2021_12_21_10_38_20.log
===========================
2021-12-21T10:39:37 INFO start: starting services
2021-12-21T10:52:47 INFO main: Done.
Verify python vc_log4j_mitigator.py -r
root@localhost [ /tmp ]# python vc_log4j_mitigator.py -r
2021-12-21T11:10:01 INFO main: Script version: 1.6.0
2021-12-21T11:10:01 INFO main: vCenter type: Version: 7.0.2.00500; Build: 18455184; Deployment type: embedded; Gateway: False; VCHA: False; Windows: False;
2021-12-21T11:10:01 INFO main: Running in dryrun mode.
2021-12-21T11:11:01 INFO print_summary:
=====     Summary     =====

No vulnerable files found!

Total found: 0
Log file: /var/log/vmsa-2021-0028_2021_12_21_11_10_01.log
===========================
2021-12-21T11:11:01 INFO main: Done.

vc_log4j_mitigator.py [-h] – helps and more options

root@localhost [ /tmp ]# python vc_log4j_mitigator.py -h
usage: vc_log4j_mitigator.py [-h] [-d dirnames [dirnames ...]] [-a] [-r] [-b BACKUP_DIR] [-l LOG_DIR]

VMSA-2021-0028 vCenter tool; Version: 1.6.0 This tool deletes the JndiLookup.class file from *.jar and *.war files. On Windows systems the tool will by default traverse the folders identified by the VMWARE_CIS_HOME, VMWARE_CFG_DIR, VMWARE_DATA_DIR and VMWARE_RUNTIME_DATA_DIR
variables. On vCenter Appliances the tool will search by default from the root of the filesystem. All modified files are backed up if the process needs to be reversed due to an error.

optional arguments:
  -h, --help            show this help message and exit
  -d dirnames [dirnames ...], --directories dirnames [dirnames ...]
                        space separated list of directories to check recursively for CVE-2021-44228 vulnerable java archive files.
  -a, --accept-services-restart
                        accept the restart of the services without having manual prompt confirmation for the same
  -r, --dryrun          Run the script and log vulnerable files without mitigating them. The vCenter services are not restarted with this option.
  -b BACKUP_DIR, --backup-dir BACKUP_DIR
                        Specify a backup directory to store original files.
  -l LOG_DIR, --log-dir LOG_DIR
                        Specify a directory to store log files.

Links: