One of the coolest (and most dangerous) commands in vSAN is objtool. Since this datastore is not vmfs but vsanfs (and object based), the objtool command is the utility that performs different tasks such as creating, resizing and deleting objects.
What follows is a series of examples on how to use such command:
Object path: /vmfs/volumes/vsan:521305e4430dd845-d59b1943736fdc88/
And how do I create an object?
# /usr/lib/vmware/osfs/bin/objtool create -s 1KB -a 3 -n javierobject Creating object of size 1024 bytes Setting object class to 0 UUID:3184dd59-c0ea-6ab8-b241-005056013df7how do I create my own object?
Note: The previous command creates an object using the default policy. This could be verified also with the rvc.
Note: Add the -t 3 option to the previous command to create a vmswap object. This can also be verified with the rvc.
Creating and removing directories in a vSAN datastore is not as simple as using mkdir and rmdir or rm -rf because the vSAN datastore is object based. In order to do that, special vSAN related commands exist to perform such tasks.
Notice what happens if you try to use the mkdir command:
# cd /vmfs/volumes/vsanDatastore
# mkdir testdir
mkdir: can't create directory 'testdir': Function not implemented
The commands that follow perform the same tasks as the icon with the green plus sign on the web client. These commands should be used if the vCenter server is not available.
How to do it: Step 1: Access the folder that contains the utilities
# cd /usr/lib/vmware/osfs/bin
Step 2: List the contents of that directory
objtool osfs-ls osfs-mkdir osfs-rmdir osfsd
Step 3: Verify that a directory called testdir does not exist
# ls -lh /vmfs/volumes/vsanDatastore/testdir
ls: /vmfs/volumes/vsanDatastore/testdir: No such file or directory
Step 1: Select your vCenter Server, click on Configure, select Key Management Servers and click on the Green Plus Sign. Specify the name of the KMS cluster, the IP address and a port to use. Currently, there are two supported KMS Servers (Hytrust and EMC). The KMS servers need to be KMIP 1.1 compliant.
Step 2: You will have to establish a trust relationship with the KMS server. Since different KMS servers are supported, you will have to select the type of certificate to download. Different choices are available.
Step 3: Verify that the connection state is Normal and that the procedure succeeded.
Step 4: Select your vSAN cluster, click on Configure, select General and click on Edit. Enable Encryption. The KMS related information should be automatically populated. Click on OK.
Step 5: Once you enable Encryption, every disk will be reformatted. This process will take time. The amount of time will depend on how many drives need to be formatted and the size of the drives.
Once this is done, the entire datastore is encrypted. Encryption works with both the hybrid solution as well as the all-flash. If new servers are added to the cluster, the disk groups created on the new host will be formatted to support encryption.