The new vCenter 6.5 Server Appliance comes with a backup function, but it is not possible to schedule the backup out of the box.
But there are several ways that you can do this yourself.
Powershell
The first option is to schedule a powershell script on a Windows host, or maybe on your vRealize Orchestrator.
Brian Graf has done an article on the script, and how it works here: http://www.vtagion.com/vsphere-6-5-automate-vcsa-backup/
Crontab
I however found that scheduling stuff on windows is a bit cumbersome, and I think if is much better to run it locally on vCenter.
My co-worker Allan Kjær brought to my attention that it is possible to schedule this using crontab directly on the vCSA appliance, and directed me to this VMware example: http://pubs.vmware.com/vsphere-6-5/index.jsp?topic=%2Fcom.vmware.vsphere.vcsapg-rest.doc%2FGUID-222400F3-678E-4028-874F-1F83036D2E85.html
I altered the code slightly, so that it would use FTPS instead of plain FTP.
Save the code to a file on vCSA using your favorite editor. I recommend putting the file in /usr/local/bin/
Since passwords will be saved to this file we will remove access for non-root users. # Commands: vi /usr/local/bin/vCSA-Backup.sh # Make the file executable chmod u+x /usr/local/bin/vCSA-Backup.sh # Make it only accessible by root chmod g-rxw /usr/local/bin/vCSA-Backup.sh chmod o-rxw /usr/local/bin/vCSA-Backup.sh
You have to replace usernames and passwords for vCSA and FTPs server. You can also replace FTPS with SCP, FTP, PATH, HTTP or HTTPS in the following line.
There have been some requests to use SCP, and that is easy to setup. Just change the location-type to SCP, and ind the location field change “ftp” to “scp” to it says “scp://$FTP_ADDRESS……”
"location_type":"FTPS",
vCSA-Backup.sh File contents:
#!/bin/bash
##### EDITABLE BY USER to specify vCenter Server instance and backup destination. #####
VC_ADDRESS=vcenter.domain.local
VC_USER=administrator@vsphere.local
VC_PASSWORD=password
FTP_ADDRESS=ftp-server.domain.local
FTP_USER=ftp-user
FTP_PASSWORD=ftp-password
BACKUP_FOLDER=vCSA-Backup
############################
# Authenticate with basic credentials.
curl -u "$VC_USER:$VC_PASSWORD" \
-X POST \
-k --cookie-jar cookies.txt \
"https://$VC_ADDRESS/rest/com/vmware/cis/session"
# Create a message body for the backup request.
TIME=$(date +%Y-%m-%d-%H-%M-%S)
cat << EOF >task.json
{ "piece":
{
"location_type":"FTPS",
#"location_type":"SCP",
"comment":"Automatic backup",
"parts":["seat"],
"location":"ftp://$FTP_ADDRESS/$BACKUP_FOLDER/$TIME",
#"location":"scp://$FTP_ADDRESS/$BACKUP_FOLDER/$TIME",
"location_user":"$FTP_USER",
"location_password":"$FTP_PASSWORD"
}
}
EOF
# Issue a request to start the backup operation.
echo Starting backup $TIME >>backup.log
curl -k --cookie cookies.txt \
-H 'Accept:application/json' \
-H 'Content-Type:application/json' \
-X POST \
--data @task.json 2>>backup.log >response.txt \
"https://$VC_ADDRESS/rest/appliance/recovery/backup/job"
cat response.txt >>backup.log
echo '' >>backup.log
# Parse the response to locate the unique identifier of the backup operation.
ID=$(awk '{if (match($0,/"id":"\w+-\w+-\w+"/)) \
print substr($0, RSTART+6, RLENGTH-7);}' \
response.txt)
echo 'Backup job id: '$ID
# Monitor progress of the operation until it is complete.
PROGRESS=INPROGRESS
until [ "$PROGRESS" != "INPROGRESS" ]
do
sleep 10s
curl -k --cookie cookies.txt \
-H 'Accept:application/json' \
--globoff \
"https://$VC_ADDRESS/rest/appliance/recovery/backup/job/$ID" \
>response.txt
cat response.txt >>backup.log
echo '' >>backup.log
PROGRESS=$(awk '{if (match($0,/"state":"\w+"/)) \
print substr($0, RSTART+9, RLENGTH-10);}' \
response.txt)
echo 'Backup job state: '$PROGRESS
done
# Report job completion and clean up temporary files.
echo ''
echo "Backup job completion status: $PROGRESS"
rm -f task.json
rm -f response.txt
rm -f cookies.txt
echo '' >>backup.log
Test the script to see if it is working by running the command on your vCSA server:
# Command: /usr/local/bin/vCSA-Backup.sh
Now it is time to schedule the script using crontab. I am going to make it run every night af 2 am. You can schedule it however you want. You can find out more about how to schedule stuff using crontab here: https://en.wikipedia.org/wiki/Cron
Open your crontab.
#Command: crontab -e # Press 'i' to goto insert mode # Insert you task into crontab 0 2 * * * /usr/local/bin/vCSA-Backup.sh # Press ':wq' # Press ENTER
Your task will now run a 2 am every day.
Remember to do some maintenance on your FTP server since it will keep adding data to it.
Troubleshooting
It seems that there is an issue with cron jobs not running in recent versions of vCSA. There is a short description of how to fix this here: https://www.drewgreen.net/wordpress/2017/04/19/fix-for-cron-failing-on-vmware-vcenter-server-appliance-vcsa-6-5/
View Comments (72)
Instead of modifying /etc/pam.d/crond, I just copied system-auth to password-auth.
You could also link the "ln -s system-auth password-auth"
That way you keep the aligned at all times.
Hi Guys,
it seems i have trouble to run this script (miss typo)
could any one please send me a template of working script (jospehlozian@gmail.com) so i can edit it directly
thank
jospe
actually a thing the script is running but i am facing a trouble, the output is :
{"type":"com.vmware.vapi.std.errors.unauthenticated","value":{"messages":[{"args":[],"default_message":"Authentication required.","id":"com.vmware.vapi.endpoint.method.authentication.required"}]}}Backup job id:
do u have any idea what does is it mean !!!!!!!
Thanks
Seems link you have a problem with you credentials: com.vmware.vapi.std.errors.unauthenticated
You can get it directly from the VMware documentation link in the article. It might be a copy paste issue. Sometimes I notices that quotations marks get corrupted by browser language/font codes.
Your link to the documentation is no longer valid as VMware moved their 6.5 documentation to the new documentation platform.
I could not find the one you referenced in the documentation. could you maybe update your link?
Thank you for bringing that to my attention. I have updated the link.
Can not remove VC_PASSWORD from script?
If the script runs as root?
You cannot do single signon to rest using your root account.
But you can restrict other users than root from reading the script using something like chmod o-rwx and chmod g-rwx.
If they are already on your vCenter with the root account, you have lost the war.
Hello,
when i start the script it's start, but it finished after some second without any errors and no backup.
root@******** [ ~ ]# /usr/local/bin/vCSA-Backup.sh
{"value":"ac6682e8faf416402a685dbf9729355f"}Backup job id:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 173 0 173 0 0 2692 0 --:--:-- --:--:-- --:--:-- 2703
Backup job state:
Backup job completion status:
Do you have any idea or where i can look for logs?
Thank you.
Try to break down the script and run it manually, to validate all commands, and outputs.
Hi Florian,
I am getting the same output and when I look at the backup.log file (cat backup.log), I see the following: {"name":"com.vmware.vapi.rest.badRequest","localizableMessages":[{"defaultMessage":"Bad Request","id":"com.vmware.vapi.rest.badRequest"}],"majorErrorCode":400}
{"value":["20170802-155734-5705665","20170802-151121-5705665"]}
As suggested by Brian, I am going to try to break the script down and run it in pieces but I was wondering if you found the solution to this?
Hello,
how can i remove old backups automatic which are older than 30 days for example ? Best with your script.
I do not have access to a VCSA right now, but I would look at something like this.
https://stackoverflow.com/questions/13489398/delete-files-older-than-10-days-using-shell-script-in-unix
FORFILES /p E:\vCenterBackup\vCenterBackup -D -30 -C "CMD /C IF @ISDIR==TRUE ECHO rd /q /s @FILE&rd /q /s @FILE"
Task schedule from batch file
Hi Brian
When I try to run the script I get the following messages in the backup log:
{"type":"com.vmware.vapi.std.errors.unauthorized","value":{"messages":[{"args":[],"default_message":"Unable to authorize user","id":"vapi.security.authorization.invalid"}]}}
I'm using administrator@vsphere.local to connect to vcenter. Any ideas what could be wrong
If anyone's encountering the same problem, a rebbot of the vCSA fixed it for now.
I had exactly the same problem, VCSA v6.5 , and Authorization-problems were gone after a reboot, and cron-problems as described above !
Hey Brian, great article.... Thanks for taking the time to share.
-Where in the code are you telling it what to backup? Comparing it to the appliance backup, your code gets a lot more.
-What's your process for restore?
Thank you Doug.
This article is just about scheduling what VMware already built into vCSA.
In the script you can see a line that says: "parts":["seat"]
This is the selection, and that means everything in the database, but you can select less according to the documentation:
"The request specifies several attributes, especially the backup location, the protocol used to communicate with the storage server, the necessary authorization, and which optional parts of the database you want to back up. The core inventory data and Alarms are always backed up, but you can choose whether or not to back up Statistics, Events, and Tasks. Collectively, this optional part of the backup is referred to as seat."
If you follow the VMware article linked to in this article you will also find some instructions on how to restore. These are however not that simple. I will consider making an, easy to understand, article about restoring.
You can find the restore process for vCSA 6.5 here: https://featurewalkthrough.vmware.com/#!/vsphere-6-5/vcenter-server-appliance-file-based-restore/25
So I restarted VCSA
I verified that I could logon using SSO credentials /apiexplorer
If I go to vcenter/rest/com/vmware/cis/session
Get error:
{"name":"com.vmware.vapi.rest.httpNotFound","localizableMessages":[{"defaultMessage":"Not found.","id":"com.vmware.vapi.rest.httpNotFound"}],"majorErrorCode":404}
Backup error shows this
{"type":"com.vmware.vapi.std.errors.error","value":{"messages":[{"args":[],"default_message":"Access to the remote server is denied. Check your credentials and permissions.","id":"com.vmware.applmgmt.err_access_denied"}]}}
{"value":["20170809-164458-5973321"]}
Disregard my question.
Figured out.
updated script file as follows and it works
VC_ADDRESS=Vcenter.domain.local
VC_USER=administrator@Vcenter.domain.local
VC_PASSWORD='SSOPassword'
FTP_ADDRESS=FTPSERVERFQN
FTP_USER='FTPSERVERFQDN|ftp_user'
FTP_PASSWORD='Password'
BACKUP_FOLDER=/VCSA/Vcenterserver/