We all know that vCenter appliance can be backed up using its GUI window to any external servers or storage that supports FTP, SCP or HTTPS ports. However this is always a one time job. What if you built your virtual environment on Jan 1st 2019 and had made lots of changes but not taken a single backup if needed to restore at some point? You will not have latest backup or no backup at all!! All you did is considered lost if a single mistake happened that can cause huge damage.
It’s always good to have an automated backup to a safe place which can later use for restore if needed. Not to worry too much, Vmware provides you a bash script that can do this job for you. It’s a basic script, you need to modify the script as you needed. Script can be found here.
This script do not encrypt backup that takes. All you need a Linux server, with a local user name, password, an empty folder or file system with empty folder where it can store the backup it dumps and make sure the user name has password that never expire.
Unfortunately the script or vCSA backup do not SFTP protocol. If your environment has security concerns, its your job to make the script more secured. This is because, if you need a local account with never expired password, some customer will request to deny that user for interactive logon. Which means, user shouldn’t be able to login using SSH command, but allowed to su to that user from other user, if you know password. However vCSA backup do not support SFTP protocol, we cannot make the user as non-interactive logon. SCP option requires the user to be logged in the shell. Besides the script has plain text of your passwords of vCenter admin user as well as this backup job user. So make sure to keep the script in secured location with restricted access.
You may adjust the script to choose your protocol as needed.
We encountered an issue which never tell you where exactly the problem. After we successfully set-up the script with SCP protocol, first job encountered following error:
“{“type”:”com.vmware.vapi.std.errors.unauthenticated”,”value”:{“messages”:[{“args”:[],”default_message”:”Unable to authenticate user”,”id”:”vapi.security.authentication.invalid”}]}}”
For further investigation you can check the vCenter log file, tailf -f /var/log/vmware/vapi/endpoint/endpoint.log
, after you SSH to the vCenter as root user. Unfortunately you will not understand much unless you are an expert on this.
After several research, found a fix as recommended in this article. Now we have no issues and the job scheduled via cron and it takes backup every weekend.
Disclaimer:
The views expressed and the content shared in all published articles on this website are solely those of the respective authors, and they do not necessarily reflect the views of the author’s employer or the techbeatly platform. We strive to ensure the accuracy and validity of the content published on our website. However, we cannot guarantee the absolute correctness or completeness of the information provided. It is the responsibility of the readers and users of this website to verify the accuracy and appropriateness of any information or opinions expressed within the articles. If you come across any content that you believe to be incorrect or invalid, please contact us immediately so that we can address the issue promptly.
Shibin John
Project Technical Lead
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Leave a Reply