VMware ESXi backup with ghettoVCB


I have just recently switched my home-server into a new setup, which is using VMware ESXi with the free license. My old one was a Arch Linux desktop with VMware Workstation installed on it.
The backup process is somewhat different now. Maybe you’ve read my post about backing up VMware Workstation or how to autostart your virtual machines. The autostart function is now configured through VMware vSphere client, just go into Configuration > Virtual Machine Startup/Shutdown and you can choose which machines should autostart, and in which order.
Backing up the ESXi machines is easily done with ghettoVCB. It’s easy to install, place it somewhere under /vmfs/volumes/… and not under some other strange place which will get reset when upgrading. Installation and configuration is explained in the above linked VMware doc. Here is my configuration.

VM_BACKUP_VOLUME=/vmfs/volumes/disk/backup
DISK_BACKUP_FORMAT=thin
VM_BACKUP_ROTATION_COUNT=2
POWER_VM_DOWN_BEFORE_BACKUP=0
ENABLE_HARD_POWER_OFF=0
ITER_TO_WAIT_SHUTDOWN=3
POWER_DOWN_TIMEOUT=5
ENABLE_COMPRESSION=0
VM_SNAPSHOT_MEMORY=0
VM_SNAPSHOT_QUIESCE=0
ALLOW_VMS_WITH_SNAPSHOTS_TO_BE_BACKEDUP=0
ENABLE_NON_PERSISTENT_NFS=0
SNAPSHOT_TIMEOUT=15
EMAIL_ALERT=0
EMAIL_LOG=1
EMAIL_SERVER=smtp.example.com
EMAIL_SERVER_PORT=25
EMAIL_DELAY_INTERVAL=1
EMAIL_TO=admin@example.com
EMAIL_ERRORS_TO=admin@example.com
EMAIL_FROM=admin@example.com
WORKDIR_DEBUG=0
VM_SHUTDOWN_ORDER=
VM_STARTUP_ORDER=

To automate the backup, it should be added to the ESXi’s crontab. Though it’s not as straight forward as with any *nix. Adding it as is, is easy enough. But if you ever consider to reboot your ESXi server, it will be lost if you not add the crontab entry at every system start. This can be done in the file /etc/rc.local.d/local.sh

Either add these lines manually with vi /etc/rc.local.d/local.sh, or paste the lines logged into the ESXi’s root shell.

#
# Add lines to '/var/spool/cron/crontabs/root'
# Run manually to enable at once.
# But will not persist through reboot.
#
-------- CUT HERE --------
/bin/kill $(cat /var/run/crond.pid)
/bin/echo '0 4 * * * /vmfs/volumes/path_to_ghettovcb/ghettoVCB.sh -a -g /vmfs/volumes/path_to_ghettovcb/ghettoVCB.conf > /dev/null 2>&1' >> /var/spool/cron/crontabs/root
/usr/lib/vmware/busybox/bin/busybox crond
-------- CUT HERE --------

#
# Add lines to /etc/rc.local.d/local.sh for persistence
#
# Remove the 'exit 0' entry, and put it back as last line
/bin/sed -i 's/exit 0//g' /etc/rc.local.d/local.sh

# Echo the crontab stop/start and new crontab entry
/bin/echo '/bin/kill $(cat /var/run/crond.pid)' >> /etc/rc.local.d/local.sh
/bin/echo '/bin/echo "0 4 * * * /vmfs/volumes/path_to_ghettovcb/ghettoVCB.sh -a -g /vmfs/volumes/path_to_ghettovcb/ghettoVCB.conf > /dev/null 2>&1" >> /var/spool/cron/crontabs/root' >> /etc/rc.local.d/local.sh
/bin/echo "/usr/lib/vmware/busybox/bin/busybox crond" >> /etc/rc.local.d/local.sh
/bin/echo "exit 0" >> /etc/rc.local.d/local.sh

Now you’re done – you may think. Well. If you’re like me and would like to have the log from backing up your machines. You also need to allow communication on port 25 to be sent from your ESXi server. If you have tried to run the backup without allowing SMTP on your ESXi server, and checking the log. You will probably notice the log line ERROR: Please enable firewall rule for email traffic on port 25.

To enable port 25 for SMTP communication, you will first need to create a small XML-file under /etc/vmware/firewall. This configuration is the same, as with crond. You need to create the XML-file through /etc/rc.local.d/local.sh. In addition to the above configuration, you also need to add this.

#
# The raw XML-file
#
<ConfigRoot>
  <service id='1001'>
    <id>SMTP Outbound</id>
    <rule>
      <direction>outbound</direction>
      <protocol>tcp</protocol>
      <porttype>dst</porttype>
      <port>25</port>
    </rule>
    <enabled>true</enabled>
    <required>false</required>
  </service>
</ConfigRoot>

#
# These lines can be copied, and pasted into root shell of your ESXi server
# to automatically create '/etc/vmware/firewall/smtp_outbound.xml' when
# your server boots, through the file '/etc/rc.local.d/local.sh'
#
/bin/echo 'FIREWALL_CONFIG=/etc/vmware/firewall/smtp_outbound.xml' >> /etc/rc.local.d/local.sh
/bin/echo 'if [[ ! -f ${FIREWALL_CONFIG} ]]; then' >> /etc/rc.local.d/local.sh
/bin/echo '   /bin/echo "<!-- Firewall configuration by /etc/rc.local.d/local.sh -->" > ${FIREWALL_CONFIG}' >> /etc/rc.local.d/local.sh
/bin/echo '   /bin/echo "<ConfigRoot>" >> ${FIREWALL_CONFIG}' >> /etc/rc.local.d/local.sh
/bin/echo '   /bin/echo "  <service id='1001'>" >> ${FIREWALL_CONFIG}' >> /etc/rc.local.d/local.sh
/bin/echo '   /bin/echo "    <id>SMTP Outbound</id>" >> ${FIREWALL_CONFIG}' >> /etc/rc.local.d/local.sh
/bin/echo '   /bin/echo "    <rule>" >> ${FIREWALL_CONFIG}' >> /etc/rc.local.d/local.sh
/bin/echo '   /bin/echo "      <direction>outbound</direction>" >> ${FIREWALL_CONFIG}' >> /etc/rc.local.d/local.sh
/bin/echo '   /bin/echo "      <protocol>tcp</protocol>" >> ${FIREWALL_CONFIG}' >> /etc/rc.local.d/local.sh
/bin/echo '   /bin/echo "      <porttype>dst</porttype>" >> ${FIREWALL_CONFIG}' >> /etc/rc.local.d/local.sh
/bin/echo '   /bin/echo "      <port>25</port>" >> ${FIREWALL_CONFIG}' >> /etc/rc.local.d/local.sh
/bin/echo '   /bin/echo "    </rule>" >> ${FIREWALL_CONFIG}' >> /etc/rc.local.d/local.sh
/bin/echo '   /bin/echo "    <enabled>true</enabled>" >> ${FIREWALL_CONFIG}' >> /etc/rc.local.d/local.sh
/bin/echo '   /bin/echo "    <required>false</required>" >> ${FIREWALL_CONFIG}' >> /etc/rc.local.d/local.sh
/bin/echo '   /bin/echo "  </service>" >> ${FIREWALL_CONFIG}' >> /etc/rc.local.d/local.sh
/bin/echo '   /bin/echo "</ConfigRoot>" >> ${FIREWALL_CONFIG}' >> /etc/rc.local.d/local.sh
/bin/echo 'fi' >> /etc/rc.local.d/local.sh
/bin/echo 'sleep 10 && /sbin/esxcli network firewall refresh' >> /etc/rc.local.d/local.sh
/bin/echo "exit 0" >> /etc/rc.local.d/local.sh

Remember that the last line /bin/echo "exit 0" >> /etc/rc.local.d/local.sh needs to be last line, otherwise the script will exit before it should end.

Comments

comments