Difference between revisions of "Backup of ESXi Virtual Machines using Affa"
(added Dropbear update section) |
|||
| Line 1: | Line 1: | ||
| + | {{Level|Advanced}} | ||
| + | |||
=== Introduction === | === Introduction === | ||
As of version 2, Affa supports hot backing up virtual machines running on the VMWare ESXi server. It uses the VMware Infrastructure Perl Toolkit to communicate with the EXSi and rsync over ssh to transfer the data. Before the backup starts, the state of the running VM is freezed by creating a snapshot of all its disks. After the freezed virtual disk files were backed up, the snapshot is deleted and the config points to the just backed up disks again. Then, as a last step the config files are backed up. | As of version 2, Affa supports hot backing up virtual machines running on the VMWare ESXi server. It uses the VMware Infrastructure Perl Toolkit to communicate with the EXSi and rsync over ssh to transfer the data. Before the backup starts, the state of the running VM is freezed by creating a snapshot of all its disks. After the freezed virtual disk files were backed up, the snapshot is deleted and the config points to the just backed up disks again. Then, as a last step the config files are backed up. | ||
| Line 65: | Line 67: | ||
kill -HUP 1302 | kill -HUP 1302 | ||
| + | Now you can ssh logon. | ||
| + | |||
| + | |||
| + | ==== Update Dropbear SSH server and client ==== | ||
| + | On ESX3i Dropbear Version 0.49 is installed. This version has a bug that causes an incorrect return status of the executed command. Therefore it must be updated to Version 0.51. This version fixes the problem with wrong exit codes. Only with Dropbear Version 0.51 Affa can detect failures of rsync commands. | ||
| + | |||
| + | Remote copy the dropbearmulti binary to the ESXi host into directory /sbin. This overwrites the existing dropbearmulti version 0.49 | ||
| + | scp dropbearmulti root@<ESXiIP>:/sbin/ | ||
| + | Then send the HUP signal to the inetd process as described above. | ||
| + | ===== How to get dropbearmulti 0.51 binary ===== | ||
| + | You can either download a compiled binary from http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/Affa2 | ||
| + | |||
| + | '''or''' you can make it by yourself on a Centos4/SME7.3 box with devel RPMs installed: | ||
| + | 1. download <tt>dropbear-0.51.tar.gz</tt> from http://matt.ucc.asn.au/dropbear/ | ||
| + | |||
| + | 2. unpack the tarball | ||
| + | tar xzf dropbear-0.51.tar.gz | ||
| + | cd dropbear-0.51 | ||
| + | 3. edit the file <tt>options.h</tt> and comment out line 40 | ||
| + | /*#define NON_INETD_MODE*/ | ||
| − | + | 4. configure and compile | |
| + | ./configure --disable-zlib --disable-openpty | ||
| + | make PROGRAMS="dropbear dbclient scp dropbearkey dropbearconvert" MULTI=1 STATIC=0 SCPPROGRESS=1 | ||
| + | strip dropbearmulti | ||
==== Install the rsync program on the ESXi host ==== | ==== Install the rsync program on the ESXi host ==== | ||
| Line 78: | Line 103: | ||
You can either download a compiled binary from http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/Affa2 | You can either download a compiled binary from http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/Affa2 | ||
| − | '''or''' you can make it by yourself on a | + | '''or''' you can make it by yourself on a Centos4/SME7.3 box with devel RPMs installed: |
1. download the source from http://rsync.samba.org/ | 1. download the source from http://rsync.samba.org/ | ||
Revision as of 19:25, 8 November 2008
Introduction
As of version 2, Affa supports hot backing up virtual machines running on the VMWare ESXi server. It uses the VMware Infrastructure Perl Toolkit to communicate with the EXSi and rsync over ssh to transfer the data. Before the backup starts, the state of the running VM is freezed by creating a snapshot of all its disks. After the freezed virtual disk files were backed up, the snapshot is deleted and the config points to the just backed up disks again. Then, as a last step the config files are backed up.
A restore of a VM can be done by simply copying back all archived files to the original location on the ESXi host. It is also possible to copy the files to a different directory (or to another ESXi server) and add the vmx file to the inventory.
Preparing the Affa Server
Install the VMware Infrastructure (VI) Perl Toolkit
Download the VI Perl Toolkit tarball from the VMWare web site: http://www.vmware.com/support/developer/viperltoolkit/
Login as root and run:
/usr/bin/yum install openssl-devel /usr/bin/yum --enable=dag install perl-XML-SAX tar xzf VMware-VIPerl-1.6.0-104313.i386.tar.gz cd vmware-viperl-distrib ./vmware-install.pl
Ignore this warning: The following Perl modules were found on the system but may be too old to work with VIPerl: URI XML::NamespaceSupport
Install Affa Version 2 beta
Install the latest Affa 2.x beta version. Download the RPM from http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/Affa2
/usr/bin/yum --enable=smecontribs localinstall smeserver-affa-2.0.0-beta*.noarch.rpm
Preparing the ESXi Host for use with Affa
To make the ESXi server ready to cooperate with Affa you must install the rsync program, enable the ssh service, configure passwordless ssh login and add a user for communication using the VMware Infrastructure (VI) Perl Toolkit.
Adding an ESXi User with restricted Permissions
Run the Virtual Infrastructure Client and logon to the ESXi host.
Adding Affa role
Switch to the Administration module and add a new role with permissions to create and delete snapshots
Adding Affa user
Switch back to the Inventory module and add a new user with password:
Assigning permissions
In the Permission Tab assign the new role to the new user.
Configuration of the SSH Service on the ESXi Host
(Note: ESXI uses Dropbear rather than OpenSSL Server)
On the ESXi Server console hit Alt-F1 to get the service shell. Now blind-type the word unsupported to unlock the shell.
Login with the root password.
Edit the '/etc/inetd.conf' file using the vi editor. Remove the leading Hash ('#') from this line:
#ssh stream tcp nowait root /sbin/dropbearmulti dropbear ++min=0,swap,group=shell -i
Save the file.
Find the PID of the inetd process: (1302 in this example)
ps | grep inetd
1302 1302 busybox inetd
Send HUP signal to force inetd to re-read the configuration
kill -HUP 1302
Now you can ssh logon.
Update Dropbear SSH server and client
On ESX3i Dropbear Version 0.49 is installed. This version has a bug that causes an incorrect return status of the executed command. Therefore it must be updated to Version 0.51. This version fixes the problem with wrong exit codes. Only with Dropbear Version 0.51 Affa can detect failures of rsync commands.
Remote copy the dropbearmulti binary to the ESXi host into directory /sbin. This overwrites the existing dropbearmulti version 0.49
scp dropbearmulti root@<ESXiIP>:/sbin/
Then send the HUP signal to the inetd process as described above.
How to get dropbearmulti 0.51 binary
You can either download a compiled binary from http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/Affa2
or you can make it by yourself on a Centos4/SME7.3 box with devel RPMs installed: 1. download dropbear-0.51.tar.gz from http://matt.ucc.asn.au/dropbear/
2. unpack the tarball
tar xzf dropbear-0.51.tar.gz cd dropbear-0.51
3. edit the file options.h and comment out line 40
/*#define NON_INETD_MODE*/
4. configure and compile
./configure --disable-zlib --disable-openpty make PROGRAMS="dropbear dbclient scp dropbearkey dropbearconvert" MULTI=1 STATIC=0 SCPPROGRESS=1 strip dropbearmulti
Install the rsync program on the ESXi host
Remote copy the rsync-static binary to the ESXi host into directory /usr/bin.
scp rsync-static root@<ESXiIP>:/usr/bin/
Create symbolic link to /usr/bin/rsync:
ln -fs /usr/bin/rsync-static /usr/bin/rsync
How to get the statically linked rsync binary
You can either download a compiled binary from http://mirror.contribs.org/smeserver/contribs/michaelw/sme7/Affa2
or you can make it by yourself on a Centos4/SME7.3 box with devel RPMs installed:
1. download the source from http://rsync.samba.org/
2. unpack the tarball
tar xzf rsync-3.0.4.tar.gz cd rsync-3.0.4
3. build the statically linked binary
make CFLAGS="-static" EXEEXT="-static" strip rsync-static
Configuration of Public Key Login
SSH logon to the ESXi host and create a new home directory for user root
mkdir -p /root/.ssh chmod -R 700 /root
Edit /etc/passwd using the vi editor and carefully change the line
root:x:0:0:Administrator:/:/bin/ash
to
root:x:0:0:Administrator:/root:/bin/ash
Once you have configured the Affa ESXi job, run on the Affa server:
affa --send-key <JOB>
Setting up an Affa job
The following assumes, that you are already familiar with configuring Affa and only focus on the ESXi specific parts.
Assume you want to backup the virtual machine named 'myvm' on ESXi server with IP 10.200.48.5.
1. log into the 'affabox' and copy the config helper script
cp -a /usr/lib/affa/jobconfig-esxi-sample.pl /root/esxi-myvm-job.pl
2. edit /root/esxi-myvm-job.pl and set
my $jobname='esxi-myvm';
and
'remoteHostName‘=>'10.200.48.5',
3. tell Affa that this job backups a ESXi virtual machine
'ESXi' => 'yes',
4. set the VM name
'ESXiVMName' => 'myvm',
5. set the username and password (this is the ESXi User with restricted permissions created above)
'ESXiUsername' => 'affa', 'ESXiPassword' => 'secret',
6. save the script, then run it
/root/esxi-myvm-job.pl
7. send the public key
affa --send-key esxi-myvm
8. run the job manually
affa --run esxi-myvm
When the Affa job starts, you can watch the snapshot create task in the Virtual Infrastructure Client.
The name of the snaphot starts with "BEXI-". Do not delete it or revert to it while Affa is running.
