Schedule vCenter 6.5 appliance backups with vRealize Orchestrator

With the release of vSphere 6.5 VMware has introduced a new method for creating a backup of the vCenter Appliance. This method is available from the vCenter Appliance web management interface on port 5480 (https://applianceaddress:5480).

Tip: Starting with vSphere 6.7 scheduling functionality has been added as a native feature in the appliance, eliminating the need for this workflow. It still applies to vSphere 6.5.

vCenter Appliance backup

Unfortunately the user interface does not allow you to schedule the backup. And I don't see administrators create daily manual backups of their vCenter appliances. So therefor I have spent some time to build a workflow for vRealize Orchestrator that allows you to schedule the backup of a vCenter appliance. The workflow uses the Rest API Plugin and the VMware vCenter Server Appliance Management API to create a backup for one or more vCenter 6.5 appliances (which could also be a Platform Services Controller).

Backup files are stored via FTP, which could also be FTPS, SCP, HTTP or HTTPS, as is documented in the API Documentation. I have tested the workflow with FTP and FTPS.

TipBefore using this workflow always first manually create a backup from the web interface on port 5480 on your appliance. By doing this you can verify the protocol being used and the correct settings for paths and credentials. When this is successful you can use those parameters as attributes in the workflow.

With this workflow (see image below) you can schedule the backup from vRealize Orchestrator.

vCenter Backup Schedule workflow vrealize orchestrator

The workflow is available as an individual download (here) or as a package (here) that you can import into your own vRealize Orchestrator environment. The main source code of the javascript component that requests the backup via the API is available at the end of this page. How to configure the environment to use the workflow is described in the rest of this article.

The workflow in its downloadable format uses FTP. See the javascript code below. When you want to use FTPS or another protocol modify that in the javascript code in the workflow. At this time I have not provided the protocol choice as an attribute. This is on my to do list;-)

warningThis workflow is provided as is and may be used by whomever wants to and may be modified to your needs. Also this workflow might not yet be optimal, if you have suggestions or want to contribute to the workflow that could benefit others then please contact me via email (rob at vmwarebits,com) 

If you have never worked with vRealize Orchestrator the this article is be a good source to get you started: Create your first Orchestrator Workflow. If you do not have vRealize Orchestrator in your environment I suggest to download and deploy the appliance version (documentation).

After importing the workflow you must configure some of the attributes of the workflow. One of these attributes is a user that can be used to access the backup feature via the API. You could use the administrator@vsphere.local account but it's better to create a specific user for this process, in my example I have created a local user named backup in the vsphere.local domain. You can do this under the Administration menu in the vSphere Web Client under the Single Sign-On option. This can only be configured if you are already logged in as an SSO administrative user such as administrator@vsphere.local. 

vCenter create SSO user for backup

Next assign this user to the administrators group. This is also where you could configure a user from one of the configured identity sources such as active directory to run the backups with.

vCenter SSO user for backup

In vRealize Orchestrator the first step is to create one or more Rest Host objects. You can find this option under the library folder of the HTTP-REST plugin under the configuration folder: Add a REST host.  

vCenter Orchestrator create rest host

For the authentication type select Basic. Next provide a name for the host and the URL where the REST API for the host can be accessed. In the javascript code for the backup I am using the HTTP REST host name as the FQDN to access the host. So make sure to make these two match. The URL should have the format as in the image below: https://yourhostaddress/rest. (Don't forget the /rest part.) 

vCenter Orchestrator create REST Host

In the next steps provide the credentials for the user that you can use for executing the backup jobs. For other steps accept the default values and make sure to accept the host's SSL certificate when executing the workflow.

Next it's time to configure the attributes for the vCenter Backup workflow. Some of the attributes are self explanatory and the description will further explain for which purpose they are used. One attribute might not be straight forward. This is the Array of Rest Hosts. It must contain at least one host object. Click the attribute and follow the steps in the image below to add the previously created Rest Hosts to the array. 

vCenter Orchestrator define arrya of rest hosts

There is one more attribute I would like to explain about here: seat. It's a boolean that allows you to configure whether or not to include the S.E.A.T. part in your backup. This is the part that contains all the data for Statistics, Events, Alarms and Tasks. ANd it is an optional component. It is also the part that will consume a possibly gigantic part of your storage, compared to the default and mandatory component (common) that will create a backup of the Inventory and Configuration. For a Platform Services Controller the workflow will always only perform a backup of this latter part because that type of appliance does not contain any SEAT-data.

 

Here is the javascript code for the actual backup process:

//set main variables for the script based on workflow attributes
//I have made the assumption that your rest host name is identical to the FQDN for the host
var appliance = restHosts[hostCounter].name;
System.log("Starting backup process for host: "+appliance);

//create an authentication session for the rest host
var request = restHosts[hostCounter].createRequest("POST", "https://" + appliance + "/rest/com/vmware/cis/session", "");
var response = request.executeWithCredentials(ssoUser, ssoPassword);
var sessionid = JSON.parse(response.contentAsString).value;

//System.log("response code: " + response.statusCode);
//System.log("response body: " + response.contentAsString);
System.log("sessionid: " + sessionid);

//get the possible backup parts: common (Inventory and Configuration) is always present 
//and mandatory (vCenter and PSC) but SEAT (Stats, Events, Alarms, and Tasks) is only available for vCenter
partsRequest = restHosts[hostCounter].createRequest("GET", "https://" + appliance + "/rest/appliance/recovery/backup/parts", "");
var partsResponse = partsRequest.executeWithCredentials(ssoUser, ssoPassword);

//System.log("get parts list response code: " + partsResponse.statusCode);
//System.log("get parts list response body: " + partsResponse.contentAsString);

//if the keyword seat is present in the parts list then it must be vCenter, not a PSC
//so if we do not find seat then we use a variable to later decide not to include the seat part
seatFound = partsResponse.contentAsString.indexOf("seat");
var psc = false;
if (seatFound < 1) {
    //seat was not found in the response fro the server so it must be a psc
    psc = true;
}
//System.log("seat: " + seat);
//System.log(seatFound);

//use the workflow attribute seat to decide whether or not to include the seat-part in the backup 
//but only when it's not a PSC
if ((seat === true) && (psc === false)) {
   var taskjson = 
    { "piece":
      {
          "location_type":"FTP",
          "comment":"Automatic backup " + backupDateTime ,
          "location":"ftp://"+ftpHost+"/appliancebackup/"+backupDateTime+"/"+appliance+"/",
          "location_user":ftpUser,
          "location_password":ftpPassword,
          "parts":["common","seat"] //backup both Inventory and Confgiuration and SEAT-part
      }
    }
}
else
{
   var taskjson = 
    { "piece":
      {
          "location_type":"FTP",
          "comment":"Automatic backup " + backupDateTime ,
          "location":"ftp://"+ftpHost+"/appliancebackup/"+backupDateTime+"/"+appliance+"/",
          "location_user":ftpUser,
          "location_password":ftpPassword,
          "parts":["common"] //only backup the mandatory common part with Inventory and Configuration
      }
    }
}

//create a backup job
request = restHosts[hostCounter].createRequest("POST", "https://" + appliance + "/rest/appliance/recovery/backup/job", JSON.stringify(taskjson));
request.setHeader("Accept", "application/json");
request.setHeader("Content-Type", "application/json");
var response = request.executeWithCredentials(ssoUser, ssoPassword);
var jobid = JSON.parse(response.contentAsString).value.id;
//System.log("response code: " + response.statusCode);
//System.log("response body: " + response.contentAsString);
System.log("backup job id: " + jobid);

var status = "INPROGRESS";
while (status == "INPROGRESS") {
  System.sleep(10000);
  request = restHosts[hostCounter].createRequest("GET", "https://" + appliance + "/rest/appliance/recovery/backup/job/" + jobid, "");
  request.setHeader("Accept", "application/json");
  response = request.executeWithCredentials(ssoUser, ssoPassword);
  status = JSON.parse(response.contentAsString).value.state;
  //System.log("response code: " + response.statusCode);
  //System.log("status: " + status);
  //System.log("response body: " + response.contentAsString);
}

System.log("Completion status: " + status);
 

 

 

Follow us on LinkedIn

  

   

   

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer