Save to My DOJO
Performing regular ESXi backup configuration should be part of your data and configuration protection strategy. Doing this, allows you to quickly restore a host to a known working state using PowerCLI, vSphere CLI, or ESXi shell commands instead of going through the process of doing it manually.
In a couple of previous posts, namely The perils of enabling DirectPath I/O on ESXi and How to roll back to a previous ESXi version, I wrote about how the ESXi backup configuration is done automatically to a file called state.tgz at 1-hour intervals using a script triggered via a cron job.
The added content of this post is that it brings the ability to export state.tgz using one-liner commands for an even faster ESXi backup configuration. Better still, you can put together a script that backs up the configuration of one or more ESXi hosts. You can then automate the ESXi backup configuration process using either the Windows job scheduler or perhaps a cron job running on a Linux machine. The only issue with automating the ESXi backup configuration process is how one handles passwords, more so if the root password is different for every host or frequently changed as part of a company security policy.
Restoring an ESXi backup configuration is very easy as we are about to see.
Even though I’m targeting ESXi 6.5, the ESXi backup configuration procedure equally applies to earlier and later releases of ESXi going back to version 4.0! However, do refer to the ESXi release’s documentation to verify ESXi command line functionality before moving into production to backup and restore ESXi host configuration of course.
Before starting here, it is important to make the distinction between the operation of backup VMware ESXi virtual machines, which you can do with Altaro VM Backup, and backing up the vSphere host configuration.
The backup VMware ESXi virtual machines will ensure that the disks and configuration files of your virtual machines are safely stored on a repository from which you can restore the VM itself or individual files, while the latter will save you time pushing the configuration of a vSphere host after reinstalling it.
Note that there are other options to provision and backup ESXi hosts even faster-using features such as auto-deploy paired with vSphere host profile. Third-party vendors like DellEMC even offer software solutions to install and configure new hosts with a vCenter plugin like Dell EMC OpenManage Integration for VMware vCenter.
If you don’t have PowerCLI installed, refer to our bible on the topic and download it. Once installed, make sure to run PowerCLI as an administrator.
To trigger the ESXi backup configuration, use the Get-VMHostFirmware cmdlet. In the example shown next, I backed up the ESXi configuration for host 192.168.29.10 to the c:\esxi_backups folder on my laptop. Note that you must first establish a connection to the host using the Connect-VIServer cmdlet.
Connect-VIServer 192.168.28.10 -user root -password <password>
Get-VMHostFirmware –vmhost 192.168.28.10 -BackupConfiguration -DestinationPath c:\esxi_backups
Using PowerCLI to backup the configuration of an ESXi host
Set-VMHost -VMHost 192.168.28.10 -State Maintenance
Use the Set-VMHost PowerCLI cmdlet to put a host in maintenance mode
When ESXi is in maintenance mode, use the Set-VMHostFirmware PowerCLI command to restore the host’s configuration from a previous ESXi backup configuration.
Note 1: The host will reboot automatically after running the command, so make sure to power off or migrate any VMs hosted on it!
Note 2: The build number and UUID of the host you’re restoring to, must match those backed up. The UUID check can be skipped by adding the -force parameter to the Set-VMHost cmdlet. The cmdlet fails to run if there’s a mismatch in the build number. Always make sure you restore to the correct host to safeguard the integrity of your environment, i.e., to avoid any mismatch with the esxi build numbers.
Set-VMHost -VMHost 192.168.28.10 -State Maintenance
Set-VMHostFirmware -vmhost 192.168.28.10 -Restore -SourcePath C:\esxi_backups\configBundle-192.168.28.10.tgz -HostUser root -HostPassword <password>
Restoring the ESXi backup configuration of a host using PowerCLI
ESXi’s vim-cmd command line utility allows you to backup and restore the ESXi backup configuration directly from the shell. To do this, enable SSH on the host and use putty to log in as root. Once you’re in, run the following two commands in the given order. You are given a URL which you’ll use to download the TGZ bundle from the host using a standard browser. Note that you need the replace the * character in the URL with the IP address of the ESXi host. I am not quite sure why the IP address of the host is not included from the start.
Using vim-cmd from the ESXi command line to start the ESXi backup configuration
Just like the PowerCLI method, you must first put the ESXi host in maintenance mode before you’re able to restore from a configuration backup file. To do this, we’re still using vim-cmd. You also need to copy the backup file to a folder on the ESXi host using something like WinSCP. The host will then reboot to complete the ESXi backup and restore process.
vim-cmd hostsvc/firmware/restore_config /tmp/configBundle-esx-pn1.vsphere65.local.tgz
Note that you shouldn’t really use the vSphere CLI anymore as VMware is phasing it out in favor of ESXCLI or the Perl SDK but this content is still very relevant to a number of folks out there!
The download of vSphere CLI is still available on the VMware website here. On Windows machines, CLI commands consisting of Perl script are run from the default location C:\Program Files (x86)\VMware\VMware vSphere CLI\bin. Since we’re dealing with Perl scripts, one must also install a Perl interpreter. The ones suggested by VMware can be downloaded from here or here.
vSphere CLI consists of a series of Perl scripts. A Perl interpreter needs to be installed prior to installing vSphere CLI
For this post, I chose to download the Strawberry release. Note, after installing Strawberry, you must add c:\strawberry\c\bin to %path% on Windows to avoid running into missing DLL issues like what’s shown next. To this just open an administrative prompt and type path=%path%;c:\strawberry\c\bin. The change will only persist for the current ESXi command line session. If you want the path change to stick, go to System Properties and edit it by clicking on the Environment Variables button in Windows.
Perl installations require you to modify the path environment variable to include the DLL folder which would otherwise result in the type of error shown
Modifying the path environment variable to include the path to the Perl’s interpreter DLL folder
The Perl script we need to run is called vicfg–cfgbackup. This is used to carry out both backup and restore operations. To start the ESXi backup configuration, follow the procedure described next.
- Open an administrative command prompt.
- Run cd \”Program Files (x86)\VMware\VMware vSphere CLI\bin”.
- Run vicfg-cfgbackup.pl –server=<host IP address> –username=root -s <backup filename>.
- Type in the ESXi’s root password.
Using vicfg-cfgbackup to back up an ESXi’s configuration
To restore back from a specific ESXi backup configuration file, follow the same ESXi backup procedure only this time replacing the -s parameter with -l. The next screenshot illustrates the process. You’ll be warned that the host will reboot. Typing yes, completes the restore process.
vicfg-cfgbackup.pl –server=192.168.16.69 –username=root -l c:\esxi_backups\16_69_esxiconfig.tgz
The vicfg-cfgbackup command is used for both backups and restores
To properly protect your VMware environment, use Altaro VM Backup to securely backup and replicate your virtual machines. We work hard perpetually to give our customers confidence in their VMware backup strategy.
To keep up to date with the latest VMware best practices, become a member of the VMware DOJO now (it’s free).
Ensuring a solid ESXi backup configuration pays in the long run. Even more so if you do this on a frequent basis. Scheduled backups allow you to restore to the latest known working ESXi backup configuration. You can easily learn about what’s being backed up and/or restored by uncompressing the ESXi backup configuration and examining the contents.
Keep uncompressing until you end up with the /etc folder and examine the contents. This will give you an idea of when a restore might come in handy. So, for instance, the passwd file hints at the possibility of recovering from a forgotten root password if you have a very recent ESXi backup.
Note that it is good to backup regularly, but it is also a good measure to test the backup and restore the ESXi host configuration process in its entirety by restoring a host every once in a while to ensure that it actually works.
That’s it for today. If you found this post useful or have any feedback on what’s been discussed, drop me a comment below.
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!