VCSA Auto Backup script

Version 2

    You can create Auto Backup of VCSA

    #Create Text File

    cd /usr/local/bin

    vim vcsabackup.sh

    #!/bin/bash

    ##### EDITABLE BY USER to specify vCenter Server instance and backup destination. #####

    VC_ADDRESS=172.29.8.24

    VC_USER=administrator@vsphere.local

    VC_PASSWORD=Isf@h@nS!te123

    FTP_ADDRESS=172.29.8.150

    FTP_USER=test

    FTP_PASSWORD=test

    BACKUP_FOLDER=test

    ############################

     

    # Authenticate with basic credentials.

    curl -u "$VC_USER:$VC_PASSWORD" \

        -X POST \

        -k --cookie-jar cookies.txt \

        "https://$VC_ADDRESS/rest/com/vmware/cis/session"

     

    # Create a message body for the backup request.

    TIME=$(date +%Y-%m-%d-%H-%M-%S)

    cat << EOF >task.json

    { "piece":

          {

              "location_type":"FTP",

              "comment":"Automatic backup",

              "parts":["seat"],

              "location":"ftp://$FTP_ADDRESS/$BACKUP_FOLDER/$TIME",

              "location_user":"$FTP_USER",

              "location_password":"$FTP_PASSWORD"

          }

    }

    EOF

     

    # Issue a request to start the backup operation.

    echo Starting backup $TIME >>backup.log

    curl -k --cookie cookies.txt \

        -H 'Accept:application/json' \

        -H 'Content-Type:application/json' \

        -X POST \

        --data @task.json 2>>backup.log >response.txt \

        "https://$VC_ADDRESS/rest/appliance/recovery/backup/job"

    cat response.txt >>backup.log

    echo '' >>backup.log

     

     

    # Parse the response to locate the unique identifier of the backup operation.

    ID=$(awk '{if (match($0,/"id":"\w+-\w+-\w+"/)) \

               print substr($0, RSTART+6, RLENGTH-7);}' \

              response.txt)

    echo 'Backup job id: '$ID

     

     

    # Monitor progress of the operation until it is complete.

    PROGRESS=INPROGRESS

    until [ "$PROGRESS" != "INPROGRESS" ]

    do

          sleep 10s

    curl -k --cookie cookies.txt \

            -H 'Accept:application/json' \

            --globoff \

            "https://$VC_ADDRESS/rest/appliance/recovery/backup/job/$ID" \

            >response.txt

          cat response.txt >>backup.log

          echo ''  >>backup.log

          PROGRESS=$(awk '{if (match($0,/"state":"\w+"/)) \

                          print substr($0, RSTART+9, RLENGTH-10);}' \

                         response.txt)

          echo 'Backup job state: '$PROGRESS

    done

     

     

    # Report job completion and clean up temporary files.

    echo ''

    echo "Backup job completion status: $PROGRESS"

    rm -f task.json

    rm -f response.txt

    rm -f cookies.txt

    echo ''  >>backup.log

     

     

    #exit  and save file with :wq

     

    go to /etc/pam.d/password-auth and write these

     

    # /etc/pam.d/password-auth

     

     

    #%PAM-1.0

    # This file is auto-generated.

    # User changes will be destroyed the next time authconfig is run.

    auth        required      pam_env.so

    auth        sufficient    pam_unix.so nullok try_first_pass

    auth        requisite     pam_succeed_if.so uid >= 500 quiet

    auth        required      pam_deny.so

    auth        [default=die] pam_faillock.so authfail deny=3 unlock_time=604800 fail_interval=900

    auth        required      pam_faillock.so authsucc deny=3 unlock_time=604800 fail_interval=900

     

     

    account     required      pam_unix.so

    account     sufficient    pam_localuser.so

    account     sufficient    pam_succeed_if.so uid < 500 quiet

    account     required      pam_permit.so

     

     

    password    requisite     pam_cracklib.so try_first_pass retry=3 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 minlen=12

    password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok

    password    required      pam_deny.so

     

     

    session     optional      pam_keyinit.so revoke

    session     required      pam_limits.so

    session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid

    session     required      pam_unix.so

     

     

    if not exist file usr/lib/security/pam_faillock.so/ create it.

     

    then create cron job for automatic backup

     

    Crontab –u root –e

    (Min) (Hour) * * * /usr/bin/sh  /usr/local/bin/vcsabackup.sh

     

    after that if use administrator@vsphere.local set permision

     

    find / -name “authentication_sso.py

    vim  /usr/lib/applmgmt/lib/extensions/py/vmware/appliance/extensions/authentication/authentication_sso.py

     

    fine this section

     

    digest_value = str(self.xpath(

    ‘//ds:DigestValue’, reference, expect=1)[0].text).replace(

    ‘\r’, ”).replace(‘\n’, ”)

     

    replace with

     

     

    digest_value = self.xpath(

    ‘//ds:DigestValue’, reference, expect=1)[0].text

     

    the end of

     

    service-control --stop applmgmt

    service-control --start applmgmt