Previously in this article (Use an SFTP server to back up the configuration files of the VCF core components.This article follows up on the topic of configuring and backing up the configuration files for the SDDC Manager component in a VCF environment in Section 3.2.1.1 (Configuring and Backing Up the Configuration Files for the SDDC Manager Component in a VCF Environment), and looks at how the backed up configuration files can be used for restore and recovery in the event that the SDDC Manager component fails unexpectedly.
I. Checking the SDDC Manager
Before performing a restore, ensure that the SDDC Manager component has an up-to-date file-based backup. Navigate to SDDC Manager UI->Administration->Backups->SDDC Manager Configuration and you should be able to see the latest backup status. Note, I was able to verify the status of the backups since this environment was a simulated SDDC Manager failure, if it was a real environment where SDDC Manager has failed, just make sure that the backup server has the latest configuration backup file for that component.
Log in to the SFTP backup server and check the configuration backup file of the SDDC Manager component to make sure that the backup configuration file is up-to-date; the restore process will be performed based on the latest backup configuration file.
Install tar on the SFTP server to support decompression.
yum install -y tar jq
Copy the latest configuration backup file to the current directory, and then use the following command to extract the backup file. Note: After running the command, you need to enter the "Encryption Password Phrase" that you set when you backed up the SDDC Manager configuration file.
OPENSSL_FIPS=1 openssl enc -d -aes-256-cbc -md sha256 -in | tar -xz
Go to the extracted directory and use the following command to view the configuration file metadata. Note that some of the parameters specified later when deploying the SDDC Manager OVA template must match the information here.
cat | jq
Use the following command to view the security keys of the components in the configuration file. You need to remember the key of the BACKUP user; the key configuration of this user needs to be consistent when you deploy the SDDC Manager OVA template later.
cat security_password_vault.json | jq
Deploying SDDC Manager
According to the content of the configuration backup file, you can get the download link of the SDDC Manager OVA file, when you visit this link, it will jump to the Broadcom Support Portal (BSP) for authentication, and the file will be downloaded automatically after successful authentication. In fact, we can also directly log into the Broadcom Support Portal (BSP), and then download the file in the following figure, the file name is "VCF-SDDC-Manager-Appliance-5.2.0.".
Log in to the VCF management domain vCenter Server (vSphere Client) and shut down the SDDC Manager virtual machine to simulate an unexpected failure of this component, while renaming the current SDDC Manager virtual machine to a different name.
Navigate to the cluster (vcf-mgmt01-cluster01) and right-click Deploy OVF Template to start deploying the new SDDC Manager VM.
Select Local Upload SDDC Manager OVA Template File and click the next page.
Set the name of the new SDDC Manager virtual machine and select the location of the virtual machine folder, click Next.
Select the compute resources used by the new SDDC Manager VM and click the next page.
To verify the details of the SDDC Manager OVA template, click the next page.
Accept the license agreement and click on the next page.
Select the storage location for the new SDDC Manager VM and click the next page.
Select the destination network for the new SDDC Manager VM and click the next page.
Configure the user password, host name, and network information for the new SDDC Manager, click the next page.
Check all configuration information and click Finish.
After the SDDC Manager OVA module has been successfully imported, create a snapshot of that VM and power it on.
After a few moments, access the SDDC Manager UI and the status shows Initialization in Progress and you can continue with the subsequent steps.
III. ReductionSDDC Manager
Log in to the SFTP server and use the scp command to copy the SDDC Manager configuration backup file to the tmp directory of the newly deployed SDDC Manager virtual machine. Note, you need to enter the password of the vcf user for authentication after running the command.
scp /backup/vcf/sddc-manager-backup/ vcf@:/tmp/
Use the following API commands to obtain an access token for the new SDDC Manager to perform authentication, and create a "TOKEN" variable with the obtained value for later API commands to bring in. Note: The admin@local user and password must be filled in the actual environment.
TOKEN=`curl /v1/tokens -k -X POST -H "Content-Type: application/json" -d '{"username": "admin@local","password": "Vcf520@password"}' | awk -F "\"" '{ print $4}'`
Use the following API commands to perform the SDDC Manager restore process based on a file backup. Note, the value after passphrase needs to be filled in with the encrypted passphrase set during the backup.
curl /v1/restores/tasks -k -X POST -H "Content-Type: application/json" -H "Authorization: Bearer $TOKEN" \
-d '{
"elements" : [ {
"resourceType" : "SDDC_MANAGER"
} ],
"backupFile" : "/tmp/",
"encryption" : {
"passphrase" : "VCF520@password"
}
}'
Based on the results of the above API commands, you can get the ID of the task, and use the following API commands to view the execution status of this task and subtasks.
curl /v1/restores/tasks/6bab2eb0-dd67-4b47-86e8-b6318f5eef66 -k -X GET -H "Content-Type: application/json" -H "Authorization: Bearer $TOKEN" | jq
Use the following API commands to repeatedly check the status of the task. When the result is "SUCCESSFUL", the restore is successful.
curl /v1/restores/tasks/6bab2eb0-dd67-4b47-86e8-b6318f5eef66 -k -s -X GET -H "Content-Type: application/json" -H "Authorization: Bearer $TOKEN" | jq -r '.| [.id, .name, .status ]'
IV. ValidationSDDC Manager
If all went well, you should be able to successfully log in to the SDDC Manager UI. navigate to the SDDC Manager dashboard, and in the Recent Tasks column, the task for this restore is displayed, and the result is a Successful status.
Navigating to Inventory-> Workload Domains/Hosts, all workload domains and hosts in the VCF environment are in the same state as they were.
Navigating to Admin-> Library Settings/Backup, the SDDC Manager is configured exactly as it was before.
The health status of the VCF environment can subsequently be checked by using the SoS utility on SDDC Manager and running the sudo /opt/vmware/sddc-support/sos --health-check command, for more content and details check out this article (Use the SoS utility to check the operational status of the VCF environment and to collect logging information about related components.)。