Backup and Restore of VMware Cloud Director Appliance

You can create backups that you can use to restore your VMware Cloud Director environment after a failure.

Back Up the Primary VMware Cloud Director Appliance Version 10.3.1 and Later

Starting with VMware Cloud Director 10.3.1 and later, you can use the VMware Cloud Director appliance management user interface to back up the primary appliance.

Prerequisites

Verify that the cluster health is with HEALTHY status. See View the VMware Cloud Director Appliance Cluster Health and Failover Mode.

Procedure

Log in as root to the appliance management UI of the primary, standby, or application cell at https://cell_eth0_ip_address:5480.
In the left panel, click the Backup tab.
On the Backup page you can see a list of previous backups.
Click Backup Now.
To confirm the backup, click Backup.
VMware Cloud Director appliance creates the backup files in the /opt/vmware/vcloud-director/data/transfer/backups directory. The backups for the earlier VMware Cloud Director versions are located in the /opt/vmware/vcloud-director/data/transfer/pgdb-backup directory. However, earlier version backups are incompatible with VMware Cloud Director 10.3.1 and later.
When the backup finishes, click Close.

Results

The newly created file appears in the list of backups. The backup name is in the format backup-date-time-format.tgz. For VMware Cloud Director appliance 10.3.2 and later, the backup name is in the format backup-date-time-format.zip.

What to do next

If you do not expect to restore the system to version 10.3 or earlier, you can delete the backups in the /opt/vmware/vcloud-director/data/transfer/pgdb-backup directory.
If you do not expect to restore the system to version 10.3.1, you can delete the backups in the /opt/vmware/vcloud-director/data/transfer/backups directory.
Starting with VMware Cloud Director 10.3.2, you can delete any unnecessary 10.3.2 and later backups by using the VMware Cloud Director appliance management user interface or the VMware Cloud Director appliance API. For information on how to use the VMware Cloud Director appliance API, see the VMware Cloud Director Appliance API Reference.

Back Up the Embedded Database of VMware Cloud Director 10.3 Appliance

If your VMware Cloud Director 10.3 environment consists VMware Cloud Director appliance deployments with embedded PostgreSQL databases, you can back up the VMware Cloud Director database from the primary cell. The resulting .tgz file is stored on the NFS shared transfer service storage location.

Note: This procedure is for VMware Cloud Director version 10.3. For VMware Cloud Director 10.3.1 and later, see Back Up the Primary VMware Cloud Director Appliance Version 10.3.1 and Later.

Prerequisites

Verify that the cluster health is with HEALTHY status. See View the VMware Cloud Director Appliance Cluster Health and Failover Mode.

Procedure

Log in directly or by using an SSH client to the primary cell as root.
Navigate to /opt/vmware/appliance/bin.
Run the create-db-backup command.

Results

On the NFS shared transfer service storage, in the vcloudapp.nfs_mount.VMware_vCloud_Director/pgdb-backup/ directory, you can see the newly created db-backup-date_time_format.tgz file. The .tgz file contains the database dump file, the global.properties, responses.properties, certificates, proxycertificates, and truststore files of the primary cell.

Restore the Primary VMware Cloud Director Appliance Version 10.3.1 and Later

Starting with version 10.3.1, to restore the primary appliance, you can use the VMware Cloud Director appliance management UI. If an HA cluster fails, for example, during a failed upgrade, you can use a backup to restore the primary, instead of using a VM snapshot.

Prerequisites

Verify that you have a backup file of the primary appliance. See Back Up the Primary VMware Cloud Director Appliance Version 10.3.1 and Later.
Deploy one primary database cell. The newly deployed primary appliance version must match the backup appliance version. If you reuse the IP of the primary appliance, you do not need to replace the application cells later on. See Deployment and Initial Configuration of the VMware Cloud Director Appliance.
Power-off the standby cells of the failed HA cluster.

Procedure

Log in as root to the appliance management UI of the newly deployed primary cell at https://primary_eth0_ip_address:5480.
In the left panel, click the Restore from Backup tab.
Enter the path that contains the backups directory, for example, remote_target:/data/transfer.
The NFS mount and the share containing the backups directory must have 750 permission and vcloud.vcloud ownership.
When the validator confirms the NFS share, click Next.
Select the backup that you want to use to restore the primary appliance, and click Next.
By default, only the backups with a compatible version appear. You can sort the backups by date, or filter the backups by the appliance version.
(Optional) If your VMware Cloud Director appliance is version 10.3.3 or later, select which certificates you want to restore from the backup.
For the restored appliance, you can reuse the HTTP certificate, the console proxy certificate, or both.
Enter the path to the transfer share for the restored primary appliance.
You can use the same NFS share, or enter a new share for the restored appliance.
When the validator confirms the NFS share, click Restore.
When the restore operation completes successfully, click Close.

What to do next

Deploy or restore additional standby and application cells.
- To deploy additional cells, see Deployment and Initial Configuration of the VMware Cloud Director Appliance.
- Starting with VMware Cloud Director 10.3.3, similarly to restoring the primary appliance, you can restore additional cells by using the VMware Cloud Director appliance management UI. When restoring additional cells, if the HTTP and console proxy certificates are referencing to the transfer share path, VMware Cloud Director configures the cells to use the same certificates as the primary appliance. If the HTTP and console proxy certificates are referencing a local path and have the same key-password as root, VMware Cloud Director configures the additional cells to use self-signed certificates.
If the failover mode before the restore was Automatic, you must set it again to Automatic by using the VMware Cloud Director appliance API.
If the VMware Cloud Director appliance FIPS mode was on before the restore, you must set it again by using the VMware Cloud Director appliance API.
The cell FIPS mode restores automatically.

Restore a VMware Cloud Director 10.3 Appliance Environment with an HA Database Configuration

If you backed up the embedded PostgreSQL database of a VMware Cloud Director appliance environment with an High Availability database configuration, you can deploy a new appliance cluster and restore the appliance database in it.

The restore workflow includes three major stages.

Copying the embedded database backup .tar file from the transfer service NFS shared storage.
Restoring the database to the embedded database primary and standby cells.
Deploying any required application cells.

Prerequisites

Verify that you have a backup .tar file of the embedded PostgreSQL database. See Back Up the Embedded Database of VMware Cloud Director 10.3 Appliance.
Deploy one primary database cell and two standby database cells. See Deployment and Initial Configuration of the VMware Cloud Director Appliance.
If you want the new appliance cluster to use the NFS server of the previous environment, create and export a new directory on the NFS server as the new share. The existing mountpoint cannot be reused.

Procedure

On the primary and standby cells, log in as root, and run the command to stop the VMware Cloud Director service.
```
service vmware-vcd stop
```
On the primary and standby cells, copy the backup .tar file to the /tmp folder.
If there is not enough free space on the /tmp folder, use another location to store the .tar file.
On the primary and standby cells, untar the backup file at /tmp.
```
tar -zxvf db-backup-date_time_format.tgz
```
In the /tmp folder, you can see the extracted global.properties, responses.properties, certificates.pem, certificates.key, proxycertficates.pem, proxycertficates.key, truststore.pem, and the database dump file named vcloud_date_time_format.

Note: The truststore.pem file is only available for VMware Cloud Director 10.2.2 and later.

On the primary cell only, log in as root to the console and run the following commands.

Drop the vcloud database.

sudo -i -u postgres /opt/vmware/vpostgres/current/bin/psql -c 'DROP DATABASE vcloud;'

Run the pg_restore command.

sudo -i -u postgres /opt/vmware/vpostgres/current/bin/pg_restore -C -d postgres /tmp/vcloud_date_time_name

On the primary and standby cells, save a copy of the configuration data files, replace them, and reconfigure and start the VMware Cloud Director service.
1. Back up the properties, certificates, private keys, and truststore files.
  The global.properties, responses.properties, certificates.pem, certificates.key, proxycertificates.pem, proxycertificates.key, user.http.pem, user.http.key, user.consoleproxy.pem, user.consoleproxy.key, and truststore.pem files are at /opt/vmware/vcloud-director/etc/.
```
cd /opt/vmware/vcloud-director/etc
mkdir -p backup
cp global.properties responses.properties certificates.* proxycertificates.* truststore.* user.* backup
```
2. Copy and replace the properties, certificates, private keys, and truststore files from the backup files that you extracted at Step 3.
```
cd /tmp
cp global.properties responses.properties certificates.* proxycertificates.* truststore.* user.* /opt/vmware/vcloud-director/etc/
```
3. Run the following commands to reconfigure the VMware Cloud Director service.
```
/opt/vmware/vcloud-director/bin/configure --unattended-installation --database-type postgres --database-user vcloud \
--database-password db_password_new_primary --database-host eth1_ip_new_primary --database-port 5432 \
--database-name vcloud --uuid --cert /opt/vmware/vcloud-director/etc/user.http.pem --key /opt/vmware/vcloud-director/etc/user.http.key --key-password key_password --consoleproxy-cert /opt/vmware/vcloud-director/etc/user.consoleproxy.pem --consoleproxy-key /opt/vmware/vcloud-director/etc/user.consoleproxy.key --consoleproxy-key-password key_password --primary-ip appliance_eth0_ip \
--console-proxy-ip appliance_eth0_ip --console-proxy-port-https 8443 
```
```
/opt/vmware/vcloud-director/bin/cell-management-tool reconfigure-database --database-ssl true
```
  Where:
  - The --key-password and --consoleproxy-key-password options match the passwords for the private keys on the appliance. The private key password might be the root password you used during the appliance deployment.
  - The --database-password option matches the database password that you set during the appliance setup in the VMware Cloud Director appliance management UI at https://appliance_eth0_ip:5480.
  - The --database-host option matches the eth1 network IP address of the primary database appliance.
  - The --primary-ip value matches the eth0 network IP address of the appliance cell that you are restoring. This is not the primary database cell IP address.
  - The --console-proxy-ip option matches the eth0 network IP address of the appliance that you are restoring.
  For troubleshooting information, see Reconfiguring the VMware Cloud Director Service Fails When Migrating or Restoring to VMware Cloud Director Appliance.
4. Run the command to start the VMware Cloud Director service.
```
service vmware-vcd start
```
  You can monitor the progress of the cell startup at /opt/vmware/vcloud-director/logs/cell.log.
(Optional) Deploy any additional application cells. See Deployment and Initial Configuration of the VMware Cloud Director Appliance.
If the new appliances use different IPs than the original appliances that you are replacing, you must update the configuration of the load balancer which fronts the VMware Cloud Director server group to include the IPs of the new appliances.
After all cells of the server group finish the startup process, verify that the restore of your VMware Cloud Director environment is successful.
1. Open the VMware Cloud Director Service Provider Admin Portal by using the eth0 network IP address of any cell from the new server group, https://et0_IP_new_cell/provider.
  If you updated the load balancer configuration as per step 7, you must use the public address of the server group to access the Service Provider Admin Portal.
2. Log in to the Service Provider Admin Portal with your existing system administrator credentials.
3. Validate that your vSphere and cloud resources are available in the new environment.
After the successful verification of the database restore, use the Service Provider Admin Portal to delete the disconnected cells that belong to the old VMware Cloud Director environment.
1. From the top navigation bar, under Resources, select Cloud Resources.
2. In the left panel, click Cloud Cells.
3. Select an inactive cell and click Unregister.
If the failover mode before the restore was Automatic, you must set it again to Automatic by using the VMware Cloud Director appliance API.
If the VMware Cloud Director appliance FIPS mode was on before the restore, you must set it again by using the VMware Cloud Director appliance API.
The cell FIPS mode restores automatically.