Last updated on Monday 28th of February 2022 08:52:48 PM

©XSIBackup  Executing jobs remotely from an external cron

 Please note that this post is relative to old deprecated software ©XSIBackup-Classic. Some facts herein contained may still be applicable to more recent versions though.

For new instalations please use new ©XSIBackup which is far more advanced than ©XSIBackup-Classic.

Some users like to centralize all of their commands in one Linux cron file, or want for some reason to execute XSIBackup jobs remotely. This is something that can be accomplished out of the box by: creating a script that contains the backup job and is invoked remotely, or by parsing a backup job as an SSH command.

As backup jobs contain all sort of characters that may need to be escaped in the remote SSH command, the former option is the easiest to set up, as it will free you from the, sometimes excruciating task, of running the command in verbose mode and escaping every character that may seem to need it, in some cases double or triple escaping could be necessary.

Before you can run remote schedules via cron on the ESXi box, you need to make sure you can run commands without the need to provide a password. The best, easiest and most secure way to achieve this is by using exchange key authentication method. The procedure is simple:

1 - Generate an OpenSSH RSA key pair.
2 - Copy the public key from the Linux system to the ESXi box authorized_keys file.
3 - Run a test command before adding it to the crontab (/etc/crontab).

Lest's see each step in detail:

1 - Generate an OpenSSH RSA key pair

This is done by means of the ssh-keygen binary, which in a Linux system is normally in its path.

ssh-keygen -t rsa -f mykey_id_rsa -q -N ''

Once you have your RSA key pair, which will normally be stored in /root/.ssh, you can just grab your pub key and put it at the end of the /etc/ssh/keys-root/authorized_keys file in your ESXi host.

2 - Copy the public key from the Linux system to the ESXi box authorized_keys file

SSH_KEY=$( cat "/root/.ssh/" );
ssh -p22 root@ "echo $SSH_KEY >> /etc/ssh/keys-root/authorized_keys"

Where is the IP of your ESXi system and 22 is the port it's running on. Of course, issue your remote's ESXi system root password when prompted.

3 - Run a test command before adding it to the crontab (/etc/crontab)

Now you should test commands to make sure they can be executed in the remote ESXi system, something as simple as this should suffice:

ssh -t -p22 root@ "echo HELLO-WORLD!!"

If you see "HELLO-WORLD!!" printed out in your Linux command prompt without any password being asked, then your key authentication is working and you are ready to add commands to your Linux cron that will be executed in the remote ESXi box.

Before ©XSIBackup Classic 9.1.5, redirection of program's output was done by default, since this version on, you do need to explicity state that you wish to redirect SSH output to your SSH client in order to run XSIBackup remotely. This is accomplished by using the -t option in the SSH command.

ssh -t root@ "/vmfs/volumes/datastore1/xsi-dir/"

In fact, it is the SSH client that is responsible for managing remote's output. From the SSH client man page:

-t Force pseudo-terminal allocation. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, e.g. when implementing menu services. Multiple -t options force tty allocation, even if ssh has no local tty

Depending on SSH's client default behaviour, you may need to use a double -tt argument.

You should as well be able to apply the same concept to run the same ©XSIBackup Classic job script from a Windows system. You can use Plink, an .executable companion to famous Putty, Power Shell's ssh client, or any other client of your choice. You should first generate an RSA key with your Putty client and copy it to the /etc/ssh/keys-root/authorized_keys file in your ESXi system. Once you have done so, just run Plink invoking the key you just generated, or even easier, just parse the password of your remote ESXi system as a Plink argument (less secure).

plink root@ -pw SecretRootPwd (/vmfs/volumes/datastore1/xsi-dir/

Once you have checked that your command runs fine manually you can add it to the Windows Task Manager and have that task be executed periodically as you would do from Linux cron service.