Backup pfSense from Ubuntu 14.04

Back in mid 2016 Github user James Lavoy¬†released a python script to backup pfSense. I was excited because pfSense didn’t (and still doesn’t) have a built in backup scheduler. Sure, you can backup manually from the GUI, but I don’t trust myself to remember to do that after time I make a change to my config.

I downloaded the script and changed the necessary options to point it to my pfSense box and supplied the credentials necessary for backup. I unfortunately received the following error:

AttributeError: 'module' object has no attribute '_create_unverified_context'

I quickly found out that this was due to my OS running Python 2.7.6 and SSLContext was introduced Python 2.7.9.¬† I reported this issue on James’ Github and he suggested installing Python 2.7.9 or later from another ppa as coding around the issue would require a complete rewrite of the script.

James has updated the README.md to indicate this requirement but his instructions are a bit out of date. The ppa specified is not being maintained and the fkrull/deadsnakes ppa should be used instead. To install python 2.7.12 and mechanize and meet all requirements of this script run the following commands:

sudo add-apt-repository ppa:fkrull/deadsnakes
sudo apt-get update
sudo apt-get install python2.7 python-pip
pip install mechanize

Before running the script, make sure you edit it to point to your pfSense box’s IP address (and https port if necessary) and supply the correct credentials. Whether you are running this manually or automated you will need to specify the path for Python 2.7.9+ as it is not necessarily invoked by default by the “python” command. For example I have to run:

40 14 * * * /usr/local/lib/python2.7.12/bin/python /media/backups/pfsense-backup-master/pfsense_backup.py

In order to automate this, you’ll want to add a cron job. Do so by editing your crontab:

crontab -e

My crontab entry looks like this:

40 14 * * * /usr/local/lib/python2.7.12/bin/python /media/backups/pfsense-backup-master/pfsense_backup.py

This will run the script every day at 2:40 pm. Why 2:40? Why not?

Some may be wondering why I didn’t just upgrade my VM to Ubuntu 16.04. I tried and many services failed to load or lost their config after the upgrade, so I rolled back to a snapshot. 14.04 will continue to receive updates until 2019 as it is an “LTS” release and I anticipate migrating off the server by then anyway.

If you are like me and don’t need to be on the latest and greatest OS, but want to be able to use scripts like this, hopefully this will help.

OVA Template Deployment Stuck “Validating”? Try PowerCLI!

I recently made the switch from working as a customer to working as a Solutions Architect at a VAR. I had bought a number of Intel servers from various OEMs during my career but never Cisco UCS. However I have plenty of customers these days who are currently UCS customers or are interested in UCS in their infrastructure.

For this reason I decided to download the Cisco UCS Platform Emulator. The UCS Platform Emulator is a free tool that allows risk-free experimentation in a UCS manager environment. It can be downloaded as a .zip containing all virtual disks and metadata, or simply as a singly .ova file for easy deployment. Naturally I opted for the .ova file as I have a full vSphere environment running in my homelab thanks to VMUG Advantage.

Once I had the bits in hand I fired up the new HTML5 vSphere client and started the “Deploy OVF Template” wizard. Even though the new HTML5 client is new to me, the wizard was intuitive and similar to what I was previously used to with the C# client and Flash based vSphere Web Client. I hit a roadblock at one point though when the wizard display a message that it was “Validating” and appeared to make no progress.

Validating

Ooookay, well I guess I’ll fire up the Flash client, wait for it to load and deploy from there.

Unsupported

Well it looks like I can no longer deploy templates from the vSphere Web client in vSphere 6.5. Apparently my choices are troubleshooting the HTML5 client or nothing….or are they?

Enter PowerCLI

I’ve spent the last 12-16 months familiarizing myself with PowerCLI so this was the perfect opportunity to see if there was a way to deploy my template without the need of the GUI. I quickly found the Import-Vapp cmdlet which is thoroughly documented here.

Running through the options available I constructed the test below:

Import-VApp -Source \\192.168.2.6\Data\HomeLab\CiscoUCS\UCSPE_3.1.2e.ova -Name UCSPE -VMHost (Get-VMHost -Name esx06.kennalbone.com) -Datastore (Get-Datastore -Name NFS-FS2-ProductionFast) -DiskStorageFormat Thin -Location (Get-ResourcePool -Name Normal) -Whatif
What if: Performing the operation "Importing '\\192.168.2.6\Data\HomeLab\CiscoUCS\UCSPE_3.1.2e.ova'" on target "Host 'esx06.kennalbone.com'".

Adding -Whatif allows testing before making any actual changes to objects in PowerCLI/PowerShell. With this test behind me I dropped the -WhatIf parameter and deployed my OVA file for real.

Import-VApp -Source \\192.168.2.6\Data\HomeLab\CiscoUCS\UCSPE_3.1.2e.ova -Name UCSPE -VMHost (Get-VMHost -Name esx06.kennalbone.com) -Datastore (Get-Datastore -Name NFS-FS2-ProductionFast) -DiskStorageFormat Thin -Location (Get-ResourcePool -Name Normal)

The deployment went by so quickly I wasn’t sure if everything completed properly. A quick check with “Get-VM” showed that the new VM did exist.

Get-VM -Name UCSPE

Name                 PowerState Num CPUs MemoryGB
----                 ---------- -------- --------
UCSPE                PoweredOff 1        1.000

A quick power on and check of the VM console showed that the VM was in fact deployed and booting properly.

VMConsoleWindow

You can try this for yourself. Just replace the text in the brackets with the necessary information in your own environment.

Import-VApp -Source <FullPathtoTemplate.ova> -Name <VMName> -VMHost (Get-VMHost -Name <ESXiHostName>) -Datastore (Get-Datastore -Name <DatastoreName>) -DiskStorageFormat Thin -Location (Get-ResourcePool -Name <ResourcePoolName>)