[Home] [Forum]

The configuration files for ESXi are stored in /bootbank/state.tgz (/bootbank/local.tgz when running from a flash device). At one minute past the hour the script auto-backup.sh is executed. This is controlled by the file /var/spool/cron/crontabs/root which contains the following command:

01 * * * * /sbin/auto-backup.sh #first minute of every hour (run every hour)

This script is also run when the host is rebooted or shutdown. The auto-backup.sh script kicks off the script file /sbin/backup.sh. This script determines which files are to be included in state.tgz. With ESXi 4.1 Update 1 line 368 of the script contains the following code:

filestosave=$(find etc -follow -type f -name ".#*" 2> /dev/null | \
 sed 's/\.#\(.*\)/\1/g' | \
 while read name; do [ -f "${name}" ] && echo "${name}"; done)

The code essentially looks through /etc for files that begin with .#. Each of these files has a corresponding filename that omits .#. For example if you execute the command ls -a /etc/vmware/ you see the files .#esx.conf and esx.conf. The file esx.conf is backed up into state.tgz. If you extract the contents of state.tgz you will find that no .# files exist. These files are created when ESXi boots and extracts the contents of state.tgz. You will also find that you are not able to create a that starts with .#. If you try you typically receive the following error: Operation not permitted.

So how do you add a file to state.tgz? If you extract the file, add your desired changes, and then retar the file, the changes you make are overwritten when ESXi performs its next automated backup. To add a file to state.tgz you must change the file /sbin/backup.sh. Let's say you want to change the password policy for the host and need to change the file /etc/pam.d/system-auth. This file is not backed up so any changes are lost when the host is rebooted. You could create a custom oem.tgz file, but it is an easy and quick change to add the file to state.tgz.To do this change the line from backup.sh shown above to the following. Essentially the portion in bold has been added.

filestosave=$(find etc -follow -type f -name ".#*" -o -name "system-auth" 2> /dev/null | \
 sed 's/\.#\(.*\)/\1/g' | \
 while read name; do [ -f "${name}" ] && echo "${name}"; done)

You can then run /sbin/auto-backup.sh 0 /bootbank/ to run a backup immediately. Now changes to backup.sh are lost when the host is rebooted. This will not be a problem as the files you have added to state.tgz will be extracted with a corresponding .# file and thus will continue to be backed up. Please note that changing system configuration files such as system-auth can have a negative consequence should a future upgrade of ESXi require specific settings within a file. As state.tgz is one of the last files extracted during the boot process, files in state.tgz overwrite updated files that a patch or upgrade for ESXi may change.


Name (required)

Web Site (optional)

Email address (required - will not be displayed)

Comment (required)

Please enter code


Copyright © 2011 - Dave Mishchenko