使用 Azure CLI 還原 Azure 受控磁碟
本文描述如何使用 Azure CLI,從 Azure 備份所建立的還原點,來還原 Azure 受控磁碟。
重要
透過 CLI 支援 Azure 受控磁碟的備份與還原,目前仍處於預覽階段,在 Az 2.15.0 版與更新版本中會以延伸模組的形式提供。 該延伸模組將會在您執行 az dataprotection 命令時自動安裝。 深入了解擴充功能。
目前,不支援還原的 [原始位置復原 (OLR)] 選項,其會以執行備份的磁碟,取代現有來源磁碟。 您可以從復原點還原,在來源磁碟的相同資源群組或任何其他資源群組中,建立新的磁碟。 這就是所謂的替代位置復原 (ALR)。
在本文中,您將學會如何:
還原以建立新的磁碟
追蹤還原作業狀態
我們將會參考範例中,資源群組 testBkpVaultRG 下現有的備份保存庫 TestBkpVault。
還原到新建立的磁碟
設定權限
備份保存庫會使用受控識別來存取其他 Azure 資源。 若要從備份進行還原,備份保存庫的受控識別需要對還原磁碟的資源群組,有一組權限。
備份保存庫會使用系統指派的受控識別,限制為每個資源一個受控識別,並將其繫結至此資源的生命週期。 您可以使用 Azure 角色型存取控制 (Azure RBAC),授與受控識別的權限。 受控識別是可能僅適用於 Azure 資源之特殊類型的服務主體。 深入了解受控識別。
對將要還原/建立磁碟的目標資源群組 (如此處所述) 上,指派保存庫之系統指派的受控識別相關權限。
擷取相關復原點
使用 az dataprotection backup-instance list 命令,列出保存庫中的所有備份執行個體,然後使用 az dataprotection backup-instance show 命令,擷取相關執行個體。 或者,若為大規模的情況,可以使用 az dataprotection backup-instance list-from-resourcegraph 列出保存庫與訂閱之間的備份執行個體
az dataprotection backup-instance list-from-resourcegraph --datasource-type AzureDisk --datasource-id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourcegroups/diskrg/providers/Microsoft.Compute/disks/CLITestDisk
[
{
"datasourceId": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourcegroups/diskrg/providers/Microsoft.Compute/disks/CLITestDisk",
"extendedLocation": null,
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/testBkpVaultRG/providers/Microsoft.DataProtection/BackupVaults/TestBkpVault/backupInstances/diskrg-CLITestDisk-3df6ac08-9496-4839-8fb5-8b78e594f166",
"identity": null,
"kind": "",
"location": "",
"managedBy": "",
"name": "diskrg-CLITestDisk-3df6ac08-9496-4839-8fb5-8b78e594f166",
"plan": null,
"properties": {
"currentProtectionState": "ProtectionConfigured",
"dataSourceInfo": {
"baseUri": null,
"datasourceType": "Microsoft.Compute/disks",
"objectType": "Datasource",
"resourceID": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourcegroups/diskrg/providers/Microsoft.Compute/disks/CLITestDisk",
"resourceLocation": "westus",
"resourceName": "CLITestDisk",
"resourceType": "Microsoft.Compute/disks",
"resourceUri": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourcegroups/diskrg/providers/Microsoft.Compute/disks/CLITestDisk"
},
"dataSourceProperties": null,
"dataSourceSetInfo": null,
"datasourceAuthCredentials": null,
"friendlyName": "CLITestDisk",
"objectType": "BackupInstance",
"policyInfo": {
"policyId": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/testBkpVaultRG/providers/Microsoft.DataProtection/BackupVaults/TestBkpVault/backupPolicies/DiskPolicy",
"policyParameters": {
"dataStoreParametersList": [
{
"dataStoreType": "OperationalStore",
"objectType": "AzureOperationalStoreParameters",
"resourceGroupId": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/snapshotrg"
}
]
},
"policyVersion": null
},
"protectionErrorDetails": null,
"protectionStatus": {
"errorDetails": null,
"status": "ProtectionConfigured"
},
"provisioningState": "Succeeded"
},
"protectionState": "ProtectionConfigured",
"resourceGroup": "testBkpVaultRG",
"sku": null,
"subscriptionId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"tags": null,
"tenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"type": "microsoft.dataprotection/backupvaults/backupinstances",
"vaultName": "TestBkpVault",
"zones": null
}
]
識別出執行個體之後,請使用 az dataprotection recovery-point list 命令,擷取相關復原點。
az dataprotection recovery-point list --backup-instance-name diskrg-CLITestDisk-3df6ac08-9496-4839-8fb5-8b78e594f166 -g testBkpVaultRG --vault-name TestBkpVault
{
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/testBkpVaultRG/providers/Microsoft.DataProtection/BackupVaults/TestBkpVault/backupInstances/diskrg-CLITestDisk-3df6ac08-9496-4839-8fb5-8b78e594f166/recoveryPoints/5081ad8f1e6c4548ae89536d0d45c493",
"name": "5081ad8f1e6c4548ae89536d0d45c493",
"properties": {
"friendlyName": "0f598ced-cbfe-4169-b962-ee94b0210490",
"objectType": "AzureBackupDiscreteRecoveryPoint",
"policyName": "DiskPSPolicy2",
"policyVersion": null,
"recoveryPointDataStoresDetails": [
{
"creationTime": "2021-06-08T09:01:57.708319+00:00",
"expiryTime": "2021-06-15T09:01:57.708319+00:00",
"id": "c2ad4629-f2ef-49b6-b3f8-50f3eb5404f4",
"metaData": null,
"rehydrationExpiryTime": null,
"rehydrationStatus": null,
"state": "COMMITTED",
"type": "OperationalStore",
"visible": true
}
],
"recoveryPointId": "5081ad8f1e6c4548ae89536d0d45c493",
"recoveryPointTime": "2021-06-08T09:01:57.708319+00:00",
"recoveryPointType": "Incremental",
"retentionTagName": "Default",
"retentionTagVersion": "637553616953961153"
},
"resourceGroup": "testBkpVaultRG",
"systemData": null,
"type": "Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints"
},
{
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/testBkpVaultRG/providers/Microsoft.DataProtection/BackupVaults/TestBkpVault/backupInstances/diskrg-CLITestDisk-3df6ac08-9496-4839-8fb5-8b78e594f166/recoveryPoints/039322cc563049bcbdb77bd695d4c02c",
"name": "039322cc563049bcbdb77bd695d4c02c",
"properties": {
"friendlyName": "af6512b6-aa38-4966-b8e1-660c4eccdc0d",
"objectType": "AzureBackupDiscreteRecoveryPoint",
"policyName": "DiskPSPolicy2",
"policyVersion": null,
"recoveryPointDataStoresDetails": [
{
"creationTime": "2021-06-08T05:01:55.426507+00:00",
"expiryTime": "2021-06-15T05:01:55.426507+00:00",
"id": "c2ad4629-f2ef-49b6-b3f8-50f3eb5404f4",
"metaData": null,
"rehydrationExpiryTime": null,
"rehydrationStatus": null,
"state": "COMMITTED",
"type": "OperationalStore",
"visible": true
}
],
"recoveryPointId": "039322cc563049bcbdb77bd695d4c02c",
"recoveryPointTime": "2021-06-08T05:01:55.426507+00:00",
"recoveryPointType": "Incremental",
"retentionTagName": "Default",
"retentionTagVersion": "637553616953961153"
},
"resourceGroup": "testBkpVaultRG",
"systemData": null,
"type": "Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints"
}
]
例如,下列查詢會傳回最新的復原點。
az dataprotection recovery-point list --backup-instance-name diskrg-CLITestDisk-3df6ac08-9496-4839-8fb5-8b78e594f166 -g testBkpVaultRG --vault-name TestBkpVault --query "[0].id"
"/subscriptions/62b829ee-7936-40c9-a1c9-47a93f9f3965/resourceGroups/testBkpVaultRG/providers/Microsoft.DataProtection/backupVaults/sarath-vault/backupInstances/clitest-clitest-3165cfe7-a932-11eb-9d24-9cfce85d4fae/recoveryPoints/5081ad8f1e6c4548ae89536d0d45c493"
準備還原要求
將建立時會附有目標資源群組的新磁碟 ARM 識別碼,建構成上方所述的指派權限,以及所需的磁碟名稱。 我們將使用名為 CLITestDisk2 的磁碟作為範例,其位於不同訂閱的資源群組 targetrg 下。
$targetDiskId = /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourceGroups/targetrg/providers/Microsoft.Compute/disks/CLITestDisk2
使用 az dataprotection backup-instance restore initialize-for-data-recovery 命令,可準備具有所有相關詳細資料的還原要求。
az dataprotection backup-instance restore initialize-for-data-recovery --datasource-type AzureDisk --restore-location southeastasia --source-datastore OperationalStore --recovery-point-id 5081ad8f1e6c4548ae89536d0d45c493 --target-resource-id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourceGroups/targetrg/providers/Microsoft.Compute/disks/CLITestDisk2 > restore.json
{
"object_type": "AzureBackupRecoveryPointBasedRestoreRequest",
"recovery_point_id": "77594ce0470849e79b86a6875b726dca",
"restore_target_info": {
"datasource_info": {
"datasource_type": "Microsoft.Compute/disks",
"object_type": "Datasource",
"resource_id": "//subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourceGroups/targetrg/providers/Microsoft.Compute/disks/CLITestDisk2",
"resource_location": "southeastasia",
"resource_name": "CLITestDisk2",
"resource_type": "Microsoft.Compute/disks",
"resource_uri": ""
},
"object_type": "RestoreTargetInfo",
"recovery_option": "FailIfExists",
"restore_location": "southeastasia"
},
"source_data_store_type": "OperationalStore"
}
您也可以使用 az dataprotection backup-instance validate-for-restore 命令,驗證 JSON 檔案是否能成功建立新的資源。
az dataprotection backup-instance validate-for-restore -g testBkpVaultRG --vault-name TestBkpVault --backup-instance-name diskrg-CLITestDisk-3df6ac08-9496-4839-8fb5-8b78e594f166 --restore-request-object restore.json
觸發還原
使用 az dataprotection backup-instance restore trigger 命令,以上述備妥的要求來觸發還原。
az dataprotection backup-instance restore trigger -g testBkpVaultRG --vault-name TestBkpVault --backup-instance-name diskrg-CLITestDisk-3df6ac08-9496-4839-8fb5-8b78e594f166 --restore-request-object restore.json
追蹤作業
使用 az dataprotection job list 命令,追蹤所有作業。 您可以列出所有作業,並擷取特定的作業詳細資料。
您也可以使用 Az.ResourceGraph,追蹤所有備份保存庫中的所有作業。 使用 az dataprotection job list-from-resourcegraph 命令,取得所有備份保存庫的相關作業。
az dataprotection job list-from-resourcegraph --datasource-type AzureDisk --operation Restore