Manage SQL databases in an Azure VM using Azure CLI
Azure CLI is used to create and manage Azure resources from the Command Line or through scripts. This article describes how to manage a backed-up SQL database on Azure VM using Azure CLI. You can also perform these actions using the Azure portal.
In this article, you'll learn how to:
- Monitor backup and restore jobs
- Protect new databases added to an SQL instance
- Change the policy
- Stop protection
- Resume protection
If you've used Back up an SQL database in Azure using CLI to back up your SQL database, then you're- using the following resources:
- A resource group named SQLResourceGroup
- A vault named SQLVault
- Protected container named VMAppContainer;Compute;SQLResourceGroup;testSQLVM
- Backed-up database/item named sqldatabase;mssqlserver;master
- Resources in the westus2 region
Azure CLI eases the process of managing an SQL database running on an Azure VM that's backed-up using Azure Backup. The following sections describe each of the management operations.
Note
See the SQL backup support matrix to know more about the supported configurations and scenarios.
Monitor backup and restore jobs
Use the az backup job list command to monitor completed or currently running jobs (backup or restore). CLI also allows you to suspend a currently running job or wait until a job completes.
az backup job list --resource-group SQLResourceGroup \
--vault-name SQLVault \
--output table
The output appears as:
Name Operation Status Item Name Start Time UTC
------------------------------------ --------------- --------- ---------- -------------------
e0f15dae-7cac-4475-a833-f52c50e5b6c3 ConfigureBackup Completed master [testSQLVM] 2019-12-03T03:09:210831+00:00
ccdb4dce-8b15-47c5-8c46-b0985352238f Backup (Full) Completed master [testSQLVM] 2019-12-01T10:30:58.867489+00:00
4980af91-1090-49a6-ab96-13bc905a5282 Backup (Differential) Completed master [testSQLVM] 2019-12-01T10:36:00.563909+00:00
F7c68818-039f-4a0f-8d73-e0747e68a813 Restore (Log) Completed master [testSQLVM] 2019-12-03T05:44:51.081607+00:00
Change a policy
To change the policy underlying the SQL backup configuration, use the az backup policy set command. The name parameter in this command refers to the backup item whose policy you want to change. Here, replace the policy of the SQL database sqldatabase;mssqlserver;master with a new policy newSQLPolicy. You can create new policies using the az backup policy create command.
az backup item set-policy --resource-group SQLResourceGroup \
--vault-name SQLVault \
--container-name VMAppContainer;Compute;SQLResourceGroup;testSQLVM \
--policy-name newSQLPolicy \
--name sqldatabase;mssqlserver;master \
The output appears as:
Name Operation Status Item Name Backup Management Type Start Time UTC Duration
------------------------------------ --------------- --------- ----------- ------------------------ -------------------------------- --------------
ba350996-99ea-46b1-aae2-e2096c1e28cd ConfigureBackup Completed master AzureWorkload 2022-06-22T08:24:03.958001+00:00 0:01:12.435765
Create a differential backup policy
To create a differential backup policy, use the az backup policy create command with the following parameters:
- --backup-management-type: Azure Workload.
- --workload-type: SQL DataBase.
- --name: Name of the policy.
- --policy: JSON file with appropriate details for schedule and retention.
- --resource-group: Resource group of the vault.
- --vault-name: Name of the vault/
Example:
az backup policy create --resource-group SQLResourceGroup --vault-name SQLVault --name SQLPolicy --backup-management-type AzureWorkload --policy SQLPolicy.json --workload-type SQLDataBase
Sample JSON (sqlpolicy.json):
"eTag": null,
"id": "/Subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/SQLResourceGroup/providers/Microsoft.RecoveryServices/vaults/SQLVault/backupPolicies/SQLPolicy",
"location": null,
"name": "sqlpolicy",
"properties": {
"backupManagementType": "AzureWorkload",
"workLoadType": "SQLDataBase",
"settings": {
"timeZone": "UTC",
"issqlcompression": false,
"isCompression": false
},
"subProtectionPolicy": [
{
"policyType": "Full",
"schedulePolicy": {
"schedulePolicyType": "SimpleSchedulePolicy",
"scheduleRunFrequency": "Weekly",
"scheduleRunDays": [
"Sunday"
],
"scheduleRunTimes": [
"2022-06-13T19:30:00Z"
],
"scheduleWeeklyFrequency": 0
},
"retentionPolicy": {
"retentionPolicyType": "LongTermRetentionPolicy",
"weeklySchedule": {
"daysOfTheWeek": [
"Sunday"
],
"retentionTimes": [
"2022-06-13T19:30:00Z"
],
"retentionDuration": {
"count": 104,
"durationType": "Weeks"
}
},
"monthlySchedule": {
"retentionScheduleFormatType": "Weekly",
"retentionScheduleWeekly": {
"daysOfTheWeek": [
"Sunday"
],
"weeksOfTheMonth": [
"First"
]
},
"retentionTimes": [
"2022-06-13T19:30:00Z"
],
"retentionDuration": {
"count": 60,
"durationType": "Months"
}
},
"yearlySchedule": {
"retentionScheduleFormatType": "Weekly",
"monthsOfYear": [
"January"
],
"retentionScheduleWeekly": {
"daysOfTheWeek": [
"Sunday"
],
"weeksOfTheMonth": [
"First"
]
},
"retentionTimes": [
"2022-06-13T19:30:00Z"
],
"retentionDuration": {
"count": 10,
"durationType": "Years"
}
}
}
},
{
"policyType": "Differential",
"schedulePolicy": {
"schedulePolicyType": "SimpleSchedulePolicy",
"scheduleRunFrequency": "Weekly",
"scheduleRunDays": [
"Monday",
"Tuesday",
"Wednesday",
"Thursday",
"Friday",
"Saturday"
],
"scheduleRunTimes": [
"2022-06-13T02:00:00Z"
],
"scheduleWeeklyFrequency": 0
},
"retentionPolicy": {
"retentionPolicyType": "SimpleRetentionPolicy",
"retentionDuration": {
"count": 30,
"durationType": "Days"
}
}
},
{
"policyType": "Log",
"schedulePolicy": {
"schedulePolicyType": "LogSchedulePolicy",
"scheduleFrequencyInMins": 120
},
"retentionPolicy": {
"retentionPolicyType": "SimpleRetentionPolicy",
"retentionDuration": {
"count": 15,
"durationType": "Days"
}
}
}
],
"protectedItemsCount": 0
},
"resourceGroup": "SQLResourceGroup",
"tags": null,
"type": "Microsoft.RecoveryServices/vaults/backupPolicies"
}
Once the policy is created successfully, the output of the command shows the policy JSON that you passed as a parameter while executing the command.
You can modify the following section of the policy to specify the required backup frequency and retention for differential backups.
For example:
{
"policyType": "Differential",
"retentionPolicy": {
"retentionDuration": {
"count": 30,
"durationType": "Days"
},
"retentionPolicyType": "SimpleRetentionPolicy"
},
"schedulePolicy": {
"schedulePolicyType": "SimpleSchedulePolicy",
"scheduleRunDays": [
"Monday",
"Tuesday",
"Wednesday",
"Thursday",
"Friday",
"Saturday"
],
"scheduleRunFrequency": "Weekly",
"scheduleRunTimes": [
"2017-03-07T02:00:00+00:00"
],
"scheduleWeeklyFrequency": 0
}
}
Example:
If you want to have differential backups only on Saturday and retain them for 60 days, do the following changes in the policy:
- Update retentionDuration count to 60 days.
- Specify only Saturday as ScheduleRunDays.
{
"policyType": "Differential",
"retentionPolicy": {
"retentionDuration": {
"count": 60,
"durationType": "Days"
},
"retentionPolicyType": "SimpleRetentionPolicy"
},
"schedulePolicy": {
"schedulePolicyType": "SimpleSchedulePolicy",
"scheduleRunDays": [
"Saturday"
],
"scheduleRunFrequency": "Weekly",
"scheduleRunTimes": [
"2017-03-07T02:00:00+00:00"
],
"scheduleWeeklyFrequency": 0
}
}
Protect the new databases added to a SQL instance
Registering a SQL instance with a Recovery Services vault automatically discovers all databases in this instance.
However, if you've added new databases to the SQL instance later, use the az backup protectable-item initialize command. This command discovers the new databases added.
az backup protectable-item initialize --resource-group SQLResourceGroup \
--vault-name SQLVault \
--container-name VMAppContainer;Compute;SQLResourceGroup;testSQLVM \
--workload-type SQLDataBase
Then use the az backup protectable-item list cmdlet to list all the databases that have been discovered on your SQL instance. This list, however, excludes those databases on which backup has already been configured. Once the database to be backed-up is discovered, refer to Enable backup on SQL database.
az backup protectable-item list --resource-group SQLResourceGroup \
--vault-name SQLVault \
--workload-type SQLDataBase \
--protectable-item-type SQLDataBase \
--output table
The new database that you want to back up shows in this list, which appears as:
Name Protectable Item Type ParentName ServerName IsProtected
--------------------------- ---------------------- ------------ ----------- ------------
sqldatabase;mssqlserver;db1 SQLDataBase mssqlserver testSQLVM NotProtected
sqldatabase;mssqlserver;db2 SQLDataBase mssqlserver testSQLVM NotProtected
Stop protection for an SQL database
You can stop protecting an SQL database in the following processes:
- Stop all future backup jobs and delete all recovery points.
- Stop all future backup jobs and leave the recovery points intact.
If you choose to leave recovery points, keep in mind these details:
- All recovery points remain intact forever, and all pruning stops at stop protection with retain data.
- You'll be charged for the protected instance and the consumed storage.
- If you delete a data source without stopping backups, new backups will fail.
The processes to stop protection are detailed below.
Stop protection with retain data
To stop protection with retain data, use the az backup protection disable` command.
az backup protection disable --resource-group SQLResourceGroup \
--vault-name SQLVault \
--container-name VMAppContainer;Compute;SQLResourceGroup;testSQLVM \
--item-name sqldatabase;mssqlserver;master \
--workload-type SQLDataBase \
--output table
The output appears as:
Name ResourceGroup
------------------------------------ ---------------
g0f15dae-7cac-4475-d833-f52c50e5b6c3 SQLResourceGroup
To verify the status of this operation, use the az backup job show command.
Stop protection without retain data
To stop protection without retain data, use the az backup protection disable command.
az backup protection disable --resource-group SQLResourceGroup \
--vault-name SQLVault \
--container-name VMAppContainer;Compute;SQLResourceGroup;testSQLVM \
--item-name sqldatabase;mssqlserver;master \
--workload-type SQLDataBase \
--delete-backup-data true \
--output table
The output appears as:
Name ResourceGroup
------------------------------------ ---------------
g0f15dae-7cac-4475-d833-f52c50e5b6c3 SQLResourceGroup
To verify the status of this operation, use the az backup job show command.
Resume protection
When you stop protection for the SQL database with retain data, you can resume protection later. If you don't retain the backed-up data, you won't be able to resume protection.
To resume protection, use the az backup protection resume command.
az backup protection resume --resource-group SQLResourceGroup \
--vault-name SQLVault \
--container-name VMAppContainer;Compute;SQLResourceGroup;testSQLVM \
--policy-name SQLPolicy \
--output table
The output appears as:
Name ResourceGroup
------------------------------------ ---------------
b2a7f108-1020-4529-870f-6c4c43e2bb9e SQLResourceGroup
To verify the status of this operation, use the az backup job show command.
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for