共用方式為

快速入門:為適用於 PostgreSQL 的 Azure 資料庫設定備份 - 具有 Bicep 檔案的彈性伺服器

本快速入門說明如何使用 Azure Bicep 檔案配置 Azure Database for PostgreSQL - Flexible Server 的備份。

Azure 備份 可讓您備份 Azure PostgreSQL - 使用多個客戶端的彈性伺服器,例如 Azure 入口網站、PowerShell、CLI、Azure Resource Manager、Bicep 等等。 本文著重於部署 Bicep 檔案來建立備份保管庫,然後為 Azure PostgreSQL 彈性伺服器設定備份。 深入瞭解 開發 Bicep 檔案

Bicep 是以宣告方式部署 Azure 資源的語言。 您可以使用 Bicep (而不是 JSON) 來開發 Azure Resource Manager 範本 (ARM 範本)。 Bicep 語法可降低複雜性,並改善開發體驗。 Bicep 將 ARM 範本 JSON 以清楚易懂的方式加以簡化,以提供所有 JSON 範本功能。 在部署期間,Bicep CLI 會將 Bicep 檔案轉換成 ARM 範本 JSON。 Bicep 檔案會陳述 Azure 資源和資源屬性,而不需要撰寫一連串的程式設計命令來建立資源。

在 ARM 範本中有效的資源類型、API 版本和屬性,在 Bicep 檔案中也是有效。

必要條件

若要設定您的環境以進行 Bicep 開發,請參閱安裝 Bicep 工具 (部分機器翻譯)。

注意

如文章所詳述,安裝最新 Azure PowerShell 模組和 Bicep CLI。

檢閱範本

此範本可讓您設定 Azure PostgreSQL - 彈性伺服器的備份。 在此範本中,我們會使用每周排程和三個月的保留期間,建立具有 PostgreSQL 伺服器的備份原則備份保存庫。

@description('Specifies the name of the Backup Vault')
param backupVaultName string

@description('Specifies the name of the Resource group to which Backup Vault belongs')
param backupVaultResourceGroup string

@description('Specifies the name of the PostgreSQL server')
param postgreSQLServerName string

@description('Specifies the name of the Resource group to which PostgreSQL server belongs')
param postgreSQLResourceGroup string

@description('Specifies the region in which the Backup Vault is located')
param region string

@description('Specifies the name of the Backup Policy')
param policyName string

@description('Specifies the frequency of the backup schedule')
param backupScheduleFrequency string

@description('Specifies the retention duration in months')
param retentionDuration string

@description('Step 1: Create the Backup Vault')
resource backupVault 'Microsoft.DataProtection/backupVaults@2023-01-01' = {
  name: backupVaultName
  location: region
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    storageSettings: [
      {
        datastoreType: 'VaultStore'
        type: 'LocallyRedundant'
      }
    ]
  }
}

@description('Step 2: Create Backup Policy for PostgreSQL')
resource backupPolicy 'Microsoft.DataProtection/backupVaults/backupPolicies@2023-01-01' = {
  name: '${backupVaultName}/${policyName}'
  location: region
  properties: {
    datasourceTypes: [
      'AzureDatabaseForPostgreSQLFlexibleServer'
    ]
    policyRules: [
      {
        name: 'BackupSchedule'
        objectType: 'AzureBackupRule'
        backupParameters: {
          objectType: 'AzureBackupParams'
        }
        trigger: {
          schedule: {
            recurrenceRule: {
              frequency: 'Weekly'
              interval: backupScheduleFrequency
            }
          }
        }
        dataStore: {
          datastoreType: 'VaultStore'
        }
      }
      {
        name: 'RetentionRule'
        objectType: 'AzureRetentionRule'
        isDefault: true
        lifecycle: {
          deleteAfter: {
            objectType: 'AbsoluteDeleteOption'
            duration: 'P${retentionDuration}M'
          }
        }
      }
    ]
  }
}

@description('Step 3: Role Assignment for PostgreSQL Backup And Export Operator Role')
resource postgreSQLServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-03-01' existing = {
  name: postgreSQLServerName
  scope: resourceGroup(postgreSQLResourceGroup)
}

resource roleAssignmentBackupExportOperator 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
  name: guid(backupVault.id, 'PostgreSQLFlexibleServerLongTermRetentionBackupRole')
  properties: {
    principalId: backupVault.identity.principalId
    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e')  // Role definition ID for 'PostgreSQL Backup And Export Operator'
    scope: postgreSQLServer.id
  }
}

@description('Step 4: Role Assignment for Reader on Resource Group')
resource targetResourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' existing = {
  name: targetResourceGroupName
}

resource roleAssignmentReader 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
  name: guid(backupVault.id, 'Reader')
  properties: {
    principalId: backupVault.identity.principalId
    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00aa00aa-bb11-cc22-dd33-44ee44ee44ee')  // Role definition ID for 'Reader'
    scope: targetResourceGroup.id
  }
}

@description('Step 5: Create Backup Instance for PostgreSQL)
resource backupInstance 'Microsoft.DataProtection/backupVaults/backupInstances@2023-01-01' = {
  name: 'PostgreSQLBackupInstance'
  location: region
  properties: {
    datasourceInfo: {
      datasourceType: 'AzureDatabaseForPostgreSQLFlexibleServer'
      objectType: 'Datasource'
      resourceId: postgreSQLServer.id
    }
    policyInfo: {
      policyId: backupPolicy.id
    }
  }
}

部署範本

若要部署此範本,請將它儲存在 GitHub 或您慣用的位置,然後在殼層視窗中貼上下列 PowerShell 腳本。 若要貼上程式碼,請以滑鼠右鍵按一下 Shell 視窗,然後選取 [貼上]

$projectName = Read-Host -Prompt "Enter a project name (limited to eight characters) that is used to generate Azure resource names"
$location = Read-Host -Prompt "Enter the location (for example, centralus)"

$resourceGroupName = "${projectName}rg"
$templateUri = "templateURI"

New-AzResourceGroup -Name $resourceGroupName -Location $location
New-AzResourceGroupDeployment -ResourceGroupName $resourceGroupName -TemplateUri $templateUri -projectName $projectName

下一步

還原適用於 PostgreSQL 的 Azure 資料庫 - 使用 Azure PowerShell 彈性伺服器

  • Last updated on