快速入门：使用 Terraform 模板为 Azure Database for PostgreSQL 灵活服务器配置备份

本快速入门介绍如何使用 Terraform 模板为 Azure Database for PostgreSQL 灵活服务器配置备份。

借助 Azure 备份，可以使用多种客户端备份 Azure PostgreSQL - 灵活服务器，这些选项包括 Azure 门户、PowerShell、CLI、Azure 资源管理器、Bicep 等。

先决条件

在为 Azure Database for PostgreSQL 灵活服务器配置备份之前，请确保满足以下先决条件：

• 需要一个具有活动订阅的 Azure 帐户。 如果没有帐户， 请创建一个用于试用的帐户。

• 安装和配置Terraform。

• 登录到 Azure 帐户并向 Azure 进行身份验证。

  注释

  Terraform 仅支持通过 Azure CLI 向 Azure 进行身份验证。 不支持使用 Azure PowerShell 进行身份验证。 因此，虽然可以在进行 Terraform 工作时使用 Azure PowerShell 模块，不过首先需要向 Azure 进行身份验证。

实现 Terraform 代码

1. 创建用于测试示例 Terraform 代码的目录，并将其设为当前目录。

2. 创建名为 providers.tf 的文件并插入下列代码：

   terraform {
     required_providers {
       azurerm = {
         source = "hashicorp/azurerm"
         version = "3.99.0"
       }
     }
   }
   
   provider "azurerm" {
      features {}
      subscription_id   = "<azure_subscription_id>"
      tenant_id = "<azure_subscription_tenant_id>"
   }
   

3. 创建名为 main.tf 的文件并插入下列代码：

   
   # Step 1: Create the Backup Vault
   resource "azurerm_data_protection_backup_vault" "backup_vault" {
     name                = var.backup_vault_name
     resource_group_name = var.backup_vault_resource_group
     location            = var.region
   
     identity {
       type = "SystemAssigned"
     }
   
     storage_settings {
       datastore_type = "VaultStore"
       type           = "LocallyRedundant"
     }
   }
   
   # Step 2: Create Backup Policy for PostgreSQL
   resource "azurerm_data_protection_backup_policy" "postgresql_backup_policy" {
     name                = var.policy_name
     resource_group_name = var.backup_vault_resource_group
     vault_name          = azurerm_data_protection_backup_vault.backup_vault.name
   
     rule {
       name = "BackupSchedule"
   
       backup_parameters {
         object_type = "AzureBackupParams"
       }
   
       trigger {
         schedule {
           recurrence_rule {
             frequency = "Weekly"
             interval  = var.backup_schedule_frequency
           }
         }
       }
   
       data_store {
         datastore_type = "VaultStore"
       }
     }
   
     retention_rule {
       name       = "RetentionRule"
       is_default = true
   
       lifecycle {
         delete_after {
           object_type = "AbsoluteDeleteOption"
           duration    = format("P%dM", var.retention_duration_in_months)
         }
       }
     }
   
     depends_on = [
       azurerm_data_protection_backup_vault.backup_vault
     ]
   }
   
   # Step 3: Role Assignment for PostgreSQL Flexible Server Long Term Retention Backup Role
   data "azurerm_postgresql_flexible_server" "postgresql_server" {
     name                = var.postgresql_server_name
     resource_group_name = var.postgresql_resource_group
   }
   
   resource "azurerm_role_assignment" "backup_role" {
     principal_id         = azurerm_data_protection_backup_vault.backup_vault.identity[0].principal_id
     role_definition_name = "PostgreSQL Flexible Server Long Term Retention Backup Role"
     scope                = data.azurerm_postgresql_flexible_server.PostgreSQL_server.id
   
     depends_on = [
       azurerm_data_protection_backup_policy.postgresql_backup_policy
     ]
   }
   
   # Step 4: Role Assignment for Reader on Resource Group
   data "azurerm_resource_group" "postgresql_resource_group" {
     name = var.postgresql_resource_group
   }
   
   resource "azurerm_role_assignment" "reader_role" {
     principal_id         = azurerm_data_protection_backup_vault.backup_vault.identity[0].principal_id
     role_definition_name = "Reader"
     scope                = data.azurerm_resource_group.postgresql_resource_group.id
   
     depends_on = [
       azurerm_role_assignment.backup_role
     ]
   }
   
   # Step 5: Create Backup Instance for PostgreSQL
   resource "azurerm_data_protection_backup_instance" "postgresql_backup_instance" {
     name                = "PostgreSQLBackupInstance"
     resource_group_name = var.backup_vault_resource_group
     vault_name          = azurerm_data_protection_backup_vault.backup_vault.name
     location            = var.region
   
     datasource {
       object_type     = "Datasource"
       datasource_type = "AzureDatabaseForPostgreSQLFlexibleServer"
       resource_id     = data.azurerm_PostgreSQL_flexible_server.postgresql_server.id
     }
   
     policy_id = azurerm_data_protection_backup_policy.postgresql_backup_policy.id
   
     depends_on = [
       azurerm_role_assignment.reader_role
     ]
   }
   
   

4. 创建名为 variables.tf 的文件并插入下列代码：

variable "backup_vault_name" {
      type        = string
      default     = "BackupVaultTF"
      description = "Name of the Backup Vault"
}
variable "backup_vault_resource_group" {
      type        = string
      default     = "Contoso_TF_RG"
      description = "Name of the resource group to which backup vault belongs to"
}

variable "postgresql_server_name" {
      type        = string
      default     = "Contoso_PostgreSQL_TF"
      description = "Name of the PostgreSQL server"
}

variable "postgresql_resource_group" {
      type        = string
      default     = "Contoso_TF_RG"
      description = "Name of the resource group to which PostgreSQL server belongs to"
}

variable "region" {
      type        = string
      default     = "chinanorth"
      description = "Location of the PostgreSQL server"
}

variable "policy_name" {
      type        = string
      default     = "PostgreSQLbackuppolicytfv1"
      description = "Name of the backup policy"
}

variable "backup_schedule_frequency" {
      type        = string
      default     = "1"
      description = "Schedule frequency for backup"
}
variable "retention_duration_in_months" {
      type        = string
      default     = "3"
      description = "Retention duration for backup in month"
}

初始化 Terraform

  terraform init -upgrade

创建 Terraform 执行计划

  terraform plan -out main.tfplan

应用 Terraform 执行计划

  terraform apply main.tfplan

Azure 上的 Terraform 故障排除

排查在 Azure 上使用 Terraform 时遇到的常见问题。

后续步骤

使用 Azure CLI 还原 Azure Database for PostgreSQL - 灵活服务器。