本文介绍如何使用 Azure CLI 从 Azure 备份创建的还原点还原 Azure 托管磁盘。 还可以使用 Azure 门户、 Azure PowerShell、 REST API 还原托管磁盘。
重要
通过 CLI 实现的 Azure 托管磁盘备份和还原的支持以预览版提供,并在 Az 2.15.0 版本及更高版本中作为扩展提供。 运行 az dataprotection 命令时会自动安装该扩展。 了解更多关于扩展程序。
目前,不支持通过 Original-Location Recovery (OLR) 选项还原,即替换备份原始来源的现有源磁盘。 可以从恢复点还原,以在源磁盘所在的同一资源组或者在任何其他资源组中创建新磁盘,这称为备用位置恢复 (ALR)。
在这里的示例中,我们使用资源组 testBkpVaultRG 下的现有备份保管库 TestBkpVault。
若要查看支持的 Azure 磁盘备份和还原方案、区域可用性和限制,请参阅 支持矩阵。 有关常见问题,请参阅 常见问题。
还原并创建新磁盘
设置权限
备份保管库使用托管标识来访问其他 Azure 资源。 若要从备份中还原,备份保管库的托管标识需要在待还原磁盘所属的资源组上具有一系列权限。
备份保管库使用系统分配的托管身份,每个资源限制为一个,并绑定到此资源的生命周期。 可使用 Azure 基于角色的访问控制 (Azure RBAC) 来授予托管标识的访问权限。 托管标识是一种只能用于 Azure 资源的特殊类型的服务主体。 详细了解托管身份。
为保管库的系统分配托管标识分配对应当用于还原/创建磁盘的目标资源组的相关权限,如此处所述。
正在提取相关恢复点
使用 az dataprotection backup-instance list 命令列出保管库中的所有备份实例,然后使用 az dataprotection backup-instance show 命令获取相关实例。 或者,对于大规模场景,可以使用 az dataprotection backup-instance list-from-resourcegraph 列出保管库和订阅中的备份实例
az dataprotection backup-instance list-from-resourcegraph --datasource-type AzureDisk --datasource-id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourcegroups/diskrg/providers/Microsoft.Compute/disks/CLITestDisk
[
{
"datasourceId": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourcegroups/diskrg/providers/Microsoft.Compute/disks/CLITestDisk",
"extendedLocation": null,
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/testBkpVaultRG/providers/Microsoft.DataProtection/BackupVaults/TestBkpVault/backupInstances/diskrg-CLITestDisk-aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e",
"identity": null,
"kind": "",
"location": "",
"managedBy": "",
"name": "diskrg-CLITestDisk-aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e",
"plan": null,
"properties": {
"currentProtectionState": "ProtectionConfigured",
"dataSourceInfo": {
"baseUri": null,
"datasourceType": "Microsoft.Compute/disks",
"objectType": "Datasource",
"resourceID": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourcegroups/diskrg/providers/Microsoft.Compute/disks/CLITestDisk",
"resourceLocation": "chinaeast2",
"resourceName": "CLITestDisk",
"resourceType": "Microsoft.Compute/disks",
"resourceUri": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourcegroups/diskrg/providers/Microsoft.Compute/disks/CLITestDisk"
},
"dataSourceProperties": null,
"dataSourceSetInfo": null,
"datasourceAuthCredentials": null,
"friendlyName": "CLITestDisk",
"objectType": "BackupInstance",
"policyInfo": {
"policyId": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/testBkpVaultRG/providers/Microsoft.DataProtection/BackupVaults/TestBkpVault/backupPolicies/DiskPolicy",
"policyParameters": {
"dataStoreParametersList": [
{
"dataStoreType": "OperationalStore",
"objectType": "AzureOperationalStoreParameters",
"resourceGroupId": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/snapshotrg"
}
]
},
"policyVersion": null
},
"protectionErrorDetails": null,
"protectionStatus": {
"errorDetails": null,
"status": "ProtectionConfigured"
},
"provisioningState": "Succeeded"
},
"protectionState": "ProtectionConfigured",
"resourceGroup": "testBkpVaultRG",
"sku": null,
"subscriptionId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"tags": null,
"tenantId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"type": "microsoft.dataprotection/backupvaults/backupinstances",
"vaultName": "TestBkpVault",
"zones": null
}
]
标识实例后,使用 az dataprotection recovery-point list 命令获取相关恢复点。
az dataprotection recovery-point list --backup-instance-name diskrg-CLITestDisk-aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e -g testBkpVaultRG --vault-name TestBkpVault
{
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/testBkpVaultRG/providers/Microsoft.DataProtection/BackupVaults/TestBkpVault/backupInstances/diskrg-CLITestDisk-aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/recoveryPoints/5081ad8f1e6c4548ae89536d0d45c493",
"name": "5081ad8f1e6c4548ae89536d0d45c493",
"properties": {
"friendlyName": "0f598ced-cbfe-4169-b962-ee94b0210490",
"objectType": "AzureBackupDiscreteRecoveryPoint",
"policyName": "DiskPSPolicy2",
"policyVersion": null,
"recoveryPointDataStoresDetails": [
{
"creationTime": "2021-06-08T09:01:57.708319+00:00",
"expiryTime": "2021-06-15T09:01:57.708319+00:00",
"id": "c2ad4629-f2ef-49b6-b3f8-50f3eb5404f4",
"metaData": null,
"rehydrationExpiryTime": null,
"rehydrationStatus": null,
"state": "COMMITTED",
"type": "OperationalStore",
"visible": true
}
],
"recoveryPointId": "5081ad8f1e6c4548ae89536d0d45c493",
"recoveryPointTime": "2021-06-08T09:01:57.708319+00:00",
"recoveryPointType": "Incremental",
"retentionTagName": "Default",
"retentionTagVersion": "637553616953961153"
},
"resourceGroup": "testBkpVaultRG",
"systemData": null,
"type": "Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints"
},
{
"id": "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourcegroups/testBkpVaultRG/providers/Microsoft.DataProtection/BackupVaults/TestBkpVault/backupInstances/diskrg-CLITestDisk-aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e/recoveryPoints/039322cc563049bcbdb77bd695d4c02c",
"name": "039322cc563049bcbdb77bd695d4c02c",
"properties": {
"friendlyName": "af6512b6-aa38-4966-b8e1-660c4eccdc0d",
"objectType": "AzureBackupDiscreteRecoveryPoint",
"policyName": "DiskPSPolicy2",
"policyVersion": null,
"recoveryPointDataStoresDetails": [
{
"creationTime": "2021-06-08T05:01:55.426507+00:00",
"expiryTime": "2021-06-15T05:01:55.426507+00:00",
"id": "c2ad4629-f2ef-49b6-b3f8-50f3eb5404f4",
"metaData": null,
"rehydrationExpiryTime": null,
"rehydrationStatus": null,
"state": "COMMITTED",
"type": "OperationalStore",
"visible": true
}
],
"recoveryPointId": "039322cc563049bcbdb77bd695d4c02c",
"recoveryPointTime": "2021-06-08T05:01:55.426507+00:00",
"recoveryPointType": "Incremental",
"retentionTagName": "Default",
"retentionTagVersion": "637553616953961153"
},
"resourceGroup": "testBkpVaultRG",
"systemData": null,
"type": "Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints"
}
]
例如,以下查询返回最新的恢复点。
az dataprotection recovery-point list --backup-instance-name diskrg-CLITestDisk-aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e -g testBkpVaultRG --vault-name TestBkpVault --query "[0].id"
"/subscriptions/bbbb1b1b-cc2c-dd3d-ee4e-ffffff5f5f5f/resourceGroups/testBkpVaultRG/providers/Microsoft.DataProtection/backupVaults/sarath-vault/backupInstances/clitest-clitest-cccc2c2c-dd3d-ee4e-ff5f-aaaaaa6a6a6a/recoveryPoints/5081ad8f1e6c4548ae89536d0d45c493"
正在准备还原请求
创建目标资源组中要创建的新磁盘的 ARM ID,已分配对目标资源组的权限(如上详述)以及所需磁盘名称。 让我们在不同的订阅下,使用位于资源组 targetrg 中名为 CLITestDisk2 的磁盘示例。
$targetDiskId = /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourceGroups/targetrg/providers/Microsoft.Compute/disks/CLITestDisk2
使用 az dataprotection backup-instance restore initialize-for-data-recovery 命令来准备包含所有相关详细信息的还原请求。
az dataprotection backup-instance restore initialize-for-data-recovery --datasource-type AzureDisk --restore-location chinaeast2 --source-datastore OperationalStore --recovery-point-id 5081ad8f1e6c4548ae89536d0d45c493 --target-resource-id /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourceGroups/targetrg/providers/Microsoft.Compute/disks/CLITestDisk2 > restore.json
{
"object_type": "AzureBackupRecoveryPointBasedRestoreRequest",
"recovery_point_id": "77594ce0470849e79b86a6875b726dca",
"restore_target_info": {
"datasource_info": {
"datasource_type": "Microsoft.Compute/disks",
"object_type": "Datasource",
"resource_id": "//subscriptions/xxxxxxxx-xxxx-xxxx-xxxx/resourceGroups/targetrg/providers/Microsoft.Compute/disks/CLITestDisk2",
"resource_location": "chinaeast2",
"resource_name": "CLITestDisk2",
"resource_type": "Microsoft.Compute/disks",
"resource_uri": ""
},
"object_type": "RestoreTargetInfo",
"recovery_option": "FailIfExists",
"restore_location": "chinaeast2"
},
"source_data_store_type": "OperationalStore"
}
还可以使用 az dataprotection backup-instance validate-for-restore 命令验证 JSON 文件是否能成功创建新资源。
az dataprotection backup-instance validate-for-restore -g testBkpVaultRG --vault-name TestBkpVault --backup-instance-name diskrg-CLITestDisk-aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e --restore-request-object restore.json
触发还原
使用 az dataprotection backup-instance restore trigger 命令通过上述准备的请求来触发还原。
az dataprotection backup-instance restore trigger -g testBkpVaultRG --vault-name TestBkpVault --backup-instance-name diskrg-CLITestDisk-aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e --restore-request-object restore.json
跟踪任务
使用 az dataprotection job list 命令跟踪所有作业。 你可以列出所有作业并提取特定作业详细信息。
还可以使用 Az.ResourceGraph 跟踪所有备份保管库中的所有作业。 使用 az dataprotection job list-from-resourcegraph 命令获取可以跨任何备份保管库的相关作业。
az dataprotection job list-from-resourcegraph --datasource-type AzureDisk --operation Restore