通过

你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn

快速入门:使用 Bicep 文件为 Azure Database for PostgreSQL 灵活服务器配置备份

本快速入门介绍如何使用 Azure Bicep 文件为 Azure Database for PostgreSQL 灵活服务器配置备份。

借助 Azure 备份,可以使用多种客户端备份 Azure PostgreSQL - 灵活服务器,这些选项包括 Azure 门户、PowerShell、CLI、Azure 资源管理器、Bicep 等。 本文重点介绍部署 Bicep 文件以创建备份保管库,然后为 Azure PostgreSQL 灵活服务器配置备份的过程。 详细了解如何开发 Bicep 文件

Bicep 是用来以声明方式部署 Azure 资源的一种语言。 可以使用 Bicep 而非 JSON 来开发 Azure 资源管理器模板(ARM 模板)。 Bicep 语法可降低复杂性并改善开发体验。 Bicep 是 ARM 模板 JSON 上的一种透明抽象,提供了所有 JSON 模板功能。 在部署期间,Bicep CLI 将 Bicep 文件转换为 ARM 模板 JSON。 Bicep 文件声明 Azure 资源和资源属性,而无需编写一系列编程命令来创建资源。

ARM 模板中有效的资源类型、API 版本和属性在 Bicep 文件中也有效。

先决条件

若要设置环境以进行 Bicep 开发,请参阅安装 Bicep 工具

注意

如文章中所述,安装最新的 Azure PowerShell 模块和 Bicep CLI。

查看模板

使用此模板,可以配置 Azure PostgreSQL - 灵活服务器的备份。 在此模板中,我们将创建一个备份保管库,并在其中包含 PostgreSQL 服务器的备份策略,计划每周备份一次,且保留期为三个月

@description('Specifies the name of the Backup Vault')
param backupVaultName string

@description('Specifies the name of the Resource group to which Backup Vault belongs')
param backupVaultResourceGroup string

@description('Specifies the name of the PostgreSQL server')
param postgreSQLServerName string

@description('Specifies the name of the Resource group to which PostgreSQL server belongs')
param postgreSQLResourceGroup string

@description('Specifies the region in which the Backup Vault is located')
param region string

@description('Specifies the name of the Backup Policy')
param policyName string

@description('Specifies the frequency of the backup schedule')
param backupScheduleFrequency string

@description('Specifies the retention duration in months')
param retentionDuration string

@description('Step 1: Create the Backup Vault')
resource backupVault 'Microsoft.DataProtection/backupVaults@2023-01-01' = {
  name: backupVaultName
  ___location: region
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    storageSettings: [
      {
        datastoreType: 'VaultStore'
        type: 'LocallyRedundant'
      }
    ]
  }
}

@description('Step 2: Create Backup Policy for PostgreSQL')
resource backupPolicy 'Microsoft.DataProtection/backupVaults/backupPolicies@2023-01-01' = {
  name: '${backupVaultName}/${policyName}'
  ___location: region
  properties: {
    datasourceTypes: [
      'AzureDatabaseForPostgreSQLFlexibleServer'
    ]
    policyRules: [
      {
        name: 'BackupSchedule'
        objectType: 'AzureBackupRule'
        backupParameters: {
          objectType: 'AzureBackupParams'
        }
        trigger: {
          schedule: {
            recurrenceRule: {
              frequency: 'Weekly'
              interval: backupScheduleFrequency
            }
          }
        }
        dataStore: {
          datastoreType: 'VaultStore'
        }
      }
      {
        name: 'RetentionRule'
        objectType: 'AzureRetentionRule'
        isDefault: true
        lifecycle: {
          deleteAfter: {
            objectType: 'AbsoluteDeleteOption'
            duration: 'P${retentionDuration}M'
          }
        }
      }
    ]
  }
}

@description('Step 3: Role Assignment for PostgreSQL Backup And Export Operator Role')
resource postgreSQLServer 'Microsoft.DBforPostgreSQL/flexibleServers@2022-03-01' existing = {
  name: postgreSQLServerName
  scope: resourceGroup(postgreSQLResourceGroup)
}

resource roleAssignmentBackupExportOperator 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
  name: guid(backupVault.id, 'PostgreSQLFlexibleServerLongTermRetentionBackupRole')
  properties: {
    principalId: backupVault.identity.principalId
    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e')  // Role definition ID for 'PostgreSQL Backup And Export Operator'
    scope: postgreSQLServer.id
  }
}

@description('Step 4: Role Assignment for Reader on Resource Group')
resource targetResourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' existing = {
  name: targetResourceGroupName
}

resource roleAssignmentReader 'Microsoft.Authorization/roleAssignments@2022-04-01' = {
  name: guid(backupVault.id, 'Reader')
  properties: {
    principalId: backupVault.identity.principalId
    roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'aaaa0a0a-bb1b-cc2c-dd3d-eeeeee4e4e4e')  // Role definition ID for 'Reader'
    scope: targetResourceGroup.id
  }
}

@description('Step 5: Create Backup Instance for PostgreSQL)
resource backupInstance 'Microsoft.DataProtection/backupVaults/backupInstances@2023-01-01' = {
  name: 'PostgreSQLBackupInstance'
  ___location: region
  properties: {
    datasourceInfo: {
      datasourceType: 'AzureDatabaseForPostgreSQLFlexibleServer'
      objectType: 'Datasource'
      resourceId: postgreSQLServer.id
    }
    policyInfo: {
      policyId: backupPolicy.id
    }
  }
}

部署模板

要部署此模板,请将其存储在 GitHub 或你的首选位置,然后将以下 PowerShell 脚本粘贴到 shell 窗口中。 若要粘贴代码,请右键单击 shell 窗口并选择“粘贴”。

$projectName = Read-Host -Prompt "Enter a project name (limited to eight characters) that is used to generate Azure resource names"
$___location = Read-Host -Prompt "Enter the ___location (for example, centralus)"

$resourceGroupName = "${projectName}rg"
$templateUri = "templateURI"

New-AzResourceGroup -Name $resourceGroupName -Location $___location
New-AzResourceGroupDeployment -ResourceGroupName $resourceGroupName -TemplateUri $templateUri -projectName $projectName

后续步骤

使用 Azure PowerShell 还原 Azure Database for PostgreSQL 灵活服务器