使用 terraform 如何从备份创建 azure sql 数据库
Using terraform how do I create an azure sql database from a backup
使用 terraform 站点上的默认示例,我可以轻松创建数据库,但如何通过恢复备份来创建新数据库?
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_storage_account" "example" {
name = "examplesa"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_mssql_server" "example" {
name = "example-sqlserver"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
version = "12.0"
administrator_login = "4dm1n157r470r"
administrator_login_password = "4-v3ry-53cr37-p455w0rd"
}
resource "azurerm_mssql_database" "test" {
name = "acctest-db-d"
server_id = azurerm_mssql_server.example.id
collation = "SQL_Latin1_General_CP1_CI_AS"
license_type = "LicenseIncluded"
max_size_gb = 4
read_scale = true
sku_name = "BC_Gen5_2"
zone_redundant = true
create_mode = "RestoreExternalBackup" <-- WHAT ELSE DO I DO?
extended_auditing_policy {
storage_endpoint = azurerm_storage_account.example.primary_blob_endpoint
storage_account_access_key = azurerm_storage_account.example.primary_access_key
storage_account_access_key_is_secondary = true
retention_in_days = 6
}
tags = {
foo = "bar"
}
}
在文档中,他们提到了 create_mode“RestoreExternalBackup”选项,但没有提供有关如何引用备份的示例 - 我的备份存储在 azure 存储容器中。
编辑:提到“RestoreExternalBackup”更多是因为我缺乏理解。我想问的是如何 restore/create 从存储帐户
中存储的 bacpac 文件创建数据库
关注博客Deploying Azure SQL Database Bacpac and Terraform by John Q. Martin
You can include the bacpac as the source for the database created in
Azure.
首先,在 Azure SQL 服务器上设置防火墙,以防止部署期间由于 blob 存储访问问题而出现任何故障。为了确保这一点,我们必须启用“允许 Azure 服务和资源访问此服务器”,这允许两个 Azure 服务进行通信。
设置 Azure SQL 服务器防火墙
将 Start_ip 和 End_ip 都设置为 0.0.0.0。这被 Azure 解释为允许 Azure 服务的防火墙规则。
resource "azurerm_sql_firewall_rule" "allowAzureServices" {
name = "Allow_Azure_Services"
resource_group_name = azurerm_resource_group.example.name
server_name = azurerm_sql_server.example.name
start_ip_address = "0.0.0.0"
end_ip_address = "0.0.0.0"
}
定义数据库资源
我们需要使用 azurerm_sql_database 资源,因为仅支持通过此资源类型部署 bacpac。
这里的资源定义由两个主要部分组成,第一部分是关于数据库需要去哪里的详细信息,第二部分是定义 bacpac 源详细信息的子块。在这里我们需要输入 bacpac 文件的 URI 和存储密钥,在本例中我们使用 SAS 令牌作为密钥以允许访问 bacpac。
我们还需要为正在创建的服务器提供用户名和密码以允许导入工作,因为它需要获得 Azure SQL 服务器的授权才能工作。
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_storage_account" "example" {
name = "examplesa"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_sql_server" "example" {
name = "myexamplesqlserver"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
version = "12.0"
administrator_login = "4dm1n157r470r"
administrator_login_password = "4-v3ry-53cr37-p455w0rd"
tags = {
environment = "production"
}
}
resource "azurerm_sql_firewall_rule" "allowAzureServices" {
name = "Allow_Azure_Services"
resource_group_name = azurerm_resource_group.example.name
server_name = azurerm_sql_server.example.name
start_ip_address = "0.0.0.0"
end_ip_address = "0.0.0.0"
}
resource "azurerm_sql_database" "appdb01" {
depends_on = [azurerm_sql_firewall_rule.allowAzureServices]
name = "AzSqlDbName"
resource_group_name = azurerm_sql_server.example.resource_group_name
location = azurerm_sql_server.example.location
server_name = azurerm_sql_server.example.name
collation = "SQL_Latin1_General_CP1_CI_AS"
requested_service_objective_name = "BC_Gen5_2"
max_size_gb = 4
read_scale = true
zone_redundant = true
create_mode = "Default"
import {
storage_uri = "https://examplesa.blob.core.windows.net/source/Source.bacpac"
storage_key = "gSKjBfoK4toNAWXUdhe6U7YHqBgCBPsvoDKTlh2xlqUQeDcuCVKcU+uwhq61AkQaPIbNnqZbPmYwIRkXp3OzLQ=="
storage_key_type = "StorageAccessKey"
administrator_login = "4dm1n157r470r"
administrator_login_password = "4-v3ry-53cr37-p455w0rd"
authentication_type = "SQL"
operation_mode = "Import"
}
extended_auditing_policy {
storage_endpoint = azurerm_storage_account.example.primary_blob_endpoint
storage_account_access_key = azurerm_storage_account.example.primary_access_key
storage_account_access_key_is_secondary = true
retention_in_days = 6
}
tags = {
foo = "bar"
}
}
注:
extended_auditing_policy 块已移至 azurerm_mssql_server_extended_auditing_policy 和 azurerm_mssql_database_extended_auditing_policy。这个块将在 3.0 版本中被删除
提供商。
requested_service_objective_name - (Optional) The service objective name for the database. Valid values depend on edition and location and may include S0, S1, S2, S3, P1, P2, P4, P6, P11 and ElasticPool. You can list the available names with the cli: shell az sql db list-editions -l westus -o table. For further information please see Azure CLI - az sql db.
和 import支持如下:
storage_uri -(必需)指定 .bacpac 文件的 blob URI。storage_key -(必需)指定存储帐户的访问密钥。storage_key_type -(必需)指定存储帐户的访问密钥类型。有效值为 StorageAccessKey 或 SharedAccessKey.administrator_login -(必需)指定 SQL 管理员的名称。administrator_login_password -(必需)指定 SQL 管理员的密码。authentication_type -(必需)指定用于访问服务器的身份验证类型。有效值为 SQL 或 ADPassword.operation_mode -(可选)指定正在执行的导入操作的类型。唯一允许的值为 Import.
或者,如果您想继续使用 azurerm_mssql_database,那么我们需要部署和清空数据库,然后通过 SqlPackage 部署 bacpac。 (我还没试过)
使用 terraform 站点上的默认示例,我可以轻松创建数据库,但如何通过恢复备份来创建新数据库?
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_storage_account" "example" {
name = "examplesa"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_mssql_server" "example" {
name = "example-sqlserver"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
version = "12.0"
administrator_login = "4dm1n157r470r"
administrator_login_password = "4-v3ry-53cr37-p455w0rd"
}
resource "azurerm_mssql_database" "test" {
name = "acctest-db-d"
server_id = azurerm_mssql_server.example.id
collation = "SQL_Latin1_General_CP1_CI_AS"
license_type = "LicenseIncluded"
max_size_gb = 4
read_scale = true
sku_name = "BC_Gen5_2"
zone_redundant = true
create_mode = "RestoreExternalBackup" <-- WHAT ELSE DO I DO?
extended_auditing_policy {
storage_endpoint = azurerm_storage_account.example.primary_blob_endpoint
storage_account_access_key = azurerm_storage_account.example.primary_access_key
storage_account_access_key_is_secondary = true
retention_in_days = 6
}
tags = {
foo = "bar"
}
}
在文档中,他们提到了 create_mode“RestoreExternalBackup”选项,但没有提供有关如何引用备份的示例 - 我的备份存储在 azure 存储容器中。
编辑:提到“RestoreExternalBackup”更多是因为我缺乏理解。我想问的是如何 restore/create 从存储帐户
中存储的 bacpac 文件创建数据库关注博客Deploying Azure SQL Database Bacpac and Terraform by John Q. Martin
You can include the bacpac as the source for the database created in Azure.
首先,在 Azure SQL 服务器上设置防火墙,以防止部署期间由于 blob 存储访问问题而出现任何故障。为了确保这一点,我们必须启用“允许 Azure 服务和资源访问此服务器”,这允许两个 Azure 服务进行通信。
设置 Azure SQL 服务器防火墙
将 Start_ip 和 End_ip 都设置为 0.0.0.0。这被 Azure 解释为允许 Azure 服务的防火墙规则。
resource "azurerm_sql_firewall_rule" "allowAzureServices" {
name = "Allow_Azure_Services"
resource_group_name = azurerm_resource_group.example.name
server_name = azurerm_sql_server.example.name
start_ip_address = "0.0.0.0"
end_ip_address = "0.0.0.0"
}
定义数据库资源
我们需要使用 azurerm_sql_database 资源,因为仅支持通过此资源类型部署 bacpac。
这里的资源定义由两个主要部分组成,第一部分是关于数据库需要去哪里的详细信息,第二部分是定义 bacpac 源详细信息的子块。在这里我们需要输入 bacpac 文件的 URI 和存储密钥,在本例中我们使用 SAS 令牌作为密钥以允许访问 bacpac。
我们还需要为正在创建的服务器提供用户名和密码以允许导入工作,因为它需要获得 Azure SQL 服务器的授权才能工作。
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_storage_account" "example" {
name = "examplesa"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_sql_server" "example" {
name = "myexamplesqlserver"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
version = "12.0"
administrator_login = "4dm1n157r470r"
administrator_login_password = "4-v3ry-53cr37-p455w0rd"
tags = {
environment = "production"
}
}
resource "azurerm_sql_firewall_rule" "allowAzureServices" {
name = "Allow_Azure_Services"
resource_group_name = azurerm_resource_group.example.name
server_name = azurerm_sql_server.example.name
start_ip_address = "0.0.0.0"
end_ip_address = "0.0.0.0"
}
resource "azurerm_sql_database" "appdb01" {
depends_on = [azurerm_sql_firewall_rule.allowAzureServices]
name = "AzSqlDbName"
resource_group_name = azurerm_sql_server.example.resource_group_name
location = azurerm_sql_server.example.location
server_name = azurerm_sql_server.example.name
collation = "SQL_Latin1_General_CP1_CI_AS"
requested_service_objective_name = "BC_Gen5_2"
max_size_gb = 4
read_scale = true
zone_redundant = true
create_mode = "Default"
import {
storage_uri = "https://examplesa.blob.core.windows.net/source/Source.bacpac"
storage_key = "gSKjBfoK4toNAWXUdhe6U7YHqBgCBPsvoDKTlh2xlqUQeDcuCVKcU+uwhq61AkQaPIbNnqZbPmYwIRkXp3OzLQ=="
storage_key_type = "StorageAccessKey"
administrator_login = "4dm1n157r470r"
administrator_login_password = "4-v3ry-53cr37-p455w0rd"
authentication_type = "SQL"
operation_mode = "Import"
}
extended_auditing_policy {
storage_endpoint = azurerm_storage_account.example.primary_blob_endpoint
storage_account_access_key = azurerm_storage_account.example.primary_access_key
storage_account_access_key_is_secondary = true
retention_in_days = 6
}
tags = {
foo = "bar"
}
}
注:
extended_auditing_policy 块已移至 azurerm_mssql_server_extended_auditing_policy 和 azurerm_mssql_database_extended_auditing_policy。这个块将在 3.0 版本中被删除
提供商。
requested_service_objective_name - (Optional) The service objective name for the database. Valid values depend on edition and location and may include S0, S1, S2, S3, P1, P2, P4, P6, P11 and ElasticPool. You can list the available names with the cli: shell az sql db list-editions -l westus -o table. For further information please see Azure CLI - az sql db.
和 import支持如下:
storage_uri-(必需)指定 .bacpac 文件的 blob URI。storage_key-(必需)指定存储帐户的访问密钥。storage_key_type-(必需)指定存储帐户的访问密钥类型。有效值为StorageAccessKey或SharedAccessKey.administrator_login-(必需)指定 SQL 管理员的名称。administrator_login_password-(必需)指定 SQL 管理员的密码。authentication_type-(必需)指定用于访问服务器的身份验证类型。有效值为SQL或ADPassword.operation_mode-(可选)指定正在执行的导入操作的类型。唯一允许的值为Import.
或者,如果您想继续使用 azurerm_mssql_database,那么我们需要部署和清空数据库,然后通过 SqlPackage 部署 bacpac。 (我还没试过)