This article is contributed. See the original author and article here.
Table of Contents
Azure NetApp Files backup preview enablement
Managing Resource Providers in Terraform
Terraform AzAPI and AzureRM Providers
Declaring the Azure NetApp Files infrastructure
Azure NetApp Files backup policy creation
Assigning a backup policy to an Azure NetApp Files volume
Abstract
This article demonstrates how to enable the use of preview features in Azure NetApp Files in combination with Terraform Cloud and the AzAPI provider. In this example we enhance data protection with Azure NetApp Files backup (preview) by enabling and creating backup policies using the AzAPI Terraform provider and leveraging Terraform Cloud for the deployment.
Co-authors: John Alfaro (NetApp)
Introduction
As Azure NetApp Files development progresses new features are continuously being brought to market. Some of those features arrive in a typical Azure ‘preview’ fashion first. These features normally do not get included into Terraform before general availability (GA). A recent example of such a preview feature at the time of writing is Azure NetApp Files backup.
In addition to snapshots and cross-region replication, Azure NetApp Files data protection has extended to include backup vaulting of snapshots. Using Azure NetApp Files backup, you can create backups of your volumes based on volume snapshots for longer term retention. At the time of writing, Azure NetApp files backup is a preview feature, and has not yet been included in the Terraform AzureRM provider. For that reason, we decided to use the Terraform AzAPI provider to enable and manage this feature.
Azure NetApp Files backup provides fully managed backup solution for long-term recovery, archive, and compliance.
- Backups created by the service are stored in an Azure storage account independent of volume snapshots. The Azure storage account will be zone-redundant storage (ZRS) where availability zones are available or locally redundant storage (LRS) in regions without support for availability zones.
- Backups taken by the service can be restored to an Azure NetApp Files volume within the region.
- Azure NetApp Files backup supports both policy-based (scheduled) backups and manual (on-demand) backups. In this article, we will be focusing on policy-based backups.
For more information regarding this capability go to Azure NetApp Files backup documentation.
Scenario
In the following scenario, we will demonstrate how Azure NetApp Files backup can be enabled and managed using the Terraform AzAPI provider. To provide additional redundancy for our backups, we will backup our volumes in the Australia East region, taking advantage of zone-redundant storage (ZRS).
Azure NetApp Files backup preview enablement
To enable the preview feature for Azure NetApp Files, you need to enable the preview feature. In this case, this feature needs to be requested via the Public Preview request form. Once the feature is enabled, it will appear as ‘Registered’.
Get-AzProviderFeature -ProviderNamespace “Microsoft.NetApp” -Feature ANFBackupPreview
FeatureName ProviderName RegistrationState
———– ———— —————–
ANFBackupPreview Microsoft.NetApp Registered
(!) Note
A ‘Pending’ status means that the feature needs to be enabled by Microsoft before it can be used. |
Managing Resource Providers in Terraform
In case you manage resource providers and its features using Terraform you will find that registering the preview feature will fail with the below message, which is expected as it is a forms-based opt-in feature.
Resource “azurerm_resource_provider_registration” “anfa” {
name = “Microsoft.NetApp”
feature {
name = “ANFSDNAppliance”
registered = true
}
feature {
name = “ANFChownMode”
registered = true
}
feature {
name = “ANFUnixPermissions”
registered = true
}
feature {
name = “ANFBackupPreview”
registered = true
}
}
Terraform Configuration
We are deploying Azure NetApp Files using a module with the Terraform AzureRM provider and configuring the backup preview feature using the AzAPI provider.
Microsoft has recently released the Terraform AzAPI provider which helps to break the barrier in the infrastructure as code (IaC) development process by enabling us to deploy features that are not yet released in the AzureRM provider. The definition is quite clear and taken from the provider GitHub page.
The AzAPI provider is a very thin layer on top of the Azure ARM REST APIs. This new provider can be used to authenticate to and manage Azure resources and functionality using the Azure Resource Manager APIs directly.
The code structure we have used looks like the sample below. However, if using Terraform Cloud you use the private registry for module consumption. For this article, we are using local modules.
ANF Repo
|_Modules
|_ANF_Pool
| |_ main.tf
| |_ variables.tf
| |_ outputs.tf
| |_ ANF_Volume
| |_ main.tf
| |_ variables.tf
| |_ outputs.tf
|_ main.tf
|_ providers.tf
|_ variables.tf
|_ outputs.tf
Terraform AzAPI and AzureRM Providers
We have declared the Terraform providers configuration to be used as below.
provider “azurerm” {
skip_provider_registration = true
features {}
}
provider “azapi” {
}
terraform {
required_providers {
azurerm = {
source = “hashicorp/azurerm”
version = “~> 3.00”
}
azapi = {
source = “azure/azapi”
}
}
}
Declaring the Azure NetApp Files infrastructure
To create the Azure NetApp Files infrastructure, we will be declaring and deploying the following resources:
- NetApp account
- capacity pool
- volume
- export policy which contains one or more export rules that provide client access rules
resource “azurerm_netapp_account” “analytics” {
name = “cero-netappaccount”
location = data.azurerm_resource_group.one.location
resource_group_name = data.azurerm_resource_group.one.name
}
module “analytics_pools” {
source = “./modules/anf_pool”
for_each = local.pools
account_name = azurerm_netapp_account.analytics.name
resource_group_name = azurerm_netapp_account.analytics.resource_group_name
location = azurerm_netapp_account.analytics.location
volumes = each.value
tags = var.tags
}
To configure Azure NetApp Files policy-based backups for a volume there are some requirements. For more info about these requirements, please check requirements and considerations for Azure NetApp Files backup.
- snapshot policy must be configured and enabled
- Azure NetApp Files backup is supported in the following regions. In this example we are using the Australia East region.
After deployment, you will be able to see the backup icon as part of the NetApp account as below.
Azure NetApp Files backup policy creation
The creation of the backup policy is similar to a snapshot policy and has its own Terraform resource. The backup policy is a child element of the NetApp account. You’ll need to use the ‘azapi_resource’ resource type with the latest API version.
(!) Note
It is helpful to install the Terraform AzAPI provider extension in VSCode, as it will make development easier with the IntelliSense completion. |
The code looks like this:
resource “azapi_resource” “backup_policy” {
type = “Microsoft.NetApp/netAppAccounts/backupPolicies@2022-01-01”
parent_id = azurerm_netapp_account.analytics.id
name = “test”
location = “australiaeast”
body = jsonencode({
properties = {
enabled = true
dailyBackupsToKeep = 1
weeklyBackupsToKeep = 0
monthlyBackupsToKeep = 0
}
})
}
(!) Note
The ‘parent_id’ is the resource id of the NetApp account |
Because we are deploying this in the Australia East region, which has support for availability zones, the Azure storage account used will be configured with zone-redundant storage (ZRS), as documented under Requirements and considerations for Azure NetApp Files backup. In the Azure Portal, within the volume context, it will look like the following:
(!) Note
Currently Azure NetApp File backups supports backing up the daily, weekly, and monthly local snapshots created by the associated snapshot policy to the Azure Storage account. |
The first snapshot created when the backup feature is enabled is called a baseline snapshot, and its name includes the prefix ‘snapmirror’.
Assigning a backup policy to an Azure NetApp Files volume
The next step in the process is to assign the backup policy to an Azure NetApp Files volume. Once again, as this is not yet supported by the AzureRM provider, we will use the `azapi_update_resource` as it allows us to manage the resource properties we need from the existing NetApp account. Additionally, it does use the same auth methods as the AzureRM provider. In this case, the configuration code looks like the following where the data protection block is added to the volume configuration.
resource “azapi_update_resource” “vol_backup” {
type = “Microsoft.NetApp/netAppAccounts/capacityPools/volumes@2021-10-01”
resource_id = module.analytics_pools[“pool1”].volumes.volume1.volume.id
body = jsonencode({
properties = {
dataProtection = {
backup = {
backupEnabled = true
backupPolicyId = azapi_resource.backup_policy.id
policyEnforced = true
}
}
unixPermissions = “0740”,
exportPolicy = {
rules = [{
ruleIndex = 1,
chownMode = “unRestricted” }
]
}
}
})
}
The data protection policy will look like the screenshot below indicating the specified volume is fully protected within the region.
AzAPI to AzureRM migration
At some point, the resources created using the AzAPI provider will become available in the AzureRM provider, which is the recommended way to provision infrastructure as code in Azure. To make code migration a bit easier, Microsoft has provided the AzAPI2AzureRM migration tool.
Summary
The Terraform AzAPI provider is a tool to deploy Azure features that have not yet been integrated in to the AzureRM Terraform provider. As we see more adoption of preview features in Azure NetApp Files this new functionality will give us deployment support to manage zero-day and preview features, such as Azure NetApp Files backup and more.
Additional Information
- https://learn.microsoft.com/azure/azure-netapp-files
- https://learn.microsoft.com/azure/azure-netapp-files/backup-introduction
- https://learn.microsoft.com/azure/azure-netapp-files/backup-requirements-considerations
- https://learn.microsoft.com/azure/developer/terraform/overview-azapi-provider#azapi2azurerm-migration-tool
- https://registry.terraform.io/providers/hashicorp/azurerm
- https://registry.terraform.io/providers/Azure/azapi
- https://github.com/Azure/terraform-provider-azapi
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments