Commit e270e094 authored by Hema Vishnu Pola [Microsoft]'s avatar Hema Vishnu Pola [Microsoft]
Browse files

Merge branch 'users/komakkar/backupScripts' into 'master'

Adding script to configure the Backup for CosmosDB and Storage Account

See merge request osdu/platform/deployment-and-operations/infra-azure-provisioning!206
parents f356cb4a 3afee1f2
......@@ -192,7 +192,6 @@ __Azure AD Admin Consent__
For more information on Azure identity and authorization, see the official Microsoft documentation [here](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent).
## Elastic Search Setup
Infrastructure requires a bring your own Elastic Search Instance of a version of 6.8.x with a valid https endpoint and the access information must now be stored in the Common KeyVault. The recommended method of Elastic Search is to use the [Elastic Cloud Managed Service from the Marketplace](https://azuremarketplace.microsoft.com/en-us/marketplace/apps/elastic.ec-azure?tab=Overview).
......@@ -221,6 +220,10 @@ EOF
cp .envrc .envrc_${UNIQUE}
```
## Configure Back Up
Back is enabled by default. To set the backup policies, utilize the script
[here](https://community.opengroup.org/osdu/platform/deployment-and-operations/infra-azure-provisioning/-/tree/master/tools).
The script should be run whenever you bring up a Resource Group in your deployment.
## Configure Key Access in Manifest Repository
......
#!/bin/bash
# Config values for Service Account Data Protection Policies.
ENABLE_DELETE_RETENTION="true"
DELETE_RETENTION_DAYS=29
ENABLE_VERSIONING="true"
ENABLE_CHANGE_FEED="true"
ENABLE_RESTORE_POLICY="true"
RESTORE_DAYS=28
# Config values for CosmosDB Account Backup Policies.
BACKUP_INTERVAL_IN_MINUTES=480
BACKUP_RETENTION_IN_HOURS=672
# Literals
RESOURCETYPE_STORAGE_ACCOUNT="Microsoft.Storage/storageAccounts"
RESOURCETYPE_COSMOSDB_ACCOUNT="Microsoft.DocumentDb/databaseAccounts"
QUERY_FOR_NAME='[].name'
# arguments (message)
function log() {
echo >&2 "[update_backup_policies.sh] $1"
}
function configureDataProtectionPoliciesForStorageAccounts() {
log "function:start: ${FUNCNAME}"
log "Setting Data Protection policies for all Storage Accounts in the Resource Group: ${resourceGroup}."
log "following properties would be updated:"
log "DELETE_RETENTION_DAYS: ${DELETE_RETENTION_DAYS}"
log "RESTORE_DAYS: ${RESTORE_DAYS}"
local resourceGroup=$1
storageAccounts=$(az resource list \
--resource-group "${resourceGroup}" \
--resource-type "${RESOURCETYPE_STORAGE_ACCOUNT}" \
--query "${QUERY_FOR_NAME}" \
--output tsv)
for storageAccount in $storageAccounts ;
do
storageAccount=$(echo "${storageAccount}" | sed -r 's/\/r//g')
log "Setting backup policies for Storage Account: ${storageAccount}."
az storage account blob-service-properties update \
--resource-group "${resourceGroup}" \
--account-name "${storageAccount}" \
--enable-delete-retention "${ENABLE_DELETE_RETENTION}" \
--delete-retention-days "${DELETE_RETENTION_DAYS}" \
--enable-versioning "${ENABLE_VERSIONING}" \
--enable-change-feed "${ENABLE_CHANGE_FEED}" \
--enable-restore-policy "${ENABLE_RESTORE_POLICY}" \
--restore-days "${RESTORE_DAYS}";
done;
log "function:end: ${FUNCNAME}"
}
function configureBackupPoliciesForCosmosDbAccounts() {
log "function:start: ${FUNCNAME}"
log "Setting backup policies all CosmosDB Accounts in Resource Group: ${resourceGroup}."
log "following properties would be updated:"
log "BACKUP_INTERVAL_IN_MINUTES: ${BACKUP_INTERVAL_IN_MINUTES}"
log "BACKUP_RETENTION_IN_HOURS: ${BACKUP_RETENTION_IN_HOURS}"
local resourceGroup=$1
cosmosdbAccounts=$(az resource list \
--resource-group "${resourceGroup}" \
--resource-type "${RESOURCETYPE_COSMOSDB_ACCOUNT}" \
--query "${QUERY_FOR_NAME}" \
--output tsv)
for cosmosDbAccount in $cosmosdbAccounts ;
do
cosmosDbAccount=$(echo "${cosmosDbAccount}" | sed -r 's/\/r//g')
log "Setting backup policies for CosmosDB Account: ${cosmosDbAccount}."
az cosmosdb update \
--name "${cosmosDbAccount}"\
--resource-group "${resourceGroup}"\
--backup-interval "${BACKUP_INTERVAL_IN_MINUTES}" \
--backup-retention "${BACKUP_RETENTION_IN_HOURS}" ;
done;
log "function:end: ${FUNCNAME}"
}
main() {
log "function:start: ${FUNCNAME}"
local resourceGroup=$1
local help=$2
if [ "$help" == "true" ]; then
echo "
Use -r options to specify Resource Group, for which back up is to be configured.
Use -h true option for help
"
exit 0
fi
configureDataProtectionPoliciesForStorageAccounts "${resourceGroup}"
configureBackupPoliciesForCosmosDbAccounts "${resourceGroup}"
log "function:end: ${FUNCNAME}"
}
# Input Management
resourceGroup=""
help="false"
while getopts ":r::h::" opt; do
case $opt in
r)
resourceGroup=$OPTARG
;;
h)
help="true"
;;
\?)
echo "Invalid option: -$OPTARG"
echo "Use -h true option for help"
exit 1
;;
:)
echo "Option -$OPTARG requires an argument."
echo "Use -h true option for help"
exit 1
;;
esac
done
main "$resourceGroup" "$help"
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment