Powershell脚本创建快照并将其存储到另一个位置的存储帐户中 [英] Powershell script to create a snapshot and store it into a storage account in another location

问题描述

使用powershell脚本，我需要创建VM的快照并将快照保存在其他区域的存储帐户中.快照名称还应包含拍摄日期，以便可以在30天后自动将其删除.让我知道如何实现这一目标.我面临的另一个主要问题是如何在不直接在脚本中使用键的情况下将快照存储在存储帐户中.

这是我正在使用的旧脚本，它在快照名称功能中没有日期，并且直接在脚本中使用存储帐户密钥，这是不安全的.

  #powershell脚本创建快照Select-AzSubscription -SubscriptionName'subs name'$ subscriptionId ='xxxxxx'$ resourceGroupName ="Rgname";$ vmName =" VMname"$ Location =美国东部"；#如何以快照的名称获取日期$ snapshotName ="snapname"$ vmOSDisk =(Get-AzVM -ResourceGroupName $ resourceGroupName -Name $ vmName).StorageProfile.OsDisk.Name$ Disk = Get-AzDisk -ResourceGroupName $ resourceGroupName -DiskName $ vmOSDisk$ SnapshotConfig = New-AzSnapshotConfig -SourceUri $ Disk.Id -CreateOption复制-Location $ Location$ Snapshot = New-AzSnapshot -Snapshot $ snapshotConfig -SnapshotName`$ snapshotName -ResourceGroupName $ resourceGroupName#powershell脚本将快照转换为托管磁盘$ diskName ='ManagedDiskname'#提供磁盘的大小(以GB为单位).它应该大于VHD文件的大小.$ diskSize ='128'$ storageType ='Premium_LRS'Select-AzSubscription -SubscriptionId $ SubscriptionId$ snapshot = Get-AzSnapshot -ResourceGroupName $ resourceGroupName -SnapshotName $ snapshotName$ diskConfig = New-AzDiskConfig -SkuName $ storageType-位置$ location -CreateOption复制-SourceResourceId $ snapshot.IdNew-AzDisk-磁盘$ diskConfig -ResourceGroupName $ resourceGroupName -DiskName $ diskName#powershell脚本可将托管磁盘保存到其他位置的存储帐户中$ sasExpiryDuration ="3600"；$ storageAccountName ="storageacctname"；$ storageContainerName ="containername";$ storageAccountKey ='(Get-AzStorageAccountKey -ResourceGroupName'Snapshot-Powershell'-AccountName'storageforsnap')''#提供要在其中复制托管磁盘的VHD的存储帐户的密钥.$ storageAccountKey ='xxxxxx'$ destinationVHDFileName ="vhdfilename"；.$ useAzCopy = 1Select-AzSubscription -SubscriptionId $ SubscriptionId$ sas = Grant-AzDiskAccess -ResourceGroupName $ ResourceGroupName -DiskName $ diskName -DurationInSecond $ sasExpiryDuration -Access读取$ destinationContext = New-AzStorageContext -StorageAccountName $ storageAccountName -StorageAccountKey $ storageAccountKey#将托管磁盘的VHD复制到存储帐户if($ useAzCopy -eq 1){$ containerSASURI = New-AzStorageContainerSASToken -Context $ destinationContext -ExpiryTime(get-date).AddSeconds($ sasExpiryDuration)-FullUri -Name $ storageContainerName -Permission rwazcopy复制$ sas.AccessSAS $ containerSASURI}别的{Start-AzStorageBlobCopy -AbsoluteUri $ sas.AccessSAS -DestContainer $ storageContainerName -DestContext $ destinationContext -DestBlob $ destinationVHDFileName} 

解决方案

1.30天后可以自动删除Azure快照

据我所知，Azure不提供此功能.但是我们可以通过计划任务来实现它.

例如

1. Using powershell script, I need to create a snapshot of a VM and save the snapshot in a storage account which is in a different region. The snapshot name should also contain the date on which it was taken, so that it can be auto deleted after 30 days. Do let me know how to achieve this. Also another major issue I am facing is how to store the snapshot in the storage account without using keys directly in the script.

   This is the old script which I am using, it does not has the date in the snapshot name feature and uses storage account keys directly in the script, which is not secure.

    #powershell script to create a snapshot
   
   Select-AzSubscription -SubscriptionName 'subs name'
   
   $subscriptionId = 'xxxxxx'
   
   $resourceGroupName = "Rgname"
   
   $vmName="VMname"
   
   $Location = "East US"
   
   #how to get-date in the name of the snap
   $snapshotName = "snapname"
   
   
   $vmOSDisk=(Get-AzVM -ResourceGroupName $resourceGroupName -Name $vmName).StorageProfile.OsDisk.Name
   
   $Disk = Get-AzDisk -ResourceGroupName $resourceGroupName -DiskName $vmOSDisk
   
   $SnapshotConfig = New-AzSnapshotConfig -SourceUri $Disk.Id -CreateOption Copy -Location $Location
   
   $Snapshot=New-AzSnapshot -Snapshot $snapshotConfig -SnapshotName `
         $snapshotName -ResourceGroupName $resourceGroupName
   
   
   
   
   
   
   #powershell script to convert snapshot into managed disks
         
   $diskName = 'ManagedDiskname'
   
   #Provide the size of the disks in GB. It should be greater than the VHD file size.
   $diskSize = '128'
   
   
   $storageType = 'Premium_LRS'
   
   Select-AzSubscription -SubscriptionId $SubscriptionId
   
   $snapshot = Get-AzSnapshot -ResourceGroupName $resourceGroupName -SnapshotName $snapshotName 
   
   $diskConfig = New-AzDiskConfig -SkuName $storageType -Location $location -CreateOption Copy -SourceResourceId $snapshot.Id
   
   New-AzDisk -Disk $diskConfig -ResourceGroupName $resourceGroupName -DiskName $diskName
   
   
   
   
   
   
   #powershell script to save managed disk into a storage account which is in a different location
   
   $sasExpiryDuration = "3600"
   
   $storageAccountName = "storageacctname"
   
   $storageContainerName = "containername"
   
   $storageAccountKey = '(Get-AzStorageAccountKey -ResourceGroupName "Snapshot-Powershell" -AccountName "storageforsnap")'
   
   #Provide the key of the storage account where you want to copy the VHD of the managed disk. 
   $storageAccountKey = 'xxxxxx'
   
   
   $destinationVHDFileName = "vhdfilename"
   
   . 
   $useAzCopy = 1 
   
   
   Select-AzSubscription -SubscriptionId $SubscriptionId
   
   
   $sas = Grant-AzDiskAccess -ResourceGroupName $ResourceGroupName -DiskName $diskName -DurationInSecond $sasExpiryDuration -Access Read 
   
   
   $destinationContext = New-AzStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $storageAccountKey
   
   #Copy the VHD of the managed disk to the storage account
   if($useAzCopy -eq 1)
   {
       $containerSASURI = New-AzStorageContainerSASToken -Context $destinationContext -ExpiryTime(get-date).AddSeconds($sasExpiryDuration) -FullUri -Name $storageContainerName -Permission rw
       azcopy copy $sas.AccessSAS $containerSASURI
   
   }else{
   
       Start-AzStorageBlobCopy -AbsoluteUri $sas.AccessSAS -DestContainer $storageContainerName -DestContext $destinationContext -DestBlob $destinationVHDFileName
   }
   

   解决方案

   1. Azure snapshot can be auto deleted after 30 days

   As far as I knew, Azure does not provide the feature. But we can implement it via a schedule task.

   For example

   1. Enable Run As account in Azure automation account

   2. Install module Az.Automation Az.Accounts and Az.Compute in the automation account. Regarding how to install, please refer to here

   3. Create Azure Powershell runbook with the following script in the automation ccount. For more details, please refer to here.

   
   #get the snpshots created before 30 days
   Get-AzSnapshot| Where-Object{($_.TimeCreated -lt ([datetime]::UtcNow.AddDays(-30)))}
   foreach($snp in $snps){
     $snp| Remove-AzSnapshot -Force
   }
   

   4. Create a schedule for the Azure runbook.

   2. How to securely connect Azure blob

   If you want to securely connect Azure blob, we can implement it with Azure AD auth. For more details, please refer to here.

   For example

   1. Assign Storage Blob Data Contributor role to user or sp

   New-AzRoleAssignment -SignInName <email> `
       -RoleDefinitionName "Storage Blob Data Contributor" `
       -Scope  "/subscriptions/<subscription>/resourceGroups/sample-resource-group/providers/Microsoft.Storage/storageAccounts/<storage-account>"
   

   2. Script

   Connect-AzAccount
   $ResourceGroupName=""
   $snapshotName=""
   $sasExpiryDuration=3600
   
   $sas =Grant-AzSnapshotAccess  -SnapshotName $snapshotName -ResourceGroupName $ResourceGroupName  -DurationInSecond $sasExpiryDuration -Access Read 
   
   $storageAccountName=""
   $destinationContext = New-AzStorageContext -StorageAccountName $storageAccountName -UseConnectedAccount
   
   $storageContainerName="image"
   $destinationVHDFileName="test.vhd"
   Start-AzStorageBlobCopy -AbsoluteUri $sas.AccessSAS -DestContainer $storageContainerName -DestContext $destinationContext -DestBlob $destinationVHDFileName
   
   #check copy state
   Get-AzStorageBlobCopyState -Container $storageContainerName -Blob $destinationVHDFileName -Context $destinationContext
   

   这篇关于Powershell脚本创建快照并将其存储到另一个位置的存储帐户中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！