Azure NetApp Files Snapshot Scheduler
Created by Kirk Ryan - @kirk__ryan
A simple to use Azure NetApp Files snapshot scheduler built upon Azure Logic Apps
This Azure Netapp Files snapshot scheduler allows you to take snapshots at any supported interval i.e. daily, hourly. etc and automatically manages snapshot retention for the specified number of snapshots.
Philosophy of operation
The scheduler will create snapshots at the interval and frequency that you specify in the configuration. When the retention limit is reached, the scheduler will remove the oldest snapshot on that volume.
Installation & Configuration
Simply clone/download this repository. It contains the ARM template and deployment scripts in order to deploy ANF Scheduler to your environment. The deployment can be run with deploy.ps1 (for Azure Cloud Shell), deploy-AzModule.ps1 (for Azure Powershell) or deploy.sh (Azure CLI).
Once you have installed the template you must configure the anfScheduler logic app to be able to access your Azure NetApp Files resources. Please note, that anfScheduler has no access to your data and operates entirely at the management API level.
You will need the following information about the volume for which you would like to schedule snapshots for:
- Subscription ID - The Azure Subscription ID containing your ANF services
- NetApp Account - The name of your Azure NetApp Files account that you provision your capacity pools and volumes within.
- Resource Group - The resource group name your ANF volume is deployed within
- Capacity Pool - The capacity pool name your ANF volume is deployed within
- Volume Name - The name of the volume you would like ANF Scheduler to manage snapshot creation and retention for.
- Retention - The amount of snapshots you would like to retain
Step 1 : Configure the logic app managed identity
Once you have the above information to hand you will need to populate those values into the logic app as follows:
- If you haven't already, open the logic app in your Azure Portal by chosing "All Services -> Logic Apps"
- Select the Scheduler-ANF-Snapshots-vx
- Enable system assigned identity - this allows you to control the access ANF Scheduler has to your Azure NetApp Files resources right down to a single volume (granular!)
- Select Yes when prompted and note the name of your identity
Step 2: Assign the Managed Identity access to Azure NetApp Files
- Select the capacity pool or volume you would like to allow access to for the managed identity.
- Select Access Control (IAM) and select "Add" then "Add Role Assignment"
- Next select "Owner" as role,
- Assign access to "Azure AD user, group of service principal"
- Select your managed identity:
- That's it, the ANF scheduler now has the correct permissions to create and delete snapshots for your given volume.
Step 3: Customise the Logic App to your ANF environment
- Navigate back to your logic app and click the "designer" button on the top bar - you will now need to enter your specific environmental variables such as resource group, volume name, etc. To do so, simply each User Configuration heading (purple) and enter your values into the value field
- Remain on this page, you'll need it for the next and final step
Step 4: Set your schedule and retention
- By default the logic app is configured to take a daily snapshot and retain 7 days before removing the oldest snapshot. If you would like to configure any of the parameters simple select the recurrance heading (blue) and configure appropriately. For example a daily would be 1 interval on a daily frequency. You can select the time the job will run easily. . Note: Do not try to take snapshots at < 5 minute intervals.
- Finally, you must configure your retention. For example, if you would like to keep the last 7 days and your schedule was set to an interval of 1 with frequency of daily, then set the User Configuration: Snapshot Retention to 7. Likewise if you were taking hourly snapshots and wanted the last 48 hours, then set User Configuration: Snapshot Retention to 48.
Here are some known errors you may encounter commonly caused by misconfiguration
https://aka.ms/logicapps-msi for details.WorkflowManagedServiceIdentityNotSpecified. The workflow 'Scheduler-ANF-Snapshots-v1' does not have managed service identity enabled. See
Answer: You have not enabled the managed identity in Step 2. Please enable and try again
The term "Login-AzureRmAccount is not recognized".....
Answer: You are using PowerShell module > 2.0.69 i.e. 2.4.0. Use the deploy-AzModule.ps1 instead of deploy.ps1.
Connect-AzAccount : Access to the path '/Users/yourusername/.Azure/AzureRmContext.json' is denied.
Answer: You do not have sufficient user priviliges on your client. Restart PowerShell as admin (windows) or sudo (linux/unix/macOS) and try again.