Feature Request: azurerm_recovery_services_vault vm enrollment

[PleaseStopAsking]

Hi there,

Terraform Version

Terraform v0.11.7

• provider.azurerm v1.3.3

Affected Resource(s)

Please list the resources as a list, for example:

• azurerm_recovery_services_vault
• azurerm_virtual_machine

Expected Behavior

With the upcoming support for creating Recovery Service Vaults, it would be helpful to enroll any vm's that are created in the same apply with the Vault for backups. This would require additional work such as creating a backup policy under the azurerm_recovery_services_vault as shown below.

My current workflow is to deploy vm's with terraform and then run an additional powershell script locally that will...

1. Take input of a Resource Group name from user.
2. Create Recovery Services Vault in the given resource group.
3. Create a backup policy based on type of environment. (The type of environment is determined by the last 3 characters of the resource group name such as poc, dev, stg, prd and each of these is associated with a retention timeframe such as poc = 3, dev = 3, stg = 7 and prd = 30.)
4. Loop through each vm in the Resource Group and enroll them for backup with the previously created policy.

It would greatly improve the workflow if instead of the above workflow, I could doing something such as...

resource "azurerm_recovery_services_vault" "vault" {
  name                = "example_recovery_vault"
  location            = "${azurerm_resource_group.rg.location}"
  resource_group_name = "${azurerm_resource_group.rg.name}"
  sku                 = "standard"

  backup_policy {
    name     = "example_backup_policy"
    backup_frequency = "daily"
    daily_backup_retention = 3
    time_zone = "utc"
    time = {
      hour = 11
      min = 30
      period = "pm"
    }

    {...}
  }
}

resource "azurerm_virtual_machine" "test" {
  name                  = "acctvm"
  location              = "${azurerm_resource_group.test.location}"
  resource_group_name   = "${azurerm_resource_group.test.name}"
  network_interface_ids = ["${azurerm_network_interface.test.id}"]
  vm_size               = "Standard_DS1_v2"
  depends_on = ["azurerm_recovery_services_vault.vault"]

  backup_vault = {
    backup_vault_id = "${azurerm_recovery_services_vault.vault.id}"
    backup_policy = "${azurerm_recovery_services_vault.vault.policy.id}"
  }

  {...}
}

I would be interested in working on this but have no experience in go or how the azure provider leverages azure to perform tasks. If there is official docs on the provider, I am happy to dig in.

References

Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:
#995

[tombuildsstuff]

Some initial investigation into this - based on this ARM Template:

{
  "name": "[concat(variables('recoveryVaultName'), variables('protectectioContainer'), variables('protectedItem'))]",
  "type": "Microsoft.RecoveryServices/vaults/backupFabrics/protectionContainers/protectedItems",
  "apiVersion": "2016-12-01",
  "location": "[resourceGroup().location]",
  "properties": {
    "protectedItemType": "Microsoft.Compute/virtualMachines",
    "workloadType": "VM",
    "sourceResourceId": "[variables('vmNameId')]",
    "policyId": "[variables('recoveryVaultPolicyId')]"
  }
}

It appears this is available through the Protected Items API: https://docs.microsoft.com/en-us/rest/api/backup/protecteditems and appears to be in the Go SDK: https://github.com/Azure/azure-sdk-for-go/blob/master/services/recoveryservices/mgmt/2017-07-01/backup/protecteditemsgroup.go#L49

[philipstreet-hiscox]

Hi @tombuildsstuff,

Re your reply to #1007, your comment above appears to only address the capability to Backup a VM, whereas I am looking for Disaster Recovery (Site Recovery) support.

[DamianFlynn]

Has any progress been made on adding the VM Backups, and backup policies as suggested in this request?
I have followed the linked issues; but all are closed with comments pointing back here.

thanks
Damian

[tombuildsstuff]

@philipstreet-hiscox apologies - missed this reply: would you mind opening a separate Issue for that feature request specifically, with an example if you've got one? This would help us when writing the test-cases for it :)

@DamianFlynn this is on our roadmap for the near future - but I can't give a specific date at this time. Since you're asking for them - would you be able to give an example of Backup Policies that we could use as a basis for this?

Thanks!

[philipstreet-hiscox]

@tombuildsstuff Hi Tom, I did open a feature request for this (#1007) but you closed it saying that it was covered by another feature request, but it wasn't. Can we open my original request rather than creating a new feature request?

Phil

[tombuildsstuff]

@philipstreet-hiscox after taking another look into this, I'll re-open the other issue; apologies for the confusion here. I'll add some additional context to the other issue & rename the title to match.

Thanks!

[philipstreet-hiscox]

@tombuildsstuff Many thanks Tom. I can provide specific scenario details, which I'll add to the other issue.

[ghost]

I am also very interested in this feature. My use case is just to add created VMs to preconfigured Recovery Services. This is crucial to maintain automated configuration and deployment.

3 months passed, any updates on ETA?

[archmangler]

Attempted workaround using Azure cli embedded in local-exec also runs into issues because Terraform's "on-destroy" is broken in providers. I've tried this:

resource "null_resource" "rsv_enable" {
 triggers {
  uuid = "${azurerm_virtual_machine.instance.id}"
 }
 provisioner "local-exec" {
  "./enable_rsv.sh"
 }
  provisioner "local-exec" {
   when = "destroy"
   command= "./cleanup_rsv.sh"
 }
}

But the on destroy clause is ignored, which means the solution is not adequate.
Is this being worked on actively?

Note: The above bloc is in a module wrapping a virtual machine resource:

resource "azurerm_virtual_machine" "instance" {
.....
}

resource "null_resource" "backup_provision" {
  triggers {
    uuid = "${azurerm_virtual_machine.instance.id}"
  }
  provisioner "local-exec" {
      command = "./backup-configure.sh",
  }
}

resource "null_resource" "backup_cleanup" {
  provisioner "local-exec" {
     when = "destroy"
     command = "./cleanup.sh",
    }
}

[katbyte]

Hi @PleaseStopAsking,

This was just released in v1.17.0 via #1637 🙂

[ghost]

Hello Tom, Katbyte et al, dont suppose you have a modifed milestone for backup?

[tombuildsstuff]

@phosphre VM Backups have been available since v1.17.0 (so should be available today)

Since this issue's been closed for a while I'm going to lock it - however if you're looking support for a different backup type (or have questions) please feel free to open a new issue and we'll take a look :)

Thanks!