Copy Azure snapshots to different Region

1
votes

I'm trying to create a disaster recovery solution using Snapshots in Azure. I have many, many disks in a cluster and I currently can take snapshots of the disks to be able to restore locally. This works

I now want to either COPY the existing snapshots to a different region or create new snapshots of my disks but stored in a different region.

Reference: https://docs.microsoft.com/en-us/cli/azure/snapshot?view=azure-cli-latest#az_snapshot_create

I have tried this. In this example, the $disk_location is in eastus and the $target_location is eastus2.

az snapshot create --name $snapshot_name \
--resource-group $resource_group \
--location $target_location \
--source "$disk_location" \
--no-wait

This fails with "Resource mdw_data1 is not found." It exists but not in the $target_location.

I also tried creating a snapshot with the source as another snapshot. I ran into two problems with this. First, it stated the snapshot already existed because I'm using the same snapshot_name and when I changed to a different name, it gave me the same "not found" error.

Snapshots can be either locally redundant (3 copies in a single physical location) or zone redundant (3 copies across 3 availability zones within a region). Neither helps in the scenario where a region goes offline.

Reference: https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy

Also, Microsoft says: "For applications requiring high availability, Microsoft recommends using ZRS in the primary region, and also replicating to a secondary region." Yet I can't copy my snapshots to a secondary region as they recommend.

1
azureazure-disk

1 Answers

0
votes

AWS provides a single command to copy a snapshot from one region to another but Azure doesn't provide this functionality directly from their CLI.

Reference: https://docs.aws.amazon.com/cli/latest/reference/ec2/copy-snapshot.html

example:

aws ec2 copy-snapshot \
--region us-east-1 \
--source-region us-west-2 \
--source-snapshot-id snap-066877671789bd71b \
--description "This is my copied snapshot."

Azure solution:

Step 1 - Create a Storage Account in the target location

az storage account create --name $account_name \
--resource-group $resource_group \
--location $target_location

Step 2 - Get the Storage Key from Step 1 Storage Account

Note: Notice how Azure changed "storage_account" to "account_account".

az storage account keys list --resource-group $resource_group \
--account-name $account_name \
--query '[].value' \
--output tsv

Step 3 - Create a Container in the newly created Storage Account located in the target location

az storage container create --name $container_name 
--resource-group $resource_group \
--account-key $account_key \
--account-name $account_name

Step 4 - Grant access to your own snapshot

This is a weird one to me. You have to give yourself access to your own snapshot. You also have to set how long the grant to yourself is good for.

duration="7200"

az snapshot grant-access --resource-group $resource_group \
--name $snapshot_id \
--duration-in-seconds $duration \
--query [accessSas] \
--output tsv

Step 5 - Use the SAS to copy the snapshot to the container located in your storage account

The "destination_blob" is the name of the snapshot with ".vhd" appended to the end of it.

destination_blob="$snapshot_id"".vhd"

az storage blob copy start --destination-blob "$destination_blob" \
--destination-container "$container_name" \
--account-key "$account_key" \
--account-name "$account_name" \
--source-uri "$sas"

Step 6 - Wait

Keep running this until the output says "success".

az storage blob show --name "$destination_blob" \
--container-name "$container_name" \
--account-key "$account_key" \
--account-name "$account_name" \
--query '[properties.copy.status]' \
--output tsv

Step 7 - Get your subscription id

az account show --query 'id' --output tsv

Step 8 - Create snapshot Azure doesn't allow you to have a snapshot with the same name but in a different region. So, you'll have to update the name unfortunately.

target_snapshot_id="$snapshot_id""_copy"

az snapshot create --name $target_snapshot_id \
--resource-group $resource_group \
--location $target_location \
--source "https://${account_name}.blob.core.windows.net/${container_name}/${destination_blob}" \
--source-storage-account-id "/subscriptions/${subscription_id}/resourceGroups/${resource_group}/providers/Microsoft.Storage/storageAccounts/${account_name}"

Step 9 - Cleanup

az storage account delete --resource-group $resource_group \
--name $account_name \
--yes