The Azure CLI is used to create and manage Azure resources from the command line or in scripts. You can protect your data by taking backups at regular intervals. Azure Backup creates recovery points that can be stored in geo-redundant recovery vaults.
This blog post shows how to back up Linux virtual machine (VM) in Azure with the Azure CLI. You can also perform these steps with Azure PowerShell or in the Azure portal.
Open Azure Cloud Shell
Azure Cloud Shell is a free, interactive shell that you can use to run the steps in this post. Common Azure tools are preinstalled and configured in Cloud Shell for you to use with your account. Just select the Copy button to copy the code, paste it in Cloud Shell, and then press Enter to run it.
There are a few ways to open Cloud Shell: https://shell.azure.com
Select the Cloud Shell button on the menu in the upper-right corner of the Azure portal.
To install and use the CLI locally, you must run Azure CLI version 2.0.59 or later. To find the CLI version, run az –version.
Launch Azure Cloud Shell
Select Copy to copy the blocks of code, paste it into the Cloud Shell, and press enter to run it.
Set environment variables
$recoveryServicesVaultName = “gitsRSV”
$resourceGroupName = “gitsLinux-RG”
$virtualMachineName = “gitsLinuxVM”
$location = “West Europe”
$adminName = “abou”
# Create the Resource Group
az group create –name $resourceGroupName –location $location
# Create a Virtual Machine
az vm create –resource-group $resourceGroupName –name $virtualMachineName –image UbuntuLTS –admin-username $adminName –generate-ssh-keys
It takes a few minutes to create the VM and supporting resources.
The following output shows the VM create operation was successful.
Note your own publicIpAddress in the output from your VM. This address is used to access the VM in the next steps.
# open up port 80
By default, only SSH connections are opened when you create a Linux VM in Azure. Use az vm open-port to open TCP port 80 for use with the NGINX web server:
az vm open-port –port 80 –resource-group $resourceGroupName –name $virtualMachineName
#login to VM
SSH to your VM as normal. Replace publicIpAddress with the public IP address of your VM as noted in the previous output from your VM:
# update packages
sudo apt-get -y update
Install web server
To see your VM in action, install the NGINX web server.
sudo apt-get -y install nginx
When done, type exit to leave the SSH session.
View the web server in action
Use a web browser of your choice to view the default NGINX welcome page. Use the public IP address of your VM as the web address. The following example shows the default NGINX web site:
Create a recovery services vault
A Recovery Services vault is a logical container that stores the backup data for each protected resource, such as Azure VMs. When the backup job for a protected resource runs, it creates a recovery point inside the Recovery Services vault. You can then use one of these recovery points to restore data to a given point in time.
az backup vault create –resource-group $resourceGroupName –name $recoveryServicesVaultName –location $location
# enable backup
Create a protection policy to define: when a backup job runs, and how long the recovery points are stored. The default protection policy runs a backup job each day and retains recovery points for 30 days. You can use these default policy values to quickly protect your VM.
To enable backup protection for a VM, use az backup protection enable-for-vm. Specify the resource group and VM to protect, then the policy to use:
az backup protection enable-for-vm –resource-group $resourceGroupName –vault-name $recoveryServicesVaultName –vm $virtualMachineName –policy-name DefaultPolicy
# initial backup
To start a backup now rather than wait for the default policy to run the job at the scheduled time, use az backup protection backup-now. This first backup job creates a full recovery point. Each backup job after this initial backup creates incremental recovery points. Incremental recovery points are storage and time-efficient, as they only transfer changes made since the last backup.
az backup protection backup-now –resource-group $resourceGroupName –vault-name $recoveryServicesVaultName –container-name $virtualMachineName –item-name $virtualMachineName –retain-until 18-10-2019
# watch backup
To monitor the status of backup jobs, use az backup job list:
az backup job list –resource-group $resourceGroupName –vault-name $recoveryServicesVaultName –output table
The output is similar to the following example, which shows the backup job is InProgress:
When the Status of the backup job reports Completed, your VM is protected with Recovery Services and has a full recovery point stored.