Azure Terraform为Azure存储帐户注册备份保护容器时出错

jrcvhitl 于 10个月前发布在其他

关注(0)|答案(1)|浏览(161)

我正在使用Terraform为文件共享创建Azure Recovery Services Vault。但它一直报告错误：

Error: registering backup protection container StorageContainer;storage;fer-bpcm-d-rsg-commonsa;xxxbpcmpcgl (Vault fer-bpcm-p-euwe-rvt-golden): backup.ProtectionContainersClient#Register: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="BMSUserErrorContainerIsAssociatedWithAnotherVault" Message="Container is associated with another vault. Please select the right vault to proceed with the container operation."

  with module.recovery_services_vault.azurerm_backup_container_storage_account.protection_container["fer-bpcm-p-euwe-rvt-golden~xxxbpcmpcgl~data"],
  on ../modules/LandingZone/BPCM/recovery_services_vault/main.tf line 75, in resource "azurerm_backup_container_storage_account" "protection_container":
  75: resource "azurerm_backup_container_storage_account" "protection_container" {

字符串
Terraform片段如下：

resource "azurerm_recovery_services_vault" "fs_rsv_vaults" {

  for_each                      = { for fs_rsv_vault in var.fileshare_recovery_vaults : fs_rsv_vault.name => fs_rsv_vault }
  name                          = each.value.name
  resource_group_name           = each.value.resource_group_name
  location                      = each.value.location
  # sku, immutability, storage_mode_type, soft_delete_enabled
  # public_network_access_enabled, cross_region_restore_enabled, tags,identity 
}

resource "azurerm_backup_policy_file_share" "rsv_vault_policy" {
  for_each            = { for policy in local.rsv_vault_policy_list : "${policy.vault_name}~${policy.policy_name}" => policy }
  name                = each.value.policy_name
  resource_group_name = azurerm_recovery_services_vault.fs_rsv_vaults[each.value.vault_name].resource_group_name
  recovery_vault_name = azurerm_recovery_services_vault.fs_rsv_vaults[each.value.vault_name].name
  # timezone, backup, retention_daily
}

resource "azurerm_backup_container_storage_account" "protection_container" {
  for_each = { for fileshare in local.fileshare_list : "${fileshare.recovery_vault_name}~${fileshare.storage_account_name}~${fileshare.source_file_share_name}" => fileshare }
  resource_group_name = azurerm_recovery_services_vault.fs_rsv_vaults[each.value.recovery_vault_name].resource_group_name
  recovery_vault_name = each.value.recovery_vault_name
  storage_account_id  = data.azurerm_storage_account.storage_accounts[each.value.storage_account_name].id
}

型
我检查了documetation但是如何将唯一的保护容器azurerm_backup_container_storage_account关联到每个存储帐户，因为保护容器没有name参数？我做错了什么？
我正在传递存储帐户列表，如下所示：

fileshare_recovery_vaults = [
  {
    name = "myvault"
    resource_group_name = "rsg-backup" 
    ...
    backup_policies = [
      {
        policy_name = "policy-filesh"
        timezone = "UTC"
        backup_frequency = "Daily"
        backup_time = "00:00"
        retention_daily_count = 30
      }
    ]
    fileshares = [
      {
        storage_account_name = "xxxbpcmpcga"
        source_file_share_name = "data"
        resource_group_name = "rsg-commonsa"
        policy_name = "policy-filesh"
      },
      {
        storage_account_name = "xxxbpcmpcgl"
        source_file_share_name = "data"
        resource_group_name = "rsg-commonsa"
        policy_name = "policy-filesh"
      }
    ]
   ..
  }]

型

Azure

来源：https://stackoverflow.com/questions/77393228/azure-terraform-error-registering-backup-protection-container-for-azure-storage

1条答案

按热度按时间

smdncfj31#

我尝试为Azure存储帐户和文件共享注册备份保护容器，我能够成功配置要求。
您遇到的错误BMSUserErrorContainerIsAssociatedWithAnotherVault表示您尝试向Azure Recovery Services保管库注册的存储容器已与其他保管库关联。这是重用以前与其他保管库关联的存储帐户或容器时的常见问题。
当我尝试将新的恢复服务保险库与已经与另一个保险库关联的存储容器链接时，我遇到了您提到的相同问题。

的数据
在Azure中，存储帐户容器一次只能与一个Recovery Services保管库关联。如果您尝试将其与新保管库关联，而没有先将其与现有保管库解除关联，则会遇到此错误

我的Terraform配置：

provider "azurerm" {
    features {}
}

data "azurerm_resource_group" "example" {
  name     = "demorg-vk"
}

resource "azurerm_recovery_services_vault" "example" {
  name                = "vksb-recovery-vault"
  location            = data.azurerm_resource_group.example.location
  resource_group_name = data.azurerm_resource_group.example.name
  sku                 = "Standard"
}

resource "azurerm_backup_policy_file_share" "example" {
  name                = "vksb-backup-policy"
  resource_group_name = data.azurerm_resource_group.example.name
  recovery_vault_name = azurerm_recovery_services_vault.example.name

  backup {
    frequency = "Daily"
    time      = "23:00"
  }

  retention_daily {
    count = 10
  }
}

# Create storage accounts
resource "azurerm_storage_account" "example" {
  for_each = { for sa in var.storage_accounts : sa.name => sa }

  name                     = each.value.name
  resource_group_name      = data.azurerm_resource_group.example.name
  location                 = data.azurerm_resource_group.example.location
  account_tier             = each.value.tier
  account_replication_type = each.value.replication_type
}

# Create file shares with explicit dependency on storage accounts
resource "azurerm_storage_share" "example" {
  for_each = { for fs in var.file_shares : fs.name => fs }

  name                 = each.value.name
  storage_account_name = azurerm_storage_account.example[each.value.storage_account_name].name
  quota                = each.value.quota

  depends_on = [azurerm_storage_account.example]
}

# Register the storage accounts with the Recovery Services Vault
resource "azurerm_backup_container_storage_account" "example" {
  for_each = { for sa in var.storage_accounts : sa.name => sa }

  resource_group_name = azurerm_recovery_services_vault.example.resource_group_name
  recovery_vault_name = azurerm_recovery_services_vault.example.name
  storage_account_id  = azurerm_storage_account.example[each.key].id
}

# Protect the file shares with explicit dependency on storage shares
resource "azurerm_backup_protected_file_share" "example" {
  for_each = { for fs in var.file_shares : fs.name => fs }

  resource_group_name       = azurerm_recovery_services_vault.example.resource_group_name
  recovery_vault_name       = azurerm_recovery_services_vault.example.name
  source_storage_account_id = azurerm_storage_account.example[each.value.storage_account_name].id
  source_file_share_name    = each.value.name
  backup_policy_id          = azurerm_backup_policy_file_share.example.id

  depends_on = [azurerm_storage_share.example]
}

字符串

variable.tf：

variable "storage_accounts" {
  description = "List of storage accounts to create"
  type = list(object({
    name             = string
    tier             = string
    replication_type = string
  }))
}

variable "file_shares" {
  description = "List of file shares to create"
  type = list(object({
    name                = string
    storage_account_name = string
    quota               = number
  }))
}

型

terraform.tfvars：

storage_accounts = [
  {
    name             = "vksbstgacct1"
    tier             = "Standard"
    replication_type = "LRS"
  },
  {
    name             = "vksbstgacct2"
    tier             = "Standard"
    replication_type = "LRS"
  }
]

file_shares = [
  {
    name                = "vksb-file-share1"
    storage_account_name = "vksbstgacct1"
    quota               = 50
  },
  {
    name                = "vksb-file-share2"
    storage_account_name = "vksbstgacct2"
    quota               = 50
  }
]

型

输出：

的