terraform-provider-huaweicloud
terraform-provider-huaweicloud copied to clipboard
huaweicloud
Allow backup policies to be assigned to VMs via terraform | Cloud Backup and Recovery
Current Terraform Version
1.3.9
Use-cases
Current terraform provider allows to create backup vault and backup policy, but we cannot assigned those created policies to VMs, please enabled that.
Attempted Solutions
N/A, current terraform doesn't allow it.
Proposal
Enable terraform created resources to be automatically attached to one backup policy.
References
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_selection
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/backup_policy_vm
@marciobarbato You can use cbr_vault.resources to assigned to VMs https://registry.terraform.io/providers/huaweicloud/huaweicloud/latest/docs/resources/cbr_vault#resources
@niuzhenguo thank you for your suggestion, I managed to get backup vault associated to the VM. If I may ask something else on this topic, I'd like to dynamically assign vms to the vault, initially I thought of querying for tags, but couldn't find a way to query instances by tag. Can you please provide an example on that ?
@niuzhenguo thank you for your suggestion, I managed to get backup vault associated to the VM. If I may ask something else on this topic, I'd like to dynamically assign vms to the vault, initially I thought of querying for tags, but couldn't find a way to query instances by tag. Can you please provide an example on that ?
Can you do that on Console side. We don't have that support on Terraform as there's no API support for us.
Thanks @niuzhenguo, can we put a request as a desirable feature for the future ?
Thanks @niuzhenguo, can we put a request as a desirable feature for the future ?
Sure, you can create a request to CBR service, when they provide this feature, we can integrate to Terraform.
hi @niuzhenguo, looks like it's now supported via API https://support.huaweicloud.com/intl/en-us/api-ecs/en-us_topic_0094148850.html
If we can have this via terraform it would be great, quering ECS vms via tag and then attaching it to the vault.
I was thinking that you need to ask CBR to support this. But seems you can use ecs instance data source to list the instances and assign them to CBR vault resources.
https://registry.terraform.io/providers/huaweicloud/huaweicloud/latest/docs/data-sources/compute_instances but seems we don't have tags support here for now.
If you choose to use this way, it will only fetching the instances with your specified tags when you create CBR vault. The newly created instances with that tags will not automatically sync and added to CBR.
yea, that's not the ideal, ideal is: we deploy one vault and from that day we will keep creating new vms, those will need to be attached to the vault via terraform, either by tag or by a new specific resource like vm_vault_attach.
It would be fantastic if your team can work on something like that, if you need something from me as posting a request internally, please let me know :)
it's not possible to do that on Terraform side, needs Vault to support such feature, and we integrate it on TF, so needs to push Vault team to add this support.
@marciobarbato Seems we already supported this, pls try https://registry.terraform.io/providers/huaweicloud/huaweicloud/latest/docs/resources/cbr_vault#bind_rules
hey @niuzhenguo thanks for that ! we are testing it still but looks like it solves our issue, I will come back once we are able to fully test it ! thanks a lot !
@niuzhenguo sorry for the delay. We successfully tested the proposed and it works very well. However, I do believe it can be improved, if a backup vault has associated capacity almost at the size of vault it won't associate new servers. Ex: backup vault with 3 Tb size and auto_resize = true Associated at 2.9 Tb actual used size: 300 Gb if you try to associate a server with a disk of 250G it will not get automatically associated, however if you try via website it works as expected.
Hopefully we can address and fix it.