thierry/sql-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* added an enum for the backup behavior

Browse Source 
* straightened the backup action selection
This commit is contained in:
Thierry Schork
2025-03-19 16:49:06 +01:00
parent f478d2adea
commit 4b853a9030
1 changed files with 268 additions and 240 deletions
Download Patch File Download Diff File Expand all files Collapse all files

154
HCI - BAG symmetricDS/hci_bag_backup.ps1
View File

@@ -1,40 +1,58 @@
<#
.SYNOPSIS
Push a superset from prodDB to the BAG Azure managed sql instance
.DESCRIPTION enum backupBehavior{
This function will do those operations: Auto
- Check if the superset given is a snapshot or a database Force
Skip
}
<#
.SYNOPSIS
Push a superset from prodDB to the BAG Azure managed sql instance
.DESCRIPTION
This function will do those operations:
- Check if the superset given is a snapshot or a database
if it's a snapshot, the source database behind the snapshot is backed up if it's a snapshot, the source database behind the snapshot is backed up
- Authenticate to Azur using a service principal (with a certificate authentication) - Authenticate to Azur using a service principal (with a certificate authentication)
- Create a SAS tocken from Azure Blob Storage - Create a SAS tocken from Azure Blob Storage
- Refresh credentials on prodDB to access the storage account - Refresh credentials on prodDB to access the storage account
- Check if a blob of the superset we want to push is more than 1 day old - Check if a blob of the superset we want to push is more than 1 day old
- if no blob exists, force a backup - if no blob exists, force a backup
- if a blob exists but is aged of less than 1 full day, skip the backup - if a blob exists but is aged of less than 1 full day, skip the backup
- if a blob exists but is older than 1 full day, force a new backup - if a blob exists but is older than 1 full day, force a new backup
- Refresh the credential with the SAS token on the BAG managed sql instance - Refresh the credential with the SAS token on the BAG managed sql instance
- Drop the target database if it exists (we cannot restore over an existing db in managed instances) - Drop the target database if it exists (we cannot restore over an existing db in managed instances)
- Restore the backup in the cloud db - Restore the backup in the cloud db
- Create logins on the restored db for the login [sql-au_bag_apv] - Create logins on the restored db for the login [sql-au_bag_apv]
- Give db_datareader and EXECUTE permission on the restored db to [sql-au_bag_apv] - Give db_datareader and EXECUTE permission on the restored db to [sql-au_bag_apv]
.PARAMETERS .PARAMETERS
[string] $supersetToCopy [string] $supersetToCopy
The name of the superset to transfert. for exemple: product_superset The name of the superset to transfert. for exemple: product_superset
.EXAMPLES $backupAutoBehavior
push-superset -supersetToCopy Artikel_History_Superset auto = check age and skip if backup is less than 1 day old, $true to force backup, $false to skip backup
#> .EXAMPLES
function push-superset([string] $supersetToCopy){ push-superset -supersetToCopy Artikel_History_Superset
#>
function push-superset{
[CmdletBinding()]
param(
[Parameter(Mandatory=$true)]
[string] $supersetToCopy,
[Parameter(mandatory=$false)]
[backupBehavior] $backupAutoBehavior = [backupBehavior]::Auto
)
# Variables # Variables
$tenantId = "7844775a-a9cc-4c33-a5ae-36dcf6660f45" #Galenica $tenantId = "7844775a-a9cc-4c33-a5ae-36dcf6660f45" #Galenica
$clientId = "d28076dd-2108-4718-802e-cd3c35fd5505" #pcpl-BAGSpezListePrd-DBBackup $clientId = "d28076dd-2108-4718-802e-cd3c35fd5505" #pcpl-BAGSpezListePrd-DBBackup
$skipBackup = "auto" #auto = check age and skip if backup is less than 1 day old, $true to force skip backup, $false to force backup $skipBackup = $false
write-info "Starting push of $supersetToCopy to the cloud" Write-Information "Starting push of $supersetToCopy to the cloud"
##do not alter below ##do not alter below
$serverInstance = "SWMDATASQLPRD01.centralinfra.net" $serverInstance = "SWMDATASQLPRD01.centralinfra.net"
@@ -92,7 +110,7 @@ function push-superset([string] $supersetToCopy){
# Get the blob properties # Get the blob properties
$backupFile = "https://$storageAccountName.blob.core.windows.net/$containerName/$backupFileName" $backupFile = "https://$storageAccountName.blob.core.windows.net/$containerName/$backupFileName"
if($skipBackup -eq "auto") if($backupAutoBehavior -eq [backupBehavior]::Auto)
{ {
try{ try{
$blob = Get-AzStorageBlob -Container $containerName -Blob $backupFileName -Context $context $blob = Get-AzStorageBlob -Container $containerName -Blob $backupFileName -Context $context
@@ -122,22 +140,31 @@ function push-superset([string] $supersetToCopy){
} }
} }
} }
else{
if($backupAutoBehavior -eq [backupBehavior]::Force){
$skipBackup = $false
}
if($backupAutoBehavior -eq [backupBehavior]::Skip){
$skipBackup = $true
}
}
# Generate the SAS token # Generate the SAS token
$sasToken = New-AzStorageBlobSASToken -Context $context -Container $containerName -Blob $backupFileName -Permission $blobPermissions -ExpiryTime $expiryTime $sasToken = New-AzStorageBlobSASToken -Context $context -Container $containerName -Blob $backupFileName -Permission $blobPermissions -ExpiryTime $expiryTime
# Save token in db # Save token in db
$sqlQuery = " $sqlQuery = "
IF NOT EXISTS (SELECT * FROM sys.credentials WHERE name = 'https://$storageAccountName.blob.core.windows.net/$containerName') IF NOT EXISTS (SELECT * FROM sys.credentials WHERE name = 'https://$storageAccountName.blob.core.windows.net/$containerName')
BEGIN BEGIN
CREATE CREDENTIAL [https://$storageAccountName.blob.core.windows.net/$containerName] CREATE CREDENTIAL [https://$storageAccountName.blob.core.windows.net/$containerName]
WITH IDENTITY = 'SHARED ACCESS SIGNATURE', SECRET = '$sasToken'; WITH IDENTITY = 'SHARED ACCESS SIGNATURE', SECRET = '$sasToken';
END END
ELSE ELSE
BEGIN BEGIN
ALTER CREDENTIAL [https://$storageAccountName.blob.core.windows.net/$containerName] ALTER CREDENTIAL [https://$storageAccountName.blob.core.windows.net/$containerName]
WITH IDENTITY = 'SHARED ACCESS SIGNATURE', SECRET = '$sasToken'; WITH IDENTITY = 'SHARED ACCESS SIGNATURE', SECRET = '$sasToken';
END END
" "
Invoke-Sqlcmd -ServerInstance $serverInstance -Query $sqlQuery Invoke-Sqlcmd -ServerInstance $serverInstance -Query $sqlQuery
Write-Output "Credential refreshed on $serverInstance" Write-Output "Credential refreshed on $serverInstance"
@@ -145,9 +172,9 @@ END
#Back Up Database #Back Up Database
$url=$backupFile $url=$backupFile
$sqlQuery = " $sqlQuery = "
BACKUP DATABASE [$databaseName] BACKUP DATABASE [$databaseName]
TO URL = N'$url' TO URL = N'$url'
WITH FORMAT, MEDIANAME = 'SQLServerBackups', NAME = 'Full Backup of $databaseName'; WITH FORMAT, MEDIANAME = 'SQLServerBackups', NAME = 'Full Backup of $databaseName';
" "
if($false -eq $skipBackup){ if($false -eq $skipBackup){
Invoke-Sqlcmd -ServerInstance $serverInstance -Query $sqlQuery Invoke-Sqlcmd -ServerInstance $serverInstance -Query $sqlQuery
@@ -166,16 +193,16 @@ WITH FORMAT, MEDIANAME = 'SQLServerBackups', NAME = 'Full Backup of $databaseNam
#add sas token #add sas token
$sqlCred=" $sqlCred="
IF NOT EXISTS (SELECT * FROM sys.credentials WHERE name = 'https://$storageAccountName.blob.core.windows.net/$containerName') IF NOT EXISTS (SELECT * FROM sys.credentials WHERE name = 'https://$storageAccountName.blob.core.windows.net/$containerName')
BEGIN BEGIN
CREATE CREDENTIAL [https://$storageAccountName.blob.core.windows.net/$containerName] CREATE CREDENTIAL [https://$storageAccountName.blob.core.windows.net/$containerName]
WITH IDENTITY = 'SHARED ACCESS SIGNATURE', SECRET = '$sasToken'; WITH IDENTITY = 'SHARED ACCESS SIGNATURE', SECRET = '$sasToken';
END END
ELSE ELSE
BEGIN BEGIN
ALTER CREDENTIAL [https://$storageAccountName.blob.core.windows.net/$containerName] ALTER CREDENTIAL [https://$storageAccountName.blob.core.windows.net/$containerName]
WITH IDENTITY = 'SHARED ACCESS SIGNATURE', SECRET = '$sasToken'; WITH IDENTITY = 'SHARED ACCESS SIGNATURE', SECRET = '$sasToken';
END END
" "
Invoke-Sqlcmd -ServerInstance $MIInstance -Query $sqlCred -Credential $credentialMI Invoke-Sqlcmd -ServerInstance $MIInstance -Query $sqlCred -Credential $credentialMI
Write-Output "Credential refreshed on $MIInstance" Write-Output "Credential refreshed on $MIInstance"
@@ -183,38 +210,38 @@ END
#drop existing db #drop existing db
$sqlDrop=" $sqlDrop="
IF EXISTS( IF EXISTS(
SELECT 1 SELECT 1
FROM sys.databases d FROM sys.databases d
WHERE d.name ='$supersetToCopy' WHERE d.name ='$supersetToCopy'
) )
BEGIN BEGIN
DROP DATABASE $supersetToCopy; DROP DATABASE $supersetToCopy;
END END
" "
Invoke-Sqlcmd -ServerInstance $MIInstance -Query $sqlDrop -Credential $credentialMI Invoke-Sqlcmd -ServerInstance $MIInstance -Query $sqlDrop -Credential $credentialMI
Write-Output "Dropped existing $supersetToCopy db (if needed)" Write-Output "Dropped existing $supersetToCopy db (if needed)"
#restore superset #restore superset
$url=$backupFile $url=$backupFile
$sqlRestore=" $sqlRestore="
RESTORE DATABASE [$supersetToCopy] FROM URL = N'$url' RESTORE DATABASE [$supersetToCopy] FROM URL = N'$url'
" "
Invoke-Sqlcmd -ServerInstance $MIInstance -Query $sqlRestore -Credential $credentialMI Invoke-Sqlcmd -ServerInstance $MIInstance -Query $sqlRestore -Credential $credentialMI
write-output "Restored $supersetToCopy" write-output "Restored $supersetToCopy"
#create user for sql-au_bag_apv #create user for sql-au_bag_apv
$sqlUser=" $sqlUser="
IF NOT EXISTS ( IF NOT EXISTS (
SELECT * SELECT *
FROM sys.database_principals s FROM sys.database_principals s
WHERE s.name='sql-au_bag_apv' WHERE s.name='sql-au_bag_apv'
) )
BEGIN BEGIN
CREATE USER [sql-au_bag_apv] FOR LOGIN [sql-au_bag_apv]; CREATE USER [sql-au_bag_apv] FOR LOGIN [sql-au_bag_apv];
END END
" "
Invoke-Sqlcmd -ServerInstance $MIInstance -Query $sqlUser -Credential $credentialMI -Database $supersetToCopy Invoke-Sqlcmd -ServerInstance $MIInstance -Query $sqlUser -Credential $credentialMI -Database $supersetToCopy
write-output "Created user for login [sql-au_bag_apv] in $supersetToCopy" write-output "Created user for login [sql-au_bag_apv] in $supersetToCopy"
@@ -222,20 +249,21 @@ END
#give db_datareader #give db_datareader
$sqlPerms=" $sqlPerms="
ALTER ROLE [db_datareader] ADD MEMBER [sql-au_bag_apv]; ALTER ROLE [db_datareader] ADD MEMBER [sql-au_bag_apv];
GRANT EXECUTE TO [sql-au_bag_apv]; GRANT EXECUTE TO [sql-au_bag_apv];
" "
Invoke-Sqlcmd -ServerInstance $MIInstance -Query $sqlPerms -Credential $credentialMI -Database $supersetToCopy Invoke-Sqlcmd -ServerInstance $MIInstance -Query $sqlPerms -Credential $credentialMI -Database $supersetToCopy
write-output "Added user [sql-au_bag_apv] with read and execute permissions to $supersetToCopy" write-output "Added user [sql-au_bag_apv] with read and execute permissions to $supersetToCopy"
} }
<# <#
backup product_superset__0 : 00:13:00 backup product_superset__0 : 00:13:00
restore product_superset : 00:05:40 restore product_superset : 00:05:40
#> #>
#push-superset -supersetToCopy sl2007_superset -backupAutoBehavior Auto
push-superset -supersetToCopy Artikel_History_Superset -backupAutoBehavior Auto
#push-superset -supersetToCopy product_superset -backupAutoBehavior Auto
#push-superset -supersetToCopy sl2007_superset
push-superset -supersetToCopy Artikel_History_Superset
#push-superset -supersetToCopy product_superset