ScyllaDB Documentation Logo Documentation
  • Server
    • ScyllaDB Open Source
    • ScyllaDB Enterprise
    • ScyllaDB Alternator
  • Cloud
  • Tools
    • ScyllaDB Manager
    • ScyllaDB Monitoring Stack
    • ScyllaDB Operator
  • Drivers
    • CQL Drivers
    • DynamoDB Drivers
Download
Menu

Caution

You're viewing documentation for a previous version of Scylla Manager. Switch to the latest stable version.

Scylla Manager Backup Setup Azure Blob Storage

Setup Azure Blob Storage¶

  • Create a container

  • Grant access

    • IAM role

    • Config file

  • Troubleshoot connectivity

To use Azure Blob Storage as your backup location you need a storage account, a container, and authentication setup.

Create a container¶

Go to Azure Portal and create a new container within your storage account. This container should be only used for storing Scylla Manager backups. If your cluster is deployed in multiple regions create a storage account and container per region. You may decide to backup only a single datacenter to save on costs, in that case create only one storage account and container in a region you want to backup.

Grant access¶

This procedure is required so that Scylla Manager can access your containers.

Choose how you want to configure access to the container. You can use an IAM role (recommended) or you can add storage account credentials (account/key) to the Scylla Manager Agent configuration file. The latter method is not recommended because you are placing the security information directly on each node, which is much less secure than the IAM role method. In addition, if you need to change the key, you will have to replace it on every node.

IAM role¶

Portal Procedure

Procedure for configuring IAM role access over web UI:

  1. Create custom IAM role for the storage account which adheres to your company security policy.

  2. Assign the custom IAM role to each virtual machine instance (node) in the cluster.

Sample role JSON definition scoped to the ScyllaManagerBackup resource group:

{
  "properties": {
    "roleName": "Scylla Backup Storage Contributor",
    "description": "Contributor access to the blob service for Scylla cluster backups",
    "assignableScopes": [
      "/subscriptions/<subscription_uuid>/resourceGroups/ScyllaManagerBackup"
    ],
    "permissions": [
      {
        "actions": [
          "Microsoft.Storage/storageAccounts/blobServices/containers/delete",
          "Microsoft.Storage/storageAccounts/blobServices/containers/read",
          "Microsoft.Storage/storageAccounts/blobServices/containers/write",
          "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action"
        ],
        "notActions": [],
        "dataActions": [
          "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
          "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
          "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
          "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
          "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action"
        ],
        "notDataActions": []
      }
    ]
  }
}

You can use permissions from the provided sample but make sure to set proper value for assignableScopes field because that is specific to your environment.

Config file¶

Note that this procedure needs to be repeated for each Scylla node.

Procedure

Edit the /etc/scylla-manager-agent/scylla-manager-agent.yaml

  1. Uncomment the azure: line, for parameters note the two spaces in front, it’s a yaml file.

  2. Uncomment and set account: line under azure:. This field must always be set to the name of the storage account that backup container lives under.

  3. Optionally uncomment and set key: line under azure: if you are using account/key based access. If you are using role based access keep this line commented.

  4. Validate that the manager has access to the backup location. If there is no response, the container is accessible. If not, you will see an error.

    scylla-manager-agent check-location --location azure:<blob storage container name>
    

Troubleshoot connectivity¶

To troubleshoot Scylla node to bucket connectivity issues you can run:

scylla-manager-agent check-location --debug --location azure:<blob storage container name>
PREVIOUS
Setup Google Cloud Storage
NEXT
Examples
  • 2.5
    • master
    • 3.0
    • 2.6
    • 2.5
    • 2.4
    • 2.3
    • 2.2
  • Docker
  • Install Scylla Manager
  • Install Scylla Manager Agent
  • Add a Cluster
  • Backup
    • Setup AWS S3
    • Setup S3 compatible storage
    • Setup Google Cloud Storage
    • Setup Azure Blob Storage
    • Examples
    • Specification
  • Restore
    • Download files command
  • Repair
    • Repair faster
    • Repair slower
    • Examples
  • Health Check
  • CLI sctool
    • Global flags and variables
    • Cluster
    • Backup
    • Repair
    • Status
    • Suspend & Resume
    • Task
    • Version
  • Configuration Files
    • Scylla Manager Config
    • Scylla Manager Agent Config
  • Swagger File
  • Scylla Monitoring
  • Troubleshooting
  • Older Versions
  • Slack
  • Create an issue
  • Edit this page

On this page

  • Setup Azure Blob Storage
    • Create a container
    • Grant access
      • IAM role
      • Config file
    • Troubleshoot connectivity
Logo
Docs Contact Us About Us
Mail List Icon Slack Icon Forum Icon
© 2023, ScyllaDB. All rights reserved.
Last updated on 15 February 2023.
Powered by Sphinx 4.3.2 & ScyllaDB Theme 1.3.4