Protect Production on GCP — Old School

Technology has changed drastically & people adopted kubernetes & microservices architecture, However there are lot application that still work on VM instances. We look safe guard ourselft with the protection once environment has been created. Below is our plan at GCP

Scheduled Snapshot based backup

Enable Delete protection

Automated below script will do it in mater of seconds. Production issue can occur any point in time.

#!/bin/bash
for scopesInfo in $(
gcloud compute instances list --filter="name!~gke" \
--format="csv[no-heading](name,zone)")
do
IFS=',' read -r -a scopesInfoArray<<< "$scopesInfo"
NAME="${scopesInfoArray[0]}"
ZONE="${scopesInfoArray[1]}"
echo "NAME: $NAME, ZONE: $ZONE"
echo ""
gcloud compute instances update --deletion-protection --zone $ZONE $NAME
done

Create disk snapshot

We will do this in two phases. First will create schedule & then we will attache same to the disks. We also need to perform few steps for the windows machine.

Create Schedule

This pattern of schedule works for both windows & Linux environment, however for windows backup next schedule can provide consistant backup.

gcloud compute resource-policies create snapshot-schedule my-weekly-backup \
--description "MY WEEKLY SNAPSHOT SCHEDULE by Nirav" \
--max-retention-days 10 \
--start-time 22:00 \
--weekly-schedule thursday \
--region asia-south1 \
--on-source-disk-delete keep-auto-snapshots \
--snapshot-labels env=prod,media=images \
--storage-location ASIA-SOUTH1

Create Schedule for Windows

Windows disk can be backed up with VSS Command. Additional switch guest-flush will ensure the consistancy

gcloud compute resource-policies create snapshot-schedule my-weekly-backup-windows \
--description "MY WEEKLY SNAPSHOT SCHEDULE by Nirav" \
--max-retention-days 10 \
--start-time 22:00 \
--weekly-schedule thursday \
--region asia-south1 \
--on-source-disk-delete keep-auto-snapshots \
--guest-flush \
--snapshot-labels env=prod,media=images \
--storage-location ASIA-SOUTH1

Attach Policy to the disk

Below script attaches policy to all non-gke & non windows disk.

#!/bin/bash
for scopesInfo in $(
gcloud compute disks list --filter="name!~gke" \
--filter='licenses!~.*windows.*' \
--format="csv[no-heading](name,zone)")
do
IFS=',' read -r -a scopesInfoArray<<< "$scopesInfo"
NAME="${scopesInfoArray[0]}"
ZONE="${scopesInfoArray[1]}"
echo "DISK NAME: $NAME, ZONE: $ZONE"
echo ""
gcloud compute disks add-resource-policies --resource-policies my-weekly-backup --zone $ZONE $NAME
done

Attach Windows Policy to the disk

Below script attaches policy to all non-gke & only windows disk.

#!/bin/bash
for scopesInfo in $(
gcloud compute disks list --filter="name!~gke" \
--filter='licenses=~.*windows.*' \
--format="csv[no-heading](name,zone)")
do
IFS=',' read -r -a scopesInfoArray<<< "$scopesInfo"
NAME="${scopesInfoArray[0]}"
ZONE="${scopesInfoArray[1]}"
echo "DISK NAME: $NAME, ZONE: $ZONE"
echo ""
gcloud compute disks add-resource-policies --resource-policies my-weekly-backup-windows --zone $ZONE $NAME
done

Create restore Script

Preparing Soon...

Reference:

Working as Cloud Architect & Software enthusiastic