Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/21bshwjt/azautomationrunbooks
PowerShell, Azure, Azure Automation RunBooks
https://github.com/21bshwjt/azautomationrunbooks
azure azure-devops powershell
Last synced: about 1 month ago
JSON representation
PowerShell, Azure, Azure Automation RunBooks
- Host: GitHub
- URL: https://github.com/21bshwjt/azautomationrunbooks
- Owner: 21bshwjt
- Created: 2023-04-06T05:44:09.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2023-12-09T16:30:36.000Z (about 1 year ago)
- Last Synced: 2023-12-09T17:28:29.029Z (about 1 year ago)
- Topics: azure, azure-devops, powershell
- Language: PowerShell
- Homepage:
- Size: 43.9 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Azure Automation Runbooks & Hybrid Workers
- Azure Automation Runbook is a nice way to automate the Azure & On-Prem environments. Now a days each organization is having hybrid mode. We can automate that using Azure Runbooks.
- Azure and on-prem VMs (**Windows & Linux**) can be added as Hybrid Workers.
- [*MSFT KB - Start a runbook in Azure Automation*](https://learn.microsoft.com/en-us/azure/automation/start-runbooks)
- [*MSFT KB - Automation Hybrid Runbook Worker overview*](https://learn.microsoft.com/en-us/azure/automation/automation-hybrid-runbook-worker)
- Supported RunBooks - **PowerShell** & **Python**.
## Use case
- **Automate Routine tasks on Azure & On-Prem**.
- **Schedule Jobs from a centralized location & run on multiple environments**.
- **Leverage Azure SSO**.
- **Streamlined Maintenance**.
- **Source Control**## Use case Example Flow & Enhancement
- Run a job (Runbook) on multiple On-Prem domains to get the Powered-off VMs (Hyper-V/V-Centers) reports in CSV format.
- Import those CSVs into an Azure Storage blob.
- Run another job (Runbook) & download all the CSVs & send those reports (CSVs) to the respective Team.
- Run single code from a single place on multiple domains.
- Send all CSVs using a single e-mail.
#### In this scenario, Azure Enterprise Application facilitates authentication to Azure, but Azure AD User-Managed Identity can also be utilized for achieving Azure Single Sign-On (SSO).
### Sample Code to upload the CSV into a Storage Blob
```powershell
#pwsh
# Get the Azure Automation connection object
$connection = Get-AutomationConnection -Name ""# Connect to Azure using the connection object
Try {
Connect-AzAccount -ServicePrincipal `
-Tenant $connection.TenantID `
-ApplicationId $connection.ApplicationID `
-CertificateThumbprint $connection.CertificateThumbprint | Out-Null
}
catch {
Write-Error -Message $_.Exception
throw $_.Exception
}
# Set the subscription context
Set-AzContext -SubscriptionId "" | Out-Null
# Define Variables
$storageAccountRG = ""
$storageAccountName = ""
$storageContainerName = ""
$localPath = ""# Select the right Azure Subscription
#Select-AzSubscription -SubscriptionId $SubscriptionId# Get Storage Account Key
$storageAccountKey = (Get-AzStorageAccountKey -ResourceGroupName $storageAccountRG -AccountName $storageAccountName).Value[0]# Set AzStorageContext
$destinationContext = New-AzStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $storageAccountKey# Generate SAS URI
$containerSASURI = New-AzStorageContainerSASToken -Context $destinationContext -ExpiryTime(get-date).AddSeconds(3600) -FullUri -Name $storageContainerName -Permission rw# Upload File using AzCopy
Write-Output "Uploading $Filename into $storageContainerName container"
azcopy copy $localPath $containerSASURI
```## Benefits of Azure Automation Account Hybrid workers
- Extended Automation Reach.
- Unified Management; Azure Automation facilitates the centralized management of resources, seamlessly integrating both cloud and on-premises environments.
- Efficient Resource Utilization.
- Enhanced Security and Compliance.
- Scalability and Flexibility.
- Streamlined Maintenance.
- **Schedule a single code for "n" number of On-Prem domains**.## Azure Automation Runbooks-Implementation
- Create an Azure Automation Account (Need to activate Contributor Role).
- Create a Service principle.
- Grant Contributor access on subscription/RG for that newly created SPI.
- Bind a certificate with that SPI.
- Import that certificate into the automation account.
- Create a SPI *connection* under Automation account.
- Create a PowerShell RunBook.
- **Test the below code from the Azure Automation account to test the Authentication/Azure SSO**.
```powershell
# Azure DevOps# Get the Azure Automation connection object
$connection = Get-AutomationConnection -Name ""# Connect to Azure using the connection object
Try {
Connect-AzAccount -ServicePrincipal `
-Tenant $connection.TenantID `
-ApplicationId $connection.ApplicationID `
-CertificateThumbprint $connection.CertificateThumbprint | Out-Null
}
catch {
Write-Error -Message $_.Exception
throw $_.Exception
}Set-AzContext -SubscriptionId ""
Get-AzVM -ResourceGroupName "" | Select-object name
```
### Test the below code from Windows VM/Hybrid Worker to test the Authentication/Azure SSO.
```powershell
# Need to import the same certificate(.pfx) into the computer store.
$ThumbPrint = (Get-ChildItem "Cert:\LocalMachine\my" | Where-Object { $_.Subject -eq "CN=" }).Thumbprint
$AppID = "***************************"
$TenantId = "*****************************"Connect-AzAccount -CertificateThumbprint $ThumbPrint -ApplicationId $AppID -Tenant $TenantId -ServicePrincipal
Set-AzContext -SubscriptionId "***************************"
```