This week I was involved in a project where I was asked to create an Azure automation runbook to power up a set of virtual machines and then power them down. Although the script themselves are not really complicated (Start-AzureVM and Stop-AzureVM are easy commands !) there is some plumbing to do with the assets for automation and the certificate to import.
For my sake and the sake of my readers (that would be you !) here it goes :
Creating Azure automation
First of all you need an Azure subscription and add a certificate to it .
Finding your subscription certificates
is done by clicking on Subscriptions –> Manage subscriptions
Or by navigating to :
https://manage.windowsazure.com/@<default_directory_name>#Workspaces/AdminTasks/SubscriptionMapping
You need to note the subscription id GUID : 7ffxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx
Click on management certificates and import a .cer file from a real or a self signed certificate.
How to create a self signed certificate
This is out of topic but anyway very useful so I include it here.
- Find a server running IIS
- Start Internet Information Services manager (inetmgr)
- Click Server certificate
- On the right pane chose Create self-signed certificate
- Choose a friendly and meaningful name i.e AutomationCertificate and click OK
- Now you need to create two files from this certificate : a .cer and a .pfx (with the private key)
- Once the certificate is created right click on it and choose View
- On the Details pane choose Copy to File
- Call it AutomationCertificate, keep all the default settings and save it. You should now have a AutomationCertificate.cer file.
- for making the .pfx file the repeat step 8 to 10 and then on the second step of the wizard choose to Export the Private key
- Leave the Export file format settings as is :
- Pick a password (that you can remember) and save the .pfx file next to the .cer file. You should now have an AutomationCertificate.pfx file
Create an Automation in Azure
Pick automation in the management portal, choose Automation and +Create in the bottom. Give it a meaningful name, choose a region and a subscription.
You should now have a new Azure Automation and ready to add assets and runbooks.
Adding the necessary Assets for the Runbooks
In order for the runbooks to run you will need 3 elements. These are created as Assets –-> Settings in the Automation
# | Type | Name |
1 | Credentials –> Certificate | AutomationCredential |
2 | Connection | BIAzure01 |
3 | Module | Azure |
1- When adding the Certificate, you will be prompted to add a .pfx certificate file. Choose the certificate you created earlier.
2 – When creating the Connection you will need to add the certificate name and your subscription ID (GUID).
3 – The Module is created automatically when creating the automation
Once this is done you’re ready to add a runbook….
Adding a runbook
This is done by clicking on +New in the bottom left corner.
In my case I want to create a runbook to start up and stop VMs so I called it ManageVMs
Once it is created click on it and you are ready to edit it by clicking on Author.
The runbook I am using here is freely inspired by the blog post written by Peter Selch Dahl.
The file can be downloaded from here
workflow ManageVMs { param( # Start or Stop - default = stop [Parameter(Mandatory = $true)] [string]$Action="Stop" ) $MyConnection = "BIAzure01" $MyCert = "AutomationCredential" $MySubscriptionName = "<Azure Subscription Name>" # Get the Azure Automation Connection $Con = Get-AutomationConnection -Name $MyConnection if ($Con -eq $null) { Write-Output "Connection entered: $MyConnection does not exist in the automation service. Please create one " } else { $SubscriptionID = $Con.SubscriptionID $ManagementCertificate = $Con.AutomationCertificateName Write-Output "--------------------------" Write-Output "Connection Properties: " Write-Output "SubscriptionID: $SubscriptionID" Write-Output "Certificate setting name: $ManagementCertificate " } # Get Certificate & print out its properties $Cert = Get-AutomationCertificate -Name $MyCert if ($Cert -eq $null) { Write-Output "Certificate entered: $MyCert does not exist in the automation service. Please create one " } else { $Thumbprint = $Cert.Thumbprint # Write-Output "Certificate Properties: " # Write-Output "Thumbprint: $Thumbprint" } #Set and Select the Azure Subscription Set-AzureSubscription -SubscriptionName $MySubscriptionName -Certificate $Cert -SubscriptionId $SubscriptionID Select-AzureSubscription -SubscriptionName $MySubscriptionName Write-Output "--------------------------" #Virtual Machines $vmS = @() $vmS += 'vm1' #$vmS += 'vm2' #$vmS += 'vm3' #Action if ($Action.ToUpper() -eq 'START') { foreach ($vm in $vmS) { Get-AzureVM -ServiceName $vm -Name $vm | Start-AzureVM Write-Output "Started $vm" } } else { foreach ($vm in $vmS) { Get-AzureVM -ServiceName $vm -Name $vm | Stop-AzureVM -Force Write-Output "Stopped $vm" } } Write-Output "--------------------------" }
The main point of interests in this script are :
Workflow name
Needs to be the same than the runbook name. Here : ManageVMs
Input parameter
Start or Stop (default)
Variables
$vmS : A String array to store all the Virtual Machines you need to start or stop. Here
$vmS += ‘VirtualMachine1’
$vmS += ‘VirtualMachine2’
$vmS += ‘VirtualMachine3’
$vmS += …
$MyConnection : The name of the connection you created in the assets.
$MyCert : The name of the management certificate from your subscription and the one you created as a credentials in the assets. Here : AutomationCredential
$MySubscriptionName : The name of your azure subscription
Once you’ve pasted this powershell with the right values for the variables you should be able to test it by clicking on Test. Then a dialog windows should appear where you can specify what action you want to perform (Start or Stop)
After a few minutes :
You should then be able to schedule this runbook to run with your input parameters.
Happy automation’ing !!