Using azure automation to start (and stop) virtual machines

This week I was involved in a project where I was asked to create an Azure automation runbook to power up a set of virtual machines and then power them down. Although the script themselves are not really complicated (Start-AzureVM and Stop-AzureVM are easy commands !) there is some plumbing to do with the assets for automation and the certificate to import.

For my sake and the sake of my readers (that would be you !) here it goes :

image

Creating Azure automation

First of all you need an Azure subscription and add a certificate to it .

Finding your subscription certificates

is done by clicking on Subscriptions –> Manage subscriptions

SNAGHTML1df9d4fa

Or by navigating to :

https://manage.windowsazure.com/@<default_directory_name>#Workspaces/AdminTasks/SubscriptionMapping

You need to note the subscription id GUID : 7ffxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx

Click on management certificates and import a .cer file from a real or a self signed certificate.

How to create a self signed certificate

This is out of topic but anyway very useful so I include it here.

  1. Find a server running IIS
  2. Start Internet Information Services manager (inetmgr)
  3. Click Server certificate
  4. SNAGHTML1dff779a
  5. On the right pane chose Create self-signed certificate
  6. Choose a friendly and meaningful name i.e AutomationCertificate and click OK
  7. Now you need to create two files from this certificate : a .cer and a .pfx (with the private key)
  8. Once the certificate is created right click on it and choose View
  9. On the Details pane choose Copy to File
  10. SNAGHTML1e03016d
  11. Call it AutomationCertificate, keep all the default settings and save it. You should now have a AutomationCertificate.cer file.
  12. for making the .pfx file the repeat step 8 to 10 and then on the second step of the wizard choose to Export the Private key
  13. image
  14. Leave the Export file format settings as is :
  15. image
  16. Pick a password (that you can remember) and save the .pfx file next to the .cer file. You should now have an AutomationCertificate.pfx file

Create an Automation in Azure

Pick automation in the management portal, choose Automation and +Create in the bottom. Give it a meaningful name, choose a region and a subscription.

You should now have a new Azure Automation and ready to add assets and runbooks.

Adding the necessary Assets for the Runbooks

In order for the runbooks to run you will need 3 elements. These are created as Assets –-> Settings in the Automation

# Type Name
1 Credentials –> Certificate AutomationCredential
2 Connection BIAzure01
3 Module Azure

1- When adding the Certificate, you will be prompted to add a .pfx certificate file. Choose the certificate you created earlier.

image

2 – When creating the Connection you will need to add the certificate name and your subscription ID (GUID).

3 – The Module is created automatically when creating the automation

Once this is done you’re ready to add a runbook….

Adding a runbook

This is done by clicking on +New in the bottom left corner.

In my case I want to create a runbook to start up and stop VMs so I called it ManageVMs

image

Once it is created click on it and you are ready to edit it by clicking on Author.

SNAGHTML1e19e4cd

The runbook I am using here is freely inspired by the blog post written by Peter Selch Dahl.

The file can be downloaded from here

workflow ManageVMs
{
param(
    	# Start or Stop - default = stop
    	[Parameter(Mandatory = $true)] 
    	[string]$Action=&quot;Stop&quot;
	)


       $MyConnection = &quot;BIAzure01&quot;
       $MyCert = &quot;AutomationCredential&quot;
       $MySubscriptionName = &quot;&lt;Azure Subscription Name&gt;&quot;	

  
    # Get the Azure Automation Connection

    $Con = Get-AutomationConnection -Name $MyConnection
    if ($Con -eq $null)
    {
        Write-Output &quot;Connection entered: $MyConnection does not exist in the automation service. Please create one &quot;   
    }
    else
    {
        $SubscriptionID = $Con.SubscriptionID
        $ManagementCertificate = $Con.AutomationCertificateName
       
        Write-Output &quot;--------------------------&quot;
        Write-Output &quot;Connection Properties: &quot;
        Write-Output &quot;SubscriptionID: $SubscriptionID&quot;
        Write-Output &quot;Certificate setting name: $ManagementCertificate &quot;
    }   
  

    # Get Certificate &amp; print out its properties
    $Cert = Get-AutomationCertificate -Name $MyCert
    if ($Cert -eq $null)
    {
        Write-Output &quot;Certificate entered: $MyCert does not exist in the automation service. Please create one &quot;   
    }
    else
    {
        $Thumbprint = $Cert.Thumbprint
        
      #  Write-Output &quot;Certificate Properties: &quot;
      #  Write-Output &quot;Thumbprint: $Thumbprint&quot;
    }

        #Set and Select the Azure Subscription
        Set-AzureSubscription -SubscriptionName $MySubscriptionName -Certificate $Cert -SubscriptionId $SubscriptionID
        Select-AzureSubscription -SubscriptionName $MySubscriptionName 
Write-Output &quot;--------------------------&quot;
#Virtual Machines
$vmS = @()
$vmS += 'vm1'
#$vmS += 'vm2'
#$vmS += 'vm3'

#Action
if ($Action.ToUpper() -eq 'START') 
{ 
    foreach ($vm in $vmS) 
    { 
        Get-AzureVM -ServiceName $vm -Name $vm | Start-AzureVM
        Write-Output &quot;Started $vm&quot; 
    }
 }
else 
{ 
    foreach ($vm in $vmS) 
    { 
        Get-AzureVM -ServiceName $vm -Name $vm | Stop-AzureVM -Force
        Write-Output &quot;Stopped $vm&quot;
    } 
}

Write-Output &quot;--------------------------&quot;
 
}

The main point of interests in this script are :

Workflow name

Needs to be the same than the runbook name. Here : ManageVMs

Input parameter

Start or Stop (default)

Variables

$vmS : A String array to store all the Virtual Machines you need to start or stop. Here
$vmS += ‘VirtualMachine1’
$vmS += ‘VirtualMachine2’
$vmS += ‘VirtualMachine3’
$vmS += …

$MyConnection : The name of the connection you created in the assets.
$MyCert : The name of the management certificate from your subscription and the one you created as a credentials in the assets. Here : AutomationCredential
$MySubscriptionName : The name of your azure subscription

Once you’ve pasted this powershell with the right values for the variables you should be able to test it by clicking on Test. Then a dialog windows should appear where you can specify what action you want to perform (Start or Stop)

image

After a few minutes :

SNAGHTML1ed2d671

You should then be able to schedule this runbook to run with your input parameters.

Happy automation’ing  !!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: