Manage updates and configuration with Azure Automation

Pass Go

Runbooks

If you look closely at the VM, you will find the Auto-shutdown option in the Operations section. This feature is also available when creating a new VM in the management window and helps newcomers in particular avoid unnecessary costs by shutting down VMs after 6pm, for example. The feature automatically takes advantage of process automation in Azure. Shutdown notifications are supported by web hooks or email.

A simple configuration option for automatically starting VMs is not available, although you can remedy this by using a runbook in Azure Automation in combination with a suitable schedule. To do so, go to the Process Automation section in your Automation account, then to Runbooks . When you get there, click Create Runbook . If you have ever dealt with PowerShell runbooks, or even Power Automate on the Microsoft Power Platform, you will feel at home here. Azure supports PowerShell, PowerShell Workflow, PowerShell (graphical), and Python runbooks.

If you don't want to start from scratch, Microsoft offers access to an extensive catalog of ready-to-run runbooks (under Browse from Gallery ) from which you can draw inspiration. For example, the Stop-Start-AzureVM (Scheduled VM Shutdown/Startup) PowerShell workflow runbook connects to Microsoft Azure with Automation credentials and starts or stops a VM, a list of VMs, or all VMs in a subscription in parallel.

After clicking Select , the runbook appears in the Runbook editor with the Runbooks | All node. You can test the runbook by selecting Test then specifying your Azure SubscriptionID, VM, or list of desired VMs and the desired action (Start/Stop) as string parameters. Start then initiates the test run (Figure 5). However, you must first set the credentials under which the runbook will run in Azure Automation in the Shared Resources | Credentials section. This means you don't have to embed credentials in the source code.

Figure 5: Successful test run of a PowerShell runbook.

Now you should be able to test the PowerShell workflow runbook for automatic VM start/stop, because the credentials are only referenced in the code:

$credential = Get-AutomationPSCredential -Name 'democred1' Login-AzureRmAccount -Credential $credential

Of course, PowerShell runbooks offer more flexibility. For example, you can search for the PowerShell Stop/Start all or only tagged Azure VMs runbook in the Runbook Catalog, import it, and store it under a name of your choice. The runbook is even compatible with PowerShell Core and connects with an Azure Run As account. It retrieves the power status of the VMs (started, stopped, de-allocated) and switches the runners off and the non-runners on. The VMs in question can even have a tag for this.

As an alternative to the credentials used previously, you now also need to create a Run As account under the Account Settings section to be able to use it for authentication in the runbook. The Run As account then has its own application ID and a fingerprint, and the Run As connection appears in Shared Resources | Connections . Listing 1 shows how to use a service principal to manage the authentication of the runbook.

Listing 1

Authenticating the Runbook

01 try
02 {
03       # Ensures you do not inherit an AzContext in your runbook
04       $null = Disable-AzContextAutosave -Scope Process
05       $Conn = Get-AutomationConnection -Name AzureRunAsConnection
06       $null = Connect-AzAccount -ServicePrincipal -Tenant $Conn.TenantID -ApplicationId $Conn.ApplicationID -CertificateThumbprint $Conn.CertificateThumbprint
07       Write-Output "Successfully logged into Azure."

Again, you will want to test this runbook first. It expects an action (Start/Stop) and optionally the desired tag name and value as parameters. The script can be extended to suit your needs given appropriate PowerShell skills.

If the test is successful, you can then publish the runbook and use it. Finally, to automate the process, all you need to do is add the runbook to the schedule after publishing. In Azure Automation you can do this in the Shared resources | Schedules section by selecting Add a schedule . Of course, you can also start the runbook manually at any time and view the associated logs in the Logs tab if necessary.

Conclusions

All told, Azure Automation comprises several interacting toolsets. The service is very powerful and covers many aspects beyond the scope of this article. Other areas of automation include infrastructure provisioning or configuration management. Because a PowerShell or Python runbook can create or control almost any type of Azure resource, the sky is basically the limit.

The Author

Thomas Drilling has been a full-time freelance journalist and editor for science and IT magazines for more than 10 years. He and his team make contributions on the topics of open source, Linux, servers, IT administration, and Mac OS X. Drilling is also a book author and publisher; advises small and medium-sized enterprises as an IT consultant; and lectures on Linux, open source, and IT security.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus