As I’ve started digging deeper into using Azure the need to automate tasks (turn off all VMs, turn on all VMs, automatically resize all VMs, etc…) has becomes very apparent. In April 2014 Microsoft announced the release of Microsoft Azure Automation to handle such operations.
Activate Azure Automation
This new feature is still in beta but you can sign up your Windows Azure account to try the feature by going here:
https://account.windowsazure.com/PreviewFeatures?fid=automation
Once the Automation feature is enabled for your Azure account you will see it listed with all other available feature on your account.
Microsoft has some documentation on what to do next:
This link gives you a basic “Hello World” example, but thought I would take you through a more interesting example that I’m using to turn off all my VMs at a certain time. The high level steps are:
- Create an Automation Account
- Create a Management Certificate
- Upload the Management Certificate
- Create a Connection Asset
- Create a Credential Asset
- Upload a Runbook
- Schedule the Runbook
Create an Automation Account
- Log in to the Azure Management Portal.
- Navigate to the Automation feature on the side pane and select Create an Automation Account.
- I’m creating this automation to turn off and back on Azure VMs that I use for training classes so I’ll name my account appropriately.
Create a Management Certificate
Azure Automation authenticates to Microsoft Azure subscriptions using certificate-based authentication. There are several ways to create a new management certificate. I used Visual Studio’s makecert utility to create my certificate but if you don’t have Visual Studio there are other methods for creating a certificate.
- Launch the Visual Studio Command Prompt with Run as Administrator.
- Run the following command to produce the certificate:
makecert -sky exchange -r -n "CN=<CertificateName>" -pe -a sha1 -len 2048 -ss My "<CertificateName>.cer"
Microsoft Documentation on this command: http://msdn.microsoft.com/en-us/library/azure/gg551722.aspx
- Next you’ll need to export the private key and certificate from the Certificate Manager. You can launch this by typing certmgr.msc from your start menu.
- Once the Certificate Manager launches open the Personal and then Certificates folder.
- Right-click on the certificate that you created previously and select All Tasks and then Export.
- Let’s start by exporting the private key. In the Certificate Export Wizard select Yes, export the private key.
- Leave the default selection of Personal Information Exchange and then click Next.
- Provide a password to the private key. You will be required to type this in later in Azure.
- Name the private key and store it in a local drive for now. It will be imported into Azure later.
- Click Finish to execute the export.
- We still need to export the certificate file. Right-click on the certificate in the Certificate Manager again and select All Tasks and then Export.
- This time select No, do not export the private key.
- Keep the default selection of the format and then click Next.
- Name the certificate and store it in a local drive for now. It will be imported into Azure later.
Upload the Management Certificate
With the certificate now created we’re ready to upload it to Azure.
- Login to the Azure Management Portal.
- Navigate to the Setting page.
- Select Management Certificates from the Settings page.
- Then select Upload from the bottom of the page.
- Browse to the certificate file we created in the previous steps and select the Azure subscription you would like to apply it to. Click the check to upload the certificate.
Create a Connection Asset
The next step is to create a connection asset. Doing this allows you to easily pass in information about your Azure subscription into your scripts we will create later called runbooks.This also helps as information about your Azure subscription changes you only have to change it one place instead of all your runbooks.
- Go back to the Automation page in the Azure Management Portal.
- Click the arrow on the Automation account created earlier.
- Select Assets from the top of the account page.
- Then select Add Setting from the bottom of the Assets view.
- Select Add Connection.
- In the Configure connection page select Azure as the Connection Type and then provide a name for the connection. Click the arrow in the bottom right to move to the next configuration step.
- On the next page you must provide a name for the automation certificate name. You can use any name you want but you must remember this exact name for our next step so I’d recommend copying somewhere for later use.
- You’re also required to provide the Subscription ID that you wish to apply this connection to. You can find the Subscription id under the Settings page. Click the check to complete the connection asset.
Create a Credential Asset
Before we can create an automation to shutdown VMs automatically we have to add credentials. This is required to authenticate to the subscription that is hosting the virtual machine.
- Select Add Setting again.
- Select Add Credential.
- Chose Certificate for the Credential Type and ensure that you name the credential the exact same name you provided in the connection asset found in the last section of steps. Click the arrow to continue.
- Browse to and select the private key (.pfx) created earlier and then provide the password you entered when creating the private key. Click the check to complete the creation of the certificate asset.
Upload a Runbook
We are now ready to scheduling scripts like turning on and off VMs through runbooks.
There is are few lines of code that are used to connect a runbook to your Azure subscription through the certificate and connection assets we just created. To make this easier the Azure Automation team has consolidated this script into a runbook called Connect-Azure. There are many template runbooks available for you to download at the Azure Automation Script Center. The great thing about how runbooks work is you can call other runbooks from inside your code.
Let’s start by downloading and publishing the Connect-Azure runbook provided by the Micorosoft team to your Azure portal.
- Go to the script center and download the Connect-Azure runbook template.
- Select your automation account by clicking on the arrow next to the name of the account.
- Select Runbooks to import the Connect-Azure runbook.
- At the bottom of the page click Import and browse to the location you saved the Connect-Azure.ps1 file.
- On the Runbooks page click on the newly imported Connect-Azure runbook.
- Then click the Author tab and then select Publish on the bottom of the page. This makes this runbook ready to use. You’ll notice you can also test and even edit the script from inside the Azure Portal.
- With this fundamental runbook imported we can start creating our own. In my case I wish to turn off all the VMs that are part of a cloud service so I select Import to another runbook I’ve created to do this.
- If you would like you can download my PowerOffVM.ps1 I’m using for this demonstration and then Import it as shown below.
- **Note that the PowerShell script must be within a workflow to be consumed as an automation. I’m new to PowerShell so here’s the TechNet description of what a workflow is “A workflow is a sequence of programmed, connected steps that perform long-running tasks or require the coordination of multiple steps across multiple devices or managed nodes. The benefits of a workflow over a normal script include the ability to simultaneously perform an action against multiple devices and the ability to automatically recover from failures.”Here’s what the inside of my PowerShell Script looks like in case your curious:
<#
.SYNOPSIS
Automates the process of powering down all you Azure VMs in a particular cloud services
.NOTES
Author: Devin Knight
Last Updated: 6/16/2014
#>
workflow PowerOffVMs {
Param
(
# Optional parameter of type string.
# If you do not enter anything, the default value of Name
# will be MyCloudService
[parameter(Mandatory=$false)]
[String]$cloudSvcName = "MyCloudService",
[parameter(Mandatory=$false)]
[String]$vmName = "*"
)
# Select the subscription to use
Connect-Azure -AzureConnectionName "AzureAutomationConnection"
Select-AzureSubscription -SubscriptionName "AzureAutomationConnection"
# Turn off Virtual Machines
Stop-AzureVM -ServiceName $cloudSvcName -Name $vmName -Force
}
- You’ll notice that the name of the VM is being populated by a wildcard “*” to return back all VMs that are part of my cloud service. If you’re just finding this script and attempting to use it without Automation you do not need a workflow. You can simply run the following:
Stop-AzureVM -ServiceName "MyCloudService" -Name "*" -Force
- With the runbook imported you will see your runbook now available. Click on the arrow next to the name of the workflow
- Go to the Author page. You will find here you can do things like modify, test and publish the script. Select Publish to make this runbook available to schedule.
Schedule the Runbook
- Next click the Schedule page and select Link to a New Schedule
- Provide a name for the schedule then click the arrow in the bottom right to continue
- I need my VMs to power down everyday at 8:00 PM so I’ve configured the schedule to shut down daily at 20:00. Then click the check to complete the configuration of the schedule.
- This runbook has two parameters so you can type the values that should be used when executing on this schedule. I provided my cloud service that my VMs are located on and a ‘*’ as a wildcard to include all VMs in the cloud service.
Congratulations! You’ve just automated the powering down of all your Azure VMs in a cloud service. You can of course create another runbook for powering up all you VMs in the morning. If you’d like you can download my runbook called PowerOnVMs.ps1 for doing this.