Introduction to Azure Automation
Azure Automation: Runbooks
Azure Automation: Desired State Configuration (DSC)
During this demonstration, we'll install a Hybrid Runbook Worker, and connect it to an Azure Automation Account. This exciting scenario enables us to deploy PowerShell Runbooks, defined in our Azure Automation Account, to a Runbook Worker that is hosted in our on-premises data center! Hybrid Runbook Workers use the Microsoft Monitoring Agent (MMA) software, connected to a Microsoft Operations Management Suite (OMS) Workspace, to ultimately enable connectivity to the Azure Automation Account.
Hello. In this demonstration, we are going to configure a hybrid runbook worker so that we can execute Azure automation runbooks on premises.
First, I will go out to my resource group that contains my Azure automation account. Next, I'll select the automation account that's within the resource group. Under the automation account, I'll click on hybrid runbook worker groups. Because I don't have any hybrid runbook workers configured, I'll click the configure button to create one. Next, you'll be directed to go out to the Operations Management Suite, or OMS portal.
If you already have a workspace provisioned inside of the OMS portal, click on your user name and click on change workspace. Click on create a new workspace, and then give it a name. We'll also choose a region, in this case, we'll choose the west Europe region.
Now we've successfully created a new OMS workspace. Now, we need to create our hybrid runbook worker instance to OMS. The way that we do that is by installing the Microsoft management agent. Go under the OMS workspace settings and then we'll choose connected sources. Click the button to download the appropriate Windows agent for your system. In this case, I'm going to download the 64 bit Windows agent.
Next, we'll go ahead and run through the installation process for the Microsoft monitoring agent. You'll need to enter your Workspace ID and Workspace key. You can get those from the settings page. Go ahead and click next, and then just tell it to use Microsoft update to update the agent. Great. Now, we've successfully installed the Microsoft monitoring agent. Now, we'll go back to our OMS settings and ensure that it's been connected successfully.
As you can see on the Workspace homepage, we've successfully connected a data source. We also need to add the Azure automation solution, so let's click on add solutions. Uncheck all the solutions except for the automation solution. Now we've set up the Azure automation solution. As you can see, we've got additional configuration to perform, so click on configure. We need to select the Azure automation account to associate this workspace with. So, let's click on the save button because it's already been selected. Great.
So, now we can see that the CA automation account has been linked to this OMS workspace. Now what we've deployed the Azure automation solution, we need to configure the on premises system. In order to do that, we need to use PowerShell. As you can see, the link to configure the on premises machine takes you out to the documentation for Azure automation hybrid runbook workers. If you scroll down to the installing hybrid runbook workers section, you'll see the individual steps to install the runbook worker. Now, we've already done step one, which is to create the OMS workspace, and we have already done step number two, to add the automation solution to the workspace. We've also installed the Microsoft management and monitoring agent. So now, we need to go to step number four, where we use PowerShell to register the runbook worker.
As you can see, we need to run the add hybrid runbook worker command and pass in several parameters. So, let's go ahead and copy this code to change directory into the proper location. I'm going to switch over to my PowerShell integrated scripting editor, and we're going to go ahead and drill into this folder to find the module.
Okay. Now, we're in the hybrid registration folder. As you can see, there's a PSD1 file called Hybrid Registration. That represents the module itself, so we're going to call import module-name, and then specify the path, HybridRegistration.psd1.
Okay. Now, we've successfully imported the hybrid registration PowerShell module. Let's confirm that by running at GitModule. As you can see, the hybrid registration module shows up in the list of imported modules. Now, we need to actually register the runbook worker. Okay. Let's go ahead and call the add hybrid runbook worker command to register the runbook worker. We need to specify the URL key and group name. So let's go ahead and switch over to the automation account inside the Azure portal, and then we'll click on the keys.
As you can see, we can copy the URL and paste that in, and we can also grab the key from the portal, so the primary access key, and then finally the group name, which we'll just call Cloud Academy Group. Okay. Let's go ahead and hit F8 to actually register the runbook worker. Great. The registration command completed successfully, so let's go ahead and switch back over to the Azure portal to verify.
Although the portal hasn't updated yet, we can simply close and reopen the resource group in the automation account, and we should now see that we have a hybrid runbook worker group. After refreshing the Azure portal, you can now see that the hybrid worker groups is now one instead of zero. As you can see, the group name is Cloud Academy Group, and we have a single worker inside of that group. We can now deploy automation runbooks directly to that runbook worker. Let's go over to runbooks and then we'll click on one of our runbooks here, and because it's not published yet, we need to go ahead and publish it. Let's click the publish button and choose yes. So now, the runbook will be in a published state so that we can actually execute it, either in Azure or on a hybrid runbook worker. So click the start button, and then you'll get the option to either start it on Azure or start it on a hybrid runbook worker. You can choose the hybrid runbook worker group that you want to execute it on. Just click okay and the job will be submitted. The details of the job will open up in a job blade inside the Azure portal.
Now the Azure automation runbook job has completed, so let's click on the output button to see the results. As you can see in the output screen, we're actually getting back a list of resource groups. This matches the expected output from the runbook because we ran the Git Azure RM resource group command and simply spit out the names of the resource groups. As you can see here, it's a simple, two-line PowerShell script that authenticates to Azure, using an automation PS credential that's stored inside of the asset store in our Azure automation account. Following that is a Git Azure RM resource group command, and it simply spits out all the resource group names. To summarize, we've installed a custom hybrid runbook worker for our automation account by connecting it to our OMS workspace. Finally, we've executed a runbook against that hybrid runbook worker group.
About the Author
Trevor Sullivan is a Microsoft MVP for Windows PowerShell, and enjoys working with cloud and automation technologies. As a strong, vocal veteran of the Microsoft-centric IT field since 2004, Trevor has developed open source projects, provided significant amounts of product feedback, authored a large variety of training resources, and presented at IT functions including worldwide user groups and conferences.