Introduction to Azure Automation
Azure Automation: Runbooks
Azure Automation: Desired State Configuration (DSC)
Join Trevor Sullivan, a Microsoft MVP for Windows PowerShell, in this conceptual and practical course covering the Microsoft Azure Automation service! This course from Cloud Academy guides you through the fundamental concepts of Azure Automation, and offers live demonstrations for all of its major components, including cloud-based PowerShell Runbooks, and a cloud-hosted Pull Server for PowerShell Desired State Configuration (DSC)! Leave a comment on the course, get involved in the discussion, and tell us what you'd like to see more of!
The Microsoft Azure Automation service offers two key components, both of which are covered in depth, in this course:
- Runbook Automation - Execute PowerShell-based Runbooks securely in the cloud. Runbooks can be authored as PowerShell scripts, PowerShell Workflows, or as Graphical Runbooks, using an in-browser designer. Azure Automation provides an "asset store" that enables you to store supporting variables, credentials, schedules, and other resources, which can be referenced by Runbooks. Once you've created or imported an Azure Automation Runbook, you can invoke it directly from the Azure Portal, from the Azure Resource Manager (ARM) PowerShell module, or even from external services through the use of Webhooks!
- Automation Desired State Configuration (DSC) - Manage your cloud and on-premises Windows or Linux infrastructure using declarative configuration files that are hosted in the cloud! With Azure Automation DSC, there's no need to set up a PowerShell DSC Pull Server, which normally would require additional infrastrucutre, complex configuration, and ongoing maintenance! Simply create an Automation Account, upload your PowerShell DSC configurations and compile them into "node configuraitons" (MOF files)! After "onboarding" (registering) your managed nodes with Azure Automation, you can assign the node configurations to each node, and you're done! There isn't an easier way to get stared declaratively managing your nodes, than signing up for Azure Automation DSC.
After watching this Cloud Academy course, you'll be empowered to start automating tasks, using Windows PowerShell, in a cloud-first approach! You'll also be able to set up Azure Automation as a cloud-based PowerShell DSC Pull Server, making it incredibly easy to start managing your nodes using declarative PowerShell syntax. If you have any comments for this course, please leave a comment on the course, or e-mail firstname.lastname@example.org!
This course isn't intended to be a deep dive on authoring PowerShell scripts and PowerShell Desired State Configuration (DSC) documents, but keep an eye out for content surrounding these topics!
Hello, and welcome to Microsoft Azure Automation Runbooks. In this lecture, we're going to talk about Azure Automation architecture from a runbook perspective, how to author runbooks, revision control integration, and Hybrid Runbook Workers.
So first, let's define what is a runbook. A runbook is a PowerShell script or workflow that is securely executed in the cloud. Runbooks are executed on a runbook worker, which can either be hosted in the cloud or on-premises using Hybrid Runbook Workers. Runbooks are able to access assets that are securely stored inside of an Azure Automation account.
So how do you get a runbook? You can write them yourself, or you can import them directly from the Runbook Gallery, which is integrated with Microsoft Azure Automation.
How do you create your own runbooks? You can use several different types of authoring, including graphical authoring, PowerShell script and workflow authoring, or you can use the PowerShell ISE add-on for Microsoft Azure Automation. The PowerShell ISE add-on allows you to integrate the ISE experience with your Azure Automation account. You can create runbooks, create assets, and test your runbooks locally or in the cloud.
Let's take a look at the Azure Automation PowerShell ISE add-on. The ISE add-on allows you to create runbooks locally, test them, and then synchronize them with your Azure Automation account. You can also create and manage your assets, such as credential, variable, and connection assets. All you need to do to get started with the PowerShell ISE add-on is to install the module from the PowerShell Gallery. You do this using the Install Module command in PowerShell version 5.
Once you import the module, the Azure Automation ISE add-on will automatically appear inside of the PowerShell ISE. You'll need to sign in to the module to enable integration with your Azure subscription and your Automation accounts that are inside that subscription. Finally, after you sign into Azure, you'll be presented with a list of your Automation accounts. So you'll simply select it, and then you can begin working inside of the context of that Automation account.
Revision control is an important concept as you're writing Automation runbooks. You need to be able to keep track of changes to your code. In order to support this, Azure Automation provides integration with GitHub and eventually will support Visual Studio Team Services, which used to be called Visual Studio Online. By providing Git integration with these external services, you can track changes to your source code and see who changed the code, and what was changed and when it was changed.
Let's take a look at the Azure Automation architecture. At the top level, you have your Microsoft Azure subscription, inside your subscription you create a resource group, and then inside the resource group you create what's called an Automation account. The Automation account enables access to all of the Azure Automation features, including runbooks and Desired State Configuration. You create runbooks directly inside of your Automation account, and they can be PowerShell scripts, PowerShell Workflows, or they can be authored graphically. Runbooks that are inside the same Automation account are able to call each other.
You can integrate an external revision control system that we just talked about with the Automation account, and you'll be able to do bidirectional synchronization of Azure Automation runbooks. You can create variables, credentials, certificates, schedules, and connections inside of your Automation account. Collectively, these are called the asset store.
Runbooks inside the Automation account are able to access the assets located in the asset store so that you can make changes to your actual execution without changing your code. For example, you might want to execute a runbook against a particular subscription, and then later on change the subscription that that runbook operates against. To do that you would define a variable, and then simply reference that variable inside the runbook. When you execute a runbook, a runbook job is created on a runbook worker. By default, these runbook workers are managed for you inside of the Microsoft Azure platform.
You can also deploy an on-premises Hybrid Runbook Worker, and deploy runbook jobs to that Hybrid Runbook Worker. This enables you to perform Automation tasks against your on-premises infrastructure.
So what are Azure Automation assets? As we already discussed, variables enable you to store key value pairs securely inside your Automation account. These variables can then be referenced by your runbooks. Credentials are very similar to variables. However, they store the password securely so that it cannot be viewed by other users. Connection assets allow you to create connections to external services, such as the Microsoft Azure Resource Manager API. Certificates enable authentication through a certificate, and your runbooks can retrieve these certificates through a special command called "Get Automation Certificate". Finally, schedule assets allow you to set a schedule and associate that schedule with a runbook so that that runbook executes automatically on the schedule instead of having to manually invoke it.
Now, let's talk about webhooks. Webhooks allow you as a developer to integrate with external services. For example, if you're a developer and you push code up to GitHub, you can configure GitHub to call a webhook or a URL that invokes an Azure Automation runbook inside of your Automation account. Webhooks are created on a per runbook basis. Webhook URLs can only be viewed once, so make sure that you copy and paste the URL into the target service, such as GitHub, before you close the blade for the runbook. You can also set webhooks to expire at a specific date and time.
About the Author
Trevor Sullivan is a Microsoft MVP for Windows PowerShell, and enjoys working with cloud and automation technologies. As a strong, vocal veteran of the Microsoft-centric IT field since 2004, Trevor has developed open source projects, provided significant amounts of product feedback, authored a large variety of training resources, and presented at IT functions including worldwide user groups and conferences.