Azure Automation for Azure VMs with PowerShell

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hi my name is Thomas Maurer I'm a program manager for Microsoft Azure at Microsoft and in this video we're going to have a look how you can run Powershell scripts or bash scripts against your Azure virtual machines as well as like orchestrate and schedule these so you can always be sure that you can do your automation job so stay tuned [Music] foreign [Music] welcome back so in this video we're going to have a look how you can run scripts or automation against your Azure virtual machines and actually schedule these scripts and make sure that you can use an identity to actually run against these to make sure that everything is secure so in this video let's have a look at what I have running in my Azure environment first and then we're going to use different tools and we're going to have a look at these and show you how you can actually run these scripts just using your Azure active directory identity and then have a look how we can actually take this now and making a recurring run book with Azure automation so here we are in the Azure portal and as you can see you have a couple of virtual machines running here and usually they have all like different probably logins and passwords like in the operating system as well so to understand what we can do is since all of these are Azure VMS they have the VM guest agent installed and that is used to communicate with the Azure backend to do like backups and make sure that they're consistent and do some automation tasks also when you like do some stuff like shutting down the VM in the portal and things like that but we can do some other cool things like reset your password or run a couple of scripts so let me show you that quickly in the portal but we will then use the command line because that's what we try to achieve later on so if you go to your Azure virtual machine and you have all your great options here if you scroll down what you have here is run command and if you hit run command it's a simple tool like it gives you a couple of options so you can do your own Powershell script that's what is what we're going to use in just a bit but then we also offer you a couple of like very uh commonly used things you might need like 2A for example and disable Windows updates for a while or to like enable PS remote thing to enable Windows updates to reset for example the RDP configuration and so on to make sure that like if you locked yourself out you can basically get back to your machine so we will run quickly an example here so a simple one is run ipconfig so if I just want to know the ipcon operation of this machine I can see here this is the command which is going to run again if you look at others here if you for example go to the RTP settings you say you see way more complex scripts here as well so we can just run the ipconfig one and this will take a while to actually complete and we'll actually go and and run that script it now goes and sends off these to the Azure control plane and from the Azure control plane it connects to the VM guest agent and runs that configuration and then brings back the output from that command so we just give it a second to complete and you can see here I get the the output of that script now again the great thing about this is you can run your own Powershell scripts so you could like basically run your own commands here or whatever you want to do with this machine um and by the way that also works with Linux machine so in that case you would just run a bash script against that machine or you can like run python or whatever you basically need on that machine as well um so let's have a look how that actually looks in the command line since we want to make this repeatable we need to have some code and for that I'm just going to open up the windows terminal here with Powershell and so let me quickly uh my nice this and just bring up this one here so what I can do here is let's I'm already logged in to my Azure Powershell right so I can do get AC VM and what I get here I get a list of my Azure VMS the ones you just uh saw before uh you can see here I have my for example my Azure my TT Azure um uh Vin vm01 we're gonna use that one as an example throughout the demos here but you can also have a couple of Linux machines as well and we could also leverage these you can see the resource Group and so on so there's a commandlet called invoke acvm run command and if we use that we can actually go and run this command as similar as we did in the portal but directly from Powershell again there's also something for the Azure CLI and if you're using the CLI or Powershell in Cloud shell that works absolutely a fine too there so um let's go and um find that command now you can see here by the way if you're asking what this is this is Powershell predictive intellisense with the AC predictor module now what that does is it basically looks at my history of what run commands and it also looks at documentation and basically suggests commands to me and gives me examples so if you want to watch a video about this go to my YouTube channel you will find that video um and it really is really super helpful as you can see because now I can just go and see hey there's an invoke acvm run command let's go there and you can see here it gives me an example so it shows me the command itself it says okay I need to add a resource Group I need to add a VM name and then I need to run like the script and if the script path so I can just hit like for example now alt a and so I go to the resource Group name and then type the resource Group so this is azure VMS RG then I can hit alt a again and then I go to the VM name and here this is TT Azure win vm01 and then I can go and hit alt a again and basically say hey what script do I want to run I have already a script prepared it's called my script so if we want to have a look at that how that what what's it actually doing it's a very simple script so if I open up visual studio code here it's just running a get service so if I go back here um I if I now run that you will see again this will take a couple of minutes but basically it's doing absolutely the same thing we just saw in the portal but it uses a um a Powershell script to do um that from the command line and voila this is the output we are getting so we get all the services running on that machine as the output so we can now leverage that and I just use Azure ad right if I have a contribute rights to that machine I can basically use run command to do so so now if we want to do some more complex things and actually schedule some tasks so I can go back to the Azure portal and here I'm going to use a service called automation Azure Automation and basically what I did already I created an automation account and Azure automation is really powerful and it can do a couple of different things um but one thing we're going to look at is the capabilities of running run books and run books are nothing else than um basically a Powershell or python script you can run so for example if you're going to create one let's do a sample zero one here I can choose what runtime I want to use in this case I'm going to use Powershell but you see here also options for Python and on other Powershell options but let's go for a Powershell here I can then choose which Powershell version I want to run I could do 7.1 and get the latest and greatest and then I could just create that and this creates now a way for me to basically enter a script here and I can write that and like say hey get acvm and I could automate that I can then save it uh and then publish it and then basically use it now where does that run so that runs on some Azure work notes I don't need to care about these these are just like spinning up temporarily for me in Azure so whenever I run this it will just use one of these Azure nodes uh and basically run that script uh I can also use my own worker notes if I want to that's then called hybrid workers as well and that allows it to run in my own VMS so I could run something inside my network as well right so if I need to like run it in in a VMware I need to access through the network and want to automate other VMS other other servers I can do that too so I already prepared here a run book called Azure VM script run book and you can see it's at the moment in edit uh you can see here also it did some runs here before but let's have a look at the script itself um and this is now important and I will talk about that just what we're doing here so ignore the first part here right like let's let's just go into the second part so what I want to do is I want to create a folder um on my C drive right that that's what I want to do and then I want to run that against my Azure VMS now for invoke the acvm command to work we actually need the VM needs to be running and in this case because we're using Powershell I want to run it only against Windows systems now again you could do the same thing on run scripts against Linux VMS as well I mean if they have Powershell installed you could also do that so that is what I want to do I also provide some output I will get out the Azure VMS here and then here's the magic so I want to give it for each so it runs against all my Azure VMS it runs that invoke acvm command and as you can see here at the end I've just used that script code which I defined up here now in many cases your script code there is probably way more um uh sophisticated than just the single command but in some cases absolutely fair to just like have this single command the other part here is now okay um with what credentials is that script running right because as I told you you need to have contributor rights to the VMS you want to run this script against otherwise you don't have access especially because you're running not on your own systems so that's the great part here we can use a managed identity so I have this command which locks in Azure Powershell and with the dash identity parameter you can basically use a system account like a managed system identity so we're going to have a look how that looks like so if we go back here to the automation account and scroll the way down to Identity what you need to do is you need to turn on um this identity and then you can do some role assignments so what I have done here I gave contributor rights on this specific Resource Group so you could basically do role assignments like for subscriptions as well for resources but in this case I just basically said hey you have access to everything or contributor rights to everything in that specific Resource Group so now this managed identity so whenever that likes automation account runs a script and we use that identity then we can basically leverage whatever permissions we have there so if I would do a get acvm in that run book which I'm doing I only get the VMS in that specific Resource Group so no need to like store any passwords or credentials to do that if you need that for something else there's also ways to securely store your credentials in the automation account um or in in a keyboard and then get them out of there when the runbook runs so don't please don't store any credentials um in the script itself so let's go back to the Run book um and actually go and basically say yes we've edited that so since I probably run that before I will just add a 2 here so that it creates a another folder I hit save and then so if I'm working on this new version like if I update this I could now just hit save and work on it and keep on working um but then if I want to say okay now it's live that's like ready to use I hit the publish button and you can say you are getting information that the runbook is now live and over in the old one uh by the way um you also have git integration for Source control so you can like work with your um uh scripts uh actually or you run books and save them to a git repo um and and make sure that there is a nice repository of these run books and they have all the advantages of using git so let's start that um script and let's just run it so this we're going to start that run book and this obviously will take a while to run but so we go to output and we will it will now go to Azure worker here um and again if I hit refresh the First Command now like is my my comment you can see here I said hey please log in I'm using our managed identity and if I hit refresh again and I waited long enough I will get like the message that I'm actually successfully um have logged in using the managed identity you can now see I have now logged in with my managed identity and now it starts to run the script so um this is now the output I get because I have put that in my script that I see okay against which systems is this running so it only runs against VMS in that Resource Group because that's only where I have permissions then it checks the VM is running and then it checks that it actually is a Windows machine because in this this command like what I just wanted I just want to run against windows but again you can filter that the way you want and then it will run that and you can see here now it actually completed uh um that runbook and succeeded I don't have any errors so this is now I created a folder there and it makes it super easy to run this now I know now it works and now maybe I want to do this maybe not create a folder all the time but maybe restart the service or do anything like uh reset the registry or um key or remove a registry key over time so I can actually go and build a schedule so I hit link to schedule here and what I can do is Define a schedule so let's add a schedule here and say hey first days um I mean maybe you could be some uh maybe you are a little bit more descriptive than I am but you can then say hey when do we actually want to start so I say next Thursday and then I can actually go and set the time and I can make this a recurring uh event and say hey let's do that like every week and every first day we're going to do this um no expiration date set so I hit create and now I have that schedule now if I want to use the same runbook multiple times I also have the possibility to use parameters from the from that run book so when I schedule this I could basically say hey on the first days you have the following parameters or if you run the same thing um on Tuesdays you have different parameters right so I can actually go out and set this up and also a tier says again um this runs on Azure workers um if you have hybrid workers set up using Azure Arc then you can also run it on machines on premises for example so which is pretty cool to automate and orchestrate machines running on premises or even add other cloud provider so you can hit OK and now you link that schedule and now every first day basically goes out and runs that script and make sure that it's running so this is super easy way of automating your Azure VMS with using Azure Automation and schedule these run books and orchestrate them and run these scripts against Azure VMS and again if you're working with Azure Arc and you want to run these on premises or at other servers running at other Cloud providers you can do that too with using hybrid workers so I hope this video was helpful if you liked that video hit the like button subscribe to the channel and I hope to see you in the next one [Applause] thank you [Music]
Info
Channel: Thomas Maurer
Views: 10,441
Rating: undefined out of 5
Keywords: Mirosoft, Azure, Azure Automation, Automation, Cloud, Virtual Machine, VMs, PowerShell, Azure VM, IaaS
Id: rgOyxd-RhvM
Channel Id: undefined
Length: 18min 10sec (1090 seconds)
Published: Sun Oct 30 2022
Related Videos
Run PowerShell Scripts with Azure Automation Hybrid Workers on-premises using Azure Arc
Thomas Maurer
5.6K
Getting Started with Azure PowerShell
John Savill's Technical Training
36K
Azure Automation Tutorial | Automate PowerShell execution
Adam Marczak - Azure for Everyone
104K
USING AZURE MIGRATE SERVICE TO MIGRATE ON PREMISE PHYSICAL SERVER TO AN AZURE
AZURE CLOUD
949
How to run scripts in your Azure VM by using Run Command 🔧
Thomas Maurer
52K
Azure Automation and Managed Identities
Travis Roberts
17K
Powershell Runbooks | Azure Automation Powershell Tutorial
Roberts Dev Talk
6.8K
Azure Stack HCI – The Dell APEX Cloud Platform for Microsoft Azure
Thomas Maurer
2.2K
Manage Azure Arc-enabled Azure Stack HCI from Azure ☁️⚙️
Thomas Maurer
1.9K
Azure Automation Start Stop Vm help save YOU $$$ - Azure Automation #7
Azure Academy
12K
Automate on-premises Windows Server from the cloud using Azure Arc
ITOpsTalk
1.4K
Azure Automation Hybrid Worker with Azure Arc Enabled Server
Travis Roberts
6.4K
Ignite 2022 Azure Hybrid Cloud announcements recap
Thomas Maurer
609
Automate VMs with Azure Logic Apps | Auto-Start & Auto-Shutdown Made Easy!
vCloudBitsBytes
12K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.