I wrote a power-shell and it is running fine from the windows machine by PS editor. System prompt for my user name to authenticate before running this.
$subscription = "dev"
Connect-AzAccount -Subscription $subscription
$keyvaultname = "kv-dev"
Update-AzKeyVaultNetworkRuleSet -DefaultAction Allow -VaultName $keyvaultname
when I am running the same script in Azure pipelines (using PowerShell task) it is throwing following error. I removed the Connect-AzAccount.
Update-AzKeyVaultNetworkRuleSet' is not recognized as the name of a cmdlet, function,
script file, or operable program. Check the spelling of the name, or if a path was
included, verify that the path is correct and try again.
How can I run this from azure pipelines using Power Shell task.
To execute the Azure PowerShell commands in pipeline job to manage Azure resources, you should use the Azure PowerShell task instead of PowerShell task.
You need to set up an Azure Resource Manager service connection (ARM connection) for use on the Azure PowerShell task. This ARM connection is used as the authentication, and you should not directly set the authentication in the PowerShell scripts.
Related
I am looking to port production jobs into Azure automation. The goal would be to schedule maintenance from scripts held in a shared drive on all computers in that domain. Using Azure, I could use the Invoke-AzVMRunCommand cmdlet to accomplish this task. Powershell also natively supports running scripts remotely with the Invoke-Command cmdlet.
Is there any particular benefit in using one cmdlet as opposed to another? Invoke-Command assumes you have open communication with the target host, but that is a given in my case. Are there any other drawbacks to using Invoke-Command? What about Invoke-AzVMRunCommand?
From Azure portal if we want to run any powershell script inside an Azure VM, we use this Invoke-AzVMRunCommand cmdlet, there it will open the Powershell window to connect to the Azure VM from backend.
The Run Command option is recommended if you need to run scripts inside an Azure VM using the guest agent.
You can also run this command directly from Azure PowerShell, CLI and Cloud Shell as well.
Invoke-AzVMRunCommand -ResourceGroupName '<myResourceGroup>' -Name '<myVMName>' -CommandId 'RunPowerShellScript' -ScriptPath '<pathToScript>' -Parameter #{"arg1" = "var1";"arg2" = "var2"}
For Invoke-AzVMRunCommand cmdlet we need to pass the script in the -ScriptPath parameter, so the script file has to be in place from where cmdlet is being run. Wherever you are running the script you will need to have the script available there.
Limitation:
To Run this command the below permission is needed Microsoft.Compute/virtualMachines/runCommand/action .
The Virtual Machine Contributor role and higher levels will have this.
Whereas,
Invoke-command cmdlet is just used to invoke any RestAPI or an action using the PowerShell.
Refer this document to know about the Invoke command.
I need to start an Powershell Script on a Windows Virtual Machine on Azure using Azure Functions or Azure Logic App. So, I would like to know if this is possible und How can i do that
You need to create a Function app in powershell, e.g. using VS Code or Azure Portal.
Please follow the MS guide that describes how to create your first Function App using VS code: https://learn.microsoft.com/en-us/azure/azure-functions/functions-create-function-app-portal
In the ps code of the function app you need use the Invoke-AzVMRunCommand cmdlet to run a PowerShell script on an Azure VM. The cmdlet expects the script referenced in the -ScriptPath parameter to be local to where the cmdlet is being run.
Here is the the sample usage format:
Invoke-AzVMRunCommand -ResourceGroupName '<myResourceGroup>' -Name '<myVMName>' -CommandId 'RunPowerShellScript' -ScriptPath '<pathToScript>' -Parameter #{"arg1" = "var1";"arg2" = "var2"}
Note:
Listing the run commands or showing the details of a command requires the Microsoft.Compute/locations/runCommands/read permission on Subscription Level. The built-in Reader role and higher levels have this permission.
Running a command requires the Microsoft.Compute/virtualMachines/runCommand/action permission. The Virtual Machine Contributor role and higher levels have this permission.
You can use one of the built-in roles or create a custom role to use Run Command.
I have set up Azure Automation Runbook to run PowerShell which interacts with Sharepoint Online. I'm using 2 modules; Microsoft.Online.SharePoint.PowerShell and AzureAD. I have same versions in my local machine. Also I have specified credentials for Azure Automation, and those are the same credentials I run on my local machine. For some reason Azure Automation Runbook doesn't execute Set- Commands. If I run the script on my local machine Set-Commands are executed just fine.
$myCred = Get-AutomationPSCredential -Name 'test'
$adminSiteUrl = "https://mytenant-admin.sharepoint.com"
# Connect to SPOService
Connect-SPOService -Url $adminSiteUrl -Credential $myCred
Get-SPOSite -Identity https://mytenant-my.sharepoint.com | select sharingcapability
Set-SPOSite -Identity https://mytenant-my.sharepoint.com -SharingCapability ExternalUserSharingOnly
Get-SPOSite is executed and written in output, butSet-SPOSite doesn't do anything. I've set Sharepoint External sharing settings from Sharepoint Admin Center UI to Allow SharePoint shares to ExternalUserSharing only and OneDrive shares to disabled. Set-SPOSite should change OneDrive sharingcapability to ExternalUserSharing only but it doesn't.
Azure Automation doesn't throw any errors and completes the script successfully. I also tried Set-SPOUser cmdlet to modify Site's IsSiteCollectionAdmin -property from test user just to test whether it works or not. Once again it worked fine from my local machine but not on Azure Automation Runbook.
UPDATE: I tried to implement same script in Azure Function and it behaves exactly same as Azure Automation Runbook. I installed same modules as I'm using in Azure Automation, nothing more. And still no errors in output.
In Azure Power Shell within the Azure cmdlet module there is a cmdlet called "Get-AzureServiceAntimalwareConfig". I want to run the equivalent cmdlet but from the new PowerShell Az cmdlet module. How can I find the equivalent cmdlet for 'Az'? Do I need to install a cmdlet module that isn't already installed by default? I'm using Azure Cloud Shell.
It seems there is no equivalent command of Get-AzureServiceAntimalwareConfig in Az powershell module.
The command is used to get the antimalware configuration and monitoring configuration details associated with the Microsoft Antimalware extension for a cloud service. Cloud service is a classic(ASM) service, but the Az powershell module is for ARM.
There are several Runbooks examples in the Azure Runbook Gallery, such as:
Deploy a Windows Azure Web Site Pointing to a SQL Database and Storage Account
that use the following syntax with Get-Credential:
$credential = Get-Credential
which implies that the command should prompt for the credentials -- but this fails in a Runbook with the following message:
Get-Credential : Cannot process command because of one or more missing mandatory parameters: Credential.
The credentials that are desired here are for this purpose:
# Get credentials from user to setup administrator access to new SQL Azure Server
which then should get used in downstream cmdlet calls in the Runbook such as
$databaseServer = New-AzureSqlDatabaseServer -AdministratorLogin $credential.UserName `
-AdministratorLoginPassword $credential.GetNetworkCredential().Password -Location $Location
But because Get-Credential fails the downstream calls fail.
What I am doing wrong?
Why does a Runbook in the Gallery have statements that seem to be incompatible (prompt for Credentials) with allowable Runbook behaviors?
So with Azure Automation, you would create a credential asset (for example, named AzureAdmin) and then you would reference that in the runbook, to get those credentials:
$cred = Get-AutomationPSCredential -Name AzureAdmin
As for the reference script, I suppose, it was just added to the runbook gallery without any verification, so in reality its not Azure Automation friendly