I have an Azure Automation Run As account. When I run the following code (from step 5 of Azure online tutorial) on the runbook in Azure Portal, I get the error shown below. Question: What I may be missing here, and how can we resolve the issue?
runbook code:
# Ensures you do not inherit an AzContext in your runbook
Disable-AzContextAutosave –Scope Process
$Conn = Get-AutomationConnection -Name AzureRunAsConnection
Connect-AzAccount -ServicePrincipal -Tenant $Conn.TenantID `
-ApplicationId $Conn.ApplicationID -CertificateThumbprint $Conn.CertificateThumbprint
$AzureContext = Select-AzSubscription -SubscriptionId $Conn.SubscriptionID
Error:
Failed At line:4 char:1
+ Disable-AzContextAutosave –Scope Process
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cannot find the 'Disable-AzContextAutosave' command. If this command is defined as a workflow, ensure it is defined before the workflow that calls it. If it is a command intended to run directly within Windows PowerShell (or is not available on this system), place it in an InlineScript: 'InlineScript { Disable-AzContextAutosave }'
I'm assuming you havn't imported the Az.Accounts module into your automation account. Disable-AzContextAutosave, Connect-AzAccount and Select-AzSubscription are from this module.
Follow this guide to Import Az modules.
Related
I am currently busy to convert my Azure AD PowerShell scripts to Microsoft Graph PowerShell. I have already some scripts that I want to run within Azure Automation, but I try to figure out how to connect to Azure Automation.
With Azure AD PowerShell, I have a connected service account in Azure Automation. With Microsoft Graph PowerShell I'm trying to use a RunAs account within the Azure Automation Account with the following connection:
$Connection = Get-AutomationConnection -Name AzureRunAsConnection
# Get certificate from the automation account
$Certificate = Get-AutomationCertificate -Name AzureRunAsCertificate
# Connect to the Graph SDK endpoint using the automation account
Connect-MgGraph -ClientID $Connection.ApplicationId -TenantId $Connection.TenantId -CertificateThumbprint $Connection.CertificateThumbprint
When I run the RunBook to create the connection I get an error:
Connect-MgGraph: C:\Temp\os4k24vd.4cs\xxxxxxxxxxxxxxxxxxx.ps1:5
Line | 5 | Connect-MgGraph -ClientID $Connection.ApplicationId -TenantId $Connec …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Could not load file or assembly 'Newtonsoft.Json, Version=13.0.0.0,
| Culture=neutral, PublicKeyToken=xxxxxxx'. The system cannot | find the file specified.
I have the following module installed that is needed for Connect-MgGraph Microsoft.Graph.Authentication >> Runtime: 7.1 When I search on the error, it have something to do that .NET could not find the Json.NET library. But which module I'm missing in Azure Automation, or are there other ways to connect Microsoft Graph PowerShell with Azure Automation?
I hope you are using App only Access approach to connect the Azure Automation. if not refer MSDOC - App only Authentication
To get the Certificate and AppID you can use the below command let
#To get App Id
$AppId = Get-AutomationVariable -Name '<Your AppID>'
# Get TenentId
$TenantId = Get-AutomationVariable -Name '< your tenantId>'
# Get Certificate
$CertificateName = Get-AutomationCertificate -Name '<Your Certificate>'
#Connect the mgGraph
Connect-MgGraph -ClientID $AppId -TenantId $TenantId -CertificateName $CertificateName ## Or -CertificateThumbprint
Still, you are facing issue please give a try Automation Hybrid Runbook Worker for more flexibility.
The problem was not the first connect script, but the runtime version. After changing to PS 5.1 instead of 7.1 it all works. The Runbook now shows 'Welcome to Welcome To Microsoft Graph!'
$Connection = Get-AutomationConnection -Name AzureRunAsConnection
# Connect to the Graph SDK endpoint using the automation account
Connect-MgGraph -ClientID $Connection.ApplicationId -TenantId $Connection.TenantId -CertificateThumbprint $Connection.CertificateThumbprint
I have an Azure runbook where I am trying to deallocate VMs. When I run the runbook I get the error
Stop-AzureVM : No default subscription has been designated. Use Select-AzureSubscription -Default <subscriptionName> to
set the default subscription.
I have used the below in my script.
Add-AzureRmAccount
Select-AzureRMSubscription
After calling the select, it prints out
PSComputerName : localhost
PSSourceJobInstanceId :
Account :
Environment :
Subscription :
Tenant :
with the correct subscrption and tenant information so it seems the select is working correctly, but for some reason I still cannot use the Stop-AzureVM cmdlet.
Any ideas?
The command Stop-AzureVM is Azure Service Management PowerShell command. It just can be used to stop Azure classic VM. But the command Add-AzureRmAccount is Azure Resource Management PowerShell command. After running the command, we just can manage Azure Resource Management resources. For more details, please refer to here and here.
So with Azure ARM VM, please use the command Stop-AzureRmVM to stop it. Meanwhile, regarding how to stop Azure classic VM, please refer to the following steps
Create Azure Classic Run As Account
Script
$ConnectionAssetName = "AzureClassicRunAsConnection"
# Get the connection
$Conn = Get-AutomationConnection -Name $ConnectionAssetName
# Authenticate to Azure with certificate
$CertificateAssetName = $Conn.CertificateAssetName
$AzureCert = Get-AutomationCertificate -Name $CertificateAssetName
Set-AzureSubscription -SubscriptionName $Conn.SubscriptionName -SubscriptionId $Conn.SubscriptionID -Certificate $AzureCert
Select-AzureSubscription -SubscriptionId $Conn.SubscriptionID
#stop VM
Stop-AzureVM -ServiceName "ContosoService01" -Name "MyVM" -Force
Besides, regarding how to check if the VM is classic, please refer to the blog
Try Running the below :
Get-Module AzureRm.Profile -ListAvailable
This issue might occur when there is multiple instances of the module. If there are multiple instance remove the older modules and retain the new module.
To remove the old module : Uninstall-Module -Name AzureRm.Profile -RequiredVersion 4.6.0#(olderversion if you have any)
I am working on this official tutorial from MS Azure team to run a PowerShell Workflow runbook to start a VM. But when I start the following runbook (from step 6 of the tutorial), I get the error shown below. Question: What I may be missing, and how can we resolve the issue?
rinbook code:
workflow MyFirstRunbook-Workflow
{
# Ensures that you do not inherit an AzContext in your runbook
Disable-AzContextAutosave –Scope Process
$Conn = Get-AutomationConnection -Name AzureRunAsConnection
Connect-AzAccount -ServicePrincipal -Tenant $Conn.TenantID -ApplicationId $Conn.ApplicationID -CertificateThumbprint $Conn.CertificateThumbprint
$AzureContext = Get-AzSubscription -SubscriptionId $Conn.SubscriptionID
Start-AzVM -Name 'vm-cs-web01' -ResourceGroupName 'rg-cs-ansible1' -AzContext $AzureContext
}
Error:
Failed At line:11 char:1
+ Start-AzVM -Name 'vm-cs-web01' -ResourceGroupName 'rg-cs-ansible1' -A ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Cannot find the 'Start-AzVM' command. If this command is defined as a workflow, ensure it is defined before the workflow that calls it. If it is a command intended to run directly within Windows PowerShell (or is not available on this system), place it in an InlineScript: 'InlineScript { Start-AzVM }'
Start-AzVM is from the Az.Compute module, so you need to import this module into your Automation Account.
To import this module, go to Automation Account -> Modules -> Browse Gallery -> Search Az.Compute -> Import
If you want to have all Az.* modules imported, then you can just import the Az module from the gallery. To import this for your automation account, go to Automation Account -> Modules -> Browse Gallery -> Search Az -> Import.
I am deploying an ARM template from azure DevOps using Azure PowerShell as shown below.
This is subscription level deployment. I am getting below error.
The term 'Get-AzSubscription' is not recognized as the name of a
cmdlet, function, script file, or operable program. Check the spelling
of the name, or if a path was included, verify that the path is
correct and try again.
Install-Module -Name Az -AllowClobber -Scope CurrentUser
Import-Module Az
$context = Get-AzSubscription -SubscriptionId xxxxxxxx
Set-AzContext $context
New-azdeployment -Name "SKL" -Location westeurope -TemplateFile .\delegatedResourceManagement.json -TemplateParameterFile .\delegatedResourceManagement.parameters.json
Logs:
##[section]Starting: Azure PowerShell script: InlineScript
==============================================================================
Task : Azure PowerShell
Description : Run a PowerShell script within an Azure environment
Version : 3.153.0
Author : Microsoft Corporation
Help : https://learn.microsoft.com/azure/devops/pipelines/tasks/deploy/azure-powershell
==============================================================================
##[command]Import-Module -Name C:\Modules\azurerm_6.7.0\AzureRM\6.7.0\AzureRM.psd1 -Global
##[command]Clear-AzureRmContext -Scope Process
##[command]Disable-AzureRmContextAutosave -ErrorAction Stop
##[command]Add-AzureRMAccount -ServicePrincipal -Tenant *** -Credential System.Management.Automation.PSCredential -Environment AzureCloud #processScope
##[command] Select-AzureRMSubscription -SubscriptionId xxxxxxx -TenantId ***
##[command]& 'd:\a\_temp\xxxxxxd.ps1'
##[warning]User declined to install module (Az).
##[error]The specified module 'Az' was not loaded because no valid module file was found in any module directory.
##[command]Disconnect-AzureRmAccount -Scope Process -ErrorAction Stop
##[command]Clear-AzureRmContext -Scope Process -ErrorAction Stop
##[error]The term 'Get-AzSubscription' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
##[section]Finishing: Azure PowerShell script: InlineScript
You need to specify the task version: 4.* (Preview) or higher to use the Az powershell module:
Also there is an Azure resource group deployment to deploy ARM template easily:
looks like too much confusion among all az modules, MSFT have messed up az new/old modules and are conflicting with each other. az account show will list all modules with AZ CLI
az account show
Search apps and Features - Uninstall the old April 2018 Azure
Follow something like this link https://blog.atwork.at/post/The-new-Azure-PowerShell-Az-module
Then you won't have issue with
Get-AzSubscription ( after using Connect)
After consulting the Microsoft Support I am able to kick off a Docker container via Azure Automation with the following code:
$connection = Get-AutomationConnection -Name AzureRunAsConnection
$secpasswd = ConvertTo-SecureString "132asdf9asdf342" -AsPlainText -Force
$credentials = New-Object System.Management.Automation.PSCredential ("somecontainerregistry", $secpasswd)
Connect-AzureRmAccount -ServicePrincipal -Tenant $connection.TenantID -ApplicationId $connection.ApplicationID -CertificateThumbprint $connection.CertificateThumbprint
New-AzureRmContainerGroup -RegistryCredential $credentials -ResourceGroupName automation-rg -Name jjcontainer03 -Image somecontainerregistry.azurecr.io/etl-pipeline -OsType Linux -DnsNameLabel aci-etl-pipeline-01 -RestartPolicy Never -Command "scrapy crawl data"
This seems to work fine when I test the pane inside the Azure Automation Portal, but when I schedule it to run every hour, I only see that the Runbook job has been executed (at the correct time), without creating a new Azure instance. Should I remove the old instance every time or is there something else I am missing?
If you are specifying the script to create a container with a static name - such as the one in your case - it will not be recreated since AzureRM module detects that the said container group already exists. Try adding 'Remove-AzureRmContainerGroup ...' one line above the 'New-AzureRmContainerGroup ...'
You can use a new guid as the name of the container if you want a unique name.