I am trying to create an Azure Automation workbook that queries a resource for some metrics, and does some scaling up/down based in that metric.
I have no idea how I can convert a PSMetricData to integer in order to do comparisons on it. My code at the moment is
$MonitorParameters = #{
ResourceId = "abcde....."
TimeGrain = [TimeSpan]::Parse("00:05:00")
MetricNames = "cpu_percent"
}
$MetricValues = Get-AzMetric #MonitorParameters -DetailedOutput
$Last = $MetricValues.Data[0]
Write-Output $Last
And my output is
Microsoft.Azure.Commands.Insights.OutputClasses.PSMetricValue
I am looking in general for something like:
"If the last 5 mins has a cpu_percentage > 70%", then scale up..
Just use Write-Output $Last.Average instead of Write-Output $Last, then you will get the specific value.
And you should note the newest value got from the command Get-AzMetric is before the last one hour, e.g. if now is 2:37:00 AM, then the newest one is 1:38:00 AM, you could not get the last 5 mins value, the TimeGrain = [TimeSpan]::Parse("00:05:00") just means get the value every five mins.
Update:
It should work, I create a new elastic pool and test it, it is 0.
My script in the runbook:
$connectionName = "AzureRunAsConnection"
try
{
# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
Connect-AzAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
$MonitorParameters = #{
ResourceId = "/subscriptions/xxxxx/resourceGroups/xxxx/providers/Microsoft.Sql/servers/joyserver1/elasticPools/joypool"
TimeGrain = [TimeSpan]::Parse("00:05:00")
MetricNames = "cpu_percent"
}
$MetricValues = Get-AzMetric #MonitorParameters -DetailedOutput
$Last = $MetricValues.Data[0]
Write-Output $Last
The issue is that I was creating a powershell workflow, not a native powershell script.
The script from #Joy Wang above now works as described
Related
I'm creating a Azure Automation runbook to generate a report on the patch status of the virtual machines under a management group.
The query used is as below
union Update , workspace('xxxx').Operation,workspace('yyyy').Operation
| where TimeGenerated > ago(10d)
| where Classification in ("Security Updates", "Critical Updates", "Critical and security updates") and ResourceType == "virtualMachines"
| summarize updates=makeset(Title) by Computer,Classification, UpdateState,Product, PublishedDate, MSRCSeverity
| order by UpdateState
$result = Invoke-AzOperationalInsightsQuery -WorkspaceId $WorkspaceID -Query $query
here I need to query log analytics workspace from different subscriptions under the same management group..
Run As Account has RBAC set to "Log Analytics Reader" at management group level.
But the query results is empty record set, Same query fetches records when its executed on the Log Analytics workspace directly.
Any guidance on what I'm missing here will be a great help.
Thank you
This command Invoke-AzOperationalInsightsQuery can just do operations against one subscription, so in your case, you need to use a loop to set the subscription with Set-AzContext -Subscription <subscription-id>, to get all the subscriptions your RunAs account can access, use Get-AzSubscription.
Sample:
$connectionName = "AzureRunAsConnection"
try
{
# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
"Logging in to Azure..."
Connect-AzAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
$query = "xxxxxx"
$subs = Get-AzSubscription
foreach($sub in $subs){
Set-AzContext -Subscription $sub.Id
#do the things you want e.g. $result = Invoke-AzOperationalInsightsQuery -WorkspaceId $WorkspaceID -Query $query
}
This is just a sample, to make it work, also remember to loop the different $WorkspaceID in the script.
I want to stop my appservices at midnight and want to start them at morning.So i came across two things , runbooks and webjobs .So first i included a runbook which start/stop services in a resource group.But when i tested it out , i faced an error -
And also when i tried using a webjob , i used this code from here , but i was not able to see the result.The webjob was working as a script but was it actually starting/stoping the services i dont know.I am new to powershell scripts so i dont know where to make necessary changes in the code.I dont know whether i am doing it right or wrong , please help me out.Thank You.
If you want to manage Azure ARM Resource with Azure Runbook, you can create Run As accounts in your Azure automation account. When we create it, it will create a new service principal user in Azure Active Directory (AD) and assigns the Contributor role to this user at the subscription level. For more details, please refer to the document and the document.
For example
Create Run As accounts
a. Search for and select Automation Accounts.
b. On the Automation Accounts page, select your Automation account from the list.
c. In the left pane, select Run As Accounts in the account settings section.
d. Depending on which account you require, select either Azure Run As Account or Azure Classic Run As Account.
e. Depending on the account of interest, use the Add Azure Run As or Add Azure Classic Run As Account pane. After reviewing the overview information, click Create.
Create a PowerShell Workflow runbook
Script
workflow START_STOP_APP_SERVICE_BY_RESOURCE
{
Param(
[Parameter (Mandatory= $true)]
[bool]$Stop,
[Parameter (Mandatory= $true)]
[string]$ResourcegroupName
)
try
{
# use Azure As Account to log in Azure
$servicePrincipalConnection=Get-AutomationConnection -Name "AzureRunAsConnection"
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
$status = 'Stopped'
if ($Stop)
{
$status = 'Running'
}
# Get Running WebApps (website_Processings_Running)
$website_Processings_Running = Get-AzureRMWebAPP -ResourceGroupName $ResourcegroupName | where-object -FilterScript{$_.state -eq $status }
foreach -parallel ($website_Processing In $website_Processings_Running)
{
if ($Stop)
{
$result = Stop-AzureRmWebApp -ResourceGroupName $ResourcegroupName -Name $website_Processing.Name
if($result)
{
Write-Output "- $($website_Processing.Name) shutdown successfully"
}
else
{
Write-Output "+ $($website_Processing.Name) did not shutdown successfully"
}
}
else
{
$result = Start-AzureRmWebApp -ResourceGroupName $ResourcegroupName -Name $website_Processing.Name
if($result)
{
Write-Output "- $($website_Processing.Name) start successfully"
}
else
{
Write-Output "+ $($website_Processing.Name) did not started successfully"
}
}
}
}
Today in 2022 you have to use Az module instead of AzureRM. You also have to switch to 7.1 Runtime if you want to succeed.
Param(
[bool]$Stop,
[string]$ResourcegroupName,
[string]$WebAppName
)
try
{
# use Azure As Account to log in Azure
$servicePrincipalConnection=Get-AutomationConnection -Name "AzureRunAsConnection"
Write-Output $servicePrincipalConnection.TenantId
Write-Output $servicePrincipalConnection.ApplicationId
Write-Output $servicePrincipalConnection.CertificateThumbprint
Add-AzAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
$status = 'Stopped'
if ($Stop)
{
$status = 'Running'
}
# Get Running WebApps (website_Processings_Running)
$website_Processings_Running = Get-AzWebApp `
-ResourceGroupName $ResourcegroupName] `
-Name $WebAppName | where-object -FilterScript{$_.state -eq $status}
Write-Output "- $($website_Processing.Name) WebApp to manage"
foreach ($website_Processing In $website_Processings_Running)
{
if ($Stop)
{
$result = Stop-AzWebApp -ResourceGroupName $ResourcegroupName -Name $website_Processing.Name
if($result)
{
Write-Output "- $($website_Processing.Name) shutdown successfully"
}
else
{
Write-Output "+ $($website_Processing.Name) did not shutdown successfully"
}
}
else
{
$result = Start-AzWebApp -ResourceGroupName $ResourcegroupName -Name $website_Processing.Name
if($result)
{
Write-Output "- $($website_Processing.Name) start successfully"
}
else
{
Write-Output "+ $($website_Processing.Name) did not started successfully"
}
}
}
I want to know how to get rid of this extra account information that shows up every time i run a script in my azure automation runbook. There has to be a way to remove it, any help would be deeply appreciated.
You can append Out-Null to the commands that will output your account information. It hides the output instead of sending it down the pipeline or displaying it. See other ways to ignore the output.
For example:
$connectionName = "AzureRunAsConnection"
try
{
# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
Connect-AzAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint | Out-Null
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
Result
I want to set the retention period of Files Share snapshot with scheduler by Azure Automation. 1, May I set the schedule of creating and deleting the snapshot at one runbook. (like create one snapshot at today and delete it after one month). 2, I want to get some snapshots by every day, week and month, can I decide the retain time. (Like keep the daily snapshot 15 days, the weekly snapshot 35days, and the Monthly snapshot 13months).
3, If it is so difficult, may I decide the snapshots that I want to delete, like the previous 10. If you know something about that, please write some comments below, thanks so much.
Some information for you to refer.
Try the command below to create snapshot, for its operating frequency, you could create a schedule for the runbook.
$connectionName = "AzureRunAsConnection"
try
{
# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
"Logging in to Azure..."
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
$SAResourceGroupName="joywebapp"
$StorageAccountName="joystoragev2"
$StorageAccountKey = (Get-AzureRmStorageAccountKey -ResourceGroupName $SAResourceGroupName -AccountName $StorageAccountName).Value[1]
$context=New-AzureStorageContext -StorageAccountName $StorageAccountName -StorageAccountKey $StorageAccountKey
$share = Get-AzureStorageShare -Context $context -Name "111"
$snapshot = $share.Snapshot()
Delete the snapshots created before one month:
$allsnapshots = Get-AzureStorageShare -Context $context | Where-Object { $_.Name -eq "111" -and $_.IsSnapshot -eq $true }
foreach($snapshot in $allsnapshots){
if($snapshot.SnapshotTime -lt (get-date).AddMonths(-1)){
$snapshot.Delete()
}
}
Cloned a sample non classic runbook and attempted to set the subscription as default. This gives me following error:
Select-AzureSubscription : The subscription name {nameofsubscription} doesn't exist.
Parameter name: name
At step1_validate:18 char:18
+
+ CategoryInfo : CloseError: (:) [Select-AzureSubscription], ArgumentException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.Profile.SelectAzureSubscriptionCommand
How would it be possible to select or set a particular subscription as default? Below approaches throw above mentioned error:
Approach 1
Select-AzureSubscription -SubscriptionName $defaultSubscriptionname –Default
Get-AzureSubscription -SubscriptionId 123XXXXXXXXXXXXXXXXXX96eXX58 | Select-AzureSubscription
Approach 2
$subscriptionId = (Get-AzureRmSubscription | Out-GridView -Title 'Select Azure Subscription:' -PassThru).Id
Select-AzureRmSubscription -SubscriptionId $subscriptionId
Trying : To get particular resource name and make configurational changes, or to use Get-Azurewebsite cmdlet, setting a subscription appears mandatory.
Note: Hoping adding Service Principal used in the automation account to default subscription might help, I also tried to add the ApplicationId to Access control of Subscription as contributor. Though my Runbook being mentioned here and WebApps are in same subscription. Reference: https://blogs.technet.microsoft.com/knightly/2017/05/26/using-azure-automation-with-multiple-subscriptions/#comment-1555 ( Scenario for me is both are in same subscription )
EDIT: Pasting Code
<#
This PowerShell script was automatically converted to PowerShell Workflow so it can be run as a runbook.
Specific changes that have been made are marked with a comment starting with “Converter:”
#>
<#
.DESCRIPTION
To watch php version old in app, and if found turn it off and apply 5.6
.NOTES
AUTHOR: HBala
LASTEDIT: Jan 04, 2018
#>
workflow step1_validate {
# Converter: Wrapping initial script in an InlineScript activity, and passing any parameters for use within the InlineScript
# Converter: If you want this InlineScript to execute on another host rather than the Automation worker, simply add some combination of -PSComputerName, -PSCredential, -PSConnectionURI, or other workflow common parameters (http://technet.microsoft.com/en-us/library/jj129719.aspx) as parameters of the InlineScript
inlineScript {
$connectionName = "AzureRunAsConnection"
$myResourceGroupName = "DevstorageRG"
$defaultSubscriptionname = "StandardDevStaging"
$newPhpVersion = "5.6"
try
{
# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
"Logging in to Azure..."
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
#Get all ARM resources from all resource groups
$ResourceGroups = Get-AzureRmResourceGroup
foreach ($ResourceGroup in $ResourceGroups)
{
Write-Output ("Showing resources in resource group " + $ResourceGroup.ResourceGroupName)
if( $ResourceGroup.ResourceGroupName -eq $myResourceGroupName ){
$Resources = Find-AzureRmResource -ResourceGroupNameContains $ResourceGroup.ResourceGroupName | Select ResourceName, ResourceType
ForEach ($Resource in $Resources)
{
Write-Output ($Resource.ResourceName + " of type " + $Resource.ResourceType)
Write-Output ($Resource.ResourceName + " of type " + $Resource.ResourceType)
#Switch-AzureMode AzureServiceManagement
# Local powershell connects and works perfect with what I wanted to achieve.
# On Automation account, Runbook migration, it threw Azure subcription not set error for Set-AzureWebsite.
# so remove rest of the code and focused on few options to get the default as below
# which led me to post the thread.
#
# Approach 1
Select-AzureSubscription -SubscriptionName $defaultSubscriptionname –Default
Get-AzureSubscription -SubscriptionId 1238XXXXXXXXXXXe5XXXX8 | Select-AzureSubscription
# Approach 2
$subscriptionId = (Get-AzureRmSubscription | Out-GridView -Title 'Select Azure Subscription:' -PassThru).Id
Select-AzureRmSubscription -SubscriptionId $subscriptionId
Write-Output ( "==============Subscription ID :===========")
Write-Output( $subscriptionId)
# Wants to update config / php version parameters.
Set-AzureWebsite -Name $Resource.ResourceName -HttpLoggingEnabled 1 -PhpVersion 5.6
# Had tried this as well which was suggested by Jason. But appears not working..
# looks like I have messed it up.
Get-AzureRmWebApp -ResourceGroupName $myResourceGroupName -Name $Resource.ResourceName
Set-AzureRmWebApp -ResourceGroupName $myResourceGroupName -Name $Resource.ResourceName -HttpLoggingEnabled 1 -PhpVersion 5.6
}
}
Write-Output ("Completed!#Line83")
}
}
}
Hoping adding the serviceprincipal type addition for the
automationaccount to default subscription might help
You are right, we can use Azure automation account connections to select subscription.
For example, we can new a connection and the type is Azure service principal.
like this:
Then use this powershell script to select the connection:
$connectionName = "jason"
try
{
# Get the connection "jason "
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
"Logging in to Azure..."
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
In this way, we can use connection to select subscription.
By the way, we can follow this article to create service principal.