I have an automation account in azure that starts and stops some VMs. I have no issue stopping the VMs, but It can not start them. I assume that this is related to recent password change that we did. I know that we need to change something in Azure PowerShell, but I don't know what to change and how to access it.
In what way you start and stop VMs through Azure Automation account? Is it using Start Stop VM solution or using a custom runbook with Start-AzVM and Stop-AzVM cmdlets.
If its using Start Stop VM Solution then see if this troubleshooting guide helps to resolve your issue.
If its using custom runbook then it would be easy to diagnose the issue if you can provide your runbook.
Related
I'm looking for a way to use my machine-local PowerShell ISE or VSCode to connect to Azure Runbooks. Usually, one has to scaffold locally and then test in the cloud in an Azure runbook. Has anybody ever done this?
One way I'm looking into it is this idea but I was wondering if you knew of something more convenient.
To connect from local (VScode) to Azure Runbooks:
Thanking #Kaido Järvemets for detailed steps. I've tried by considering few steps from there and was able to connect successfully.
Check for Azure Automation extension in Visual Studio code.
To work with Azure automation from local, we need to set up a few settings by searching "Preferences: User settings" (ctrl+shift+p).
Register a new application under Azure Active Directory and add the respective "client_id, client_secret, automation_account_name, subscription_id,tenant_id" in extension settings of Azure Automation configuration.
Give the required permissions in Automation Account -> Access Control (IAM) as shown here:
Created a PowerShell runbook script to run connect-AzAccount under Azure Automation Account through portal.
Opened the same runbook in Azure Automation and was able to connect from local (vscode)to Azure.
Note: Search for Automation explorer (ctrl+shift+p) and create a new runbook if needed. you can run the same script in Azure portal also & it will work as described above.
I have a working Azure Automation Hybrid Runbook Worker that is successfully executing runbooks. From one such Hybrid runbook I need to pass a result on to another runbook that must run on Azure, not on the Hybrid Worker.
After doing some research it seems that I have to use the Start-AzAutomationRunbook cmdlet to start the Azure runbook - which requires a Connect-AzAccount before, which means additional authentication:
To use Start-AzAutomationRunbook, the script must authenticate to your
Azure subscription.
But this seems overly complicated. Is there a less complex way to chain Azure and Hybrid runbooks? Without having to explicitly authenticate again? Overall, the runbooks are located in the same Automation account right next to each other.
I want to give access to somebody to a virtual machine on Azure (with the RDP connection file) and let him start/stop the VM but without giving him access to the Azure Portal account.
Is there a (simple) way to start/stop virtual machine on Azure without having to access the portal ? By "simple" I mean something that you don't need to run some line code and that can be as easy as opening a RDP file.
Alternatively, is there a way not to be billed of a running (but idle) virtual machine ?
You can use a Powershell script to start/stop the VM.
No you will be billed for the stopped VMs also as long as you have checked them out.
For your requirement, I think the best way is to use the Service principal with the role of Virtual Machine Contributor. It just lets the user manage the VM, but without access to the VM and also do not have the permission to access the Azure portal.
Then you can use this service principal to execute the Azure CLI, Azure PowerShell commands or the REST API to start/stop the Azure VM, it does not cost.
Is there a (simple) way to start/stop virtual machine on Azure without having to access the portal ? By "simple" I mean something that you don't need to run some line code and that can be as easy as opening a RDP file.
There are SDK's available which you can use along with CLI to have programmatic access to the VM - in this manner, you do not require access to the portal.
Alternatively, is there a way not to be billed of running (but idle) virtual machine?
You will be billed for idle VM as this still means that VM is operational. To save costs, terminate the VM and create the VM again when required.
My goal is to have a VM to run builds for Azure DevOps with a user-assigned managed identity so we can keep everything connectionStringLess.
I have just created an Azure Lab and a VM in it.
The reason for this in the lab is so we can shut it down during nights and weekends.
However, I can't find the option to assign managed identities to it.
If possible, how do I do it?
Looks the lab VM (Microsoft.DevTestLab/labs/virtualmachines) does not support MSI currently, you need to use the azure VM(Microsoft.Compute/virtualMachines).
Reference - Services that support managed identities for Azure resources.
Besides, I notice you use the lab VM for auto-start/stop reason, actually the Azure VM also supports that, see Start/Stop VMs during off-hours solution in Azure Automation, not only schedule VMs to start and stop, but also other features.
We are using an Azure Classic Virtual Machine!! It does not show 'AutoShutDown' Blade. Is this feature not available for Classic VM? When I searched, there is also an option to use Runbook in Automation Account to do this. Is anyone used this with classic VM?
This feature is not available with classic vms. its 2019, you should migrate to ARM anyway. but you could use custom powershell runbook to shutdown classic vms using a schedule.
you'd need to tag the resource groups (cant tag classic resources) and invoke the runbook hourly. this would be a nice starting point. in fact it does what you ask for.