Azure Start/Stop VM via webhook - azure

We have multiple VM's in our azure environment with multiple resourcegroups. Some of the resourcegroups have multiple VM's. We are now using an URL triggers webhook that will start or stop VM's. This is working, but when a resourcegroup contains multiple VM's all the VM's will start or all the VM's will stop instead of the one you want to start/stop.
Tried multiple scripts but it's isn't working or give me errors.
param(
[Parameter(Mandatory=$false)]
[object]
$WebHookData
)
write output "Data WebHook $WebHookData"
#retrieve ResourceGroup
$ResourceGroupName = $WebHookData.RequestBody
write output "Data ResourceGroup $ResourceGroupName"
$Conn = Get-AutomationConnection -Name AzureRunAsConnection
Connect-AzureRmAccount -ServicePrincipal -Tenant $Conn.TenantID -ApplicationId $Conn.ApplicationID -CertificateThumbprint $Conn.CertificateThumbprint
$VMs = Get-AzureRmVM -ResourceGroupName $ResourceGroupName
if(!$VMs)
{
Write-Output -InputObject 'No VMs were found in the specified Resource Group.'
}
else
{
ForEach ($VM in $VMs)
{
$StartVM = Stop-AzureRmVM -ResourceGroupName $ResourceGroupName -Name $VM.Name -Force #-ErrorAction SilentlyContinue
}
}
$message = ConvertTo-Json -Compress -InputObject ([ordered]#{
headers = #{'content-type' = 'text/plain'}
body = ''
statusCode = 200
})

You could try below script for Start/Stop Virtual machine.
Start VM
$connectionName = "AzureRunAsConnection"
$servicePrincipalConnection = Get-AutomationConnection -Name $connectionName
$null = Add-AzureRmAccount -ServicePrincipal -TenantId $servicePrincipalConnection.TenantId -ApplicationId $servicePrincipalConnection.ApplicationId -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
$VMs = Get-AzureRmResource|Where-Object {$_.Tags.Keys -eq "owner" -and $_.Tags.Values -eq "daneum"}
foreach ($VM in $VMs) {
if ($VM.ResourceType -eq "Microsoft.Compute/virtualMachines") {
Start-AzureRmVM -ResourceGroupName $VM.ResourceGroupName -Name $VM.Name -Verbose
}
}
Stop VM
$connectionName = "AzureRunAsConnection"
$servicePrincipalConnection = Get-AutomationConnection -Name $connectionName
$null = Add-AzureRmAccount -ServicePrincipal -TenantId $servicePrincipalConnection.TenantId -ApplicationId $servicePrincipalConnection.ApplicationId -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
$VMs = Get-AzureRmResource|Where-Object {$_.Tags.Keys -eq "owner" -and $_.Tags.Values -eq "daneum"}
foreach ($VM in $VMs) {
if ($VM.ResourceType -eq "Microsoft.Compute/virtualMachines") {
Stop-AzureRmVM -ResourceGroupName $VM.ResourceGroupName -Name $VM.Name -Force -Verbose
}
}
For webhook integration procedure you could take a look here

Related

Backup to azure Blob showing completed while backup still in progress

I am using azure automation to automate the process to backup my database to azure blob storage, its working all fine but the issue i am trying to resolve is that the status shows completed before the actual backup is done, and if i try to rerun the automation it tells me this :
"ErrorActionPreference" or common parameter is set to Stop: 45183: There is an import or export operation in progress on the database 'database'.
Here is my powershell script:
param(
[parameter(Mandatory=$true)]
[String] $ResourceGroupName,
[parameter(Mandatory=$true)]
[String] $DatabaseServerName,
[parameter(Mandatory=$true)]
[String]$DatabaseAdminUsername,
[parameter(Mandatory=$true)]
[String]$DatabaseAdminPassword,
[parameter(Mandatory=$true)]
[String]$DatabaseNames,
[parameter(Mandatory=$true)]
[String]$StorageAccountName,
[parameter(Mandatory=$true)]
[String]$BlobStorageEndpoint,
[parameter(Mandatory=$true)]
[String]$StorageKey,
[parameter(Mandatory=$true)]
[string]$BlobContainerName
# [parameter(Mandatory=$true)]
# [Int32]$RetentionDays
)
$ErrorActionPreference = 'stop'
function Login() {
$connectionName = "AzureRunAsConnection"
try
{
$servicePrincipalConnection = Get-AutomationConnection -Name $connectionName
Write-Verbose "Logging in to Azure..." -Verbose
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint | Out-Null
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
}
function Create-Blob-Container([string]$blobContainerName, $storageContext) {
Write-Verbose "Checking if blob container '$blobContainerName' already exists" -Verbose
if (Get-AzureStorageContainer -ErrorAction "Stop" -Context $storageContext | Where-Object { $_.Name -eq $blobContainerName }) {
Write-Verbose "Container '$blobContainerName' already exists" -Verbose
} else {
New-AzureStorageContainer -ErrorAction "Stop" -Name $blobContainerName -Permission Off -Context $storageContext
Write-Verbose "Container '$blobContainerName' created" -Verbose
}
}
function Export-To-Blob-Storage([string]$resourceGroupName, [string]$databaseServerName, [string]$databaseAdminUsername, [string]$databaseAdminPassword, [string[]]$databaseNames, [string]$storageKey, [string]$blobStorageEndpoint, [string]$blobContainerName) {
Write-Verbose "Starting database export to databases '$databaseNames'" -Verbose
$securePassword = ConvertTo-SecureString –String $databaseAdminPassword –AsPlainText -Force
$creds = New-Object –TypeName System.Management.Automation.PSCredential –ArgumentList $databaseAdminUsername, $securePassword
foreach ($databaseName in $databaseNames.Split(",").Trim()) {
Write-Output "Creating request to backup database '$databaseName'"
$bacpacFilename =$databaseName + "LiveBak_anon" + ".bacpac"
$bacpacUri = $blobStorageEndpoint + "/" + $blobContainerName + "/" + $bacpacFilename
$exportRequest = New-AzureRmSqlDatabaseExport -ResourceGroupName $resourceGroupName –ServerName $databaseServerName `
–DatabaseName $databaseName –StorageKeytype "StorageAccessKey" –storageKey $storageKey -StorageUri $BacpacUri `
–AdministratorLogin $creds.UserName –AdministratorLoginPassword $creds.Password -ErrorAction "Stop"
# Print status of the export
# Get-AzureRmSqlDatabaseImportExportStatus -OperationStatusLink $exportRequest.OperationStatusLink -ErrorAction "Stop"
}
}
# function Delete-Old-Backups([int]$retentionDays, [string]$blobContainerName, $storageContext) {
# Write-Output "Removing backups older than '$retentionDays' days from blob: '$blobContainerName'"
# $isOldDate = [DateTime]::UtcNow.AddDays(-$retentionDays)
# $blobs = Get-AzureStorageBlob -Container $blobContainerName -Context $storageContext
# foreach ($blob in ($blobs | Where-Object { $_.LastModified.UtcDateTime -lt $isOldDate -and $_.BlobType -eq "BlockBlob" })) {
# Write-Verbose ("Removing blob: " + $blob.Name) -Verbose
# Remove-AzureStorageBlob -Blob $blob.Name -Container $blobContainerName -Context $storageContext
# }
# }
Write-Verbose "Starting database backup" -Verbose
$StorageContext = New-AzureStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $storageKey
Login
Create-Blob-Container `
-blobContainerName $blobContainerName `
-storageContext $storageContext
Export-To-Blob-Storage `
-resourceGroupName $ResourceGroupName `
-databaseServerName $DatabaseServerName `
-databaseAdminUsername $DatabaseAdminUsername `
-databaseAdminPassword $DatabaseAdminPassword `
-databaseNames $DatabaseNames `
-storageKey $StorageKey `
-blobStorageEndpoint $BlobStorageEndpoint `
-blobContainerName $BlobContainerName
# Delete-Old-Backups `
# -retentionDays $RetentionDays `
# -storageContext $StorageContext `
# -blobContainerName $BlobContainerName
Write-Verbose "Database backup script finished" -Verbose
All i basically need is for this process to show running even while the backup operation is in progress because i am using this automation in a logic app.
You could use Get-AzureRmSqlDatabaseImportExportStatus
Sample :
PS C:\>Get-AzureRmSqlDatabaseImportExportStatus -OperationStatusLink "https://management.contoso.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/resource01/providers/Microsoft.Sql/servers/server01/databases/database01/importExportOperationResults/00000000-000-0000-0000-000000000000?api-version=2014-04-01"
OperationStatusLink :
ErrorMessage :
LastModifiedTime : 4/15/2016 10:16:14 PM
QueuedTime : 4/15/2016 10:16:13 PM
StatusMessage : Running, Progress = 5.00 %
Status : InProgress
When you run New-AzureRmSqlDatabaseExport, A job is submitted however it is never waited for the completion of the job. The subsequent lines gets executed.
In your code, you have mentioned the below line
Write-Verbose "Database backup script finished" -Verbose
Once the export job is submitted, the above line is executed.
To overcome this, you could use the Get-AzureRmSqlDatabaseImportExportStatus and poll the status, proceed on the completion status.

Azure PowerShell Runbook Get Set Az-Disk dynamically

The team is trying to automate a snapshot restore, which was achieved successfully. However I am not able to figure out how to dynamically get the previous disk within the resource group; As well as set the next disk with a new name.
In the code below "AZR-001_OsDisk_7" has to set dynamically to "AZR-001_OsDisk_8" the next time it runs:
$diskConfig = New-AzDiskConfig -Location $snapshot.Location -SourceResourceId $snapshot.Id -CreateOption Copy
$disk = New-AzDisk -Disk $diskConfig -ResourceGroupName "ETD-RFT" -DiskName "AZR-001_OsDisk_7"
$disk1 = Get-AzDisk -ResourceGroupName "ETD-RFT" -Name "AZR-001_OsDisk_7"
Not a final solution, but I have a quick idea. You may use Get-AzDisk -ResourceGroupName 'ResourceGroupName ' to get all the disks. And then you can get the disk name.
As you named the disk with appropriate rule, you may split the name string by _, then you will get a string array which contains all the parts. In this way, you will be able to get the version.
A sample:
$disks = Get-AzDisk -ResourceGroupName JackVS2019
foreach($disk in $disks){
$arr = $disk.Name.Split('_')
Write-Host $arr[2]
}
The output:
1
Then you can generate the new disk name.
$connectionName = "AzureRunAsConnection"
try
{
# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection = Get-AutomationConnection -Name $connectionName
"Logging in to Azure..."
$account = Connect-AzAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
Select-AzSubscription -SubscriptionName 101-Prototyping
$vm = Get-AzVM -ResourceGroupName "ETD-RFT" -Name "AZR-101-007-001"
$snapshot = Get-AzSnapshot -ResourceGroupName "ETD-RFT" -SnapshotName "SNAPSHOT-DEC-2019"
$diskConfig = New-AzDiskConfig -Location $snapshot.Location -SourceResourceId $snapshot.Id -CreateOption Copy
$disks = Get-AzDisk -ResourceGroupName "ETD-RFT"
$attached = $disks | Where-Object ManagedBy -ne $null
foreach($disk in $attached)
{
$arr = $disk.Name.Split('_')
$arr[2]
}
$a = $arr[2] -as [int]
$a=$a+1
Write-Host $a
$newname = $arr[0] + "_" + $arr[1] + "_" + $a
$disknew = New-AzDisk -Disk $diskConfig -ResourceGroupName "ETD-RFT" -DiskName $newname
$disk1 = Get-AzDisk -ResourceGroupName "ETD-RFT" -Name $newname
Set-AzVMOSDisk -VM $vm -ManagedDiskId $disk1.Id -Name $disk1.Name
Update-AzVM -ResourceGroupName "ETD-RFT" -VM $vm

Install ssl certificate from azure key vault with Automation Accounts

i have some issues.
I have in key vault some SSL certs from LetsEncrypt,and i want to automate installing certificates to VM in azure. I create runbook with some code:
$connectionName = "AzureRunAsConnection"
try
{# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
"Logging in to Azure..."
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
catch {if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}$certUrl = (Get-AzureKeyVaultSecret -VaultName "MyVault" -Name "letsecrypt-my-cert").Id;
$vm=Get-AzureRmVM -ResourceGroupName "MyRS" -Name "MyVm"
$vaultId=(Get-AzureRmKeyVault -VaultName "MyVault").ResourceId
$certStore = "MySSL"
$vm = Add-AzureRmVMSecret -VM $vm -SourceVaultId $vaultId -CertificateStore $certStore -CertificateUrl $certURL
Update-AzureRmVM -ResourceGroupName "MyRS" -VM $vm
It install ssl to my VM, but i want to check some parameters of certificate and run this script, for example: if certificate updated run install to vm and if not do nothing. What parameters i must use and how check them. Maybe someone do similar task?
I solve this issues with these code modification:
$connectionName = "AzureRunAsConnection"
try
{
# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
"Logging in to Azure..."
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
$certUrl = (Get-AzureKeyVaultSecret -VaultName "MyVault" -Name "letsecrypt-MyCert").Id
$vm=Get-AzureRmVM -ResourceGroupName "MyRG" -Name "MyVm"
$certUrlOnVM=$vm.osProfile.secrets.vaultCertificates.certificateUrl
$vaultId=(Get-AzureRmKeyVault -VaultName "MyVault").ResourceId
$curentDate = Get-Date
$d = $curentDate.day
$m = $curentDate.month
$y = $curentDate.year
$curentDateStr = "$d/$m/$y"
$certStore = "MySSL_"+$curentDateStr
if ($certUrl.equals($certUrlOnVM)){
"Certificate already installed on VM"
} else {
Get-AzureRmVM -ResourceGroupName "MyRG" -Name "MyVm" | Remove-AzureRmVMSecret | Update-AzureRmVM
$vm = Add-AzureRmVMSecret -VM $vm -SourceVaultId $vaultId -CertificateStore $certStore -CertificateUrl $certURL
Update-AzureRmVM -ResourceGroupName "MyRG" -VM $vm
"Certificate installed on VM successfully"
}
I add some variables for get certificate url in key vault and section certificateUrl from OSProfile on vm. I check if cert in keyvault and vm are identical, i do nothing, if not i do remove old section on vm and install new cert.

Azure PS Automation Provided subscription "xxxx" does not exists

I wish to select a subscription available for my service principle within an Azure Automation PS job. Running the following code locally works fine, but within the automation job, I only get the following error
Provided subscription xxxx-xxxx-xxxx-xxx-xxxx does not exist.
The subscription does exist, and the service principal has access to it when I log onto it locally.
$id = "someid"
$pass = "somepass"
$securePass = $pass | ConvertTo-SecureString -AsPlainText -Force
$cred = new-object -TypeName System.Management.Automation.PsCredential -ArgumentList $id, $securePass
$tenantId = "someID"
Add-AzureRmAccount -Credential $cred -TenantId $tenantId -ServicePrincipal
Select-AzureRmSubscription -SubscriptionId "someID"
Finally, I figured out this issue, after some days.
This issue is already reported here.
It is due to the issue related to Add-AzureRmAccount cmdlets with Service Principal.
There is a workaround to solve this issue, as mentioned by Hariharan
$connectionAssetName = "AzureRunAsConnection"
$conn = Get-AutomationConnection -Name $ConnectionAssetName
Login-AzureRmAccount `
-ServicePrincipal `
-CertificateThumbprint $conn.CertificateThumbprint `
-ApplicationId $conn.ApplicationId `
-TenantId $conn.TenantID `
-Environment AzureGermanCloud
Refer this S.O
For using Azure Automation, you should create the Automation account with AzureRunAsConnection enabled. Then from the script you utilize it like this
$connectionName = "AzureRunAsConnection"
try {
# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection = Get-AutomationConnection -Name $connectionName
"Logging in to Azure..."
Connect-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
catch {
if (!$servicePrincipalConnection) {
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
}
else {
Write-Error -Message $_.Exception
throw $_.Exception
}
}
Hope this helps

Multiple VM Creation by ARM Powershell approach

I have a ps workflow(.psm file) where I am trying to create 5 vms in parallel. I am using ARM cmdlets.I am getting an error-
Error- Cannot validate argument on parameter 'SubnetId'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command
again.
Here is my challange-
Even if I remove -parallel parameter from foreach even then its not making any difference.
If I run the same code NOT inside a workflow(ps1 file) removing -parralel parameter I am able to
create 5 vms
Code-
workflow Create-VMs
{
$UserName = "abc#cde.onmicrosoft.com"
$pwd = ConvertTo-SecureString "xxxxxxxx" -AsPlainText -Force
$AzureCredential = New-Object System.Management.Automation.PSCredential($UserName, $pwd)
login-azurermaccount -credential $AzureCredential
Add-AzureRmAccount -Credential $AzureCredential
Select-AzureRmSubscription -SubscriptionName "xxxxx"
$virtualNetworkName = "myvpn"
$locationName = "East US"
$ResourceGroupName = "myrg"
$user = "adminuser"
$password = "AdminPass123"
$VMSize = "Standard_D2"
$sourcevhd = "https://abc.blob.core.windows.net/vhds/windowsserver2008.vhd"
$virtualNetwork = Get-AzureRmVirtualNetwork -ResourceGroupName $ResourceGroupName -Name $virtualNetworkName
foreach -parallel($i in 1..5)
{
$VMName = "myname" + $i
$destinationVhd = "https://abc.blob.core.windows.net/vhds/windowsserver2008" + $i + ".vhd"
$staticip = "dynamicip" + $i
$virtualNetwork = Get-AzureRmVirtualNetwork -ResourceGroupName $ResourceGroupName -Name $virtualNetworkName
$publicIp = New-AzureRmPublicIpAddress -Name $staticip -ResourceGroupName $ResourceGroupName -Location $locationName -AllocationMethod Dynamic
$networkInterface = New-AzureRmNetworkInterface -ResourceGroupName $ResourceGroupName -Name $VMName -Location $locationName -SubnetId $virtualNetwork.Subnets[0].Id -PublicIpAddressId $publicIp.Id
$vmConfig = New-AzureRmVMConfig -VMName $VMName -VMSize $VMSize
$vmConfig = Set-AzureRmVMOSDisk -VM $vmConfig -Name $VMName -VhdUri $destinationVhd -CreateOption FromImage -Windows -SourceImageUri $sourcevhd
$vmConfig = Add-AzureRmVMNetworkInterface -VM $vmConfig -Id $networkInterface.Id
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential ($user, $securePassword)
Set-AzureRmVMOperatingSystem -VM $vmConfig -Windows -Credential $cred -ProvisionVMAgent -ComputerName $VMName
New-AzureRmVM -VM $vmConfig -Location $locationName -ResourceGroupName $ResourceGroupName
}
}
Not able to find out what is the actual problem. Any other approach for creating multiple vms in parallel using ARM ?
I've not had much luck with -parallel and the Azure cmdlets, but I can think of two options for you:
1) use PowerShell jobs - this would require you to login for each job, here's a snippet of how I do it - the "job" in this case is removing a resource group.
foreach ($AzureResourceGroup in $AzureResourceGroups) {
Start-Job -Name $AzureResourceGroup {
Param($AzureResourceGroup, $creds, $tenantID, $subscriptionName)
Login-AzureRmAccount -ServicePrincipal -Credential $creds -TenantId $tenantId
Select-AzureRmSubscription -SubscriptionName $subscriptionName
Remove-AzureRMResourceGroup -Force -Verbose -Name $AzureResourceGroup
} -ArgumentList $AzureResourceGroup, $creds, $tenantId, $subscriptionName
}
Get-Job | Wait-Job | Receive-Job
2) I think better way would be to use a JSON template, and have Azure orchestrate the deployment. There's a sample of how of the template and how to do it here: https://github.com/bmoore-msft/AzureRM-Samples/tree/master/VMFromImageMulti - there's a readme in the root to show how to deploy it.

Resources