I am looking solution to find out Stopped | Deallocated resources Orphan Resources in Azure. I grab the VM data. But if someone spins the VM and VM showing running, How to check owner not used that VM since 30 Days.
az vm list -d --output table
Any automation suggestion will be welcome.
az vm list -d --output table
TESTSXG VM running
I see multiple queries here.
To identify if someone created any resource (say VM) and has forgot to deallocate it.
To check last login in VM if it is older than 30 days.
To check owner not used the VM(s) in the last 30 days.
If we don’t login to VM since a while and if some services (like Jenkins, etc.) are running and untouched.
To audit actions on resources and to determine the operations that were taken on resources, you may use Activity Logs. For more information refer this (https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-audit) link.
For #1, You may execute the below command.
Get-AzureRmVM -Status|select Name, PowerState
For #2 and #3, below is the command which you can run manually in the VM.
Get-WmiObject -Class Win32_NetworkLoginProfile |
Sort-Object -Property LastLogon -Descending |
Select-Object -Property * -First 1 |
Where-Object {$_.LastLogon -match "(\d{14})"} |
Foreach-Object { New-Object PSObject -Property #{ Name=$_.Name;LastLogon=[datetime]::ParseExact($matches[0], "yyyyMMddHHmmss", $null)}}
But I know that we are looking for an automated way to validate all the VM’s under your subscription. So here the requirement is to automatically (i.e., remotely) connect to all the ‘running’ VM’s from Azure portal and then get the required output. If i am not wrong, most probably we can achieve this requirement in multiple ways i.e.,
i. Log Analytics
ii. DSC
iii. Functions
iv. Runbook
v. Logic App
i. Create a Log Analytics OMS workspace and install OMS agent on the VM(s) as instructed here (https://learn.microsoft.com/en-us/azure/azure-monitor/learn/quick-collect-azurevm). Then add Azure Security Center (Security and Audit) solution in OMS so that the security events will be pushed to OMS repository. Then goto Log Analytics -> OMSworkspaceName -> Logs and run the below Kusto query to get the required output.
SecurityEvent
| where EventID == 4624
| sort by TimeGenerated desc
Note that the Event ID 4624 is the ID for the event log of any account logged on to a machine.
ii. Onboard Azure DSC on the VM(s) as instructed here (https://learn.microsoft.com/en-us/azure/automation/automation-dsc-onboarding) and write a DSC configuration script using ‘script’ DSC resource which will run the above mentioned Get-WmiObject…. command remotely on the DSC nodes (i.e., VM’s) and fetch us the required output.
iii. Write a HTTP trigger PowerShell function which will run the above mentioned Get-WmiObject…. command remotely (i.e., may be try a new ps session and invoke command) on the VM’s and fetch us the required output. You may refer this (https://learn.microsoft.com/en-us/azure/azure-functions/functions-create-first-azure-function) link to learn about Functions.
iv. Write a PowerShell runbook which will run the above mentioned Get-WmiObject…. command remotely (i.e., may be try new ps session and invoke command) on the VM’s and fetch us the required output.
v. Currently Azure Logic Apps seems not support to run PowerShell and CLI script. However, we may try to use available Logic Apps Functions connector or any similar connector and internally try to call PowerShell to execute above mentioned Get-WmiObject…. command remotely. Just FYI here (https://feedback.azure.com/forums/287593-logic-apps/suggestions/33913552-run-a-powershell-code-within-a-logic-app-action) is a voice in Azure feedback regarding running PowerShell code within a Logic App, you could vote if you are interested in this option.
For #4, Install OMS agent on the VM’s so that the events details get stored in OMS repository. For example, if no one is logging in to a VM but Jenkins service is running on that VM then in that case you may want to not disturb that VM. So, to validate if Jenkins service is running on a VM or not you may have to run a Kusto query something like this.
Event
| where (EventLog == "System")
| where (RenderedDescription has "jenkins" and RenderedDescription has "stopped")
Hope this helps!!
Related
I am trying to monitor VM status.
I have activated logs, and trying to query the status of the VM.
I can not find the status or health status.
In order to query the status of Azure VMs, make use of below PowerShell commands:
Use the - Status parameter to check whether the VMs are running, deallocated, or stopped using PowerShell like below:
Get-AzVM -Status | Select name, powerstate, provisioningState
If you want to get Status of particular VM then use the below PowerShell command:
Get-AzVM -Name "YourVmName" -ResourceGroup "YourResourceGroupName" -status
If you want to query the status of Azure VMs from Azure Resource Graph Explorer make use of below:
Resources
| project name, location,
PowerState=tostring(properties.extended.instanceView.powerState.code), type
| where type =~ 'Microsoft.Compute/virtualMachines'
| order by name desc
Please note that there is no such state called "Busy", check this MS Doc.
For more information, please find below references:
powershell - Determine Virtual Machine status and activity in Microsoft Azure - Stack Overflow
How to check Azure VM Power state using PowerShell? (tutorialspoint.com)
I'd like to create a dashboard in the Azure Portal that displays the number of active virtual machines per resource group. In this case I'm not interested in any deallocated or stopped VM's.
Since filtering the virtual machines blade doesn't work for the VM's power state, I turned to the Resource Graph. From there the solution gets close, but it doesn't seem possible to filter on power state (yet).
resources
| where type == "microsoft.compute/virtualmachines"
| summarize count() by resourceGroup
| order by resourceGroup asc
Is there a way to combine this data with another data table to be able to filter on power state and get only the running virtual machines? Or maybe a different solution altogether to just display the number of running VM's on a dashboard?
There doesn't seem to be a table that holds the PowerState of the VM in the Resource Graph schema (at least I couldn't find it)
Since you had stated that you would also like to hear about altogether a different approach, I want to suggest the PowerShell route
You can get the PowerState of the VM using the below command
Get-AzVM -Status
This output you may write to a Azure table storage. (this link has details of how to use PowerShell to interact with Azure Storage Accounts [https://learn.microsoft.com/en-us/azure/storage/tables/table-storage-how-to-use-powershell]
You can build a Power BI report on top of this table storage filtering only for PowerState == running and light up your report.
Now to schedule this, you will need to
a) Create an Automation Account. Details on how to create automation account can be found here [https://learn.microsoft.com/en-us/azure/automation/automation-create-standalone-account]
b) Create a PowerShell runbook which get the VM status and inserts rows to table storage
c) Create a schedule and link the runbook to it.
Details on how to schedule can be found here [https://learn.microsoft.com/en-us/azure/automation/shared-resources/schedules]
Thus, using Azure Automation Account and a Runbook (point b) you can setup a schedule and link the runbook with that schedule. Whenever the runbook executes it gets the current powerstatus and uploads it to Azure Table storage as per the schedule which would keep the PowerBI updated.
Hope this helps
hope the example below works for you
resources
| where type == "microsoft.compute/virtualmachines"
| where properties.extended.instanceView.powerState.displayStatus=="VM running"
| summarize count() by resourceGroup
| order by resourceGroup asc
Cheers,
I wanted to stop web jobs with a certain name that are currently running on all apps in an app plan in Azure. I prefer PowerShell, but Azure PS module is lacking compared to az cli, so I ended up with the following, which feels really clunky:
Get-AzWebApp
|
where ServerFarmId -EQ '$appPlanId'
|
select Name, ResourceGroup
|
% {az webapp webjob continuous list --name $_.Name --resource-group $_.ResourceGroup --query '[].{Id:id}' | ConvertFrom-Json}
|
% {az webapp webjob continuous stop --webjob-name $webjobName --ids "$($_.Id)"}
I'd appreciate advice on better approaches.
As I known, you can use two APIs below of WebJobs API for Continuous Jobs to realize your needs in PowerShell.
List all continuous jobs
Stop a continuous job
For how to call these APIs above, you can refer to the Sample of using REST API with PowerShell.
Meanwhile, please see the document Deployment credentials to know how to use the credentials in the REST calling. And you can refer to my answer for a similar SO thread Unable to access admin URL of Azure Functions to know how to get the credential parameters.
I want to start an exe that is located in a VM every day. The exe is 5 minutes long, so I want to use azure automation to start the vm, run the exe, and when it's finished, stop the vm.
I've looked at some resources on the web, and I can start the VM with :
Start-AzureVM -Name $VMName -ServiceName $ServiceName
I've seen in examples that people stop vm in other job at a certain time, but is it possible to start the vm, run an exe and stop the vm when the exe has terminated ?
You could start the VM via automation, and then fire off the exe from a Powershell script. When the exe exits you could call Stop-AzureVM / Stop-AzureRmVM
PowerShell Remoting
Yes, you can use a PowerShell Remoting session, which sits on top of Windows Remote Management (WinRM) to achieve this.
The high-level workflow for your Azure Automation Runbook would look something like:
Start-AzureVM ...
Invoke-Command ...
Stop-AzureVM ...
The Invoke-Command PowerShell command creates a PowerShell Remoting session (PSSession) to the Azure Virtual Machine, using the VM's public WinRM endpoint. The command will run synchronously by default, unless you use the -AsJob parameter to execute the command as a PowerShell Background Job, on the Runbook Worker. If you choose to invoke the remote command (your exe file) as a Background Job, then you can use the Wait-Job command to wait for its completion, before calling Stop-AzureVM.
IaaSv1 or IaaSv2?
Another major factor in your automation work, is considering whether you are using Azure Service Management (ASM) or Azure Resource Manager (ARM). Azure has two different APIs, and depending on how you created your VM, you will be using one or the other.
ASM = IaaSv1 (classic VMs)
ARM = IaaSv2
When you provision IaaS VMs in ASM, they must be a member of a "Cloud Service" container. Conversely, in ARM / IaaSv2, you can create VM instances as top-level members of your Azure subscription (account), with the caveat that all ARM-based cloud resources must be deployed into a "Resource Group."
ASM and ARM have entirely separate PowerShell modules. The ASM command is Start-AzureVM and the ARM equivalent is Start-AzureRmVM. Due to the inherent differences in the ASM and ARM architecture, these two commands also have different parameters. The ASM version requires that you specify the "Cloud Service" that the IaaS VM belongs to, whereas the ARM version requires that you specify the "Resource Group" that the VM belongs to.
For whoever may visit here, here is the example of Start VM, Run a script and stop VM.
https://github.com/shanjin14/AzureAutomation
In the RunPython.ps1 just need to put the full file path to the exe file
such as "C:\abc.exe"
Cheers. hope it helps
I have the latest version of the Azure Powershell installed (0.9.7). I have a new virtual machine that was created via the Preview Portal. It was created with the new Resource Group model.
I am trying to install a few extensions but I cannot figure out the correct Powershell commands. Most instructions say to use Get-AzureVM. This does not return my VMs. If I use Switch-AzureMode to AzureResourceManager, I can use Get-AzureVM to list my VM (v2 I assume).
It seems none of the Extension scripts are setup for Resource Manager mode. Most of the sample scripts say to use:
Get-AzureVM -ServiceName 'CLFeb19WS12R2A' -Name 'CLFeb19WS12R2A' | Set-AzureVMBGInfoExtension -Disable -ReferenceName 'BGInfo' | Update-AzureVM
I have tried all kinds of ways. The AzureVMBGInfoExtension cmdlet is not available in Resource Manager mode.
Any suggestions?
Create a VM
I created a new VM so that I could help you. I used portal.azure.com > New > Compute > Marketplace > Windows Server > Windows Server 2008 R2 SP1 and chose the Resource Manager deployment model.
Create an Active Directory User
Since we're using the Azure Resource Manager, I needed to create a new Active Directory user so that I could authenticate with Azure PowerShell. That is the only way that I could authenticate.
You can create one using the following steps.
Login to the Azure Portal, and select Active Directory.
If no directory exists, select Create your directory and provide the requested information.
Select your directory and add a new user. This new user is a work or school account.
During the creation of the user, you will be supplied with both an e-mail address for the user and a temporary password. Save this information as it is needed later.
From the Azure portal, select Settings and then select Administrators. Select Add, and add the new user as a co-administrator. This allows the work or school account to manage your Azure subscription.
Finally, log out of the Azure portal and then log back in using the new work or school account. If this is the first time logging in with this account, you will be prompted to change the password.
Make sure you see your subscriptions when you log in as the work or school account.
Oddly enough, Azure Resource Manager seems to work best (or only to work) with if we authenticate with one of those types of accounts.
Install the Most Recent Azure PowerShell Module
Since we need access to the Extension related commandlets, I installed the most recent version of Azure PowerShell. The link shows how to install it via the Web Platform Installer. Once done, you can find out whether you have the correct one by running this:
> (Get-Module azureresourcemanager).Version
Major Minor Build Revision
----- ----- ----- --------
0 9 7 -1
When we run the following, look at all the Extension related commandlets. Hooray!
> Switch-AzureMode -Name AzureResourceManager
> Get-Command *extension* -Module AzureResourceManager
Get-AzureVMAccessExtension
Get-AzureVMCustomScriptExtension
Get-AzureVMDiagnosticsExtension
Get-AzureVMDscExtension
Get-AzureVMExtension
Get-AzureVMExtensionImage
Get-AzureVMExtensionImageType
Remove-AzureVMAccessExtension
Remove-AzureVMCustomScriptExtension
Remove-AzureVMDiagnosticsExtension
Remove-AzureVMDscExtension
Remove-AzureVMExtension
Set-AzureVMAccessExtension
Set-AzureVMCustomScriptExtension
Set-AzureVMDiagnosticsExtension
Set-AzureVMDscExtension
Set-AzureVMExtension
We have access to these while being in Resource Manager mode. To learn how to use each of them, run Get-Help Set-AzureVMAccessExtension -example on each one that is of interest. Then play around with the example.
Authenticate Azure PowerShell & Set the Extensions for Your VM
When authenticating via Add-AzureAccount, use the Active Directory user that we created. Then you can query your virtual machines.
> Add-AzureAccount
> Get-AzureResource -ResourceType Microsoft.Compute/virtualMachines
Once you know the details of your VM, you can add an extensions. Here is one example that worked for me.
> Set-AzureVMAccessExtension -ResourceGroupName "mvp1" -Location "West US" -VMName "mvp1" -Name "mvp1test" -TypeHandlerVersion "2.0" -UserName "shaunluttin" -Password "Password
EndTime : 9/1/2015 9:35:57 PM -07:00
Error :
Output :
StartTime : 9/1/2015 9:35:20 PM -07:00
Status : Succeeded
TrackingOperationId : f03210e0-e67e-40d7-aad7-d9acef64bebe
RequestId : 95f42767-edcf-443a-8977-4c9f6d0eafef
StatusCode : OK
Best of luck with that. Let me know if you have any questions.