I'm trying to onboard a VM to Azure Automation DSC. Can we add a VM from a different subscription as a DSC node ?
You won't be able to use the Register-AzureRMAutomationDSC to setup VMs cross subscription.
Following the instructions located here there are steps to run the Get-AzureRMAutomationRegistrationInfo cmdlet to get the registration key required (of the target Azure Automation account) and then steps to configure the DSC Extension on the target VM. Please note the instructions are for ASM VMs, but you can use Set-AzureRMVMExtension for ASR VMs.
Alternatively, for a more manual approach, follow the instructions here to obtain the registration url and the registration key, and then configure the Local DSC manager using the Set-DscLocalConfigurationManager cmdlet.
Related
I am trying to shutdown the VM using Azure Automation Account System Managed identity option.
However I am ending up with below error.
As per the other articles it is mentioned to upgrade the module Update-ModulesInAutomationToLatestVersion but I could not update due to below error. I am not sure what is the issue in the script. Same script works with AzureRunAsConnection option without issues ( script ).I even checked with simple login with System Managed Identity it successfully login and fetches the resource group names.
I have tested the above shared script in my automation account. Below are
the couple of observations:
You need to use Connect-AzureRMAccount -Identity cmdlet instead of 'connect-AzAccount` to connect to your subscription because the rest of the script that you have written using Azure RM cmdlets.
If we use AzureRM cmdlets in your run book script the job is getting suspended stating that Azure RM is going to retired and suggesting us to use Az Module in your workflow.
You can refer to this documentation on how to migrate your PowerShell scripts automatically from AzureRM to AZ modules.
If you want to perform start/stop on your virtual Machines you can leverage the Azure Automation start/stop during the off hours feature.
According to the MICROSOFT DOCUMENTATION and looking at your script the Azure Rm module is not supported and it has been updated to the latest version of Az module.
For more information please refer the below links:-
MICROSOFT DOCUMENT|Using a system-assigned managed identity for an Azure Automation account & Troubleshoot runbook issue.
Ahead of the deprecation of the AzureRM powershell cmdlets later this year I am updating some of our infrastructure scripts to use the Az powershell cmdlets rather than AzureRM.
One of our scripts uploads SSL certificates to Azure Cloud Service(Classic) resources using Add-AzureCertificate:
Add-AzCertificate -ServiceName $serviceName -CertToDeploy $certObject
where $certObject is a X509Certificate2 object.
What is the equivalent cmdlet in the Az module? Add-AzCertificate does not exist.
On the Cloud Service documentation page where it details configuring SSL, only certificate upload via the Azure portal is shown.
As the comment from #Alex AIT, before call the AzureRM commands, you can run Enable-AzureRmAlias cmdlet which enables a compatibility mode through aliases, to allow you to use existing scripts with minimal modification while working towards a full migration to Az. For more information, you could refer to Migrate existing scripts to Az.
Also, to call Azure Cloud Service(Classic) resources, you still need Azure modules. View this example- Az / AzureRM / Legacy Azure Powershell Conflicts.
Is there a way to use Azure Automation to download a file from azure storage? I can currently connect to the VM using templates from the gallery to create files/folder but how would I download a file from storage?
I am currently trying to use Get-AzureStorageBlob command from Invoke-command -ScriptBlock
If you are trying to use the powershell cmdlets, you need to remember to login to Azure prior to executing them. See the documentation. You would need to login in on the remote computer (ie: inside the Script Block).
An alternative is to have azcopy accessible, and simply pass in the key information via Automation Credentials.
If you want to do this, based on my experience, you need do the following steps.
1.Install Azure PowerShell on your target VM.
2.Enable Winrm on your VM, you need open port 5986 on Windows Firewall and Azure NSG. You also need configuration certificate on your VM. You could check this blog that step by step to enable winrm on Azure VM.
Note: You should enable winrm listening on https, if you enable it on http, you could not winrm your VM on runbook script.
3.Login to your Azure subscription in runbook, you could refer to this link about this.
4.Use New-PSSession to login your VM in runbook and execute your PowerShell cmlet. You could check my answer about this.
I'm looking to create endpoints (if that's what its still being called) using the Resource Management deployment mode (arm mode). I am currently using Resource Management deployment mode to create virtual machines in Azure since every article practically recommends that as the preferred way. I created an Ubuntu Linux VM in Azure in hopes to really use Azure as a cloud platform for Linux VMs. Despite the new azure portal constantly evolving (with documentations that could surely improve), I managed to create endpoints via Network Security Group (NSG) resource using the new azure portal. However, I am still unable to create endpoints (if that's what its even called anymore) via the Azure CLI... I just get "error: 'endpoint' is not an azure command. See 'azure help'." message. I've read the Azure docs enough to know that I need to execute azure login command and also execute azure config mode arm command since I used the Resource Management deployment mode to create my vm. when I enter the command azure vm --help, I don't see information regarding vm create endpoint, which leads me to believe this command is not supported for Resource Management mode.
How would I create endpoints, or more specifically Inbound security rules, using Azure CLI if I created an Ubuntu Linux VM using Resource Management deployment mode?
In ARM mode, endpoint is not available for VM. Instead, you can add a inbound rule to your ARM Network Security Group. Here is how it looks like.
azure network nsg rule create --protocol tcp --direction inbound --priority 1000 \
--destination-port-range 22 --access allow -g TestRG -a TestNSG -n SSHRule
The above command add a rule to the NSQ named TestNSG in resource group TestRG. The rule is named SSHRule which allows TCP inbound traffic through the port 22 with priority 1000.
For more information, see the "Manage rules" of "Manage NSGs using the Azure CLI"
I am using powershell script, using this i create/setup vm in azure. I want to run powershell script without azure credentials (right now i am using as below but I don't want to my.publishsettings or publishsettings details in powershell script).
create_vm.ps1
...
azure account import D:\my.publishsettings
...
Is there any want to do same. please suggest me.
There are two ways by which you can connect to and manage your Azure Subscription - One is using X509 Certificate (which is what you're doing when you use publishsettings file) and the other is using Azure AD.
Please see this link for detailed instructions on how you can use Azure AD to manage your Azure Subscriptions: https://azure.microsoft.com/en-in/documentation/articles/powershell-install-configure/. Scroll down to section titled How to: Connect to your subscription.