Is there a way to get the subscription id from the running (LINUX)VM instance in AZURE?
Can WALinuxAgent read the subscription ID from the internal server ?
This can be achieved using the Azure Instance Metadata Service. Calling this service from your VM will return a JSON with SubscriptionId among other useful data. Sample Microsoft bash script for calling the metadata service (with updated version in the request):
sudo apt-get install curl
sudo apt-get install jq
curl -H Metadata:True "http://169.254.169.254/metadata/instance?api-version=2017-08-01&format=json" | jq .
See "Response" section in provided link for sample response, with subscriptionId.
You can use powershell to achieve this.
First of all.
What kind of VM deployment model?
ARM
In this case it very simple.
$vm = Get-AzureRmVM -ResourceGroupName $resourceGroupName -Name $vmName
$vm.Id
You'll see - "/subscriptions/{subscriptionId}/..."
Classic
If you know resource group VM was deployed to, use following:
$resource = Get-AzureRmResource -ResourceGroupName $resourceGroupName -ResourceType Microsoft.ClassicCompute/virtualMachines -Name $vmName
$resource.ResourceId
Same - you"ll see "/subscriptions/{subscriptionId}/..."
Way to find resourceGroupName, if unknown (in case you write some automative script):
$vm = Get-AzureVM | Where {$_.Name -eq $vmName}
$service = Get-AzureService -ServiceName $vm.ServiceName
$service.ExtendedProperties.ResourceGroup
Hope it helps
Related
After create a runbook and edit content, I want to create variable and set value for them. How can I do it by ansible or azure cli ?
Please help me
Azure Automation stores each encrypted variable securely. When you create a variable, you can specify its encryption and storage by Azure Automation as a secure asset.
You must set the value with the Set-AzAutomationVariable cmdlet or the internal Set-AutomationVariable cmdlet. You use the Set-AutomationVariable in your runbooks that are intended to run in the Azure sandbox environment, or on a Windows Hybrid Runbook Worker.
You can create variables and set value for them using PowerShell script.
$rgName = "ResourceGroup01"
$accountName = "MyAutomationAccount"
$vm = Get-AzVM -ResourceGroupName "ResourceGroup01" -Name "VM01" | Select Name, Location,Extensions
New-AzAutomationVariable -ResourceGroupName "ResourceGroup01" -AutomationAccountName "MyAutomationAccount" -Name "MyComplexVariable" -Encrypted $false -Value $vm
$vmValue = Get-AzAutomationVariable -ResourceGroupName "ResourceGroup01" -AutomationAccountName "MyAutomationAccount" -Name "MyComplexVariable"
$vmName = $vmValue.Value.Name
$vmTags = $vmValue.Value.Tags
Reference: Manage variables in Azure Automation | Microsoft Docs
I got a script on a VM within the subscription/rg that runs a ps module called Qlik-Cli, it uses a certificate and a login.
The certificate is stored in the local store for the serviceaccount, not a choise, how the product works.
I need to trigger this thorgh a powershell runbook.
In order for this to work, I need to trigger this with the service account, cause it won't find the certificate otherwise.
This is something we are going to schedule so it has to be done this way.
How can I run it this way, or is it not possible?
I can't find any good option when googeling it.
> Import-Module -Name Qlik-Cli
> [Net.ServicePointManager]::SecurityProtocol =
> [Net.SecurityProtocolType]::Tls12 $logpath =
> "E:\Tools\Scripts\log.txt" get-childitem cert:\currentuser\My\ |
> where {$_.Thumbprint -eq '"thumbprint"'} |
> Connect-Qlik "DNS" -UserName
> "user" -TrustAllCerts -verbose 4>&1 | Out-File
> -Append $logpath Start-QlikTask -id df9dfa2f-32ca-4db4-bdce-15ad924fd59f -verbose 4>&1 | Out-File -Append
> $logpath
The script in the runbook:
$ServicePrincipalConnection = Get-AutomationConnection -Name 'AzureRunAsConnection'
Add-AzAccount -ServicePrincipal -TenantId $ServicePrincipalConnection.TenantId -ApplicationId $ServicePrincipalConnection.ApplicationId -CertificateThumbprint $ServicePrincipalConnection.CertificateThumbprint
$rgname ="Resource-Group"
$vmname ="Virtual machine name"
$ScriptToRun = "E:\Tools\Scripts\Tasktrigger.ps1"
Out-File -InputObject $ScriptToRun -FilePath ScriptToRun.ps1
Invoke-AzVMRunCommand -ResourceGroupName $rgname -Name $vmname -CommandId 'RunPowerShellScript' -ScriptPath ScriptToRun.ps1
Remove-Item -Path ScriptToRun.ps1
What the logs says from the script (local script) when I execute the runbook is that it can't find the certificate which is not strange.
Raw output:
Found 0 certificates in the current user store
Found 0 certificates in the local machine store
No valid certificate found, using windows credentials
Used the code on Github for the module Click-Cli to backtrack the error message. Had to change certificate and imporrt the new one in personal / machine store.
Also the default username when running it from outside the QlikServer is domain\Servername$, which means you have to change permissions on the account in QlikSense to allow it to execute tasks.
You can see the name if you use verbose logging to file once you added the right certficate all the way.
The Qlik-CLI module, reads the client, QlikClient, certificate from cert:\\CurrentUser\My.
So, if you are trying to run Qlik-CLI scripts as a different user than the Qlik Sense service user account (or on another machine), you need to log in as the service account, export the QlikClient certificate, including the private key, and install it under the user running the script.
The -UserName argument is just to tell Qlik who you want to be, given that you have the certificate in order.
To cut it short: Run the script as the Qlik service user. It will save you a lot of hassle. :)
I have prepared simple powershell script for creating Log Analytics computer group. Based on that group I want to add VMs to the Update Management solution in Azure. Command presented below. For now I can add few VMs using this structure 'Heartbeat | where (Computer == "vmA" or Computer == "vmB")'. This approach is good for few VMs, question is what can I do with a list of 50 or more VMs? Is there any way to pass variable/param to this -Query?
New-AzOperationalInsightsComputerGroup `
-ResourceGroupName "testRG" `
-WorkspaceName "Testloganalytics" `
-SavedSearchId "testID01" `
-DisplayName "GroupName" `
-Category "Updates" `
-Query 'Heartbeat | where (Computer == "vmA" or Computer == "vmB")' `
-Version 1 `
-Force
You can specify a variable which contains all the vms like this:
$myvms = '("vm1","vm2","vm3","vm4","vm5")'
then, for the -Query, you can use the in operator, the command like below:
-Query "Heartbeat | where Computer in $myvms"
I want to stop and start ie restart a logic app on Azure using Powershell
I have looked at the documentation and it shows the following:
Stop-AzureRmLogicAppRun -ResourceGroupName "ResourceGroup11" -Name
"LogicApp03" -RunName "08587489104702792076" -Force
But where can i find the -RunName on Azure ?
Runs appears in the Runs history:
The RunName is just the run identifier.
So you can get it from azure portal or you can get runs history using powershell with Get-AzureRmLogicAppRunHistory (or Get-AzLogicAppRunHistory if you're using the new az powershell module).
To get all the Running runs, you can try this command:
Get-AzureRmLogicAppRunHistory -ResourceGroupName <rg name> -Name <logicapp name> | Where {$_.Status -eq 'Running'}
Also if you want to disable a logic app, you use this command:
Set-AzureRmLogicApp -ResourceGroupName <rg name> -Name <logicapp name> -State "Disabled"
I have a script that installs OMS extensions to all ARM VMs in the subscription. The problem is that I have subscriptions that contain only ARM VMs, subscriptions that contain only Classic VMs, and subscription that have both types of VMs. How can I modify the script to work in all of the conditions? The script is:
#This script installs OMS Monitoring Agent to all VMs in the selected Subscription.
#Before running this script, the user must login to Azure account and select target subscription.
#Example:
#Login-AzureRmAccount
#Select-AzureRmSubscription 'SubscriptionName'
$WorkspaceID = 'Provide Workspace ID here'
$WorkspaceKey = 'Provide Workspace key here'
$VMs = Get-AzureRmVM
$VMs.where({$_.osprofile.windowsconfiguration}) | ForEach-Object {
"Installing Microsoft.EnterpriseCloud.Monitoring.MicrosoftMonitoringAgent Extension: {0}" -f $_.id
Set-AzureRmVMExtension -ResourceGroupName $_.ResourceGroupName -VMName $_.Name -Name omsAgent -Publisher 'Microsoft.EnterpriseCloud.Monitoring' `
-ExtensionType 'MicrosoftMonitoringAgent' -AsJob -TypeHandlerVersion '1.0' -Location $_.Location -ForceRerun 'yesh' `
-SettingString ( "{'workspaceId': '$WorkspaceID'}") `
-ProtectedSettingString "{'workspaceKey': '$WorkspaceKey'}" |
Add-Member -Name VM -Value $_.Id -MemberType NoteProperty
}
Since you got both classic and ARM VMs, you got two different deployment models, hence two different PowerShell modules you are using.
In other words, you need to log in separately for each and have separate scripts for using them.
In the classic model you need to run the following cmdlet to login and access your VMs:
Add-AzureAccount
Get-AzureVM | Set-AzureVMExtension ``
-Publisher 'Microsoft.EnterpriseCloud.Monitoring' ``
-ExtensionName 'MicrosoftMonitoringAgent' ``
-Version '1.*' ``
-PublicConfiguration "<workspace id>" ``
-PrivateConfiguration "<workspace key>" ``
While searching for information I found this script. It's a script for on-boarding VMs from single, or multiple subscriptions, using both deployment models.