...building hybrid clouds that can support any device from anywhere
Hello readers, Jim Britt and Victor Arzate here. This time we will show you how you can manage Windows Azure services via Service Management Automation (a.k.a. SMA).
Up until now we have shown you many samples on how to leverage SMA for automating processes for on-premises deployments (take a look at the August 2013 was Automation Month at the Building Clouds Blog! blog post for a quick reference). In this blog post we will show you how service administrators can leverage the same investments in SMA, but extended to Windows Azure.
In a nutshell, the steps that need to be done are:
And you need to have the following prerequisites
Okay, let’s get started!
Alright, first thing you need to do is to download and install the Windows Azure PowerShell module on a server (this can be your SMA server or another member server). You can obtain it from this link.
It will install and launch the Web Platform Installer and will prompt you to install Windows Azure PowerShell:
Click on Install and the Web PI will display any dependencies that are needed in your system. Click on I Accept if you accept the terms and the Web PI will start the installation of Windows Azure PowerShell and all required dependencies. Once the process is complete click on Finish. The Web PI should indicate that the Windows Azure PowerShell components are installed:
Click on Exit and restart the server. We have noticed that this is needed so that SMA Runbooks can see that the Windows Azure PowerShell module is installed.
Now we have to set up the connection to the Windows Azure subscription. You’ve different options here such as manually uploading a management certificate to Azure, authenticating using Windows Azure AD or using the certificate method.
The Windows Azure AD method was not an option as in this case the credentials are available to Windows Azure PowerShell for 12 hours. After these 12 hours the credentials expire and you’ll need to log in again.
Manually uploading a management certificate was another option, but in this case we had to obtain a certificate so that we could upload it to Windows Azure, and then we have to manually install it in the SMA server. While this option worked, we wanted to use a more slick option
We used the certificate method, because Windows Azure PowerShell includes the cmdlets that help us to download and import the certificate (hence no need for manually getting and importing the certificate)! The cmdlets are:
Now, you have to consider two important facts:
Therefore, log on into the server where you installed Windows Azure PowerShell with the credentials of the service account that will be used when connecting to the Windows Azure Subscription, open a Windows PowerShell session as an administrator and type the following cmdlet:
As described above, this cmdlet will launch a browser session, and after signing in into your Windows Azure subscription, it will ask you to save a .publisingsettings file in your computer:
Save the file in a secure location. If you go to Windows Azure – Settings – Management Certificates you will notice that there is a new certificate created for your subscription. Take note of the certificate thumbprint. Now return to Windows Azure PowerShell and execute the following cmdlet:
This cmdlet will import a certificate into the Current User – Personal Store container called Windows Azure Tools. If you open the certificate you will notice that it has the same certificate thumbprint as the certificate that was created in Windows Azure. Also, this cmdlet will configure common settings for the Windows Azure subscription (including subscription ID, management certificate) in the user account profile. To check these settings, type the following cmdlet in PowerShell:
You will notice the settings saved for your Windows Azure subscription. Please take note of the SubscriptionName value as we will use it in Step 4 when we create the SMA Runbook (in our case, it is called: Windows Azure MSDN - Visual Studio Ultimate).
Now we need to extract some data from that certificate as we will use it in the next step. Execute the following script using a PowerShell session with administrative rights (replacing the #### string with the certificate thumbprint that you obtained from Windows Azure):
This script will get the data from your certificate and will copy it to the clipboard. We will use this data in Step 3. It would be a good idea to save the clipboard data in a notepad so that is not lost. Now delete the –publishsettings file and log into the WAP server (but this time with an account that has administrative rights on WAP/SMA).
Go to the Windows Azure Pack Admin Portal – Automation – Assets and click on Add Setting
In the Select the type of setting you want to add, click on Add Connection
In Connection Type select Azure. In Name type AzureConnection. Click on the arrow to continue the wizard.
In the Configure connection properties, provide the following information:
Click on the arrow to complete the Add Connection Wizard.
Go to the Windows Azure Pack Admin Portal and click on the + icon to create a new object. Select Runbook – Quick Create and call it SMA-Get-AzureVMs and click on the check mark to create the Runbook.
In the Windows Azure Pack Admin Portal, go to Automation – Runbooks and click on the SMA-Get-AzureVMs runbook. Go to the Author tab, click on Draft and paste the following code:
Let us explain the code above
First, we obtain the data from the AzureConnection object we created so that we use the credentials required to execute the inlinescript section under the context of the AD service account that we used to configure the connection to Windows Azure.
Then we move to the inlinescript section. Here you can see the following code:
And that’s it! If you save & run the Runbook you will see in the output window the list of Virtual Machines running under your subscription!
As a bonus, take this sample Runbook that stops all Virtual Machines running under a specified Azure Subscription. Following the steps described in this section (Step 4) create a new SMA Runbook, name it SMA-Stop-AzureVMs and paste the following code:
Save & run the Runbook and it will stop all running VMs in the Azure subscription.
And if you need some ideas on operations that you could perform in Windows Azure with PowerShell, just take a look at this great blog post from Charles Joy: Automation–Automating Hybrid Clouds with Windows Azure and PowerShell (Part 3): Public Cloud Environment Provisioning PowerShell Workflow Examples.
Until next time,
Jim and Victor.
Don't you require the Azure PowerShell components be installed on the SMA Runbook Workers that are executing the runbooks?
Hi Robert, for the scenario we presented in this blog post, as we’re using the Azure Connection Asset in SMA, you’ve to install the Azure PowerShell module in the computer specified in the Azure Connection asset (which could be your SMA Runbook Worker).