This document discusses various options for automating an Azure environment including the Azure Management Library, PowerShell, and Azure Automation. It provides an overview of each option and demonstrates how to authenticate and perform tasks like creating virtual machines and stopping VMs on a schedule. The key points are that automation can help make deployments faster and more consistent, PowerShell allows scripting against the Azure APIs, and Azure Automation provides a built-in solution for defining and running automated tasks.
6. Why Automation?
• Time to provision full environments
– Compute, storage, etc.
• Deployment to multiple geographies
– Change only configuration / parameters
9. A Few Options
REST API
• Service
Management
• Resource
Manager
Azure
Management
Library
10. A Few Options
REST API
• Service
Management
• Resource Manager
Azure
Management
Library
PowerShell
• Invoke REST
• Service
Management
• Resource Manager
11. A Few Options
REST API
• Service
Management
• Resource Manager
Azure
Management
Library
PowerShell
• Invoke REST
• Service
Management
• Resource Manager
XPlat CLI
• ??
12. A Few Options
REST API
• Service
Management
• Resource Manager
Azure
Management
Library
PowerShell
• Invoke REST
• Service
Management
• Resource Manager
XPlat CLI
• ??
Azure
Automation
13. A Few Options
REST API
• Service
Management
• Resource Manager
Azure
Management
Library
PowerShell
• Invoke REST
• Service
Management
• Resource Manager
XPlat CLI
• ??
Azure
Automation
17. Azure Management Library
• Scenarios
– Integration Testing
– Custom provisioning of services (SaaS)
– Dev/Test
– Resource Governance
• Almost anything you may want to automate
18. Azure Management Library
• Microsoft.WindowsAzure.*
– Older RDFE version
– Not recommended
• Microsoft.Azure.*
– Based on new Azure Resource Manager (ARM)
– Recommended
20. Authentication
• Azure Active Directory
• Create a service principal
– Password (PowerShell or CLI)
– Certificate (PowerShell)
• Assign necessary ROLE to the service principal
21. Create the Service Principal
Switch-AzureMode AzureResourceManager
Select-AzureSubscription -SubscriptionName “My MSDN Azure”
$appName = "VSLiveNYC2015"
$appHomePage = "http://localhost"
$appUri = "http://localhost"
$pwd = "test!123"
# Create a new Azure AD application
$azureAdApp = New-AzureADApplication -DisplayName $appName -HomePage $appHomePage -IdentifierUris $appUri -Password $pwd -Verbose
# Create a service principal
New-AzureADServicePrincipal -ApplicationId $azureAdApp.ApplicationId
# Assign a role to the service principal
New-AzureRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $azureAdApp.ApplicationId
# Get the subscription for the role assignment
$subscription = Get-AzureSubscription | where { $_.IsCurrent }
# Create a new credential object to contain the credentials
$creds = Get-Credential -UserName $azureAdApp.ApplicationId -Message "enter your creds"
Add-AzureAccount -Credential $creds -ServicePrincipal -Tenant $subscription.TenantId
Get this at http://aka.ms/uognfb
22. Get the Authentication Token
private const string SubscriptionId = “[YOUR_AZURE_SUBSCRIPTION_ID]";
private const string TenantId = “[YOUR_AZURE_AD_TENANT_ID]";
private const string ApplicationId = “[YOUR_NEWLY_REGISTERED_APP_id]";
private const string ApplicationPwd = "test!123";
public static string GetAToken()
{
var authenticationContext = new AuthenticationContext(string.Format("https://login.windows.net/{0}", TenantId));
var credential = new ClientCredential(clientId: ApplicationId, clientSecret: ApplicationPwd);
var result = authenticationContext.AcquireToken(resource: "https://management.core.windows.net/", clientCredential: credential);
if (result == null)
{
throw new InvalidOperationException("Failed to obtain the JWT token");
}
string token = result.AccessToken;
return token;
}
Get this at http://aka.ms/uognfb
24. Demo Recap
1. Create a Service Principal in Azure AD
2. Get the JWT authentication token
3. Create a credential object with token and
subscription
4. Create a resource client
5. Execute actions against the client
25. PowerShell Cmdlets
• Get the goods
http://azure.microsoft.com/en-us/downloads/ https://github.com/Azure/azure-powershell/releases
26. PowerShell
• Use cmdlets and/or REST APIs
• Ability to script complex environments
– Template with an XML parameters file
– PowerShell learning curve
– Your responsibility to handle errors & ensure
consistency
• Consistent Deployments
– Build server or developer machine
28. Authentication Options
• Interactive
– Azure AD
PS C:> Add-AzureAccount
VERBOSE: Account "michael.collier@live.com" has been added.
VERBOSE: Subscription "MSFT Azure Internal - Collier" is selected as the default subscription.
VERBOSE: To view all the subscriptions, please use Get-AzureSubscription.
VERBOSE: To switch to a different subscription, please use Select-AzureSubscription.
Id Type Subscriptions Tenants
-- ---- ------------- -------
michael.collier@live.com User 0bbbc191-0023-aaaa-yyyy-xxxxxxxxxxxx 9b6b07ee-3eb1-aaaa-yyyy-xxxxxxxxxxxx
278b93db-29ab-aaaa-yyyy-xxxxxxxxxxxx 715f4ed0-544a-aaaa-yyyy-xxxxxxxxxxxx
3acf171d-3d34-aaaa-yyyy-xxxxxxxxxxxx 72f988bf-86f1-aaaa-yyyy-xxxxxxxxxxxx
c68d7703-d6ed-aaaa-yyyy-xxxxxxxxxxxx 20acfbf0-4318-aaaa-yyyy-xxxxxxxxxxxx
57c8cb4e-3ce2-aaaa-yyyy-xxxxxxxxxxxx a28aed54-1dc8-aaaa-yyyy-xxxxxxxxxxxx
b5fb8dfb-3e0b-aaaa-yyyy-xxxxxxxxxxxx 362755da-bfb2-aaaa-yyyy-xxxxxxxxxxxx
9a94b816-e790-aaaa-yyyy-xxxxxxxxxxxx 7805bdb6-17da-aaaa-yyyy-xxxxxxxxxxxx
cd978409-0ac9-aaaa-yyyy-xxxxxxxxxxxx
C:Users<user>AppDataRoamingWindows Azure Powershell
30. Demo
Create a VM with Custom Script Extension
Deploy a Cloud Service
31. Demo Recap
1. Authenticate PowerShell with Azure
2. Upload to blob storage a .ps1 script to format
drives
3. Provision new Azure VM via PowerShell.
a) Custom script extension to format data disks
4. Create Cloud Service (web role) project
5. PowerShell script to upload and deploy
32. Azure Resource Manager
What is Azure Resource Manager?
Unit of Management
• Lifecycle
• Identity
• Grouping
One Resource -> One Resource Group
33. ARM Benefits
Desired-state deployment
Faster deployment
Role-based access control (RBAC)
Resource-provider model
Orchestration
Resource configuration
SQL - A Website Virtual
Machines
SQL-A
Website
[SQL CONFIG] VM (2x)
DEPENDS ON SQLDEPENDS ON SQL
SQLCONFIG
Image source - http://channel9.msdn.com/Events/Build/2014/2-607
35. ARM Functions
ARM Templates supports small set of built-in functions
parameters, variables
reference, resourceGroup, resourceId
base64, concat, padLeft, padLeft, replace, toLower, toUpper
deployment, provider, subscription
listKeys
Not supported
User-defined functions
Control constructs – if, while, etc.
36. Loops and Nested Templates
Loops
Provide basic copy capability
Useful in cloning resource configuration
For example, deploying multiple VMs
Nested Templates
One template can invoke another
Simplifies creation of sophisticated templates
Supports parameters
Supports output variables
37. ARM Deployment Logs
Logs
Provider
Resource group
Resource
Availability
Kept for 15 days
Default is last hour (PowerShell)
Filter by Status e.g., Failed
PowerShell
Get-AzureResourceProviderLog
Get-AzureResourceGroupLog
Get-AzureResourceLog
39. Demo Recap
1. Get latest Azure SDK for Visual Studio
2. Create new ‘Azure Resource Group’ project
3. Add Web App + SQL template
4. Provide parameters
5. Deploy via PowerShell
40. What is Azure Automation?
• IT process automation solution for Azure
– Creation, monitoring, deployment, &
maintenance
– Runbooks & Assets
– Leverage existing PowerShell scripts
41. Runbook Types
• PowerShell Workflow
– Windows Workflow Foundation
• Checkpoint, suspend, & resume
– Parallel or serial execution
– Compilation (time increases as complexity increases)
• PowerShell (native)
– No checkpoint, suspend, or resume
– Serial execution only
– No compile step! Fast!
43. Demo Recap
1. Create Azure Automation account
a) Create an AAD user for Azure Automation
b) Create an Azure Connection Asset
2. Create Runbook to Stop VMs
1. Connect to Azure subscription
2. Iterate over all services and VMs
3. Test Runbook
4. Publish Runbook
5. Link Runbook to a Schedule
45. Resources
• Azure Resource Manager Preview SDKs
– https://azure.microsoft.com/en-us/blog/azure-resource-manager-preview-sdks/
• Authenticating a service principal with Azure Resource Manager
– https://azure.microsoft.com/en-us/documentation/articles/resource-group-authenticate-
service-principal/
• Keith Mayer’s blog posts on Azure Automation
– http://blogs.technet.com/b/keithmayer/archive/2014/04/04/step-by-step-getting-started-
with-windows-azure-automation.aspx
Alternative – certificate (manual or PublishSettings)
Resource - an Azure entity such as a VM, WebSite, Storage Account, SQL Database
Resource Group
Collection of Azure resources
Every Resource must exist in one, and only one, Resource Group
Unit of Management
Lifecyle - deployment, update, delete, obtain status
Grouping - Billing