Using Azure Automation to Manage local resources | Part II : Schedule file copies from a local machine to an Azure Blob

In the Part I, we have learned how to manage local resources via azure automation hybrid runbook worker. In this article, I will show you how to schedule file copies from a local machine to an azure blob storage container.

Steps

  1. Create a runbook using following code.
<#PSScriptInfo
.VERSION 1.0
.GUID 3a796b9a-623d-499d-86c8-c249f10a6986
.AUTHOR Azure Automation Team
.COMPANYNAME Microsoft
.COPYRIGHT
.TAGS Azure Automation
.LICENSEURI
.PROJECTURI
.ICONURI
.EXTERNALMODULEDEPENDENCIES
.REQUIREDSCRIPTS
.EXTERNALSCRIPTDEPENDENCIES
.RELEASENOTES
#>
<# 
.SYNOPSIS 
Exports the Run As certificate from an Azure Automation account to a hybrid worker in that account.
.DESCRIPTION 
This runbook exports the Run As certificate from an Azure Automation account to a hybrid worker in that account.
Run this runbook in the hybrid worker where you want the certificate installed.
This allows the use of the AzureRunAsConnection to authenticate to Azure and manage Azure resources from runbooks running in the hybrid worker.
.EXAMPLE
.\Export-RunAsCertificateToHybridWorker
.NOTES
AUTHOR: Azure Automation Team
LASTEDIT: 2016.10.13
#>
[OutputType([string])]
# Set the password used for this certificate
$Password = "secret"
# Stop on errors
$ErrorActionPreference = 'stop'
# Get the management certificate that will be used to make calls into Azure Service Management resources
$RunAsCert = Get-AutomationCertificate -Name "AzureRunAsCertificate"
# location to store temporary certificate in the Automation service host
$CertPath = Join-Path $env:temp  "AzureRunAsCertificate.pfx"
# Save the certificate
$Cert = $RunAsCert.Export("pfx",$Password)
Set-Content -Value $Cert -Path $CertPath -Force -Encoding Byte | Write-Verbose
Write-Output ("Importing certificate into $env:computername local machine root store from " + $CertPath)
$SecurePassword = ConvertTo-SecureString $Password -AsPlainText -Force
Import-PfxCertificate -FilePath $CertPath -CertStoreLocation Cert:\LocalMachine\My -Password $SecurePassword -Exportable | Write-Verbose
# Test that authentication to Azure Resource Manager is working

$RunAsConnection = Get-AutomationConnection -Name "AzureRunAsConnection"
Add-AzureRmAccount `
  -ServicePrincipal `
  -TenantId $RunAsConnection.TenantId `
  -ApplicationId $RunAsConnection.ApplicationId `
  -CertificateThumbprint $RunAsConnection.CertificateThumbprint | Write-Verbose
Set-AzureRmContext -SubscriptionId $RunAsConnection.SubscriptionID | Write-Verbose
# List automation accounts to confirm Azure Resource Manager calls are working
Get-AzureRmAutomationAccount | Select AutomationAccountName
Login-AzureRmAccount -Credential $psCred -ServicePrincipal -TenantId 72f988bf-86f1-41af-91ab-2d7cd011db47 -SubscriptionId

 

This script will export azure automation RunAsCertificate to hybrid runbook worker. Then you can access azure when you are running on hybrid runbook worker.

  1. If the previous script runs failed, you need to find the certificate on your local machine, and import the certificate to your certificate store of local machine.
  2. Create a workflow using following code and run on hybrid worker. This workflow pass the authentication and list all automation account to check if the authentication is successful.
workflow yangworkflow
{
    Write-Output "Executing runbook on hybrid runbook worker: $env:ComputerName"
    $result = InlineScript
    {
        try
        {
            $RunAsConnection = Get-AutomationConnection -Name 'AzureRunAsConnection'
            Add-AzureRmAccount -ServicePrincipal -TenantId $RunAsConnection.TenantId -ApplicationId $RunAsConnection.ApplicationId -CertificateThumbprint $RunAsConnection.CertificateThumbprint | Write-Verbose
            Set-AzureRmContext -SubscriptionId $RunAsConnection.SubscriptionID | Write-Verbose
            # List automation accounts to confirm Azure Resource Manager calls are working
            Get-AzureRmAutomationAccount | Select AutomationAccountName
        }
        catch
        {
            $errorMessage = $error[0].Exception.Message
        }
    }
    Write-Output $result
    Write-Output "Execution finished"
}

See now we can access azure resources when we run on hybrid worker.

  1. Create a storage account and a container to hold the file copies.
  2. Using the following code to move local file copies to azure blob storage.
workflow yangworkflow
{
    Write-Output "Executing runbook on hybrid runbook worker: $env:ComputerName"
    $result = InlineScript
    {
        try
        {
            $RunAsConnection = Get-AutomationConnection -Name 'AzureRunAsConnection'
            Add-AzureRmAccount -ServicePrincipal -TenantId $RunAsConnection.TenantId -ApplicationId $RunAsConnection.ApplicationId -CertificateThumbprint $RunAsConnection.CertificateThumbprint | Write-Verbose
            Set-AzureRmContext -SubscriptionId $RunAsConnection.SubscriptionID | Write-Verbose
            Set-AzureRmCurrentStorageAccount -Name "hybridwoker" -ResourceGroupName yang
            Get-ChildItem –Path D:\desktop\blog -Recurse | Set-AzureStorageBlobContent -Container "copies"
        }
        catch
        {
            $errorMessage = $error[0].Exception.Message
        }
    }
    Write-Output $result
    Write-Output "Execution finished"
}

After running, you can see the file copies have been uploaded to azure storage.

  1. Publish and create a schedule to recur

Summary

That is all. I believe you’re now able to manage local resources and integrate your on-premise environment with azure cloud environment via azure automation hybrid runbook worker.

Leave a Reply

Your email address will not be published. Required fields are marked *