Update - 21st Nov 2019
This document is old now. You can refer below article to know the concepts of Azure Automation and Azure VM Shutdown. If you plan to do Hands on and implement one then refer to updated and recommended guide here - https://www.sanganakauthority.com/2017/07/start-stop-multiple-azure-vms-on.html
Why?
Managing Azure resources using Management portal
is cumbersome job for infrastructure guys. In one of my customers company
(where I am supporting Azure Project as a consultant), the developer used start the Azure VM in the morning and many times they never stopped the azure VM while leaving from office. Ofcourse this used to incur huge cost for them. Therefore IT team guys used to check if their development Azure VM's are running, if yes then they used to shutdown it from azure portal to save on cost of running Azure VM overnight. The number of VM’s to
stop was around 30 to 50. They had been performing this manually in
combination of powershell script and few operations from management portal.
This simple activity had consumed 25% of the IT people bandwidth and it was
problem for them. Thanks to Azure Automation!!! IT guys don’t have to shutdown Azure
VM anymore manually and they are happy now.
What?
So, Azure automation is the new service in
preview. Well, Azure automation is not the only service that can automate the
common activities of Azure. Powershell exists since long and in fact powershell
is the basis behind Azure Automation service. You can automate the creation,
deployment, monitoring, and maintenance of resources in your Microsoft Azure
environment using runbooks, which ultimately uses Windows PowerShell workflows.
Ofcourse, Chef and Puppet are also doing the same
automation job greatly however, I find them pretty complex. I know most of you
may not agree, however, I feel Chef, Puppet is best for Linux, Unix OS based
Azure VM. For Windows OS based Azure VM, Azure Automation with Powershell is
your key.
In this post, I will be giving step by step
approach to shutdown your Azure virtual machine using Powershell and Azure
automation. So let’s start!!
You may not have observed, but I feel the concept
of Azure automation is very much similar to what Chef is doing for automation.
See below comparison between Chef and Azure Automation –
Chef
Jargons – Recipe, cookbook
Azure
Automation Jargons
– Job, Runbook
Cookbook – Runbook!!! Of course it is just an
observation.
Runbook – Runbook is a set of powershell commands
that gets executed based on schedule set in Azure automation. So the book has
sentences (or commands) that run in Azure Automation service. In azure
automation we always execute powershell scripts under runbook.
Activate
When I am writing this post, the Azure Automation
is in preview mode and hence you need to enable is for your subscription from
here - https://account.windowsazure.com/PreviewFeatures
If it becomes generally available then this step
will not be required.
Automation
Account
Create Automation Account first as shown in below
screenshots –
As a preview feature, these are supported only in
US region as of now.
Certificate
Management
An Automation Credential is both a username and
password that can be used with Windows PowerShell commands or a certificate
that is uploaded to the server. We will use certificate based approach. Therefore
we need certificate to authenticate azure subscription. Best way is to use
self-signed certificate either created from makecert command or created from
IIS itself.
Let’s see the way of using IIS. Open run Window
and type INETMGR to open IIS window. Select the local machine name and double
click on Server Certificates option as shown below –
Click on Create Self signed Certificate and name
it as AzureAutomation and store as Personal.
Right click the newly created certificate and
click on View as shown below –
Go to Details and Tab and click on Copy to file.
Click on Next-> do not export private
key->DER Encoded binary X.509(.CER) file-> name as AzureAutomation and
provide path of your choice to save the file as .CER file.
Now we need to export its .pfx file. Therefore
right click on certificate name in IIS and select Export option. Provide the
appropriate password and path of your choice.
Upload
Certificate to Azure
Now we need to upload the .CER file to Azure
Management Portal. Go to Settings tab on portal and upload certificate to
Management Certificates as shown –
Record
Subscription Id
On the same window, go to subscription tab and
copy the subscription id for future use.
Create
Automation Credentials Asset
Assets are available to all runbooks. As the name
indicates, Assets can be reused over and over. Therefore we will create asset
to establish the connection and credentials for authentication with Azure. Once
this asset is ready it can be used in any runbook in future.
Now I click on Automation account that I created
earlier and select the Assets tab and click on Add Settings as shown –
In above screenshot, the Azure
module that comes as installed by default for your azure automation account. It
is free and you will not be charged for this default module. However you will
be charged for modules that are uploaded by you. Also, I see hardly any use of
default Azure module.
On settings window select Add Credentials option
as shown –
Now as we are using certificates as an
authentication mechanism, select Certificate option in Credential Type dropdown
and name the credential as Azure Automation Credentials. Provide description if
you wish to otherwise it is optional.
Create
Automation Connection Asset
Now we will define connection information as an
asset so that it can be used again in future runbooks. Therefore on assets tab
itself select Add Settings as above and choose option of Add Connection.
Select Connection type as Azure, Name as “Your
Subscription Connection” and optionally you can put description as well.
Provide the certificate name we created in above step and subscription id in which your automation account is created and then click to complete
the configuration.
Publish
Connect-Azure runbook
Now I have setup credentials and connection. I
need a powershell script which will avail the connection and credentials
information to execute the azure vm backup powershell script in my
subscription. This code to make connection to azure is readily available and
can be downloaded from here - http://gallery.technet.microsoft.com/scriptcenter/Connect-to-an-Azure-f27a81bb
So connect-Azure is a powershell script and hence
we will need to upload it as runbook. Click on Runbook option and click on
Import. Provide the path of connect-azure.ps1 file and import.
This published Connect-Azure runbook now can be
used in any custom runbook here after to make the connection to azure
subscription. I will use it in my Backup Azure Virtual Machine runbook.
Create
Azure Virtual Machine shutdown runbook
Now I have created a powershell script that can
shutdown the Azure Virtual Machine after 6PM of local time if at all the VM is running. This Azure VM shutdown powershell script we will upload as a runbook
along with common code of Connect-Azure runbook.
To download the Azure VM shutdown automation powershell
script code, please go to below link -
http://gallery.technet.microsoft.com/Azure-Automation-shutdown-3ece6e4d
http://gallery.technet.microsoft.com/Azure-Automation-shutdown-3ece6e4d
Kindly
download the Deallocate-AzureVM Powershell script and follow below steps.
Now we will upload the Deallocate-AzureVM in the same way as Connnect-Azure runbook. So like before, select RUNBOOKS tab and click on Import button at the bottom and select the Azure VM shutdown powershell file.
Now we will upload the Deallocate-AzureVM in the same way as Connnect-Azure runbook. So like before, select RUNBOOKS tab and click on Import button at the bottom and select the Azure VM shutdown powershell file.
I clicked on Test button which is next to Publish to see if the script is working correct and the output of Test was awesome. As you can see below my VM was stopped and was showing Stopped(Deallocated) state on azure VM portal successfully.
After this, Select Author | Draft | Publish at the bottom to publish the Azure-Deallocate PowerShell run book.
After this, Select Author | Draft | Publish at the bottom to publish the Azure-Deallocate PowerShell run book.
Now we will schedule the published Azure VM shutdown script. The schedule can be of daily, for the time being I am setting the job daily at 7PM so that when developer leaves the machine and offices by 6PM, VM will go shutdown automatically at 7PM. Click on Schedule tab and provide the values as below -
Next I need to start the Runbook Deallocate-AzureVM and provide the parameter which will be VM name to be shutdown and cloud service name. This is nothing but the creating job for runbooks. So on the published tab itself you will find Start button at the bottom, click on it and a pop up window will appear. This is where we need to specify cloud service name and VM name, as
follows –
Now if you click on Jobs tab, you will observe the jobs that have run till date. These jobs will be created by schedule automatically and will check the status of VM and then if found running then the job will shut it down.
This completes the configuration of job for one VM. If you have more than 1 VM then you will need to create those many schedules. Or better way would be to have for-each loop to retrieve all VM's within subscription and shut them down in for loop in one schedule. If you are looking for such a script, then contact me.
That’s it guys. I hope now
you understand how Azure Automation simplifies the Azure resource management
and present itself as a powerful tool for Azure DevOps.
Hope this helps.
Cheers…
Happy Automating!!!
I'll try to do it, but Test deallocate-azurevm show me error: Exception: Could not retrieve 'System.Collections.Hashtable.AutomationCertificateName' certificate asset. Check that you created this first in the Automation service.
ReplyDeleteWhat's wrong?
Hi Antonio, Thanks for your comment. I guess the issue must be with your certificate. Can you try once more to create new self signed certificate and see if it works. Hope this helps.
ReplyDeleteNice walkthrough. Just a note that Microsoft has recently started recommending to use Azure AD accounts rather than certificates for authentication. For those interested in an example that uses this for VM scheduled shutdown/startup, see:
ReplyDeletehttps://automys.com/library/asset/scheduled-virtual-machine-shutdown-startup-microsoft-azure
To learn how such Azure VM automation can be monitored and systematized, check out two blogs below:
ReplyDeleteVMs can be shutdown or scaled down on a schedule.
Shut-down Azure VMs on a schedule: http://cloudmonix.com/blog/how-to-automate-schedule-shutdowns-of-azure-vms/
Scale-down Azure VMs on a schedule: http://cloudmonix.com/blog/how-to-automate-scaling-of-azure-vms/
An alternative for those who prefer a non-scripting solution is a service called VMPower (https://vmpower.io/). There is a calendar feature that makes automating shutdown, startup and resize of VMs pretty intuitive to do in <15 minutes.
ReplyDeleteAlso for organizations juggling cloud subscriptions across multiple cloud providers (Azure, AWS, & GCE) , you can manage all of your VMs in one unified dashboard.
Cheers,
Taylor
P.S. Great to see new blog posts up in 2017, Kunal!
Very informative. Thanks for providing your information. Keep update with us Azure Online Training India
ReplyDeleteNever seen an easier guide on Azure, many thanks!
ReplyDelete