Operations Management Suite deployment via Azure Automation

Last week I have showed how to deploy Operations Management Suite agent extension to Azure virtual machines via powershell. But what if I do have an environment where I regularly add VMs and want to automate the whole process without any manual intervention. This is where Azure Automation comes in play.

First of all we need to create an Azure Automation Account. Simply go to New and type Automation. From the list choose the Automation and click Create.

1-automation

 

In the new window  we have to provide some details. Everything is straight forward, but would like to point out Create Azure Run As account. By creating Azure Run As account it will create account which will have access to all subscription resources and will be able to perform activities we need.

2-accountcreation

 

It will take seconds Azure to finish deploying the account. By default it will create 4 Automation Tutorial runbooks that you can check and play around. But what we need is to create our own runbook based on the powershell, schedule and variables in the Assets area. Let’s get started!

First let’s create variables. Variable we need is WorkspaceID and WorkspaceKey. But what it is important that we need to find the right way to define those variables. So we execute the following to find out what parameters are needed to Set-AzureRMVMExtension.

help Set-AzureRmVMExtension -ShowWindow

As shown in the examples window we are going to use $SettingString and $ProtectedSettingString. Syntax should look like:

$SettingString = '{"workspaceId":"xxxxxxxx-xxxxx-xxxxx-xxxxx-xxxxxxxxxxxxx"}'
$ProtectedSettingString = '{"workspaceKey":"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}'

Navigate straight to Automation Account we have created, select Assets, Variables and simply click Add a variable. We want to encrypt the Value as Private OMS key and ID is going to be provided.

3-variables

 

We do the same with WorkspaceKey parameter.

4-variables

 

After the Variables have been created let’s take care of the runbook itself. We need to go back to Automation Account and select Runbooks. In the new blade we have to choose Add a runbook. Now we have two options: first, create a new runbook, where we have to provide Runbook Name and Type or Import existing Runbook if we have already have one. Let’s go and choose Create a new runbook. We choose the name and type – powershell and click Create.

Let’s go through the powershell script below.

In Region 1 we are providing connection details to Azure Subscription with the Run As account we have created earlier. This is a standard powershell code to be used with all Azure Automation Run As accounts.

In Region 2 section I am getting Variables which I have prescribed in the Assets.

In Region 3 I do all the logic. Going through all Resource Groups and each VM within the resource group. Then I check if that VM has ‘MicrosoftMonitoringAgent’ extension installed and if not I deploy extension, otherwise I skip and check another VM.

#region 1 - Login with Azure Run As Account
$connectionName = "AzureRunAsConnection"
try
{
    # Get the connection "AzureRunAsConnection "
    $servicePrincipalConnection=Get-AutomationConnection -Name $connectionName         

    "Logging in to Azure..."
    Add-AzureRmAccount `
        -ServicePrincipal `
        -TenantId $servicePrincipalConnection.TenantId `
        -ApplicationId $servicePrincipalConnection.ApplicationId `
        -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint 
}
catch {
    if (!$servicePrincipalConnection)
    {
        $ErrorMessage = "Connection $connectionName not found."
        throw $ErrorMessage
    } else{
        Write-Error -Message $_.Exception
        throw $_.Exception
    }
}
#endregion

#region 2 - Get Variables which we defined earlier
$ProtectedSettingString = Get-AutomationVariable -Name "OMS-WorkspaceKey1"
$SettingString = Get-AutomationVariable -Name "OMS-WorkspaceID"
#endregion

#region 3 - Scan all VMs in all RGs and check if MicrosoftMonitoringAgent extension is deployed to VM
$RG = Get-AzureRmResourceGroup
foreach ($Resource in $RG.resourcegroupname)
{

 $VMs = Get-AzureRmVM -ResourceGroupName $Resource
 
ForEach ($VM in $VMs)
 {

 $noOMSext = $NULL
 $noOMSext = Get-AzureRmVMExtension -VMName $VM.Name -ResourceGroupName $Resource -Name 'MicrosoftMonitoringAgent' -ErrorAction Ignore
 if ($noOMSext -eq $NULL) {

     Write-Output "Missing MicrosoftMonitoringAgent on $($VM.Name) $Resource $($VM.location)"

  Set-AzureRmVMExtension -ResourceGroupName $Resource  -VMName $VM.Name -Location $VM.Location -Name 'MicrosoftMonitoringAgent' `
    -ProtectedSettingString  $ProtectedSettingString -SettingString  $SettingString -TypeHandlerVersion 1.0 -ExtensionType 'MicrosoftMonitoringAgent' `
        -Publisher 'Microsoft.EnterpriseCloud.Monitoring'

    }
    else {
    Write-Output "Found MicrosoftMonitoringAgent on $($VM.Name) $Resource $($VM.location)"
    }
 } 
}
#endregion

When we are happy with powershell script we need to Save it and Publish the script. To execute the  runbook in it has to be in Published state.

This is all the logic we need to deploy OMS extensions on those VMs which don’t have any. Next we need to set the schedule. Example is shown below.

5-schedulesetup

 

And lastly we need to assign the schedule to the runbook. We can do it by going to Runbooks, selecting our runbook and choosing Schedules and Adding the schedule we have created.

That’s it. Hope so it was helpful!

Leave a Reply

Your email address will not be published.