Thursday, August 30, 2018

Tips to install Azure Hybrid Runbook Worker

You can use the Hybrid Runbook Worker feature of Azure Automation to run runbooks directly on the computer that's hosting the role and against resources in the environment to manage those local resources. This is useful if you want to automate tasks in other clouds and on-premises environments.

The best way to start a Hybrid Runbook Worker is to read the procedure the instruction from Microsoft first. However, the steps are little difficult to follow, you can use the procedure with detailed information published by Anderson here. After we configured few Hybrid Runbook Workers, we found there are few tricks that need to be aware of in order to configure them quickly. 

1. The first trick is configure Azure Hybrid Runbook Worker will need to create and configure the following resources.
  • Azure automation account
  • Azure resource groups
  • Log Analytics
  • OMS Workspace

All the resources need to be in the same location! Since not all locations are available for the four resources listed above and only few locations are common to all the four resources. My suggestion is to look at the available OMS Workspace first since it has lest available locations and find the common location to create each resource.  I had issue in the last resource creation and I'm not able to find the resource group and had to recreate again from scratch. 

2. The second trick is you can configure the same on-premise VM/server to run as Hybrid Runbook Worker for multiple Azure tenants. For each Azure environment, you need to run the following command to login and it will configure the worker connecting to that Azure.

Login-AzureRmAccount

3. The third trick is to automate the procedure to get all needed information to run PowerShell to create Hybrid Runbook Worker.  

New-OnPremiseHybridWorker.ps1 -AutomationAccountName <NameofAutomationAccount> -AAResourceGroupName <NameofResourceGroup> -OMSResourceGroupName <NameofOResourceGroup> -HybridGroupName <NameofHRWGroup> -SubscriptionId <AzureSubscriptionId> -WorkspaceName <NameOfLogAnalyticsWorkspace>

You can see there are many parameters you need to collection by different PowerShell and it’s tedious to put the right perimeter to pass to the script. Here is the enhanced PowerShell to the one published by Anderson to automate the process. All the parameters are captured by PowerShell and assigned to variable and passed to final script.

# Step 1 - Login
Login-AzureRmAccount

# Step #2 – Get WorkspaceName and OMSResourceGroupName
$NameOfLogAnalyticsWorkspace = Get-AzureRMOperationalInsightsWorkspace | select Name
$NameofOResourceGroup = Get-AzureRMOperationalInsightsWorkspace | select ResourceGroupName

# Step #3 -  Het AutomationAccountName and AAREsourceGroupName
$NameofAutomationAccount = Get-AzureRMAutomationAccount | select AutomationAccountName
$NameofResourceGroup = Get-AzureRMAutomationAccount | select ResourceGroupName

# Step #4 – Get SubscriptionID. Please note this assume you have only one Subscription!
$AzureSubscriptionId = Get-AzureRMSubscription | select SubscriptionId

# Step #5 – Define HybridGroupName you need
$NameofHRWGroup = “QCSBXHybGroup0”

# All parameters are assigned to variables in previous commands for your convenience
New-OnPremiseHybridWorker.ps1 -AutomationAccountName $NameofAutomationAccount -AAResourceGroupName $NameofResourceGroup -OMSResourceGroupName $NameofOResourceGroup -HybridGroupName $NameofHRWGroup -SubscriptionId $AzureSubscriptionId -WorkspaceName $NameOfLogAnalyticsWorkspace


4. The forth trick is you will run into error below when using Azure Credential if you have Azure Automation PowerShell ISE Add-On was also installed on the hybrid worker server.  

AzureAutomationAuthoringToolkit: Warning - Local value for PSCredential asset "onpremCred" not found. When you are using Credential in the PowerShell code like below.
$onpremCred = Get-AutomationPSCredential -Name "onpremCred"

The issue is You can verify Azure Automation Powershell ISE add-on is impacting the call. You can verify if the following package inslatted and you can delete the whole folder.

AzureAutomationAuthoringToolkit folder under C:\Program Files\WindowsPowerShell\Modules

5. The last trick is you monitor Azure Hybrid Runbook Workers from Azure portal. You can go to Portal Azure and click the highlighted "Hybrid Worker" details icon. It will display the hybrid worker server name.

Now you should be able to set up the Azure Hybrid Runbook Workers and manage on-premises resources inside Azure cloud!

No comments:

Post a Comment