-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathCreate-Windows-HW.ps1
300 lines (241 loc) · 11.2 KB
/
Create-Windows-HW.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
<#
.SYNOPSIS
This sample automation runbook onboards Azure VMs for Azure Automation Hybrid Worker.
It can create a Azure VM or could use an exisiting VM to onboard as a Hybrid Worker.
Since onboarding a VM to Automation Hybrid Worker requires a Log Analytics workspace, this script also gives the feasibility to the users to provide an already exisiting Log Analytics workspace or the script could also create one for the users.
This Runbook needs to be run from the Automation account that you wish to connect the VM to.
This script must be executed on a Identity Enabled Automation Account only.
This would require the following modules to be present in the Automation account :
Az.Accounts, Az.Resources, Az.Automation, Az.OperationalInsights, Az.Compute
Note: The agent based user hybrid worker is retiring on 30th Aug 2024 and its suggested to use extension based worker.
.DESCRIPTION
This sample automation runbook onboards Azure VMs for Azure Automation Hybrid Worker.
It can create a Azure VM or could use an exisiting VM to onboard as a Hybrid Worker.
Since onboarding a VM to Automation Hybrid Worker requires a Log Analytics workspace, this script also gives the feasibility to the users to provide an already exisiting Log Analytics workspace or the script could also create one for the users.
This Runbook needs to be run from the Automation account that you wish to connect the VM to.
This script must be executed on a Identity Enabled Automation Account only.
This would require the following modules to be present in the Automation account :
Az.Accounts, Az.Resources, Az.Automation, Az.OperationalInsights, Az.Compute
.PARAMETER Location
Required. Location of the automation account in which the script is executed.
.PARAMETER ResourceGroupName
Required. The name of the resource group of the automation account.
.PARAMETER AccountName
Required. The name of the autmation account in which the script is executed.
.PARAMETER CreateLA
Required. True, creates a new LA Workspace with the given WorkspaceName in the given LALocation. False, Uses the given WorkspaceName for Hybrid worker registration.
.PARAMETER LAlocation
Optional. The location in which the LA Workspace to be used is present in or the location in which a new LA workspace has to be created in.
If not provided the value will be used from the Location parameter.
.PARAMETER WorkspaceName
Optional. The name of the LA workspace to be created or to be used for Hybrid worker registration.
.PARAMETER CreateVM
Required. True, creates a new VM with the given VMName in the given VMLocation. False, Uses the given VMName for Hybrid worker registration.
.PARAMETER VMName
The name of the VM to be created or to be used to onboard as a Hybrid Worker.
.PARAMETER VMImage
The name of the VM Image to be created.
.PARAMETER VMlocation
Optional. The location in which the VM to be used is present in or the location in which a new VM has to be created in.
If not provided the value will be used from the Location parameter.
.PARAMETER RegisterHW
Required. True, Registers the provided VM as a Hybrid Worker. False, Doesn't register the VM as a Hybrdid Worker.
.PARAMETER WorkerGroupName
Name of the Hybrid Worker Group.
.Example
.\Create-Windows-HW -location <location> -ResourceGroupName <ResourceGroupName> `
-AccountName <accountname> -CreateLA <$true/$false> -lalocation <lalocation> `
-WorkspaceName <WorkspaceName> -CreateVM <$true/$false> -vmName <vmName> -vmImage <VMImage> `
-RegisterHW <$true/$false> -vmlocation <vmlocation> -WorkerGroupName <HybridworkergroupName>
.NOTES
AUTHOR: Automation Team
LASTEDIT: May 23, 2023
#>
Param(
[Parameter(Mandatory = $true)]
[string] $location,
[Parameter(Mandatory = $true)]
[string] $ResourceGroupName,
[Parameter(Mandatory = $true)]
[string] $AccountName,
[Parameter(Mandatory = $true)]
[bool] $CreateLA,
[Parameter(Mandatory = $false)]
[String] $lalocation,
[Parameter(Mandatory = $false)]
[string] $WorkspaceName,
[Parameter(Mandatory = $true)]
[bool] $CreateVM,
[Parameter(Mandatory = $true)]
[String] $vmName,
[Parameter(Mandatory = $true)]
[String] $vmImage,
[Parameter(Mandatory = $true)]
[bool] $RegisterHW,
[Parameter(Mandatory = $false)]
[String] $vmlocation,
[Parameter(Mandatory = $true)]
[String] $WorkerGroupName
)
$ErrorActionPreference = "Stop"
$guid_val = [guid]::NewGuid()
$script:guid = $guid_val.ToString()
$script:agentEndpoint = ""
$script:aaPrimaryKey = ""
$script:workspaceId = ""
$script:workspacePrimaryKey = ""
if([String]::IsNullOrEmpty($vmlocation)){
$script:vmlocation = $location
}
if([String]::IsNullOrEmpty($lalocation)){
$script:lalocation = $location
}
function Login-AzAccount {
try {
Write-Output "Logging in to Azure..." -verbose
Connect-AzAccount -Identity
}
catch {
Write-Error -Message $_.Exception
throw $_.Exception
}
}
function Get-AutomationAccountDetails {
#Get-Automation Account
Write-Output "Getting Automation Account....."
try {
($Account = Get-AzAutomationAccount -Name $AccountName -ResourceGroupName $ResourceGroupName) | Out-Null
if ($Account.AutomationAccountName -like $AccountName) {
($accRegInfo = Get-AzAutomationRegistrationInfo -ResourceGroup $ResourceGroupName -AutomationAccountName $AccountName) | Out-Null
$script:agentEndpoint = $accRegInfo.Endpoint
$script:aaPrimaryKey = $accRegInfo.PrimaryKey
Write-Output "Automation Account details retrieved to be used for HW creation"
}
else {
Write-Error "HWG Creation :: Account retrieval failed"
}
}
catch {
Write-Error "HWG Creation :: Account retrieval failed"
}
}
function New-LAWorkspace {
### Create an LA workspace
Write-Output "Creating LA Workspace...."
if ($WorkspaceName -eq "LAWorkspaceForAutomationHW") {
$workspace_guid = [guid]::NewGuid()
$WorkspaceName = $WorkspaceName + $workspace_guid.ToString()
}
# Create a new Log Analytics workspace if needed
try {
#check if already exists
$laworkspace = Get-AzResource -ResourceGroupName $ResourceGroupName -Name $WorkspaceName
if ($null -eq $laworkspace) {
Write-Output "Creating new workspace named $WorkspaceName in region $lalocation..."
New-AzOperationalInsightsWorkspace -Location $lalocation -Name $WorkspaceName -Sku Standard -ResourceGroupName $ResourceGroupName
Start-Sleep -s 60
}
}
catch {
Write-Error "HWG Creation :: Error creating LA workspace : $_"
}
}
function Get-LAWorkspaceDetails {
Write-Output "Enabling Automation for the created workspace...."
(Set-AzOperationalInsightsIntelligencePack -ResourceGroupName $ResourceGroupName -WorkspaceName $WorkspaceName -IntelligencePackName "AzureAutomation" -Enabled $true) | Out-Null
($workspaceDetails = Get-AzOperationalInsightsWorkspace -ResourceGroupName $ResourceGroupName -Name $WorkspaceName) | Out-Null
$script:workspaceId = $workspaceDetails.CustomerId
($workspaceSharedKey = Get-AzOperationalInsightsWorkspaceSharedKey -ResourceGroupName $ResourceGroupName -Name $WorkspaceName) | Out-Null
$script:workspacePrimaryKey = $workspaceSharedKey.PrimarySharedKey
}
function New-VM {
$vmNetworkName = "VMVnet" + $guid.SubString(0, 4)
$subnetName = "VMSubnet" + $guid.SubString(0, 4)
$newtworkSG = "VMNetworkSecurityGroup" + $guid.SubString(0, 4)
$ipAddressName = "VMPublicIpAddress" + $guid.SubString(0, 4)
$User = "VMUser"
$length = 12
Add-Type -AssemblyName System.Web
$vmpassword = [System.Web.Security.Membership]::GeneratePassword($length,2)
$VMAccessingString = ConvertTo-SecureString $vmpassword -AsPlainText -Force
$VMCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $VMAccessingString
try {
New-AzVm `
-ResourceGroupName $ResourceGroupName `
-Name $vmName `
-Location $script:vmlocation `
-VirtualNetworkName $vmNetworkName `
-SubnetName $subnetName `
-SecurityGroupName $newtworkSG `
-PublicIpAddressName $ipAddressName `
-Image $vmImage `
-Credential $VMCredential | Out-Null
Start-Sleep -s 120
return
}
catch {
Write-Output "Error creating VM in $location retrying in $script:vmlocation..."
}
throw "Error Creating VM"
}
function RegisterWindowsHW {
#Run the VM Extension to register the Hybrid worker
## Run AZ VM Extension to download and Install MMA Agent
$commandToExecute = "powershell .\WorkerDownloadAndRegister.ps1 -workspaceId $workspaceId -workspaceKey $workspacePrimaryKey -workerGroupName $WorkerGroupName -agentServiceEndpoint $agentEndpoint -aaToken $aaPrimaryKey"
$uri = "https://raw.githubusercontent.com/azureautomation/Create-Automation-Windows-HybridWorker/main/HelperScript/WorkerDownloadAndRegister.ps1"
$settings = @{"fileUris" = @($uri.ToString()); "commandToExecute" = $commandToExecute };
$protectedSettings = @{"storageAccountName" = ""; "storageAccountKey" = "" };
Write-Output "Registration Command executing on VM..."
try {
Set-AzVMExtension -ResourceGroupName $ResourceGroupName `
-Location $script:vmlocation `
-VMName $vmName `
-Name "Register-HybridWorker" `
-Publisher "Microsoft.Compute" `
-ExtensionType "CustomScriptExtension" `
-TypeHandlerVersion "1.10" `
-Settings $settings `
-ProtectedSettings $protectedSettings
}
catch {
Write-Error "HWG Creation :: Error running VM extension - $_"
}
Get-AzAutomationHybridWorkerGroup -AutomationAccountName $AccountName -ResourceGroupName $ResourceGroupName -Name $WorkerGroupName
Write-Output "Creation of HWG Successful"
}
Login-AzAccount
if ($CreateVM) {
#Create a VM
try {
if ($CreateVM -eq $true) {
Write-Output "Creating a new $($vmImage) VM in $($script:vmlocation) with the provided details"
New-VM
}
}
catch {
Write-Error "HWG Creation :: Error creating VM : $_"
}
}
if ($CreateLA) {
#Create an LA workspace
try {
Write-Output "Creating a new LA Worksapce in $($lalocation) with the provided details"
New-LAWorkspace
}
catch {
Write-Error "HWG Creation :: Error creating LA Workspace : $_"
}
}
if ($RegisterHW) {
try {
Write-Output "Fetching the automation account details for HW registration"
Get-AutomationAccountDetails
Write-Output "Fetching the LA Workspace details for HW registration"
Get-LAWorkspaceDetails
Write-Output "Executing HW registration on the VM"
RegisterWindowsHW
}
catch {
Write-Error "Error registering the HW : $_"
}
}