How do I refer to Azure automation account in template

Welcome Forums DSC (Desired State Configuration) How do I refer to Azure automation account in template

This topic contains 10 replies, has 3 voices, and was last updated by

Tex
 
Participant
8 months, 2 weeks ago.

  • Author
    Posts
  • #94281
    GS

    Participant
    Points: 1
    Rank: Member

    Hello,

    I'm having hard time trying to understand how do I plug external automation account to template I have. Automation account I have is called "AutomationAccount" and it's in ResourceGroup called "Resource-RG". It's not created inside template. But template needs to put configuration inside it. So what exactly do I need to put into my template to reference that account for DSC configuration. I tried below but it does not work.

     {
          "name": "[concat(parameters('AutomationaccountRGName'),'/',parameters('AutomationaccountName'))]",
          "type": "automationAccounts",
          "apiVersion": "2015-01-01-preview",
          "location": "SouthCentralUS",
          "dependsOn": [],
          "tags": {},
    
          "resources": [
            {
              "name": "swarmhost.localhost",
              "type": "Microsoft.Automation/automationAccounts/configurations",
              "apiVersion": "[variables('automationApiVersion')]",
              "properties": {
                "logVerbose": "false",
                "description": "Configuration for worker hosts",
                "Source": {
                  "type": "uri",
                  "Value": "https://raw.githubusercontent.com/artisticcheese/SwarmARM/master/VMSS-Linked/swarmhost.ps1"
                }
              }
            },
    
            {
              "name": "[uniqueString(resourceGroup().id, deployment().name)]",
              "type": "Compilationjobs",
              "apiVersion": "[variables('automationApiVersion')]",
              "location": "parameters('automationRegionId')]",
              "tags": {},
              "dependsOn": [
                "[concat('Microsoft.Automation/automationAccounts/', parameters('automationAccountName'))]",
    
                "[concat('Microsoft.Automation/automationAccounts/', parameters('automationAccountName'),'/Configurations/swarmhost.localhost')]"
              ],
              "properties": {
                "configuration": {
                  "name": "swarmhost.localhost"
                },
                "parameters": {
                  "SwarmManagerURI": "[reference('swarmmanagerdeployment').outputs.returnedIPAddress.value]"
                }
              }
            }
    
    
          ]
        }
  • #94290
    Tex

    Participant
    Points: 0
    Rank: Member

    I know it's not much help to you right now, but having just done what you're describing, I'll post my template in about 9 hours, when I'm back in work and have access to my VSTS repo.

    I think you need to use resourceid() for the resource's name.

    T, W.

  • #94324
    Tex

    Participant
    Points: 0
    Rank: Member

    Here you go:

    I've added a condition, which is easy enough to remove.

    The parameter "dscConfigurationBaseUri" can be changed to take the whole URI to the dsc configuration .ps1 file. I've broken it down to accomodate what I need. You'd also need to change line 42.

    The parameter "dscConfigurationParameters" is a hashtable of dsc configuration parameters and configurationdata:

    @{
        credential1 = $PSCredObject1
        credential2 = $PSCredObject2
        ConfigurationData = $confgurationData
    }
    

    If you're using Visual Studio (not VS Code (might be the same)), then it will red-squiggly underline "[reference(..." (something to do with MS not updating the schema) but it will work.

    This has been adapted from Michael Green's work, https://github.com/Azure/azure-quickstart-templates/tree/734193e9fb4c2e7071ec9de4eac0c46424299ef3/101-automation-configuration who replied to one of my questions on here. I have found a few issues with his template, but he hasn't responded, so it might be me.

    Anyway. HTH

    T, W.

  • #94372
    GS

    Participant
    Points: 1
    Rank: Member

    Thanks, that good it works now.

    1. Wondering why did you use [reference(variables('automationAccountResourceId'), '2017-05-15-preview','Full').location]
    instead of just [resourceGroup().location].
    2. How do you pass parameter dscConfigurationParameters
    via Visual Studio as object in UI?

  • #94395
    Tex

    Participant
    Points: 0
    Rank: Member

    Hi,

    1. As far as I know, resourceGroup().location gets the current resource group, i.e. the one the deployment is running in, unless you're using child templates when the rules change. See here. In our case, the automation account is in a different resource group.
    https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-template-functions-resource#resourcegroup

    2. I'm not quite sure what you mean. I guess there is a way to use VS to run templates. Something I haven't done. If it's like the system in the portal, one has to write out a parameters JSON file. I use PowerShell, either on my laptop or via a runbook. Here is an example to run the above template.

    $ConfigurationData = Import-PowerShellDataFile -Path "D:\Temp\DSC\ConfigurationData.psd1"
    $JsonConfigurationData = ($ConfigurationData | ConvertTo-Json -Depth 20 | Out-String) -replace '\s',''
    
    $templateParametersObject = @{
        dscConfigurationName = "myDscConfig"
        dscConfigurationBaseUri = "https://mystorageaccount.blob.core.windows.net/path/to/dsc/configurations"
        compile = "Yes"
        dscConfigurationParameters = @{
            "Credential1" = "myuser1@domain.com"
            "Credential2" = "myuser2@domain.com"
            "ConfigurationData" = $JsonConfigurationData
        }
    }
    $uniqueName = ([guid]::NewGuid().guid).split("-")[4]
    
    New-AzureRmResourceGroupDeployment `
        -Name "Test_Database-$uniqueName" `
        -ResourceGroupName "MyResourceGroup" `
        -Mode Incremental `
        -DeploymentDebugLogLevel All `
        -Force `
        -TemplateFile "C:\Temp\DSC\Compile.json" `
        -TemplateParameterObject $templateParametersObject `
        -Verbose
    

    1. The resource group "MyResourceGroup" has to exist.

    2. ConfigurationData is written out and saved to a PSD1 file and then imported. This is just for testing. In my full code, the whole $templateParametersObject is built on the fly, including ConfigurationData.

    3. In this example, myDscConfig takes 2 parameters: Credential1 and Credential2. These have to be credential assets in the automation account (read here), named myuser1@domain.com and myuser2@domain.com (I add @domain.com because I deploy to multiple domains and therefore have multiple sets of credentials to deal with). There is a third parameter: -ConfigurationData, but this is built in and optional (unless your DSC needs it – and if you're passing any form of credential you'll need at least '"PSDscAllowPlainTextPassword" = $True'

    There are other options for New-AzureRmResourceDeployment including using the parameters from the template directly. i.e.

    "parameters": {
        "dscConfigurationName": {
          "type": "string",
          "metadata": {
            "description": "Name of DSC configuration to apply."
          }
        },
        "dscConfigurationBaseUri": {
          "type": "string",
          "metadata": {
            "description": "Name of DSC configuration."
          }
        }...
    
    New-AzureRmResourceGroupDeployment `
       -dscConfigurationName "MyDscConfig" `
       -dscConfigurationBaseUri "https://blah..."
    

    I did see a question about "guid()" rather than "UniqueString()". What did you find out? It came out of Michael Green's template and not sure why he uses it. I don't understand the difference, but neither of them have a suitable scope. They both need the option to generate a completely random GUID, not scoped to anything. The idea has been added here.

    I did find some issues running it multiple times, especially if the deployment failed for any reason. Even if I manually cancelled it, Azure still thought it was running and would take days to terminate it. That's why I append $UniqueName to the deployment's name. I've tried to raise this with Michael, but I haven't had a response yet.

    HTH

    W.

  • #94407
    GS

    Participant
    Points: 1
    Rank: Member

    1. ResourceGroup().Location worked for me in nested template and used resource group I supplied inside nested template. It's different from resource group in parent template since as you said AutomationAccount is in different RG for me as well.
    2. UniqueString did not work for me since it does not generate GUID but just unique string and call actually requires GUID not just unique string. I was unaware that ARM provides guid() function untill yesterday.
    3. So your deployments have to be run from powershell with some additional prepartion work. For example it will be impossible to run from portal, right?

  • #94408
    Tex

    Participant
    Points: 0
    Rank: Member

    Interesting. I've just moved the example I gave you into another template and all hell has broken loose!

    I run mine from PowerShell, however, I understand one can build a parameters file with parameters as an object:
    https://docs.microsoft.com/en-us/azure/architecture/building-blocks/extending-templates/objects-as-parameters

    Thanks

    W.

  • #94680

    Participant
    Points: 0
    Rank: Member

    Hey sorry I was out of office for a bit. I'll check the Issue list and try to move that template forward asap.

    The GUID mentioned above is for the compile parameter. UniqueString() should also work. It just needs to be a unique value to identify the compilation. The only thing to look out for that I'm aware of is if you are using the "copy vm" option in ARM and the VM is dependent on the compile job, it could cause an issue because it is repeatedly trying the same value when it validates dependencies. We are looking at options to improve this.

    Any other open questions that I missed?

  • #94699
    Tex

    Participant
    Points: 0
    Rank: Member

    Hi Michael,

    Welcome back.

    I'm actually working on the very topic of generating a random GUID as I write. I'm following Tao Yang's example here.

    My understanding of uniqueString has the same limitations as guid() in that it uses a deterministic hash based on other values such as subscription().subscriptionId or deployment().name. The difference is in the output format. uniqueString() is 13 characters long whereas guid() returns 36 character in the format of a GUID (UUID). Essentially, they both end up generating the same number each time the deployment is triggered (unless something changes like the resource group or subscription).

    In one of my comments to you (I believe, in the issues of your template) I mentioned this does not happen when compiling using PowerShell. Each compilation has a random GUID generated, therefore I presume the functionality is in the API somewhere.

    I have raised a feature request here for the ability to generate completely random GUID / UniqueStrings, however, it looks like someone is MS is cleaning up feedback.azure.com and they're moving stuff around, but not telling us where they're being moved to, so I have no idea of the status.

    If I get Toa's example to work, I'll update the above GIST.

    T, W.

  • #94704
    Tex

    Participant
    Points: 0
    Rank: Member

    Just as a quick update in regard to Toa's solution for a true unique GUID. For some reason I got an error in the line

    "UniqueStringBasedOnTimeStamp": "[uniqueString(deployment().name, parameters('_CurrentDateTimeInTicks'))]",
    

    The error (in VS (squiggly underline) was "A property of 'deployment' must be one of the following: templateLink, template, parameter, mode, provisioningState". Odd as it's used in the same section of the template for something else.

    It didn't like deployment().name. I changed it to resourceGroup().id.

    T, W.

The topic ‘How do I refer to Azure automation account in template’ is closed to new replies.