Giter VIP home page Giter VIP logo

azure-automation-arm's Introduction

Azure Automation with Arm Templates

This repository is a sample solution deploying IaaS supported by OMS Automation and Control.

Automation And Control Systems

Prerequisite

The arm template requires 6 specific settings:

Copy the sample paramteters file required for deploying the Automation and Control system and edit it with the desired values.

cp templates/azuredeploy.parameters.json templates/params.json

Parameters (params.json)

Parameter Default Description
prefix my Your unique string (company prefix)
omsWorkspaceRegion East US Azure Region for OMS to be located
automationAccountName automate Azure Automation Account Name
automationRegion South Central US Azure Region for Automation to be located
assetLocation *See Note 1 Below Source Control Location for Runbooks
repoURL *See Note 2 Below Source Control Location for Runbooks
adminUser None Subscription Owner login name
adminPassword None Subscription Owner login password

NOTE 1: Runbooks are automatically uploaded from the directory runbooks. The default location of this can be changed if desired.

Runbooks Location: https://github.com/danielscholl/azure-automation-arm/runbooks

Automatic ARM template creation of the "RunAs" Account isn't possible. 2 Solutions exist to solve this problem with Option 1 implemented.

Option 1: The template automatically creates a schedule to run the runbook "bootstrap." This uses Azure to run powershell commands and creates a temporary Key Vault to generate a certificate that then is used for the RunAs account. In order to execute activities in the Azure Subscription a user/password with contributor rights to the subscription are temporarily stored as credentials in the automation account and deleted upon succesful completion of the runbook. It is important to know however that if the credentials have 2 Factor Authentication requirements the Runbook job will fail.

Option 2: In order to manually create the Run As Account the script create-runas-account.ps1 can be run which will create the certificates on the local machine and then upload the certificates to the automation account.

NOTE 2: This ARM template uses an Azure Function to create unique GUIDs neecessary for job automation.

Repo URL: https://github.com/danielscholl/azure-functions

In order to prevent having to submit a growing number of GUIDs via parameters, an Azure Function is utilized to creates a dynamic template with (x) number of GUIDs from a URL.

URL Example: https://<your_function_app>.azurewebsites.net/api/guidTemplate?count=2

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {},
  "variables": {},
  "resources": [],
  "outputs": {
    "guid0": {
      "type": "string",
      "value": "33f8f633-03ed-4d7d-9111-69ea3bbcb655"
    },
    "guid1": {
      "type": "string",
      "value": "e3473867-e90f-4706-ae74-390384013641"
    }
  }
}

Setup

Manual Deployment Instructions

  1. Create a Resource Group
az group create --location southcentralus --name automate
  1. Deploy Template to Resource Group
az group deployment create --template-file templates/azuredeploy.json --parameters templates/params.json --resource-group automate

Automation and Control Solution Details

The Automation and Control Solution deploys and configures the following items.

  1. Log Analytics OMS Workspace with Solutions
  • Security Solution
  • Agent Health Assesment
  • Change Tracking
  • Updates
  • Azure Activity
  1. Automation Account

  2. Automation Account Modules

  • AzureRm.Profile - 3.3.1
  • Azure.Storage - 3.3.1
  • AzureRm.Storage - 3.3.1
  • Azure - 4.3.1
  • AzureRm.Resources - 4.3.1
  • AzureRm.Automation - 3.3.1
  • AzureRm.Compute - 3.3.1
  • AzureRm.Sql - 3.3.1
  • AzureRm.OperationalInsights 3.3.1
  • AzureRm.SiteRecovery - 4.3.1
  • AzureRm.RecoveryServices - 4.3.1
  • AzureRm.Backup - 4.3.1
  • AzureRm.KeyVault = 3.3.1
  1. Automation Account Variables
  • omsWorkspaceId
  • omsWorkspaceKey
  • azureSubscriptionId
  • omsRecoveryVault
  • omsResourceGroupName
  1. Automation Account Runbooks
  • start-machines
  • stop-machines
  1. Automation Account DSC
  • Backend.Database
  • Frontend.Web

IaaS Solution

Prerequisite

Copy the sample parameters file required for deploying the IaaS Solution and edit it with the desired values.

cp templates/IaaS/azuredeploy.parameters.json templates/IaaS/params.json

Parameters (params.json)

Parameter Default Description
prefix my Your unique string (company prefix)
servicePrincipalAppId None Service Principal to access KeyVault
adminUser azureuser Default Servers Username
adminPassword None Default Servers Password
vnetPrefix 10.1.0.0/24 Virtual Network Address Space
frontPrefix 10.1.0.0/25 Front Subnet Address Space
backPrefix 10.1.0.128/26 Back Subnet Address Space
dmzPrefix 10.1.0.192/28 DMZ Subnet Address Space
managePrefix 10.1.0.208/28 Manage Subnet Address Space
remoteAccessACL Internet IP Segement to allow RDP/SSH Access From
jumpserverName jumpserver VM Name of JumpServer
jumpserverSize Standard_A1 VM Size of JumpServer
backendLoadBalanceIP 10.1.0.132 Static IP Address of Load Balancer
backendServerNamePrefix vm-back Backend Virtual Machine Name
backendServerSize Standard_A1 Backend Virtual Machine Size
backendServerCount 2 Number of Backend Servers (2-5)
scaleSetServerSize Standard_A1 Virtual Machine ScaleSet Size
scaleSetInstanceCount 2 Number of Instances in VMSS
omsId None OMS Workspace Id
omsKey None OMS Workspace Key
dscRegistrationUrl None Automation Account DSC URL
dscRegistrationKey None Automation Account Access Key
scaleSetNodeConfig Frontend.Web DSC Node Configuration Name
vmNodeConfig Backend.Database DSC Node Configuration Name

The following cli command can be used to retrieve a service principal.

az ad user show --upn [email protected] --query objectId -otsv

To get the OMS Workspace Id and Key the portal must be used.

  1. Go to the Microsoft Operations Management Suite
  • Connected Sources
  • Windows Servers

Setup

Manual Deployment Instructions

  1. Create a Resource Group
az group create --location southcentralus --name automate-iaas
  1. Deploy Template to Resource Group
az group deployment create --template-file templates/IaaS/azuredeploy.json --parameters templates/IaaS/params.json --resource-group automate-iaas

Infrastructure Solution Details

The IaaS Solution deploys and configures the following items.

  1. Virtual Network
  • Subnet: front
  • Subnet: back
  • Subnet: dmz
  • Subnet: manage
  1. Network Security Groups
  • Subnet Firewall: front-nsg
  • Subnet Firewall: back-nsg
  • Subnet Firewall: dmz-nsg
  • Subnet Firewall: manage-nsg
  • JumpBox Machine Firewall: remote-access-nsg
  1. Storage Account
  • Diagnostics Storage Account
  1. Key Vault
  • Contains Default Admin Login Credentials
  1. Load Balancer
  • Backend Load Balancer
  • Static IP
  1. Virtual Machines
  • JumpServer on Manage Subnet
    • BGInfo Extension
    • Diagnostics Extension
    • OMS Agent Configuration Extension
    • DSC Extensionn
  • Public IP
  • Multiple Backend Servers
    • BGInfo Extension
    • Diagnostics Extension
    • OMS Agent Configuration Extension
    • DSC Extension
  • 2 Managed Data Disks
  1. App Gateway
  • Frontend Application Gateway
  • Public IP
  1. Virtual Machine Scale Set
  • VMSS on Front Network
    • BGInfo Extension
    • Diagnostics Extension
    • OMS Agent Configuration Extension
    • DSC Extension

Architecture

0

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.