如何以编程方式为 Azure 自动化帐户启用更新管理?
How to enable Update Management for an Azure Automation Account programmatically?
我目前正在使用 Terraform 和一些 Powershell 来自动化我的所有基础架构,并且我正在寻找一种完全自动化的方法来为我的所有 VM 配置更新管理。我能够部署自动化帐户、Log Analytics 工作区和链接的服务资源来管理两者之间的连接。但是,我无法在汽车帐户上启用更新管理服务。
是否有任何可自动化的方法(ps、tf、api 等),我可以通过它简单地为我的自动化帐户启用更新管理 ?
据我了解,这就是您所需要的:
{
"type": "Microsoft.OperationalInsights/workspaces",
"name": "[variables('namespace')]",
"apiVersion": "2017-03-15-preview",
"location": "[resourceGroup().location]",
"properties": {
"sku": {
"name": "Standalone"
}
},
"resources": [
{
"name": "Automation", # this onboards automation to oms, which is what you need
"type": "linkedServices",
"apiVersion": "2015-11-01-preview",
"dependsOn": [
"[variables('automation')]",
"[variables('namespace')]"
],
"properties": {
"resourceId": "[resourceId('Microsoft.Automation/automationAccounts/', variables('automation'))]"
}
}
]
},
{
"type": "Microsoft.Automation/automationAccounts",
"name": "[variables('automation')]",
"apiVersion": "2015-10-31",
"location": "[resourceGroup().location]",
"properties": {
"sku": {
"name": "OMS"
}
}
},
{
"type": "Microsoft.OperationsManagement/solutions", # this install update management solution, you probably need this for update management
"name": "[concat(variables('solutions')[copyIndex()],'(', variables('namespace'), ')')]",
"apiVersion": "2015-11-01-preview",
"location": "[resourceGroup().location]",
"copy": {
"name": "solutions",
"count": "[length(variables('solutions'))]"
},
"plan": {
"name": "[concat(variables('solutions')[copyIndex()], '(', variables('namespace'), ')')]",
"promotionCode": "",
"product": "[concat('OMSGallery/', variables('solutions')[copyIndex()])]",
"publisher": "Microsoft"
},
"properties": {
"workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces', variables('namespace'))]"
},
"dependsOn": [
"[variables('namespace')]"
]
}
这是我用来定义要安装的解决方案的变量:
"solutions": [
"AlertManagement",
"Updates",
"Security"
]
基本上你可以将其映射到api一对一调用
这是一个创建自动化帐户的 Terraform 模块,创建一个 link 到日志分析工作区(在此示例中传入的工作区 ID),然后添加所需的更新管理 and/or 更改跟踪工作区解决方案到工作区。
此模块是使用 Terraform 0.11.13 和 AzureRM 提供程序版本 1.28.0.
构建的
# Create the automation account
resource "azurerm_automation_account" "aa" {
resource_group_name = "${var.resource_group_name}"
location = "${var.location}"
name = "${var.name}"
sku {
name = "${var.sku}"
}
tags = "${var.tags}"
}
# Link automation account to a Log Analytics Workspace.
# Only deployed if enable_update_management and/or enable_change_tracking are/is set to true
resource "azurerm_log_analytics_linked_service" "law_link" {
count = "${var.enable_update_management || var.enable_change_tracking ? 1 : 0}"
resource_group_name = "${var.resource_group_name}"
workspace_name = "${element(split("/", var.log_analytics_workspace_id), length(split("/", var.log_analytics_workspace_id)) - 1)}"
linked_service_name = "automation"
resource_id = "${azurerm_automation_account.aa.id}"
}
# Add Updates workspace solution to log analytics if enable_update_management is set to true.
# Adding this solution to the log analytics workspace, combined with above linked service resource enables update management for the automation account.
resource "azurerm_log_analytics_solution" "law_solution_updates" {
count = "${var.enable_update_management}"
resource_group_name = "${var.resource_group_name}"
location = "${var.location}"
solution_name = "Updates"
workspace_resource_id = "${var.log_analytics_workspace_id}"
workspace_name = "${element(split("/", var.log_analytics_workspace_id), length(split("/", var.log_analytics_workspace_id)) - 1)}"
plan {
publisher = "Microsoft"
product = "OMSGallery/Updates"
}
}
# Add Updates workspace solution to log analytics if enable_change_tracking is set to true.
# Adding this solution to the log analytics workspace, combined with above linked service resource enables Change Tracking and Inventory for the automation account.
resource "azurerm_log_analytics_solution" "law_solution_change_tracking" {
count = "${var.enable_change_tracking}"
resource_group_name = "${var.resource_group_name}"
location = "${var.location}"
solution_name = "ChangeTracking"
workspace_resource_id = "${var.log_analytics_workspace_id}"
workspace_name = "${element(split("/", var.log_analytics_workspace_id), length(split("/", var.log_analytics_workspace_id)) - 1)}"
plan {
publisher = "Microsoft"
product = "OMSGallery/ChangeTracking"
}
}
# Send logs to Log Analytics
# Required for automation account with update management and/or change tracking enabled.
# Optional on automation accounts used of other purposes.
resource "azurerm_monitor_diagnostic_setting" "aa_diags_logs" {
count = "${var.enable_logs_collection || var.enable_update_management || var.enable_change_tracking ? 1 : 0}"
name = "LogsToLogAnalytics"
target_resource_id = "${azurerm_automation_account.aa.id}"
log_analytics_workspace_id = "${var.log_analytics_workspace_id}"
log {
category = "JobLogs"
enabled = true
retention_policy {
enabled = false
}
}
log {
category = "JobStreams"
enabled = true
retention_policy {
enabled = false
}
}
log {
category = "DscNodeStatus"
enabled = true
retention_policy {
enabled = false
}
}
metric {
category = "AllMetrics"
enabled = false
retention_policy {
enabled = false
}
}
}
# Send metrics to Log Analytics
resource "azurerm_monitor_diagnostic_setting" "aa_diags_metrics" {
count = "${var.enable_metrics_collection || var.enable_update_management || var.enable_change_tracking ? 1 : 0}"
name = "MetricsToLogAnalytics"
target_resource_id = "${azurerm_automation_account.aa.id}"
log_analytics_workspace_id = "${var.metrics_log_analytics_workspace_id}"
log {
category = "JobLogs"
enabled = false
retention_policy {
enabled = false
}
}
log {
category = "JobStreams"
enabled = false
retention_policy {
enabled = false
}
}
log {
category = "DscNodeStatus"
enabled = false
retention_policy {
enabled = false
}
}
metric {
category = "AllMetrics"
enabled = true
retention_policy {
enabled = false
}
}
}
我目前正在使用 Terraform 和一些 Powershell 来自动化我的所有基础架构,并且我正在寻找一种完全自动化的方法来为我的所有 VM 配置更新管理。我能够部署自动化帐户、Log Analytics 工作区和链接的服务资源来管理两者之间的连接。但是,我无法在汽车帐户上启用更新管理服务。
是否有任何可自动化的方法(ps、tf、api 等),我可以通过它简单地为我的自动化帐户启用更新管理 ?
据我了解,这就是您所需要的:
{
"type": "Microsoft.OperationalInsights/workspaces",
"name": "[variables('namespace')]",
"apiVersion": "2017-03-15-preview",
"location": "[resourceGroup().location]",
"properties": {
"sku": {
"name": "Standalone"
}
},
"resources": [
{
"name": "Automation", # this onboards automation to oms, which is what you need
"type": "linkedServices",
"apiVersion": "2015-11-01-preview",
"dependsOn": [
"[variables('automation')]",
"[variables('namespace')]"
],
"properties": {
"resourceId": "[resourceId('Microsoft.Automation/automationAccounts/', variables('automation'))]"
}
}
]
},
{
"type": "Microsoft.Automation/automationAccounts",
"name": "[variables('automation')]",
"apiVersion": "2015-10-31",
"location": "[resourceGroup().location]",
"properties": {
"sku": {
"name": "OMS"
}
}
},
{
"type": "Microsoft.OperationsManagement/solutions", # this install update management solution, you probably need this for update management
"name": "[concat(variables('solutions')[copyIndex()],'(', variables('namespace'), ')')]",
"apiVersion": "2015-11-01-preview",
"location": "[resourceGroup().location]",
"copy": {
"name": "solutions",
"count": "[length(variables('solutions'))]"
},
"plan": {
"name": "[concat(variables('solutions')[copyIndex()], '(', variables('namespace'), ')')]",
"promotionCode": "",
"product": "[concat('OMSGallery/', variables('solutions')[copyIndex()])]",
"publisher": "Microsoft"
},
"properties": {
"workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces', variables('namespace'))]"
},
"dependsOn": [
"[variables('namespace')]"
]
}
这是我用来定义要安装的解决方案的变量:
"solutions": [
"AlertManagement",
"Updates",
"Security"
]
基本上你可以将其映射到api一对一调用
这是一个创建自动化帐户的 Terraform 模块,创建一个 link 到日志分析工作区(在此示例中传入的工作区 ID),然后添加所需的更新管理 and/or 更改跟踪工作区解决方案到工作区。
此模块是使用 Terraform 0.11.13 和 AzureRM 提供程序版本 1.28.0.
构建的# Create the automation account
resource "azurerm_automation_account" "aa" {
resource_group_name = "${var.resource_group_name}"
location = "${var.location}"
name = "${var.name}"
sku {
name = "${var.sku}"
}
tags = "${var.tags}"
}
# Link automation account to a Log Analytics Workspace.
# Only deployed if enable_update_management and/or enable_change_tracking are/is set to true
resource "azurerm_log_analytics_linked_service" "law_link" {
count = "${var.enable_update_management || var.enable_change_tracking ? 1 : 0}"
resource_group_name = "${var.resource_group_name}"
workspace_name = "${element(split("/", var.log_analytics_workspace_id), length(split("/", var.log_analytics_workspace_id)) - 1)}"
linked_service_name = "automation"
resource_id = "${azurerm_automation_account.aa.id}"
}
# Add Updates workspace solution to log analytics if enable_update_management is set to true.
# Adding this solution to the log analytics workspace, combined with above linked service resource enables update management for the automation account.
resource "azurerm_log_analytics_solution" "law_solution_updates" {
count = "${var.enable_update_management}"
resource_group_name = "${var.resource_group_name}"
location = "${var.location}"
solution_name = "Updates"
workspace_resource_id = "${var.log_analytics_workspace_id}"
workspace_name = "${element(split("/", var.log_analytics_workspace_id), length(split("/", var.log_analytics_workspace_id)) - 1)}"
plan {
publisher = "Microsoft"
product = "OMSGallery/Updates"
}
}
# Add Updates workspace solution to log analytics if enable_change_tracking is set to true.
# Adding this solution to the log analytics workspace, combined with above linked service resource enables Change Tracking and Inventory for the automation account.
resource "azurerm_log_analytics_solution" "law_solution_change_tracking" {
count = "${var.enable_change_tracking}"
resource_group_name = "${var.resource_group_name}"
location = "${var.location}"
solution_name = "ChangeTracking"
workspace_resource_id = "${var.log_analytics_workspace_id}"
workspace_name = "${element(split("/", var.log_analytics_workspace_id), length(split("/", var.log_analytics_workspace_id)) - 1)}"
plan {
publisher = "Microsoft"
product = "OMSGallery/ChangeTracking"
}
}
# Send logs to Log Analytics
# Required for automation account with update management and/or change tracking enabled.
# Optional on automation accounts used of other purposes.
resource "azurerm_monitor_diagnostic_setting" "aa_diags_logs" {
count = "${var.enable_logs_collection || var.enable_update_management || var.enable_change_tracking ? 1 : 0}"
name = "LogsToLogAnalytics"
target_resource_id = "${azurerm_automation_account.aa.id}"
log_analytics_workspace_id = "${var.log_analytics_workspace_id}"
log {
category = "JobLogs"
enabled = true
retention_policy {
enabled = false
}
}
log {
category = "JobStreams"
enabled = true
retention_policy {
enabled = false
}
}
log {
category = "DscNodeStatus"
enabled = true
retention_policy {
enabled = false
}
}
metric {
category = "AllMetrics"
enabled = false
retention_policy {
enabled = false
}
}
}
# Send metrics to Log Analytics
resource "azurerm_monitor_diagnostic_setting" "aa_diags_metrics" {
count = "${var.enable_metrics_collection || var.enable_update_management || var.enable_change_tracking ? 1 : 0}"
name = "MetricsToLogAnalytics"
target_resource_id = "${azurerm_automation_account.aa.id}"
log_analytics_workspace_id = "${var.metrics_log_analytics_workspace_id}"
log {
category = "JobLogs"
enabled = false
retention_policy {
enabled = false
}
}
log {
category = "JobStreams"
enabled = false
retention_policy {
enabled = false
}
}
log {
category = "DscNodeStatus"
enabled = false
retention_policy {
enabled = false
}
}
metric {
category = "AllMetrics"
enabled = true
retention_policy {
enabled = false
}
}
}