Azure Automation :The Azure Automation service provides a highly reliable and scalable workflow execution engine to automate frequently repeated management tasks. The processes are automated through runbooks, which are Windows PowerShell Workflows run in the Azure Automation execution engine. You can use this API to create, update, read, and delete automation resources, including runbooks and runbook jobs. In addition you can manage assets such as variables, schedules, Windows PowerShell modules, credentials, and certificates.
Azure 自動化服務提供了一個高度可靠和可擴充的工作流執行引擎,可以自動執行頻繁重複的管理任務。 這些流程通過 runbook 自動完成,這些 runbook 是在 Azure 自動化執行引擎中運作的 Windows PowerShell 工作流。 可以使用此 API 來建立、更新、讀取和删除自動化資源,包括 runbook 和 runbook 作業。 此外,還可以管理諸如變量、時間表、Windows PowerShell 子產品、憑據和證書等資産。
Source : https://docs.microsoft.com/en-us/rest/api/automation/
問題描述
自動化賬号( Automation Account )生成的時候怎麼生成連接配接( Connection )與證書( Certificate )?
問題回答
在中國區Azure中建立Connection時,需要修改為中國區的ARM Endpoint。比如Connection的Endpoint (終結點)應為:
https://management.chinacloudapi.cn
/subscriptions/<subscriptionid>
/resourceGroups/< resourceGroups >/providers/Microsoft.Automation
/automationAccounts/< automationAccounts name>
/connections/<connectionname>?api-version=2015-10-31 請求示例可參考:https://docs.microsoft.com/en-us/rest/api/automation/connection/create-or-update#create-or-update-connection
Sample Request
PUT https://management.chinacloudapi.cn/subscriptions/subid/resourceGroups/rg/providers/Microsoft.Automation/automationAccounts
/myAutomationAccount28/connections/mysConnection?api-version=2015-10-31 Request Body
{
"name": "mysConnection",
"properties": {
"description": "my description goes here",
"connectionType": {
"name": "Azure"
},
"fieldDefinitionValues": {
"AutomationCertificateName": "mysCertificateName",
"SubscriptionID": "subid"
}
}
} Sample Response
- Status code:201
{
"id": "/subscriptions/subid/resourceGroups/rg/providers/Microsoft.Automation/automationAccounts/myAutomationAccount28/connections/mysConnection",
"name": "mysConnection",
"properties": {
"creationTime": "2017-03-27T07:52:29.29+00:00",
"lastModifiedTime": "2017-03-27T07:52:29.29+00:00",
"description": "my description goes here",
"fieldDefinitionValues": {
"AutomationCertificateName": "mysCertificateName",
"SubscriptionID": "subid"
},
"connectionType": {
"name": "Azure"
}
}
} - Status code:200
{
"id": null,
"name": "mysConnection",
"properties": {
"creationTime": "2017-03-27T07:52:29.29+00:00",
"lastModifiedTime": "2017-03-27T07:52:29.29+00:00",
"description": "my description goes here",
"fieldDefinitionValues": {
"AutomationCertificateName": "mysCertificateName",
"SubscriptionID": "subid"
},
"connectionType": {
"name": "Azure"
}
}
} 對Automation Account建立證書,則和Connection接口相似。詳情可見:https://docs.microsoft.com/en-us/rest/api/automation/certificate。
而如果是指在調用REST API時,需要在Header中攜帶 Authorization 值。基于Azure對授權的統一管理,需要在Azure AD中對用戶端(REST API調用端)進行一個身份注冊,然後可以在AAD中上傳證書或者是通過密鑰登入。
設定密鑰(Secret)非常簡單:打開Azure AD頁面 --> 選擇所注冊的Applicaiton --> 選擇“Certificates & secrets” --> "New client secret"
而設定證書方式,與密鑰在同一個頁面,隻是上傳證書需注意:要上傳帶有私鑰的證書,不能為公鑰證書。否則,會遇見“ The private key is not present in the X.509 certificate ”錯誤。
參考資料
Automation REST API Reference: https://docs.microsoft.com/en-us/rest/api/automation/
當在複雜的環境中面臨問題,格物之道需:濁而靜之徐清,安以動之徐生。 雲中,恰是如此!