I am working with a customer that is going to set up an Azure Automation hybrid worker.
A Hybrid Worker in Azure Automation allows you to run automation scripts on your own VMs. The benefit of this is that while the script is running, it can connect to all resources on the network it has access to. This is useful to move data around, or even do PowerShell remoting.
The Automation Hybrid Worker is part of the Microsoft Monitoring Agent. It’ll make an outbound connection to Azure Automation to get any information about scripts it has to run.
Setting up pre-requisites
There’s a couple of pre-requisites before we can actually create the Hybrid worker. Number 1 is actually having a VM that will run the Hybrid worker. For this demo, I’ll create a new VM in East US.
We also need an Automation Account, which I’ll also create in East US. The Azure Run As account isn’t required, but I always like to have it, just in case.
And we’ll also need a Log Analytics workspace. Again, I’ll create a new one in East US.
Next up, we’ll need to add the Automation solution to our Log Analytics workspace. To do this, we’ll run a line of PowerShell, in the Cloud Shell.
$rgname="hybrid-worker"
$loganal="for-hybrid"
Set-AzureRmOperationalInsightsIntelligencePack -ResourceGroupName $rgname -WorkspaceName $loganal -IntelligencePackName "AzureAutomation" -Enabled $TrueAnd with the prereqs out of the way, we can go ahead and install the Hybrid worker on our machine.
Installing the Hybrid worker
With all the prereqs done, your VM should now be ready. We’ll need to download a PowerShell script, and then run that script to setup the hybrid worker process. This script will essentially download the MMA agent and install it, and then connect the Hybrid worker agent on your machine to your Automation account.
Connect to your VM, open an elevated PowerShell prompt and run the following to download our script we need:
$url = "https://raw.githubusercontent.com/azureautomation/runbooks/master/Utility/ARM/New-OnPremiseHybridWorker.ps1"
$output = ".\New-OnPremiseHybridWorker.ps1"
Invoke-WebRequest -Uri $url -OutFile $outputThis will download the script in the working directory. Next, we’ll need to actually run the script with the right parameters. This should do the job:
$aaname="hybrid-worker"
$aarg="hybrid-worker"
$hybridname="worker1"
$subid="d19dddf3-9520-4226-a313-ae8ee08675e5"
$loganal="for-hybrid"
$logrg="hybrid-worker"
.\New-OnPremiseHybridWorker.ps1 -AutomationAccountName $aaname -AAResourceGroupName $aarg -OMSResourceGroupName $logrg -HybridGroupName $hybridname -SubscriptionId $subid -WorkspaceName $loganalThis might take a while to run, as this script downloads and installs the complete AzureRM module. After it installed that module, you’ll need to authenticate to it with your Azure account credentials.
And with that done, we can run scripts from within Azure automation on your Hybrid worker.
Test running a script on the Hybrid worker
To quickly test this out, I’ll create a nonsense runbook in Azure automation to create a test.txt file on the desktop.
We’ll have one line in our file:
"from azure" | out-file "C:\Users\nilfranadmin\Desktop\hybrid.txt"In the editor in Azure Automation, paste in this line (maybe change the destination of the script) and hit save, then hit publish. Then hit start and run it on the Hybrid Worker we created. Not too long after, we should see our file appear:
Conclusion
In this quick post, we created a Hybrid Worker and ran a script on it. We ran the hybrid worker on an Azure VM, but you could equally well run this on an on-prem VM, or even on another cloud.