Skip to main content

Reboot WorkerRole using Azure Automation RUNBOOK

Problem: 

Scheduling worker role can become a big pain when it comes to long running background tasks. This is because there are no scheduling options available for worker role (as on date of publishing this article) although there are some alternatives to sleep worker role for a while. We needed to automate the process re-executing worker role based on schedule typically every day interval. 
We choose Webjobs as it has best scheduling options to execute back ground jobs. Although, we can interact with azure cloud management using azure management libraries and management certificate, it became hard to encrypt the sensitive information such as certificate string, subscription id etc,.

Solution:

We found Automation RunBooks are the way to go to solve this problem. As it has out-of the-box support to write powershell workflows to manage azure. Nice thing about Runbooks is that it has good scheduling options so that we can schedule workflow as a recurring event. 
Also, all this happens securely thru azure management certificate within azure cloud.

Implementation: 

I. Create Azure Management certificate 

Please follow below steps to create certificate:  
Step 1: Download and install the SDK from the below link.


Step 2: You only need to install the Windows Software Development Kit so you can deselect the     
Others since makecert.exe is available in the base install as shown in below image

Step 3: Create a self-signed certificate that you will add to your Azure subscription and use when 
managing services from Azure Automation. Open up an administrator command prompt 
as shown below and change directory to the location of makecert.exe.
Step 4: Create a certificate using the below command (replacing AzureManagement with a name 
you choose). You will later add this to the management certificates in Azure settings.

 C:\Program Files (x86)\Windows Kits\8.0\bin\x64>makecert -sky exchange -r –n "CN=AzureManagement" -pe -a sha1 -len 2048 -ss My "AzureManagement.cer"
Important Note: Please do not copy paste this command. Instead, type all the commands as shown in the screenshot.

Step 5: You can use the built in PowerShell cmdlets to export the certificate with a private key into 

a pfx file that you can import into the Azure Automation service.

Open up an administrator PowerShell shell and run the following commands:
$MyPwd = ConvertTo-SecureString -String "abc123456" -Force –AsPlainText (replacing the password with one that you choose)
$AzureCert = Get-ChildItem -Path Cert:\CurrentUser\My | where {$_.Subject -match "AzureManagement”} 
(Replacing ‘AzureManagement’ with the name you gave your certificate in step 4)
Export-PfxCertificate -FilePath C:\AzureManagementCert.pfx -Password $MyPwd -Cert $AzureCert 
(This will create the AzureManagementCert.pfx in the c:\ drive of your computer)

  II. Upload the generated certificate (.cer) to Azure Management certificates

Step 6: Log in to the Microsoft Azure Management portal (https://manage.windowsazure.com) and 
select the Settings -> Management Certificates area. Click the upload command and 
upload the certificate you created in Step 4 (the one with the .cer extension).

III. Setup Automation account and Upload the generated certificate (.pfx) to Azure 

Step 7: Upload the management certificate (.pfx extension) into Microsoft Azure Automation and create a Connection Asset. Go to Automation-> <Automation Account you created> ->Assets. Click Add Setting and select Add Connection. You will need your Azure subscription ID during the wizard. This can be found on the dashboard of the automation account under quick glance or in the settings area of the portal where you uploaded the first certificate.
Give any name you want to this connection as you will refer to this later in Runbooks you create.




Step 8: Create a credential setting of type certificate with the same name you gave during the creation of your Azure connection in step 7. You will now upload the .pfx certificate with the password you created in step 6.






IV. Setup ConnectToAzure RunBook in Automation 

Step 8: Import the connect-azure.ps1 file from the below url and publish this runbook: http://gallery.technet.microsoft.com/scriptcenter/Connect-to-an-Azure-f27a81bb
Note: You can import by using Import button on the below actions bar of Runbooks section in azure portal.
You can then start the runbook and enter the name of your Azure connection you created in step 6 for the parameter. If you view this runbook job when it completes it should not have any failures.

V. Setup Reboot worker role RunBook in Automation

Step 9: Create a new Runbook and name it as “Reboot-Workerrole” that we will use to reboot the application analytics Worker role.. Make sure to select same automation account as used in the above step#8.


Navigate to this Runbook and click on the Author tab and then click on draft. 
You can use connect-azure Runbook created in above step#8 to connect to azure management services. Follow below steps to add the connect snippet:
 Go to Insert -> Runbook and choose “Connect-Azure” as shown below  & click on Next.
Replace “<System.String>” with Azure Connection name given in Step 7.

Step 10: Go to Insert -> Activity -> Select Azure tab. Now select “Select-AzureSubscription” then click on next. Remove all of the optional parameters except for the –SubscriptionName and type in the name of the Azure Connection you used above.
         
Choose Parameter set as Shown below

Now Select Another Activity “Reset-AzureRoleInstance” & Finally Draft will look like below and need to replace valid values in parameters. & remove “-Reimage” optional parameter.

You can update the parameters as per the requirement. Now you can save the Draft & click on Test to execute. You can navigate to job detail to view the status and other information:

Step 11: After successful run, you can Publish this draft. And, you can schedule the RunBook execution by following below steps:
  • Navigate to Schedule tab of the runbook  and click on Link to New Schedule action link. 


You can name the Schedule instance as per standard naming conventions. And, you can follow scheduling options wizard as per the requirement. 

That's it! Now your worker role is automated to be rebooted as per schedule.

Conclusion

Azure automation is definately a great feature and you can leverage Automation feature essentially for automating any manage azure related things. 

Happy Coding!
Labels:

Popular posts from this blog

Remote debugging Windows azure cloud service - Worker Role

Remote debugging Windows azure cloud service - Worker Role Very recently I was working on design and development of a worker role component of cloud service. Locally debugging worker role is pretty easy. You just need to know that you need to set Cloud project as a start-up project and ready to go. Problem is when you deploy worker role to azure and trying to troubleshoot an unknown issue.  Thankfully we have remote debugging enable for cloud services – both web and worker roles. This is really handy tool to remotely debug without having to putting a lot of tracing and digging into it. However, remote debugging in worker role/web role requires few steps to be followed: Make sure you are debugging from same machine where you published Make sure to turn on Remote debugger on while you publish (This should be turned off for Production publish profiles) Make sure to Select Debug mode With all the above settings after you publish, you should be able to Attach D
Read more

Differences between Object Serialization and Deserialization?

Serialization = putting the relevant state of the object into a streamable representation. That can mean converting it to a byte stream. This does not necessarily include copying every member variable into the stream. Deserialization = restoring an object from a serial representation and ensuring the invariants of the object. Deserialization can be thought of a separate constructor for the object.
Read more

Web-API - RESTful Services on Microsoft .net for building Ubiquitous web world

It's been very interesting to note about the fantastic things happening in the world of web development. Finally, we got the solid framework for building RESTful services on Microsoft platform. Let's have a very  quick look at the basic detail. REST [Representation State Transfer Protocol]           A representation is a opaque string of bytes that is effectively manifestation of a resource. REST was never about pretty URLs. The whole point of the hypermedia is that client should not need to know how to construct these URLs in the first place. For your clients, they are just STRINGS.           Web-API can be used when you have clients which consumes data from server over HTTP. Now a days, lot of browser applications are rich clients with web server returns some static html and then may be it uses client side framework like jquery, backbonejs or knockoutjs and makes calls back to server to pull data to execute some client-side functionality. Web-API's role is not j
Read more