-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathUpdateManagement-SingleHybridWorker.ps1
86 lines (70 loc) · 3.37 KB
/
UpdateManagement-SingleHybridWorker.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
<#
.SYNOPSIS
Runs a child Automation Runbook on a hybrid worker
.DESCRIPTION
This script is intended to be run as a part of Update Management Pre/Post scripts.
It requires hybrid workers to be configured on the machines which need to run scripts locally.
.PARAMETER RunbookName
The name of the Azure Automation runbook you wish to execute on the hybrid workers in a local context
.PARAMETER HybridWorkerGroups
A single hybrid worker group which should run another runbook from a local context.
To guarantee execution on the right machine, each hybrid worker group should contain only one machine.
KNOWN ISSUE: Pre/Post scripts will not accept arrays or objects as arguments.
.PARAMETER SoftwareUpdateConfigurationRunContext
This is a system variable which is automatically passed in by Update Management during a deployment.
.PARAMETER ResourceGroup
The resource group of the Automation account with the child job.
.PARAMETER AutomationAccount
The name of the Automation account with the child job.
#>
param(
[parameter(Mandatory=$true)] [string]$RunbookName,
[parameter(Mandatory=$true)] [string]$HybridWorkerGroups,
[string]$SoftwareUpdateConfigurationRunContext,
[parameter(Mandatory=$true)] [string]$ResourceGroup,
[parameter(Mandatory=$true)] [string]$AutomationAccount
)
#region BoilerplateAuthentication
#This requires a RunAs account
$ServicePrincipalConnection = Get-AutomationConnection -Name 'AzureRunAsConnection'
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $ServicePrincipalConnection.TenantId `
-ApplicationId $ServicePrincipalConnection.ApplicationId `
-CertificateThumbprint $ServicePrincipalConnection.CertificateThumbprint
$AzureContext = Select-AzureRmSubscription -SubscriptionId $ServicePrincipalConnection.SubscriptionID
#endregion BoilerplateAuthentication
$runStatus = New-Object System.Collections.Generic.List[System.Object]
$finalStatus = New-Object System.Collections.Generic.List[System.Object]
#If you wish to use the run context, it must be converted from JSON
$context = ConvertFrom-Json $SoftwareUpdateConfigurationRunContext
#Start script on each machine
foreach($machine in $HybridWorkerGroups)
{
$output = Start-AzureRmAutomationRunbook -Name $RunbookName -ResourceGroupName $ResourceGroup -AutomationAccountName $AutomationAccount -RunOn $machine
$runStatus.Add($output)
}
#Determine status of all runs.
foreach($job in $runStatus)
{
#First, wait for each job to complete
$currentStatus = Get-AzureRmAutomationJob -Id $job.jobid -ResourceGroupName $ResourceGroup -AutomationAccountName $AutomationAccount
while ($currentStatus.status -ne "Completed")
{
Start-Sleep -Seconds 5
$currentStatus = Get-AzureRmAutomationJob -Id $job.jobid -ResourceGroupName $ResourceGroup -AutomationAccountName $AutomationAccount
}
#Then, store the summary
$summary = Get-AzureRmAutomationJobOutput -Id $job.jobid -ResourceGroupName $ResourceGroup -AutomationAccountName $AutomationAccount
$finalStatus.Add($summary)
}
#In this case, we want to terminate the patch job if any run fails.
#This logic might not hold for all cases - you might want to allow success as long as at least 1 run succeeds
foreach($summary in $finalStatus)
{
if ($summary.Type -eq "Error")
{
#We must throw in order to fail the patch deployment.
throw $summary.Summary
}
}