问题
I am trying to access an azure vm via powershell remoting from azure automation. All our vms inside the subscription do not have public ips (only private ip). I have tried to access by New-Pssession (as below) , but no luck.
Could you please let me know what are the other ways to achive this?
$connectionName = "AzureRunAsConnection"
$SPC = Get-AutomationConnection -Name $connectionName
Write-Output $SPC
Add-AzureRmAccount -ServicePrincipal -TenantId $SPC.TenantId -ApplicationId $SPC.ApplicationId -CertificateThumbprint $SPC.CertificateThumbprint
Get-AzureRmSubScription
Select-AzureRMSubscription -SubscriptionId 'XXXXXXXXXXXXXXX'
Get-AzureRMAutomationAccount | fl *
$username = 'XXXXXXX'
$password = 'XXXXXXXX'
$secpasswd = ConvertTo-SecureString $password -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ($username, $secpasswd)
$S = New-PsSession -ComputerName XXXXXXXX -Credential $mycreds
Enter-PSSession -Session $S
回答1:
If you want to access Virtual Machines using Azure Automation Runbooks then you will need to use Hybrid Runbook Workers. This is an agent installed on one of your servers and registered back with your Azure Automation Account. From here you can then execute your runbook on your Hybrid Runbook Worker.
You can then setup your runbook to be executed on a Hybrid Runbook Worker, this will effectively execute the runbook as though it was on your server.
If your runbook does some actions in Azure first, then I would highly recommend splitting out your runbooks so that one does actions in Azure then calls the other runbook passing the appropriate parameters but executing on the Hybrid Runbook Worker. You can use PowerShell to execute an Azure Automation Runbook on a Hybrid Runbook Worker as shown in the following example:
Start-AzureRmAutomationRunbook –AutomationAccountName "MyAutomationAccount" –Name "Test-Runbook" -RunOn "MyHybridGroup"
You can use this option when you don't have a public IP address on the virtual machine.
Another option is to use a combination of WinRM, certificates and Azure Key Vault to be able to connect using Enter-PSSession. More on setting this up is detailed in the documentation on Setting up WinRM access for Virtual Machines in Azure Resource Manager. Note however that you can only use this method when your Virtual Machine has a public IP.
来源:https://stackoverflow.com/questions/50449994/accessing-an-azure-vm-through-powershell-remote-from-azure-automation