Tutorial: Create a Python 3 runbook (preview)
This tutorial walks you through the creation of a Python 3 runbook (preview) in Azure Automation. Python runbooks compile under Python 2 and 3. You can directly edit the code of the runbook using the text editor in the Azure portal.
- Create a simple Python runbook
- Test and publish the runbook
- Run and track the status of the runbook job
- Update the runbook to start an Azure virtual machine with runbook parameters
To complete this tutorial, you need the following:
Automation account to hold the runbook and authenticate to Azure resources. This account must have permission to start and stop the virtual machine.
An Azure virtual machine. During this tutorial, you will start and stop this machine, so it should not be a production VM.
You can use a Linux or Windows Hybrid Runbook Worker to run Python 3 runbooks. Follow the instructions for installing a Linux or Windows Hybrid Runbook Worker. There is no specific pre-requisite for a Linux Hybrid Worker. However, to use a Windows Hybrid Worker for Python 3 runbooks, configure your the machine hosting the runbook worker based on if you are only supporting Python 3, or if Python 2 and 3 need to coexist.
If you have Python 2 or Python 3 only installed, you need to append the path of the folder where python.exe is located to the PATH environmental variable. For example, if python.exe is in the installation path
C:\Python, then that path needs to be appended to the PATH environmental variable.
If you have both Python 2 and Python 3 installed and you want to run both types of runbooks, then you need to configure the following environmental variables:
Python 2 - Create a new environmental variable called
PYTHON_2_PATHand specify the installation folder. For example, if the installation folder is
C:\Python27, then this path needs to be added to the variable.
Python 3 - Create a new environmental variable called
PYTHON_3_PATHand specify the installation folder. For example, if the installation folder is
C:\Python3, then this path needs to be added to the variable.
Create a new runbook
You start by creating a simple runbook that outputs the text Hello World.
In the Azure portal, open your Automation account.
The Automation account page gives you a quick view of the resources in this account. You should already have some assets. Most of those assets are the modules that are automatically included in a new Automation account. You should also have the Credential asset that's mentioned in the prerequisites.
Select Runbooks under Process Automation to open the list of runbooks.
Select Add a runbook to create a new runbook.
Give the runbook the name MyFirstRunbook-Python.
Select Python 3 for Runbook type.
Select Create to create the runbook and open the textual editor.
Add code to the runbook
Now you add a simple command to print the text
Select Save to save the runbook.
Test the runbook
Before you publish the runbook to make it available in production, you want to test it to make sure that it works properly. When you test a runbook, you run its draft version and view its output interactively.
Select Test pane to open the Test pane.
Select Start to start the test. This should be the only enabled option.
A runbook job is created and its status displayed. The job status starts as Queued, indicating that it is waiting for a runbook worker in the cloud to become available. It changes to Starting when a worker claims the job, and then Running when the runbook actually starts running.
When the runbook job completes, its output is displayed. In this case, you should see
Close the Test pane to return to the canvas.
Publish and start the runbook
The runbook that you created is still in draft mode. You need to publish it before you can run it in production. When you publish a runbook, you overwrite the existing published version with the draft version. In this case, you don't have a published version yet because you just created the runbook.
Select Publish to publish the runbook and then Yes when prompted.
If you scroll left to view the runbook on the Runbooks page, you should see an Authoring Status of Published.
Scroll back to the right to view the pane for MyFirstRunbook-Python3.
The options across the top allow you to start the runbook, view the runbook, or schedule it to start at some time in the future.
Select Start and then select OK when the Start Runbook pane opens.
A Job pane is opened for the runbook job that you created. You can close this pane, but let's leave it open so that you can watch the job's progress.
The job status is shown in Job Summary and matches the statuses that you saw when you tested the runbook.
Once the runbook status shows Completed, select Output. The Output pane is opened, where you can see
Close the Output pane.
Select All Logs to open the Streams pane for the runbook job. You should only see
Hello Worldin the Output stream. However, this pane can show other streams for a runbook job, such as Verbose and Error, if the runbook writes to them.
Close the Streams pane and the Job pane to return to the MyFirstRunbook-Python3 pane.
Select Jobs to open the Jobs page for this runbook. This page lists all jobs created by this runbook. You should only see one job listed since you only ran the job once.
You can select this job to open the same Job pane that you viewed when you started the runbook. This pane allows you to go back in time and view the details of any job that was created for a particular runbook.
Add authentication to manage Azure resources
You've tested and published your runbook, but so far it doesn't do anything useful. You want to have it manage Azure resources. To do this, the script has to authenticate using the credentials from your Automation account.
The Automation account must have been created with the service principal feature for there to be a Run As certificate. If your Automation account was not created with the service principal, you can authenticate as described in Authenticate with the Azure Management Libraries for Python.
Open the textual editor by selecting Edit on the MyFirstRunbook-Python3 pane.
Add the following code to authenticate to Azure:
from OpenSSL import crypto import binascii from msrestazure import azure_active_directory import adal # Get the Azure Automation RunAs service principal certificate cert = automationassets.get_automation_certificate("AzureRunAsCertificate") pks12_cert = crypto.load_pkcs12(cert) pem_pkey = crypto.dump_privatekey(crypto.FILETYPE_PEM,pks12_cert.get_privatekey()) # Get run as connection information for the Azure Automation service principal application_id = runas_connection["ApplicationId"] thumbprint = runas_connection["CertificateThumbprint"] tenant_id = runas_connection["TenantId"] # Authenticate with service principal certificate resource ="https://management.core.windows.net/" authority_url = ("https://login.microsoftonline.com/"+tenant_id) context = adal.AuthenticationContext(authority_url) return azure_active_directory.AdalAuthentication( lambda: context.acquire_token_with_client_certificate( resource, application_id, pem_pkey, thumbprint) )
Add code to create Python Compute client and start the VM
To work with Azure VMs, create an instance of the Azure Compute client for Python.
Use the compute client to start the VM. Add the following code to the runbook:
# Initialize the compute management client with the RunAs credential and specify the subscription to work against. compute_client = ComputeManagementClient( azure_credential, str(runas_connection["SubscriptionId"]) ) print('\nStart VM') async_vm_start = compute_client.virtual_machines.start( "MyResourceGroup", "TestVM") async_vm_start.wait()
MyResourceGroup is the name of the resource group that contains the VM, and
TestVM is the name of the VM that you want to start.
Test and run the runbook again to see that it starts the VM.
Use input parameters
The runbook currently uses hard-coded values for the names of the resource group and the VM. Now let's add code that gets these values from input parameters.
You use the
sys.argv variable to get the parameter values. Add the following code to the runbook immediately after the other
import sys resource_group_name = str(sys.argv) vm_name = str(sys.argv)
This imports the
sys module, and creates two variables to hold the Resource Group and VM names. Notice that the element of the argument list,
sys.argv, is the name of the script, and is not input by the user.
Now you can modify the last two lines of the runbook to use the input parameter values instead of using hard-coded values:
async_vm_start = compute_client.virtual_machines.start( resource_group_name, vm_name) async_vm_start.wait()
When you start a Python runbook, either from the Test pane or as a published runbook, you can enter the values for parameters in the Start Runbook page under Parameters.
After you start entering a value in the first box, a second appears, and so on, so that you can enter as many parameter values as necessary.
The values are available to the script in the
sys.argv array as in the code you just added.
Enter the name of your resource group as the value for the first parameter, and the name of the VM to start as the value of the second parameter.
Select OK to start the runbook. The runbook runs and starts the VM that you specified.
Error handling in Python
You can also use the following conventions to retrieve various streams from your Python runbooks, including WARNING, ERROR, and DEBUG streams.
print("Hello World output") print("ERROR: - Hello world error") print("WARNING: - Hello world warning") print("DEBUG: - Hello world debug") print("VERBOSE: - Hello world verbose")
The following example shows this convention used in a
try: raise Exception('one', 'two') except Exception as detail: print ('ERROR: Handling run-time error:', detail)