2

There seem to be so many ways to automate using PowerShell in Azure. Since ARM templates are the latest, any other PowerShell options in Azure has become obsolete? What are the difference between these tools/scripts:

  • Azure run book
  • Azure automation
  • Powershell DSC
  • Azure CLI
  • ARM Templates(JSON files that use PowerShell to execute)
  • Azure API
  • Any other PowerShell possibility in Azure I missed? a) Azure auto shutdown b) Azure change tracking
Blue Clouds
  • 7,295
  • 4
  • 71
  • 112
  • You can also add Azure Functions to your list: https://learn.microsoft.com/en-us/azure/azure-functions/functions-reference-powershell – Anatoli Beliaev Jan 22 '20 at 19:08

2 Answers2

3

Azure runbook is one of the "features" of Azure Automation. You can really automate anything with Azure Automation unless you create runbooks.

Powershell DSC isnt really used to create resources in Azure, so you cant (well you can, but its certainly a bad way to do that) create resources in Azure with it.

Azure Cli isnt powershell at all, not sure why you mention that. ARM templates are not powershell as well, but they can be called from powershell (like Azure Cli if you got it on the machine).

You completely left out such solutions as ansible\terraform\chef\puppet\etc. There are also various SDK's.

Most important difference you should think of - imperative\declarative. There are lots of ways to create resources in Azure. Depending on your use case you might use one tool or another, some of them have more features, some less, yet they all use Azure REST Api underneath.

4c74356b41
  • 69,186
  • 6
  • 100
  • 141
  • ansible\chef\puppet has nothing to do with infrastructure automation, these are tools for configuration management , the ones you choose when infrastructure exists, for provision ( e.g. virtual machines ) – Alexey Melezhik Nov 27 '18 at 22:22
  • "Powershell DSC isnt really used to create resources in Azure, so you cant (well you can, but its certainly a bad way to do that)" - how so? it all depends ... deploying Azure resources though Powershell DSL works for me ... – Alexey Melezhik Nov 27 '18 at 22:25
  • https://learn.microsoft.com/en-us/azure/virtual-machines/windows/chef-automation. https://docs.ansible.com/ansible/2.6/scenario_guides/guide_azure.html. https://puppet.com/products/managed-technology/microsoft-windows-azure. you tripping or what? – 4c74356b41 Nov 28 '18 at 05:38
  • you could create resources in azure with powershell dsc, but it doesnt have modules for that. at least official ones – 4c74356b41 Nov 28 '18 at 05:38
  • I am not. You _can_ use ansible to manage whatever you want but it does mean its a _right_ way. Ansible/chef/puppet are cm tools not _initially designed_ for nfrastructure automation, especially in cloud providers. – Alexey Melezhik Nov 28 '18 at 16:21
  • 1
    yeah, initially. 10 years ago, when there were no public clouds. okay. does that prove anything? no. right now they can be used to do that. and they are used to do that. whats your point? – 4c74356b41 Nov 28 '18 at 16:23
  • Not sure if understand the point about powershell modules , powershell is language supporting modularization, you are free to create whatever modules you want and reuse them. – Alexey Melezhik Nov 28 '18 at 16:23
  • is this going anywhere? you have a different opinion, okay. create an answer. – 4c74356b41 Nov 28 '18 at 16:27
  • I just point here that you are missing terminology imho. I could have marked your answer as not useful, but I did not, because you're right in other parts of it. I am going to end dispute. – Alexey Melezhik Nov 28 '18 at 16:32
2
  • The best in Powershell scripting is AZ (azure CLI) because it optimizes powershell scripting(from scratch)
  • The best in any form is ARM templates (.json) because it is intelligent when updating an existing infra(it wont remove existing but adds missing). Thus it beats AZ but sometimes AZ contributes to ARM templates(eg: some features are missing).
  • Azure automation helps schedule tasks:

eg: Dev machine should run 12 hours. create PowerShell workflow scripts and then bind them to two azure automation schedules (start + stop)

  • DSC is a PowerShell feature that prevents configuration drift. eg: Deploy a DSC configuration that prevents server services from stopping.

Most of the time there are limited options to choose from(4 options)

eg: to Create a Virtual Network these are the options:

  1. Use Portal
  2. Use Powershell
  3. Use Azure CLI
  4. Json ARM template enter image description here enter image description here

Edited in 2020 as requested:

IAC(infrastructure as code) is the defacto nowadays and companies either choose ARM templates or Terraform(or similar). When using Terraform, the compatibility with arm templates could become an issue. I use 80% powershell with AZ(mainly because VM is involved) and 20% ARM templates. The problem then is losing idempotence. So a developer need to know which commands are idempotent. This leads to arm template inheritance and such design considerations. Another question in mind could be : "should I create Keyvault and VM together or should I keep Keyvault separate?" or in other words, grouping of resource creation or updation regardless of which azure resource group they exist.

Azure functions are also used to automate, eg: VM start time and end time based on some conditions.

Azure policy plays a significant role in automation for enterprises. Eg: if a tag is added to a VM while creation then it is triggers a policy to domain join it(with in 10 mins). This way each team in an enterprise can re-use code when needed.

The other scripting and automation I could think of is KQL(Kusto Query language) to provide dashboards for monitoring and to take necessary actions like shutting down VMs. But it may perhaps not fit in 'automation'.

Blue Clouds
  • 7,295
  • 4
  • 71
  • 112
  • 1
    Any updates for 2020 or do you still have the same opinions? – Nick Westgate Jul 31 '20 at 06:01
  • With ‘az deployment group create’ see https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/deploy-cli, ARM json templates can be deployed with Azure CLI scripts. – René Mar 14 '21 at 09:19