vRA8 Azure integration with PowerShell

Share on:

How to write additional resource actions in PowerShell.


vRA8 provides resource actions for Azure VMs out of box. Also, we can create custom actions by running vRO workflows. vRO8 supports PowerShell as scripting language, so we can use the Azure PowerShell modules to extend vRA8.

Deallocate a VM

vRA8 can stop a VM but it is not deallocated, so charges still apply.

Let's create a custom action to deallocate a virtual machine.

Development Environment

As vRO8 runs PowerShell on Linux, I chose Linux (WSL, in fact) as the development and test platform. Windows should also work.

1sudo apt install powershell

Now create a folder for the action and download the necessary modules (Az.Accounts will be downloaded as a dependency).

1mkdir -p deallocate/Modules
2cd deallocate
3pwsh -c Get-PSRepository
4pwsh -c "Save-Module -Name Az.Compute -Path ./Modules/ -Repository PSGallery"

Connect to Azure

We need the tenant ID, an application ID and secret to connect to Azure. I recommend to reuse the same Enterprise Application crecentials created for vRA8 Azure cloud account. See Configure Microsoft Azure for use with vRealize Automation Cloud Assembly.

stop_deallocate.ps1 Script

Create the following script in the deallocate folder created earlier:

 1Import-Module -Name 'Az.Accounts'
 2Import-Module -Name 'Az.Compute'
 4function handler ($context, $inputs) {
 6  $vmName = $inputs.vmName
 7  $rgName = $inputs.rgName
 8  $azTenantId = $inputs.azTenantId
 9  $azClientId = $inputs.azClientId
10  $azClientSecret = $inputs.azClientSecret
12  $secstr = New-Object -TypeName System.Security.SecureString
13  $azClientSecret.ToCharArray() | ForEach-Object {$secstr.AppendChar($_)}
14  $cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $azClientId , $secstr
15  $resp_connectAzAccount = Connect-AzAccount -ServicePrincipal -Credential $cred -Tenant $azTenantId -ErrorAction Stop
17  Write-Host "Connected Azure Subscription ID:"
18  Get-AzSubscription | Write-Host
20  Stop-AzVM -Verbose -name $vmName -force -ResourceGroupName $rgName -ErrorAction Stop
21  Write-Host "Successfully completed: $?"
23  $outputs = @{}
24  return $outputs

Inputs are:

  • vmName (name of the virtual machine to stop)
  • rgName (Azure resource group name)
  • azTenantId (Azure tenant ID)
  • azClientId (Azure application/client ID)
  • azClientSecret (Azure application/client secret)

Connect-AzAccount authenticates to Azure, then Stop-AzVM stops and deallocates the VM. Any failures will result an exception thrown.

Package the Code

We need to create a zip file with the PowerShell script and its dependencies.

1zip -r --exclude=*.zip -X stop_deallocate.zip .

vRO Action

We need to create a new action with PowerShell runtime and import the zip file created. The entry point is stop_deallocate.handler (script name + function name):

Also, define the inputs as follows:

vRO Workflow

Let's create a simple workflow that'll be called by vRA (no inputs or outputs are required).

We get the name of the VM from the context, Azure credentials are coming from configuration element attributes.

1var resourceProperties = System.getContext().getParameter("__metadata_resourceProperties");
2vmName = resourceProperties.resourceName;

Resource Action

Now we define a resource action for Azure VMs. We can add a description about the action on the Edit Request Parameters form.

Run the Action

Now choose an Azure virtual machine and select the action Stop and Deallocate

Workflow logs are:

1INFO __item_stack:/item1
2INFO __item_stack:/item2
3INFO WARNING: The provided service principal secret will be included in the 'AzureRmContext.json' file found in the user profile ( /root/.Azure ). Please ensure that this directory has appropriate protections.
4INFO Connected Azure Subscription ID:
5INFO dddddddd-aaaaaaaaa-8888-ffffffffffff
6INFO VERBOSE: Performing the operation "Stop" on target "cloudvm-508".
7INFO Successfully completed: True
8INFO __item_stack:/item0

Azure status


Workflow, action and package can be downloaded: https://github.com/kuklis/vra8-azure


Using the same method we can define custom actions running Azure PowerShell commands available.