如何以编程方式为Azure自动化帐户启用更新管理？_Azure_Azure Resource Manager_Azure Powershell_Terraform Provider Azure

如何以编程方式为Azure自动化帐户启用更新管理？

azure

如何以编程方式为Azure自动化帐户启用更新管理？,azure,azure-resource-manager,azure-powershell,terraform-provider-azure,Azure,Azure Resource Manager,Azure Powershell,Terraform Provider Azure,我目前正在使用Terraform和Powershell来自动化我所有的基础设施，我正在寻找一种完全自动化的方法来为我所有的VM配置更新管理。我能够部署自动化帐户、日志分析工作区和链接服务资源来管理两者之间的连接。但是，我无法在自动帐户上启用更新管理服务是否有任何自动方式（ps、tf、api等）可以让我简单地为我的自动化帐户启用更新管理？据我所知，这是您需要的： { "type": "Microsoft.OperationalInsights/workspaces", "name

我目前正在使用Terraform和Powershell来自动化我所有的基础设施，我正在寻找一种完全自动化的方法来为我所有的VM配置更新管理。我能够部署自动化帐户、日志分析工作区和链接服务资源来管理两者之间的连接。但是，我无法在自动帐户上启用更新管理服务

是否有任何自动方式（ps、tf、api等）可以让我简单地为我的自动化帐户启用更新管理？
据我所知，这是您需要的：

{ "type": "Microsoft.OperationalInsights/workspaces", "name": "[variables('namespace')]", "apiVersion": "2017-03-15-preview", "location": "[resourceGroup().location]", "properties": { "sku": { "name": "Standalone" } }, "resources": [ { "name": "Automation", # this onboards automation to oms, which is what you need "type": "linkedServices", "apiVersion": "2015-11-01-preview", "dependsOn": [ "[variables('automation')]", "[variables('namespace')]" ], "properties": { "resourceId": "[resourceId('Microsoft.Automation/automationAccounts/', variables('automation'))]" } } ] }, { "type": "Microsoft.Automation/automationAccounts", "name": "[variables('automation')]", "apiVersion": "2015-10-31", "location": "[resourceGroup().location]", "properties": { "sku": { "name": "OMS" } } }, { "type": "Microsoft.OperationsManagement/solutions", # this install update management solution, you probably need this for update management "name": "[concat(variables('solutions')[copyIndex()],'(', variables('namespace'), ')')]", "apiVersion": "2015-11-01-preview", "location": "[resourceGroup().location]", "copy": { "name": "solutions", "count": "[length(variables('solutions'))]" }, "plan": { "name": "[concat(variables('solutions')[copyIndex()], '(', variables('namespace'), ')')]", "promotionCode": "", "product": "[concat('OMSGallery/', variables('solutions')[copyIndex()])]", "publisher": "Microsoft" }, "properties": { "workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces', variables('namespace'))]" }, "dependsOn": [ "[variables('namespace')]" ] }
以下是我用来定义要安装的解决方案的变量：

"solutions": [ "AlertManagement", "Updates", "Security" ]

基本上，您可以将其映射到api调用1对1
这里有一个Terraform模块，它创建一个自动化帐户，创建一个到日志分析工作区的链接（本例中传递的工作区Id），然后将所需的更新管理和/或更改跟踪工作区解决方案添加到工作区
此模块使用Terraform0.11.13和AzureRM提供商版本1.28.0构建

# Create the automation account resource "azurerm_automation_account" "aa" { resource_group_name = "${var.resource_group_name}" location = "${var.location}" name = "${var.name}" sku { name = "${var.sku}" } tags = "${var.tags}" } # Link automation account to a Log Analytics Workspace. # Only deployed if enable_update_management and/or enable_change_tracking are/is set to true resource "azurerm_log_analytics_linked_service" "law_link" { count = "${var.enable_update_management || var.enable_change_tracking ? 1 : 0}" resource_group_name = "${var.resource_group_name}" workspace_name = "${element(split("/", var.log_analytics_workspace_id), length(split("/", var.log_analytics_workspace_id)) - 1)}" linked_service_name = "automation" resource_id = "${azurerm_automation_account.aa.id}" } # Add Updates workspace solution to log analytics if enable_update_management is set to true. # Adding this solution to the log analytics workspace, combined with above linked service resource enables update management for the automation account. resource "azurerm_log_analytics_solution" "law_solution_updates" { count = "${var.enable_update_management}" resource_group_name = "${var.resource_group_name}" location = "${var.location}" solution_name = "Updates" workspace_resource_id = "${var.log_analytics_workspace_id}" workspace_name = "${element(split("/", var.log_analytics_workspace_id), length(split("/", var.log_analytics_workspace_id)) - 1)}" plan { publisher = "Microsoft" product = "OMSGallery/Updates" } } # Add Updates workspace solution to log analytics if enable_change_tracking is set to true. # Adding this solution to the log analytics workspace, combined with above linked service resource enables Change Tracking and Inventory for the automation account. resource "azurerm_log_analytics_solution" "law_solution_change_tracking" { count = "${var.enable_change_tracking}" resource_group_name = "${var.resource_group_name}" location = "${var.location}" solution_name = "ChangeTracking" workspace_resource_id = "${var.log_analytics_workspace_id}" workspace_name = "${element(split("/", var.log_analytics_workspace_id), length(split("/", var.log_analytics_workspace_id)) - 1)}" plan { publisher = "Microsoft" product = "OMSGallery/ChangeTracking" } } # Send logs to Log Analytics # Required for automation account with update management and/or change tracking enabled. # Optional on automation accounts used of other purposes. resource "azurerm_monitor_diagnostic_setting" "aa_diags_logs" { count = "${var.enable_logs_collection || var.enable_update_management || var.enable_change_tracking ? 1 : 0}" name = "LogsToLogAnalytics" target_resource_id = "${azurerm_automation_account.aa.id}" log_analytics_workspace_id = "${var.log_analytics_workspace_id}" log { category = "JobLogs" enabled = true retention_policy { enabled = false } } log { category = "JobStreams" enabled = true retention_policy { enabled = false } } log { category = "DscNodeStatus" enabled = true retention_policy { enabled = false } } metric { category = "AllMetrics" enabled = false retention_policy { enabled = false } } } # Send metrics to Log Analytics resource "azurerm_monitor_diagnostic_setting" "aa_diags_metrics" { count = "${var.enable_metrics_collection || var.enable_update_management || var.enable_change_tracking ? 1 : 0}" name = "MetricsToLogAnalytics" target_resource_id = "${azurerm_automation_account.aa.id}" log_analytics_workspace_id = "${var.metrics_log_analytics_workspace_id}" log { category = "JobLogs" enabled = false retention_policy { enabled = false } } log { category = "JobStreams" enabled = false retention_policy { enabled = false } } log { category = "DscNodeStatus" enabled = false retention_policy { enabled = false } } metric { category = "AllMetrics" enabled = true retention_policy { enabled = false } } }

感谢您接受答案；）我没有注意到UI中的“启用”按钮实质上是将服务解决方案添加到LA工作区，因此这非常有意义！谢谢这对我帮助很大，谢谢。在.12中运行良好。如何管理少数实例的更新。