1. Executing runbooks directly on on-premises systems using Hybrid Runbook Worker

    TypeScript

    To execute runbooks directly on on-premises systems with Azure Automation, you can make use of Azure Automation Hybrid Runbook Workers. Hybrid Runbook Workers allow you to run runbooks directly on the computer hosting the role and against resources in the environment to manage local resources.

    In order to do this with Pulumi, you would typically need to set up an Automation Account, configure a Hybrid Runbook Worker Group, and then deploy runbooks to be executed by the Hybrid Runbook Workers in that group.

    Here's a program written in TypeScript that demonstrates how you would set these resources up using the Pulumi Azure Native provider. Make sure you have already installed the @pulumi/azure-native package. If not, you can install it using npm with npm install @pulumi/azure-native.

    Below is the program that sets up an Azure Automation Account and a Hybrid Runbook Worker Group.

    import * as pulumi from "@pulumi/pulumi"; import * as azure_native from "@pulumi/azure-native"; // Create a new resource group to contain the automation resources const resourceGroup = new azure_native.resources.ResourceGroup("myResourceGroup"); // Create an Automation Account const automationAccount = new azure_native.automation.AutomationAccount("myAutomationAccount", { resourceGroupName: resourceGroup.name, // Example SKU - you'll want to choose the one that best fits your needs sku: { name: azure_native.automation.SkuNameEnum.Basic, }, location: resourceGroup.location, }); // Create a Hybrid Runbook Worker Group const hybridRunbookWorkerGroup = new azure_native.automation.HybridRunbookWorkerGroup("myHybridRunbookWorkerGroup", { automationAccountName: automationAccount.name, resourceGroupName: resourceGroup.name, hybridRunbookWorkerGroupName: "myHybridWorkerGroup", // Credential is required and should be created separately. // This would typically be done by creating a new Automation Credential resource. // Here, we are using a placeholder name for the credential which should exist or be created. credential: { name: "existingCredentialName", }, }); // Export the Automation Account name and Hybrid Runbook Worker Group name export const automationAccountName = automationAccount.name; export const workerGroupName = hybridRunbookWorkerGroup.name;

    In this program:

    • We import the required modules from Pulumi.
    • We create a new resource group to hold all our automation resources.
    • We declare an Automation Account which is where our runbooks will reside.
    • We create a Hybrid Runbook Worker Group within our automation account.

    Notice that we also export the Automation Account name and the Worker Group name, which can be useful if you need to reference these values outside of Pulumi, such as in another deployment process or in a CI/CD pipeline.

    Keep in mind that the above script assumes that you have the necessary permissions and Azure Active Directory setup in place to create these resources. When you're ready to run this code, simply use pulumi up, and Pulumi will handle provisioning the resources as specified.

    Before running the program, you would also need to ensure that you have an appropriate credential set up for the Hybrid Runbook Worker Group, which is not covered in this example. The credential should be a user credential with the necessary permissions to execute tasks on your local resources.

    After setting up the Hybrid Runbook Worker environment, you would then publish runbooks to the Automation Account and target the Hybrid Runbook Worker Group for execution on your on-premises systems. This can be done within the Azure Portal or through additional Pulumi code to define and publish the runbooks.