在混合 Runbook 辅助角色中运行 RunbookRun runbooks on a Hybrid Runbook Worker

混合 Runbook 辅助角色上运行的 Runbook 通常用于管理本地计算机上的资源,或部署了辅助角色的本地环境中的资源。Runbooks that run on a Hybrid Runbook Worker typically manage resources on the local computer or against resources in the local environment where the worker is deployed. Azure 自动化中的 runbook 通常管理 Azure 云中的资源。Runbooks in Azure Automation typically manage resources in the Azure cloud. 即使使用方式不同,在 Azure 自动化中运行的 Runbook 和在混合 Runbook 辅助角色上运行的 Runbook 结构上是相同的。Even though they are used differently, runbooks that run in Azure Automation and runbooks that run on a Hybrid Runbook Worker are identical in structure.

创建 Runbook 以在混合 Runbook 辅助角色上运行时,应当在承载辅助角色的计算机内编辑并测试 Runbook。When you author a runbook to run on a Hybrid Runbook Worker, you should edit and test the runbook on the machine that hosts the worker. 主机具有管理本地资源时所需的所有 PowerShell 模块和网络访问权限。The host machine has all the PowerShell modules and network access required to manage the local resources. 在混合 Runbook 辅助角色计算机上测试 Runbook 后,可以将它上传到 Azure 自动化环境,用于在混合辅助角色中运行。Once you test the runbook on the Hybrid Runbook Worker machine, you can then upload it to the Azure Automation environment, where it can be run on the worker.

计划 Runbook 作业行为Plan runbook job behavior

Azure 自动化处理混合 Runbook 辅助角色上的作业,这与 Azure 沙箱中运行的作业稍有不同。Azure Automation handles jobs on Hybrid Runbook Workers somewhat differently from jobs run in Azure sandboxes. 对于长时间运行的 runbook,请确保它能在重启后复原。If you have a long-running runbook, make sure that it's resilient to possible restart. 有关作业行为的详细信息,请参阅混合 Runbook 辅助角色作业For details of the job behavior, see Hybrid Runbook Worker jobs.

请记住,混合 Runbook 辅助角色的作业在 Windows 上的本地 System 帐户下运行,或在 Linux 上的 nxautomation 帐户下运行。Remember that jobs for Hybrid Runbook Workers run under the local System account on Windows or the nxautomation account on Linux. 对于 Linux,请确保 nxautomation 帐户有权访问存储 Runbook 模块的位置。For Linux, ensure that the nxautomation account has access to the location where the runbook modules are stored. 使用 Install-Module cmdlet 时,请确保为 Scope 参数指定 AllUsers,以确保 nxautomation 帐户具有访问权限。When you use the Install-Module cmdlet, be sure to specify AllUsers for the Scope parameter to ensure that the nxautomation account has access. 有关 Linux 上的 PowerShell 的详细信息,请参阅非 Windows 平台上的 PowerShell 的已知问题For more information on PowerShell on Linux, see Known Issues for PowerShell on Non-Windows Platforms.

设置 Runbook 权限Set up runbook permissions

通过以下方式定义 Runbook 的权限以在混合 Runbook 辅助角色上运行:Define permissions for your runbook to run on the Hybrid Runbook Worker in the following ways:

  • 让 Runbook 向本地资源提供自己的身份验证。Have the runbook provide its own authentication to local resources.
  • 配置使用 Azure 资源托管标识进行身份验证。Configure authentication using managed identities for Azure resources.
  • 还可以指定运行方式帐户,为所有 Runbook 提供用户上下文。Specify a Run As account to provide a user context for all runbooks.

对本地资源使用 Runbook 身份验证Use runbook authentication to local resources

如果准备向资源提供其身份验证的 Runbook,请在 Runbook 中使用凭据证书资产。If preparing a runbook that provides its own authentication to resources, use credential and certificate assets in your runbook. 可以通过多个 cmdlet 来指定凭据,以便 Runbook 可以对不同资源进行身份验证。There are several cmdlets that allow you to specify credentials so that the runbook can authenticate to different resources. 下面的示例显示了用于重新启动计算机的 Runbook 的一部分。The following example shows a portion of a runbook that restarts a computer. 它从凭据资产检索凭据,从变量资产检索计算机的名称,并将这些值用于 Restart-Computer cmdlet。It retrieves credentials from a credential asset and the name of the computer from a variable asset and then uses these values with the Restart-Computer cmdlet.

$Cred = Get-AutomationPSCredential -Name "MyCredential"
$Computer = Get-AutomationVariable -Name "ComputerName"

Restart-Computer -ComputerName $Computer -Credential $Cred

还可以使用 InlineScript 活动。You can also use an InlineScript activity. InlineScript 允许你在具有凭据的另一台计算机上运行代码块。InlineScript allows you to run blocks of code on another computer with credentials.

将 Runbook 身份验证与托管标识结合使用Use runbook authentication with managed identities

Azure 虚拟机上的混合 Runbook 辅助角色可以使用托管标识来向 Azure 资源进行身份验证。Hybrid Runbook Workers on Azure virtual machines can use managed identities to authenticate to Azure resources. 使用 Azure 资源的托管标识(而不是运行方式帐户)有一些好处,因为无需执行以下操作:Using managed identities for Azure resources instead of Run As accounts provides benefits because you don't need to:

  • 导出运行方式证书,再将其导入到混合 Runbook 辅助角色。Export the Run As certificate and then import it into the Hybrid Runbook Worker.
  • 续订运行方式帐户使用的证书。Renew the certificate used by the Run As account.
  • 在 Runbook 代码中处理运行方式连接对象。Handle the Run As connection object in your runbook code.

遵循以下步骤,在混合 Runbook 辅助角色上使用 Azure 资源的托管标识:Follow the next steps to use a managed identity for Azure resources on a Hybrid Runbook Worker:

  1. 创建 Azure VM。Create an Azure VM.

  2. 在 VM 上配置 Azure 资源的托管标识。Configure managed identities for Azure resources on the VM. 请参阅使用 Azure 门户在 VM 上配置 Azure 资源托管标识See Configure managed identities for Azure resources on a VM using the Azure portal.

  3. 授予 VM 对资源管理器中资源组的访问权限。Give the VM access to a resource group in Resource Manager. 请参见使用 Windows VM 系统分配的托管标识访问资源管理器Refer to Use a Windows VM system-assigned managed identity to access Resource Manager.

  4. 在 VM 上安装混合 Runbook 辅助角色。Install the Hybrid Runbook Worker on the VM. 请参阅部署 Windows 混合 Runbook 辅助角色部署 Linux 混合 Runbook 辅助角色See Deploy a Windows Hybrid Runbook Worker or Deploy a Linux Hybrid Runbook Worker.

  5. 更新 Runbook,将 Connect-AzAccount cmdlet 与 Identity 参数一起使用,以便对 Azure 资源进行身份验证。Update the runbook to use the Connect-AzAccount cmdlet with the Identity parameter to authenticate to Azure resources. 此配置减少了使用运行方式帐户以及执行关联帐户管理的需求。This configuration reduces the need to use a Run As account and perform the associated account management.

    # Connect to Azure using the managed identities for Azure resources identity configured on the Azure VM that is hosting the hybrid runbook worker
    Connect-AzAccount -EnvironmentName AzureChinaCloud -Identity
    
    # Get all VM names from the subscription
    Get-AzVM | Select Name
    

    备注

    Connect-AzAccount -Identity 适用于使用系统分配的标识和单一用户分配的标识的混合 Runbook 辅助角色。Connect-AzAccount -Identity works for a Hybrid Runbook Worker using a system-assigned identity and a single user-assigned identity. 如果在混合 Runbook 辅助角色上使用多个用户分配的标识,Runbook 必须为 Connect-AzAccount 指定 AccountId 参数,以选择特定的用户分配的标识。If you use multiple user-assigned identities on the Hybrid Runbook Worker, your runbook must specify the AccountId parameter for Connect-AzAccount to select a specific user-assigned identity.

将 Runbook 身份验证与运行方式帐户结合使用Use runbook authentication with Run As account

不需要让 Runbook 将自身的身份验证提供给本地资源,但可以针对混合 Runbook 辅助角色组指定运行方式帐户。Instead of having your runbook provide its own authentication to local resources, you can specify a Run As account for a Hybrid Runbook Worker group. 为此,你必须定义有权访问本地资源的凭据资产To do this, you must define a credential asset that has access to local resources. 这些资源包括证书存储,所有 Runbook 在组中的混合 Runbook 辅助角色上使用这些凭据运行。These resources include certificate stores and all runbooks run under these credentials on a Hybrid Runbook Worker in the group.

凭据的用户名必须采用以下格式之一:The user name for the credential must be in one of the following formats:

  • 域\用户名domain\username
  • username@domain
  • 用户名(适用于本地计算机的本地帐户)username (for accounts local to the on-premises computer)

使用以下过程针对混合 Runbook 辅助角色组指定运行方式帐户:Use the following procedure to specify a Run As account for a Hybrid Runbook Worker group:

  1. 创建具有本地资源访问权限的凭据资产Create a credential asset with access to local resources.
  2. 在 Azure 门户中打开自动化帐户。Open the Automation account in the Azure portal.
  3. 选择“混合辅助角色组”,并选择特定组。Select Hybrid Worker Groups, and then select the specific group.
  4. 选择“所有设置”,然后选择“混合辅助角色组设置”。Select All settings, followed by Hybrid worker group settings.
  5. 将“运行方式”的值从“默认”更改为“自定义”。Change the value of Run As from Default to Custom.
  6. 选择凭据,并单击“保存”。Select the credential and click Save.

安装运行方式帐户证书Install Run As account certificate

在 Azure 中部署资源时,可能需要在自动生成过程中访问本地系统以支持部署过程中的某个任务或某组步骤。As part of your automated build process for deploying resources in Azure, you might require access to on-premises systems to support a task or set of steps in your deployment sequence. 若要使用运行方式帐户针对 Azure 进行身份验证,必须安装运行方式帐户证书。To provide authentication against Azure using the Run As account, you must install the Run As account certificate.

以下 PowerShell Runbook 称为 Export-RunAsCertificateToHybridWorker,其从 Azure 自动化帐户导出运行方式证书。The following PowerShell runbook, called Export-RunAsCertificateToHybridWorker, exports the Run As certificate from your Azure Automation account. Runbook 下载证书并将其导入到连接到同一帐户的混合 Runbook 辅助角色上的本地计算机证书存储中。The runbook downloads and imports the certificate into the local machine certificate store on a Hybrid Runbook Worker that is connected to the same account. 完成该步骤后,Runbook 会验证辅助角色能否成功地使用运行方式帐户对 Azure 进行身份验证。Once it completes that step, the runbook verifies that the worker can successfully authenticate to Azure using the Run As account.

<#PSScriptInfo
.VERSION 1.0
.GUID 3a796b9a-623d-499d-86c8-c249f10a6986
.AUTHOR Azure Automation Team
.COMPANYNAME Microsoft
.COPYRIGHT
.TAGS Azure Automation
.LICENSEURI
.PROJECTURI
.ICONURI
.EXTERNALMODULEDEPENDENCIES
.REQUIREDSCRIPTS
.EXTERNALSCRIPTDEPENDENCIES
.RELEASENOTES
#>

<#
.SYNOPSIS
Exports the Run As certificate from an Azure Automation account to a hybrid worker in that account.

.DESCRIPTION
This runbook exports the Run As certificate from an Azure Automation account to a hybrid worker in that account. Run this runbook on the hybrid worker where you want the certificate installed. This allows the use of the AzureRunAsConnection to authenticate to Azure and manage Azure resources from runbooks running on the hybrid worker.

.EXAMPLE
.\Export-RunAsCertificateToHybridWorker

.NOTES
LASTEDIT: 2016.10.13
#>

# Generate the password used for this certificate
Add-Type -AssemblyName System.Web -ErrorAction SilentlyContinue | Out-Null
$Password = [System.Web.Security.Membership]::GeneratePassword(25, 10)

# Stop on errors
$ErrorActionPreference = 'stop'

# Get the management certificate that will be used to make calls into Azure Service Management resources
$RunAsCert = Get-AutomationCertificate -Name "AzureRunAsCertificate"

# location to store temporary certificate in the Automation service host
$CertPath = Join-Path $env:temp  "AzureRunAsCertificate.pfx"

# Save the certificate
$Cert = $RunAsCert.Export("pfx",$Password)
Set-Content -Value $Cert -Path $CertPath -Force -Encoding Byte | Write-Verbose

Write-Output ("Importing certificate into $env:computername local machine root store from " + $CertPath)
$SecurePassword = ConvertTo-SecureString $Password -AsPlainText -Force
Import-PfxCertificate -FilePath $CertPath -CertStoreLocation Cert:\LocalMachine\My -Password $SecurePassword -Exportable | Write-Verbose

# Test to see if authentication to Azure Resource Manager is working
$RunAsConnection = Get-AutomationConnection -Name "AzureRunAsConnection"

Connect-AzAccount `
    -Environment AzureChinaCloud `
    -ServicePrincipal `
    -Tenant $RunAsConnection.TenantId `
    -ApplicationId $RunAsConnection.ApplicationId `
    -CertificateThumbprint $RunAsConnection.CertificateThumbprint | Write-Verbose

Set-AzContext -Subscription $RunAsConnection.SubscriptionID | Write-Verbose

# List automation accounts to confirm that Azure Resource Manager calls are working
Get-AzAutomationAccount | Select-Object AutomationAccountName

备注

对于 PowerShell Runbook,Add-AzAccountAdd-AzureRMAccountConnect-AzAccount 的别名。For PowerShell runbooks, Add-AzAccount and Add-AzureRMAccount are aliases for Connect-AzAccount. 搜索库项时,如果未看到 Connect-AzAccount,可以使用 Add-AzAccount,或者在自动化帐户中更新模块。When searching your library items, if you do not see Connect-AzAccount, you can use Add-AzAccount, or you can update your modules in your Automation account.

若要完成运行方式帐户的准备工作:To finish preparing the Run As account:

  1. 以 .ps1 扩展名将 Export-RunAsCertificateToHybridWorker Runbook 保存到计算机。Save the Export-RunAsCertificateToHybridWorker runbook to your computer with a .ps1 extension.
  2. 将其导入自动化帐户。Import it into your Automation account.
  3. 编辑 Runbook,将 Password 变量的值更改为你自己的密码。Edit the runbook, changing the value of the Password variable to your own password.
  4. 发布 Runbook。Publish the runbook.
  5. 运行 Runbook,以混合 Runbook 辅助角色组为目标,该组使用运行方式帐户运行 Runbook 并对其进行身份验证。Run the runbook, targeting the Hybrid Runbook Worker group that runs and authenticates runbooks using the Run As account.
  6. 检查作业流,以了解其报告某个操作尝试将证书导入本地计算机存储,且后跟多个行。Examine the job stream to see that it reports the attempt to import the certificate into the local machine store, followed by multiple lines. 此行为取决于订阅中定义的自动化帐户数以及身份验证的成功程度。This behavior depends on how many Automation accounts you define in your subscription and the degree of success of the authentication.

在 Windows 混合 Runbook 辅助角色上使用已签名 RunbookWork with signed runbooks on a Windows Hybrid Runbook Worker

你可以将 Windows 混合 Runbook 辅助角色配置为仅运行已签名 Runbook。You can configure a Windows Hybrid Runbook Worker to run only signed runbooks.

重要

将混合 Runbook 辅助角色配置为仅运行已签名 Runbook 后,未签名的 Runbook 将无法在该辅助角色上执行。Once you've configured a Hybrid Runbook Worker to run only signed runbooks, unsigned runbooks fail to execute on the worker.

创建签名证书Create signing certificate

以下示例创建可用于对 Runbook 签名的自签名证书。The following example creates a self-signed certificate that can be used for signing runbooks. 此代码会创建证书并将其导出,使混合 Runbook 辅助角色以后可以导入它。This code creates the certificate and exports it so that the Hybrid Runbook Worker can import it later. 还会返回指纹,以备以后用于引用证书。The thumbprint is also returned for later use in referencing the certificate.

# Create a self-signed certificate that can be used for code signing
$SigningCert = New-SelfSignedCertificate -CertStoreLocation cert:\LocalMachine\my `
                                        -Subject "CN=contoso.com" `
                                        -KeyAlgorithm RSA `
                                        -KeyLength 2048 `
                                        -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" `
                                        -KeyExportPolicy Exportable `
                                        -KeyUsage DigitalSignature `
                                        -Type CodeSigningCert


# Export the certificate so that it can be imported to the hybrid workers
Export-Certificate -Cert $SigningCert -FilePath .\hybridworkersigningcertificate.cer

# Import the certificate into the trusted root store so the certificate chain can be validated
Import-Certificate -FilePath .\hybridworkersigningcertificate.cer -CertStoreLocation Cert:\LocalMachine\Root

# Retrieve the thumbprint for later use
$SigningCert.Thumbprint

导入证书并配置辅助角色以进行签名验证Import certificate and configure workers for signature validation

将创建的证书复制到组中的每个混合 Runbook 辅助角色。Copy the certificate that you've created to each Hybrid Runbook Worker in a group. 运行以下脚本,以导入证书并将辅助角色配置为在 Runbook 上使用签名验证。Run the following script to import the certificate and configure the workers to use signature validation on runbooks.

# Install the certificate into a location that will be used for validation.
New-Item -Path Cert:\LocalMachine\AutomationHybridStore
Import-Certificate -FilePath .\hybridworkersigningcertificate.cer -CertStoreLocation Cert:\LocalMachine\AutomationHybridStore

# Import the certificate into the trusted root store so the certificate chain can be validated
Import-Certificate -FilePath .\hybridworkersigningcertificate.cer -CertStoreLocation Cert:\LocalMachine\Root

# Configure the hybrid worker to use signature validation on runbooks.
Set-HybridRunbookWorkerSignatureValidation -Enable $true -TrustedCertStoreLocation "Cert:\LocalMachine\AutomationHybridStore"

使用证书对 Runbook 签名Sign your runbooks using the certificate

将混合 Runbook 辅助角色配置为仅使用已签名 Runbook 后,必须对要在混合 Runbook 辅助角色上使用的 Runbook 签名。With the Hybrid Runbook Workers configured to use only signed runbooks, you must sign runbooks that are to be used on the Hybrid Runbook Worker. 使用以下示例 PowerShell 代码对这些 Runbook 签名。Use the following sample PowerShell code to sign these runbooks.

$SigningCert = ( Get-ChildItem -Path cert:\LocalMachine\My\<CertificateThumbprint>)
Set-AuthenticodeSignature .\TestRunbook.ps1 -Certificate $SigningCert

对 Runbook 签名后,必须将其导入自动化帐户并与签名块一起发布。When a runbook has been signed, you must import it into your Automation account and publish it with the signature block. 若要了解如何导入 Runbook,请参阅导入 RunbookTo learn how to import runbooks, see Import a runbook.

在 Linux 混合 Runbook 辅助角色上使用已签名 RunbookWork with signed runbooks on a Linux Hybrid Runbook Worker

为了能够使用签名的 Runbook,Linux 混合 Runbook 辅助角色必须在本地计算机上具有 GPG 可执行文件。To be able to work with signed runbooks, a Linux Hybrid Runbook Worker must have the GPG executable on the local machine.

重要

将混合 Runbook 辅助角色配置为仅运行已签名 Runbook 后,未签名的 Runbook 将无法在该辅助角色上执行。Once you've configured a Hybrid Runbook Worker to run only signed runbooks, unsigned runbooks fail to execute on the worker.

创建 GPG keyring 和密钥对Create a GPG keyring and keypair

若要创建 GPG keyring 和密钥对,请使用混合 Runbook 辅助角色 nxautomation accountTo create the GPG keyring and keypair, use the Hybrid Runbook Worker nxautomation account.

  1. 使用 sudo 应用程序以 nxautomation 帐户登录。Use the sudo application to sign in as the nxautomation account.

    sudo su – nxautomation
    
  2. 使用 nxautomation 时,将生成 GPG 密钥对。Once you are using nxautomation, generate the GPG keypair. GPG 将引导你完成每个步骤。GPG guides you through the steps. 必须提供姓名、电子邮件地址、过期时间和密码。You must provide name, email address, expiration time, and passphrase. 然后等待,直到计算机上有足够的熵用于生成密钥。Then you wait until there is enough entropy on the machine for the key to be generated.

    sudo gpg --generate-key
    
  3. 由于 GPG 目录使用 sudo 生成,需要使用以下命令将其所有者更改为 nxautomation。Because the GPG directory was generated with sudo, you must change its owner to nxautomation using the following command.

    sudo chown -R nxautomation ~/.gnupg
    

使 keyring 可供混合 Runbook 辅助角色使用Make the keyring available to the Hybrid Runbook Worker

创建 keyring 后,需要使其可供混合 Runbook 辅助角色使用。Once the keyring has been created, make it available to the Hybrid Runbook Worker. 修改设置文件 /var/opt/microsoft/omsagent/state/automationworker/diy/worker.conf 以在文件部分 [worker-optional] 下包含以下示例代码。Modify the settings file /var/opt/microsoft/omsagent/state/automationworker/diy/worker.conf to include the following example code under the file section [worker-optional].

gpg_public_keyring_path = /var/opt/microsoft/omsagent/run/.gnupg/pubring.kbx

验证签名验证是否已打开Verify that signature validation is on

如果已在计算机上禁用签名验证,则必须通过运行以下 sudo 命令将其打开。If signature validation has been disabled on the machine, you must turn it on by running the following sudo command. 使用工作区 ID 替换 <LogAnalyticsworkspaceId>Replace <LogAnalyticsworkspaceId> with your workspace ID.

sudo python /opt/microsoft/omsconfig/modules/nxOMSAutomationWorker/DSCResources/MSFT_nxOMSAutomationWorkerResource/automationworker/scripts/require_runbook_signature.py --true <LogAnalyticsworkspaceId>

对 runbook 签名Sign a runbook

配置签名验证后,即可使用以下 GPG 命令对 Runbook 签名。Once you have configured signature validation, use the following GPG command to sign the runbook.

gpg –-clear-sign <runbook name>

签名的 Runbook 称为 asc。The signed runbook is called .asc.

已签名 Runbook 现在可上传到 Azure 自动化中,并且可以像常规 Runbook 一样执行。You can now upload the signed runbook to Azure Automation and execute it like a regular runbook.

在混合 Runbook 辅助角色中启动 RunbookStart a runbook on a Hybrid Runbook Worker

在 Azure 自动化中启动 Runbook 介绍了用于启动 Runbook 的不同方法。Start a runbook in Azure Automation describes different methods for starting a runbook. 在混合 Runbook 辅助角色上启动 Runbook 将使用“运行位置”选项,该选项允许你指定混合 Runbook 辅助角色组的名称。Startup for a runbook on a Hybrid Runbook Worker uses a Run on option that allows you to specify the name of a Hybrid Runbook Worker group. 指定组时,该组中的其中一个辅助角色检索和运行 Runbook。When a group is specified, one of the workers in that group retrieves and runs the runbook. 如果 Runbook 未指定此选项,Azure 自动化会照常运行 Runbook。If your runbook does not specify this option, Azure Automation runs the runbook as usual.

在 Azure 门户中启动 Runbook 时,会看到一个“运行位置”选项,可以在其中选择“Azure”或“混合辅助角色” 。When you start a runbook in the Azure portal, you're presented with the Run on option for which you can select Azure or Hybrid Worker. 如果选择“混合辅助角色”,则可以从下拉列表中选择混合 Runbook 辅助角色组。If you select Hybrid Worker, you can choose the Hybrid Runbook Worker group from a dropdown.

使用 PowerShell 启动 Runbook 时,请将 RunOn 参数与 Start-AzAutomationRunbook cmdlet 一起使用。When starting a runbook using PowerShell, use the RunOn parameter with the Start-AzAutomationRunbook cmdlet. 以下示例使用 Windows PowerShell 在名为 MyHybridGroup 的混合 Runbook 辅助角色组中启动名为 Test-Runbook 的 Runbook。The following example uses Windows PowerShell to start a runbook named Test-Runbook on a Hybrid Runbook Worker group named MyHybridGroup.

Start-AzAutomationRunbook –AutomationAccountName "MyAutomationAccount" –Name "Test-Runbook" -RunOn "MyHybridGroup"

日志记录Logging

为了帮助解决在混合 runbook 辅助角色上运行的 runbook 的问题,日志存储在本地的以下位置:To help troubleshoot issues with your runbooks running on a hybrid runbook worker, logs are stored locally in the following location:

  • 在 Windows 的 C:\ProgramData\Microsoft\System Center\Orchestrator\<version>\SMA\Sandboxes 上获取详细的作业运行时进程日志记录。On Windows at C:\ProgramData\Microsoft\System Center\Orchestrator\<version>\SMA\Sandboxes for detailed job runtime process logging. 概要 runbook 作业状态事件将写入 Application and Services Logs\Microsoft-Automation\Operations 事件日志中。High-level runbook job status events are written to the Application and Services Logs\Microsoft-Automation\Operations event log.

  • 在 Linux 上,可以在 /home/nxautomation/run/worker.log 找到用户混合辅助角色日志,可以在 /var/opt/microsoft/omsagent/run/automationworker/worker.log 找到系统 runbook 辅助角色日志。On Linux, the user hybrid worker logs can be found at /home/nxautomation/run/worker.log, and system runbook worker logs can be found at /var/opt/microsoft/omsagent/run/automationworker/worker.log.

后续步骤Next steps

  • 如果 Runbook 未成功完成,请查看 Runbook 执行失败相关故障排除指南。If your runbooks aren't completing successfully, review the troubleshooting guide for runbook execution failures.
  • 有关 PowerShell 的详细信息,包括语言参考和学习模块,请参阅 PowerShell 文档For more information on PowerShell, including language reference and learning modules, refer to the PowerShell Docs.
  • 有关 PowerShell cmdlet 参考,请参阅 Az.AutomationFor a PowerShell cmdlet reference, see Az.Automation.