在 Azure 自动化中执行 RunbookRunbook execution in Azure Automation

借助 Azure 自动化中的流程自动化,你可以创建并管理 PowerShell、PowerShell 工作流和图形 runbook。Process automation in Azure Automation allows you to create and manage PowerShell, PowerShell Workflow, and graphical runbooks. 有关详细信息,请参阅 Azure 自动化 runbookFor details, see Azure Automation runbooks.

自动化根据 runbook 内部定义的逻辑来执行 runbook。Automation executes your runbooks based on the logic defined inside them. 如果 runbook 中断,则会从开始处重启。If a runbook is interrupted, it restarts at the beginning. 此行为要求编写在发生暂时性问题时支持重启的 runbook。This behavior requires you to write runbooks that support being restarted if transient issues occur.

在 Azure 自动化中启动 runbook 会创建一个作业,该作业是 runbook 的单个执行实例。Starting a runbook in Azure Automation creates a job, which is a single execution instance of the runbook. 每个作业都通过连接到 Azure 订阅来访问 Azure 资源。Each job accesses Azure resources by making a connection to your Azure subscription. 仅当数据中心内的资源可从公有云访问时,作业才能访问这些资源。The job can only access resources in your datacenter if those resources are accessible from the public cloud.

Azure 自动化分配辅助角色用于在 runbook 执行期间运行每个作业。Azure Automation assigns a worker to run each job during runbook execution. 尽管辅助角色由多个 Azure 帐户共享,但不同自动化帐户中的作业是相互独立的。While workers are shared by many Azure accounts, jobs from different Automation accounts are isolated from one another. 你无法控制作业请求的辅助角色服务。You can't control which worker services your job requests.

在 Azure 门户中查看 runbook 列表时,列表会显示已为每个 runbook 启动的每个作业的状态。When you view the list of runbooks in the Azure portal, it shows the status of each job that has been started for each runbook. Azure 自动化最多将作业日志存储 30 天。Azure Automation stores job logs for a maximum of 30 days.

下图显示 PowerShell runbookPowerShell 工作流 runbook图形 runbook 的 runbook 作业的生命周期。The following diagram shows the lifecycle of a runbook job for PowerShell runbooks, PowerShell Workflow runbooks, and graphical runbooks.

作业状态 - PowerShell 工作流


有关查看或删除个人数据的信息,请参阅 GDPR 的 Azure 数据使用者请求For information about viewing or deleting personal data, see Azure Data Subject Requests for the GDPR. 有关 GDPR 的详细信息,请参阅服务信任门户的 GDPR 部分For more information about GDPR, see the GDPR section of the Service Trust portal.

Runbook 执行环境Runbook execution environment

Azure 自动化中的 runbook 可以在 Azure 沙盒上运行,也可以在混合 Runbook 辅助角色上运行。Runbooks in Azure Automation can run on either an Azure sandbox or a Hybrid Runbook Worker.

如果 runbook 设计为针对 Azure 中的资源进行身份验证和运行,则它们会在 Azure 沙盒中运行,这是多个作业可以使用的共享环境。When runbooks are designed to authenticate and run against resources in Azure, they run in an Azure sandbox, which is a shared environment that multiple jobs can use. 使用同一沙盒的作业受沙盒的资源限制约束。Jobs using the same sandbox are bound by the resource limitations of the sandbox. Azure 沙盒环境不支持交互式操作。The Azure sandbox environment does not support interactive operations. 它阻止访问所有进程外 COM 服务器。It prevents access to all out-of-process COM servers. 它还要求将本地 MOF 文件用于进行 Win32 调用的 runbook。It also requires the use of local MOF files for runbooks that make Win32 calls.

你也可以使用混合 Runbook 辅助角色直接在托管角色的计算机上运行 runbook,以及针对环境中的资源运行 runbook。You can also use a Hybrid Runbook Worker to run runbooks directly on the computer that hosts the role and against local resources in the environment. Azure 自动化存储并管理 runbook,然后将其发送到一个或多个分配的计算机。Azure Automation stores and manages runbooks and then delivers them to one or more assigned computers.


若要在 Linux 混合 Runbook 辅助角色上运行,必须对脚本进行签名并相应配置辅助角色。To run on a Linux Hybrid Runbook Worker, your scripts must be signed and the worker configured accordingly. 或者,必须关闭签名验证Alternatively, signature validation must be turned off.

下表列出一些 runbook 执行任务,并为每个任务列出了建议的执行环境。The following table lists some runbook execution tasks with the recommended execution environment listed for each.

任务Task 建议Recommendation 说明Notes
与 Azure 资源集成Integrate with Azure resources Azure 沙盒Azure Sandbox 在 Azure 中托管,身份验证更为简单。Hosted in Azure, authentication is simpler. 如果使用 Azure VM 上的混合 Runbook 辅助角色,则可将 runbook 身份验证与托管标识配合使用If you're using a Hybrid Runbook Worker on an Azure VM, you can use runbook authentication with managed identities.
获取管理 Azure 资源的最佳性能Obtain optimal performance to manage Azure resources Azure 沙盒Azure Sandbox 脚本在同一环境中运行,延迟更低。Script is run in the same environment, which has less latency.
最大程度减少运营成本Minimize operational costs Azure 沙盒Azure Sandbox 没有计算开销,且不需要 VM。There is no compute overhead and no need for a VM.
执行长时间运行的脚本Execute long-running script 混合 Runbook 辅助角色Hybrid Runbook Worker Azure 沙盒具有资源限制Azure sandboxes have resource limits.
与本地服务进行交互Interact with local services 混合 Runbook 辅助角色Hybrid Runbook Worker 直接访问主机,或其他云环境或本地环境中的资源。Directly access the host machine, or resources in other cloud environments or the on-premises environment.
需要第三方软件和可执行文件Require third-party software and executables 混合 Runbook 辅助角色Hybrid Runbook Worker 管理操作系统并且可以安装软件。You manage the operating system and can install software.
运行资源密集型脚本Run a resource-intensive script 混合 Runbook 辅助角色Hybrid Runbook Worker Azure 沙盒具有资源限制Azure sandboxes have resource limits.
使用具有特定要求的模块Use modules with specific requirements 混合 Runbook 辅助角色Hybrid Runbook Worker 一些示例如下:Some examples are:
WinSCP - winscp.exe 上的依赖项WinSCP - dependency on winscp.exe
IIS 管理 - 用于启用或管理 IIS 的依赖项IIS administration - dependency on enabling or managing IIS
使用安装程序安装模块Install a module with an installer 混合 Runbook 辅助角色Hybrid Runbook Worker 沙盒模块必须支持复制。Modules for sandbox must support copying.
使用需要 4.7.2 以外版本的 .NET Framework 的 runbook 或模块Use runbooks or modules that require .NET Framework version different from 4.7.2 混合 Runbook 辅助角色Hybrid Runbook Worker Azure 沙盒支持 .NET Framework 4.7.2,并且不支持升级到其他版本。Azure sandboxes support .NET Framework 4.7.2, and upgrading to a different version is not supported.
运行需要提升的脚本Run scripts that require elevation 混合 Runbook 辅助角色Hybrid Runbook Worker 沙盒不允许提升。Sandboxes don't allow elevation. 借助混合 Runbook 辅助角色,可以在运行需要提升的命令时关闭 UAC 并使用 Invoke-CommandWith a Hybrid Runbook Worker, you can turn off UAC and use Invoke-Command when running the command that requires elevation.
运行需要访问 Windows Management Instrumentation (WMI) 的脚本Run scripts that require access to Windows Management Instrumentation (WMI) 混合 Runbook 辅助角色Hybrid Runbook Worker 在云中的沙盒中运行的作业无法访问 WMI 提供程序。Jobs running in sandboxes in the cloud can't access WMI provider.

沙盒中的临时存储Temporary storage in a sandbox

如果需要按照 runbook 逻辑来创建临时文件,则可将 Azure 沙盒中的 Temp 文件夹(即 $env:TEMP)用于 Azure 中运行的 runbook。If you need to create temporary files as part of your runbook logic, you can use the Temp folder (that is, $env:TEMP) in the Azure sandbox for runbooks running in Azure. 唯一的限制是不能使用超过 1 GB 的磁盘空间(每个沙盒的配额)。The only limitation is you cannot use more than 1 GB of disk space, which is the quota for each sandbox. 使用 PowerShell 工作流时,这种情况可能会引发问题,因为 PowerShell 工作流使用检查点,脚本可能会在不同的沙盒中重试。When working with PowerShell workflows, this scenario can cause a problem because PowerShell workflows use checkpoints and the script could be retried in a different sandbox.

使用混合沙盒,可以根据混合 Runbook 辅助角色上的存储可用性使用 C:\tempWith the hybrid sandbox, you can use C:\temp based on the availability of storage on a Hybrid Runbook Worker. 但是,根据 Azure VM 建议,不应在 Windows 或 Linux 上使用临时磁盘来存储需要持久保留的数据。However, per Azure VM recommendations, you should not use the temporary disk on Windows or Linux for data that needs to be persisted.


Runbook 必须包含用于处理资源(例如,VM、网络和网络上的资源)的逻辑。Your runbooks must include logic to deal with resources, for example, VMs, the network, and resources on the network. 资源绑定到 Azure 订阅,且 runbook 需要适当的凭据才能访问任何资源。Resources are tied to an Azure subscription, and runbooks require appropriate credentials to access any resource. 有关在 runbook 中处理资源的示例,请参阅处理资源For an example of handling resources in a runbook, see Handle resources.


Azure 自动化使用 Azure 安全中 (ASC) 保护你的资源以及检测 Linux 系统中的漏洞。Azure Automation uses the Azure Security Center (ASC) to provide security for your resources and detect compromise in Linux systems. 无论资源是否在 Azure 中,均可跨工作负荷提供安全性。Security is provided across your workloads, whether resources are in Azure or not. 请参阅 Azure 自动化中的身份验证简介See Introduction to authentication in Azure Automation.

ASC 对可以在 VM 上运行任何签名或未签名脚本的用户施加限制。ASC places constraints on users who can run any scripts, either signed or unsigned, on a VM. 如果你是具有 VM 根访问权限的用户,则必须使用数字签名显式配置计算机或将其关闭。If you are a user with root access to a VM, you must explicitly configure the machine with a digital signature or turn it off. 否则,只有在创建自动化帐户并启用适当的功能之后,才能通过运行脚本来应用操作系统更新。Otherwise, you can only run a script to apply operating system updates after creating an Automation account and enabling the appropriate feature.


Runbook 需要适当凭据才能访问任何资源,无论是用于 Azure 还是第三方系统。A runbook requires appropriate credentials to access any resource, whether for Azure or third-party systems. 这些凭据存储在 Azure 自动化、密钥保管库等中。These credentials are stored in Azure Automation, Key Vault, etc.

Azure MonitorAzure Monitor

Azure 自动化利用 Azure Monitor 来监视其计算机操作。Azure Automation makes use of Azure Monitor for monitoring its machine operations. 这些操作需要 Log Analytics 工作区和 Log Analytics 代理The operations require a Log Analytics workspace and a Log Analytics agent.

适用于 Windows 的 Log Analytics 代理Log Analytics agent for Windows

适用于 Windows 的 Log Analytics 代理可与 Azure Monitor 配合使用,用于管理 Windows VM 和物理计算机。The Log Analytics agent for Windows works with Azure Monitor to manage Windows VMs and physical computers. 这些计算机可以在 Azure 或非 Azure 环境(例如本地数据中心)中运行。The machines can be running either in Azure or in a non-Azure environment, such as a local datacenter.


适用于 Windows 的 Log Analytics 代理之前称为 Microsoft Monitoring Agent (MMA)。The Log Analytics agent for Windows was previously known as the Microsoft Monitoring Agent (MMA).

适用于 Linux 的 Log Analytics 代理Log Analytics agent for Linux

适用于 Linux 的 Log Analytics 代理与适用于 Windows 的代理工作原理类似,但它将 Linux 计算机连接到 Azure Monitor。The Log Analytics agent for Linux works similarly to the agent for Windows, but connects Linux computers to Azure Monitor. 安装此代理时需具有 nxautomation 用户帐户,该用户帐户允许执行需要根权限的命令,例如,在混合 Runbook 辅助角色上执行的命令。The agent is installed with a nxautomation user account that allows execution of commands requiring root permissions, for example, on a Hybrid Runbook Worker. nxautomation 帐户是不需要密码的系统帐户。The nxautomation account is a system account that doesn't require a password.

安装 Linux 混合 Runbook 辅助角色期间,必须存在具有相应 sudo 权限的 nxautomation 帐户。The nxautomation account with the corresponding sudo permissions must be present during installation of a Linux Hybrid Runbook worker. 如果尝试安装辅助角色时该帐户不存在或帐户不具有相应权限,则安装将失败。If you try to install the worker and the account is not present or doesn�t have the appropriate permissions, the installation fails.

不应更改 sudoers.d 文件夹的权限或其所有权。You should not change the permissions of the sudoers.d folder or its ownership. nxautomation 帐户需要 Sudo 权限,不应删除这些权限。Sudo permission is required for the nxautomation account and the permissions should not be removed. 将它限制到某些文件夹或命令可能会导致中断性变更。Restricting this to certain folders or commands may result in a breaking change.

Log Analytics 代理和 nxautomation 帐户的可用日志如下:The logs available for the Log Analytics agent and the nxautomation account are:

  • /var/opt/microsoft/omsagent/log/omsagent.log - Log Analytics 代理日志/var/opt/microsoft/omsagent/log/omsagent.log - Log Analytics agent log
  • /var/opt/microsoft/omsagent/run/automationworker/worker.log - 自动化辅助角色日志/var/opt/microsoft/omsagent/run/automationworker/worker.log - Automation worker log


作为更新管理的一部分启用的 nxautomation 用户仅执行签名的 runbook。The nxautomation user enabled as part of Update Management executes only signed runbooks.

Runbook 权限Runbook permissions

Runbook 需要通过凭据向 Azure 进行身份验证的权限。A runbook needs permissions for authentication to Azure, through credentials. 请参阅管理 Azure 自动化运行方式帐户See Manage Azure Automation Run As accounts.


Azure 自动化支持多个默认模块,包括一些 AzureRM 模块 (AzureRM.Automation) 和一个包含多个内部 cmdlet 的模块。Azure Automation supports a number of default modules, including some AzureRM modules (AzureRM.Automation) and a module containing several internal cmdlets. 它还支持可安装的模块,其中包括 Az 模块 (Az.Automation),当前优先使用该模块,而不是 AzureRM 模块。Also supported are installable modules, including the Az modules (Az.Automation), currently being used in preference to AzureRM modules. 有关可用于你的 runbook 和 DSC 配置的模块的详细信息,请参阅在 Azure 自动化中管理模块For details of the modules that are available for your runbooks and DSC configurations, see Manage modules in Azure Automation.


Azure 自动化使用证书向 Azure 进行身份验证,或将其添加到 Azure 或第三方资源。Azure Automation uses certificates for authentication to Azure or adds them to Azure or third-party resources. 证书通过安全方式存储,以供 runbook 和 DSC 配置访问。The certificates are stored securely for access by runbooks and DSC configurations.

Runbook 可以使用未经证书颁发机构 (CA) 签名的自签名证书。Your runbooks can use self-signed certificates, which are not signed by a certificate authority (CA). 请参阅创建新证书See Create a new certificate.


Azure 自动化支持从同一自动化帐户运行作业的环境。Azure Automation supports an environment to run jobs from the same Automation account. 一个 runbook 可以同时运行多个作业。A single runbook can have many jobs running at one time. 同时运行的作业越多,就越可能将其分派到同一个沙盒中。The more jobs you run at the same time, the more often they can be dispatched to the same sandbox.

在同一沙盒进程中运行的作业可能相互影响。Jobs running in the same sandbox process can affect each other. 一个示例就是运行 Disconnect-AzAccount cmdlet。One example is running the Disconnect-AzAccount cmdlet. 执行此 cmdlet 会断开共享沙盒进程中每个 runbook 作业的连接。Execution of this cmdlet disconnects each runbook job in the shared sandbox process. 有关使用此方案的示例,请参阅阻止并发作业For an example of working with this scenario, see Prevent concurrent jobs.


从 Azure 中运行的 runbook 启动的 PowerShell 作业可能无法在完整 PowerShell 语言模式下运行。PowerShell jobs started from a runbook that runs in an Azure sandbox might not run in the full PowerShell language mode.

作业状态Job statuses

下表介绍作业的可能状态。The following table describes the statuses that are possible for a job. 可以查看所有 runbook 作业的状态摘要或在 Azure 门户中深入了解特定 runbook 作业的详细信息。You can view a status summary for all runbook jobs or drill into details of a specific runbook job in the Azure portal. 此外,还可配置与 Log Analytics 工作区的集成,以转发 runbook 作业状态和作业流。You can also configure integration with your Log Analytics workspace to forward runbook job status and job streams. 有关与 Azure Monitor 日志集成的详细信息,请参阅将作业状态和作业流从自动化转发到 Azure Monitor 日志For more information about integrating with Azure Monitor logs, see Forward job status and job streams from Automation to Azure Monitor logs. 另请参阅获取作业状态,以获取使用 runbook 中的状态的示例。See also Obtain job statuses for an example of working with statuses in a runbook.

状态Status 说明Description
已完成Completed 作业已成功完成。The job completed successfully.
失败Failed 图形或 PowerShell 工作流 runbook 未能编译。A graphical or PowerShell Workflow runbook failed to compile. PowerShell runbook 未能启动或作业遇到异常。A PowerShell runbook failed to start or the job had an exception. 请参阅 Azure 自动化 runbook 类型See Azure Automation runbook types.
失败,正在等待资源Failed, waiting for resources 作业失败,因为它已达到公平份额限制三次,并且每次都从同一个检查点或 Runbook 开始处启动。The job failed because it reached the fair share limit three times and started from the same checkpoint or from the start of the runbook each time.
已排队Queued 作业正在等待自动化辅助角色上的资源变得可用,以便其能够启动。The job is waiting for resources on an Automation worker to become available so that it can be started.
正在恢复Resuming 系统正在恢复已暂停的作业。The system is resuming the job after it was suspended.
正在运行Running 作业正在运行。The job is running.
正在运行,正在等待资源Running, waiting for resources 作业已卸载,因为它已达到公平份额限制。The job has been unloaded because it reached the fair share limit. 片刻之后,它将从其上一个检查点恢复。It will resume shortly from its last checkpoint.
正在启动Starting 作业已分配给辅助角色,并且系统正在将它启动。The job has been assigned to a worker, and the system is starting it.
已停止Stopped 作业在完成之前已被用户停止。The job was stopped by the user before it was completed.
正在停止Stopping 系统正在停止作业。The system is stopping the job.
已挂起Suspended 仅适用于图形 runbook 和 PowerShell 工作流 runbookApplies to graphical and PowerShell Workflow runbooks only. 作业已被用户、系统或 Runbook 中的命令暂停。The job was suspended by the user, by the system, or by a command in the runbook. 如果 runbook 没有检查点,则会从开始处启动。If a runbook doesn't have a checkpoint, it starts from the beginning. 如果它有检查点,它将重新启动并从其上一个检查点继续。If it has a checkpoint, it can start again and resume from its last checkpoint. 系统仅在发生异常时暂停 runbook。The system only suspends the runbook when an exception occurs. 默认情况下,ErrorActionPreference 变量设置为“继续”,表示出错时作业将保持运行。By default, the ErrorActionPreference variable is set to Continue, indicating that the job keeps running on an error. 如果该首选项变量设置为“停止”,则出错时作业会暂停。If the preference variable is set to Stop, the job suspends on an error.
正在暂停Suspending 仅适用于图形 runbook 和 PowerShell 工作流 runbookApplies to graphical and PowerShell Workflow runbooks only. 系统正在尝试按用户请求暂停作业。The system is trying to suspend the job at the request of the user. Runbook 只有在达到其下一个检查点后才能挂起。The runbook must reach its next checkpoint before it can be suspended. 如果 runbook 越过了最后一个检查点,则只有在完成后才能暂停。If it has already passed its last checkpoint, it completes before it can be suspended.

活动日志记录Activity logging

在 Azure 自动化中执行 runbook 会在自动化帐户的活动日志中写入详细信息。Execution of runbooks in Azure Automation writes details in an activity log for the Automation account. 有关如何使用日志的详细信息,请参阅从活动日志中检索详细信息For details of using the log, see Retrieve details from Activity log.


本部分介绍在 runbook 中处理异常或间歇性问题的一些方法。This section describes some ways to handle exceptions or intermittent issues in your runbooks. 一个示例是 WebSocket 异常。An example is a WebSocket exception. 正确的异常处理可防止暂时性网络故障导致 runbook 失败。Correct exception handling prevents transient network failures from causing your runbooks to fail.


ErrorActionPreference 变量确定 PowerShell 如何响应非终止错误。The ErrorActionPreference variable determines how PowerShell responds to a non-terminating error. 终止错误始终会终止,并且不受 ErrorActionPreference 影响。Terminating errors always terminate and are not affected by ErrorActionPreference.

当 runbook 使用 ErrorActionPreference 时,通常发生的非终止错误(例如 Get-ChildItem cmdlet 中的 PathNotFound)会阻止 runbook 完成。When the runbook uses ErrorActionPreference, a normally non-terminating error such as PathNotFound from the Get-ChildItem cmdlet stops the runbook from completing. 以下示例演示如何使用 ErrorActionPreferenceThe following example shows the use of ErrorActionPreference. 由于脚本停止,最后的 Write-Output 命令从不执行。The final Write-Output command never executes, as the script stops.

$ErrorActionPreference = 'Stop'
Get-ChildItem -path nofile.txt
Write-Output "This message will not show"

Try Catch FinallyTry Catch Finally

Try Catch Finally 在 PowerShell 脚本中用于处理终止错误。Try Catch Finally is used in PowerShell scripts to handle terminating errors. 脚本可以使用此机制来捕获特定异常或一般异常。The script can use this mechanism to catch specific exceptions or general exceptions. catch 语句应用于跟踪或尝试处理错误。The catch statement should be used to track or try to handle errors. 以下示例尝试下载不存在的文件。The following example tries to download a file that does not exist. 它捕获 System.Net.WebException 异常,并返回任何其他异常的最后一个值。It catches the System.Net.WebException exception and returns the last value for any other exception.

   $wc = new-object System.Net.WebClient
catch [System.Net.WebException]
    "Unable to download MyDoc.doc from http://www.contoso.com."
    "An error occurred that could not be resolved."


Throw 可用于生成终止错误。Throw can be used to generate a terminating error. 在 runbook 中定义自己的逻辑时,此机制很有用。This mechanism can be useful when defining your own logic in a runbook. 如果脚本满足应停止脚本的条件,则可以使用 throw 语句停止。If the script meets a criterion that should stop it, it can use the throw statement to stop. 以下示例使用此语句显示必需的函数参数。The following example uses this statement to show a required function parameter.

function Get-ContosoFiles
  param ($path = $(throw "The Path parameter is required."))
  Get-ChildItem -Path $path\*.txt -recurse


Runbook 必须处理错误。Your runbooks must handle errors. Azure 自动化支持两种类型的 PowerShell 错误,即终止错误和非终止错误。Azure Automation supports two types of PowerShell errors, terminating and non-terminating.

发生终止错误时,终止错误会停止执行 runbook。Terminating errors stop runbook execution when they occur. Runbook 停止且作业状态为“失败”。The runbook stops with a job status of Failed.

非终止错误允许脚本在发生非终止错误后继续运行。Non-terminating errors allow a script to continue even after they occur. 非终止错误的示例为:runbook 对不存在的路径使用 Get-ChildItem cmdlet。An example of a non-terminating error is one that occurs when a runbook uses the Get-ChildItem cmdlet with a path that doesn't exist. PowerShell 发现路径不存在,然后引发错误,并继续转到下一文件夹。PowerShell sees that the path doesn't exist, throws an error, and continues to the next folder. 此例中的错误不会将 runbook 作业状态设置为“失败”,并且作业甚至可能已完成。The error in this case doesn't set the runbook job status to Failed, and the job might even be completed. 若要强制 runbook 在发生非终止性错误时停止,可以使用 ErrorAction Stop cmdlet。To force a runbook to stop on a non-terminating error, you can use ErrorAction Stop on the cmdlet.

调用进程Calling processes

在 Azure 沙盒中运行的 runbook 不支持调用进程,例如可执行文件(.exe 文件)或子进程。Runbooks that run in Azure sandboxes don't support calling processes, such as executables ( .exe files) or subprocesses. 出现这种情况的原因是,Azure 沙盒是在容器中运行的共享进程,该容器可能无法访问所有基础 API。The reason for this is that an Azure sandbox is a shared process run in a container that might not be able to access all the underlying APIs. 对于需要第三方软件或需要调用子进程的方案,应在混合 Runbook 辅助角色上执行 runbook。For scenarios requiring third-party software or calls to subprocesses, you should execute a runbook on a Hybrid Runbook Worker.

设备和应用程序特征Device and application characteristics

Azure 沙盒中的 runbook 作业无法访问任何设备或应用程序特征。Runbook jobs in Azure sandboxes can't access any device or application characteristics. 用于在 Windows 上查询性能指标的最常见 API 为 WMI,其中一些常用指标包括内存和 CPU 使用率。The most common API used to query performance metrics on Windows is WMI, with some of the common metrics being memory and CPU usage. 但是,由于在云中运行的作业无法访问基于 Web 的企业管理 (WBEM) 的 Microsoft 实现,所使用的 API 并不重要。However, it doesn't matter what API is used, as jobs running in the cloud can't access the Microsoft implementation of Web-Based Enterprise Management (WBEM). 此平台基于通用信息模型 (CIM) 生成,提供用于定义设备和应用程序特性的行业标准。This platform is built on the Common Information Model (CIM), providing the industry standards for defining device and application characteristics.


外部服务(例如,Azure DevOps Services 和 GitHub)可以在 Azure 自动化中启动 runbook。External services, for example, Azure DevOps Services and GitHub, can start a runbook in Azure Automation. 为了执行这种类型的启动,服务通过单个 HTTP 请求使用 WebhookTo do this type of startup, the service uses a webhook via a single HTTP request. 借助 Webhook,无需实现完整的 Azure 自动化功能即可启动 runbook。Use of a webhook allows runbooks to be started without implementation of a full Azure Automation feature.

共享资源Shared resources

为了在云中的所有 runbook 之间共享资源,Azure 使用称为公平份额的概念。To share resources among all runbooks in the cloud, Azure uses a concept called fair share. 使用公平份额时,Azure 会暂时卸载或停止已运行三小时以上的所有作业。Using fair share, Azure temporarily unloads or stops any job that has run for more than three hours. PowerShell runbookPython runbook 的作业会停止且不会重启,作业状态变为“已停止”。Jobs for PowerShell runbooks and Python runbooks are stopped and not restarted, and the job status becomes Stopped.

对于长时间运行的 Azure 自动化任务,建议使用混合 Runbook 辅助角色。For long-running Azure Automation tasks, it's recommended to use a Hybrid Runbook Worker. 混合 Runbook 辅助角色不受公平份额限制,并且不会限制 runbook 的执行时间。Hybrid Runbook Workers aren't limited by fair share, and don't have a limitation on how long a runbook can execute. 其他作业限制适用于 Azure 沙盒和混合 Runbook 辅助角色。The other job limits apply to both Azure sandboxes and Hybrid Runbook Workers. 虽然混合 Runbook 辅助角色不受 3 小时公平份额限制的约束,但你应该开发在辅助角色上运行的 runbook,以便在出现意外的本地基础结构问题时支持重启。While Hybrid Runbook Workers aren't limited by the three hour fair share limit, you should develop runbooks to run on the workers that support restarts from unexpected local infrastructure issues.

另一种选择是通过使用子 runbook 来优化 runbook。Another option is to optimize a runbook by using child runbooks. 例如,runbook 可能会在多个资源上循环访问同一函数(例如,对多个数据库执行某个数据库操作)。For example, your runbook might loop through the same function on several resources, for example, with a database operation on several databases. 可将此函数移至子 runbook,并让 runbook 使用 Start-AzAutomationRunbook 对其进行调用。You can move this function to a child runbook and have your runbook call it using Start-AzAutomationRunbook. 子 runbook 在单独的进程中并行执行。Child runbooks execute in parallel in separate processes.

使用子 runbook 可减少完成父 runbook 所需的时间总量。Using child runbooks decreases the total amount of time for the parent runbook to complete. Runbook 可以使用 Get-AzAutomationJob cmdlet 检查子 runbook 的作业状态(如果其在子 runbook 完成后仍有更多操作需要执行)。Your runbook can use the Get-AzAutomationJob cmdlet to check the job status for a child runbook if it still has more operations after the child completes.

后续步骤Next steps