在 Azure 自动化中执行 RunbookRunbook execution in Azure Automation

使用 Azure 自动化中的流程自动化,你可以创建和管理 PowerShell、PowerShell 工作流和图形 Runbook。Process automation in Azure Automation allows you to create and manage PowerShell, PowerShell Workflow, and graphical runbooks. 有关详细信息,请参阅 Azure 自动化 RunbookFor details, see Azure Automation runbooks.

自动化基于 Runbook 中定义的逻辑来执行 Runbook。Automation executes your runbooks based on the logic defined inside them. Runbook 在中断的情况下会从头开始重启。If a runbook is interrupted, it restarts at the beginning. 这种行为要求编写的 Runbook 在发生暂时性问题时支持重启。This behavior requires you to write runbooks that support being restarted if transient issues occur.

在 Azure 自动化中启动 Runbook 会创建一个作业,该作业是 Runbook 的单个执行实例。Starting a runbook in Azure Automation creates a job, which is a single execution instance of the runbook. 每个作业通过与 Azure 订阅建立连接来访问 Azure 资源。Each job accesses Azure resources by making a connection to your Azure subscription. 仅当数据中心的资源可从公有云访问时,作业才能访问这些资源。The job can only access resources in your datacenter if those resources are accessible from the public cloud.

在执行 Runbook 期间,Azure 自动化将分配一个辅助角色来运行每个作业。Azure Automation assigns a worker to run each job during runbook execution. 尽管辅助角色由多个 Azure 帐户共享,但不同自动化帐户中的作业是相互独立的。While workers are shared by many Azure accounts, jobs from different Automation accounts are isolated from one another. 无法控制由哪个辅助角色来处理作业请求。You can't control which worker services your job requests.

在 Azure 门户中查看 Runbook 列表时,会显示针对每个 Runbook 启动的作业的状态。When you view the list of runbooks in the Azure portal, it shows the status of each job that has been started for each runbook. Azure 自动化将作业日志最多存储 30 天。Azure Automation stores job logs for a maximum of 30 days.

下图显示了 PowerShell RunbookPowerShell 工作流 Runbook图形 Runbook 的 Runbook 作业生命周期。The following diagram shows the lifecycle of a runbook job for PowerShell runbooks, PowerShell Workflow runbooks, and graphical runbooks.

作业状态 - PowerShell 工作流

Note

如果有兴趣查看或删除个人数据,请参阅 GDPR 的 Azure 数据使用者请求一文。If you’re interested in viewing or deleting personal data, please see the Azure Data Subject Requests for the GDPR article. 如需关于 GDPR 的常规信息,请参阅服务信任门户的 GDPR 部分If you’re looking for general info about GDPR, see the GDPR section of the Service Trust portal.

Runbook 执行环境Runbook execution environment

Azure 自动化中的 Runbook 可以在 Azure 沙盒上运行,也可以在混合 Runbook 辅助角色上运行。Runbooks in Azure Automation can run on either an Azure sandbox or a Hybrid Runbook Worker.

当 Runbook 设计为针对 Azure 中的资源进行身份验证并运行时,它们将在 Azure 沙盒中运行,而沙盒是可以由多个作业使用的共享环境。When runbooks are designed to authenticate and run against resources in Azure, they run in an Azure sandbox, which is a shared environment that multiple jobs can use. 使用同一沙盒的作业受沙盒的资源限制约束。Jobs using the same sandbox are bound by the resource limitations of the sandbox. Azure 沙盒环境不支持交互式操作。The Azure sandbox environment does not support interactive operations. 它会阻止对所有进程外 COM 服务器的访问。It prevents access to all out-of-process COM servers. 对于进行 Win32 调用的 Runbook,它还需要使用本地 MOF 文件。It also requires the use of local MOF files for runbooks that make Win32 calls.

你还可使用混合 Runbook 辅助角色直接在托管角色的计算机上运行 Runbook,或对环境中的本地资源运行 Runbook。You can also use a Hybrid Runbook Worker to run runbooks directly on the computer that hosts the role and against local resources in the environment. Azure 自动化将存储并管理 Runbook,然后将其传送到一台或多台指定的计算机。Azure Automation stores and manages runbooks and then delivers them to one or more assigned computers.

Note

若要在 Linux 混合 Runbook 辅助角色上运行,必须对脚本进行签名,并相应地配置辅助角色。To run on a Linux Hybrid Runbook Worker, your scripts must be signed and the worker configured accordingly. 或者,必须禁用签名验证Alternatively, signature validation must be turned off.

下表列出了一些 Runbook 执行任务,以及每个任务的建议执行环境。The following table lists some runbook execution tasks with the recommended execution environment listed for each.

任务Task 建议Recommendation 注释Notes
与 Azure 资源集成Integrate with Azure resources Azure 沙盒Azure Sandbox 托管在 Azure 中,身份验证更为简单。Hosted in Azure, authentication is simpler. 如果使用 Azure VM 上的混合 Runbook 辅助角色,则可使用具有托管标识的 Runbook 身份验证If you're using a Hybrid Runbook Worker on an Azure VM, you can use runbook authentication with managed identities.
管理 Azure 资源时可以获得最佳性能Obtain optimal performance to manage Azure resources Azure 沙盒Azure Sandbox 脚本在同一环境中运行,因此延迟更低。Script is run in the same environment, which has less latency.
最大程度减少运营成本Minimize operational costs Azure 沙盒Azure Sandbox 没有计算开销,不需要 VM。There is no compute overhead and no need for a VM.
执行长时间运行的脚本Execute long-running script 混合 Runbook 辅助角色Hybrid Runbook Worker Azure 沙盒具有资源限制Azure sandboxes have resource limits.
与本地服务进行交互Interact with local services 混合 Runbook 辅助角色Hybrid Runbook Worker 直接访问主机、其他云环境中的资源或本地环境中的资源。Directly access the host machine, or resources in other cloud environments or the on-premises environment.
需要第三方软件和可执行文件Require third-party software and executables 混合 Runbook 辅助角色Hybrid Runbook Worker 由你管理操作系统,可以安装软件。You manage the operating system and can install software.
运行资源密集型脚本Run a resource-intensive script 混合 Runbook 辅助角色Hybrid Runbook Worker Azure 沙盒具有资源限制Azure sandboxes have resource limits.
使用存在特定要求的模块Use modules with specific requirements 混合 Runbook 辅助角色Hybrid Runbook Worker 下面是一些示例:Some examples are:
WinSCP - winscp.exe 上的依赖项WinSCP - dependency on winscp.exe
IIS 管理 - 取决于 IIS 的启用或托管IIS administration - dependency on enabling or managing IIS
使用安装程序安装模块Install a module with an installer 混合 Runbook 辅助角色Hybrid Runbook Worker 沙盒的模块必须支持复制。Modules for sandbox must support copying.
使用需要不同于 4.7.2 版本的 .NET Framework 的 Runbook 或模块Use runbooks or modules that require .NET Framework version different from 4.7.2 混合 Runbook 辅助角色Hybrid Runbook Worker Azure 沙盒支持 .NET Framework 4.7.2,不支持升级到其他版本。Azure sandboxes support .NET Framework 4.7.2, and upgrading to a different version is not supported.
运行需要提升权限的脚本Run scripts that require elevation 混合 Runbook 辅助角色Hybrid Runbook Worker 沙盒不允许提升权限。Sandboxes don't allow elevation. 使用混合 Runbook 辅助角色可以关闭 UAC,并在运行需要提升权限的命令时使用 Invoke-CommandWith a Hybrid Runbook Worker, you can turn off UAC and use Invoke-Command when running the command that requires elevation.
运行那些需要访问 Windows Management Instrumentation (WMI) 的脚本Run scripts that require access to Windows Management Instrumentation (WMI) 混合 Runbook 辅助角色Hybrid Runbook Worker 在云中的沙盒中运行的作业无法访问 WMI 提供程序。Jobs running in sandboxes in the cloud can't access WMI provider.

资源Resources

Runbook 必须包含用于处理资源(例如 VM、网络和网络上的资源)的逻辑。Your runbooks must include logic to deal with resources, for example, VMs, the network, and resources on the network. 资源与 Azure 订阅相关联,并且 Runbook 需要适当的凭据才能访问任何资源。Resources are tied to an Azure subscription, and runbooks require appropriate credentials to access any resource. 有关在 Runbook 中处理资源的示例,请参阅处理资源For an example of handling resources in a runbook, see Handle resources.

安全性Security

Azure 自动化使用 Azure 安全中心 (ASC) 为资源提供安全保障,并检测 Linux 系统中是否存在数据泄露现象。Azure Automation uses the Azure Security Center (ASC) to provide security for your resources and detect compromise in Linux systems. 不管资源是否在 Azure 中,均跨工作负载提供安全性。Security is provided across your workloads, whether resources are in Azure or not. 请参阅 Azure 自动化中的身份验证简介See Introduction to authentication in Azure Automation.

ASC 对可在 VM 上运行任何脚本(有符号或无符号)的用户施加限制。ASC places constraints on users who can run any scripts, either signed or unsigned, on a VM. 如果你是具有 VM 的根访问权限的用户,则必须使用数字签名显式配置计算机或将其关闭。If you are a user with root access to a VM, you must explicitly configure the machine with a digital signature or turn it off. 否则,只有在创建自动化帐户并启用适当的功能之后,才能通过运行脚本来应用操作系统更新。Otherwise, you can only run a script to apply operating system updates after creating an Automation account and enabling the appropriate feature.

凭据Credentials

Runbook 需要适当的凭据才能访问 Azure 或第三方系统的任何资源。A runbook requires appropriate credentials to access any resource, whether for Azure or third-party systems. 这些凭据存储在 Azure 自动化、密钥保管库等中。These credentials are stored in Azure Automation, Key Vault, etc.

Azure MonitorAzure Monitor

Azure 自动化利用 Azure Monitor 来监视其计算机操作。Azure Automation makes use of the Azure Monitor for monitoring its machine operations. 操作需要 Log Analytics 工作区和 Log Analytics 代理The operations require a Log Analytics workspace and Log Analytics agents.

适用于 Windows 的 Log Analytics 代理Log Analytics agent for Windows

适用于 Windows 的 Log Analytics 代理使用 Azure Monitor 来管理 Windows VM 和物理计算机。The Log Analytics agent for Windows works with Azure Monitor to manage Windows VMs and physical computers. 计算机可以在 Azure 中运行,也可以在非 Azure 环境(例如本地数据中心)中运行。The machines can be running either in Azure or in a non-Azure environment, such as a local datacenter. 必须将代理配置为向一个或多个 Log Analytics 工作区报告。You must configure the agent to report to one or more Log Analytics workspaces.

Note

适用于 Windows 的 Log Analytics 代理之前称为 Microsoft Monitoring Agent (MMA)。The Log Analytics agent for Windows was previously known as the Microsoft Monitoring Agent (MMA).

适用于 Linux 的 Log Analytics 代理Log Analytics agent for Linux

适用于 Linux 的 Log Analytics 代理的工作方式类似于适用于 Windows 的 Log Analytics 代理,但会将 Linux 计算机连接到 Azure Monitor。The Log Analytics agent for Linux works similarly to the agent for Windows, but connects Linux computers to Azure Monitor. 安装此代理时需具有 nxautomation 用户帐户,该用户帐户允许执行需要根权限的命令,例如,在混合 Runbook 辅助角色上执行命令。The agent is installed with an nxautomation user account that allows execution of commands requiring root permissions, for example, on a Hybrid Runbook Worker. nxautomation 帐户是无需密码的系统帐户。The nxautomation account is a system account that doesn't require a password.

安装 Linux 混合 Runbook 辅助角色期间,必须存在具有相应 sudo 权限的 nxautomation 帐户。The nxautomation account with the corresponding sudo permissions must be present during installation of a Linux Hybrid Runbook worker. 如果尝试安装辅助角色时该帐户不存在或帐户不具有相应权限,则安装将失败。If you try to install the worker and the account is not present or doesn�t have the appropriate permissions, the installation fails.

Log Analytics 代理和 nxautomation 帐户的可用日志如下:The logs available for the Log Analytics agent and the nxautomation account are:

  • /var/opt/microsoft/omsagent/log/omsagent.log - Log Analytics 代理日志/var/opt/microsoft/omsagent/log/omsagent.log - Log Analytics agent log
  • /var/opt/microsoft/omsagent/run/automationworker/worker.log - 自动化辅助角色日志/var/opt/microsoft/omsagent/run/automationworker/worker.log - Automation worker log

Note

作为更新管理一部分加入的 nxautomation 用户仅执行已签名的 Runbook。The nxautomation user onboarded as part of Update Management executes only signed runbooks.

Runbook 权限Runbook permissions

Runbook 需要通过凭据进行 Azure 身份验证的权限。A runbook needs permissions for authentication to Azure, through credentials. 请参阅 管理 Azure 自动化运行方式帐户See Manage Azure Automation Run As accounts.

证书Certificates

Azure 自动化使用证书进行 Azure 身份验证,或者将证书添加到 Azure 或第三方资源。Azure Automation uses certificates for authentication to Azure or adds them to Azure or third-party resources. 这些证书被存储在安全位置,以供 Runbook 和 DSC 配置使用。The certificates are stored securely for access by runbooks and DSC configurations.

Runbook 可以使用不是由证书颁发机构 (CA) 签名的自签名证书。Your runbooks can use self-signed certificates, which are not signed by a certificate authority (CA). 请参阅创建新证书See Create a new certificate.

作业Jobs

Azure 自动化支持从同一自动化帐户运行作业的环境。Azure Automation supports an environment to run jobs from the same Automation account. 一个 runbook 可以同时运行多个作业。A single runbook can have many jobs running at one time. 同时运行的作业越多,就越可能将其分派到同一个沙盒中。The more jobs you run at the same time, the more often they can be dispatched to the same sandbox.

在同一沙盒进程中运行的作业可能会相互影响。Jobs running in the same sandbox process can affect each other. 一个示例是运行 Disconnect-AzAccount cmdlet。One example is running the Disconnect-AzAccount cmdlet. 执行此 cmdlet 会断开共享沙盒进程中的每个 Runbook 作业。Execution of this cmdlet disconnects each runbook job in the shared sandbox process. 有关使用此方案的示例,请参阅预防并发作业For an example of working with this scenario, see Prevent concurrent jobs.

Note

从 Azure 沙盒中运行的 Runbook 启动的 PowerShell 作业可能无法在完整 PowerShell 语言模式下运行。PowerShell jobs started from a runbook that runs in an Azure sandbox might not run in the full PowerShell language mode.

作业状态Job statuses

下表描述了作业的可能状态。The following table describes the statuses that are possible for a job. 可以查看所有 runbook 作业的摘要状态,或深入了解 Azure 门户中特定 runbook 作业的详细信息。You can view a status summary for all runbook jobs or drill into details of a specific runbook job in the Azure portal. 此外,还可配置与 Log Analytics 工作区的集成,以转发 runbook 作业状态和作业流。You can also configure integration with your Log Analytics workspace to forward runbook job status and job streams. 有关与 Azure Monitor 日志集成的详细信息,请参阅将作业状态和作业流从自动化转发到 Azure Monitor 日志For more information about integrating with Azure Monitor logs, see Forward job status and job streams from Automation to Azure Monitor logs. 有关在 Runbook 中使用状态的示例,另请参阅获取作业状态See also Obtain job statuses for an example of working with statuses in a runbook.

状态Status 说明Description
已完成Completed 作业已成功完成。The job completed successfully.
已失败Failed 图形 Runbook 或 PowerShell 工作流 Runbook 无法编译。A graphical or PowerShell Workflow runbook failed to compile. PowerShell Runbook 无法启动,或作业出现异常。A PowerShell runbook failed to start or the job had an exception. 请参阅 Azure 自动化 Runbook 类型See Azure Automation runbook types.
失败,正在等待资源Failed, waiting for resources 作业失败,因为它已达到 公平份额 限制三次,并且每次都已从同一个检查点或 Runbook 开始处启动。The job failed because it reached the fair share limit three times and started from the same checkpoint or from the start of the runbook each time.
已排队Queued 作业正在等待提供自动化工作线程的资源,以便能够启动。The job is waiting for resources on an Automation worker to become available so that it can be started.
正在恢复Resuming 系统正在恢复已暂停的作业。The system is resuming the job after it was suspended.
正在运行Running 作业正在运行。The job is running.
正在运行,正在等待资源Running, waiting for resources 作业已卸载,因为它已达到公平份额限制。The job has been unloaded because it reached the fair share limit. 片刻之后,它会从其上一个检查点恢复。It will resume shortly from its last checkpoint.
正在启动Starting 作业已分配给辅助角色,并且系统正在将它启动。The job has been assigned to a worker, and the system is starting it.
已停止Stopped 作业在完成之前已被用户停止。The job was stopped by the user before it was completed.
正在停止Stopping 系统正在停止作业。The system is stopping the job.
已挂起Suspended 仅适用于图形 Runbook 和 PowerShell 工作流 RunbookApplies to graphical and PowerShell Workflow runbooks only. 作业已被用户、系统或 Runbook 中的命令暂停。The job was suspended by the user, by the system, or by a command in the runbook. 如果 Runbook 没有检查点,它将从头开始启动。If a runbook doesn't have a checkpoint, it starts from the beginning. 如果它有检查点,它将重新启动并从其上一个检查点继续。If it has a checkpoint, it can start again and resume from its last checkpoint. 仅当发生异常时,系统才会挂起 Runbook。The system only suspends the runbook when an exception occurs. 默认情况下,ErrorActionPreference 变量设置为 Continue,表示出错时作业会保持运行。By default, the ErrorActionPreference variable is set to Continue, indicating that the job keeps running on an error. 如果该首选项变量设置为 Stop,则出错时作业会挂起。If the preference variable is set to Stop, the job suspends on an error.
正在暂停Suspending 仅适用于图形 Runbook 和 PowerShell 工作流 RunbookApplies to graphical and PowerShell Workflow runbooks only. 系统正在尝试按用户请求暂停作业。The system is trying to suspend the job at the request of the user. Runbook 只有在达到其下一个检查点后才能挂起。The runbook must reach its next checkpoint before it can be suspended. 如果 Runbook 越过了最后一个检查点,则只有在完成后才能挂起。If it has already passed its last checkpoint, it completes before it can be suspended.

活动日志记录Activity logging

在 Azure 自动化中执行 Runbook 会在自动化帐户的活动日志中写入详细信息。Execution of runbooks in Azure Automation writes details in an activity log for the Automation account. 有关使用日志的详细信息,请参阅从活动日志中检索详细信息For details of using the log, see Retrieve details from Activity log.

异常Exceptions

本部分介绍如何在 Runbook 中处理异常或间歇性问题。This section describes some ways to handle exceptions or intermittent issues in your runbooks. 例如,WebSocket 异常。An example is a WebSocket exception. 正确处理异常可防止暂时性的网络故障导致 runbook 失败。Correct exception handling prevents transient network failures from causing your runbooks to fail.

ErrorActionPreferenceErrorActionPreference

ErrorActionPreference 变量确定 PowerShell 如何对非终止性错误做出响应。The ErrorActionPreference variable determines how PowerShell responds to a non-terminating error. 终止性错误始终会终止,不受 ErrorActionPreference 影响。Terminating errors always terminate and are not affected by ErrorActionPreference.

当 Runbook 使用 ErrorActionPreference 时,正常的非终止性错误(例如 Get-ChildItem cmdlet 返回的 PathNotFound)会阻止 Runbook 完成。When the runbook uses ErrorActionPreference, a normally non-terminating error such as PathNotFound from the Get-ChildItem cmdlet stops the runbook from completing. 以下示例演示了如何使用 ErrorActionPreferenceThe following example shows the use of ErrorActionPreference. 由于脚本将会停止,最终的 Write-Output 命令永远不会执行。The final Write-Output command never executes, as the script stops.

$ErrorActionPreference = 'Stop'
Get-ChildItem -path nofile.txt
Write-Output "This message will not show"

Try Catch FinallyTry Catch Finally

在 PowerShell 脚本中使用 Try Catch Finally 可以处理终止性错误。Try Catch Finally is used in PowerShell scripts to handle terminating errors. 脚本可以使用此机制捕获特定的异常或一般的异常。The script can use this mechanism to catch specific exceptions or general exceptions. 应使用 catch 语句来跟踪错误或尝试处理错误。The catch statement should be used to track or try to handle errors. 以下示例尝试下载一个不存在的文件。The following example tries to download a file that does not exist. 它捕获 System.Net.WebException 异常,对于任何其他异常,它将返回最后一个值。It catches the System.Net.WebException exception and returns the last value for any other exception.

try
{
   $wc = new-object System.Net.WebClient
   $wc.DownloadFile("http://www.contoso.com/MyDoc.doc")
}
catch [System.Net.WebException]
{
    "Unable to download MyDoc.doc from http://www.contoso.com."
}
catch
{
    "An error occurred that could not be resolved."
}

ThrowThrow

可以使用 Throw 来生成终止性错误。Throw can be used to generate a terminating error. 在 Runbook 中定义自己的逻辑时,此机制可能非常有用。This mechanism can be useful when defining your own logic in a runbook. 如果脚本满足特定的停止条件,则它可以使用 throw 语句进行停止。If the script meets a criterion that should stop it, it can use the throw statement to stop. 以下示例使用此语句显示所需的函数参数。The following example uses this statement to show a required function parameter.

function Get-ContosoFiles
{
  param ($path = $(throw "The Path parameter is required."))
  Get-ChildItem -Path $path\*.txt -recurse
}

错误Errors

Runbook 必须处理错误。Your runbooks must handle errors. Azure 自动化支持两种类型的 PowerShell 错误:终止性和非终止性。Azure Automation supports two types of PowerShell errors, terminating and non-terminating.

发生终止性错误时,Runbook 会停止执行。Terminating errors stop runbook execution when they occur. Runbook 将会停止,作业状态为“失败”。The runbook stops with a job status of Failed.

即使发生非终止性错误,脚本也能继续运行。Non-terminating errors allow a script to continue even after they occur. 例如,当 Runbook 对某个不存在的路径使用 Get-ChildItem cmdlet 时,就会发生非终止错误。An example of a non-terminating error is one that occurs when a runbook uses the Get-ChildItem cmdlet with a path that doesn't exist. PowerShell 发现路径不存在,然后引发错误,并继续转到下一文件夹。PowerShell sees that the path doesn't exist, throws an error, and continues to the next folder. 在此情况下,该错误不会将 Runbook 作业状态设置为“失败”,甚至可能会完成作业。The error in this case doesn't set the runbook job status to Failed, and the job might even be completed. 若要强制 runbook 在发生非终止性错误时停止,可以使用 ErrorAction Stop cmdlet。To force a runbook to stop on a non-terminating error, you can use ErrorAction Stop on the cmdlet.

调用进程Calling processes

在 Azure 沙盒中运行的 Runbook 不支持调用进程,例如可执行文件( .exe 文件)或子进程。Runbooks that run in Azure sandboxes don't support calling processes, such as executables (.exe files) or subprocesses. 这是因为,Azure 沙盒是在容器中运行的共享进程,它可能无法访问所有底层 API。The reason for this is that an Azure sandbox is a shared process run in a container that might not be able to access all the underlying APIs. 对于需要第三方软件或调用子进程的方案,应在混合 Runbook 辅助角色上执行 Runbook。For scenarios requiring third-party software or calls to subprocesses, you should execute a runbook on a Hybrid Runbook Worker.

设备和应用程序特征Device and application characteristics

Azure 沙盒中的 runbook 作业无法访问任何设备或应用程序特征。Runbook jobs in Azure sandboxes can't access any device or application characteristics. 最常用于在 Windows 上查询性能指标的 API 是 WMI,其中的一些常见指标是内存和 CPU 使用率。The most common API used to query performance metrics on Windows is WMI, with some of the common metrics being memory and CPU usage. 但是,使用哪个 API 并不重要,因为在云中运行的作业无法访问基于 Web 的企业管理 (WBEM) 的 Microsoft 实现。However, it doesn't matter what API is used, as jobs running in the cloud can't access the Microsoft implementation of Web-Based Enterprise Management (WBEM). 此平台构建在通用信息模型 (CIM) 的基础之上。CIM 提供有关定义设备和应用程序特征的行业标准。This platform is built on the Common Information Model (CIM), providing the industry standards for defining device and application characteristics.

WebhookWebhooks

外部服务(例如 Azure DevOps Services 和 GitHub)可以在 Azure 自动化中启动 Runbook。External services, for example, Azure DevOps Services and GitHub, can start a runbook in Azure Automation. 若要执行这种类型的启动,服务需通过单个 HTTP 请求使用 WebhookTo do this type of startup, the service uses a webhook via a single HTTP request. 使用 Webhook 可在未实现完整 Azure 自动化解决方案的情况下启动 Runbook。Use of a webhook allows runbooks to be started without implementation of a full Azure Automation solution.

共享资源Shared resources

为了在云中的所有 Runbook 之间共享资源,Azure 使用名为“公平共享”的概念。To share resources among all runbooks in the cloud, Azure uses a concept called fair share. 使用公平共享时,Azure 会临时卸载或停止运行超过三个小时的任何作业。Using fair share, Azure temporarily unloads or stops any job that has run for more than three hours. PowerShell RunbookPython Runbook 的作业将会停止且不会重启,作业状态变为“已停止”。Jobs for PowerShell runbooks and Python runbooks are stopped and not restarted, and the job status becomes Stopped.

对于长时间运行的 Azure 自动化任务,建议使用混合 Runbook 辅助角色。For long-running Azure Automation tasks, it's recommended to use a Hybrid Runbook Worker. 混合 Runbook 辅助角色不受公平份额限制,并且不会限制 runbook 的执行时间。Hybrid Runbook Workers aren't limited by fair share, and don't have a limitation on how long a runbook can execute. 其他作业限制适用于 Azure 沙盒和混合 Runbook 辅助角色。The other job limits apply to both Azure sandboxes and Hybrid Runbook Workers. 虽然混合 Runbook 辅助角色不受 3 小时公平份额限制的约束,但你应该开发在辅助角色上运行的 Runbook,以便在出现意外的本地基础结构问题时支持重启。While Hybrid Runbook Workers aren't limited by the 3-hour fair share limit, you should develop runbooks to run on the workers that support restarts from unexpected local infrastructure issues.

另一种做法是使用子 Runbook 来优化某个 Runbook。Another option is to optimize a runbook by using child runbooks. 例如,你的 Runbook 可能会循环访问多个资源上的同一个函数,例如针对多个数据库执行某个数据库操作。For example, your runbook might loop through the same function on several resources, for example, with a database operation on several databases. 可将此函数移到某个子 Runbook,并让 Runbook 使用 Start-AzureRmAutomationRunbook 调用此函数。You can move this function to a child runbook and have your runbook call it using Start-AzureRmAutomationRunbook. 子 Runbook 在单独的进程中并行执行。Child runbooks execute in parallel in separate processes.

使用子 Runbook 可以减少完成父 Runbook 所需的总时间。Using child runbooks decreases the total amount of time for the parent runbook to complete. 如果 Runbook 在某个子级完成后还有更多操作,则它可以使用 Get-AzRmAutomationJob cmdlet 来检查该子 Runbook 的作业状态。Your runbook can use the Get-AzRmAutomationJob cmdlet to check the job status for a child runbook if it still has more operations after the child completes.

后续步骤Next steps