Starting the runbook on Automation accounts containing Az modules may lead to intermittent failures #5
Comments
AnatoliB
added
help wanted
|
The runbook updates AzureRM.* modules but not Az.* modules |
AnatoliB
changed the title
|
See below my tests using this runbook in its current state to update Az.Storage to the latest version 1.2.0 from 1.1.0: The documentation in this repository and the link below led me to believe this would not work. https://docs.microsoft.com/en-us/azure/automation/automation-update-azure-modules Specifically the points:
Can anyone explain why this is an issue? |
AnatoliB
changed the title
|
@ayoung012 Depending on the content of your Automation account (imported modules, running runbooks) and the timing, you may get lucky and not run into any issues. However, in general case, various intermittent problems are expected. The root cause of this the inability of AzureRM and Az modules to work side-by-side in the same PS session or the same process. Azure Automation can reuse PS sessions and sandbox processes between cloud jobs for the same Automation account, and the user does not have direct control over this. In order to makes sure AzureRM and Az modules are not mixed, we recommend isolating them on the Automation account level (see Az module support in Azure Automation for more details). The runbook in this repository breaks these guidelines by explicitly loading AzureRM modules into the current PS session. This may lead to failures if this job happens to be running on a cloud sandbox executing another job that loads Az modules. One way to fix this would be to modify this runbook to:
|
|
@AnatoliB thanks for the in depth explanation. The main issue here is now clear. This runbook is using the AzureRM.Profile + AzureRM.Automation modules, and is designed to update AzureRM.* modules only. When Az.* modules are installed in an automation account, this runbook will pick them up anyway and may cause failures. Based on your modification suggestion, have you got anything against maintaining two different update runbooks:
Seperate runbooks would make it really clear that this separation is necessary, rather than parameters and module imports based on clauses. |
|
@ayoung012 Yes, maintaining two different runbooks would also work. However, one drawback I see is that these two runbooks would have to share some code (specifically, the code querying the PS Gallery and the logic of ordering module updates according to the dependency graph), with all the consequences of code duplication. This is not terrible, but something to consider. |
|
@AnatoliB I see your point, agreed. Factor in that only four out of the eleven functions implemented use a AzureRM specific module, one of:
So code duplication would be pretty major if two runbooks were to be maintained. |
|
As AA loads all modules I do not think it is advised to have both AzureRM and Az imported in the same account. Not sure how AA team plans to tackle this. Probably needs to be able to make choice at account creation time what type of Azure modules to use. From doc: |
|
@mortenlerudjordet AA does not load all modules to PS sessions. Only those modules that are actually used or explicitly imported with Import-Module are loaded. Please see https://docs.microsoft.com/en/azure/automation/az-modules for the guidelines on using Az in Azure Automation. This is why the associated PR is also taking care of loading either Az or AzureRM modules, but never both. |
|
Az module support is implemented. |
No description provided.
The text was updated successfully, but these errors were encountered: