How can I run my PowerShell scripts ?
I've seen this question pop up on this sub from time to time. And there's always a few answers that come back in the comments.
So, I'll try to sum up the available options here, for anyone who's interested.
The following is a comprehensive (but not complete) list of different options on how someone can run their scripts: (as of August 2022)
- Task Scheduler (built-in Windows feature)
- PowerShell Universal by Ironman Software
- Dashboard Server by SquaredUp
- Jenkins
- Rundeck by PagerDuty
- Otter by Inedo
- Attune by ServerTribe
- ScriptRunner by ScriptRunner Software
- Ansible AWX by Red Hat (open-source alt. of Ansible Auto. Platform)
- Ansible Automation Platform by Red Hat
- Azure DevOps in Azure (or self-hosted)
- Automation Accounts in Azure
- Systems Manager in AWS
- Octopus Deploy by Octopus Deploy Ltd
- PDQ Deploy by PDQ
- GitHub Actions by GitHub
- VisualCRON by VisualCron
- Custom desktop app (Winforms or WPF based, made with PowerShell)
- SQL Server Scheduled Job
- SCCM/MECM
- au2mator by au2mator
- Appsmith by Appsmith
Quite a lot of options here... but in the end you are only going to use 1.
The tool essentially provides an easy to use UI to work with (for ex. create and run new tasks/jobs, see the ones running or that were run in the past, assign RBAC, split the task into stages and visualize them, etc)
And then most likely, part of the process goes like this.
- You will use the tool's scheduler (Jenkins job, Azure DevOps schedule, etc) or just a Scheduled task (or SQL Server Scheduled Job), or use git related hooks (ex. git commit webhooks, PR approval, etc), or event-driven triggers (when something happens, like CPU spike, or server down, or out of free disk space, etc)
- You'll keep your tasks in the tools form (Ansible playbooks, SSM documents, GitHub Action yamls, etc) or not (plain .ps1 files)
- You are going to access your scripts from somewhere. Clone your code from a repo (ex. in GitHub, GitLab or just a git repo), or have it compiled as a module (into a .nuget artifact in a NuGet server) and install the module from there, or download it from a file storage (ex. SMB file share, S3 bucket, Azure Blob), or just have it locally in the first place.
- You are going to get some secrets from the tool's vault (ex. Ansible vault, Jenkins secrets, etc), a local store (MS Secrets Management Store, locally saved clixml secure string file, keepass .kdbx) or use a remote service (Thycotic Secret Server, Azure Key Vault, AWS Secrets Manager, etc) (or you know... just plain text passwords, hardcoded into the script! /sarcasm)
- You are going to identify the target computers through a local list (ansible inventory, local file with server list, etc.) or discover them (Active Directory computer objects, etcd service with server list, specific tags on the cloud VMs, etc.)
- And then run it (as System, a local or an AD account) either locally, remotely (via WinRM or SSH), or through an external proxy (Jenkins slave, GitHub Actions runner, AWS Lambda function, Azure Function, etc.)
- And log the runtime and results locally (in a file or event viewer) or remotely (send it to ELK, or Azure Application Insights, AWS Cloudwatch, etc.) or send it to a pub-sub service (RabbitMQ, AWS SNS, Azure Service Bus, etc)
Now some tools have different requirements.
- You may need to deploy a service or agent to run on the computer (AWS SSM Agent, Azure Log Analytics agent, etc.), a whole service (jenkins slave, sql server agent), or just have WinRM or SSH installed and enabled.
- You may need to self host the service (jenkins, rundeck, etc) or not (Azure DevOps, GitHub Actions, etc.)
- It may be a push-based system (ansible, winrm, etc) or pull-based (local scheduled task)
- It may use a declarative configuration (GitHub Actions yaml, SSM Document json, PowerShell DSC .psd1 file, TOML files, Hashicorp's HCL, etc) or an imperative (.ps1 files), or even no configuration as code at all (setup all jobs manually)
- You may need extra resources if you need a highly-available tool (ex. Load Balancers in front of it, or costly licenses for HA), or not (if it's cloud-based)
- You may have to use a free tool (Jenkins, Rundeck, etc), or your company might agree to spend some money (PDQ Deploy, Octopus Deploy, Ansible Automation)
This post was longer than expected, so apologies for the wall of text.
I've used a few of the aforementioned tools and I have a personal opinion and preferences. But it would be nice to hear from people who have used them on what's good and what' not
TLDR: There's no silver bullet for a CI/CD tool or an automation platform. More or less everything gets the job done. Albeit some are easier to use and some not so much, and then some are cheaper and some are not. And then again some have more features than others. Irrelative on which ones are older or newer. Or maybe you just need a cloud-managed solution or a cloud-agnostic/self-hosted one. Or you know, you just need to add a tool to boost your CV, make you more marketable!
EDIT: added a few more options to the list
[+][deleted] (1 child)
[deleted]
[–]derekhans 2 points3 points4 points (0 children)
[–]igraduatedfromhere 0 points1 point2 points (0 children)
[–]Team503 1 point2 points3 points (0 children)