{"id":40,"date":"2023-03-13T15:33:31","date_gmt":"2023-03-13T23:33:31","guid":{"rendered":"https:\/\/www.dumpsterfirecomputing.com\/?p=40"},"modified":"2023-03-13T15:36:07","modified_gmt":"2023-03-13T23:36:07","slug":"automagical-server-patching","status":"publish","type":"post","link":"https:\/\/www.dumpsterfirecomputing.com\/?p=40","title":{"rendered":"Automagical Server Patching"},"content":{"rendered":"\n

You should always patch your servers and keep them up to date. I’ve been tinkering with Azure’s built-in (albeit Preview feature at time of this writing) Update Management Center, and it’s a really great tool. On a test server I’ve had running, you can see the history of patching here:<\/p>\n\n\n\n

\"\"
History of auto patching<\/figcaption><\/figure>\n\n\n\n

These configurations will assess patches periodically and, on a schedule, download \/ install any updates needed. The above test server is Linux-based, and the updates can be to any package installed on the machine. A sample operation from above looks like this:<\/p>\n\n\n\n

\"\"
Patch update job status<\/figcaption><\/figure>\n\n\n\n

Tons of detail here. Thankfully everything so far has been green \/ successful, but I’m looking forward to seeing how it behaves with some sort of failed install.<\/p>\n\n\n\n

To set this up yourself, you need to define an Azure “Maintenance Configuration<\/a>“. <\/p>\n\n\n\n

A sample of this is as follows.<\/p>\n\n\n\n

\"\"
Create new Maintenance Configuration resource<\/figcaption><\/figure>\n\n\n\n

The options under Maintenance Scope are:<\/p>\n\n\n\n

    \n
  • Host (dedicated \/ isolated infrastructure)<\/li>\n\n\n\n
  • OS Image (VMSS)<\/li>\n\n\n\n
  • Guest (Azure VM, Arc-enabled VMs\/servers)<\/li>\n<\/ul>\n\n\n\n

    For a standard server you’ll choose the third option (Guest). On the ‘Update’ tab you can select which types of updates get installed:<\/p>\n\n\n\n

    \"\"
    Resource Configuration: Specify patch types<\/figcaption><\/figure>\n\n\n\n

    <\/p>\n\n\n\n

    Depending on the type of server (Windows or Linux), you may want to modify the types <\/em>of patches get installed. By default, these are the type of patches that get installed in each OS:<\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n

    In my testing I have an Ubuntu server, so I removed all Windows patches and added all the Linux machines. Azure uses an extension, installed on the server, to manage the communication and installation.<\/p>\n\n\n\n

    Back on the Update Management Center, you can get a pretty decent overview of the servers that are registered, the status of patches.<\/p>\n\n\n\n

    \"\"
    Update Management Center Dashboard<\/figcaption><\/figure>\n\n\n\n

    I have this now running against one of my production servers and will be watching to see how this evolves. I love not worrying about patch management, especially for Linux environments. The first time I get a failed patch installation though, I’ll document what it looks like.<\/p>\n","protected":false},"excerpt":{"rendered":"

    You should always patch your servers and keep them up to date. I’ve been tinkering with Azure’s built-in (albeit Preview feature at time of this writing) Update Management Center, and […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,6,5],"tags":[],"class_list":["post-40","post","type-post","status-publish","format-standard","hentry","category-azure","category-management","category-patching"],"_links":{"self":[{"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=\/wp\/v2\/posts\/40","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=40"}],"version-history":[{"count":5,"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=\/wp\/v2\/posts\/40\/revisions"}],"predecessor-version":[{"id":52,"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=\/wp\/v2\/posts\/40\/revisions\/52"}],"wp:attachment":[{"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=40"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=40"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dumpsterfirecomputing.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=40"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}