Delen via

Control updates with Maintenance Configurations and Azure PowerShell

Van toepassing op: ✔️ Linux-VM's ✔️ Windows-VM's ✔️ Flexibele schaalsets ✔️ Uniforme schaalsets

U kunt de functie Onderhoudsconfiguraties gebruiken om te bepalen wanneer platformupdates op verschillende Azure-resources moeten worden toegepast. This article covers the Azure PowerShell options for dedicated hosts and isolated virtual machines (VMs). For more information about the benefits of using the Maintenance Configurations feature, its limitations, and other management options, see Managing platform updates with Maintenance Configurations.

If you're looking for information about using Maintenance Configurations for scale sets, see Maintenance control for Azure Virtual Machine Scale Sets.

Belangrijk

Specifieke bereiken ondersteunen bepaalde machinetypen en -planningen. Be sure to select the right scope for your VM.

Enable the Azure PowerShell module

Make sure that PowerShellGet is up to date:

Install-Module -Name PowerShellGet -Repository PSGallery -Force

Install the Az.Maintenance Azure PowerShell module:

Install-Module -Name Az.Maintenance

Check that you're running the latest version of Az.Maintenance (version 1.2.0):

Get-Module -ListAvailable -Name Az.Maintenance

Ensure that you're running the appropriate version of Az.Maintenance:

Import-Module -Name Az.Maintenance -RequiredVersion 1.2.0

If you're installing locally, be sure to open your Azure PowerShell prompt as an administrator.

You might be asked to confirm that you want to install from an untrusted repository. Enter Y or select Yes to All to install the module.

Een onderhoudsconfiguratie maken

De eerste stap bij het maken van een onderhoudsconfiguratie is het maken van een resourcegroep als een container voor uw configuratie. In dit voorbeeld wordt een resourcegroep met de naam myMaintenanceRG gemaakt in eastus. Als u al een resourcegroep hebt die u wilt gebruiken, kunt u dit gedeelte overslaan en de naam van de resourcegroep vervangen door uw eigen resourcegroep in de rest van de voorbeelden.

New-AzResourceGroup `
   -Location eastus `
   -Name myMaintenanceRG

You can declare a scheduled window when Azure will recurrently apply the updates on your resources. Nadat u een gepland venster hebt gemaakt, hoeft u de updates niet meer handmatig toe te passen.

U kunt het onderhoudspatroon uitdrukken als dagelijks, wekelijks of maandelijks. Hieronder volgen een aantal voorbeelden:

  • Dagelijks: Een RecurEvery waarde van "Day" of "3Days".
  • Wekelijks: Een RecurEvery waarde van "3Weeks" of "Week Saturday,Sunday".
  • Maandelijks: Een RecurEvery waarde van "Month day23,day24" of "Month Last Sunday" ."Month Fourth Monday"

Gastheer

This example creates a maintenance configuration named myConfig scoped to Host, with a scheduled window of 5 hours on the fourth Monday of every month. The duration value of the schedule for this scope should be at least two hours. To begin, define the parameters for New-AzMaintenanceConfiguration:

$RGName = "myMaintenanceRG"
$configName = "myConfig"
$scope = "Host"
$location = "eastus"
$timeZone = "Pacific Standard Time" 
$duration = "05:00"
$startDateTime = "2022-11-01 00:00"
$recurEvery = "Month Fourth Monday"

After you define the parameters, you can use the New-AzMaintenanceConfiguration cmdlet to create your configuration:

New-AzMaintenanceConfiguration
   -ResourceGroup $RGName `
   -Name $configName `
   -MaintenanceScope $scope `
   -Location $location `
   -StartDateTime $startDateTime `
   -TimeZone $timeZone `
   -Duration $duration `
   -RecurEvery $recurEvery

Using $scope = "Host" ensures that the maintenance configuration is used for controlling updates on host machines. Be sure to create a configuration for the specific scope of the machines that you're targeting. Learn more about scopes.

OS image

This example creates a maintenance configuration named myConfig scoped to osimage, with a scheduled window of 8 hours every 5 days. The duration value of the schedule for this scope should be at least 5 hours. This scope allows a maximum of 7 days for schedule recurrence.

$RGName = "myMaintenanceRG"
$configName = "myConfig"
$scope = "osimage"
$location = "eastus"
$timeZone = "Pacific Standard Time" 
$duration = "08:00"
$startDateTime = "2022-11-01 00:00"
$recurEvery = "5days"

After you define the parameters, you can use the New-AzMaintenanceConfiguration cmdlet to create your configuration:

New-AzMaintenanceConfiguration
   -ResourceGroup $RGName `
   -Name $configName `
   -MaintenanceScope $scope `
   -Location $location `
   -StartDateTime $startDateTime `
   -TimeZone $timeZone `
   -Duration $duration `
   -RecurEvery $recurEvery

Guest

The most recent addition to the Maintenance Configurations feature is the InGuestPatch scope. This example shows how to create a maintenance configuration for a guest scope by using Azure PowerShell. For more information about this scope, see Guest.

$RGName = "myMaintenanceRG"
$configName = "myConfig"
$scope = "InGuestPatch"
$location = "eastus"
$timeZone = "Pacific Standard Time" 
$duration = "04:00"
$startDateTime = "2022-11-01 00:00"
$recurEvery = "Week Saturday, Sunday"
$WindowsParameterClassificationToInclude = "FeaturePack","ServicePack";
$WindowParameterKbNumberToInclude = "KB123456","KB123466";
$WindowParameterKbNumberToExclude = "KB123456","KB123466";
$RebootOption = "IfRequired";
$LinuxParameterClassificationToInclude = "Other";
$LinuxParameterPackageNameMaskToInclude = "apt","httpd";
$LinuxParameterPackageNameMaskToExclude = "ppt","userpk";

After you define the parameters, you can use the New-AzMaintenanceConfiguration cmdlet to create your configuration:

New-AzMaintenanceConfiguration
   -ResourceGroup $RGName `
   -Name $configName `
   -MaintenanceScope $scope `
   -Location $location `
   -StartDateTime $startDateTime `
   -TimeZone $timeZone `
   -Duration $duration `
   -RecurEvery $recurEvery `
   -WindowParameterClassificationToInclude $WindowsParameterClassificationToInclude `
   -WindowParameterKbNumberToInclude $WindowParameterKbNumberToInclude `
   -WindowParameterKbNumberToExclude $WindowParameterKbNumberToExclude `
   -InstallPatchRebootSetting $RebootOption `
   -LinuxParameterPackageNameMaskToInclude $LinuxParameterPackageNameMaskToInclude `
   -LinuxParameterClassificationToInclude $LinuxParameterClassificationToInclude `
   -LinuxParameterPackageNameMaskToExclude $LinuxParameterPackageNameMaskToExclude `
   -ExtensionProperty @{"InGuestPatchMode"="User"}

Als u probeert een configuratie met dezelfde naam te maken, maar op een andere locatie, krijgt u een foutmelding. Configuratienamen moeten uniek zijn voor uw resourcegroep.

You can check if you successfully created the maintenance configurations by using Get-AzMaintenanceConfiguration:

Get-AzMaintenanceConfiguration | Format-Table -Property Name,Id

De configuratie toewijzen

After you create your configuration, you might want to also assign machines to it by using Azure PowerShell. You can use the New-AzConfigurationAssignment cmdlet.

Geïsoleerde VM

Assign the configuration to a VM by using the ID of the configuration. Geef -ResourceType VirtualMachines op. Supply the name of the VM for -ResourceName, and supply the resource group of the VM for -ResourceGroupName.

New-AzConfigurationAssignment `
   -ResourceGroupName "myResourceGroup" `
   -Location "eastus" `
   -ResourceName "myVM" `
   -ResourceType "VirtualMachines" `
   -ProviderName "Microsoft.Compute" `
   -ConfigurationAssignmentName "configName" `
   -MaintenanceConfigurationId "configID"

Dedicated host

To apply a configuration to a dedicated host, you need to include -ResourceType hosts, -ResourceParentName with the name of the host group, and -ResourceParentType hostGroups:

New-AzConfigurationAssignment `
   -ResourceGroupName "myResourceGroup" `
   -Location "eastus" `
   -ResourceName "myHost" `
   -ResourceType "hosts" `
   -ResourceParentName myHostGroup `
   -ResourceParentType hostGroups `
   -ProviderName "Microsoft.Compute" `
   -ConfigurationAssignmentName "configName" `
   -MaintenanceConfigurationId "configID"

Virtual machine scale sets

New-AzConfigurationAssignment `
   -ResourceGroupName "myResourceGroup" `
   -Location "eastus" `
   -ResourceName "myVMSS" `
   -ResourceType "VirtualMachineScaleSets" `
   -ProviderName "Microsoft.Compute" `
   -ConfigurationAssignmentName "configName" `
   -MaintenanceConfigurationId "configID"

Guest

New-AzConfigurationAssignment `
   -ResourceGroupName "myResourceGroup" `
   -Location "eastus" `
   -ResourceName "myGuest" `
   -ResourceType "VirtualMachines" `
   -ProviderName "Microsoft.Compute" `
   -ConfigurationAssignmentName "configName" `
   -MaintenanceConfigurationId "configID"

Check for pending updates

The check for pending updates, use Get-AzMaintenanceUpdate. Use -subscription to specify the Azure subscription of the VM, if it's different from the one that you're logged in to.

If there are no updates to show, this command returns nothing. Otherwise, it returns a PSApplyUpdate object:

{
   "maintenanceScope": "Host",
   "impactType": "Freeze",
   "status": "Pending",
   "impactDurationInSec": 9,
   "notBefore": "2020-02-21T16:47:44.8728029Z",
   "properties": {
      "resourceId": "/subscriptions/a0a0a0a0-bbbb-cccc-dddd-e1e1e1e1e1e1/resourcegroups/Ignite2019/providers/Microsoft.Compute/virtualMachines/MCDemo3"
}

Geïsoleerde VM

Controleer op updates die in behandeling zijn voor een geïsoleerde VM. In dit voorbeeld is de uitvoer opgemaakt als een tabel voor leesbaarheid:

Get-AzMaintenanceUpdate `
  -ResourceGroupName "myResourceGroup" `
  -ResourceName "myVM" `
  -ResourceType "VirtualMachines" `
  -ProviderName "Microsoft.Compute" | Format-Table

Dedicated host

Check for pending updates for a dedicated host. In dit voorbeeld is de uitvoer opgemaakt als een tabel voor leesbaarheid:

Get-AzMaintenanceUpdate `
   -ResourceGroupName "myResourceGroup" `
   -ResourceName "myHost" `
   -ResourceType "hosts" `
   -ResourceParentName "myHostGroup" `
   -ResourceParentType "hostGroups" `
   -ProviderName "Microsoft.Compute" | Format-Table

Virtual machine scale sets

Get-AzMaintenanceUpdate `
   -ResourceGroupName "myResourceGroup" `
   -Location "eastus" `
   -ResourceName "myVMSS" `
   -ResourceType "VirtualMachineScaleSets" `
   -ProviderName "Microsoft.Compute" | Format-Table

Updates toepassen

Use New-AzApplyUpdate to apply pending updates. Applying update calls can take up to 2 hours to complete.

This cmdlet works only for the host and OS image scopes. It doesn't work for the guest scope.

Geïsoleerde VM

Maak een aanvraag om updates toe te passen op een geïsoleerde VM:

New-AzApplyUpdate `
  -ResourceGroupName "myResourceGroup" `
  -ResourceName "myVM" `
  -ResourceType "VirtualMachines" `
  -ProviderName "Microsoft.Compute"

On success, this command returns a PSApplyUpdate object. You can use the Name attribute in the Get-AzApplyUpdate command to check the update status, as described later in this article.

Dedicated host

Updates toepassen op een toegewezen host:

New-AzApplyUpdate `
   -ResourceGroupName "myResourceGroup" `
   -ResourceName "myHost" `
   -ResourceType "hosts" `
   -ResourceParentName "myHostGroup" `
   -ResourceParentType "hostGroups" `
   -ProviderName Microsoft.Compute

Virtual machine scale sets

New-AzApplyUpdate `
   -ResourceGroupName "myResourceGroup" `
   -Location "eastus" `
   -ResourceName "myVMSS" `
   -ResourceType "VirtualMachineScaleSets" `
   -ProviderName "Microsoft.Compute"

Check update status

To check the status of an update, use Get-AzApplyUpdate. The following commands show the status of the latest update by using default for the -ApplyUpdateName parameter. You can substitute the name of the update (returned by the New-AzApplyUpdate command) to get the status of a specific update.

This cmdlet works only for the host and OS image scopes. It doesn't work for the guest scope.

Status         : Completed
ResourceId     : /subscriptions/b1b1b1b1-cccc-dddd-eeee-f2f2f2f2f2f2/resourcegroups/TestShantS/providers/Microsoft.Comp
ute/virtualMachines/DXT-test-04-iso
LastUpdateTime : 1/1/2020 12:00:00 AM
Id             : /subscriptions/b1b1b1b1-cccc-dddd-eeee-f2f2f2f2f2f2/resourcegroups/TestShantS/providers/Microsoft.Comp
ute/virtualMachines/DXT-test-04-iso/providers/Microsoft.Maintenance/applyUpdates/default
Name           : default
Type           : Microsoft.Maintenance/applyUpdates

LastUpdateTime is the time when the update finished, whether you initiated the update or the platform initiated it because you didn't use the self-maintenance window. Als een update nooit is toegepast via onderhoudsconfiguraties, LastUpdateTime wordt de standaardwaarde weergegeven.

Geïsoleerde VM

Check for updates to a specific virtual machine:

Get-AzApplyUpdate `
  -ResourceGroupName "myResourceGroup" `
  -ResourceName "myVM" `
  -ResourceType "VirtualMachines" `
  -ProviderName "Microsoft.Compute" `
  -ApplyUpdateName "applyUpdateName"

Dedicated host

Check for updates to a dedicated host:

Get-AzApplyUpdate `
   -ResourceGroupName "myResourceGroup" `
   -ResourceName "myHost" `
   -ResourceType "hosts" `
   -ResourceParentName "myHostGroup" `
   -ResourceParentType "hostGroups" `
   -ProviderName "Microsoft.Compute" `
   -ApplyUpdateName "applyUpdateName"

Virtual machine scale sets

New-AzApplyUpdate `
   -ResourceGroupName "myResourceGroup" `
   -Location "eastus" `
   -ResourceName "myVMSS" `
   -ResourceType "VirtualMachineScaleSets" `
   -ProviderName "Microsoft.Compute" `
   -ApplyUpdateName "applyUpdateName"

Een onderhoudsconfiguratie verwijderen

To delete a maintenance configuration, use Remove-AzMaintenanceConfiguration:

Remove-AzMaintenanceConfiguration `
   -ResourceGroupName "myResourceGroup" `
   -Name "configName"

Volgende stappen

Zie Onderhoud voor virtuele machines in Azure voor meer informatie.

  • Last updated on