Operating system updates include feature updates, bug fixes, and security improvements and are important to update periodically. This applies to desktop computers as well as servers. There are many tools available to manage the Windows update process. When it comes to Linux however, most struggle as few tools support Linux system updates. Luckily in Azure, we can manage updates for Linux VMs without any 3rd party tool.
This post will detail steps on how to enable patch management for Linux VM and how we can automate the patch deployment task.
Let’s first start by creating a Linux VM.
Note: PowerShell will be used in the configuration process and will require the Azure PowerShell module to be installed.
- Launch PowerShell console and connect to Azure using Connect-AzAccount
- Next create a new resource group using the following command:
New-AzResourceGroup -Name REBELRG -Location "East US"
In the above, REBELRG is the resource group name and East US is the resource group location.
- Now we need to create a new Linux VM. Ubuntu will be the OS selected for this newly created VM. Enter the follwoing script to create it:
$mylogin = Get-Credential New-AzVm -ResourceGroupName REBELRG -Name "REBELVM01" -Location "East US" -VirtualNetworkName "REBELVNET1" -SubnetName "REBELVMSubnet1" -PublicIpAddressName "REBELVM01IP1" -OpenPorts 22 -Image UbuntuLTS -Size Standard_D2s_v3 -Credential $mylogin
In the above, REBELVM01 is the VM name. It is running UbuntuLTS edition. I have specified it using -Image parameter. It also using Standard_D2s_v3 vm size. This also has SSH connection enabled.
With the Linux VM now created, next step is to configure the update management feature.
- Log in to Azure Portal (https://portal.azure.com) as Global Administrator.
- Search for the REBELVM01 VM and click on it.
- Then under the operations section click on Update management.
- Next select Enable for this VM option to enable update management only for REBELVM01.
- Now specify the log analytic workspace and Azure automation account details. You may need to create a one if you do not have an existing one as part of this exercise. Once selections are made click on Enable.
- This can take about 15 minutes to complete the process. Once update management is enabled, the system will automatically check for updates and install the required agents (hybrid runbook worker).
- The the missing updates are then reported once the initial scan is completed.
- The next step of the configuration is to schedule update deployment. Click on Schedule update deployment option on the update management window to enable this.
- In the new wizard, under update classifications, we can select which type of updates to target for the schedule. In this demo, I am targeting all updates.
- Next under Schedule settings, we can define the time, time zone and recurrence.
- Under Pre-scripts + Post-scripts option we can define scripts that execute before patching and after patching.
- Under Reboot options, we can specify the way the system should handle the system reboot.
- Once selections are done, click on Create to complete the schedule configuration process.
- If we need to patch multiple Linux servers using one update schedule, create an update deployment schedule using Manage multiple machines option.
This allows selecting machine groups or individual machines as targets.
- Once the system process the update schedule, we can see the results under History tab.
As we can see, all the updates are installed successfully.
There are also hand-on lab resources within Microsoft Learn that can extend your knowledge surrounding the Azure Update Management solution in updating virtual machines in your cloud environment.
Check out the following Learn Module to learn more: Keep your virtual machines updated