Azure-cli: [VM] Ability to query/manipulate `Update Management`?

Created on 25 Jan 2018 · 9Comments · Source: Azure/azure-cli

Azure VMs have a preview feature called "Update Management". This feature offers built-in update management (i.e. Windows Update, apt, etc).

Enabling the feature prompts for a log analytics workspace and an Automation account. Presumably, the automation account is where update management scheduling actually happens.

Is Update Management component query-able via az cli? (I wasn't able to find it if so, under az vm)
Are Azure Automation accounts manageable via az cli?

My goal:

Identify Update Management status for a VM.
(i.e. az vm updatemgmt show -n "MyVM")
Secondary Goal: Enable Update Management for a VM
(i.e. az vm updatemgmt status -n "MyVM" -value enable)
Stretch goal: Have a policy that audits VMs and shoots off an email indicating which machines don't have update management enabled. (side note: Surprised this isn't a default available policy definition that ships in Azure - is there a board where can post secondary inquiry on this?)

Compute Compute - VM Discussion Service Attention feature-request

Source

iyerusad

👍2

Most helpful comment

Thanks so much! It may seem like a minor thing, but automating these sorts of reports will be quite useful.

sbonds on 27 Jul 2019

👍2

All 9 comments

Ability to toggle Update Management on a VM via Azure CLI would likely resolve a bug related to a VM thinking Update Management is enabled, but other parts of Azure Portal not recognizing it being enabled (i.e. the automation account). If there is an issue board where can file more detailed bug around Update Management or Azure Portal in general, please holler.

iyerusad on 26 Jan 2018

We are also missing azure cli features that include update management and the ability to list content. Like VM compliance, update deployment status, etc.

nicolaibaralmueller on 21 Jun 2018

Labeling this as a service issue as there isn't a current python SDK for this feature (see Azure Automation).

cc: @yugangw-msft

adewaleo on 1 Mar 2019

For those interested in a programmatic alternative while the CLI is improved, there is an ARM template based method that can work: https://stackoverflow.com/questions/52635285/how-to-deploy-update-management-to-azure-resources-the-programmatic-way

sbonds on 14 Jul 2019

I will close this as it is not a CLI issue, there isn't python sdk support for it (as far as I'm aware off) and there is a work around with arm templates.

adewaleo on 26 Jul 2019

👎1

Perhaps rather than closing this we could make it pending the SDK improvement necessary to support this capability?

sbonds on 26 Jul 2019

Is this the SDK support that is supposedly missing?

https://docs.microsoft.com/en-us/python/api/azure-mgmt-edgegateway/azure.mgmt.edgegateway.models.updatesummary?view=azure-python

UpdateSummary(*, device_version_number: str = None, friendly_device_version_name: str = None, device_last_scanned_date_time=None, last_completed_scan_job_date_time=None, **kwargs) -> None

sbonds on 26 Jul 2019

Thanks for sending this our way @sbonds . I can't find any update management operations, but yes I can reopen this issue.

However, I will be moving on to a different team soon, so I won't be able to implement this feature. But hopefully someone else on the CLI team can look into this.

cc: @yugangw-msft @zikalino @achandmsft

adewaleo on 27 Jul 2019

Thanks so much! It may seem like a minor thing, but automating these sorts of reports will be quite useful.

sbonds on 27 Jul 2019

👍2

Was this page helpful?

0 / 5 - 0 ratings