AWS自定义Windows AMI - 如何处理更新?

时间:2014-09-03 12:03:43

标签: amazon-web-services amazon-ec2 autoscaling ami windows-server-2012-r2

此刻我正在玩AWS,目的是拥有一个自动缩放Windows系统。我有一个脚本可以从GIT Repo中获取最新的代码 - 但是我想知道人们如何处理Windows更新,因为AMI必须定期更新最新的Windows更新(这是正确的) ?)所以我很好奇人们如何升级窗口,创建新的AMI以及频率如何?

由于

2 个答案:

答案 0 :(得分:1)

您接受Windows更新的频率以及此后需要进行多少测试才能仔细考虑您的服务器曝光率和关键性。您对执行Windows Update的风险的估计也相当可观。

您没有 使用最新的软件更新(包括系统(OS)软件)预烧AMI。这是一个很好地解释了Using a PowerShell Module to Run Windows Update的方法。

答案 1 :(得分:0)

将Systems Manager RunCommand功能与AWS-InstallWindowsUpdates文档一起使用。在下载,安装,重新启动并再次检查所有Windows更新之前,此循环不会完成。请参阅下面的日志,了解其所涵盖的操作类型

$InstanceId=?????
$runPSCommand=Send-SSMCommand -InstanceId @($instanceid) -DocumentName AWS-InstallWindowsUpdates -Comment 'Run Windows Updates whilst baking an AMI' -Parameter @{'Action'='Install'}

Write-Host "Waiting for Windows Updates to complete..."
do {
   Sleep -Seconds 10
   $CmdStatus = Get-SSMCommandInvocation -InstanceId $instanceid -CommandId $runPSCommand.CommandId
} Until ($CmdStatus.Status -eq "Success")
Write-Host "Windows Updates complete"

这是一些示例输出,显示重新启动并重新检查是否有更多要安装的更新

04/10/2017 06:24:51 UTC | Info | Start of Install-AwsUwiWindowsUpdates
04/10/2017 06:24:51 UTC | Info | Searching for Windows Updates.
04/10/2017 06:27:10 UTC | Info | Found 4 available Windows Updates.
04/10/2017 06:27:10 UTC | Info | Update for Windows Server 2012 R2 (KB3052480)
04/10/2017 06:27:10 UTC | Info | Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition - March 2017 (KB890830)
04/10/2017 06:27:10 UTC | Info | March, 2017 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB4012216)
04/10/2017 06:27:10 UTC | Info | March, 2017 Preview of Monthly Quality Rollup for Windows Server 2012 R2 (KB4012219)
04/10/2017 06:27:10 UTC | Info | Downloading Windows Updates.
04/10/2017 06:27:35 UTC | Info | Successfully Downloaded: Update for Windows Server 2012 R2 (KB3052480)
04/10/2017 06:27:36 UTC | Info | Successfully Downloaded: Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition - March 2017 (KB890830)
04/10/2017 06:28:32 UTC | Info | Successfully Downloaded: March, 2017 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB4012216)
04/10/2017 06:29:34 UTC | Info | Successfully Downloaded: March, 2017 Preview of Monthly Quality Rollup for Windows Server 2012 R2 (KB4012219)
04/10/2017 06:29:34 UTC | Info | 4 Windows Updates will be installed.
04/10/2017 06:29:34 UTC | Info | Installed: Update for Windows Server 2012 R2 (KB3052480)
04/10/2017 06:30:15 UTC | Info | Installed: Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition - March 2017 (KB890830)
04/10/2017 06:30:29 UTC | Info | Installed: March, 2017 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB4012216)
04/10/2017 06:30:44 UTC | Info | Installed: March, 2017 Preview of Monthly Quality Rollup for Windows Server 2012 R2 (KB4012219)
04/10/2017 06:30:44 UTC | Info | Windows requires a reboot.  Sending reboot request to SSM Agent.
04/10/2017 06:33:44 UTC | Info | Start of Install-AwsUwiWindowsUpdates
04/10/2017 06:33:44 UTC | Info | Searching for Windows Updates.
04/10/2017 06:36:29 UTC | Info | Found 0 available Windows Updates.

您可以将此作为脚本的一部分来烘焙AMI,或者重新使用AMI。

您也可以使用-Target而不是-InstanceId,并指定带有标记的过滤器来更新与过滤器匹配的所有实例。

相关问题
最新问题