Deploy patches on Servers.

import json ''' [1] Install patches on a windows VM, allowing the maximum amount of time to be 4 hours, and the VM will reboot if required during the software update operation. az vm install-patches -g MyResourceGroup -n MyVm --maximum-duration PT4H --reboot-setting IfRequired --classifications-to-include-win Critical Security --exclude-kbs-requiring-reboot true [2] Install patches on a linux VM, allowing the maximum amount of time to be 4 hours, and the VM will reboot if required during the software update operation. az vm install-patches -g MyResourceGroup -n MyVm --maximum-duration PT4H --reboot-setting IfRequired --classifications-to-include-linux Critical az vm install-patches --maximum-duration --reboot-setting {Always, IfRequired, Never} [--classifications-to-include-linux {Critical, Other, Security}] [--classifications-to-include-win {Critical, Definition, FeaturePack, Security, ServicePack, Tools, UpdateRollUp, Updates}] [--exclude-kbs-requiring-reboot {false, true}] [--ids] [--kb-numbers-to-exclude] [--kb-numbers-to-include] [--name] [--no-wait] [--package-name-masks-to-exclude] [--package-name-masks-to-include] [--resource-group] [--subscription]''' def install_critical_and_security_patches(vm_details): patch_installation_results = [] for vm in vm_details: vm_name = vm['vm_name'] resource_group = vm['resource_group'] # Specify the classifications to include # classifications = "UpdateRollUp" # Adjust as needed: "Security", "Definition", "Updates", "UpdateRollUp","Other" etc. # Form the command with the correct parameters for classifications command = f"""az vm install-patches -g '{resource_group}' -n '{vm_name}' --maximum-duration PT4H --reboot-setting IfRequired --classifications-to-include-win '{classifications}' --kb-numbers-to-exclude '{kb_number_to_exclude}'""" # Form the command with the correct parameters for #command = f"""az vm install-patches -g '{resource_group}' -n '{vm_name}' --maximum-duration PT4H --reboot-setting IfRequired --kb-numbers-to-include {kb_number_to_include} --exclude-kbs-requiring-reboot false""" print(command) try: # Execute the command and capture the result result = _exe(None, command) print(f"Patches installation initiated for VM: {vm_name} in resource group: {resource_group}.") #print(type(result)) #for debugging lines = result.split("\n") filtered_lines = [x for x in lines if "WARNING" not in x] result = "\n".join(filtered_lines) #print(result) # for debugging (Success/Error Message of install-patches command for a VM) #print(f"### Server Compliance Report for Azure VM: {vm_name}\n") try: # Assume result is a JSON string; parse it into a Python dictionary result_data = json.loads(result) #generate_compliance_report(result_data) # Store the result with VM details patch_installation_results.append({ 'vm_name': vm_name, 'resource_group': resource_group, 'installation_result': result_data }) except json.JSONDecodeError as json_err: print(f"JSON parsing error: {json_err}. Raw result: {result}") except Exception as e: print(f"Failed to initiate patch installation for VM: {vm_name} in resource group: {resource_group}. Error: {str(e)}") # Return the list of results return patch_installation_results # processed_vms to be received from upstream task results = install_critical_and_security_patches(processed_vms)