Patch Assessment, Installation, maintenance configuration schedule and attaching a VM to the schedule for Azure VMs

import json def process_vm_data(vm_data): processed_vms = [] for vm in vm_data: vm_details = { 'vm_name': vm['name'], 'resource_group': vm['resourceGroup'], 'location': vm['location'], 'vm_size': vm['hardwareProfile']['vmSize'], 'os_type': vm['storageProfile']['osDisk']['osType'], 'os_disk_name': vm['storageProfile']['osDisk']['name'], 'os_disk_id': vm['storageProfile']['osDisk']['managedDisk']['id'] } processed_vms.append(vm_details) return processed_vms try: result = _exe(None, "az vm list") op = json.loads(result) #print(json.dumps(op,indent=4)) # for debugging # Processing the VM data processed_vms = process_vm_data(op) #print(processed_vms) # for debugging # Printing the processed VM details for downstream tasks for vm in processed_vms: #print(json.dumps(vm, indent=4)) print("VM Details") print("==========") print(f"VM Name: {vm['vm_name']}") print(f"Resource Group: {vm['resource_group']}") print(f"Location: {vm['location']}") print(f"VM Size: {vm['vm_size']}") print(f"OS Type: {vm['os_type']}") print(f"OS Disk Name: {vm['os_disk_name']}") print(f"OS Disk ID: {vm['os_disk_id']}") print("-" * 30) # Separator for readability between VMs except json.JSONDecodeError: print("Error decoding JSON response from Azure CLI.")

import json def assess_patches_for_vms(processed_vms): patches_list = [] for vm in processed_vms: vm_name = vm['vm_name'] resource_group = vm['resource_group'] # Constructing the Azure CLI command command = f"az vm assess-patches -g {resource_group} -n {vm_name}" try: # Execute the command result = _exe(None, command) patches_info = json.loads(result) # Store the patches info with VM name patches_list.append({ 'vm_name': vm_name, 'patches_info': patches_info }) print(f"Patches assessed for VM: {vm_name}") except json.JSONDecodeError: print(f"Error decoding JSON response for VM: {vm_name} as the VM maybe stopped or deallocated") except Exception as e: print(f"An error occurred while assessing patches for VM: {vm_name}: {str(e)}") return patches_list # Example VM details obtained from previous steps #processed_vms = [{'vm_name': 'test-update-manager', 'resource_group': 'DEFAULTRESOURCEGROUP-EUS', 'location': 'eastus', 'vm_size': 'Standard_B1s', 'os_type': 'Linux', 'os_disk_name': 'test-update-manager_disk1_9ca2728077904a74a8a09a9d40efc938', 'os_disk_id': '/subscriptions/955ecf93-74f8-4728-bd2a-31094aa55629/resourceGroups/DEFAULTRESOURCEGROUP-EUS/providers/Microsoft.Compute/disks/test-update-manager_disk1_9ca2728077904a74a8a09a9d40efc938'}, {'vm_name': 'test-update-manager-customer-managed', 'resource_group': 'RG-VMINSTANCES-EASTUS', 'location': 'eastus', 'vm_size': 'Standard_D2s_v3', 'os_type': 'Linux', 'os_disk_name': 'test-update-manager-customer-managed_disk1_8db9f76765ff459c8084f5949c4fd8aa', 'os_disk_id': '/subscriptions/955ecf93-74f8-4728-bd2a-31094aa55629/resourceGroups/rg-vminstances-eastus/providers/Microsoft.Compute/disks/test-update-manager-customer-managed_disk1_8db9f76765ff459c8084f5949c4fd8aa'}] patches_list = assess_patches_for_vms(processed_vms) # Example: Printing the patches list for item in patches_list: print(json.dumps(item, indent=4)) context.proceed=False

import json def install_critical_and_security_patches(vm_details): for vm in vm_details: vm_name = vm['vm_name'] resource_group = vm['resource_group'] # Specify the classifications to include classifications = "Other" #"Security" command = f"az vm install-patches -g {resource_group} -n {vm_name} --maximum-duration PT4H --reboot-setting IfRequired --classifications-to-include {classifications}" try: result = _exe(None, command) print(f"Patches installation initiated for VM: {vm_name} in resource group: {resource_group}.") except Exception as e: print(f"Failed to initiate patch installation for VM: {vm_name} in resource group: {resource_group}. Error: {str(e)}") # processed_vms to be received from upstream task install_critical_and_security_patches(processed_vms) context.proceed=False

az maintenance configuration create \ --resource-group <Resource_Group_Name> \ --resource-name <maintenance_config_name> \ --maintenance-scope InGuestPatch \ --location <location> \ --maintenance-window-duration "02:00" \ --maintenance-window-recur-every "20days" \ --maintenance-window-start-date-time "2022-12-30 07:00" \ --maintenance-window-time-zone "Pacific Standard Time" \ --install-patches-linux-parameters package-name-masks-to-exclude="ppt" package-name-masks-to-include="apt" classifications-to-include="Other" \ --install-patches-windows-parameters kb-numbers-to-exclude="KB123456" kb-numbers-to-include="KB123456" classifications-to-include="FeaturePack" \ --reboot-setting "IfRequired" \ --extension-properties InGuestPatchMode="User"

az maintenance assignment create \ --resource-group <Resource_Group_Name> \ --location <location> \ --resource-name <VM_Name> \ --resource-type virtualMachines \ --provider-name Microsoft.Compute \ --configuration-assignment-name <maintenance_config_name> \ --maintenance-configuration-id "/subscriptions/{<subscription ID>}/resourcegroups/<Resource_Group_Name>/providers/Microsoft.Maintenance/maintenanceConfigurations/<maintenance_config_name>"

az rest --method delete --uri \ "https://management.azure.com/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Compute/virtualMachines/<VM_or_Arc_Resource_Name>/providers/Microsoft.Maintenance/configurationAssignments/<configurationAssignmentName>?api-version=2021-09-01-preview"