Lab 4: Automated Patching

Scenario

Operations teams needs to maintain system up to date by applying software update and OS patching, which can be repetitive and mundane task and prone to human errors. Take Windows management as example, operation teams need to regularly installing latest security updates and specific hotfixes and Microsoft Knowledge Base (KB) updates for Windows Servers, which could be tedious and error-prone. You’ll learn how to use Automation Config to automate patching at scale.

Task A. Create Target - Windows Server 2019

  1. Click Targets in the side menu to open the Targets workspace and view your targets
  2. Click Create button
    • Input the following details
      • Name = Win2019
      • Description = Windows Server 2019
      • All masters = (Checked)
      • Criteria
        • Target type (1) = Grain
        • Grain key (1) = osfinger
        • Grain value (1) = Windows-2019Server Create Target for Windows Server 2019
  3. Click SAVE button

Task B. Install Windows KB

  1. Click Configurations > File Server from the side menu
  2. Expand base folder in the file server folder tree
  3. Locate /POV/patching/windows/install_KB.sls
  4. Click install_KB.sls examine its SaltStack State File YAML Install Windows KB State File 
    {% for kb in salt['pillar.get']('kb') %}

install_updates_{{ kb }}:
    wua.installed:
        - updates:
            - {{ kb }}

{% endfor %}

Task C. Create Job - Install Windows KB

  1. Click Configurations > Jobs in the side menu
  2. Click Create Job button

    If you don’t see the Create Job button, you do not have permission to create new jobs. Contact your VMware Aria Automation administrator for access or to create this job on your behalf so that you can complete the tutorial.

  3. Input the following details for the new job and save the job
    • Name = Install Windows KB
    • Description = Install Windows KB with given KB identifier specified in job pillar data.
    • Command = salt
    • Targets = Win2019
    • Function = state.apply
    • Environments = base
    • States = POV.patching.windows.install_KB
    • Arguments = (Blank)
    • Job Inputs = (Blank)
    • Pillar override = 
      {
    "kb": [
        "KB5005568",
        "KB5005653"
    ]
}
    Create Job - Install Windows KB Create Job - Install Windows KB
  4. Click SAVE button
  5. Now that you’ve created a job

Task D. Run Job - Install Windows KB

  1. Click Configurations > Jobs in the side menu
  2. Locate Install Windows KB job
  3. Click the button besides Install Windows KB and select Run Now
  4. In the Run Job dialog box
    • Keep everything unchanged
    • Click RUN NOW button Run Job dialog box
  5. Click Activity > Completed in the side menu
  6. The job will appear on the list once it is done. If not, Refresh the page in your browser
  7. Check if this job is completed successfully without error
    • Check Success is 1 or higher, and Failed is 0

Task E. Check Results - Install Windows KB

  1. Log on to one of the target Windows minions
  2. Check if the KB are installed successfully

Summary

VMware Automation Config simplifies and automates the process of implementing vulnerability patches on a large scale by:

  • Streamlining software updates, OS patching, and security updates for enhanced efficiency and consistent server management
  • Scaling up patching with latest security updates and hotfixes, and automated processes to eliminate human errors
  • Enabling effortless deployment of customized packages to specific server groups
  • Scheduling automated patching for optimal convenience, thereby optimizing the process