1. 首頁
  2. 問答
  3. AWS自定義Windows AMI - 如何處理更新?

AWS自定義Windows AMI - 如何處理更新?

2014-09-03 40 views
4

我現在正忙着用AWS,目的是要有一個自動縮放的Windows系統。我有一個腳本,可以從GIT Repo獲取最新的代碼 - 但是我想知道人們如何處理Windows更新,因爲AMI必須定期更新最新的Windows更新(這是否正確?)所以我很好奇人們如何升級Windows,創建一個新的AMI以及多久?AWS自定義Windows AMI - 如何處理更新?

感謝

來源

2014-09-03 britcowboy

回答

1

你怎麼經常接受Windows更新,並與多少測試之後是相對於服務器的暴露和批判性仔細考慮的問題。您對執行Windows Update的風險的估計也相當可觀。

你不要預先烘烤AMI的軟件,包括系統(OS)軟件的最新更新。這裏有一個很好的解釋Using a PowerShell Module to Run Windows Update的方法。

來源

2014-09-03 13:18:28

+0

嗨,我確實考慮過升級腳本,但是當你認爲它在高負載期間需要按需運行,並且Windows似乎在很多更新後似乎重新啓動時,我不知道如果這將是理想的或實際的。這幾乎是你可以做一個實例每週更新一次,然後以某種方式自動更新AMI? – britcowboy 2014-09-03 15:04:57

+0

我在自動縮放的系統上使用預烘烤的AMI。如果是針對非常有限/限制的特定任務,我可以使用基礎AMI進行需求自動調整。 – 2014-09-04 17:49:54

+0

你多久烤一次AMI? – britcowboy 2014-09-04 17:51:31

0

使用Systems Manager RunCommand功能和AWS-InstallWindowsUpdates文檔。直到所有Windows更新已經下載,安裝,重新啓動並再次檢查之後,此循環才能完成。請參閱下面記錄的那種行爲它包含

$InstanceId=????? 
$runPSCommand=Send-SSMCommand -InstanceId @($instanceid) -DocumentName AWS-InstallWindowsUpdates -Comment 'Run Windows Updates whilst baking an AMI' -Parameter @{'Action'='Install'} 

Write-Host "Waiting for Windows Updates to complete..." 
do { 
    Sleep -Seconds 10 
    $CmdStatus = Get-SSMCommandInvocation -InstanceId $instanceid -CommandId $runPSCommand.CommandId 
} Until ($CmdStatus.Status -eq "Success") 
Write-Host "Windows Updates complete"

這是顯示重新啓動一些樣本輸出,並重新檢查,如果有更多的更新安裝

04/10/2017 06:24:51 UTC | Info | Start of Install-AwsUwiWindowsUpdates 
04/10/2017 06:24:51 UTC | Info | Searching for Windows Updates. 
04/10/2017 06:27:10 UTC | Info | Found 4 available Windows Updates. 
04/10/2017 06:27:10 UTC | Info | Update for Windows Server 2012 R2 (KB3052480) 
04/10/2017 06:27:10 UTC | Info | Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition - March 2017 (KB890830) 
04/10/2017 06:27:10 UTC | Info | March, 2017 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB4012216) 
04/10/2017 06:27:10 UTC | Info | March, 2017 Preview of Monthly Quality Rollup for Windows Server 2012 R2 (KB4012219) 
04/10/2017 06:27:10 UTC | Info | Downloading Windows Updates. 
04/10/2017 06:27:35 UTC | Info | Successfully Downloaded: Update for Windows Server 2012 R2 (KB3052480) 
04/10/2017 06:27:36 UTC | Info | Successfully Downloaded: Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition - March 2017 (KB890830) 
04/10/2017 06:28:32 UTC | Info | Successfully Downloaded: March, 2017 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB4012216) 
04/10/2017 06:29:34 UTC | Info | Successfully Downloaded: March, 2017 Preview of Monthly Quality Rollup for Windows Server 2012 R2 (KB4012219) 
04/10/2017 06:29:34 UTC | Info | 4 Windows Updates will be installed. 
04/10/2017 06:29:34 UTC | Info | Installed: Update for Windows Server 2012 R2 (KB3052480) 
04/10/2017 06:30:15 UTC | Info | Installed: Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition - March 2017 (KB890830) 
04/10/2017 06:30:29 UTC | Info | Installed: March, 2017 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB4012216) 
04/10/2017 06:30:44 UTC | Info | Installed: March, 2017 Preview of Monthly Quality Rollup for Windows Server 2012 R2 (KB4012219) 
04/10/2017 06:30:44 UTC | Info | Windows requires a reboot. Sending reboot request to SSM Agent. 
04/10/2017 06:33:44 UTC | Info | Start of Install-AwsUwiWindowsUpdates 
04/10/2017 06:33:44 UTC | Info | Searching for Windows Updates. 
04/10/2017 06:36:29 UTC | Info | Found 0 available Windows Updates.

您可以使用此作爲的一部分腳本來烘烤AMI,或者重擊AMI。

您也可以使用-Target而不是-InstanceId,並指定一個帶有標記的過濾器來更新與過濾器匹配的所有實例。

來源

2017-04-10 06:46:46 RobG

相關問題

 相關問題