我现在正在玩AWS,目的是拥有一个自动缩放的windows系统。我有一个脚本可以从GIT Repo中获取最新的代码,但我想知道人们是如何处理Windows更新的,因为AMI肯定必须定期更新最新的Windows更新(这是正确的吗?)所以我很好奇人们是如何升级Windows和创建新的AMI的,以及多久更新一次?
感谢
您多久接受一次Windows更新,之后进行多少测试,这是一个需要仔细考虑服务器暴露程度和关键性的问题。您对执行Windows Update的风险估计也相当大。
您不需要使用包括系统(OS)软件在内的最新软件更新来预烘焙AMI。下面是一个很好地解释了使用PowerShell模块运行Windows Update的方法。
在AWS-InstallWindowsUpdates文档中使用Systems Manager RunCommand功能。在下载、安装、重新启动并再次检查所有windows更新之前,此循环不会完成。请参阅下面的日志,了解包含的操作类型
$InstanceId=?????
$runPSCommand=Send-SSMCommand -InstanceId @($instanceid) -DocumentName AWS-InstallWindowsUpdates -Comment 'Run Windows Updates whilst baking an AMI' -Parameter @{'Action'='Install'}
Write-Host "Waiting for Windows Updates to complete..."
do {
Sleep -Seconds 10
$CmdStatus = Get-SSMCommandInvocation -InstanceId $instanceid -CommandId $runPSCommand.CommandId
} Until ($CmdStatus.Status -eq "Success")
Write-Host "Windows Updates complete"
这是一些示例输出,显示重新启动并重新检查是否有更多更新来安装
04/10/2017 06:24:51 UTC | Info | Start of Install-AwsUwiWindowsUpdates
04/10/2017 06:24:51 UTC | Info | Searching for Windows Updates.
04/10/2017 06:27:10 UTC | Info | Found 4 available Windows Updates.
04/10/2017 06:27:10 UTC | Info | Update for Windows Server 2012 R2 (KB3052480)
04/10/2017 06:27:10 UTC | Info | Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition - March 2017 (KB890830)
04/10/2017 06:27:10 UTC | Info | March, 2017 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB4012216)
04/10/2017 06:27:10 UTC | Info | March, 2017 Preview of Monthly Quality Rollup for Windows Server 2012 R2 (KB4012219)
04/10/2017 06:27:10 UTC | Info | Downloading Windows Updates.
04/10/2017 06:27:35 UTC | Info | Successfully Downloaded: Update for Windows Server 2012 R2 (KB3052480)
04/10/2017 06:27:36 UTC | Info | Successfully Downloaded: Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition - March 2017 (KB890830)
04/10/2017 06:28:32 UTC | Info | Successfully Downloaded: March, 2017 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB4012216)
04/10/2017 06:29:34 UTC | Info | Successfully Downloaded: March, 2017 Preview of Monthly Quality Rollup for Windows Server 2012 R2 (KB4012219)
04/10/2017 06:29:34 UTC | Info | 4 Windows Updates will be installed.
04/10/2017 06:29:34 UTC | Info | Installed: Update for Windows Server 2012 R2 (KB3052480)
04/10/2017 06:30:15 UTC | Info | Installed: Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition - March 2017 (KB890830)
04/10/2017 06:30:29 UTC | Info | Installed: March, 2017 Security Monthly Quality Rollup for Windows Server 2012 R2 (KB4012216)
04/10/2017 06:30:44 UTC | Info | Installed: March, 2017 Preview of Monthly Quality Rollup for Windows Server 2012 R2 (KB4012219)
04/10/2017 06:30:44 UTC | Info | Windows requires a reboot. Sending reboot request to SSM Agent.
04/10/2017 06:33:44 UTC | Info | Start of Install-AwsUwiWindowsUpdates
04/10/2017 06:33:44 UTC | Info | Searching for Windows Updates.
04/10/2017 06:36:29 UTC | Info | Found 0 available Windows Updates.
您可以将其作为脚本的一部分来烘焙AMI或重新烘焙AMI。
您也可以使用-Target而不是-InstanceId,并指定一个带有标记的筛选器来更新与该筛选器匹配的所有实例。