In my last blog article, I talked about the update management solution in Azure and what the capabilities are.
-> https://www.danielstechblog.io/keeping-azure-vms-date-update-management-solution/
Today we will have a look on how to deploy the update management solution through an Azure Resource Manager template. All what we need is to define the following Azure services in the template.
- Azure Automation
- Azure Log Analytics
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"omsWorkspaceName": {
"type": "string",
"metadata": {
"description": "OMS log analytics workspace name"
}
},
"omsServiceTier": {
"type": "string",
"defaultValue": "Free",
"allowedValues": [
"Free",
"Standalone",
"PerNode"
],
"metadata": {
"description": "OMS log analytics service tier: Free, Standalone, or PerNode"
}
},
"omsDataRetention": {
"type": "int",
"defaultValue": 7,
"minValue": 7,
"maxValue": 730,
"metadata": {
"description": "OMS log analytics number of days of retention. Free plans can only have 7 days, Standalone and OMS plans include 30 days for free"
}
},
"automationAccountName": {
"defaultValue": "",
"type": "string",
"metadata": {
"description": "Automation account name"
}
}
},
"variables": {
"apiVersion": {
"oms": "2017-03-15-preview",
"omssolutions": "2015-11-01-preview",
"automation": "2015-10-31"
},
"updates": {
"name": "[concat('Updates', '(', parameters('omsWorkspaceName'), ')')]",
"galleryName": "Updates"
}
},
"resources": [
{
"apiVersion": "[variables('apiVersion').oms]",
"type": "Microsoft.OperationalInsights/workspaces",
"name": "[parameters('omsWorkspaceName')]",
"location": "[resourceGroup().location]",
"properties": {
"sku": {
"Name": "[parameters('omsServiceTier')]"
},
"retention": "[parameters('omsDataRetention')]"
},
"resources": [
{
"apiVersion": "[variables('apiVersion').omssolutions]",
"location": "[resourceGroup().location]",
"name": "[variables('updates').name]",
"type": "Microsoft.OperationsManagement/solutions",
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationsManagement/solutions/', variables('updates').name)]",
"dependsOn": [
"[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]"
],
"properties": {
"workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]"
},
"plan": {
"name": "[variables('updates').name]",
"publisher": "Microsoft",
"promotionCode": "",
"product": "[concat('OMSGallery/', variables('updates').galleryName)]"
}
}
]
},
{
"apiVersion": "[variables('apiVersion').automation]",
"type": "Microsoft.Automation/automationAccounts",
"name": "[parameters('automationAccountName')]",
"location": "[resourceGroup().location]",
"properties": {
"sku": {
"name": "Basic"
}
}
},
{
"apiVersion": "[variables('apiVersion').omssolutions]",
"type": "Microsoft.OperationalInsights/workspaces/linkedServices",
"name": "[concat(parameters('omsWorkspaceName'), '/' , 'Automation')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]",
"[concat('Microsoft.Automation/automationAccounts/', parameters('automationAccountName'))]"
],
"properties": {
"resourceId": "[resourceId('Microsoft.Automation/automationAccounts/', parameters('automationAccountName'))]"
}
}
]
}
Furthermore, we need to link the Automation account to the Log Analytics workspace.
{
"apiVersion": "[variables('apiVersion').omssolutions]",
"type": "Microsoft.OperationalInsights/workspaces/linkedServices",
"name": "[concat(parameters('omsWorkspaceName'), '/' , 'Automation')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]",
"[concat('Microsoft.Automation/automationAccounts/', parameters('automationAccountName'))]"
],
"properties": {
"resourceId": "[resourceId('Microsoft.Automation/automationAccounts/', parameters('automationAccountName'))]"
}
}
The last part must be added in the resource section of the Azure Log Analytics definition. It is the Updates solution which finally enables the update management solution.
"resources": [
{
"apiVersion": "[variables('apiVersion').omssolutions]",
"location": "[resourceGroup().location]",
"name": "[variables('updates').name]",
"type": "Microsoft.OperationsManagement/solutions",
"id": "[concat('/subscriptions/', subscription().subscriptionId, '/resourceGroups/', resourceGroup().name, '/providers/Microsoft.OperationsManagement/solutions/', variables('updates').name)]",
"dependsOn": [
"[concat('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]"
],
"properties": {
"workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces/', parameters('omsWorkspaceName'))]"
},
"plan": {
"name": "[variables('updates').name]",
"publisher": "Microsoft",
"promotionCode": "",
"product": "[concat('OMSGallery/', variables('updates').galleryName)]"
}
}
]
Now, you can deploy the ARM template to your Azure subscription to get the ready to use update management solution.
You can then onboard your VMs through the Azure portal to the update management solution or through an VM extension via an ARM template.
-> https://docs.microsoft.com/en-us/azure/virtual-machines/windows/extensions-oms
-> https://docs.microsoft.com/en-us/azure/virtual-machines/linux/extensions-oms