如何部署更新和查看结果How to deploy updates and review results

本文介绍如何计划更新部署并在部署完成后查看执行过程。This article describes how to schedule an update deployment and review the process after the deployment is complete.

登录到 Azure 门户Sign in to the Azure portal

登录到 Azure 门户Sign in to the Azure portal

计划更新部署Schedule an update deployment

计划某个更新部署会创建链接到 Patch-MicrosoftOMSComputers Runbook 的计划资源,该 Runbook 处理目标计算机上的更新部署。Scheduling an update deployment creates a schedule resource linked to the Patch-MicrosoftOMSComputers runbook that handles the update deployment on the target machines. 必须计划一个遵循发布时间和服务时段的部署,以便安装更新。You must schedule a deployment that follows your release schedule and service window to install updates. 你可以选择要在部署中包括的更新类型。You can choose the update types to include in the deployment. 例如,可包括关键或安全更新,排除更新汇总。For example, you can include critical or security updates and exclude update rollups.

备注

如果在创建部署后通过 Azure 门户或 PowerShell 删除了该计划资源,该删除操作会破坏计划的更新部署,在你尝试通过门户重新配置该计划资源时会出现错误。If you delete the schedule resource from the Azure portal or using PowerShell after creating the deployment, the deletion breaks the scheduled update deployment and presents an error when you attempt to reconfigure the schedule resource from the portal. 只能通过删除相应的部署计划来删除计划资源。You can only delete the schedule resource by deleting the corresponding deployment schedule.

要计划新的更新部署,请执行以下操作:To schedule a new update deployment:

  1. 在自动化帐户中,转到“更新管理”下的“更新管理”,然后选择“安排更新部署” 。In your Automation account, go to Update management under Update management, and then select Schedule update deployment.

  2. 在“新建更新部署”下的“名称”字段中,输入部署的唯一名称 。Under New update deployment, in the Name field enter a unique name for your deployment.

  3. 选择更新部署的目标操作系统。Select the operating system to target for the update deployment.

  4. 在“要更新的组(预览)”区域,定义组合了订阅、资源组、位置和标记的查询,以生成要在部署中加入的 Azure VM 动态组。In the Groups to update (preview) region, define a query that combines subscription, resource groups, locations, and tags to build a dynamic group of Azure VMs to include in your deployment. 要了解详细信息,请参阅将动态组与更新管理配合使用To learn more, see Use dynamic groups with Update Management.

  5. 在“要更新的计算机”区域,选择已保存的搜索、已导入的组或者从下拉菜单中选择“计算机”并选择各个计算机 。In the Machines to update region, select a saved search, an imported group, or pick Machines from the dropdown menu and select individual machines. 通过此选项可以查看每台计算机的 Log Analytics 代理的准备情况。With this option, you can see the readiness of the Log Analytics agent for each machine. 若要了解在 Azure Monitor 日志中创建计算机组的不同方法,请参阅 Azure Monitor 日志中的计算机组To learn about the different methods of creating computer groups in Azure Monitor logs, see Computer groups in Azure Monitor logs.

  6. 使用“更新分类”区域为产品指定更新分类Use the Update classifications region to specify update classifications for products. 对于每个产品,请取消选择所有受支持的更新分类,但要包含在更新部署中的分类除外。For each product, deselect all supported update classifications but the ones to include in your update deployment.

    如果你的部署打算只应用一组选定的更新,那么在配置“包含/排除更新”选项时,有必要取消选择所有预先选择的更新分类,如下一步所述。If your deployment is meant to apply only a select set of updates, it is necessary to deselect all the pre-selected update classifications when configuring the Include/exclude updates option as described in the next step. 这将确保在目标计算机上只安装你指定添加在此部署中的更新。This ensures only the updates you have specified to include in this deployment are installed on the target machines.

  7. 使用“包含/排除更新”区域可从部署中添加或排除选定的更新。Use the Include/exclude updates region to add or exclude selected updates from the deployment. 在“包括/排除”页上,你可以输入知识库文章 ID 号来进行添加或排除。On the Include/Exclude page, you enter KB article ID numbers to include or exclude.

    重要

    请记住,排除项会替代包含项。Remember that exclusions override inclusions. 例如,如果定义了 * 排除规则,更新管理会从安装中排除所有修补程序或包。For instance, if you define an exclusion rule of *, Update Management excludes all patches or packages from the installation. 已排除的修补程序仍显示为计算机缺少此项。Excluded patches still show as missing from the machines. 对于 Linux 计算机,如果包含一个具有依赖包的包,而该依赖包已被排除,则更新管理不会安装主包。For Linux machines, if you include a package that has a dependent package that has been excluded, Update Management doesn't install the main package.

    备注

    你不能指定将已被取代的更新包含在更新部署中。You can't specify updates that have been superseded to include in the update deployment.

  8. 选择“计划设置”。Select Schedule settings. 默认开始时间为晚于当前时间 30 分钟。The default start time is 30 minutes after the current time. 可以将开始时间设置为 10 分钟之后的任何将来时间。You can set the start time to any time from 10 minutes in the future.

  9. 使用“重复周期”字段指定是部署一次还是定期部署,然后选择“确定” 。Use the Recurrence field to specify if the deployment occurs once or uses a recurring schedule, then select OK.

  10. 在“前脚本 + 后脚本(预览)”区域,选择要在部署前和部署后运行的脚本。In the Pre-scripts + Post-scripts (Preview) region, select the scripts to run before and after your deployment. 若要了解详细信息,请参阅管理前脚本和后脚本To learn more, see Manage pre-scripts and post-scripts.

  11. 使用“维护时段(分钟)”字段来指定安装更新的允许时长。Use the Maintenance window (minutes) field to specify the amount of time allowed for updates to install. 指定维护时段时,请考虑以下详细信息:Consider the following details when specifying a maintenance window:

    • 维护时段控制安装的更新数量。Maintenance windows control how many updates are installed.
    • 如果维护时段即将结束,更新管理不会停止安装新的更新。Update Management doesn't stop installing new updates if the end of a maintenance window is approaching.
    • 如果超出了维护时段,更新管理不会终止正在进行的更新。Update Management doesn't terminate in-progress updates if the maintenance window is exceeded.
    • 如果超出了 Windows 上的维护时段,通常是因为服务包更新需要很长时间才能安装。If the maintenance window is exceeded on Windows, it's often because a service pack update is taking a long time to install.

    备注

    若要避免在 Ubuntu 上的维护时段外应用更新,请重新配置 Unattended-Upgrade 包,禁用自动更新。To avoid updates being applied outside of a maintenance window on Ubuntu, reconfigure the Unattended-Upgrade package to disable automatic updates. 有关如何配置此包的信息,请参阅 Ubuntu Server 指南中的自动更新主题For information about how to configure the package, see the Automatic updates topic in the Ubuntu Server Guide.

  12. 使用“重新启动选项”字段指定部署过程中处理重新启动的方式。Use the Reboot options field to specify the way to handle reboots during deployment. 提供了以下选项:The following options are available:

    • 必要时重新启动(默认)Reboot if necessary (default)
    • 永远重启Always reboot
    • 永不重启Never reboot
    • 仅重新启动;此选项不安装更新Only reboot; this option doesn't install updates

    备注

    如果“重新启动选项”设置为“永不重新启动”,则用于管理重启的注册表项下列出的注册表项可能会导致重新启动事件 。The registry keys listed under Registry keys used to manage restart can cause a reboot event if Reboot options is set to Never reboot.

  13. 配置部署计划后,选择“创建”。When you're finished configuring the deployment schedule, select Create.

    更新“计划设置”窗格

  14. 此时会回到状态仪表板。You're returned to the status dashboard. 选择“计划的更新部署”以显示创建的部署计划。Select Scheduled Update deployments to show the deployment schedule that you've created.

以编程方式计划更新部署Schedule an update deployment programmatically

若要了解如何使用 REST API 创建更新部署,请参阅软件更新配置 - 创建To learn how to create an update deployment with the REST API, see Software Update Configurations - Create.

可以使用示例 runbook 创建每周更新部署。You can use a sample runbook to create a weekly update deployment. 若要了解有关此 Runbook 的详细信息,请参阅为资源组中的一个或多个 VM 创建每周更新部署To learn more about this runbook, see Create a weekly update deployment for one or more VMs in a resource group.

检查部署状态Check deployment status

在计划的部署开始后,可以在“更新管理”下的“更新部署”选项卡上查看其状态 。After your scheduled deployment starts, you can see its status on the Update deployments tab under Update management. 部署当前正在运行时,其状态为“正在进行”。The status is In progress when the deployment is currently running. 部署成功完成后,状态将更改为“成功”。When the deployment ends successfully, the status changes to Succeeded. 如果部署中有一个或多个更新失败,状态将是“部分失败”。If there are failures with one or more updates in the deployment, the status is Partially failed.

查看已完成的更新部署的结果View results of a completed update deployment

部署完成后,可选择它以查看其结果。When the deployment is finished, you can select it to see its results.

特定部署的更新部署状态仪表板 Update deployment status dashboard for a specific deployment

“更新结果”下的摘要提供了目标 VM 上的更新和部署结果的总数。Under Update results, a summary provides the total number of updates and deployment results on the target VMs. 右侧的表显示了更新的细目以及每个更新的安装结果。The table on the right shows a detailed breakdown of the updates and the installation results for each.

可用值有:The available values are:

  • 未尝试 - 由于定义的维护时段时长不足,因为而未安装该更新。Not attempted - The update wasn't installed because there was insufficient time available, based on the defined maintenance window duration.
  • 未选择 - 未选择要部署的更新。Not selected - The update wasn't selected for deployment.
  • 成功 - 更新成功。Succeeded - The update succeeded.
  • 失败 - 更新失败。Failed - The update failed.

选择“所有日志”来查看部署创建的所有日志条目。Select All logs to see all log entries that the deployment has created.

选择“输出”,查看负责管理目标 VM 更新部署的 runbook 的作业流。Select Output to see the job stream of the runbook responsible for managing the update deployment on the target VMs.

若要查看有关部署中错误的详细信息,请选择“错误”。Select Errors to see detailed information about any errors from the deployment.

后续步骤Next steps

若要了解如何创建警报来就更新部署结果进行通知,请参阅为更新管理创建警报To learn how to create alerts to notify you about update deployment results, see create alerts for Update Management.