为基于 Linux 的 HDInsight 群集配置 OS 修补计划Configure the OS patching schedule for Linux-based HDInsight clusters

重要

Ubuntu 映像可在发布后的三 个月内用于创建新的 Azure HDInsight 群集。Ubuntu images become available for new Azure HDInsight cluster creation within three months of being published. 自 2019 年 1 月起,系统不会自动修补正在运行的群集。As of January 2019, running clusters aren't auto-patched. 客户必须使用脚本操作或其他机制来修补正在运行的群集。Customers must use script actions or other mechanisms to patch a running cluster. 新创建的群集将始终包含最新的可用更新,其中包括最新的安全修补程序。Newly created clusters will always have the latest available updates, including the most recent security patches.

HDInsight 为你提供支持,允许你在群集上执行常见任务,例如安装 OS 修补程序、安全更新,以及重启节点。HDInsight provides support for you to perform common tasks on your cluster such as installing OS patches, security updates, and rebooting nodes. 这些任务使用下述两个脚本来完成,这两个脚本可以作为脚本操作运行,并且可以配置参数:These tasks are accomplished using the following two scripts that can be run as script actions, and configured with parameters:

  • schedule-reboots.sh - 在群集节点上立即重启或计划重启。schedule-reboots.sh - Do an immediate restart, or schedule a restart on the cluster nodes.
  • install-updates-schedule-reboots.sh - 安装所有更新、仅安装内核 + 安全更新,或者仅安装内核更新。install-updates-schedule-reboots.sh - Install all updates, only kernel + security updates, or only kernel updates.

备注

脚本操作不会自动应用所有未来更新周期的更新。Script actions won't automatically apply updates for all future update cycles. 每次必须应用新更新以安装更新并重启 VM 时,请运行这些脚本。Run the scripts each time new updates must be applied to install the updates, and then restart the VM.

准备工作Preparation

在部署到生产环境之前,在具有代表性的非生产环境中打补丁。Patch on a representative non-production environment prior to deploying to production. 制定计划,以便在实际打补丁之前对系统进行充分测试。Develop a plan to adequately test your system prior to your actual patching.

在与群集的 ssh 会话中,你可能会不时收到“可以升级”消息。From time-to-time, from an ssh session with your cluster, you may receive a message that an upgrade is available. 该消息可能如下所示:The message may looks something like:

New release '18.04.3 LTS' available.
Run 'do-release-upgrade' to upgrade it

打补丁是可选的,由你自行决定。Patching is optional and at your discretion.

重启节点Restart nodes

脚本 schedule-reboots 设置将要在群集中的计算机上执行的重启的类型。The script schedule-reboots, sets the type of reboot that will be performed on the machines in the cluster. 提交脚本操作时,请将其设置为应用到所有三个节点类型:头节点、辅助角色节点和 zookeeper。When submitting the script action, set it to apply on all three node types: head node, worker node, and zookeeper. 如果未将此脚本应用于某个节点类型,则不会更新或重启该节点类型的 VM。If the script isn't applied to a node type, the VMs for that node type won't be updated or restarted.

schedule-reboots script 接受一个数字参数:The schedule-reboots script accepts one numeric parameter:

参数Parameter 接受的值Accepted values 定义Definition
要执行的重启类型Type of restart to perform 1 或 21 or 2 值为 1 表示启用计划重启(计划在 12-24 小时内重启)。A value of 1 enables schedule restart (scheduled in 12-24 hours). 值为 2 表示启用即时重启(在 5 分钟内重启)A value of 2 enables immediate restart (in 5 minutes). 如果未提供任何参数,则默认值为 1。If no parameter is given, the default is 1.

安装更新并重启节点Install updates and restart nodes

脚本 install-updates-schedule-reboots.sh 提供的选项用于安装不同类型的更新并重启 VM。The script install-updates-schedule-reboots.sh provides options to install different types of updates and restart the VM.

install-updates-schedule-reboots 脚本接受两个数字参数,如下表所述:The install-updates-schedule-reboots script accepts two numeric parameters, as described in the following table:

参数Parameter 接受的值Accepted values 定义Definition
要安装的更新的类型Type of updates to install 0、1 或 20, 1, or 2 值为 0 表示仅安装内核更新。A value of 0 installs only kernel updates. 值为 1 表示安装所有更新,为 2 表示仅安装内核 + 安全更新。A value of 1 installs all updates, and 2 installs only kernel + security updates. 如果未提供任何参数,则默认值为 0。If no parameter is provided, the default is 0.
要执行的重启类型Type of restart to perform 0、1 或 20, 1, or 2 值为 0 表示禁用重启。A value of 0 disables restart. 值为 1 表示启用计划重启,为 2 表示启用即时重启。A value of 1 enables schedule restart, and 2 enables immediate restart. 如果未提供任何参数,则默认值为 0。If no parameter is provided, the default is 0. 用户必须更改输入参数 1 才能输入参数 2。The user must change input parameter 1 to input parameter 2.

备注

在将某个脚本应用到现有群集后,必须将其标记为持久性脚本。You must mark a script as persisted after you apply it to an existing cluster. 否则,任何通过缩放操作创建的新节点都会使用默认的修补计划。Otherwise, any new nodes created through scaling operations will use the default patching schedule. 如果在群集创建过程中应用该脚本,则其会自动持久化。If you apply the script as part of the cluster creation process, it's persisted automatically.

后续步骤Next steps

若要了解使用脚本操作的具体步骤,请参阅使用脚本操作自定义基于 Linux 的 HDInsight 群集中的以下部分:For specific steps on using script actions, see the following sections in Customize Linux-based HDInsight clusters using script action: