search

Azure / bicep

Bicep is a declarative language for describing and deploying Azure resources
MIT License
3.25k stars 754 forks source link

Issue creating Windows Update Deployment #3817

Closed thepaulmacca closed 3 years ago

thepaulmacca commented 3 years ago

Bicep version 0.4.451

Describe the bug Trying to create a Windows Update Deployment and hitting a warning with includedUpdateClassifications

To Reproduce Create a softwareUpdateConfigurations resource and add the below classifications:

  resource windowsUpdates 'softwareUpdateConfigurations@2019-06-01' = {
    name: 'windowsUpdates'
    properties: {
      scheduleInfo: {
          advancedSchedule: {
            monthlyOccurrences: [
              {
                day: 'Saturday'
                occurrence: 3
              }
            ]
          }
        description: 'Windows OS Updates'
        frequency: 'Month'
        interval: 1
        isEnabled: true
        startTime: startTime
      }
      updateConfiguration: {
        duration: 'PT2H'
        operatingSystem: 'Windows'
        targets: {
          azureQueries: [
            {
              scope: [
                subscription().id
              ]
              tagSettings: {
                filterOperator: 'All'
                tags: {
                  MaintenanceWindow: [
                    'ThirdSaturdayOfMonth'
                  ]
                }
              }
            }
          ]
        }
        windows: {
          includedUpdateClassifications: 'Critical'
          rebootSetting: 'IfRequired'
        }
      }
    }
  }

Additional context When adding more than 1 update classification, I'm getting the below error:

image

I don't find the documentation on this very clear, and I don't see anything in the REST API specs either on how to do this correctly

Also, if I'd like this deployment to run at 10pm on the 3rd Saturday of each month (west europe region), how would I set the time for that? I'm not sure how to configure the timeZone

Any help appreciated, thanks

anthony-c-martin commented 3 years ago

This isn't very obvious, but when I hover over the includedUpdateClassifications property, I see this description: image

Update classification included in the software update configuration. A comma separated string with required values

Have you tried specifying multiple settings in a comma-separated format - e.g.:

...
        windows: {
          includedUpdateClassifications: 'Critical,Security,UpdateRollup,Updates'
          rebootSetting: 'IfRequired'
        }
...
anthony-c-martin commented 3 years ago

Disclaimer - I don't work for the Automation team, so I don't know the ins-and-outs of the service, but from the example the team has published alongside their API specification, it looks like an IANA time zone name:

https://github.com/Azure/azure-rest-api-specs/blob/1b0ed8edd58bb7c9ade9a27430759527bd4eec8e/specification/automation/resource-manager/Microsoft.Automation/stable/2019-06-01/examples/softwareUpdateConfiguration/createSoftwareUpdateConfiguration.json#L73

thepaulmacca commented 3 years ago

Thanks for coming back to me, I'll give the update classifications a try. I didn't think of that!

Regarding the timeZone - if I set it to Europe/Amsterdam i get this error:

{

    "status": "Failed",
    "error": {
        "code": "DeploymentFailed",
        "message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.",
        "details": [
            {
                "code": "BadRequest",
                "message": "{\r\n  \"code\": \"BadRequest\",\r\n  \"message\": \"Argument scheduleAllData with value Orchestrator.Schedules.DataAccess.Models.ScheduleAllData is not valid. Error message: The start time of the schedule must be at least 5 minutes after the time you create the schedule. \"\r\n}"
            }
        ]
    }
}

Without timeZone it works fine, but then I can't set up deployments for other regions. I guess I'll have to raise an issue with them somewhere as I'm out of ideas on what to try

anthony-c-martin commented 3 years ago

@vrdmr - since you're tagged as an automation code owner. Do you know what could be going wrong here? Do you have any documentation to share?

thepaulmacca commented 3 years ago

Yep so the below works:

        windows: {
          includedUpdateClassifications: 'Critical,Security,UpdateRollup,Updates'
          rebootSetting: 'IfRequired'
        }

Thanks for your help! 👍