New resource: azurerm_automation update management configuration

[jagiraud]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

We want to be able to deploy software update schedules via terraform. We have configure a few standarized schedules that we will deploy to most of our customers, due to the amount of clicking in portal and lack of PS support for this resource, we would be very happy if this could be done from a terraform resource.

New or Affected Resource(s)

NEW RESOURCE azurerm_automation_softwareUpdateConfigurations

Potential Terraform Configuration

Please refer to the following ARM template code for reference of configurable settings. https://docs.microsoft.com/en-us/azure/templates/microsoft.automation/2017-05-15-preview/automationaccounts/softwareupdateconfigurations

resource "azurerm_automation_softwareUpdateConfigurations" "automation_sch1" {
  location            = "${var.location}"
  name                = "${local.aa_sch1}"
  resource_group_name = "${local.aa_rg}"

  update_configuration = {
    operating_system = "Windows"

    windows = {
      included_update_classifications = ""
      excludedKbNumbers               = ""
      reboot_setting                  = "IfRequired"
    }
    duration               = "120"
    azure_virtual_machines = ["VM01","VM02"]

    targets = {
      scope     = []
      locations = []

      tagSettings = {
        tags           = "UpdateGroup"
        filterOperator = "UpdateGroup01"
      }
    }
    scheduleInfo = {
      startTime = "07:00"
      expiryTime = ""
      expiryTimeOffsetMinutes ="",
      isEnabled =  true,
      nextRun = "string"
      nextRunOffsetMinutes= "number",
      interval= "integer",
      frequency= "string",
      timeZone= "string",
      advancedSchedule= {
        monthlyOccurrences= [
          {
            occurrence = "1"
            day = "tuesday"
          }
        ]
      }
    }
    tasks= {
      preTask = {
        parameters = "optional runbook parameters"
        source = "runbookname"
      }
      postTask = {
        parameters = "optional runbook parameters"
        source = "runbookname"
      }
    }
  }
}

References

• 0000

[OffColour]

@franzoir Have you found a good way of automating the onboarding of the VMs to the automation account so the configuration can be applied? Everything I've seen says at least one VM needs to be onboarded manually first and then use a runbook to onboard the rest which is pretty horrible. Would love to automate this with Terraform!

[jagiraud]

@OffColour I almost have a way that i'm happy with. Some tweaks still remain but I use Azure Policy to automatically onboard the VM to the correct Log Analytics workspace using tags to filter OS and WorkspaceName. Update management is then configured to automatically onboard VM linked to that workspace.

Later on I'll also use tags to dynamically target VM update schedules. Last time i tested it didn't work well with pre/post scripts.

[OffColour]

@franzoir Just tested this out and worked perfectly with the automatic onboarding enabled. Thanks!

[boutmbr]

@franzoir @OffColour when using terraform 0.12 I get following error: Error: Invalid resource type

on Modules\UpdateSchedule\Update_Schedule_module.tf line 2, in resource "azurerm_automation_softwareUpdateConfigurations" "schedule": 2: resource "azurerm_automation_softwareUpdateConfigurations" "schedule" {

The provider provider.azurerm does not support resource type "azurerm_automation_softwareUpdateConfigurations".

Isn't it supported yet in 0.12?

[OffColour]

@boutmbr This is a request for a new resource. It doesn't exist.

[boutmbr]

@OffColour Thought so already :) I was confused by your last comment. Is there any progress on this feature since March?

[pearcec]

@OffColour I almost have a way that i'm happy with. Some tweaks still remain but I use Azure Policy to automatically onboard the VM to the correct Log Analytics workspace using tags to filter OS and WorkspaceName. Update management is then configured to automatically onboard VM linked to that workspace.

Later on I'll also use tags to dynamically target VM update schedules. Last time i tested it didn't work well with pre/post scripts.

You said you are willing to share, can you paste your code somewhere? I hadn't considered using Policy. That seems like a great idea.

[elongstreet88]

HI There! Was this intended to be brought into azurerm 2.0? This would be a really nice feature to bring on :).

[adamrushuk]

Agreed, this missing feature would be really useful. In the meantime, are there any workarounds to automate update management schedules?

[elongstreet88]

I just worked it out via [azurerm_template_deployment] after figuring out how to deal with the time offset. Example is here: https://stackoverflow.com/questions/61762648/terraform-azurerm-schedule-start-time-always-resets-on-new-deploys/61766515#61766515

[rohrerb]

Any update on when this can be added?

[juanjojulian]

I'm very interested in this resource or in any other way to configure VM update schedules via Terraform/azurerm.

[iShubhamTiwari]

can anyone please specify the version of azurerm provider as this is not working for 2.20.0

TIA

[Dilergore]

can anyone please specify the version of azurerm provider as this is not working for 2.20.0

TIA

Since this is still a feature request and not an actually implemented thing.... This needs to be implemented first....

[artur-carvalho]

Is there any possible date to release this feature?

[code2exe]

Hi all, Can we please have this feature rolled out? @katbyte Thank you so much!

[calloes]

Hi can we look at having this resource added

[Bluffkin]

I'd love this too. Feels bad having to do this via ARM.

[omerfsen]

Exactly it would be nice to have this instead of ARM

[ghost]

Did anyone get this to work with Azure Policies? I found this built-in policy didn't do what I expected.

[adamrushuk]

I've been meaning to try the new AzAPI terraform provider, where there is already an example for software update automation: https://github.com/Azure/terraform-provider-azapi/blob/main/examples/Microsoft.Automation/softwareUpdateConfigurations/main.tf

Please let us know how it goes if you get a chance to test 🤞🏼

[wuxu92]

@jagiraud This should have been supported by PR #17902.

[mybayern1974]

Given the expected resource has been supported as documented here, I'm closing this issue. Feel free to suggest re-activate if what is expected is still not implemented in this provider.

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.