Keep system up to date

Windows

To keep a Windows up-to-date with Rudder you need the dsc plugin and the Windows Update technique.

The technique is currently separately provided but may be included with the plugin depending on your subscription plan.

Windows Update Technique

The Windows Update technique can be found in the directive page under the Application category. To update a Windows machine with this technique, you must apply it via a rule to your Windows node. The update is done in 3 separate steps:

  • KB download: download KB from system repository (Microsoft update servers - WSUS is not supported yet)

  • KB application: apply latest downloaded KBs

  • Reboot if necessary: reboot if some applied KB asked for it

Each step can be scheduled using one of these method:

  • Delay after patch Tuesday

  • Delay after first day of month

  • Delay after first specific day (Monday, ..) of month

  • Delay after previous step

There is also a special step that is used to check for remaining unapplied KBs. This step is scheduled with a simple short interval in hours (typically 24 hours).

Update a system

Let’s create a directive to apply the technique to a given Windows node. In the parameters, check the Test mode, this ignores the scheduling options so that every step is always tried on each agent run. This means you can check that you directive works on your nodes without having to wait for next patch Tuesday.

Don’t forget to remove this parameter after testing since it may be a bit heavy to run all the time on your machines.

  • The first section of parameters is about checking for unapplied KBs. This part has no monthly scheduling since it is done much more often. The parameter is a check period in hours.

  • The next 3 sections are the scheduling of the 3 method steps described above. Note that you can disable each step, either to separate them in different directives or just to make sure they don’t run. The scheduling is done by specifying the reference date, the delay in days and the startup time of the task. So for example if you want to download KBs on Saturday after the patch Tuesday after 8AM, use Patch Tuesday as the reference time, 4 days delay, and start hour 8. And if you want the application to be done on the day after, use Download date as the reference time, 1 day delay.

  • One last parameter is Force reboot. When a reboot is needed and someone is connected to the system at that time, reboot is prevented if Force reboot is not checked.

Reports

The system update technique reports are maintained through executions, as opposed to regular technique that make new report for each agent run. This means that if the update fail, a fail report is continuously sent to the server until the next update tentative.

Each run also provides a report of unapplied KBs, so that is a KB fail to apply, it is reported in the "KB not applied" section.


← Use relays and server as repository mirrors Add new methods to the technique editor →