New resource: azurerm_automation update management configuration

[jagiraud]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

We want to be able to deploy software update schedules via terraform.
We have configure a few standarized schedules that we will deploy to most of our customers, due to the amount of clicking in portal and lack of PS support for this resource, we would be very happy if this could be done from a terraform resource.

New or Affected Resource(s)

NEW RESOURCE
azurerm_automation_softwareUpdateConfigurations

Potential Terraform Configuration

Please refer to the following ARM template code for reference of configurable settings.
https://docs.microsoft.com/en-us/azure/templates/microsoft.automation/2017-05-15-preview/automationaccounts/softwareupdateconfigurations

resource "azurerm_automation_softwareUpdateConfigurations" "automation_sch1" {
  location            = "${var.location}"
  name                = "${local.aa_sch1}"
  resource_group_name = "${local.aa_rg}"

  update_configuration = {
    operating_system = "Windows"

    windows = {
      included_update_classifications = ""
      excludedKbNumbers               = ""
      reboot_setting                  = "IfRequired"
    }
    duration               = "120"
    azure_virtual_machines = ["VM01","VM02"]

    targets = {
      scope     = []
      locations = []

      tagSettings = {
        tags           = "UpdateGroup"
        filterOperator = "UpdateGroup01"
      }
    }
    scheduleInfo = {
      startTime = "07:00"
      expiryTime = ""
      expiryTimeOffsetMinutes ="",
      isEnabled =  true,
      nextRun = "string"
      nextRunOffsetMinutes= "number",
      interval= "integer",
      frequency= "string",
      timeZone= "string",
      advancedSchedule= {
        monthlyOccurrences= [
          {
            occurrence = "1"
            day = "tuesday"
          }
        ]
      }
    }
    tasks= {
      preTask = {
        parameters = "optional runbook parameters"
        source = "runbookname"
      }
      postTask = {
        parameters = "optional runbook parameters"
        source = "runbookname"
      }
    }
  }
}

References

• #0000

[OffColour]

@franzoir Have you found a good way of automating the onboarding of the VMs to the automation account so the configuration can be applied? Everything I've seen says at least one VM needs to be onboarded manually first and then use a runbook to onboard the rest which is pretty horrible. Would love to automate this with Terraform!

[jagiraud]

@OffColour I almost have a way that i'm happy with. Some tweaks still remain but I use Azure Policy to automatically onboard the VM to the correct Log Analytics workspace using tags to filter OS and WorkspaceName. Update management is then configured to automatically onboard VM linked to that workspace.

Later on I'll also use tags to dynamically target VM update schedules. Last time i tested it didn't work well with pre/post scripts.

[OffColour]

@franzoir Just tested this out and worked perfectly with the automatic onboarding enabled.
Thanks!

[pearcec]

@OffColour I almost have a way that i'm happy with. Some tweaks still remain but I use Azure Policy to automatically onboard the VM to the correct Log Analytics workspace using tags to filter OS and WorkspaceName. Update management is then configured to automatically onboard VM linked to that workspace.

Later on I'll also use tags to dynamically target VM update schedules. Last time i tested it didn't work well with pre/post scripts.

You said you are willing to share, can you paste your code somewhere? I hadn't considered using Policy. That seems like a great idea.

[elongstreet88]

I just worked it out via [azurerm_template_deployment] after figuring out how to deal with the time offset.
Example is here:
https://stackoverflow.com/questions/61762648/terraform-azurerm-schedule-start-time-always-resets-on-new-deploys/61766515#61766515

[iShubhamTiwari]

can anyone please specify the version of azurerm provider as this is not working for 2.20.0

TIA

[Dilergore]

can anyone please specify the version of azurerm provider as this is not working for 2.20.0

TIA

Since this is still a feature request and not an actually implemented thing.... This needs to be implemented first....

[ghost]

Did anyone get this to work with Azure Policies? I found this built-in policy didn't do what I expected.

[adamrushuk]

I've been meaning to try the new AzAPI terraform provider, where there is already an example for software update automation: https://github.com/Azure/terraform-provider-azapi/blob/main/examples/Microsoft.Automation/softwareUpdateConfigurations/main.tf

Please let us know how it goes if you get a chance to test 🤞🏼

[wuxu92]

@jagiraud This should have been supported by PR #17902.

[mybayern1974]

Given the expected resource has been supported as documented here, I'm closing this issue. Feel free to suggest re-activate if what is expected is still not implemented in this provider.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.