Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cumulative update not being picked up #88

Open
sunil-vikramTR opened this issue Mar 22, 2021 · 5 comments
Open

Cumulative update not being picked up #88

sunil-vikramTR opened this issue Mar 22, 2021 · 5 comments

Comments

@sunil-vikramTR
Copy link

Packer version is 1.6.1
Windows update version is 0.10.1

We ran windows update on a windows image released by aws ( "ImageLocation": "amazon/Windows_Server-2016-English-Core-Base-2021.02.10")

As per MS catalog there was a cumulative update available for .net , but this was not picked up by the windows update.

This is the code in the packer template, we install SSU restart and look for cumulative update .

{
"type": "windows-update",
"search_criteria": "IsInstalled=0",
"filters": [
"include:$.Title -like 'Servicing Stack Update'"
],
"update_limit": 25
},
{
"pause_before": "10s",
"type": "windows-restart",
"restart_check_command": "powershell -command "& {Write-Output 'restarted.'}""
},
{
"type": "windows-update",
"search_criteria": "IsInstalled=0",
"filters": [
"include:$.Title -like 'Cumulative Update'"
],
"update_limit": 25
},
@rgl
Copy link
Owner

rgl commented Mar 22, 2021

Does it show any updates at all?

Try to use the include:$true filter to see if it shows anything:

    {
      "type": "windows-update",
      "filters": [
          "include:$true"
      ]
    }

If it still does not show anything, something in your aws setup is preventing windows update from working.

@sunil-vikramTR
Copy link
Author

Thanks will check that out , should i have both included "include:$true" and "include:$.Title -like 'Cumulative Update'"

@sunil-vikramTR
Copy link
Author

pipeline.log

snapshot of the log

@sunil-vikramTR
Copy link
Author

We have 2 questions

  1. How do we pick up .net or IE security updates or is this package only for OS level updates ?

  2. When we ran with include:true it found 2 updates one was released on 9th and the other on 12th .

Our pipeline ran on 10th that's it missed this one 2021-03 Cumulative Update for Windows Server 2016 for x64-based Systems (KB5000803)
As per https://support.microsoft.com/en-us/topic/march-9-2021-kb5000803-os-build-14393-4283-711d10dd-adcb-490b-a640-aaa25009cfed this was released on 9th

Any specific reason why this missed and how do we handle such cases

@rgl
Copy link
Owner

rgl commented Mar 22, 2021

It should pick up the same updates that are displayed by the windows update UI.

I don't known exactly how microsoft distributes the windows updates, it seems that some updates are gradually rolled out, which means, not everyone gets them at the same time. Also, sometimes updates are superseded by others. Also, sometimes updates are retracted. Also, this is all driven by the windows update backend services and the client does not have much to say, so it more-or-less just installs whatever the backend says. If you want to have a little bit more control over this, you have to use something like WSUS.

When you find out why its behaving like you've described, please update this issue with your findings.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rgl @sunil-vikramTR