Queries on providing linux and windows paramaeters in resource file for maintenance configuraiton

Question

in my case I am going to apply patches for both Linux and windows virtual machines and then I will include all KBs.

so what exactly I need to be provide here. ?

I am going through below document but stuck in what to give in below highlighted area?

https://learn.microsoft.com/en-us/azure/templates/microsoft.maintenance/maintenanceconfigurations?pivots=deployment-language-terraform#inputpatchconfiguration-2

2.

My requirement is every week Wednesday 5.30 PM EST , so please let me know to add and what need to be filled exactly.

code:

# Terraform Settings Block
terraform {
  required_version = ">= 1.0.0"
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
      version = ">= 2.0" # Optional but recommended in production
    }    
  }
}

# Configure the Microsoft Azure Provider
provider "azurerm" {
  features {}
}

# Create Resource Group 
resource "azurerm_resource_group" "my_demo_rg1" {
  location = "eastus"
  name = "mc-rg"  
}








resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Maintenance/maintenanceConfigurations@2023-04-01"
  name = "MC-test-terraform"
  location = "eastus"
  parent_id = "/subscriptions/93048f2d-2d0f-44cc-b12c-4df25a3c5ff5/resourceGroups/mc-rg"
  tags = {
    tagName1 = "tagValue1"
    tagName2 = "tagValue2"
  }
  body = jsonencode({
    properties = {
      extensionProperties = {}
      installPatches = {
        linuxParameters = {
          classificationsToInclude = [
            "string"
          ]
          packageNameMasksToExclude = [
            "string"
          ]
          packageNameMasksToInclude = [
            "string"
          ]
        }
        rebootSetting = "IfRequired"
        windowsParameters = {
          classificationsToInclude = [
            "string"
          ]
          excludeKbsRequiringReboot = bool
          kbNumbersToExclude = [
            "string"
          ]
          kbNumbersToInclude = [
            "string"
          ]
        }
      }
      maintenanceScope = "InGuestPatch"
      maintenanceWindow = {
        duration = "string"
        expirationDateTime = "string"
        recurEvery = "string"
        startDateTime = "string"
        timeZone = "string"
      }
      namespace = "string"
      visibility = "string"
    }
  })
}

Answer 1

Hi,

linuxParameters.classificationsToInclude requires on or more values of Critical, Security, Other. windowsParameters.classificationsToInclude requires one or more values of Critical, Security, UpdateRollup, FeaturePack, ServicePack, Tools, Updates. linuxParameters.packageNameMasksToExclude or linuxParameters.packageNameMasksToInclude accepts any names of linux packages that respectively you want to exclude or include. Wildcard characters like * is accepted. For example ssl*. windowsParameters.kbNumbersToExclude and windowsParameters.kbNumbersToInclude similar but for Windows. Instead of package names here you need KB (knowledge base) numbers. Each windows update has KB number. Only the number is required without KB. Example 5035767.

The schedule is configured via maintenanceWindow. Here is how it will look for the desired schedule:

maintenanceWindow: {
  startDateTime": "2024-04-25 17:30"
  duration: "03:55"
  timeZone: "Eastern Standard Time"
  expirationDateTime: null
  recurEvery: "1Week Wednesday"
}

Note that I am assuming that EST is Eastern Standard Time. The exact start date your can set to your liking. duration as well.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.