Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article explains how to keep an Azure Linux virtual machine (VM) updated using:
- Image-based updates: Redeploy the VM from a newer Azure Linux image. This approach aligns naturally with safe deployment practices (SDP).
- Package-based updates: Apply package updates in place on a running VM. This approach requires more coordination to roll out safely.
Select the method that best fits your release process. You can also combine both approaches.
Image-based updates
Azure Linux ships a new image release each month that includes the previous month's package updates. To stay current, redeploy your fleet from the latest Azure Linux image release.
A typical rollout looks like this:
- Pull the latest Azure Linux image when it's published.
- Add the latest versions of any extra packages your workload uses.
- Test the new image.
- Roll out the image using a safe deployment practice (SDP).
Automatic OS image upgrades for Virtual Machine Scale Sets
If your workload runs on a Virtual Machine Scale Set (VMSS), you can opt in to Automatic operating system (OS) image upgrades to roll out new image versions to your scale set without manual intervention.
Package-based updates
Package-based updates apply package changes to a VM that's already running. You can orchestrate them to follow a safe deployment framework, but doing so requires more coordination than image-based updates.
Use dnf-automatic
Warning
dnf-automatic doesn't reboot the VM after a kernel update.
Without staged rollout, a bad package update can be applied to every VM at once and cause an outage. Combine dnf-automatic with your own staging and monitoring before enabling it broadly.
Add the dnf-automatic package to your image to automate in-VM package updates. After installing the package, enable and start the dnf5-automatic.timer systemd timer using the following commands:
sudo dnf install dnf-automatic
sudo systemctl enable dnf5-automatic.timer
sudo systemctl start dnf5-automatic.timer
Use Azure VM guest patching
For a managed alternative, enable Azure VM guest patching, which applies package updates following a safe deployment framework managed by Azure.