Managing Patch Scan Tasks

Scenarios

You can scan the patch compliance of the target instance based on the selected patch baseline, instance, and batch execution policy. The scan result displays the compliance status of the instance patch.

You can perform patch scanning or repair using the created patch baseline that matches the OS of the selected instance. Currently, multiple OSs, such as EulerOS and CentOS, are supported. If there is no suitable patch baseline, create one by referring to Managing Patch Baselines.

Precautions

If an instance cannot be selected, check the following items:

• Whether the UniAgent status of the instance is normal.
• Whether the OS on which the instance is running is supported by the patch management function.
• Whether the instance is stopped.

Creating a Patch Scan Task

1. Log in to COC.
2. In the navigation pane on the left, choose Resource O&M > Automated O&M.
3. In the Routine O&M area, click Patch Management.
4. On the displayed page, click the Patch Scanning tab and choose a resource type.

   By default, ECS is selected.

5. Click Create Patch Scanning Task.
6. Set parameters in the Execution Account & Region area.
   • Execution Type: Single or Cross Account.
     • Single: Execute this job only under the current account.
     • Cross Account: Execute this job using multiple organization member accounts.
   

   • To use this function, you need to add the account to the organization, configure the agency permissions, and enter the agency name in advance. For details, see Cross-Account Management.

7. Set parameters in the Scheduled Task area.
   • Execution Mode: Execute immediately or Scheduled execution.
     • Execute immediately: Execute the scanning task immediately after it is created.
     • Scheduled execution: Configure the scheduled task details.

       Table 1 Scheduled task parameters

       Parameter	Description
       Time Zone	Select the time zone where the scheduled task is executed from the drop-down list.
       Timing Type	Select a timing type. Single execution: Execute the scheduled task once at a specified time. Periodic execution: Execute the task periodically based on the specified rule until the rule expires.
       Execution Time	It is used together with the timing type. For a single execution, set this parameter to the execution time. For periodic execution, select either of the following options: Simple: Select the execution time by week. Cron: Set the execution time using a cron expression. For details, see Using Cron Expressions.
       Rule Expired	This parameter needs to be set when Timing Type is set to Periodic execution. Enter the end time of the periodic execution rule.
       Notification Policy	Select Start of execution, Execution failed, or Execution succeeded. Multiple options can be selected.
       Recipient	Select Shift or Individual. Shift: Select a scenario and role from the drop-down lists based on the configured values. For details about how to configure a shift, see Shift Schedule Management. Individual: Select a reviewer. For details about how to configure a reviewer, see O&M Engineer Management.
       Notification Mode	Select a notification mode from the drop-down list. Default: Same as that selected in the reviewer subscription function. For details about how to set the default notification mode, see Selecting a Notification Method. SMS, WeCom, DingTalk, Lark, and Email: Notifications are sent based on the information reserved by the reviewer. For details about how to set reviewer information, see Modifying Personnel Information.

8. Configure the basic information.
   If Execution Mode is set to Execute immediately, set the parameters by referring to Table 2. If Execution Mode is set to Scheduled execution, set the parameters by referring to Table 3.

   Table 2 Basic information for immediate execution

   Parameter	Description
   Executed By	The preset value is root and cannot be changed.
   Timeout Interval	The maximum duration allowed for a scan.

   Table 3 Basic information about scheduled task execution

   Parameter	Description
   Task Name	You are advised to name the task based on the application scenario. The value can contain 3 to 100 characters, including letters, digits, hyphens (-), and underscores (_).
   Enterprise Project	Select an enterprise project from the drop-down list.
   Version	Enter the version number. The default version is 1.0.0.
   IAM Agency	Select an agency from the drop-down list. If the selected agency does not have required permissions, task execution will fail and you need to select another agency or create one.

9. Click Add and configure the parameters on the Select Instance dialog box.

   Table 4 Instance parameters

   Parameter	Description	Example Value
   Selection Method	Select an instance selection method. Manual Selection: Manually select an instance based on Enterprise Project, View Type, Resource Type, Region, and Target Instance. Select All: Automatically select all instances based on Enterprise Project, View Type, Resource Type, Region, and Target Instance.	Manual Selection
   Enterprise Project	Select an enterprise project from the drop-down list. You can choose All.	All
   View Type	Select a view type. CloudCMDB resources: Select an instance from the resource list. CloudCMDB application groups: Select an instance from the application group list.	CloudCMDB resources
   Resource Type	The value can be ECS, CCE, or BMS.	ECS
   Region	Select a region from the drop-down list.	CN-Hong Kong
   Target Instance	Set filter criteria in the filter box and select the filtered instances manually or automatically.	-

10. Configure Batch Policy and Suspension Policy.
    • Batch Policy: Select Automatic, Manual, or No Batch.
      • Automatic: The selected instances to be executed are automatically divided into multiple batches based on the preset rule.
      • Manual: You can manually create multiple batches and add instances to each batch as required.
      • No Batch: All instances will be executed in the same batch.
    • Suspension Policy:
      • You can set the execution success rate. When the number of failed hosts reaches the number failed ones that are calculated based on the execution success rate, the service ticket status becomes abnormal and the service ticket stops being executed.
      • The success rate ranges from 0 to 100 and supports accuracy up to one decimal place.

11. Click OK to go to the Confirm Execution page. Click OK to start the execution.
12. Perform the following operations to check whether a service ticket execution is complete.
    • For the service tickets that are being executed:
      • If you want to pause the next batch when the current batch is executed, click Pause in the upper right corner.
      • If you want to continue the paused batch, click Continue in the upper right corner.
      • If you want to stop the service ticket that is about to be executed or is abnormal, click Forcibly End.
    • For the service tickets that are executed:
      • If some or all instance tasks in the service tickets are executed abnormally:
        1. Click the Abnormal tab in the Execution Information area. Locate an abnormal batch and click Retry in the Operation column.
        2. Click the Abnormal tab in the Execution Information area. Locate an abnormal batch and click Cancel in the Operation column.
      • If all instance tasks are successfully executed, click Compliance Report in the upper right corner to view the patch scanning result.