Help Center/ Cloud Operations Center/ User Guide/ Automated O&M/ Patch Management/ Creating Patch Repair Tasks
Updated on 2025-08-08 GMT+08:00
View PDF
Share

Creating Patch Repair Tasks

Scenarios

After patch scanning is performed on an instance, the scanning result displays the non-compliance status of the instance patch. If there are non-compliant patches, you can repair the patches on the target instance.

Multiple OSs, such as EulerOS and CentOS, are supported. You can scan and repair patches based on the default patch baseline that matches the OS of the selected instance. Before repairing patches, ensure that the corresponding default patch baseline has been created. For details about how to create a patch baseline, see Managing Patch Baselines.

Creating a Patch Repair Task

  1. Log in to COC.
  2. In the navigation pane on the left, choose Resource O&M > Automated O&M.
  3. In the Routine O&M area, click Patch Management.
  4. On the Patch Scanning tab page, select the resource type of the instance whose patch needs to be repaired.

    By default, ECS is selected.

  5. Locate the target instance and click Repair in the Operation column.
  6. Set parameters in the Execution Account & Region area.

    • Execution Type: Single or Cross Account.
      • Single: Execute this job only under the current account.
      • Cross Account: Execute this job using multiple organization member accounts.
    • To use this function, you need to add the account to the organization, configure the agency permissions, and enter the agency name in advance. For details, see Cross-Account Management.

  7. Set parameters in the Scheduled Task area.

    • Execution Mode: Execute immediately or Scheduled execution.
      • Execute immediately: Execute the scanning task immediately after it is created.
      • Scheduled execution: Configure the scheduled task details.
        Table 1 Scheduled task parameters

        Parameter

        Description

        Time Zone

        Select the time zone where the scheduled task is executed from the drop-down list.

        Timing Type

        Select a timing type.

        • Single execution: A scheduled task is executed once at a specified time.
        • Periodic execution: A task is periodically executed based on the specified rule until the rule expires.

        Execution Time

        It is used together with the timing type.

        • For a single execution, set this parameter to the execution time.
        • For periodic execution, select either of the following options:
          • Simple: Select the execution time by week.
          • Cron: Set the execution time using a cron expression. For details, see Using Cron Expressions.

        Rule Expired

        This parameter needs to be set when Timing Type is set to Periodic execution.

        Enter the end time of the periodic execution rule.

        Notification Policy

        Select Start of execution, Execution failed, or Execution succeeded. Multiple options can be selected.

        Recipient
        Select Shift or Individual.
        • Shift: Select a scenario and role from the drop-down lists based on the configured values. For details about how to configure a shift, see Shift Schedule Management.
        • Individual: Select a reviewer. For details about how to configure a reviewer, see O&M Engineer Management.

        Notification Mode
        Select a notification channel from the drop-down list box.
        • Default: Same as that selected in the reviewer subscription function. For details about how to set the default notification mode, see Selecting a Notification Method.
        • SMS, WeCom, DingTalk, Lark, and Email: Notifications are sent based on the information reserved by the reviewer. For details about how to set the reviewer information, see Modifying Personnel Information.

  8. Configure the basic information.

    If Execution Mode is set to Execute immediately, set the parameters by referring to Table 2. If Execution Mode is set to Scheduled execution, set the parameters by referring to Table 3.
    Table 2 Basic information for immediate execution

    Parameter

    Description

    Executed By

    The preset value is root and cannot be changed.

    Timeout Interval

    Maximum duration for scanning. The value is 1,800 seconds by default
    Table 3 Basic information for scheduled execution

    Parameter

    Description

    Task Name

    You are advised to name the task based on the application scenario.

    The value can contain 3 to 100 characters, including letters, digits, hyphens (-), and underscores (_).

    Enterprise Project

    Select an enterprise project from the drop-down list.

    Version

    Enter a version. The default version is 1.0.0.

    IAM Agency

    Select an agency from the drop-down list. If the selected agency does not have required permissions, task execution will fail and you need to select another agency or create one.

  9. Set Repair Resources.

    • Resources: Click Add. On the displayed page, select the target instances.
    • Batch Policy: Select Automatic, Manual, or No Batch.
      • Automatic: The selected instances to be executed are automatically divided into multiple batches based on the preset rule.
      • Manual: You can manually create multiple batches (the selected target instances should be more than the batch number) and add the selected instances to each batch as required.
      • No Batch: All instances will be executed in the same batch.
    • Suspension Policy:
      • You can set the execution success rate. When the number of failed hosts reaches the number failed ones that are calculated based on the execution success rate, the service ticket status becomes abnormal and the service ticket stops being executed.
      • The success rate ranges from 0 to 100 and supports accuracy up to one decimal place.
    • Allow Restart: Some patches require a restart to take effect. If you choose not to restart, you will need to schedule a restart at a later time.

  10. Click OK to go to the Confirm Execution page. Click OK to start the execution.
  11. Perform the following operations to check whether a service ticket execution is complete.

    • For the service tickets that are being executed:
      • If you want to pause the next batch when the current batch is executed, click Pause in the upper right corner.
      • If you want to continue the paused batch, click Continue in the upper right corner.
      • If you want to stop the service ticket that is about to be executed or is abnormal, click Forcibly End.
    • For the service tickets that are executed:
      • If some or all instance tasks in the service tickets are executed abnormally:
        1. Click the Abnormal tab in the Execution Information area. Locate an abnormal batch and click Retry in the Operation column.
        2. Click the Abnormal tab in the Execution Information area. Locate an abnormal batch and click Cancel in the Operation column.
      • If all instance tasks are successfully executed, click Compliance Report in the upper right corner to view the patch repair result.

Parent Topic: Patch Management