In April, we announced the general availability of Google Cloud’s OS patch management service to protect your running VMs against defects and vulnerabilities. This service works on Compute Engine and across Windows and Linux OS environments. In this blog, we share how to orchestrate your patch deployment using pre-patch and post-patch scripts.

What are pre-patch and post-patch scripts?

When running a patch job, you can specify the scripts that you want to run as part of the patching process. These scripts are useful for performing tasks such as safely shutting down an application and performing health checks:

• Pre-patch scripts run before patching starts. If a system reboot is required before patching starts, the pre-patch script runs before the reboot.
• Post-patch scripts run after patching completes. If a system reboot is required as part of the patching, the post-patch script runs after the reboot.

Note: A patch deployment is not executed if the pre-patch script fails, which can be an important safeguard feature for customers before deploying patches on their machines. If the post-patch script fails in any VM, the patch job is marked as failed.

Why pre-patch and post-patch scripts?

By reducing the risk of downtime, patch management can be one of the most important determiners in the security of your entire IT system, as well as for end-user productivity.

To successfully automate the complete end-to-end patching process, you as the patch administrator may need to customize these scripts for your environment and workload. For example, as part of your patch deployment process, you might want to run health checks before or after patching to make sure your services and applications are running as expected.

There are lots of other scenarios where a pre-patch or post-patch script might be useful.

#management tools #google cloud platform #compute #cloud #cloud computing