All Products
Search

This Product

    CloudOps Orchestration Service:Patch management

    Document Center

    CloudOps Orchestration Service:Patch management

    Last Updated:May 28, 2025

    Quick setup allows you to create patch policies that are powered by the patch management feature. A patch policy defines the schedule and baseline used to automatically patch Elastic Compute Service (ECS) instances or Elastic Desktop Service (EDS) cloud computers. You can create a patch policy to define patching for your account in one or more regions. Compared with directly using the patch management feature, using the quick setup feature to set up patch management implements a more extensive and centralized control over patching operations.

    Important

    Patch compliance scanning methods: CloudOps Orchestration Service (OOS) supports multiple methods to scan managed nodes for patch compliance. If you use multiple scanning methods at a time, the patch compliance information displayed is the result of the most recent scan. Results of previous scans are overwritten. If the scanning methods use different patch baselines with varying approval rules, the patch compliance information may be subject to unanticipated changes.

    Procedure

    1. Log on to the OOS console.

    2. In the left-side navigation pane, click Quick Setup.

    3. On the Configuration Library tab, find the Patch Management card and click Create.

    4. In the Cross account configuration section, select Current Account or Across Accounts (Resource Directory).

      • Current Account: This is the default option. Resources within the current account can be specified.

      • Across Accounts (Resource Directory): Resources in multiple accounts can be specified. Before you select this option, make sure that resource directories are enabled and complete the settings as an administrator or a delegated administrator. When you enable trusted access, set ROS as the trusted service. For more information, see Manage a delegated administrator account.

    5. Enter a configuration description in the Configuration Description field to help identify the patch policy.

    6. Select an execution schedule for the TimerTrigger parameter. Valid values:

    • Execute Now: performs a scan immediately after the patch policy is created.

    • Executed Once at the Specified Time: performs a scan at the specified time. If you select this value, you must also specify the time at which OOS performs the scan.

    • Executed Periodically: performs scans based on the specified schedule. To specify the scan frequency, you can click Select or enter a custom CRON expression. For more information about CRON expressions, see Configure CRON expressions.

    1. Set the Action parameter to Scan and Install or Scan Only. A value of Scan and Install specifies that OOS scans the specified nodes for patch compliance and installs the required patches on the nodes. A value of Scan Only specifies that OOS only scans the specified nodes.

    2. Specify whether to create snapshots for system disks by turning on or off the WhetherCreateSnapshot switch. By default, the switch is turned off.

    3. Specify whether to restart the nodes by turning on or off the RebootIfNeed switch. By default, the switch is turned off. We recommend that you restart the nodes after patches are installed. However, this may affect service availability.

    4. In the Select Instances section, specify the regions, resource type, and nodes to which the patch policy applies.

    Note

    You can specify the current region or multiple regions.

    • Specify one or more regions by setting the SelectRegion parameter to one of the following values:

      • Deploy in Current Region: applies the patch policy to the region selected in the top navigation bar of the OOS console.

      • Deploy in Another Region: applies the patch policy to the one or more regions that you select.

    • Specify the resource type by setting the ResourceType parameter to one of the following values:

      • ECS Instance

      • WUYING Workspace Cloud Computer

    • Specify one or more nodes by using one of the following methods:

      • If you set the SelectRegion parameter to Deploy in Current Region, you can set the Select Role parameter to Manually Select Instances, Specify Instance Tags, Specify Resource Group, or Select All and select one or more nodes.

      • If you set the SelectRegion parameter to Deploy in Another Region, you can set the Select Role parameter to Specify Instance Tags or Select All and select one or more nodes.

    1. In the Control Options section, configure rate control by configuring the following parameters:

    • Rate control type: Specify the rate control type. Valid values:

      • Concurrency-based Control: Specify the number or percentage of nodes on which the patch policy is to be executed at the same time.

      • Batch-based Control: If you want to execute the patch policy on the selected nodes in batches, specify the batch sizes as numerals or percentages in the Batch Array field and select Automatic, Suspend Each Batch, or Suspend First Batch as the control mode.

    • Error Threshold: Enter the number or percentage of nodes that can have errors before an execution of the patch policy is stopped. Default value: 0, which specifies that an execution fails and ends if an error occurs on one node. A value of 100% specifies that the patch policy is executed regardless of the number of nodes that have errors.

    1. Click Create. After the patch policy is created, you can view the patching status on the Quick Setup page.