Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS Systems Manager POC #6

Open
pavaniankam92 opened this issue Jul 21, 2023 · 7 comments
Open

AWS Systems Manager POC #6

pavaniankam92 opened this issue Jul 21, 2023 · 7 comments

Comments

@pavaniankam92
Copy link
Collaborator

This is to standardize patching policy for AWS EC2 instances since currently there is no standard or schedule being followed by GTT for patching.
@pavaniankam92
Copy link
Collaborator Author

Systems Manager POC has been completed. Tested on a machine with an image from already existing Dev machine which had many patching backlogs and now after pushing patches I see that the machine has patched with important
security updates and bug fixes. Used patch baselines as the source to report compliance.
Please let me know the downtime for the Ingest-Dev machine to apply the patching through systems manager @patrick-tripp
@jonmjoyce

@pavaniankam92
Copy link
Collaborator Author

Unable to patch because of the Docker dependencies, application dependencies

  • Installed Grub2 tools package
  • Installed grub2-common
  • Installed Selinux
  • Installed libselinux
  • Installed libsemanage
  • Installed libsepol
  • Installed policycoreutils
  • Installed selinux-policy
  • Installed container-selinux(still trying to fix)
  • Installed containerd.io.x86_64
  • Installed runc.x86_64(still trying to fix)

@pavaniankam92
Copy link
Collaborator Author

Issues with some of Centos OS machines and they are reporting incorrect on systems manager. Default patch baseline was checking even non-critical/not required patches/application specific updates. Created custom PB with classification as Critical/Important updates and bug fixes. Waiting to be tested after hours.

@pavaniankam92
Copy link
Collaborator Author

pavaniankam92 commented Aug 15, 2023
edited
Loading

patching donut.asa.rocks.
Encountered issues with these packages and was showing as "non-complaint" because of these dependencies.

  • libuv.x86_64
  • hdf5-devel.x86_64
  • hdf5.x86_64
  • htop.x86_64
  • libuv-devel.x86_64
    Working to fix these dependencies or install them .

Patching done on donut.asa.rocks - MARACOOS/Gliders OM1, greyjoy.asa.rocks- installed above packages manually

@pavaniankam92
Copy link
Collaborator Author

Patching done on bolton.asa.rocks, moss.asa.rocks

@pavaniankam92
Copy link
Collaborator Author

Tried patching on Umber.asa.rocks, tyrion.asa.rocks, bolton.asa.rocks
Issue: Unable to report in compliance reporting due to old version of SSM Agent in these machines.
Need to update today .

@pavaniankam92
Copy link
Collaborator Author

Patching has been completed on ASA Devops and IOOS Cloud account.
Completed automating both the accounts.
PFA for the compliance report and the automation set up.
[https://us-east-1.console.aws.amazon.com/systems-manager/quick-setup?region=us-east-1]
[https://us-east-1.console.aws.amazon.com/systems-manager/quick-setup?region=us-east-1]
[https://us-east-1.console.aws.amazon.com/systems-manager/patch-manager/reporting?region=us-east-1]
[https://us-east-1.console.aws.amazon.com/systems-manager/patch-manager/reporting?region=us-east-1]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pavaniankam92