diff --git a/aws/aws-how-to/automatically-update-ubuntu-instances-images/schedule_task.png b/aws/aws-how-to/automatically-update-ubuntu-instances-images/schedule_task.png new file mode 100644 index 00000000..8245756a Binary files /dev/null and b/aws/aws-how-to/automatically-update-ubuntu-instances-images/schedule_task.png differ diff --git a/aws/aws-how-to/automatically-update-ubuntu-instances.rst b/aws/aws-how-to/automatically-update-ubuntu-instances.rst new file mode 100644 index 00000000..0c19a091 --- /dev/null +++ b/aws/aws-how-to/automatically-update-ubuntu-instances.rst @@ -0,0 +1,82 @@ +Automatically update Ubuntu instances using AWS SSM +=================================================== + +AWS Systems Manager (SSM) can be used to set up automated updates of your Ubuntu and Ubuntu Pro instances. This can be done by creating an automated maintenance window and registering an appropriate run command task for that window. + +.. note:: + + For the process to work, your Ubuntu instances will need outbound access to port 443 and an SSM agent. All AWS-optimised versions of Ubuntu (16.04 and later) come with the SSM agent pre-installed. + +Create an appropriate IAM role +------------------------------ + +If you don't have an IAM role that allows EC2 instances to call SSM APIs, create one: + +* In the IAM console, select :guilabel:`Create role` +* Select :guilabel:`AWS service` under the `Select type of trusted entity` and :guilabel:`EC2` under `Choose a use case` > `Common use cases` +* Select :guilabel:`Next: Permissions` +* In the list of policies to attach to this role, search for "SSM" and select the policy document titled ``AmazonSSMManagedInstanceCore``. Save it and attach it to the instances that you want to update automatically. + + +Create a maintenance window in SSM +---------------------------------- + +SSM Maintenance windows allow you to configure time slots for automatically running specific actions. + +* In SSM, select :guilabel:`AWS Systems Manager` > :guilabel:`Maintenance Windows` > :guilabel:`Create maintenance window` +* Provide the maintenance window details: + + * :guilabel:`Name`: `update-ubuntu` + * :guilabel:`Description - optional`: `updates Ubuntu using apt and official repositories` + * :guilabel:`Unregistered targets`: enable `Allow unregistered targets` + +Now schedule the task, by specifying how often you would like to run it, say: + +.. image:: automatically-update-ubuntu-instances-images/schedule_task.png + :align: center + +After saving, you should be able to open the new maintenance window page under :guilabel:`AWS Systems Manager` > :guilabel:`Maintenance Windows`. + + +Register a run command task +--------------------------- + +A run command task is a set of instructions that you can send to and run in an instance, without having to log into it. It can be a script, a series of commands or even automation documents such as Ansible Playbooks, Chef recipes and other AWS documents created for common tasks like installing a package or updating agents. + +To create the task: + +* Open the page for the newly created maintenance window and select: :guilabel:`Tasks` > :guilabel:`Register tasks` > :guilabel:`Register Run command task` +* Under :guilabel:`Maintenance window task details` add a name and description for the task: + + * :guilabel:`Name - optional`: `update-and upgrade` + * :guilabel:`Description - optional`: `updates and upgrades my Ubuntu instances` + +* Under :guilabel:`Command document` select the action (document) that you want to run by searching for ``AWS-RunShellScript`` and selecting it +* Under :guilabel:`Targets` choose the :guilabel:`Selecting unregistered targets` option and then select all the instances that you would like to run the task for. In the list, you will only see the instances that have SSM agent running and are properly configured - i.e. SSM agent installed, roles attached and outbound network access granted. So, if you don't see all the instances that you want, check their roles and security groups. + +.. tip:: + + If you want to run this task for future instances too, then use the :guilabel:`Selecting registered target groups` option instead. Target groups are configured in `AWS Resource Groups` console and uses tags and other options for grouping instances. + +* If you need to store the output from the operation in an external repository such as S3, you could enable it under :guilabel:`Output options`. Otherwise, you can always browse the results from the AWS console. + +* Under :guilabel:`Rate control` you can configure: + + * `concurrency` - the number of instances on which you would like to run this task simultaneously + * `error threshold` - the number of executions after which to stop in case something goes wrong + +* Finally, under :guilabel:`Parameters` you'll be able to add the shell commands that you want to run, specify an optional working directory and an optional execution timeout. In the :guilabel:`Commands` text box, add: + +.. code:: + + sudo apt update + sudo apt upgrade -y + +* Save the changes + + + + + + + diff --git a/aws/aws-how-to/eks-gpu-enablement.rst b/aws/aws-how-to/enable-gpus-on-eks.rst similarity index 100% rename from aws/aws-how-to/eks-gpu-enablement.rst rename to aws/aws-how-to/enable-gpus-on-eks.rst diff --git a/aws/aws-how-to/index.rst b/aws/aws-how-to/index.rst index 3e33303e..0a39be1b 100644 --- a/aws/aws-how-to/index.rst +++ b/aws/aws-how-to/index.rst @@ -1,18 +1,39 @@ How-to guides ============= -Linked below are step-by-step guides for some key operations such as: finding the right Ubuntu images, launching an Ubuntu desktop on EC2, building your own Ubuntu Pro AMI, deploying an EKS cluster, deploying Charmed Kubernetes on Ubuntu Pro, using UEFI Secure Boot, upgrading from Ubuntu 20.04 to 22.04 and enabling GPUs on EKS worker nodes. +If you want to find the right Ubuntu image, upgrade from Ubuntu 20.04 to 22.04, create CloudFormation templates, automatically update your Ubuntu instances, or just launch an Ubuntu desktop on EC2, refer to these guides: + +* :doc:`./find-ubuntu-images` +* :doc:`./upgrade-from-focal-to-jammy` +* :doc:`./build-cloudformation-templates` +* :doc:`./automatically-update-ubuntu-instances` +* :doc:`./launch-ubuntu-desktop` + +For step-by-step guides related to Ubuntu Pro, use: + +* :doc:`./build-pro-ami-using-packer` +* :doc:`./deploy-ubuntu-pro-cluster` +* :doc:`./deploy-charmed-kubernetes-on-ubuntu-pro` + +Finally, if you want to use UEFI Secure Boot or enable GPUs on EKS worker nodes, use: + +* :doc:`./use-secureboot-and-vtpm` +* :doc:`./enable-gpus-on-eks` .. toctree:: + :hidden: :maxdepth: 1 - find-ubuntu-images + find-ubuntu-images + upgrade-from-focal-to-jammy + build-cloudformation-templates + automatically-update-ubuntu-instances launch-ubuntu-desktop + build-pro-ami-using-packer - deploy-ubuntu-pro-cluster + deploy-ubuntu-pro-cluster deploy-charmed-kubernetes-on-ubuntu-pro - secureboot-and-vtpm - build-cloudformation-templates - upgrade-from-focal-to-jammy - eks-gpu-enablement \ No newline at end of file + + use-secureboot-and-vtpm + enable-gpus-on-eks \ No newline at end of file diff --git a/aws/aws-how-to/secureboot-and-vtpm.rst b/aws/aws-how-to/use-secureboot-and-vtpm.rst similarity index 100% rename from aws/aws-how-to/secureboot-and-vtpm.rst rename to aws/aws-how-to/use-secureboot-and-vtpm.rst diff --git a/google/google-how-to/index.rst b/google/google-how-to/index.rst index dce01b5c..85fca01f 100644 --- a/google/google-how-to/index.rst +++ b/google/google-how-to/index.rst @@ -28,9 +28,11 @@ Finally, if you are creating a customised docker container use: create-different-instance-types upgrade-from-focal-to-jammy launch-ubuntu-desktop + upgrade-in-place-from-lts-to-pro enable-pro-features build-ubuntu-pro-golden-image deploy-kubernetes-with-ubuntu-pro + create-customised-docker-container \ No newline at end of file