We recently had a bad experience with automatic security updates. Our application is hosted in the AWS environment, and our instances are auto-scaled based on usage. We unexpectedly encountered a production problem, and after more investigation, we discovered that newly scaled instances were to blame. Further investigation revealed that it was caused by a security upgrade that took place just before the start of the instance. We made the decision to halt the security batch update until the code was fixed because it is a production environment.
Any user space security upgrades that are
rated critical or vital are installed during the initial boot of the Amazon
Linux AMI from the package repositories before services like SSH begin.
The methods we took to halt the security
update at the initial boot are listed below.
Step 1: SSH to the EC2 and change the root
user.
Step 2: Open the cloud.cfg file to update
vi /etc/cloud/cloud.cfg
Step 3: Change the repo_upgrade property;
by default, it will be
repo_upgrade: security Change it to repo_upgrade: none.
Step 4: Roll back the problematic update
yum update
undo <<transaction id>>
Step 5: Create an AMI using this instance.
Step 6: Update the launch template using
the created AMI.
Step 6: Update the auto scalling group to
use the most recent version of the launch template.
The following URL was helpful for us to
achieve this:
No comments:
Post a Comment