OS Patch Management feature - reports important security updates available for instances after running patch job
I have set up 3 CentOS 7 VMs to test out the OS patch management feature that is now available in GCP. I deployed the patch manager agent and the Patch Management console reports all 3 VMs have "Important / security updates available". I then scheduled a Patch deployment job for CentOS and it ran on all 3 machines.
When I check the logs, I can see that the task began at the scheduled time and reports "No packages to update".
An hour later, the dashboard still reports: "Important / security updates available".
I have rebooted the VMs and the dashboard still has not changed and it shows 100% of the VMs requiring patching.
While I suspect that there really IS no security update available, I am not sure how we can trust the dashboard. Further, there are no hyperlinks available for more information about what these important/security updates are so how would you even know what fixes were going to be applied if there were any?
I was able to reproduce this error in my own project.
I created a VM Instance with CentOS 7, then I created a new patch development, It is worth mentioning that I used 'Minimal and Security updates’ on the Patch Config menu:
Then I received the same message:
But I was able to fix it.
I have found the following documentation: What is included in an OS patch job?
Where it is mentioned that:
For Red Hat Enterprise Linux and Centos operating systems, you can apply all or select from the following updates:
- System updates
- Security updates
So I created another patch development, but in this case, I didn’t select the ‘Minimal and Security updates’ I just kept it blank, in this way its select the default value, and it applies all the updates instead of only the minimal and security updates.
And it worked.
- How to transfer Google Cloud project ownership?
- Im creating a VM using terraform code in GCP. I would like to inject a script that runs when the vm is created upon startup
- Can we use cron job to start the Compute engine at particular time?
- Error "Could not find 'java' executable in JAVA_HOME or PATH" while installing sonar-scanner with sonarqube google compute instance
- Google Cloud Console "loading" forever
- How to enable logs from GCP instances to Google logs exporter?
- schedule autoscaler in terraform for GCP?
- Check TPU workload/utilization
- Programmatically get current Service Account on GCP
- How to SSH to docker container in kubernetes cluster?
- Are GCP default firewall-rules a security-concern?
- Google Cloud platform performance: how many users
- Google Cloud Compute Engine refusing connections despite firewall rule
- Google Compute Engine and ADC Application Default Credentials
- Is there float32 precision on Google TPU?
- Download Directory from Google Cloud Compute Engine
- GCloud: Creating instance template with docker container and GPU
- Google GCE Container OS docker.io URL format
- How to connect to GCP VM instance with password using SSH?
- Rsync to Google Compute engine Instance from Jenkins
- Issue with gcloud compute reset-windows-password using service account in Google Cloud
- The resource 'projects/<my project>' was not found" error when trying to get list of running instances
- GCP Committed Usage Discount(CUD) Utilization REST API
- Managed Instance Group in Google Cloud stuck in failed state after deletion attempt
- How to automatically exit/stop the running instance
- What is the difference between Google App Engine and Google Compute Engine?
- GCP VM Auto Stop and Start setup using GCP Instance schedule
- Memory reduction Tensorflow TPU v2/v3 bfloat16
- How to use Google Cloud Shell with the new Windows Terminal
- setting up global gcp vm