System Center 2012 R2 Orchestrator – Software Updates a Single Node or Machine Runbook


Time for an update on what I have been doing lately. I have been busy with some Orchestrator runbooks creation including participating in defining a framework to allow the Orchestrator runbook to be managed easily in a single pane of glass view, revision management, ensuring portability across multiple environment, encouraging future development of runbooks to be polymorphism and improve reusability.

I have recently posted on TechNet with an example of a runbook that seamlessly automate Software Updates process incorporating with System Center Integration Pack for Configuration Manager (SCCM) and System Center Integration Pack for Operations Manager (SCOM).

Download Link – https://gallery.technet.microsoft.com/Software-Updates-on-a-3792417f

This Orchestrator Runbook posted in TechNet Gallery demostrates the use of the following System Center 2012 Integration Packs to automate Software Updates seamlessly by applying the following 8 runbook sub-activities below;

  1. Create Software Updates Collection
  2. Deploy Software Updates
  3. Add Machine To Software Updates Collection
  4. Apply Software Updates
  5. Enter Maintenance Mode
  6. Reboot Machine
  7. Exit Maintenance Mode
  8. Remove Software Updates Collection

After importing the OIS_Export file and configured your Orchestrator Runbook for your environment, please kindly invoke the runbook to perform automated Software Updates on a Test Machine in Development or UAT environment prior using it on Production Environment. User Discretion in Production Environment is advised.

Environment Prerequisite Requirement

  • Has a Server with System Center 2012 R2 Configuration Manager
  • Has a Server with System Center 2012 R2 Operation Manager
  • Has a Server with System Center 2012 R2 Orchestrator

Integration Pack Installation Prerequisite on Orchestrator Runbook Server

  • System Center 2012 Integration Pack for System Center 2012 R2 Configuration Manager
  • System Center 2012 Integration Pack for System Center 2012 R2 Operations Manager

If you don’t have the following System Center 2012 R2 Integration Pack on your Orchestrator Runbook Server, download it from System Center 2012 R2 – Orchestrator Component Add-ons and Extensions and install them on your Orchestrator Runbook Server. For more information of the Integration Pack, please kindly refer to the Integration Pack Guide.

Pre-Implementation Tasks

1. Configure the Global Variables;
1.1. Input the Orchestrator Service Account’s Password into Credential Password variable
1.2. Input the Orchestrator Service Account in Credential User Name variable
1.3. Input the Software Updates Demployment Template from SCCM (Eg. Patch Tuesday) into Deployment Template variable
1.4. Input Domain Name into Fully Qualified Domain Name variable
1 - Software Updates - Single Node - Global Settings - Variables

2. Configure the System Center 2012 R2 Configuration Manager Connection on the System Center Integration Pack for Configuration Manager
System Center 2012 R2 Configuration Manager - Connection Settings

3. Configure the System Center 2012 R2 Operations Manager Connection on the System Center Integration Pack for Operations Manager
System Center 2012 R2 Operations Manager - Connection Settings

 

Understanding how this “Software Updates on a Single Node” Runbook is constructed

“1 – Software Updates – Single Node” runbook is the Main Runbook that will call the each independent child runbook activities making the child runbook activity reusable for other runbooks.
1 - Software Updates - Single Node

“1.1 – Create Software Updates Collection” runbook will receive the variable from the Initialize Data from the Parent runbook and pass on the variable to initialize the collection creation on SCCM 2012 R2 and return back to the Parent runbook. The Create Collection icon is part of the System Center 2012 R2 Intergration Pack for Configuration Manager.
1.1 - Create Software Updates Collection

“1.2 – Deploy Software Updates” runbook utilises the information obtained from Parent runbook and initialize the Software Deployment on the SCCM 2012 R2 to the collection. Once the deployment has completed, the Powershell scripts will attempt to obtain the raw Deployment ID data, trim the Deployment ID and return the Deployment ID value to the Parent runbook.
1.2 - Deploy Software Updates

Below is the PowerShell script for “Get Deployment ID” activity where the PowerShell script gets its “CollectionName” Opalis Published Data from the previous “Deploy Software Update” activity.

#############################################
#Author: Ryen Tang
#Date: 07/08/2015
#Description: Get Software Update Deployment ID
#############################################

$VAR = PowerShell {

    Import-Module $env:SMS_ADMIN_UI_PATH.Replace("\bin\i386","\bin\configurationmanager.psd1")

    CD "$(Get-PSDrive -PSProvider CMSite):"

    New-Object PSCustomObject -Property @{

            deploymentId = (Get-CMDeployment `
                -CollectionName '{Deployment Name from "Deploy Software Update"}').DeploymentID | `
                Out-String ;
        
        } ;

} ;

$deploymentId = $VAR.deploymentId
$site = $VAR.site

 
Below is the PowerShell script for “Trim Deployment ID” activity where the PowerShell script gets its “Deployment ID” Opalis Published Data from the previous “Get Deployment ID” activity and trim first and last character of the string.

#############################################
#Author: Ryen Tang
#Date: 07/08/2015
#Description: Trim Software Update Deployment ID
#############################################

[String] $String = '{Deployment ID from "Get Deployment ID"}'

$Split = $String.Split('=')
$deploymentIDTrim = $Split[0].Substring(1, $Split[0].Length - 4)

 

“1.3 – Add Machine To Software Updates Collection” runbook obtains the Machine Name/Computer Hostname target from Parent runbook and utilise the Add Collection Rule icon from SCCM 2012 R2 Integration Pack to join the target to the collection group.
1.3 - Add Machine To Software Updates Collection

“1.4 – Apply Software Updates” runbook will initialize s refresh of machine policy on the target. Once the target machine policy has been refreshed, the runbook will constantly utilise WMI to check for policy in a loop to ensure that the policy has been applied on the target. When the target has the policy confirmed, the runbook will constantly poll on the update installation state using WMI.
1.4 - Apply Software Updates

“1.5 – Enter Maintenance Mode” runbook will proceed on putting the target on maintenance mode in SCOM 2012 R2 using the Start Maintenance Mode icon from the System Center 2012 R2 Integration Pack for Operations Manager.
1.5 - Enter Maintenance Mode

“1.6 – Reboot Machine” runbook will begin to restart the target system and will poll the target system using ICMP constantly until it receive an ICMP failure to acknowledge the system shutdown. The next activity is to Wait for Post Boot where it will poll the target system using ICMP constantly until it receive an ICMP success to acknowledge the system boot up status.
1.6 - Reboot Machine

“1.7 – Exit Maintenance Mode” runbook is to set the target computer out of maintenance mode in the SCOM 2012 R2 using the Stop Maintenance Mode icon from the System Center 2012 R2 Integration Pack for Operations Manager.
1.7 - Exit Maintenance Mode

“1.8 – Remove Software Updates Collection” runbook ensures that the created temporary collection is deleted from SCCM 2012 R2 using the Delete Collection icon from System Center 2012 R2 Integration Pack for Configuration Manager.
1.8 - Remove Software Updates Collection

DEMO SCREENSHOT
Below is the screenshot of running the 1 – Software Updates – Single Node runbook with User’s inputs.
Launch Software Updates - Single Node Runbook from System Center 2012 R2 Orchestrator Web Console

Below is the progress of those activities from the User’s Input above;
1 - Software Updates - Single Node - Activity Progress

Below is the SCCM Console behaviour from the activity above where you can observe that a seperate independent device collection group has been created with a timestamp and has been attached with the Software Updates group that contains the approved updates.
1 - Software Updates - Single Node - Activity Progress 2

Advertisements

4 thoughts on “System Center 2012 R2 Orchestrator – Software Updates a Single Node or Machine Runbook

  1. Hi Rye,

    I tried to implement your runbook, but everytime it runs the powershell script can’t trim the Deployment ID, it seems like it can’t even get the variable and it fail by saying Exception calling “Substring” with “2” argument(s): “startIndex cannot be larger than length of string.
    Parameter name: startIndex”. Do you have any ideas what could it be.

    Like

    • Use the Get-CMDeployment -CollectionName to find out if you have more than 1 deployment configured to that Collection. Chances are that you have more that 1 deployments to that Collection and the “Get Deployment ID” activity in the Runbook is returning an array object of all the deployments. In such a scenario, you will need to improve the script in the “Get Deployment ID” activity to only obtain the patching Deployment ID string to pass it to the next “Trim Deployment ID” activity in the runbook.

      Like

  2. Hi Rye,
    Thanks for your prompt reply. However, after further testing the Get Deployment ID step is not working. Somehow it is successful but no data is published for the trim step. Not sure what it could be as this moment in time. I run the script on the ConfigMgr to see if I could get the data and it was successfully achieved. But when running it from SCORCH it just does not work. Any ideas will be really appreciated.
    John

    Like

    • Hi John,

      Can you try running the script from the SCORCH Runbook Server and the SCORCH Server that has the Runbook Designer instead of the SCCM Server?

      This is to verify that your SCORCH servers can run that script with no error. If the SCORCH servers cannot execute the script through the Invoke-Command remotely to the SCCM Server’s WinRM service, you will have to check the network and WinRM configuration on the SCCM Server.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s