Ubuntu Pro 22.04に対してSSM Patch Managerでパッチ適用できるか確認してみた
Ubuntu ProだとSSM Patch Managerでパッチ適用できないなんてことはないよね?
こんにちは、のんピ(@non____97)です。
皆さんはUbuntu ProだとSSM Patch Managerでパッチ適用できないなんてことはないよね?と気になったことはありますか? 私はあります。
AWSではUbuntu ProのEC2インスタンスを簡単に起動できます。
2024/2/1時点のSSM Patch ManagerがサポートしているLinux OSは以下のとおりです。
抜粋 : Patch Manager でサポートされているオペレーティングシステム
Ubuntu Server 14.04 LTS、16.04 LTS、18.04 LTS、20.04 LTS、20.10 STR、および 22.04 LTS
と記載があります。ではUbuntu Pro Server 22.04 LTS
ではどうなのかが無性に気になってきました。
「多分できるだろう」で本番導入して、後からパッチ適用できないことが判明すると目も当てられません。
実際に試してみます。
いきなりまとめ
- Ubuntu ProでもSSM Patch Managerでパッチ適用できる
- Ubuntu ProにもSSM AgentやEICがプリインストールされている
- 大元のUbuntuのバージョンでサポートしていることが前提
やってみた
AMIの確認
EC2のコンソールからAMIを確認します。
Ubuntu ProのAMIはクイックスタートから確認できます。
最新のAMIから起動すると適用するパッチが少なさそうです。
Ubuntu ProのAMI一覧から少し古いAMIを選択します。
ami-076fbba6848d7149e
ubuntu-pro-server/images/hvm-ssd/ubuntu-jammy-22.04-amd64-pro-server-20230921
その他の設定変更はAmazonSSMManagedInstanceCore
がアタッチされたIAMロールのインスタンスプロファイルを変更した程度です。
EC2インスタンスへの接続
SSMセッションマネージャーで接続してみます。
すると、問題なく接続できました。
$ cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.3 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.3 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
$ snap list
Name Version Rev Tracking Publisher Notes
amazon-ssm-agent 3.2.2143.0 7804 latest/stable/… aws✓ classic
canonical-livepatch 10.7.0 246 latest/stable canonical✓ -
core 16-2.60.4 16202 latest/stable canonical✓ core
core18 20230703 2790 latest/stable canonical✓ base
core20 20230801 2015 latest/stable canonical✓ base
lxd 5.0.2-838e1b2 24322 5.0/stable/… canonical✓ -
snapd 2.60.3 20092 latest/stable canonical✓ snapd
SSM Agentがデフォルトでインストールされていました。
EC2 Instance Connect(以降EIC)でも接続してみましょう。EICはUbuntu 20.04以降でプリインストールされています。
EC2 Instance Connect には以下の AMI がプリインストールされています。
- AL2023
- Amazon Linux 2 2.0.20190618 以降
- Ubuntu 20.04 以降
EC2 インスタンスでの EC2 Instance Connect のインストール - Amazon Elastic Compute Cloud
実際に確認してみると、確かにEICがインストールされています。
$ apt list --installed | grep ec2-instance-connect
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
ec2-instance-connect/jammy-updates,now 1.1.14-0ubuntu1.1 all [installed]
EICでの接続も問題なくできました。
SSM Patch Managerを使ったパッチ適用
SSM Patch Managerを使ったパッチ適用を行います。
Ubuntuのデフォルトのパッチベースラインは以下のとおりです。
セキュリティ以外のアップデートは適用しないようです。
適用できるアップデート107個のうち、セキュリティのアップデートは60個のようです。
$ apt list --upgradable | wc -l
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
107
$ apt list --upgradable | grep security | wc -l
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
60
有効なリポジトリ一覧は以下のとおりです。18件あります。
$ apt-cache policy
Package files:
100 /var/lib/dpkg/status
release a=now
500 https://esm.ubuntu.com/infra/ubuntu jammy-infra-updates/main amd64 Packages
release v=22.04,o=UbuntuESM,a=jammy-infra-updates,n=jammy,l=UbuntuESM,c=main,b=amd64
origin esm.ubuntu.com
500 https://esm.ubuntu.com/infra/ubuntu jammy-infra-security/main amd64 Packages
release v=22.04,o=UbuntuESM,a=jammy-infra-security,n=jammy,l=UbuntuESM,c=main,b=amd64
origin esm.ubuntu.com
500 https://esm.ubuntu.com/apps/ubuntu jammy-apps-updates/main amd64 Packages
release v=22.04,o=UbuntuESMApps,a=jammy-apps-updates,n=jammy,l=UbuntuESMApps,c=main,b=amd64
origin esm.ubuntu.com
500 https://esm.ubuntu.com/apps/ubuntu jammy-apps-security/main amd64 Packages
release v=22.04,o=UbuntuESMApps,a=jammy-apps-security,n=jammy,l=UbuntuESMApps,c=main,b=amd64
origin esm.ubuntu.com
500 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 Packages
release v=22.04,o=Ubuntu,a=jammy-security,n=jammy,l=Ubuntu,c=multiverse,b=amd64
origin security.ubuntu.com
500 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages
release v=22.04,o=Ubuntu,a=jammy-security,n=jammy,l=Ubuntu,c=universe,b=amd64
origin security.ubuntu.com
500 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages
release v=22.04,o=Ubuntu,a=jammy-security,n=jammy,l=Ubuntu,c=restricted,b=amd64
origin security.ubuntu.com
500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages
release v=22.04,o=Ubuntu,a=jammy-security,n=jammy,l=Ubuntu,c=main,b=amd64
origin security.ubuntu.com
100 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/universe amd64 Packages
release v=22.04,o=Ubuntu,a=jammy-backports,n=jammy,l=Ubuntu,c=universe,b=amd64
origin us-east-1.ec2.archive.ubuntu.com
100 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports/main amd64 Packages
release v=22.04,o=Ubuntu,a=jammy-backports,n=jammy,l=Ubuntu,c=main,b=amd64
origin us-east-1.ec2.archive.ubuntu.com
500 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 Packages
release v=22.04,o=Ubuntu,a=jammy-updates,n=jammy,l=Ubuntu,c=multiverse,b=amd64
origin us-east-1.ec2.archive.ubuntu.com
500 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages
release v=22.04,o=Ubuntu,a=jammy-updates,n=jammy,l=Ubuntu,c=universe,b=amd64
origin us-east-1.ec2.archive.ubuntu.com
500 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 Packages
release v=22.04,o=Ubuntu,a=jammy-updates,n=jammy,l=Ubuntu,c=restricted,b=amd64
origin us-east-1.ec2.archive.ubuntu.com
500 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
release v=22.04,o=Ubuntu,a=jammy-updates,n=jammy,l=Ubuntu,c=main,b=amd64
origin us-east-1.ec2.archive.ubuntu.com
500 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/multiverse amd64 Packages
release v=22.04,o=Ubuntu,a=jammy,n=jammy,l=Ubuntu,c=multiverse,b=amd64
origin us-east-1.ec2.archive.ubuntu.com
500 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/universe amd64 Packages
release v=22.04,o=Ubuntu,a=jammy,n=jammy,l=Ubuntu,c=universe,b=amd64
origin us-east-1.ec2.archive.ubuntu.com
500 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/restricted amd64 Packages
release v=22.04,o=Ubuntu,a=jammy,n=jammy,l=Ubuntu,c=restricted,b=amd64
origin us-east-1.ec2.archive.ubuntu.com
500 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
release v=22.04,o=Ubuntu,a=jammy,n=jammy,l=Ubuntu,c=main,b=amd64
origin us-east-1.ec2.archive.ubuntu.com
Pinned packages:
一方、通常のUbuntu 22.04 LTS(ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20231207
)で有効なリポジトリ一覧は以下のとおりです。6件とUbuntu Proと比べて少ないことが分かります。
$ apt-cache policy
Package files:
100 /var/lib/dpkg/status
release a=now
500 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages
release v=22.04,o=Ubuntu,a=jammy-security,n=jammy,l=Ubuntu,c=restricted,b=amd64
origin security.ubuntu.com
500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages
release v=22.04,o=Ubuntu,a=jammy-security,n=jammy,l=Ubuntu,c=main,b=amd64
origin security.ubuntu.com
500 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 Packages
release v=22.04,o=Ubuntu,a=jammy-updates,n=jammy,l=Ubuntu,c=restricted,b=amd64
origin us-east-1.ec2.archive.ubuntu.com
500 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
release v=22.04,o=Ubuntu,a=jammy-updates,n=jammy,l=Ubuntu,c=main,b=amd64
origin us-east-1.ec2.archive.ubuntu.com
500 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/restricted amd64 Packages
release v=22.04,o=Ubuntu,a=jammy,n=jammy,l=Ubuntu,c=restricted,b=amd64
origin us-east-1.ec2.archive.ubuntu.com
500 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy/main amd64 Packages
release v=22.04,o=Ubuntu,a=jammy,n=jammy,l=Ubuntu,c=main,b=amd64
origin us-east-1.ec2.archive.ubuntu.com
Pinned packages:
それでは手動でパッチを適用します。
実行開始して10分ほどでパッチ適用が完了しました。成功したようです。
裏で動いているSSM Run Commandの実行結果を確認すると、いずれも成功になっていました。
パッチ適用実行時に指定したS3バケットを確認するとAWS-PatchNow/SSM Run Commandの実行ID/対象EC2インスタンスID/awsrunShellScript/PatchLinux/
にstdout
というオブジェクトが出力されていました。
内容は以下のとおりです。
/usr/bin/python3
/usr/bin/apt-get
Reading package lists...
Building dependency tree...
Reading state information...
python3-apt is already the newest version (2.4.0ubuntu2).
python3-apt set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 106 not upgraded.
Using python binary: 'python3'
Using Python Version: Python 3.10.12
02/01/2024 07:26:09 root [INFO]: Downloading payload from https://s3.us-east-1.amazonaws.com/aws-ssm-us-east-1/patchbaselineoperations/linux/payloads/patch-baseline-operations-1.115.tar.gz
02/01/2024 07:26:09 root [INFO]: Attempting to import entrance file os_selector
02/01/2024 07:26:10 root [INFO]: Running with snapshot id = and operation = Install
02/01/2024 07:26:10 root [INFO]: Instance Id: i-0912989a55a6d11da
02/01/2024 07:26:10 root [INFO]: Region: us-east-1
02/01/2024 07:26:10 root [INFO]: Product: Ubuntu22.04
02/01/2024 07:26:10 root [INFO]: Patch Group:
02/01/2024 07:26:10 root [INFO]: Operation type: Install
02/01/2024 07:26:10 root [INFO]: Snapshot Id: cbd26a4d-ad8e-4d2b-9f40-b30946b1e0a2
02/01/2024 07:26:10 root [INFO]: Patch Baseline: {'accountId': '075727635805', 'baselineId': 'pb-0c7e89f711c3095f4', 'name': 'AWS-UbuntuDefaultPatchBaseline', 'globalFilters': {'filters': [{'key': 'PRODUCT', 'values': ['*']}]}, 'approvalRules': {'rules': [{'filterGroup': {'filters': [{'key': 'PRIORITY', 'values': ['Required', 'Important', 'Standard', 'Optional', 'Extra']}]}, 'complianceLevel': 'UNSPECIFIED', 'enableNonSecurity': False, 'approveAfterDays': 7, 'approveUntilDate': None}]}, 'approvedPatches': [], 'approvedPatchesComplianceLevel': 'UNSPECIFIED', 'approvedPatchesEnableNonSecurity': False, 'rejectedPatches': [], 'rejectedPatchesAction': 'ALLOW_AS_DEPENDENCY', 'createdTime': 1525194800.068, 'modifiedTime': 1525194800.068, 'description': 'Default Patch Baseline for Ubuntu Provided by AWS.', 'operatingSystem': 'UBUNTU', 'sources': []}
02/01/2024 07:26:10 root [INFO]: Reboot Option: RebootIfNeeded
02/01/2024 07:26:10 root [INFO]: Checking if it is a Patch Policy execution.
02/01/2024 07:26:10 root [INFO]: This execution has been identified as a Patch Classic execution.
02/01/2024 07:26:11 root [WARNING]: Unable to locate yum, code: 1.
02/01/2024 07:26:11 root [INFO]: Loading patch snapshot from snapshot.json
02/01/2024 07:26:11 root [INFO]: {'patchBaseline': {'accountId': '075727635805', 'baselineId': 'pb-0c7e89f711c3095f4', 'name': 'AWS-UbuntuDefaultPatchBaseline', 'globalFilters': {'filters': [{'key': 'PRODUCT', 'values': ['*']}]}, 'approvalRules': {'rules': [{'filterGroup': {'filters': [{'key': 'PRIORITY', 'values': ['Required', 'Important', 'Standard', 'Optional', 'Extra']}]}, 'complianceLevel': 'UNSPECIFIED', 'enableNonSecurity': False, 'approveAfterDays': 7, 'approveUntilDate': None}]}, 'approvedPatches': [], 'approvedPatchesComplianceLevel': 'UNSPECIFIED', 'approvedPatchesEnableNonSecurity': False, 'rejectedPatches': [], 'rejectedPatchesAction': 'ALLOW_AS_DEPENDENCY', 'createdTime': 1525194800.068, 'modifiedTime': 1525194800.068, 'description': 'Default Patch Baseline for Ubuntu Provided by AWS.', 'operatingSystem': 'UBUNTU', 'sources': []}, 'product': 'Ubuntu22.04', 'patchGroup': '', 'instanceId': 'i-0912989a55a6d11da', 'region': 'us-east-1', 'operation': 'Install', 'snapshotId': 'cbd26a4d-ad8e-4d2b-9f40-b30946b1e0a2', 'installOverrideList': '', 'baselineOverride': '', 'rebootOption': 'RebootIfNeeded', 'associationId': '', 'patchPolicy': False}
02/01/2024 07:26:11 root [INFO]: Starting APT patching operation.
02/01/2024 07:26:11 root [INFO]: Loading patch snapshot from <patch_apt.patch_snapshot.PatchSnapshot object at 0x7f2b2ec74850>
02/01/2024 07:26:12 root [INFO]: Re-synchronizing the package index files from their sources.
Hit http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit https://esm.ubuntu.com/apps/ubuntu jammy-apps-security InRelease
Hit https://esm.ubuntu.com/apps/ubuntu jammy-apps-updates InRelease
Hit https://esm.ubuntu.com/infra/ubuntu jammy-infra-security InRelease
Hit https://esm.ubuntu.com/infra/ubuntu jammy-infra-updates InRelease
Fetched 0 B in 0s (0 B/s)
02/01/2024 07:26:50 root [INFO]: Installed count: 89 Installed other count: 451 Installed rejected count: 0 Missing count: 0 Not Applicable count: 16884 Failed count: 62
Hit http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit https://esm.ubuntu.com/apps/ubuntu jammy-apps-security InRelease
Hit https://esm.ubuntu.com/apps/ubuntu jammy-apps-updates InRelease
Hit https://esm.ubuntu.com/infra/ubuntu jammy-infra-security InRelease
Hit https://esm.ubuntu.com/infra/ubuntu jammy-infra-updates InRelease
Fetched 0 B in 0s (0 B/s)
02/01/2024 07:27:24 root [INFO]: After applying filters, missing count: 62 failed count: 0
02/01/2024 07:27:24 root [INFO]: (Before fix) Upgrading package binutils from 2.38-4ubuntu2.3 to 2.38-4ubuntu2.5 will do the following changes:
Install: N/A
Upgrade: binutils:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); binutils-common:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); binutils-x86-64-linux-gnu:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); libbinutils:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); libctf0:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5)
Delete: N/A
Broken packages: N/A
02/01/2024 07:27:25 root [INFO]: (Before fix) Upgrading package binutils-common from 2.38-4ubuntu2.3 to 2.38-4ubuntu2.5 will do the following changes:
Install: N/A
Upgrade: binutils:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); binutils-common:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); binutils-x86-64-linux-gnu:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); libbinutils:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); libctf0:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5)
Delete: N/A
Broken packages: N/A
.
.
(中略)
.
.
02/01/2024 07:28:43 root [INFO]: Package name: vim-tiny, arch: amd64, version: 2:8.2.3995-1ubuntu2.15, is to be updated.
02/01/2024 07:28:43 root [INFO]: (Final) Upgrading package vim-tiny from 2:8.2.3995-1ubuntu2.11 to 2:8.2.3995-1ubuntu2.15 will do the following changes:
Install: linux-aws-6.2-headers-6.2.0-1018:amd64(6.2.0-1018.18~22.04.1); linux-headers-6.2.0-1018-aws:amd64(6.2.0-1018.18~22.04.1); linux-image-6.2.0-1018-aws:amd64(6.2.0-1018.18~22.04.1); linux-modules-6.2.0-1018-aws:amd64(6.2.0-1018.18~22.04.1)
Upgrade: binutils:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); binutils-common:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); binutils-x86-64-linux-gnu:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); curl:amd64(7.81.0-1ubuntu1.13->7.81.0-1ubuntu1.15); grub-efi-amd64-bin:amd64(2.06-2ubuntu14.1->2.06-2ubuntu14.4); grub-efi-amd64-signed:amd64(1.187.3~22.04.1+2.06-2ubuntu14.1->1.187.6+2.06-2ubuntu14.4); hibagent:amd64(1.0.1-0ubuntu2.22.04.1->1.0.1-0ubuntu2.22.04.2); intel-microcode:amd64(3.20230808.0ubuntu0.22.04.1->3.20231114.0ubuntu0.22.04.1); libbinutils:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); libc-bin:amd64(2.35-0ubuntu3.3->2.35-0ubuntu3.6); libc6:amd64(2.35-0ubuntu3.3->2.35-0ubuntu3.6); libctf-nobfd0:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); libctf0:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); libcurl3-gnutls:amd64(7.81.0-1ubuntu1.13->7.81.0-1ubuntu1.15); libcurl4:amd64(7.81.0-1ubuntu1.13->7.81.0-1ubuntu1.15); libgnutls30:amd64(3.7.3-4ubuntu1.2->3.7.3-4ubuntu1.4); libgssapi-krb5-2:amd64(1.19.2-2ubuntu0.2->1.19.2-2ubuntu0.3); libk5crypto3:amd64(1.19.2-2ubuntu0.2->1.19.2-2ubuntu0.3); libkrb5-3:amd64(1.19.2-2ubuntu0.2->1.19.2-2ubuntu0.3); libkrb5support0:amd64(1.19.2-2ubuntu0.2->1.19.2-2ubuntu0.3); libldap-2.5-0:amd64(2.5.16+dfsg-0ubuntu0.22.04.1->2.5.16+dfsg-0ubuntu0.22.04.2); libldap-common:amd64(2.5.16+dfsg-0ubuntu0.22.04.1->2.5.16+dfsg-0ubuntu0.22.04.2); libnghttp2-14:amd64(1.43.0-1build3->1.43.0-1ubuntu0.1); libpam-modules:amd64(1.4.0-11ubuntu2.3->1.4.0-11ubuntu2.4); libpam-modules-bin:amd64(1.4.0-11ubuntu2.3->1.4.0-11ubuntu2.4); libpam-runtime:amd64(1.4.0-11ubuntu2.3->1.4.0-11ubuntu2.4); libpam0g:amd64(1.4.0-11ubuntu2.3->1.4.0-11ubuntu2.4); libperl5.34:amd64(5.34.0-3ubuntu1.2->5.34.0-3ubuntu1.3); libprocps8:amd64(2:3.3.17-6ubuntu2->2:3.3.17-6ubuntu2.1); libpython3.10:amd64(3.10.12-1~22.04.2->3.10.12-1~22.04.3); libpython3.10-minimal:amd64(3.10.12-1~22.04.2->3.10.12-1~22.04.3); libpython3.10-stdlib:amd64(3.10.12-1~22.04.2->3.10.12-1~22.04.3); libsqlite3-0:amd64(3.37.2-2ubuntu0.1->3.37.2-2ubuntu0.3); libssh-4:amd64(0.9.6-2ubuntu0.22.04.1->0.9.6-2ubuntu0.22.04.3); libssl3:amd64(3.0.2-0ubuntu1.10->3.0.2-0ubuntu1.12); libx11-6:amd64(2:1.7.5-1ubuntu0.2->2:1.7.5-1ubuntu0.3); libx11-data:amd64(2:1.7.5-1ubuntu0.2->2:1.7.5-1ubuntu0.3); linux-aws:amd64(6.2.0.1012.12~22.04.1->6.2.0.1018.18~22.04.1); linux-headers-aws:amd64(6.2.0.1012.12~22.04.1->6.2.0.1018.18~22.04.1); linux-image-aws:amd64(6.2.0.1012.12~22.04.1->6.2.0.1018.18~22.04.1); locales:amd64(2.35-0ubuntu3.3->2.35-0ubuntu3.6); open-vm-tools:amd64(2:12.1.5-3~ubuntu0.22.04.3->2:12.1.5-3~ubuntu0.22.04.4); openssh-client:amd64(1:8.9p1-3ubuntu0.4->1:8.9p1-3ubuntu0.6); openssh-server:amd64(1:8.9p1-3ubuntu0.4->1:8.9p1-3ubuntu0.6); openssh-sftp-server:amd64(1:8.9p1-3ubuntu0.4->1:8.9p1-3ubuntu0.6); openssl:amd64(3.0.2-0ubuntu1.10->3.0.2-0ubuntu1.12); perl:amd64(5.34.0-3ubuntu1.2->5.34.0-3ubuntu1.3); perl-base:amd64(5.34.0-3ubuntu1.2->5.34.0-3ubuntu1.3); perl-modules-5.34:amd64(5.34.0-3ubuntu1.2->5.34.0-3ubuntu1.3); procps:amd64(2:3.3.17-6ubuntu2->2:3.3.17-6ubuntu2.1); python3-cryptography:amd64(3.4.8-1ubuntu2->3.4.8-1ubuntu2.1); python3-jinja2:amd64(3.0.3-1->3.0.3-1ubuntu0.1); python3-twisted:amd64(22.1.0-2ubuntu2.3->22.1.0-2ubuntu2.4); python3-urllib3:amd64(1.26.5-1~exp1->1.26.5-1~exp1ubuntu0.1); python3.10:amd64(3.10.12-1~22.04.2->3.10.12-1~22.04.3); python3.10-minimal:amd64(3.10.12-1~22.04.2->3.10.12-1~22.04.3); tar:amd64(1.34+dfsg-1ubuntu0.1.22.04.1->1.34+dfsg-1ubuntu0.1.22.04.2); vim:amd64(2:8.2.3995-1ubuntu2.11->2:8.2.3995-1ubuntu2.15); vim-common:amd64(2:8.2.3995-1ubuntu2.11->2:8.2.3995-1ubuntu2.15); vim-runtime:amd64(2:8.2.3995-1ubuntu2.11->2:8.2.3995-1ubuntu2.15); vim-tiny:amd64(2:8.2.3995-1ubuntu2.11->2:8.2.3995-1ubuntu2.15)
Delete: N/A
Broken packages: N/A
02/01/2024 07:28:43 root [INFO]: Package name: vim, arch: amd64, version: 2:8.2.3995-1ubuntu2.15, is to be updated.
02/01/2024 07:28:44 root [INFO]: (Final) Upgrading package vim from 2:8.2.3995-1ubuntu2.11 to 2:8.2.3995-1ubuntu2.15 will do the following changes:
Install: linux-aws-6.2-headers-6.2.0-1018:amd64(6.2.0-1018.18~22.04.1); linux-headers-6.2.0-1018-aws:amd64(6.2.0-1018.18~22.04.1); linux-image-6.2.0-1018-aws:amd64(6.2.0-1018.18~22.04.1); linux-modules-6.2.0-1018-aws:amd64(6.2.0-1018.18~22.04.1)
Upgrade: binutils:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); binutils-common:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); binutils-x86-64-linux-gnu:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); curl:amd64(7.81.0-1ubuntu1.13->7.81.0-1ubuntu1.15); grub-efi-amd64-bin:amd64(2.06-2ubuntu14.1->2.06-2ubuntu14.4); grub-efi-amd64-signed:amd64(1.187.3~22.04.1+2.06-2ubuntu14.1->1.187.6+2.06-2ubuntu14.4); hibagent:amd64(1.0.1-0ubuntu2.22.04.1->1.0.1-0ubuntu2.22.04.2); intel-microcode:amd64(3.20230808.0ubuntu0.22.04.1->3.20231114.0ubuntu0.22.04.1); libbinutils:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); libc-bin:amd64(2.35-0ubuntu3.3->2.35-0ubuntu3.6); libc6:amd64(2.35-0ubuntu3.3->2.35-0ubuntu3.6); libctf-nobfd0:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); libctf0:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); libcurl3-gnutls:amd64(7.81.0-1ubuntu1.13->7.81.0-1ubuntu1.15); libcurl4:amd64(7.81.0-1ubuntu1.13->7.81.0-1ubuntu1.15); libgnutls30:amd64(3.7.3-4ubuntu1.2->3.7.3-4ubuntu1.4); libgssapi-krb5-2:amd64(1.19.2-2ubuntu0.2->1.19.2-2ubuntu0.3); libk5crypto3:amd64(1.19.2-2ubuntu0.2->1.19.2-2ubuntu0.3); libkrb5-3:amd64(1.19.2-2ubuntu0.2->1.19.2-2ubuntu0.3); libkrb5support0:amd64(1.19.2-2ubuntu0.2->1.19.2-2ubuntu0.3); libldap-2.5-0:amd64(2.5.16+dfsg-0ubuntu0.22.04.1->2.5.16+dfsg-0ubuntu0.22.04.2); libldap-common:amd64(2.5.16+dfsg-0ubuntu0.22.04.1->2.5.16+dfsg-0ubuntu0.22.04.2); libnghttp2-14:amd64(1.43.0-1build3->1.43.0-1ubuntu0.1); libpam-modules:amd64(1.4.0-11ubuntu2.3->1.4.0-11ubuntu2.4); libpam-modules-bin:amd64(1.4.0-11ubuntu2.3->1.4.0-11ubuntu2.4); libpam-runtime:amd64(1.4.0-11ubuntu2.3->1.4.0-11ubuntu2.4); libpam0g:amd64(1.4.0-11ubuntu2.3->1.4.0-11ubuntu2.4); libperl5.34:amd64(5.34.0-3ubuntu1.2->5.34.0-3ubuntu1.3); libprocps8:amd64(2:3.3.17-6ubuntu2->2:3.3.17-6ubuntu2.1); libpython3.10:amd64(3.10.12-1~22.04.2->3.10.12-1~22.04.3); libpython3.10-minimal:amd64(3.10.12-1~22.04.2->3.10.12-1~22.04.3); libpython3.10-stdlib:amd64(3.10.12-1~22.04.2->3.10.12-1~22.04.3); libsqlite3-0:amd64(3.37.2-2ubuntu0.1->3.37.2-2ubuntu0.3); libssh-4:amd64(0.9.6-2ubuntu0.22.04.1->0.9.6-2ubuntu0.22.04.3); libssl3:amd64(3.0.2-0ubuntu1.10->3.0.2-0ubuntu1.12); libx11-6:amd64(2:1.7.5-1ubuntu0.2->2:1.7.5-1ubuntu0.3); libx11-data:amd64(2:1.7.5-1ubuntu0.2->2:1.7.5-1ubuntu0.3); linux-aws:amd64(6.2.0.1012.12~22.04.1->6.2.0.1018.18~22.04.1); linux-headers-aws:amd64(6.2.0.1012.12~22.04.1->6.2.0.1018.18~22.04.1); linux-image-aws:amd64(6.2.0.1012.12~22.04.1->6.2.0.1018.18~22.04.1); locales:amd64(2.35-0ubuntu3.3->2.35-0ubuntu3.6); open-vm-tools:amd64(2:12.1.5-3~ubuntu0.22.04.3->2:12.1.5-3~ubuntu0.22.04.4); openssh-client:amd64(1:8.9p1-3ubuntu0.4->1:8.9p1-3ubuntu0.6); openssh-server:amd64(1:8.9p1-3ubuntu0.4->1:8.9p1-3ubuntu0.6); openssh-sftp-server:amd64(1:8.9p1-3ubuntu0.4->1:8.9p1-3ubuntu0.6); openssl:amd64(3.0.2-0ubuntu1.10->3.0.2-0ubuntu1.12); perl:amd64(5.34.0-3ubuntu1.2->5.34.0-3ubuntu1.3); perl-base:amd64(5.34.0-3ubuntu1.2->5.34.0-3ubuntu1.3); perl-modules-5.34:amd64(5.34.0-3ubuntu1.2->5.34.0-3ubuntu1.3); procps:amd64(2:3.3.17-6ubuntu2->2:3.3.17-6ubuntu2.1); python3-cryptography:amd64(3.4.8-1ubuntu2->3.4.8-1ubuntu2.1); python3-jinja2:amd64(3.0.3-1->3.0.3-1ubuntu0.1); python3-twisted:amd64(22.1.0-2ubuntu2.3->22.1.0-2ubuntu2.4); python3-urllib3:amd64(1.26.5-1~exp1->1.26.5-1~exp1ubuntu0.1); python3.10:amd64(3.10.12-1~22.04.2->3.10.12-1~22.04.3); python3.10-minimal:amd64(3.10.12-1~22.04.2->3.10.12-1~22.04.3); tar:amd64(1.34+dfsg-1ubuntu0.1.22.04.1->1.34+dfsg-1ubuntu0.1.22.04.2); vim:amd64(2:8.2.3995-1ubuntu2.11->2:8.2.3995-1ubuntu2.15); vim-common:amd64(2:8.2.3995-1ubuntu2.11->2:8.2.3995-1ubuntu2.15); vim-runtime:amd64(2:8.2.3995-1ubuntu2.11->2:8.2.3995-1ubuntu2.15); vim-tiny:amd64(2:8.2.3995-1ubuntu2.11->2:8.2.3995-1ubuntu2.15)
Delete: N/A
Broken packages: N/A
02/01/2024 07:28:44 root [INFO]: Package name: xxd, arch: amd64, version: 2:8.2.3995-1ubuntu2.15, is to be updated.
02/01/2024 07:28:44 root [INFO]: (Final) Upgrading package xxd from 2:8.2.3995-1ubuntu2.11 to 2:8.2.3995-1ubuntu2.15 will do the following changes:
Install: linux-aws-6.2-headers-6.2.0-1018:amd64(6.2.0-1018.18~22.04.1); linux-headers-6.2.0-1018-aws:amd64(6.2.0-1018.18~22.04.1); linux-image-6.2.0-1018-aws:amd64(6.2.0-1018.18~22.04.1); linux-modules-6.2.0-1018-aws:amd64(6.2.0-1018.18~22.04.1)
Upgrade: binutils:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); binutils-common:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); binutils-x86-64-linux-gnu:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); curl:amd64(7.81.0-1ubuntu1.13->7.81.0-1ubuntu1.15); grub-efi-amd64-bin:amd64(2.06-2ubuntu14.1->2.06-2ubuntu14.4); grub-efi-amd64-signed:amd64(1.187.3~22.04.1+2.06-2ubuntu14.1->1.187.6+2.06-2ubuntu14.4); hibagent:amd64(1.0.1-0ubuntu2.22.04.1->1.0.1-0ubuntu2.22.04.2); intel-microcode:amd64(3.20230808.0ubuntu0.22.04.1->3.20231114.0ubuntu0.22.04.1); libbinutils:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); libc-bin:amd64(2.35-0ubuntu3.3->2.35-0ubuntu3.6); libc6:amd64(2.35-0ubuntu3.3->2.35-0ubuntu3.6); libctf-nobfd0:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); libctf0:amd64(2.38-4ubuntu2.3->2.38-4ubuntu2.5); libcurl3-gnutls:amd64(7.81.0-1ubuntu1.13->7.81.0-1ubuntu1.15); libcurl4:amd64(7.81.0-1ubuntu1.13->7.81.0-1ubuntu1.15); libgnutls30:amd64(3.7.3-4ubuntu1.2->3.7.3-4ubuntu1.4); libgssapi-krb5-2:amd64(1.19.2-2ubuntu0.2->1.19.2-2ubuntu0.3); libk5crypto3:amd64(1.19.2-2ubuntu0.2->1.19.2-2ubuntu0.3); libkrb5-3:amd64(1.19.2-2ubuntu0.2->1.19.2-2ubuntu0.3); libkrb5support0:amd64(1.19.2-2ubuntu0.2->1.19.2-2ubuntu0.3); libldap-2.5-0:amd64(2.5.16+dfsg-0ubuntu0.22.04.1->2.5.16+dfsg-0ubuntu0.22.04.2); libldap-common:amd64(2.5.16+dfsg-0ubuntu0.22.04.1->2.5.16+dfsg-0ubuntu0.22.04.2); libnghttp2-14:amd64(1.43.0-1build3->1.43.0-1ubuntu0.1); libpam-modules:amd64(1.4.0-11ubuntu2.3->1.4.0-11ubuntu2.4); libpam-modules-bin:amd64(1.4.0-11ubuntu2.3->1.4.0-11ubuntu2.4); libpam-runtime:amd64(1.4.0-11ubuntu2.3->1.4.0-11ubuntu2.4); libpam0g:amd64(1.4.0-11ubuntu2.3->1.4.0-11ubuntu2.4); libperl5.34:amd64(5.34.0-3ubuntu1.2->5.34.0-3ubuntu1.3); libprocps8:amd64(2:3.3.17-6ubuntu2->2:3.3.17-6ubuntu2.1); libpython3.10:amd64(3.10.12-1~22.04.2->3.10.12-1~22.04.3); libpython3.10-minimal:amd64(3.10.12-1~22.04.2->3.10.12-1~22.04.3); libpython3.10-stdlib:amd64(3.10.12-1~22.04.2->3.10.12-1~22.04.3); libsqlite3-0:amd64(3.37.2-2ubuntu0.1->3.37.2-2ubuntu0.3); libssh-4:amd64(0.9.6-2ubuntu0.22.04.1->0.9.6-2ubuntu0.22.04.3); libssl3:amd64(3.0.2-0ubuntu1.10->3.0.2-0ubuntu1.12); libx11-6:amd64(2:1.7.5-1ubuntu0.2->2:1.7.5-1ubuntu0.3); libx11-data:amd64(2:1.7.5-1ubuntu0.2->2:1.7.5-1ubuntu0.3); linux-aws:amd64(6.2.0.1012.12~22.04.1->6.2.0.1018.18~22.04.1); linux-headers-aws:amd64(6.2.0.1012.12~22.04.1->6.2.0.1018.18~22.04.1); linux-image-aws:amd64(6.2.0.1012.12~22.04.1->6.2.0.1018.18~22.04.1); locales:amd64(2.35-0ubuntu3.3->2.35-0ubuntu3.6); open-vm-tools:amd64(2:12.1.5-3~ubuntu0.22.04.3->2:12.1.5-3~ubuntu0.22.04.4); openssh-client:amd64(1:8.9p1-3ubuntu0.4->1:8.9p1-3ubuntu0.6); openssh-server:amd64(1:8.9p1-3ubuntu0.4->1:8.9p1-3ubuntu0.6); openssh-sftp-server:amd64(1:8.9p1-3ubuntu0.4->1:8.9p1-3ubuntu0.6); openssl:amd64(3.0.2-0ubuntu1.10->3.0.2-0ubuntu1.12); perl:amd64(5.34.0-3ubuntu1.2->5.34.0-3ubuntu1.3); perl-base:amd64(5.34.0-3ubuntu1.2->5.34.0-3ubuntu1.3); perl-modules-5.34:amd64(5.34.0-3ubuntu1.2->5.34.0-3ubuntu1.3); procps:amd64(2:3.3.17-6ubuntu2->2:3.3.17-6ubuntu2.1); python3-cryptography:amd64(3.4.8-1ubuntu2->3.4.8-1ubuntu2.1); python3-jinja2:amd64(3.0.3-1->3.0.3-1ubuntu0.1); python3-twisted:amd64(22.1.0-2ubuntu2.3->22.1.0-2ubuntu2.4); python3-urllib3:amd64(1.26.5-1~exp1->1.26.5-1~exp1ubuntu0.1); python3.10:amd64(3.10.12-1~22.04.2->3.10.12-1~22.04.3); python3.10-minimal:amd64(3.10.12-1~22.04.2->3.10.12-1~22.04.3); tar:amd64(1.34+dfsg-1ubuntu0.1.22.04.1->1.34+dfsg-1ubuntu0.1.22.04.2); vim:amd64(2:8.2.3995-1ubuntu2.11->2:8.2.3995-1ubuntu2.15); vim-common:amd64(2:8.2.3995-1ubuntu2.11->2:8.2.3995-1ubuntu2.15); vim-runtime:amd64(2:8.2.3995-1ubuntu2.11->2:8.2.3995-1ubuntu2.15); vim-tiny:amd64(2:8.2.3995-1ubuntu2.11->2:8.2.3995-1ubuntu2.15); xxd:amd64(2:8.2.3995-1ubuntu2.11->2:8.2.3995-1ubuntu2.15)
Delete: N/A
Broken packages: N/A
02/01/2024 07:28:44 root [INFO]: After adding upgrades to cache, missing count: 62 failed count: 0
02/01/2024 07:28:44 root [INFO]: Fetching archives for selected packages...
Get:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libperl5.34 amd64 5.34.0-3ubuntu1.3 [4820 kB]
Get:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 perl amd64 5.34.0-3ubuntu1.3 [232 kB]
Get:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 perl-base amd64 5.34.0-3ubuntu1.3 [1762 kB]
.
.
(中略)
.
.
Get:63 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 python3-jinja2 all 3.0.3-1ubuntu0.1 [108 kB]
Get:64 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 python3-twisted all 22.1.0-2ubuntu2.4 [2006 kB]
Get:65 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 python3-urllib3 all 1.26.5-1~exp1ubuntu0.1 [98.2 kB]
Get:66 http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates/main amd64 intel-microcode amd64 3.20231114.0ubuntu0.22.04.1 [6047 kB]
Fetched 115 MB in 0s (0 B/s)
02/01/2024 07:28:46 root [INFO]: Packages that will be upgraded: binutils-common:amd64 binutils-x86-64-linux-gnu:amd64 binutils:amd64 curl:amd64 grub-efi-amd64-bin:amd64 grub-efi-amd64-signed:amd64 hibagent:amd64 intel-microcode:amd64 libbinutils:amd64 libc-bin:amd64 libc6:amd64 libctf-nobfd0:amd64 libctf0:amd64 libcurl3-gnutls:amd64 libcurl4:amd64 libgnutls30:amd64 libgssapi-krb5-2:amd64 libk5crypto3:amd64 libkrb5-3:amd64 libkrb5support0:amd64 libldap-2.5-0:amd64 libldap-common:amd64 libnghttp2-14:amd64 libpam-modules-bin:amd64 libpam-modules:amd64 libpam-runtime:amd64 libpam0g:amd64 libperl5.34:amd64 libprocps8:amd64 libpython3.10-minimal:amd64 libpython3.10-stdlib:amd64 libpython3.10:amd64 libsqlite3-0:amd64 libssh-4:amd64 libssl3:amd64 libx11-6:amd64 libx11-data:amd64 linux-aws:amd64 linux-headers-aws:amd64 linux-image-aws:amd64 locales:amd64 open-vm-tools:amd64 openssh-client:amd64 openssh-server:amd64 openssh-sftp-server:amd64 openssl:amd64 perl-base:amd64 perl-modules-5.34:amd64 perl:amd64 procps:amd64 python3-cryptography:amd64 python3-jinja2:amd64 python3-twisted:amd64 python3-urllib3:amd64 python3.10-minimal:amd64 python3.10:amd64 tar:amd64 vim-common:amd64 vim-runtime:amd64 vim-tiny:amd64 vim:amd64 xxd:amd64
Preconfiguring packages ...
(Reading database ...
(Reading database ... 5%
(Reading database ... 10%
.
.
(中略)
.
.
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 64793 files and directories currently installed.)
Preparing to unpack .../00-locales_2.35-0ubuntu3.6_all.deb ...
Unpacking locales (2.35-0ubuntu3.6) over (2.35-0ubuntu3.3) ...
Preparing to unpack .../01-openssl_3.0.2-0ubuntu1.12_amd64.deb ...
Unpacking openssl (3.0.2-0ubuntu1.12) over (3.0.2-0ubuntu1.10) ...
.
.
(中略)
.
.
Preparing to unpack .../35-python3-urllib3_1.26.5-1~exp1ubuntu0.1_all.deb ...
Unpacking python3-urllib3 (1.26.5-1~exp1ubuntu0.1) over (1.26.5-1~exp1) ...
Preparing to unpack .../36-intel-microcode_3.20231114.0ubuntu0.22.04.1_amd64.deb ...
Unpacking intel-microcode (3.20231114.0ubuntu0.22.04.1) over (3.20230808.0ubuntu0.22.04.1) ...
Setting up linux-aws-6.2-headers-6.2.0-1018 (6.2.0-1018.18~22.04.1) ...
Setting up openssh-client (1:8.9p1-3ubuntu0.6) ...
Setting up intel-microcode (3.20231114.0ubuntu0.22.04.1) ...
update-initramfs: deferring update (trigger activated)
intel-microcode: microcode will be updated at next boot
Setting up libsqlite3-0:amd64 (3.37.2-2ubuntu0.3) ...
.
.
(中略)
.
.
Processing triggers for man-db (2.10.2-1) ...
Processing triggers for microcode-initrd (2build1) ...
Processing triggers for libc-bin (2.35-0ubuntu3.6) ...
Processing triggers for initramfs-tools (0.140ubuntu13.4) ...
update-initramfs: Generating /boot/initrd.img-6.2.0-1012-aws
Processing triggers for linux-image-6.2.0-1018-aws (6.2.0-1018.18~22.04.1) ...
/etc/kernel/postinst.d/initramfs-tools:
update-initramfs: Generating /boot/initrd.img-6.2.0-1018-aws
/etc/kernel/postinst.d/zz-update-grub:
Sourcing file `/etc/default/grub'
Sourcing file `/etc/default/grub.d/40-force-partuuid.cfg'
Sourcing file `/etc/default/grub.d/50-cloudimg-settings.cfg'
Sourcing file `/etc/default/grub.d/init-select.cfg'
Generating grub configuration file ...
GRUB_FORCE_PARTUUID is set, will attempt initrdless boot
Found linux image: /boot/vmlinuz-6.2.0-1018-aws
Found initrd image: /boot/microcode.cpio /boot/initrd.img-6.2.0-1018-aws
Found linux image: /boot/vmlinuz-6.2.0-1012-aws
Found initrd image: /boot/microcode.cpio /boot/initrd.img-6.2.0-1012-aws
Warning: os-prober will not be executed to detect other bootable partitions.
Systems on them will not be added to the GRUB boot configuration.
Check GRUB_DISABLE_OS_PROBER documentation entry.
done
NEEDRESTART-VER: 3.5
NEEDRESTART-KCUR: 6.2.0-1012-aws
NEEDRESTART-KEXP: 6.2.0-1018-aws
NEEDRESTART-KSTA: 3
NEEDRESTART-SVC: acpid.service
NEEDRESTART-SVC: chrony.service
NEEDRESTART-SVC: cron.service
NEEDRESTART-SVC: dbus.service
NEEDRESTART-SVC: getty@tty1.service
NEEDRESTART-SVC: irqbalance.service
NEEDRESTART-SVC: multipathd.service
NEEDRESTART-SVC: networkd-dispatcher.service
NEEDRESTART-SVC: packagekit.service
NEEDRESTART-SVC: polkit.service
NEEDRESTART-SVC: rsyslog.service
NEEDRESTART-SVC: serial-getty@ttyS0.service
NEEDRESTART-SVC: snap.amazon-ssm-agent.amazon-ssm-agent.service
NEEDRESTART-SVC: snapd.service
NEEDRESTART-SVC: systemd-journald.service
NEEDRESTART-SVC: systemd-logind.service
NEEDRESTART-SVC: systemd-manager
NEEDRESTART-SVC: systemd-networkd.service
NEEDRESTART-SVC: systemd-resolved.service
NEEDRESTART-SVC: systemd-udevd.service
NEEDRESTART-SVC: unattended-upgrades.service
NEEDRESTART-SVC: user@1000.service
02/01/2024 07:31:28 root [INFO]: All upgrades installed
02/01/2024 07:31:28 root [INFO]: Re-synchronizing the package index files from their sources.
Hit http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy InRelease
Hit http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit http://us-east-1.ec2.archive.ubuntu.com/ubuntu jammy-backports InRelease
Hit http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit https://esm.ubuntu.com/apps/ubuntu jammy-apps-security InRelease
Hit https://esm.ubuntu.com/apps/ubuntu jammy-apps-updates InRelease
Hit https://esm.ubuntu.com/infra/ubuntu jammy-infra-security InRelease
Hit https://esm.ubuntu.com/infra/ubuntu jammy-infra-updates InRelease
Fetched 0 B in 0s (0 B/s)
02/01/2024 07:32:04 root [INFO]: Installed count: 155 Installed other count: 451 Installed rejected count: 0 Missing count: 0 Not Applicable count: 16880 Failed count: 0
02/01/2024 07:32:05 root [INFO]: Patching operation completed. Exit code: 194
02/01/2024 07:32:05 root [INFO]:
Package compliance initialized with instance ID:i-0912989a55a6d11da,
baseline ID: pb-0c7e89f711c3095f4, snapshot ID: cbd26a4d-ad8e-4d2b-9f40-b30946b1e0a2, patch group: ,
start time: 2024-02-01 07:26:11.370076, end time: 2024-02-01 07:32:05.016166, upload NA compliance: False,
install override list path: , execution id: 441a78cc-233e-4c74-955d-9fafb8e8262f
02/01/2024 07:32:05 root [INFO]: Instance is Compliant
02/01/2024 07:32:05 root [INFO]: [{'BaselineId': 'pb-0c7e89f711c3095f4', 'PatchGroup': '', 'SnapshotId': 'cbd26a4d-ad8e-4d2b-9f40-b30946b1e0a2', 'ExecutionId': '441a78cc-233e-4c74-955d-9fafb8e8262f', 'InstalledCount': '155', 'InstalledOtherCount': '451', 'InstalledRejectedCount': '0', 'InstalledPendingRebootCount': '0', 'NotApplicableCount': '16880', 'MissingCount': '0', 'FailedCount': '0', 'CriticalNonCompliantCount': '0', 'SecurityNonCompliantCount': '0', 'OtherNonCompliantCount': '0', 'OperationType': 'Install', 'OperationStartTime': '2024-02-01T07:26:11Z', 'OperationEndTime': '2024-02-01T07:32:05Z', 'RebootOption': 'RebootIfNeeded'}]
02/01/2024 07:32:05 root [INFO]: Updating patch state configuration
02/01/2024 07:32:05 root [INFO]: Updating local configuration file
02/01/2024 07:32:05 root [INFO]: {'patchStates': {'amd64-microcode.amd64:3.20191218.1ubuntu2.2': {'id': 'amd64-microcode.amd64', 'installedTime': 1695262308.057799, 'state': 'Installed'}, 'bind9-dnsutils.amd64:1:9.18.12-0ubuntu0.22.04.3': {'id': 'bind9-dnsutils.amd64', 'installedTime': 1695262115.584823, 'state': 'Installed'}, 'bind9-host.amd64:1:9.18.12-0ubuntu0.22.04.3': {'id': 'bind9-host.amd64', 'installedTime': 1695262115.5648224, 'state': 'Installed'}, 'bind9-libs.amd64:1:9.18.12-0ubuntu0.22.04.3': {'id': 'bind9-libs.amd64', 'installedTime': 1695262115.540822, 'state': 'Installed'}, ..(中略).. 'xkb-data.amd64:2.33-1': {'id': 'xkb-data.amd64', 'installedTime': 1695262084.0841143, 'state': 'InstalledOther'}, 'xz-utils.amd64:5.2.5-2ubuntu1': {'id': 'xz-utils.amd64', 'installedTime': 1695262117.1648586, 'state': 'InstalledOther'}, 'zerofree.amd64:1.1.1-1build3': {'id': 'zerofree.amd64', 'installedTime': 1695262128.0971062, 'state': 'InstalledOther'}, 'zstd.amd64:1.4.8+dfsg-3build1': {'id': 'zstd.amd64', 'installedTime': 1695262114.8728068, 'state': 'InstalledOther'}}, 'lastNoRebootInstallOperationTime': 0}
02/01/2024 07:32:05 root [INFO]: Saving inventory to local configuration directory
02/01/2024 07:32:05 root [INFO]: Start to upload patch compliance.
02/01/2024 07:32:05 root [INFO]: Summary: {'TypeName': 'AWS:PatchSummary', 'SchemaVersion': '1.0', 'ContentHash': '36862fb20b10dadf035a953ce1a95e841dc3a805875f6caf5d37a3f679f332fe', 'CaptureTime': '2024-02-01T07:32:05Z', 'Content': [{'BaselineId': 'pb-0c7e89f711c3095f4', 'PatchGroup': '', 'SnapshotId': 'cbd26a4d-ad8e-4d2b-9f40-b30946b1e0a2', 'ExecutionId': '441a78cc-233e-4c74-955d-9fafb8e8262f', 'InstalledCount': '155', 'InstalledOtherCount': '451', 'InstalledRejectedCount': '0', 'InstalledPendingRebootCount': '0', 'NotApplicableCount': '16880', 'MissingCount': '0', 'FailedCount': '0', 'CriticalNonCompliantCount': '0', 'SecurityNonCompliantCount': '0', 'OtherNonCompliantCount': '0', 'OperationType': 'Install', 'OperationStartTime': '2024-02-01T07:26:11Z', 'OperationEndTime': '2024-02-01T07:32:05Z', 'RebootOption': 'RebootIfNeeded'}]}
02/01/2024 07:32:05 root [INFO]: Attempting full upload
02/01/2024 07:32:05 root [INFO]: Upload complete.
02/01/2024 07:32:05 root [INFO]: Report upload successful.
02/01/2024 07:32:05 root [INFO]: Inventory upload was successful.
02/01/2024 07:32:05 root [INFO]: Reboot is required with patching exit code 194
02/01/2024 07:32:05 root [INFO]: Inventory upload was successful.
02/01/2024 07:32:05 root [INFO]: Reboot is required with patching exit code 194
/usr/bin/python3
/usr/bin/apt-get
Reading package lists...
Building dependency tree...
Reading state information...
python3-apt is already the newest version (2.4.0ubuntu2).
0 upgraded, 0 newly installed, 0 to remove and 46 not upgraded.
Using python binary: 'python3'
Using Python Version: Python 3.10.12
02/01/2024 07:33:42 root [INFO]: Downloading payload from https://s3.us-east-1.amazonaws.com/aws-ssm-us-east-1/patchbaselineoperations/linux/payloads/patch-baseline-operations-1.115.tar.gz
ログの全体は1,500行ほどありました。どんなパッケージがアップデートされたかは分かりやすいです。
OS上で適用可能なアップデート件数を確認すると、セキュリティ関連のアップデートは全て適用されていました。パッチベースラインの指定どおりですね。
$ apt list --upgradable | wc -l
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
47
$ apt list --upgradable | grep security | wc -l
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
0
Ubuntu ProでもSSM Patch Managerでパッチ適用できる
Ubuntu ProでもSSM Patch Managerでパッチ適用できることを確認しました。
Ubuntu Pro固有のトラップは今のところ無いようです。安心して構築できそうです。
この記事が誰かの助けになれば幸いです。
以上、AWS事業本部 コンサルティング部の のんピ(@non____97)でした!