AzLocal.UpdateManagement

0.7.50

PowerShell module to manage Azure Local (formerly Azure Stack HCI) cluster updates using Azure Update Manager APIs. Provides functions to start updates, check update status, list available updates, and monitor update runs. Renamed from AzStackHci.ManageUpdates in v0.7.3 to align with the Azure Local product name.

Minimum PowerShell version

5.1

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name AzLocal.UpdateManagement

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name AzLocal.UpdateManagement

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

(c) Microsoft. All rights reserved.

Package Details

Author(s)

  • Neil Bird Microsoft

Tags

Azure AzureLocal AzureStackHCI Updates UpdateManager HCI Automation CICD Pipeline ServiceNow ITSM Incident

Functions

Connect-AzureLocalServicePrincipal Start-AzureLocalClusterUpdate Get-AzureLocalClusterUpdateReadiness Get-AzureLocalClusterInventory Get-AzureLocalClusterInfo Get-AzureLocalUpdateSummary Get-AzureLocalAvailableUpdates Get-AzureLocalUpdateRuns Set-AzureLocalClusterUpdateRingTag Invoke-AzureLocalFleetOperation Get-AzureLocalFleetProgress Test-AzureLocalFleetHealthGate Export-AzureLocalFleetState Resume-AzureLocalFleetUpdate Stop-AzureLocalFleetUpdate Test-AzureLocalClusterHealth Get-AzureLocalFleetStatusData New-AzureLocalFleetStatusHtmlReport Test-AzureLocalUpdateScheduleAllowed Reset-AzureLocalSideloadedTag Get-AzureLocalItsmConfig Test-AzureLocalItsmConnection New-AzureLocalIncident Copy-AzureLocalPipelineExample Copy-AzureLocalItsmSample

PSEditions

Desktop Core

Dependencies

This module has no dependencies.

Release Notes

## Version 0.7.50 - Pipelines install from PSGallery + Copy-AzureLocalPipelineExample gains -Update + new Copy-AzureLocalItsmSample

### Added
- Pipeline examples (5 GitHub Actions + 5 Azure DevOps YAMLs) now
 install AzLocal.UpdateManagement from PSGallery at runtime instead of
 importing a vendored copy. Default: install latest. Optional pin via
 REQUIRED_MODULE_VERSION (workflow_dispatch input or repo variable on
 GH; queue-time pipeline parameter on ADO). Each install step compares
 installed / generated / latest and warns when the YAML is stale or a
 newer release is on PSGallery. See Automation-Pipeline-Examples README
 section 5.3.
- Copy-AzureLocalPipelineExample: new -Update switch for controlled
 refresh of an existing destination. Per-file ShouldContinue prompts
 with -Confirm:$false bypass for unattended use; -WhatIf supported. No
 -Force switch by design - git diff after the copy is the rollback.
- New public function Copy-AzureLocalItsmSample copies the bundled ITSM
 connector sample (azurelocal-itsm.yml + templates/incident-body.md)
 out of the module install location into a user-chosen destination
 (default: .\.itsm, matching the workflow defaults that look for
 ./.itsm/azurelocal-itsm.yml at job runtime). The ITSM YAML is CI-
 platform-agnostic; both GitHub Actions and Azure DevOps consume it
 identically, only the secret source differs. Same overwrite semantics
 as Copy-AzureLocalPipelineExample: refuses by default, -Update with
 per-file ShouldContinue + -Confirm:$false bypass, -WhatIf preview.

### Changed
- Copy-AzureLocalPipelineExample: removed v0.7.4 -Flatten and -Force
 switches (neither survived first real-world use). -Platform GitHub
 copies only *.yml from github-actions/ flat into -Destination (no
 wrapper folder, no README, no .itsm/); -Platform AzureDevOps mirrors
 this against azure-devops/; -Platform All (default) unchanged. Without
 -Update the function refuses to overwrite any pre-existing destination
 file, listing every conflict in the error message. Pre-existing
 unrelated files (e.g. your repo's own build.yml) are left untouched.
 Not flagged as breaking: the v0.7.4 surface had not been adopted at
 removal time.

## Version 0.7.41 - Hotfix: parallel fleet reads broken by v0.7.3 NestedModules refactor

### Fixed
- HIGH: every fleet read function that dispatches through
 Invoke-FleetJobsInParallel (Get-AzureLocalUpdateRuns,
 Get-AzureLocalUpdateSummary, Get-AzureLocalClusterUpdateReadiness,
 Get-AzureLocalAvailableUpdates, Get-AzureLocalFleetProgress,
 Invoke-AzureLocalFleetOperation, Test-AzureLocalClusterHealth, and
 Start-AzureLocalClusterUpdate's parallel path) failed for every
 cluster when invoked with -ThrottleLimit > 1 against the PSGallery-
 installed v0.7.4, returning State=Error: "Cannot use '&' to invoke in
 the context of module 'Invoke-FleetJobsInParallel' because it is not
 imported." Inline (-ThrottleLimit 1) was unaffected. Root cause: the
 v0.7.3 NestedModules refactor changed $PSCommandPath inside
 Invoke-FleetJobsInParallel.ps1 to point at the helper's own .ps1, not
 the root manifest. Per-batch Start-Job scriptblocks then imported only
 that .ps1 in the child runspace, so & $mod { ... } against private
 helpers always failed.
- HIGH: New-AzureLocalFleetStatusHtmlReport -ThrottleLimit > 1 (via
 Get-AzureLocalFleetStatusData) threw at start-up: "Parallel collection
 requires module path '...\Public\AzLocal.UpdateManagement.psm1' to be
 reachable by background jobs, but it does not exist." Same class of
 regression but a separate code path: Get-AzureLocalFleetStatusData was
 using Join-Path $PSScriptRoot 'AzLocal.UpdateManagement.psm1', and
 after v0.7.3 $PSScriptRoot resolves to Public/, not the module root.
 New-AzureLocalFleetStatusHtmlReport's footer fallback had the same flaw.
- Centralised the resolution in a new private helper
 Get-AzLocalModuleRootManifestPath, used by all three sites. It prefers
 the loaded module's .Path (.psd1 over .psm1) and falls back to walking
 up from the caller, so it is correct from any Public/ or Private/ file.
- Added Pester regression tests for the helper and for the trailing
 $ModulePath argument that Invoke-FleetJobsInParallel passes to per-
 batch scriptblocks. Existing tests only exercised the inline
 -ThrottleLimit 1 fast-path and silently masked the v0.7.4 regression.

## Version 0.7.4 - ITSM Connector Phase 1 (ServiceNow)

### Added (Phase 1 scaffold)
- New optional ITSM ticketing surface that lets `apply-updates` and
 `fleet-update-status` pipelines open ServiceNow incidents when a cluster
 needs operator action. Disabled by default; opt-in via pipeline input
 `raise_itsm_ticket=true` plus a `./.itsm/azurelocal-itsm.yml` config file.
- New public functions (Phase 1):
 - `Get-AzureLocalItsmConfig`  - load + validate the YAML/JSON trigger matrix
 - `Test-AzureLocalItsmConnection`  - dry-run probe of ITSM endpoint + adapters
 - `New-AzureLocalIncident`  - consume JUnit results, evaluate trigger matrix,
   open / dedupe ServiceNow incidents, return per-cluster Action/TicketId rows
- New internal helpers (Phase 1):
 - `Resolve-AzLocalItsmSecret`, `Get-AzLocalItsmDedupeKey`,
   `Get-AzLocalItsmTriggerDecision`, `Format-AzLocalIncidentBody`,
   `Invoke-AzLocalItsmHttp`, `Invoke-AzLocalServiceNowAdapter`
- New documentation: top-level `ITSM/` folder with `README.md` setup
 walkthrough and `ITSM/ITSM-Config-Reference.md` (full schema
 reference), plus `Automation-Pipeline-Examples/.itsm/` sample config
 + Mustache-style ticket-body templates.
- Phase 2 (`Sync-AzureLocalIncident` lifecycle close-out) and Phase 3
 (Teams / Slack mirror adapters) are **deferred to a future release**;
 the Phase 1 surface is feature-complete on its own.
- Secrets: ITSM credentials are referenced from Azure Key Vault
 (`kv://<vault>/<secret>`) or native CI secrets (`env://<NAME>`). No raw
 secret is ever written to YAML or to disk.

### Added (pipeline-examples convenience)
- New public function `Copy-AzureLocalPipelineExample` copies the bundled
 `Automation-Pipeline-Examples/` folder out of the module install
 location into a user-chosen destination (default: current directory).
 Supports `-Platform GitHub | AzureDevOps | All`, `-Flatten`, `-Force`,
 `-PassThru`, `-WhatIf` and `-Confirm`. Saves users from hunting through
 `$module.ModuleBase` to find the YAML samples.

## Version 0.7.3 - Module renamed to AzLocal.UpdateManagement + internal refactor

Summary: module renamed from `AzStackHci.ManageUpdates` to
`AzLocal.UpdateManagement` to align with the Azure Local product name
(the `Azure Stack HCI` brand was retired in late 2024). Module GUID is
preserved across the rename. Migration:
`Uninstall-Module AzStackHci.ManageUpdates -AllVersions; Install-Module AzLocal.UpdateManagement`.
A transitional `AzStackHci.ManageUpdates` v0.7.3 stub is published once
for users with automation that runs `Install-Module
AzStackHci.ManageUpdates`; importing it emits a warning pointing at the
new name. Default log folder moved to
`C:\ProgramData\AzLocal.UpdateManagement\` (old folder not migrated;
remove manually). Also refactored: monolithic 11,679-line `.psm1` split
into Public/Private dot-sourced files (NestedModules), matching
`AzLocal.DeploymentAutomation`. Full notes in CHANGELOG.md.

## Version 0.7.2 - Fleet read paths fixed under -ThrottleLimit > 1

Summary: fix for Get-AzureLocalUpdateRuns / Get-AzureLocalUpdateSummary /
Get-AzureLocalClusterUpdateReadiness which previously failed under
-ThrottleLimit > 1 because child Start-Job runspaces could not see module-
private helpers; per-cluster scriptblocks now resolve the loaded module
(Import-Module -PassThru) and invoke helpers via `& $module { ... }`.
Inline (-ThrottleLimit 1) execution was unaffected. Also suppresses cp1252
encoding warnings from az rest / az graph query by passing
--only-show-errors at every call site (per azure-cli #14426). See also
v0.7.41 for a related manifestation. Full notes in CHANGELOG.md.

## Version 0.7.1 - EndTime column for update runs + Sideloaded payload workflow

Summary: new optional `UpdateSideloaded` cluster tag and the auto-reset workflow
(Reset-AzureLocalSideloadedTag), EndTime column on Get-AzureLocalUpdateRuns,
CSV-injection sanitisation on intermediate logs, and a switch to
`Generic.List[object]` accumulators for fleet read paths (O(n) instead of
O(n^2)). Fully opt-in; clusters without the tag behave exactly as in v0.7.0.
Full notes in CHANGELOG.md.

## Version 0.7.0 - Fleet-scale correctness, parallelism, and hardening

The jump from 0.6.5 to 0.7.0 reflects the scope of this release: correctness fixes for large
fleets (1500+ clusters), a shift to true parallel execution across all per-cluster read/write
paths, HTML report performance improvements, and a round of bug and security hardening. No
breaking public-surface changes. Highlights: ARG pagination beyond 1000 results, true
parallel fleet execution, ~60% faster HTML render at 1500 clusters, mid-run token refresh,
CSV formula-injection escaping, UpdateWindow tag separator changed to '_'.

For full release notes on this and previous versions, see:
https://github.com/NeilBird/Azure-Local/blob/main/AzLocal.UpdateManagement/CHANGELOG.md

FileList

Version History

Version Downloads Last updated
0.7.50 (current version) 7 5/15/2026
0.7.41 4 5/13/2026
0.7.3 3 5/13/2026