How to create simple Ansible playbook for Windows Updates
I created simple playbook for run windows updates
I use for this win_updates module in Ansible.
- navigate to win_updates snippet to get all options
2. I used first playbook just for searching patches so I changed only last line state: searched
---
- hosts: win
tasks:
- name: windows_updates
win_updates:
reboot_timeout: 1200
log_path: undefined
whitelist: undefined
category_names: Application;Connectors;CriticalUpdates;DefinitionUpdates;DeveloperKits;FeaturePacks;Guidance;SecurityUpdates;ServicePacks;Tools;UpdateRollups;
reboot: yes # not required. Ansible will automatically reboot the remote host if it is required and continue to install updates after the reboot.,
use_scheduled_task: no # not required
blacklist: undefined # not required. A list of update titles or KB numbers that can be used to specify which updates are to be excluded from installation
state: searched #state: searched
3. Lets test it
I use visual studio code so I just right click on the playbook and press Run Ansible Playbook Remotely via ssh
It looks like below ip addres 192.168.1.107 this is you ip from host file (/etc/ansible/hosts)
In meantime I login to my windows server and check if playbook works
And looks like all works 🙂
Next step will be install updates
So you need to create new playbook.
I created really simple one.
After installation Ansible will reboot server automatically.
Different examples and options funded on web
- name: Install all security, critical, and rollup updates without a scheduled task win_updates: category_names: - SecurityUpdates - CriticalUpdates - UpdateRollups - name: Install only security updates as a scheduled task for Server 2008 win_updates: category_names: SecurityUpdates use_scheduled_task: yes - name: Search-only, return list of found updates (if any), log to C:\ansible_instalacja.txt win_updates: category_names: SecurityUpdates state: searched log_path: C:\ansible_instalacja.txt - name: Install all security updates with automatic reboots win_updates: category_names: - SecurityUpdates reboot: yes - name: Install only particular updates based on the KB numbers win_updates: category_name: - SecurityUpdates whitelist: - KB4056892 - KB4073117 - name: Exclude updates based on the update title win_updates: category_name: - SecurityUpdates - CriticalUpdates blacklist: - Windows Malicious Software Removal Tool for Windows - \d{4}-\d{2} Cumulative Update for Windows Server 2016 # One way to ensure the system is reliable just after a reboot, is to set WinRM to a delayed startup - name: Ensure WinRM starts when the system has settled and is ready to work reliably win_service: name: WinRM start_mode: delayed # Optionally, you can increase the reboot_timeout to survive long updates during reboot - name: Ensure we wait long enough for the updates to be applied during reboot win_updates: reboot: yes reboot_timeout: 3600 # Search and download Windows updates - name: Search and download Windows updates without installing them win_updates: state: downloaded
Please Comment and Subscribe