This a bad commit message. NO idea.

collections/requirements.yml

@@ -34,5 +34,5 @@ collections:
   - name: community.crypto
     source: https://galaxy.ansible.com
 
-  - name: onepassword.connect
+##  - name: onepassword.connect
-  - name: ansible.posix
+#  - name: ansible.posix

context/Containerfile

@@ -1,4 +1,4 @@
-ARG EE_BASE_IMAGE=quay.io/ansible/ansible-runner:stable-2.10-devel
+ARG EE_BASE_IMAGE=registry.redhat.io/ansible-automation-platform-20-early-access/ee-supported-rhel8:latest
 ARG EE_BUILDER_IMAGE=quay.io/ansible/ansible-builder:latest
 
 FROM $EE_BASE_IMAGE as galaxy

context/_build/ansible.cfg

@@ -1,6 +1,5 @@
 [defaults]
 # Use the YAML callback plugin.
-#stdout_callback = yaml
 stdout_callback = community.general.yaml
 callback_enabled = community.general.yaml
 # Profile

context/_build/requirements.yml

@@ -34,5 +34,5 @@ collections:
   - name: community.crypto
     source: https://galaxy.ansible.com
 
-  - name: onepassword.connect
+##  - name: onepassword.connect
-  - name: ansible.posix
+#  - name: ansible.posix

cvpublish.yml

@@ -25,7 +25,7 @@
   - name: Pre-tasks | Extract list of content views
     set_fact:
       sat6_content_views_list: "{{ sat6_content_views_list|default([]) }} + ['{{ item.name }}' ]"
-    loop: "{{ list_all_cvs | reject('search', 'Default_Organization_View') | list }}"
+    loop: "{{ list_all_cvs | reject('search', 'Default Organization View') | list }}"
     when: item.composite == false 
 
   - name: Publish content

execution-environment.yml

@@ -2,11 +2,10 @@
 version: 1
 
 build_arg_defaults:
-  EE_BASE_IMAGE: 'quay.io/ansible/ansible-runner:stable-2.10-devel'
+  EE_BASE_IMAGE: 'registry.redhat.io/ansible-automation-platform-20-early-access/ee-supported-rhel8:latest'
 
 ansible_config: '../../../.ansible.cfg'
 
 dependencies:
   galaxy: collections/requirements.yml
   python: requirements.txt
-  system: bindep.txt

rhv_setup.yml

@@ -13,6 +13,8 @@
       ignore_errors: yes
       register: key_info
 
+    - set_fact: have_valid_cert=false
+
     - set_fact:
         have_valid_cert: "{{ (key_info.not_after|to_datetime('%Y%m%d%H%M%SZ')).timestamp() > ansible_date_time.epoch|int + 2592000 }}"
       when:
@@ -24,8 +26,8 @@
   connection: local
   gather_facts: false
   # This doesn't belong here
-  vars:
+  #vars:
-    acme_certificate_root_certificate: https://letsencrypt.org/certs/trustid-x3-root.pem.txt
+  #  acme_certificate_root_certificate: https://letsencrypt.org/certs/trustid-x3-root.pem.txt
 
 
   pre_tasks:
@@ -56,7 +58,7 @@
 
   roles:
     - name: felixfontein.acme_certificate
-      when: not have_valid_cert
+      when: have_valid_cert is defined and not have_valid_cert
 
   post_tasks:
     - name: Remove tempfile
@@ -209,3 +211,11 @@
       register: networkinfo
 
     - debug: msg="{{networkinfo}}"
+
+- name: Reminder
+  hosts: localhost
+  connection: local
+  tasks:
+  - name: Reminder
+    debug: "Don't forget to add tso off gro off gso off lro off to i217-LM NIC's (eg: Dell Optiplex)!"
+# https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html/administration_guide/sect-hosts_and_networking#Editing_Host_Network_Interfaces_and_Assigning_Logical_Networks_to_Hosts

roles/felixfontein.acme_certificate/meta/.galaxy_install_info

@@ -1,2 +1,2 @@
-install_date: Mon Apr 19 15:24:27 2021
+install_date: Fri Oct 15 18:59:51 2021
 version: 1.1.1

roles/geerlingguy.gitlab/meta/.galaxy_install_info

@@ -1,2 +1,2 @@
-install_date: Wed Jun 30 01:12:45 2021
+install_date: Fri Oct 15 18:59:12 2021
 version: 3.1.0

roles/geerlingguy.java/meta/.galaxy_install_info

@@ -1,2 +1,2 @@
-install_date: Wed Jun 30 01:12:44 2021
+install_date: Fri Oct 15 18:59:11 2021
 version: 1.10.0

roles/ikke_t.container_image_cleanup/meta/.galaxy_install_info

@@ -1,2 +1,2 @@
-install_date: Wed Jun 30 01:12:56 2021
+install_date: Fri Oct 15 18:59:25 2021
 version: master

roles/ikke_t.podman_container_systemd/README.md

@@ -98,6 +98,7 @@ Dependencies
 ------------
 
 * [containers.podman](https://galaxy.ansible.com/containers/podman) (collection)
+* [ansible.posix](https://galaxy.ansible.com/ansible/posix) (collection)
 
 Example Playbook
 ----------------

roles/ikke_t.podman_container_systemd/defaults/main.yml

@@ -7,7 +7,7 @@ container_state: running
 # see man systemd.service for info
 # by default we want to restart failed container
 container_restart: on-failure
-service_files_dir: /etc/systemd/system
+service_files_dir: /usr/local/lib/systemd/system
 systemd_scope: system
 systemd_TimeoutStartSec: 15
 systemd_RestartSec: 30
@@ -17,6 +17,15 @@ container_run_as_user: root
 container_run_as_group: root
 container_stop_timeout: 15
 
+# SystemD dependencies (some are hardcoded; see templates)
+systemd_After: [network.target]
+systemd_Before: []
+systemd_Conflicts: []
+systemd_RequiredBy: []
+systemd_Requires: []
+systemd_WantedBy: []
+systemd_Wants: []
+
 # systemd service name
 service_name: "{{ container_name }}-container-pod-{{ container_run_as_user }}.service"
 

roles/ikke_t.podman_container_systemd/meta/.galaxy_install_info

@@ -1,2 +1,2 @@
-install_date: Wed Jun 30 01:12:54 2021
+install_date: Fri Oct 15 18:59:22 2021
-version: 2.1.0
+version: 2.2.0

roles/ikke_t.podman_container_systemd/meta/main.yml

@@ -36,7 +36,8 @@ dependencies:
     when: >
       (ansible_distribution == 'Debian' and
       ansible_distribution_release == 'buster') or
-      ansible_distribution == 'Ubuntu'
+      (ansible_distribution == 'Ubuntu' and
+      ansible_distribution_version is version('21.04', '<'))
 
 collections:
   - containers.podman

roles/ikke_t.podman_container_systemd/requirements.yml

@@ -1,3 +1,4 @@
 ---
 collections:
+  - ansible.posix
   - containers.podman

roles/ikke_t.podman_container_systemd/tasks/main.yml

@@ -38,11 +38,20 @@
 - name: set systemd scope to system if needed
   set_fact:
     systemd_scope: system
-    service_files_dir: '/etc/systemd/system'
+    service_files_dir: /usr/local/lib/systemd/system
     xdg_runtime_dir: "/run/user/{{ container_run_as_uid.stdout }}"
   when: container_run_as_user == "root"
   changed_when: false
 
+- name: create local systemd directory
+  when: service_files_dir == '/usr/local/lib/systemd/system'
+  file:
+    group: root
+    mode: u=rwX,go=rX
+    owner: root
+    path: /usr/local/lib/systemd/system/
+    state: directory
+
 - name: check if service file exists already
   stat:
     path: "{{ service_files_dir }}/{{ service_name }}"
@@ -95,6 +104,7 @@
     # https://github.com/containers/libpod/issues/5570
     # command: podman inspect -f {{.Id}} "{{ container_image }}"
     command: "podman image inspect -f '{{ '{{' }}.Id{{ '}}' }}' {{ item }}"
+    changed_when: false
     register: pre_pull_id
     ignore_errors: true
     when:
@@ -121,6 +131,7 @@
   - name: running single container, get image Id if it exists
     command:
       "podman image inspect -f '{{ '{{' }}.Id{{ '}}' }}'  {{ item }}"
+    changed_when: false
     become: true
     become_user: "{{ container_run_as_user }}"
     register: post_pull_id
@@ -204,6 +215,18 @@
       - service_file_before_template.stat.exists
       - service_file.changed
 
+  - name: ensure auto update is running for images
+    become: true
+    become_user: "{{ container_run_as_user }}"
+    environment:
+      XDG_RUNTIME_DIR: "{{ xdg_runtime_dir }}"
+    systemd:
+      name: podman-auto-update.timer
+      daemon_reload: true
+      scope: "{{ systemd_scope }}"
+      state: started
+      enabled: true
+
   when: container_state == "running"
 
 - name: configure firewall if container_firewall_ports is defined
@@ -247,7 +270,7 @@
 
   - name: ensure container's exposed ports firewall state
     tags: firewall
-    firewalld:
+    ansible.posix.firewalld:
       port: "{{ item }}"
       permanent: true
       immediate: true

roles/ikke_t.podman_container_systemd/templates/systemd-service-pod.j2

@@ -1,6 +1,20 @@
 [Unit]
 Description={{ container_name }} Podman Container
-After=network.target
+{% for unit in systemd_After %}
+After={{ unit }}
+{% endfor %}
+{% for unit in systemd_Before %}
+Before={{ unit }}
+{% endfor %}
+{% for unit in systemd_Conflicts %}
+Conflicts={{ unit }}
+{% endfor %}
+{% for unit in systemd_Requires %}
+Requires={{ unit }}
+{% endfor %}
+{% for unit in systemd_Wants %}
+Wants={{ unit }}
+{% endfor %}
 
 [Service]
 Type=forking
@@ -18,6 +32,7 @@ ExecReload=-/usr/bin/podman pod rm -f {{ container_name }}
 ExecStop=-/usr/bin/podman pod rm -f {{ container_name }}
 Restart={{ container_restart }}
 RestartSec={{ systemd_RestartSec }}
+Environment=PODMAN_SYSTEMD_UNIT=%n
 
 [Install]
 {% if container_run_as_user == 'root' %}
@@ -26,3 +41,9 @@ WantedBy=multi-user.target
 {% if container_run_as_user != 'root' %}
 WantedBy=default.target
 {% endif %}
+{% for unit in systemd_RequiredBy %}
+RequiredBy={{ unit }}
+{% endfor %}
+{% for unit in systemd_WantedBy %}
+WantedBy={{ unit }}
+{% endfor %}

roles/ikke_t.podman_container_systemd/templates/systemd-service-single.j2

@@ -1,10 +1,26 @@
 [Unit]
 Description={{ container_name }} Podman Container
-After=network.target
+{% for unit in systemd_After %}
+After={{ unit }}
+{% endfor %}
+{% for unit in systemd_Before %}
+Before={{ unit }}
+{% endfor %}
+{% for unit in systemd_Conflicts %}
+Conflicts={{ unit }}
+{% endfor %}
+{% for unit in systemd_Requires %}
+Requires={{ unit }}
+{% endfor %}
+{% for unit in systemd_Wants %}
+Wants={{ unit }}
+{% endfor %}
 
 [Service]
 Type=simple
 TimeoutStartSec={{ systemd_TimeoutStartSec }}
+ExecStartPre=-/usr/bin/podman stop -t {{ container_stop_timeout|quote }} {{ container_name|quote }}
+ExecStartPre=-/usr/bin/podman rm -f {{ container_name|quote }}
 ExecStartPre=-/usr/bin/rm -f {{ pidfile }} {{ cidfile }}
 {% if container_run_as_user == 'root' %}
 User={{ container_run_as_user }}
@@ -22,6 +38,7 @@ Restart={{ container_restart }}
 RestartSec={{ systemd_RestartSec }}
 KillMode=mixed
 PIDFile={{ pidfile }}
+Environment=PODMAN_SYSTEMD_UNIT=%n
 
 [Install]
 {% if container_run_as_user == 'root' %}
@@ -30,3 +47,9 @@ WantedBy=multi-user.target
 {% if container_run_as_user != 'root' %}
 WantedBy=default.target
 {% endif %}
+{% for unit in systemd_RequiredBy %}
+RequiredBy={{ unit }}
+{% endfor %}
+{% for unit in systemd_WantedBy %}
+WantedBy={{ unit }}
+{% endfor %}

roles/oatakan.ansible-role-ovirt/meta/.galaxy_install_info

@@ -1,2 +1,2 @@
-install_date: Wed Jun 30 01:12:51 2021
+install_date: Fri Oct 15 18:59:19 2021
 version: ''

roles/oatakan.ansible-role-ovirt/tasks/deprovision.yml

@@ -58,7 +58,7 @@
   until: disks_deletion.finished
   retries: "{{ instance_wait_retry_limit }}"
   delay: 10
-  with_items: "{{ delete_disks.results }}"
+  loop: "{{ delete_disks.results }}"
   when:
     - nodes is defined
     - delete_disks.results is defined

roles/oatakan.ansible-role-ovirt/tasks/provision.yml

@@ -48,7 +48,7 @@
   retries: "{{ instance_wait_retry_limit }}"
   delay: 10
   no_log: true
-  with_items: "{{ deploy.results }}"
+  loop: "{{ deploy.results }}"
   when:
     - nodes is defined
     - deploy.results is defined
@@ -85,7 +85,7 @@
   until: disks_creation.finished
   retries: "{{ instance_wait_retry_limit }}"
   delay: 10
-  with_items: "{{ create_disks.results }}"
+  loop: "{{ create_disks.results }}"
   when:
     - nodes is defined
     - create_disks.results is defined
@@ -110,7 +110,7 @@
       nic_name: "{{ item.networks[0].nic_name | default(item.networks[0].device_name) | default('eth0') }}"
       nic_on_boot: true
       host_name: "{{ item.name }}.{{ item.domain | default('') }}"
-      dns_servers: "{{ item.dns_servers|join(' ') | default([]) }}"
+      dns_servers: "{{ (item.dns_servers | default([])) | join(' ') }}"
       custom_script: "{{ item.custom_script | default('') }}"
       user_name: "{{ item.user_name | default('') }}"
       root_password: "{{ item.root_password | default('') }}"
@@ -144,7 +144,7 @@
 - name: combine deployment results
   set_fact:
     deploy_results: "{{ deploy_results|default([]) + [ item ] }}"
-  with_items: "{{ deploy_linux.results + deploy_windows.results }}"
+  loop: "{{ deploy_linux.results + deploy_windows.results }}"
   when:
     - nodes is defined
     - item.ansible_job_id is defined
@@ -156,7 +156,7 @@
   until: instances.finished
   retries: "{{ instance_wait_retry_limit }}"
   delay: 10
-  with_items: "{{ deploy_results }}"
+  loop: "{{ deploy_results }}"
   when:
     - nodes is defined
     - deploy_results is defined

roles/oatakan.ansible-role-ovirt/tasks/wait_for_ip.yml

@@ -1,31 +1,33 @@
 ---
 
-#- name: waiting for ip address to be assigned
+- name: waiting for ip address to be assigned
-#  ovirt_nic_info:
+  ovirt_nic_info:
-#    auth: "{{ ovirt_auth }}"
+    auth: "{{ ovirt_auth }}"
-#    vm: "{{ item.vm.name }}"
+    vm: "{{ item.vm.name }}"
-#    name: nic1
+    name: nic1
-#  register: nics
+    fetch_nested: yes
-#  until:
+    nested_attributes:
-#    - nics.ovirt_nics | length > 0
+      - ips
-#    - nics.ovirt_nics[0].reported_devices | length > 0
+  register: nics
-#    - nics.ovirt_nics[0].reported_devices[0].ips is defined
+  until:
-#    - nics.ovirt_nics[0].reported_devices[0].ips | length > 0
+    - nics.ovirt_nics | length > 0
-#    - nics.ovirt_nics[0].reported_devices[0].ips[0].address is defined
+    - nics.ovirt_nics[0].reported_devices | length > 0
-#    - nics.ovirt_nics[0].reported_devices[0].ips[0].version == 'v4'
+    - reported_ipv4_addresses | length
-#  retries: 300
+  retries: 300
-#  delay: 10
+  delay: 10
-#  with_items: "{{ instances.results }}"
+  loop: "{{ instances.results }}"
-#  when:
+  when:
-#    - nodes is defined
+    - nodes is defined
-#    - instances.results is defined
+    - instances.results is defined
-#    - item.vm is defined
+    - item.vm is defined
+  vars:
+    reported_ipv4_addresses: "{{ (nics.ovirt_nics[0].reported_devices | json_query('[*].ips[?version==`v4`].address') | flatten) | default([]) }}"
 
 - name: waiting for servers to come online on predefined ip
   wait_for:
     host: "{{ item.networks[0].ip }}"
     port: "{{ item.ansible_port | default(ansible_port) | default('22') }}"
-  with_items: "{{ nodes }}"
+  loop: "{{ nodes }}"
   when:
     - nodes is defined
     - item.networks is defined
@@ -33,9 +35,9 @@
 
 - name: waiting for servers to come online on dhcp ip
   wait_for:
-    host: "{{ (item.ovirt_nics[0].reported_devices[0].ips | json_query('[?version==`v4`].address'))[0] }}"
+    host: "{{ (item.ovirt_nics[0].reported_devices | json_query('[*].ips[?version==`v4`].address'))[0][0] | default('') }}"
     port: "{{ item.item.item.item.ansible_port | default(ansible_port) | default('22') }}"
-  with_items: "{{ nics.results }}"
+  loop: "{{ nics.results }}"
   when:
     - nodes is defined
     - nics.results is defined
@@ -55,15 +57,14 @@
   until:
     - nics.ovirt_nics | length > 0
     - nics.ovirt_nics[0].reported_devices | length > 0
-    - nics.ovirt_nics[0].reported_devices[0].ips | length > 0
+    - item.networks[0].ip in reported_ipv4_addresses
-    - nics.ovirt_nics[0].reported_devices[0].ips[0].address is defined
-    - nics.ovirt_nics[0].reported_devices[0].ips[0].version == 'v4'
-    - nics.ovirt_nics[0].reported_devices[0].ips[0].address == item.networks[0].ip
   retries: "{{ ip_wait_retry_limit }}"
   delay: 10
-  with_items: "{{ nodes }}"
+  loop: "{{ nodes }}"
   when:
     - wait_for_static_ip_assigned|bool
     - nodes is defined
     - item.networks | length > 0
-    - item.networks[0].ip is defined
+    - item.networks[0].ip is defined
+  vars:
+    reported_ipv4_addresses: "{{ (nics.ovirt_nics[0].reported_devices | json_query('[*].ips[?version==`v4`].address') | flatten) | default([]) }}"

roles/oatakan.ansible-role-ovirt/tasks/wait_for_ip_pre29.yml

@@ -1,31 +1,30 @@
 ---
 
-#- name: waiting for ip address to be assigned (<2.9)
+- name: waiting for ip address to be assigned (<2.9)
-#  ovirt_nic_facts:
+  ovirt_nic_facts:
-#    auth: "{{ ovirt_auth }}"
+    auth: "{{ ovirt_auth }}"
-#    vm: "{{ item.vm.name }}"
+    vm: "{{ item.vm.name }}"
-#    name: nic1
+    name: nic1
-#  register: nics
+  register: nics
-#  until:
+  until:
-#    - nics.ansible_facts.ovirt_nics | length > 0
+    - nics.ansible_facts.ovirt_nics | length > 0
-#    - nics.ansible_facts.ovirt_nics[0].reported_devices | length > 0
+    - nics.ansible_facts.ovirt_nics[0].reported_devices | length > 0
-#    - nics.ansible_facts.ovirt_nics[0].reported_devices[0].ips is defined
+    - reported_ipv4_addresses | length
-#    - nics.ansible_facts.ovirt_nics[0].reported_devices[0].ips | length > 0
+  retries: 300
-#    - nics.ansible_facts.ovirt_nics[0].reported_devices[0].ips[0].address is defined
+  delay: 10
-#    - nics.ansible_facts.ovirt_nics[0].reported_devices[0].ips[0].version == 'v4'
+  loop: "{{ instances.results }}"
-#  retries: 300
+  when:
-#  delay: 10
+    - nodes is defined
-#  with_items: "{{ instances.results }}"
+    - instances.results is defined
-#  when:
+    - item.vm is defined
-#    - nodes is defined
+  vars:
-#    - instances.results is defined
+    reported_ipv4_addresses: "{{ (nics.ovirt_nics[0].reported_devices | json_query('[*].ips[?version==`v4`].address') | flatten) | default([]) }}"
-#    - item.vm is defined
 
 - name: waiting for servers to come online on predefined ip
   wait_for:
     host: "{{ item.networks[0].ip }}"
     port: "{{ item.ansible_port | default(ansible_port) | default('22') }}"
-  with_items: "{{ nodes }}"
+  loop: "{{ nodes }}"
   when:
     - nodes is defined
     - item.networks is defined
@@ -35,7 +34,7 @@
   wait_for:
     host: "{{ (item.ansible_facts.ovirt_nics[0].reported_devices[0].ips | json_query('[?version==`v4`].address'))[0] }}"
     port: "{{ item.item.item.item.ansible_port | default(ansible_port) | default('22') }}"
-  with_items: "{{ nics.results }}"
+  loop: "{{ nics.results }}"
   when:
     - nodes is defined
     - nics.results is defined
@@ -55,15 +54,14 @@
   until:
     - nics.ansible_facts.ovirt_nics | length > 0
     - nics.ansible_facts.ovirt_nics[0].reported_devices | length > 0
-    - nics.ansible_facts.ovirt_nics[0].reported_devices[0].ips | length > 0
+    - item.networks[0].ip in reported_ipv4_addresses
-    - nics.ansible_facts.ovirt_nics[0].reported_devices[0].ips[0].address is defined
-    - nics.ansible_facts.ovirt_nics[0].reported_devices[0].ips[0].version == 'v4'
-    - nics.ansible_facts.ovirt_nics[0].reported_devices[0].ips[0].address == item.networks[0].ip
   retries: "{{ ip_wait_retry_limit }}"
   delay: 10
-  with_items: "{{ nodes }}"
+  loop: "{{ nodes }}"
   when:
     - wait_for_static_ip_assigned|bool
     - nodes is defined
     - item.networks | length > 0
-    - item.networks[0].ip is defined
+    - item.networks[0].ip is defined
+  vars:
+    reported_ipv4_addresses: "{{ (nics.ovirt_nics[0].reported_devices | json_query('[*].ips[?version==`v4`].address') | flatten) | default([]) }}"

roles/oatakan.ansible-role-windows-ad-controller/meta/.galaxy_install_info

@@ -1,2 +1,2 @@
-install_date: Wed Jun 30 01:12:47 2021
+install_date: Fri Oct 15 18:59:14 2021
 version: ''

roles/oatakan.rhel_ovirt_template/meta/.galaxy_install_info

@@ -1,2 +1,2 @@
-install_date: Wed Jun 30 01:12:53 2021
+install_date: Fri Oct 15 18:59:21 2021
 version: master

roles/oatakan.rhel_ovirt_template/templates/rhel8/ks.cfg.j2

@@ -1,6 +1,5 @@
 firewall --disabled
 
-install
 cdrom
 lang en_US.UTF-8
 keyboard us
@@ -34,7 +33,7 @@ volgroup vg00 --pesize=4096 pv.00
 logvol swap  --fstype="swap" --size=4096 --name=swap --vgname=vg00
 logvol /  --fstype="xfs" --size=1 --grow --name=root --vgname=vg00
 
-auth  --useshadow  --enablemd5
+authselect --useshadow  --enablemd5
 firstboot --disabled
 services --enabled=NetworkManager,sshd
 reboot

roles/oatakan.rhel_template_build/meta/.galaxy_install_info

@@ -1,2 +1,2 @@
-install_date: Wed Jun 30 01:12:52 2021
+install_date: Fri Oct 15 18:59:20 2021
 version: master

roles/oatakan.windows_ovirt_guest_agent/meta/.galaxy_install_info

@@ -1,2 +1,2 @@
-install_date: Wed Jun 30 01:12:48 2021
+install_date: Fri Oct 15 18:59:15 2021
 version: master

roles/oatakan.windows_ovirt_template/defaults/main.yml

@@ -3,6 +3,7 @@
 install_updates: yes
 instance_wait_retry_limit: 300
 instance_wait_connection_timeout: 400
+instance_stop_retry_limit: 60
 
 # this will remove existing template with the same name
 template_force: no
@@ -73,4 +74,5 @@ os_short_names:
   win2012: 2k12R2
   win2016: 2k16
   win2019: 2k19
-  win10: 10
+  win2022: 2k19 # 2k22 is not *yet* available on virtio iso
+  win10: w10

roles/oatakan.windows_ovirt_template/meta/.galaxy_install_info

@@ -1,2 +1,2 @@
-install_date: Wed Jun 30 01:12:45 2021
+install_date: Fri Oct 15 18:59:12 2021
 version: ''

roles/oatakan.windows_ovirt_template/tasks/stop_vm.yml

@@ -17,9 +17,19 @@
       when: ansible_version.full is version('2.9', '>=')
 
   rescue:
-    - name: ignoring any error
+    - name: stop vm
-      debug:
+      ovirt.ovirt.ovirt_vm:
-        msg: "ignoring error..."
+        auth: "{{ ovirt_auth }}"
+        cluster: "{{ providers.ovirt.cluster }}"
+        name: "{{ template.name }}"
+        state: stopped
+      when: template is defined
+
+    - include_tasks: wait_vm_poweredoff_pre29.yml
+      when: ansible_version.full is version('2.9', '<')
+
+    - include_tasks: wait_vm_poweredoff.yml
+      when: ansible_version.full is version('2.9', '>=')
 
 - name: reconfigure vm
   ovirt.ovirt.ovirt_vm:

roles/oatakan.windows_ovirt_template/tasks/wait_vm_poweredoff.yml

@@ -10,4 +10,4 @@
     - ovirt_vm_info_result.ovirt_vms|length > 0
     - ovirt_vm_info_result.ovirt_vms[0].status == 'down'
   delay: 5
-  retries: 30
+  retries: "{{ instance_stop_retry_limit }}"

roles/oatakan.windows_ovirt_template/tasks/wait_vm_poweredoff_pre29.yml

@@ -9,4 +9,4 @@
     - ovirt_vms|length > 0
     - ovirt_vms[0].status == 'down'
   delay: 5
-  retries: 30
+  retries: "{{ instance_stop_retry_limit }}"

roles/oatakan.windows_template_build/README.md

@@ -21,6 +21,7 @@ A list of roles that this role utilizes:
 
 - oatakan.windows_ec2_ena_driver
 - oatakan.windows_ovirt_guest_agent
+- oatakan.windows_powershell_upgrade
 - oatakan.windows_update
 - oatakan.windows_virtio
 - oatakan.windows_vmware_tools

roles/oatakan.windows_template_build/defaults/main.yml

@@ -5,16 +5,10 @@ remove_apps: no
 clean_up_components: yes
 upgrade_powershell: no
 powershell_target_version: 3.0
-temp_directory: "{{ ansible_env.TEMP }}"
+default_temp_directory: 'C:\Windows\Temp'
 update_retry_limit: 10
 upgrade_wait_timeout: 600
 
-powershell_script_url: https://raw.githubusercontent.com/oatakan/ansible-role-windows-template-build/master/files/Upgrade-PowerShell.ps1
-powershell_upgrade_script_file: 'C:\Upgrade-PowerShell.ps1'
-
-ps_memfix_script_url: https://raw.githubusercontent.com/oatakan/ansible-role-windows-template-build/master/files/Install-WMF3Hotfix.ps1
-ps_memfix_script_file: 'C:\Install-WMF3Hotfix.ps1'
-
 set_network_to_private: '([Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]"{DCB00C01-570F-4A9B-8D69-199FDBA5723B}"))).GetNetworkConnections() | % {$_.GetNetwork().SetCategory(1)}'
 
 enable_tlsv12_hotfix_download_location: "{{ ansible_env.TEMP }}"
@@ -24,24 +18,36 @@ enable_tlsv12_hotfix:
   url: https://download.microsoft.com/download/F/4/1/F4154AD2-2119-48B4-BF99-CC15F68E110D/Windows6.1-KB3080079-x64.msu
 
 enable_tls_support_hotfix_download_location: 'C:\Windows\Temp'
+# no longer available
+#enable_tls_support_hotfix:
+#  kb: kb3154518
+#  file: windows6.1-kb3154518-x64.msu
+#  url: http://download.microsoft.com/download/6/8/0/680ee424-358c-4fdf-a0de-b45dee07b711/windows6.1-kb3154518-x64.msu
+
+# fix: https://support.microsoft.com/en-us/topic/security-and-quality-rollup-for-net-framework-3-5-1-for-windows-7-sp1-and-windows-server-2008-r2-sp1-kb-4040980-71f9f600-4878-a9d4-6b36-93cafad2eefe
 enable_tls_support_hotfix:
-  kb: kb3154518
+  kb: kb4040980
-  file: windows6.1-kb3154518-x64.msu
+  file: windows6.1-kb4040980-x64_83282fb5210091802984ead0d4175879056d602c.msu
-  url: http://download.microsoft.com/download/6/8/0/680ee424-358c-4fdf-a0de-b45dee07b711/windows6.1-kb3154518-x64.msu
+  url: http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/09/windows6.1-kb4040980-x64_83282fb5210091802984ead0d4175879056d602c.msu
 
 dot_net_security_hotfix_download_location: 'C:\Windows\Temp'
+# no longer available
+#dot_net_security_hotfix:
+#  kb: KB2898850
+#  file: Windows8.1-KB2898850-x64.msu
+#  url: http://download.microsoft.com/download/C/6/9/C690CC33-18F7-405D-B18A-0A8E199E531C/Windows8.1-KB2898850-x64.msu
+
 dot_net_security_hotfix:
   kb: KB2898850
-  file: Windows8.1-KB2898850-x64.msu
+  file: windows8.1-kb2898850-x64_9ffdfdeac9011569d1b14cf2dbf926257c50186d.msu
-  url: http://download.microsoft.com/download/C/6/9/C690CC33-18F7-405D-B18A-0A8E199E531C/Windows8.1-KB2898850-x64.msu
+  url: http://download.windowsupdate.com/d/msdownload/update/software/secu/2014/04/windows8.1-kb2898850-x64_9ffdfdeac9011569d1b14cf2dbf926257c50186d.msu
 
 windows_update_agent_url: http://download.windowsupdate.com/windowsupdate/redist/standalone/7.6.7600.320/windowsupdateagent-7.6-x64.exe
 
 #sdelete_download_url: http://web.archive.org/web/20140902022253/http://download.sysinternals.com/files/SDelete.zip
 bleachbit_download_url: https://download.bleachbit.org/BleachBit-4.0.0-portable.zip
 sdelete_download_url: https://download.sysinternals.com/files/SDelete.zip
-#ultradefrag_download_url: http://downloads.sourceforge.net/project/ultradefrag/stable-release/6.1.0/ultradefrag-portable-6.1.0.bin.amd64.zip
+ultradefrag_download_url: https://downloads.sourceforge.net/project/ultradefrag/stable-release/7.1.4/ultradefrag-portable-7.1.4.bin.amd64.zip
-ultradefrag_download_url: https://sourceforge.net/projects/ultradefrag/files/stable-release/7.1.4/ultradefrag-portable-7.1.4.bin.amd64.zip/download
 
 enable_auto_logon: yes
 
@@ -59,6 +65,7 @@ virtio_role: oatakan.windows_virtio
 vmware_tools_role: oatakan.windows_vmware_tools
 virtualbox_guest_additions_role: oatakan.windows_virtualbox_guest_additions
 windows_update_role: oatakan.windows_update
+windows_powershell_upgrade_role: oatakan.windows_powershell_upgrade
 
 policy:
   allow_unauthenticated_guest_access: no

roles/oatakan.windows_template_build/files/Install-WMF3Hotfix.ps1

@@ -1,152 +0,0 @@
-#Requires -Version 3.0
-<#PSScriptInfo
-.VERSION 1.0
-.GUID 6cf319d1-8c50-460b-99ee-71b11cf7270d
-.AUTHOR
-    Jordan Borean <jborean93@gmail.com>
-.COPYRIGHT
-    Jordan Borean 2017
-.TAGS
-    PowerShell,Ansible,WinRM,WMF,Hotfix
-.LICENSEURI https://github.com/jborean93/ansible-windows/blob/master/LICENSE
-.PROJECTURI https://github.com/jborean93/ansible-windows
-.RELEASENOTES
-    Version 1.0: 2017-09-27
-        Initial script created
-#>
-
-<#
-.DESCRIPTION
-The script will install the WinRM hotfix KB2842230 which fixes the memory
-issues that occur when running over WinRM with WMF 3.0.
-The script will;
-    1. Detect if running on PS version 3.0 and exit if it is not
-    2. Check if KB2842230 is already installed and exit if it is
-    3. Download the hotfix from Microsoft server's based on the OS version
-    4. Extract the .msu file from the downloaded hotfix
-    5. Install the .msu silently
-    6. Detect if a reboot is required and prompt whether the user wants to restart
-
-Once the install is complete, if the install process returns an exit
-code of 3010, it will ask the user whether to restart the computer now
-or whether it will be done later.
-
-See https://github.com/jborean93/ansible-windows/tree/master/scripts for more
-details.
-.PARAMETER Verbose
-    [switch] - Whether to display Verbose logs on the console
-.EXAMPLE
-    powershell.exe -ExecutionPolicy ByPass -File Install-WMF3Hotfix.ps1
-.EXAMPLE
-    powershell.exe -ExecutionPolicy ByPass -File Install-WMF3Hotfix.ps1 -Verbose
-#>
-
-[CmdletBinding()]
-Param()
-
-$ErrorActionPreference = "Stop"
-if ($verbose) {
-    $VerbosePreference = "Continue"
-}
-
-Function Run-Process($executable, $arguments) {
-    $process = New-Object -TypeName System.Diagnostics.Process
-    $psi = $process.StartInfo
-    $psi.FileName = $executable
-    $psi.Arguments = $arguments
-    Write-Verbose -Message "starting new process '$executable $arguments'"
-    $process.Start() | Out-Null
-
-    $process.WaitForExit() | Out-Null
-    $exit_code = $process.ExitCode
-    Write-Verbose -Message "process completed with exit code '$exit_code'"
-
-    return $exit_code
-}
-
-Function Download-File($url, $path) {
-    Write-Verbose -Message "downloading url '$url' to '$path'"
-    $client = New-Object -TypeName System.Net.WebClient
-    $client.DownloadFile($url, $path)
-}
-
-Function Extract-Zip($zip, $dest) {
-    Write-Verbose -Message "extracting '$zip' to '$dest'"
-    try {
-        Add-Type -AssemblyName System.IO.Compression.FileSystem > $null
-        $legacy = $false
-    } catch {
-        $legacy = $true
-    }
-
-    if ($legacy) {
-        $shell = New-Object -ComObject Shell.Application
-        $zip_src = $shell.NameSpace($zip)
-        $zip_dest = $shell.NameSpace($dest)
-        $zip_dest.CopyHere($zip_src.Items(), 1044)
-    } else {
-        [System.IO.Compression.ZipFile]::ExtractToDirectory($zip, $dest)
-    }
-}
-
-$tmp_dir = $env:temp
-$kb = "KB2842230"
-if ($PSVersionTable.PSVersion.Major -ne 3) {
-    Write-Verbose -Message "$kb is only applicable with Powershell v3, no action required"
-    exit 0
-}
-
-$hotfix_installed = Get-Hotfix -Id $kb -ErrorAction SilentlyContinue
-if ($hotfix_installed -ne $null) {
-    Write-Verbose -Message "$kb is already installed"
-    exit 0
-}
-
-if (-not (Test-Path -Path $tmp_dir)) {
-    New-Item -Path $tmp_dir -ItemType Directory > $null
-}
-$os_version = [Version](Get-Item -Path "$env:SystemRoot\System32\kernel32.dll").VersionInfo.ProductVersion
-$host_string = "$($os_version.Major).$($os_version.Minor)-$($env:PROCESSOR_ARCHITECTURE)"
-switch($host_string) {
-    # These URLS point to the Ansible Core CI S3 bucket, MS no longer provide a link to Server 2008 so we need to
-    # rely on this URL. There are no guarantees this will stay up in the future.
-    "6.0-x86" {
-        $url = "https://s3.amazonaws.com/ansible-ci-files/hotfixes/KB2842230/464091_intl_i386_zip.exe"
-    }
-    "6.0-AMD64" {
-        $url = "https://s3.amazonaws.com/ansible-ci-files/hotfixes/KB2842230/464090_intl_x64_zip.exe"
-    }
-    "6.1-x86" {
-        $url = "https://s3.amazonaws.com/ansible-ci-files/hotfixes/KB2842230/463983_intl_i386_zip.exe"
-    }
-    "6.1-AMD64" {
-        $url = "https://s3.amazonaws.com/ansible-ci-files/hotfixes/KB2842230/463984_intl_x64_zip.exe"
-    }
-    "6.2-x86" {
-        $url = "https://s3.amazonaws.com/ansible-ci-files/hotfixes/KB2842230/463940_intl_i386_zip.exe"
-    }
-    "6.2-AMD64" {
-        $url = "https://s3.amazonaws.com/ansible-ci-files/hotfixes/KB2842230/463941_intl_x64_zip.exe"
-    }
-}
-
-$filename = $url.Split("/")[-1]
-$compressed_file = "$tmp_dir\$($filename).zip"
-Download-File -url $url -path $compressed_file
-Extract-Zip -zip $compressed_file -dest $tmp_dir
-$file = Get-Item -Path "$tmp_dir\*$kb*.msu"
-if ($file -eq $null) {
-    Write-Error -Message "unable to find extracted msu file for hotfix KB"
-    exit 1
-}
-
-$exit_code = Run-Process -executable $file.FullName -arguments "/quiet /norestart"
-if ($exit_code -eq 3010) {
-    Write-Verbose "need to restart computer after hotfix $kb install"
-    Restart-Computer -Force
-} elseif ($exit_code -ne 0) {
-    Write-Error -Message "failed to install hotfix $($kb): exit code $exit_code"
-} else {
-    Write-Verbose -Message "hotfix $kb install complete"
-}
-exit $exit_code

roles/oatakan.windows_template_build/files/Upgrade-PowerShell.ps1

@@ -1,400 +0,0 @@
-# PSScriptInfo
-# .VERSION 1.0
-# .GUID 23743bae-7604-459d-82c5-a23d36b0820e
-# .AUTHOR
-#     Jordan Borean <jborean93@gmail.com>
-# .COPYRIGHT
-#     Jordan Borean 2017
-# .TAGS
-#     PowerShell,Ansible
-# .LICENSEURI https://github.com/jborean93/ansible-windows/blob/master/LICENSE
-# .PROJECTURI https://github.com/jborean93/ansible-windows
-# .RELEASENOTES
-#     Version 1.0: 2017-09-27
-#         Initial script created
-# .DESCRIPTION
-# The script will upgrade the powershell version to whatever is supplied as
-# the 'version' on the host. The current versions can be set as the target
-# 'version':
-#     - 3.0
-#     - 4.0
-#     - 5.1 (default if -Version not set)
-#
-# This script can be run on the following OS'
-#     Windows Server 2008 (with SP2) - only supported version 3.0
-#     Windows Server 2008 R2 (with SP1)
-#     Windows Server 2012
-#     Windows Server 2012 R2
-#     Windows Server 2016
-#
-#     Windows 7 (with SP1)
-#     Windows 8.1
-#     Windows 10
-#
-# All OS' can be upgraded to 5.1 except for Windows Server 2008. If running
-# on Powershell 1.0 then this script will first upgrade the version to 2.0
-# before running the checks. This is because a lot of the upgrade paths need
-# this version installed as a baseline. If the .NET Framework version
-# installed is less than 4.5.2, it will be upgraded to 4.5.2 as this is
-# supported on all hosts and is required for v5.0.
-#
-# As multiple packages can be installed in this process, multiple reboots may
-# be required to continue with the install. If a reboot is required the
-# script will detect if the 'username' and 'password' parameters have been
-# supplied. If they have been supplied it will automatically reboot and login
-# to continue the install process until it is all complete. If these
-# parameters are not set then it will prompt the user for a reboot and
-# require the user to log back in manually after the reboot before
-# continuing.
-#
-# A log of this process is created in
-# $env:SystemDrive\temp\upgrade_powershell.log which is usually C:\temp\. This
-# log can used to see how the script faired after an automatic reboot.
-#
-# See https://github.com/jborean93/ansible-windows/tree/master/scripts for more
-# details.
-# .PARAMETER version
-#     [string] - The target powershell version to upgrade to. This can be;
-#         3.0,
-#         4.0, or
-#         5.1 (default)
-#     Depending on the circumstances, the process to reach the target version
-#     may require multiple reboots.
-# .PARAMETER username
-#     [string] - The username of a local admin user that will be automatically
-#     logged in after a reboot to continue the script install. The 'password'
-#     parameter is also required if this is set.
-# .PARAMETER password
-#     [string] - The password for 'username', this is required if the 'username'
-#     parameter is also set.
-# .PARAMETER Verbose
-#     [switch] - Whether to display Verbose logs on the console
-# .EXAMPLE
-#     # upgrade from powershell 1.0 to 3.0 with automatic login and reboots
-#     Set-ExecutionPolicy Unrestricted -Force
-#     &.\Upgrade-PowerShell.ps1 -version 3.0 -username "Administrator" -password "Password" -Verbose
-# .EXAMPLE
-#     # upgrade to 5.1 with defaults and manual login and reboots
-#     powershell.exe -ExecutionPolicy ByPass -File Upgrade-PowerShell.ps1
-# .EXAMPLE
-#     # upgrade to powershell 4.0 with automatic login and reboots
-#     powershell.exe -ExecutionPolicy ByPass -File Upgrade-PowerShell.ps1 -version 4.0 -username "Administrator" -password "Password" -Verbose
-
-Param(
-    [string]$version = "5.1",
-    [string]$username,
-    [string]$password,
-    [switch]$verbose = $false
-)
-$ErrorActionPreference = 'Stop'
-if ($verbose) {
-    $VerbosePreference = "Continue"
-}
-
-$tmp_dir = $env:temp
-if (-not (Test-Path -Path $tmp_dir)) {
-    New-Item -Path $tmp_dir -ItemType Directory > $null
-}
-
-Function Write-Log($message, $level="INFO") {
-    # Poor man's implementation of Log4Net
-    $date_stamp = Get-Date -Format s
-    $log_entry = "$date_stamp - $level - $message"
-    $log_file = "$tmp_dir\upgrade_powershell.log"
-    Write-Verbose -Message $log_entry
-    Add-Content -Path $log_file -Value $log_entry
-}
-
-Function Reboot-AndResume {
-    Write-Log -message "adding script to run on next logon"
-    $script_path = $script:MyInvocation.MyCommand.Path
-    $ps_path = "$env:SystemDrive\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
-    $arguments = "-version $version"
-    if ($username -and $password) {
-        $arguments = "$arguments -username `"$username`" -password `"$password`""
-    }
-    if ($verbose) {
-        $arguments = "$arguments -Verbose"
-    }
-
-    $command = "$ps_path -ExecutionPolicy ByPass -File $script_path $arguments"
-    $reg_key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"
-    $reg_property_name = "ps-upgrade"
-    Set-ItemProperty -Path $reg_key -Name $reg_property_name -Value $command
-
-    if ($username -and $password) {
-        $reg_winlogon_path = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
-        Set-ItemProperty -Path $reg_winlogon_path -Name AutoAdminLogon -Value 1
-        Set-ItemProperty -Path $reg_winlogon_path -Name DefaultUserName -Value $username
-        Set-ItemProperty -Path $reg_winlogon_path -Name DefaultPassword -Value $password
-        Write-Log -message "rebooting server to continue powershell upgrade"
-    } else {
-        Write-Log -message "need to reboot server to continue powershell upgrade"
-        $reboot_confirmation = Read-Host -Prompt "need to reboot server to continue powershell upgrade, do you wish to proceed (y/n)"
-        if ($reboot_confirmation -ne "y") {
-            $error_msg = "please reboot server manually and login to continue upgrade process, the script will restart on the next login automatically"
-            Write-Log -message $error_msg -level "ERROR"
-            throw $error_msg
-        }
-    }
-
-    if (Get-Command -Name Restart-Computer -ErrorAction SilentlyContinue) {
-        Restart-Computer -Force
-    } else {
-        # PS v1 (Server 2008) doesn't have the cmdlet Restart-Computer, use el-traditional
-        shutdown /r /t 0
-    }
-}
-
-Function Run-Process($executable, $arguments) {
-    $process = New-Object -TypeName System.Diagnostics.Process
-    $psi = $process.StartInfo
-    $psi.FileName = $executable
-    $psi.Arguments = $arguments
-    Write-Log -message "starting new process '$executable $arguments'"
-    $process.Start() | Out-Null
-
-    $process.WaitForExit() | Out-Null
-    $exit_code = $process.ExitCode
-    Write-Log -message "process completed with exit code '$exit_code'"
-
-    return $exit_code
-}
-
-Function Download-File($url, $path) {
-    Write-Log -message "downloading url '$url' to '$path'"
-    $client = New-Object -TypeName System.Net.WebClient
-    $client.DownloadFile($url, $path)
-}
-
-Function Clear-AutoLogon {
-    $reg_winlogon_path = "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"
-    Write-Log -message "clearing auto logon registry properties"
-    Set-ItemProperty -Path $reg_winlogon_path -Name AutoAdminLogon -Value 0
-    Remove-ItemProperty -Path $reg_winlogon_path -Name DefaultUserName -ErrorAction SilentlyContinue
-    Remove-ItemProperty -Path $reg_winlogon_path -Name DefaultPassword -ErrorAction SilentlyContinue
-}
-
-Function Download-Wmf5Server2008($architecture) {
-    if ($architecture -eq "x64") {
-        $zip_url = "http://download.microsoft.com/download/6/F/5/6F5FF66C-6775-42B0-86C4-47D41F2DA187/Win7AndW2K8R2-KB3191566-x64.zip"
-        $file = "$tmp_dir\Win7AndW2K8R2-KB3191566-x64.msu"
-    } else {
-        $zip_url = "http://download.microsoft.com/download/6/F/5/6F5FF66C-6775-42B0-86C4-47D41F2DA187/Win7-KB3191566-x86.zip"
-        $file = "$tmp_dir\Win7-KB3191566-x86.msu"
-    }
-    if (Test-Path -Path $file) {
-        return $file
-    }
-
-    $filename = $zip_url.Split("/")[-1]
-    $zip_file = "$tmp_dir\$filename"
-    Download-File -url $zip_url -path $zip_file
-
-    Write-Log -message "extracting '$zip_file' to '$tmp_dir'"
-    try {
-        Add-Type -AssemblyName System.IO.Compression.FileSystem > $null
-        $legacy = $false
-    } catch {
-        $legacy = $true
-    }
-
-    if ($legacy) {
-        $shell = New-Object -ComObject Shell.Application
-        $zip_src = $shell.NameSpace($zip_file)
-        $zip_dest = $shell.NameSpace($tmp_dir)
-        $zip_dest.CopyHere($zip_src.Items(), 1044)
-    } else {
-        [System.IO.Compression.ZipFile]::ExtractToDirectory($zip_file, $tmp_dir)
-    }
-
-    return $file
-}
-
-Write-Log -message "starting script"
-# on PS v1.0, upgrade to 2.0 and then run the script again
-if ($PSVersionTable -eq $null) {
-    Write-Log -message "upgrading powershell v1.0 to v2.0"
-    $architecture = $env:PROCESSOR_ARCHITECTURE
-    if ($architecture -eq "AMD64") {
-        # this url not working
-        #$url = "https://download.microsoft.com/download/2/8/6/28686477-3242-4E96-9009-30B16BED89AF/Windows6.0-KB968930-x64.msu"
-        $url = "http://download.windowsupdate.com/msdownload/update/software/updt/2011/02/windows6.0-kb968930-x64_4de013d593181a2a04217ce3b0e7536ab56995aa.msu"
-    } else {
-        # this url not working
-        #$url = "https://download.microsoft.com/download/F/9/E/F9EF6ACB-2BA8-4845-9C10-85FC4A69B207/Windows6.0-KB968930-x86.msu"
-        $url = "http://download.windowsupdate.com/msdownload/update/software/updt/2011/02/windows6.0-kb968930-x86_16fd2e93be2e7265821191119ddfc0cdaa6f4243.msu"
-    }
-    $filename = $url.Split("/")[-1]
-    $file = "$tmp_dir\$filename"
-    Download-File -url $url -path $file
-    $exit_code = Run-Process -executable $file -arguments "/quiet /norestart"
-    if ($exit_code -ne 0 -and $exit_code -ne 3010) {
-        $error_msg = "failed to update Powershell from 1.0 to 2.0: exit code $exit_code"
-        Write-Log -message $error_msg -level "ERROR"
-        throw $error_msg
-    }
-    Reboot-AndResume
-}
-
-# exit if the target version is the same as the actual version
-$current_ps_version = [version]"$($PSVersionTable.PSVersion.Major).$($PSVersionTable.PSVersion.Minor)"
-if ($current_ps_version -eq [version]$version) {
-    Write-Log -message "current and target PS version are the same, no action is required"
-    Clear-AutoLogon
-    exit 0
-}
-
-$os_version = [Version](Get-Item -Path "$env:SystemRoot\System32\kernel32.dll").VersionInfo.ProductVersion
-$architecture = $env:PROCESSOR_ARCHITECTURE
-if ($architecture -eq "AMD64") {
-    $architecture = "x64"
-} else {
-    $architecture = "x86"
-}
-
-$actions = @()
-switch ($version) {
-    "3.0" {
-        $actions += "3.0"
-        break
-    }
-    "4.0" {
-        if ($os_version -lt [version]"6.1") {
-            $error_msg = "cannot upgrade Server 2008 to Powershell v4, v3 is the latest supported"
-            Write-Log -message $error_msg -level "ERROR"
-            throw $error_msg
-        }
-        $actions += "4.0"
-        break
-    }
-    "5.1" {
-        if ($os_version -lt [version]"6.1") {
-            $error_msg = "cannot upgrade Server 2008 to Powershell v5.1, v3 is the latest supported"
-            Write-Log -message $error_msg -level "ERROR"
-            throw $error_msg
-        }
-        # check if WMF 3 is installed, need to be uninstalled before 5.1
-        if ($os_version.Minor -lt 2) {
-            $wmf3_installed = Get-Hotfix -Id "KB2506143" -ErrorAction SilentlyContinue
-            if ($wmf3_installed) {
-                $actions += "remove-3.0"
-            }
-        }
-        $actions += "5.1"
-        break
-    }
-    default {
-        $error_msg = "version '$version' is not supported in this upgrade script"
-        Write-Log -message $error_msg -level "ERROR"
-        throw $error_msg
-    }
-}
-
-# detect if .NET 4.5.2 is not installed and add to the actions
-$dotnet_path = "HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full"
-if (-not (Test-Path -Path $dotnet_path)) {
-    $dotnet_upgrade_needed = $true
-} else {
-    $dotnet_version = Get-ItemProperty -Path $dotnet_path -Name Release -ErrorAction SilentlyContinue
-    if ($dotnet_version) {
-        # 379893 == 4.5.2
-        if ($dotnet_version.Release -lt 379893) {
-            $dotnet_upgrade_needed = $true
-        }
-    } else {
-        $dotnet_upgrade_needed = $true
-    }
-}
-if ($dotnet_upgrade_needed) {
-    $actions = @("dotnet") + $actions
-}
-
-Write-Log -message "The following actions will be performed: $($actions -join ", ")"
-foreach ($action in $actions) {
-    $url = $null
-    $file = $null
-    $arguments = "/quiet /norestart"
-
-    switch ($action) {
-        "dotnet" {
-            Write-Log -message "running .NET update to 4.5.2"
-            $url = "https://download.microsoft.com/download/E/2/1/E21644B5-2DF2-47C2-91BD-63C560427900/NDP452-KB2901907-x86-x64-AllOS-ENU.exe"
-            $error_msg = "failed to update .NET to 4.5.2"
-            $arguments = "/q /norestart"
-            break
-        }
-        "remove-3.0" {
-            # this is only run before a 5.1 install on Windows 7/2008 R2, the
-            # install zip needs to be downloaded and extracted before
-            # removing 3.0 as then the FileSystem assembly cannot be loaded
-            Write-Log -message "downloading WMF/PS v5.1 and removing WMF/PS v3 before version 5.1 install"
-            Download-Wmf5Server2008 -architecture $architecture > $null
-
-            $file = "wusa.exe"
-            $arguments = "/uninstall /KB:2506143 /quiet /norestart"
-            break
-        }
-        "3.0" {
-            Write-Log -message "running powershell update to version 3"
-            if ($os_version.Minor -eq 1) {
-                $url = "https://download.microsoft.com/download/E/7/6/E76850B8-DA6E-4FF5-8CCE-A24FC513FD16/Windows6.1-KB2506143-$($architecture).msu"
-            } else {
-                $url = "https://download.microsoft.com/download/E/7/6/E76850B8-DA6E-4FF5-8CCE-A24FC513FD16/Windows6.0-KB2506146-$($architecture).msu"
-            }
-            $error_msg = "failed to update Powershell to version 3"
-            break
-        }
-        "4.0" {
-            Write-Log -message "running powershell update to version 4"
-            if ($os_version.Minor -eq 1) {
-                $url = "https://download.microsoft.com/download/3/D/6/3D61D262-8549-4769-A660-230B67E15B25/Windows6.1-KB2819745-$($architecture)-MultiPkg.msu"
-            } else {
-                $url = "https://download.microsoft.com/download/3/D/6/3D61D262-8549-4769-A660-230B67E15B25/Windows8-RT-KB2799888-x64.msu"
-            }
-            $error_msg = "failed to update Powershell to version 4"
-            break
-        }
-        "5.1" {
-            Write-Log -message "running powershell update to version 5.1"
-            if ($os_version.Minor -eq 1) {
-                # Server 2008 R2 and Windows 7, already downloaded in remove-3.0
-                $file = Download-Wmf5Server2008 -architecture $architecture
-            } elseif ($os_version.Minor -eq 2) {
-                # Server 2012
-                $url = "http://download.microsoft.com/download/6/F/5/6F5FF66C-6775-42B0-86C4-47D41F2DA187/W2K12-KB3191565-x64.msu"
-            } else {
-                # Server 2012 R2 and Windows 8.1
-                if ($architecture -eq "x64") {
-                    $url = "http://download.microsoft.com/download/6/F/5/6F5FF66C-6775-42B0-86C4-47D41F2DA187/Win8.1AndW2K12R2-KB3191564-x64.msu"
-                } else {
-                    $url = "http://download.microsoft.com/download/6/F/5/6F5FF66C-6775-42B0-86C4-47D41F2DA187/Win8.1-KB3191564-x86.msu"
-                }
-            }
-            break
-        }
-        default {
-            $error_msg = "unknown action '$action'"
-            Write-Log -message $error_msg -level "ERROR"
-        }
-    }
-
-    if ($file -eq $null) {
-        $filename = $url.Split("/")[-1]
-        $file = "$tmp_dir\$filename"
-    }
-    if ($url -ne $null) {
-        Download-File -url $url -path $file
-    }
-
-    $exit_code = Run-Process -executable $file -arguments $arguments
-    if ($exit_code -ne 0 -and $exit_code -ne 3010) {
-        $log_msg = "$($error_msg): exit code $exit_code"
-        Write-Log -message $log_msg -level "ERROR"
-        throw $log_msg
-    }
-    if ($exit_code -eq 3010) {
-        Reboot-AndResume
-        break
-    }
-}

roles/oatakan.windows_template_build/handlers/main.yml

@@ -0,0 +1,10 @@
+---
+
+- name: ensure Windows ADK with DISM is removed
+  win_chocolatey:
+    name: windows-adk-deploy
+    state: absent
+  register: remove_win_adk_dism
+  until: remove_win_adk_dism is success
+  delay: 3
+  retries: 5

roles/oatakan.windows_template_build/meta/.galaxy_install_info

@@ -1,2 +1,2 @@
-install_date: Wed Jun 30 01:12:46 2021
+install_date: Fri Oct 15 18:59:14 2021
 version: master

roles/oatakan.windows_template_build/tasks/compact.yml

@@ -73,12 +73,13 @@
 
 - name: clean with bleachbit
   win_shell: >
-    '{{ ansible_user_dir }}\BleachBit-Portable\bleachbit_console.exe --clean deepscan.backup
+    '{{ ansible_user_dir }}\BleachBit-Portable\bleachbit_console.exe'
+    --clean deepscan.backup
     deepscan.ds_store deepscan.thumbs_db deepscan.tmp internet_explorer.cookies internet_explorer.forms
     internet_explorer.history internet_explorer.temporary_files system.clipboard system.custom system.logs
     system.memory_dump system.muicache system.prefetch system.recycle_bin system.tmp system.updates
     windows_defender.history windows_explorer.mru windows_explorer.recent_documents windows_explorer.run
-    windows_explorer.search_history windows_explorer.thumbnails > NUL'
+    windows_explorer.search_history windows_explorer.thumbnails 2> nul
   args:
     executable: cmd
   when:
@@ -164,6 +165,9 @@
 
 - name: remove bleachbit files
   win_file:
-    path: '{{ ansible_user_dir }}\BleachBit-Portable'
+    path: '{{ item }}'
     state: absent
-  when: download_bleachbit is success
+  when: download_bleachbit is success
+  loop:
+    - '{{ temp_directory }}\BleachBit-portable.zip'
+    - '{{ ansible_user_dir }}\BleachBit-Portable'

roles/oatakan.windows_template_build/tasks/enable-tlsv12.yml

@@ -1,97 +1,43 @@
 ---
 
-- name: ensure Windows ADK with DISM is installed
+- block:
-  win_chocolatey:
+    - name: test SSL connection
-    name: windows-adk-deploy
+      win_shell: "[System.Net.WebRequest]::Create('https://github.com').GetResponse()"
-    state: present
-    version: 10.0.17134.0
-  register: install_windows_adk_deploy
 
-- name: ensure PATH contains Windows ADK
+  rescue:
-  win_path:
+    - name: enable TLSv1.2 support
-    scope: machine
+      win_regedit:
-    state: present
+        path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\{{ item.type }}
-    elements: "C:\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Deployment Tools\\amd64\\DISM"
+        name: '{{ item.property }}'
+        data: '{{ item.value }}'
+        type: dword
+        state: present
+      register: enable_tls12
+      loop:
+        - type: Server
+          property: Enabled
+          value: 1
+        - type: Server
+          property: DisabledByDefault
+          value: 0
+        - type: Client
+          property: Enabled
+          value: 1
+        - type: Client
+          property: DisabledByDefault
+          value: 0
 
-- pause:
+    - name: enable strong crypto
-    seconds: 10
+      win_regedit:
+        path: HKLM:\{{ item }}
+        name: SchUseStrongCrypto
+        data: 1
+        type: dword
+        state: present
+      loop:
+        - 'SOFTWARE\Microsoft\.NETFramework\v4.0.30319'
+        - 'SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'
 
-- name: download hotfix
+    - name: reboot if TLS config was applied
-  win_get_url:
+      win_reboot:
-    url: '{{ enable_tlsv12_hotfix.url }}'
+      when: enable_tls12 is changed
-    dest: '{{ enable_tlsv12_hotfix_download_location }}\{{ enable_tlsv12_hotfix.file }}'
-  register: download_hotfix
-  until: download_hotfix is success
-  delay: 3
-  retries: 5
-
-- name: install hotfix (PS >= 4)
-  win_hotfix:
-    source: '{{ enable_tlsv12_hotfix_download_location }}\{{ enable_tlsv12_hotfix.file }}'
-    state: present
-  register: hotfix_install
-  when: ansible_powershell_version is version('4', '>=')
-
-- name: install hotfix (PS == 3)
-  win_shell: '{{ enable_tlsv12_hotfix_download_location }}\{{ enable_tlsv12_hotfix.file }} /quiet /norestart'
-  register: hotfix_install
-  when: ansible_powershell_version is version('3', '==')
-
-- name: debug hotfix installation result
-  debug:
-    var: hotfix_install
-
-- name: ensure hotfix file is removed
-  win_file:
-    path: '{{ enable_tlsv12_hotfix_download_location }}\{{ enable_tlsv12_hotfix.file }}'
-    state: absent
-
-- name: reboot if needed
-  win_reboot:
-  when: hotfix_install.reboot_required | default(False)
-
-- name: enable TLSv1.2 support
-  win_regedit:
-    path: HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\{{ item.type }}
-    name: '{{ item.property }}'
-    data: '{{ item.value }}'
-    type: dword
-    state: present
-  register: enable_tls12
-  loop:
-    - type: Server
-      property: Enabled
-      value: 1
-    - type: Server
-      property: DisabledByDefault
-      value: 0
-    - type: Client
-      property: Enabled
-      value: 1
-    - type: Client
-      property: DisabledByDefault
-      value: 0
-
-- name: enable strong crypto
-  win_regedit:
-    path: HKLM:\{{ item }}
-    name: SchUseStrongCrypto
-    data: 1
-    type: dword
-    state: present
-  loop:
-    - 'SOFTWARE\Microsoft\.NETFramework\v4.0.30319'
-    - 'SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319'
-
-- name: ensure Windows ADK with DISM is removed
-  win_chocolatey:
-    name: windows-adk-deploy
-    state: absent
-  register: remove_win_adk_dism
-  until: remove_win_adk_dism is success
-  delay: 3
-  retries: 5
-
-- name: reboot if TLS config was applied
-  win_reboot:
-  when: enable_tls12 is changed

roles/oatakan.windows_template_build/tasks/enable_powershell.yml

@@ -1,32 +0,0 @@
----
-
-- name: check if powershell is available
-  raw: 'Get-Host'
-  failed_when: False
-  check_mode: no
-  register: check_powershell
-
-- block:
-    - name: enable powershell
-      raw: '{{ item }}'
-      args:
-        executable: cmd.exe
-      changed_when: False
-      check_mode: no
-      loop:
-        - dism /online /enable-feature /featurename:NetFx2-ServerCore
-        - dism /online /enable-feature /featurename:MicrosoftWindowsPowerShell
-        - dism /online /enable-feature /featurename:ServerManager-PSH-Cmdlets
-
-    - name: reboot system
-      raw: shutdown /r /t 5
-      args:
-        executable: cmd.exe
-      changed_when: False
-      check_mode: no
-
-    - pause:
-        seconds: 30
-  when:
-    - check_powershell.stderr is defined
-    - ('is not recognized' in check_powershell.stderr)

roles/oatakan.windows_template_build/tasks/enable_tls_system_default.yml

@@ -1,51 +0,0 @@
-# on Windows 7 SP1, TLS 1.1 and 1.2 is not enabled by default
-# this hotfix is needed to fix that
-# see https://support.microsoft.com/en-us/topic/support-for-tls-system-default-versions-included-in-the-net-framework-3-5-1-on-windows-7-sp1-and-server-2008-r2-sp1-5ef38dda-8e6c-65dc-c395-62d2df58715a
-
-- name: download hotfix
-  raw: '(New-Object -TypeName System.Net.WebClient).DownloadFile("{{ enable_tls_support_hotfix.url }}", "{{ enable_tls_support_hotfix_download_location }}\\{{ enable_tls_support_hotfix.file }}")'
-  changed_when: False
-  check_mode: no
-  register: download_hotfix
-  until: download_hotfix is success
-  delay: 3
-  retries: 5
-
-- name: delete scheduled task if it exists (hotfix)
-  raw: 'SCHTASKS /Delete /TN hotfix_install /f'
-  args:
-    executable: cmd.exe
-  changed_when: False
-  check_mode: no
-  ignore_errors: yes
-
-- name: create a scheduled task to install hotfix
-  raw: SCHTASKS /Create /SC MONTHLY /MO first /D SUN /TN hotfix_install /TR "{{ enable_tls_support_hotfix_download_location }}\\{{ enable_tls_support_hotfix.file }} /quiet /restart"
-  args:
-    executable: cmd.exe
-  changed_when: False
-  check_mode: no
-
-- name: run scheduled task (hotfix)
-  raw: 'SCHTASKS /Run /TN hotfix_install'
-  args:
-    executable: cmd.exe
-  changed_when: False
-  check_mode: no
-
-- pause:
-    seconds: 60
-
-- name: delete scheduled task (hotfix)
-  raw: 'SCHTASKS /Delete /TN hotfix_install /f'
-  args:
-    executable: cmd.exe
-  changed_when: False
-  check_mode: no
-  ignore_errors: yes
-
-- name: remove hotfix file
-  raw: 'Remove-Item -Path {{ enable_tls_support_hotfix_download_location }}\{{ enable_tls_support_hotfix.file }} -Force'
-  changed_when: False
-  check_mode: no
-  ignore_errors: yes

roles/oatakan.windows_template_build/tasks/hotfix-tlsv12.yml

@@ -0,0 +1,53 @@
+---
+
+- name: ensure Windows ADK with DISM is installed
+  win_chocolatey:
+    name: windows-adk-deploy
+    state: present
+    version: 10.0.17134.0
+  register: install_windows_adk_deploy
+  notify: ensure Windows ADK with DISM is removed
+
+- name: ensure PATH contains Windows ADK
+  win_path:
+    scope: machine
+    state: present
+    elements: "C:\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Deployment Tools\\amd64\\DISM"
+
+- pause:
+    seconds: 10
+
+- name: download hotfix
+  win_get_url:
+    url: '{{ enable_tlsv12_hotfix.url }}'
+    dest: '{{ enable_tlsv12_hotfix_download_location }}\{{ enable_tlsv12_hotfix.file }}'
+  register: download_hotfix
+  until: download_hotfix is success
+  delay: 3
+  retries: 5
+
+- block:
+    - name: install hotfix (PS >= 4)
+      win_hotfix:
+        source: '{{ enable_tlsv12_hotfix_download_location }}\{{ enable_tlsv12_hotfix.file }}'
+        state: present
+      register: hotfix_install
+      when: ansible_powershell_version is version('4', '>=')
+  rescue:
+    - name: install hotfix using shell
+      win_shell: '{{ enable_tlsv12_hotfix_download_location }}\{{ enable_tlsv12_hotfix.file }} /quiet /norestart'
+      register: hotfix_install
+
+- name: install hotfix (PS == 3)
+  win_shell: '{{ enable_tlsv12_hotfix_download_location }}\{{ enable_tlsv12_hotfix.file }} /quiet /norestart'
+  register: hotfix_install
+  when: ansible_powershell_version is version('3', '==')
+
+- name: ensure hotfix file is removed
+  win_file:
+    path: '{{ enable_tlsv12_hotfix_download_location }}\{{ enable_tlsv12_hotfix.file }}'
+    state: absent
+
+- name: reboot if needed
+  win_reboot:
+  when: hotfix_install.reboot_required | default(False)

roles/oatakan.windows_template_build/tasks/main.yml

@@ -1,13 +1,16 @@
 ---
 
-- include_tasks: powershell-upgrade.yml
+- include_role:
+    name: "{{ windows_powershell_upgrade_role }}"
   when: upgrade_powershell | bool
 
 - name: run setup module
   setup:
 
+- include_tasks: hotfix-tlsv12.yml
+  when: "'Windows Server 2008' in ansible_distribution or 'Windows 7' in ansible_distribution"
+
 - include_tasks: enable-tlsv12.yml
-  when: upgrade_powershell | bool
 
 - include_tasks: update-agent-win2008.yml
   when: "'Windows Server 2008' in ansible_distribution or 'Windows 7' in ansible_distribution"
@@ -42,7 +45,7 @@
 - include_tasks: policy.yml
 
 - include_tasks: power.yml
-  when: "'Server' not in ansible_distribution"
+  when: (ansible_os_product_type == 'workstation') | default(False)
 
 - include_tasks: enable-rdp.yml
 
@@ -55,15 +58,21 @@
     - not target_ovirt | bool
     - not target_vagrant | bool
 
-- include_tasks: remove-apps-alt-2.yml
+- block:
+    - include_tasks: remove-apps-alt-2.yml
+
+    - include_tasks: remove-onedrive.yml
   when:
     - remove_apps | bool
-    - "'Server' not in ansible_distribution"
+    - (ansible_os_product_type == 'workstation') | default(False)
 
 - include_role:
     name: "{{ ec2_ena_driver_role }}"
   when: target_ec2 | bool
 
+- name: run all handlers here
+  meta: flush_handlers
+
 - include_tasks: clean-up-components.yml
   when: clean_up_components | bool
 

roles/oatakan.windows_template_build/tasks/powershell-upgrade.yml

@@ -1,102 +0,0 @@
----
-
-- include_tasks: enable_powershell.yml
-
-- include_tasks: enable_tls_system_default.yml
-
-- name: download script
-  raw: '[Net.ServicePointManager]::SecurityProtocol = [Enum]::ToObject([Net.SecurityProtocolType], 3072); (New-Object -TypeName System.Net.WebClient).DownloadFile("{{ powershell_script_url }}", "{{ powershell_upgrade_script_file }}")'
-  changed_when: False
-  check_mode: no
-  register: download_script
-
-- name: set execution policy
-  raw: 'Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force'
-  changed_when: False
-  check_mode: no
-  ignore_errors: yes
-
-- name: delete scheduled task if it exists
-  raw: 'SCHTASKS /Delete /TN upgrade /f'
-  args:
-    executable: cmd.exe
-  changed_when: False
-  check_mode: no
-  failed_when: False
-
-- name: create a scheduled task to run powershell script
-  raw: >
-    SCHTASKS /Create /SC MONTHLY /MO first /D SUN /TN upgrade /TR "powershell.exe -Command
-    '& {{ powershell_upgrade_script_file }} -Version {{ powershell_target_version }}
-    -Username {{ ansible_user }} -Password {{ ansible_password }}'"
-  args:
-    executable: cmd.exe
-  changed_when: False
-  check_mode: no
-
-- name: start windows update service
-  raw: net start wuauserv
-  args:
-    executable: cmd.exe
-  failed_when: false
-
-- pause:
-    seconds: 60
-
-- name: run scheduled task
-  raw: 'SCHTASKS /Run /TN upgrade'
-  args:
-    executable: cmd.exe
-  changed_when: False
-  check_mode: no
-
-- pause:
-    seconds: "{{ upgrade_wait_timeout }}"
-
-- name: wait for powershell upgrade task to finish
-  raw: '((schtasks /query /TN upgrade)[4] -split " +")[-2]'
-  changed_when: False
-  check_mode: no
-  register: upgrade_status_check
-  failed_when: false
-  until: (upgrade_status_check.stdout | trim | lower) == 'ready'
-  delay: 10
-  retries: 10
-
-- debug:
-    msg: "{{ powershell_target_version }}"
-
-# apply winrm memory hotfix for powershell 3.0
-- include_tasks: winrm-memfix.yml
-  when: powershell_target_version is version('3.0', '==')
-
-- name: wait for system to reboot after upgrade
-  wait_for_connection:
-    sleep: 60
-    timeout: 400
-
-- name: delete scheduled task
-  win_scheduled_task:
-    name: upgrade
-    state: absent
-
-- name: delete script
-  win_file:
-    path: "{{ powershell_upgrade_script_file }}"
-    state: absent
-
-- name: ensure auto login is disabled
-  win_regedit:
-    path: HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
-    name: AutoAdminLogon
-    data: 0
-    type: string
-
-- name: ensure auto login creds are removed
-  win_regedit:
-    path: HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
-    name: "{{ item }}"
-    state: absent
-  loop:
-    - DefaultUserName
-    - DefaultPassword

roles/oatakan.windows_template_build/tasks/remove-onedrive.yml

@@ -8,6 +8,10 @@
   win_shell: '{{ ansible_env.SystemRoot }}\SysWOW64\OneDriveSetup.exe /uninstall'
   ignore_errors: yes
 
+- name: remove onedrivesync package
+  win_shell: get-appxpackage *Microsoft.OneDriveSync* | remove-appxpackage -AllUsers
+  ignore_errors: yes
+
 - name: remove onedrive directories
   win_file:
     path: '{{ item }}'

roles/oatakan.windows_template_build/tasks/security-update-win2012.yml

@@ -11,16 +11,22 @@
   delay: 3
   retries: 5
 
-- name: install hotfix (PS >= 4)
+- block:
-  win_hotfix:
+    - name: install hotfix (PS >= 4)
-    source: '{{ dot_net_security_hotfix_download_location }}\{{ dot_net_security_hotfix.file }}'
+      win_hotfix:
-    state: present
+        source: '{{ dot_net_security_hotfix_download_location }}\{{ dot_net_security_hotfix.file }}'
-  register: hotfix_install
+        state: present
-  when: ansible_powershell_version is version('4', '>=')
+      register: hotfix_install
+      when: ansible_powershell_version is version('4', '>=')
+  rescue:
+    - name: install hotfix using shell
+      win_shell: '{{ dot_net_security_hotfix_download_location }}\{{ dot_net_security_hotfix.file }} /quiet /norestart'
+      register: hotfix_install
 
-- name: debug hotfix installation result
+- name: install hotfix (PS == 3)
-  debug:
+  win_shell: '{{ dot_net_security_hotfix_download_location }}\{{ dot_net_security_hotfix.file }} /quiet /norestart'
-    var: hotfix_install
+  register: hotfix_install
+  when: ansible_powershell_version is version('3', '==')
 
 - name: ensure hotfix file is removed
   win_file:

roles/oatakan.windows_template_build/tasks/winrm-memfix.yml

@@ -1,69 +0,0 @@
----
-
-# see https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html#winrm-memory-hotfix
-
-- name: download script
-  raw: '[Net.ServicePointManager]::SecurityProtocol = [Enum]::ToObject([Net.SecurityProtocolType], 3072); (New-Object -TypeName System.Net.WebClient).DownloadFile("{{ ps_memfix_script_url }}", "{{ ps_memfix_script_file }}")'
-  changed_when: False
-  check_mode: no
-  register: download_script
-
-- name: set execution policy
-  raw: 'Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force'
-  changed_when: False
-  check_mode: no
-  ignore_errors: yes
-
-- name: delete scheduled task if it exists
-  raw: 'SCHTASKS /Delete /TN memfix /f'
-  args:
-    executable: cmd.exe
-  changed_when: False
-  check_mode: no
-  failed_when: False
-
-- name: create a scheduled task to run powershell script
-  raw: >
-    SCHTASKS /Create /SC MONTHLY /MO first /D SUN /TN memfix /TR "powershell.exe -Command
-    '& {{ ps_memfix_script_file }} -Verbose'"
-  args:
-    executable: cmd.exe
-  changed_when: False
-  check_mode: no
-
-- name: run scheduled task
-  raw: 'SCHTASKS /Run /TN memfix'
-  args:
-    executable: cmd.exe
-  changed_when: False
-  check_mode: no
-
-- name: wait for system to reboot after fix
-  wait_for_connection:
-    delay: 300
-    sleep: 30
-    timeout: 300
-
-- name: wait for powershell memfix task to finish
-  raw: '((schtasks /query /TN memfix)[4] -split " +")[-2]'
-  changed_when: False
-  check_mode: no
-  register: memfix_status_check
-  failed_when: false
-  until: (memfix_status_check.stdout | trim | lower) == 'ready'
-  delay: 10
-  retries: 30
-
-- name: delete scheduled task
-  win_scheduled_task:
-    name: memfix
-    state: absent
-  register: delete_scheduled_task
-  until: delete_scheduled_task is success
-  delay: 10
-  retries: 10
-
-- name: delete script
-  win_file:
-    path: "{{ ps_memfix_script_file }}"
-    state: absent

roles/oatakan.windows_template_build/vars/main.yml

@@ -1,5 +1,7 @@
 ---
 
+temp_directory: "{{ ansible_env.TEMP | default(default_temp_directory) }}"
+
 unattend:
   administrator_password: "{{ local_administrator_password }}"
   local_accounts:

roles/oatakan.windows_update/defaults/main.yml

@@ -1,5 +1,6 @@
 ---
 
+update_retry_count: 0
 update_retry_limit: 10
 win_update_category_names:
   - CriticalUpdates

roles/oatakan.windows_update/handlers/main.yml

@@ -0,0 +1,10 @@
+---
+
+- name: ensure Windows ADK with DISM is removed
+  win_chocolatey:
+    name: windows-adk-deploy
+    state: absent
+  register: remove_win_adk_dism
+  until: remove_win_adk_dism is success
+  delay: 3
+  retries: 5

roles/oatakan.windows_update/meta/.galaxy_install_info

@@ -1,2 +1,2 @@
-install_date: Wed Jun 30 01:12:50 2021
+install_date: Fri Oct 15 18:59:19 2021
 version: master

roles/oatakan.windows_update/tasks/updates-all.yml

@@ -10,9 +10,11 @@
 - debug:
     msg: |
       {{ inventory_hostname }} has {{ available_updates.found_update_count }} updates available.
-      {% for key, value in available_updates.updates.items() %}
+      {% for update in updates %}
-        - {{ value.title }}
+        - {{ update.title }}
       {% endfor %}
+  vars:
+    updates: "{{ (available_updates.updates.values() | list) if (available_updates.updates is mapping) else (available_updates.updates) }}"
   when: available_updates.updates is defined
 
 - include_tasks: updates-with-retry.yml
@@ -20,7 +22,7 @@
     - available_updates.updates is defined
     - available_updates.found_update_count > 0
 
-- name: check for missing updates.
+- name: check for missing updates
   win_updates:
     state: searched
   register: available_updates

roles/oatakan.windows_update/tasks/updates-powershell.yml

@@ -16,9 +16,11 @@
     - debug:
         msg: |
           {{ inventory_hostname }} has {{ available_updates.found_update_count }} updates available.
-          {% for key, value in available_updates.updates.items() %}
+          {% for update in updates %}
-            - {{ value.title }}
+            - {{ update.title }}
           {% endfor %}
+      vars:
+        updates: "{{ (available_updates.updates.values() | list) if (available_updates.updates is mapping) else (available_updates.updates) }}"
       when: available_updates.updates is defined
 
     - block:
@@ -67,9 +69,11 @@
     - debug:
         msg: |
           {{ inventory_hostname }} has {{ missing_updates.found_update_count }} updates still missing.
-          {% for key, value in missing_updates.updates.items() %}
+          {% for update in updates %}
-            - {{ value.title }}
+            - {{ update.title }}
           {% endfor %}
+      vars:
+        updates: "{{ (missing_updates.updates.values() | list) if (missing_updates.updates is mapping) else (missing_updates.updates) }}"
       when: missing_updates.updates is defined
 
     - block:

roles/oatakan.windows_update/tasks/updates-win2008r2.yml

@@ -6,6 +6,7 @@
     state: present
     version: 10.0.17134.0
   register: install_windows_adk_deploy
+  notify: ensure Windows ADK with DISM is removed
 
 - name: ensure PATH contains Windows ADK
   win_path:
@@ -13,19 +14,25 @@
     state: present
     elements: "C:\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Deployment Tools\\amd64\\DISM"
 
-- name: download hotfix group 1 (PS >= 4)
+- name: download hotfix group 1
   win_get_url:
     url: '{{ item.url }}'
     dest: '{{ hotfix_download_location }}\{{ item.file }}'
   loop: "{{ hotfixes_group_1 }}"
 
-- name: install hotfix group 1
+- block:
-  win_hotfix:
+    - name: install hotfix group 1 (PS >= 4)
-    source: '{{ hotfix_download_location }}\{{ item.file }}'
+      win_hotfix:
-    state: present
+        source: '{{ hotfix_download_location }}\{{ item.file }}'
-  register: hotfix_install_group_1
+        state: present
-  loop: "{{ hotfixes_group_1 }}"
+      register: hotfix_install_group_1
-  when: ansible_powershell_version is version('4', '>=')
+      loop: "{{ hotfixes_group_1 }}"
+      when: ansible_powershell_version is version('4', '>=')
+  rescue:
+    - name: install hotfix using shell
+      win_shell: '{{ hotfix_download_location }}\{{ item.file }} /quiet /norestart'
+      register: hotfix_install_group_1
+      loop: "{{ hotfixes_group_1 }}"
 
 - name: install hotfix (PS == 3)
   win_shell: '{{ hotfix_download_location }}\{{ item.file }} /quiet /norestart'
@@ -56,9 +63,11 @@
 - debug:
     msg: |
       {{ inventory_hostname }} has {{ available_updates.found_update_count }} updates available.
-      {% for key, value in available_updates.updates.items() %}
+      {% for update in updates %}
-        - {{ value.title }}
+        - {{ update.title }}
       {% endfor %}
+  vars:
+    updates: "{{ (available_updates.updates.values() | list) if (available_updates.updates is mapping) else (available_updates.updates) }}"
   when: available_updates.updates is defined
 
 - include_tasks: updates-with-retry.yml
@@ -73,9 +82,4 @@
 
 - name: list missing updates
   debug:
-    var: available_updates
+    var: available_updates
-
-- name: make sure Windows ADK with DISM for Server 2008 R2 is not installed
-  win_chocolatey:
-    name: windows-adk-deploy
-    state: absent

roles/oatakan.windows_update/tasks/updates-with-retry.yml

@@ -58,9 +58,11 @@
     - debug:
         msg: |
           {{ inventory_hostname }} has {{ missing_updates.found_update_count }} updates still missing.
-          {% for key, value in missing_updates.updates.items() %}
+          {% for update in updates %}
-            - {{ value.title }}
+            - {{ update.title }}
           {% endfor %}
+      vars:
+        updates: "{{ (missing_updates.updates.values() | list) if (missing_updates.updates is mapping) else (missing_updates.updates) }}"
       when: missing_updates.updates is defined
 
     - name: still more updates - need to retry

roles/oatakan.windows_virtio/defaults/main.yml

@@ -11,7 +11,9 @@ virtio_win_ovirt: false
 virtio_win_facts: "{{ ansible_env.SystemDrive }}\\{{ source_of_supply_name | default('Support') }}\\facts.d"
 
 virtio_driver_directory: >-
-      {% if 'Windows Server 2019' in ansible_distribution -%}
+      {% if 'Windows Server 2022' in ansible_distribution -%}
+        {% set virt_dir = '2k19' %}
+      {% elif 'Windows Server 2019' in ansible_distribution -%}
         {% set virt_dir = '2k19' %}
       {% elif 'Windows Server 2016' in ansible_distribution -%}
         {% set virt_dir = '2k16' %}

roles/oatakan.windows_virtio/handlers/main.yml

@@ -4,7 +4,7 @@
   win_disk_image:
     image_path: "{{ ansible_env.TEMP }}\\{{ virtio_win_iso_name }}"
     state: absent
-  when: win_disk_image.mount_path is defined
+  when: win_disk_image.mount_paths is defined
 
 - name: Delete downloaded
   win_file:

roles/oatakan.windows_virtio/meta/.galaxy_install_info

@@ -1,2 +1,2 @@
-install_date: Wed Jun 30 01:12:49 2021
+install_date: Fri Oct 15 18:59:17 2021
 version: master

roles/oatakan.windows_virtio/tasks/install.yml

@@ -2,8 +2,8 @@
 
 - name: Set the virtio_win_iso_path and virtio_win_virtio_path
   set_fact:
-    virtio_win_iso_path: '{{ win_disk_image.mount_path | default(virtio_iso_mount_drive) }}'
+    virtio_win_iso_path: '{{ win_disk_image.mount_paths[0] | default(virtio_iso_mount_drive) }}'
-    virtio_win_virtio_path: "{{ (win_disk_image.mount_path | default(virtio_iso_mount_drive)) + '\\virtio' if virtio_win_ovirt else (win_disk_image.mount_path | default(virtio_iso_mount_drive)) }}"
+    virtio_win_virtio_path: "{{ (win_disk_image.mount_paths[0] | default(virtio_iso_mount_drive)) + '\\virtio' if virtio_win_ovirt else (win_disk_image.mount_paths[0] | default(virtio_iso_mount_drive)) }}"
     virtio_win_iso_name: "{{ virtio_win_iso_name }}"
   when:
     - virtio_iso_mount_drive | length > 0 or ('Windows Server 2008' not in ansible_distribution and 'Windows 7' not in ansible_distribution)