Update role dependencies

2024-02-08 15:55:01 -05:00
parent e09a7f7d45
commit bb21e8d5c6
507 changed files with 1270 additions and 28219 deletions
--- a/roles/oatakan.windows_update/tasks/updates-with-retry.yml
+++ b/roles/oatakan.windows_update/tasks/updates-with-retry.yml
@@ -3,15 +3,54 @@
 - name: update over multiple reboots
  block:
    - block:
+        - name: set reject list
+          set_fact:
+            _reject_list: "{{ (win_update_reject_list | default([])) + (failed_kb | default([])) }}"
+          when: (win_update_reject_list | length) or (failed_kb | length)
+
        - name: install all windows updates
          win_updates:
+            server_selection: "{{ win_update_server_selection }}"
            category_names: "{{ win_update_category_names }}"
-            blacklist: "{{ (win_update_blacklist | default([])) + (failed_kb | default([])) }}"
-            whitelist: "{{ win_update_whitelist | default(omit) }}"
-            reboot: yes
+            reject_list: "{{ _reject_list | default(omit) }}"
+            accept_list: "{{ win_update_accept_list | default(omit) }}"
+            reboot: false
+          async: 7200
+          poll: 0
+          register: installed_updates_async
+
+        - name: wait for updates to finish
+          async_status:
+            jid: "{{ installed_updates_async.ansible_job_id }}"
          register: installed_updates
+          until: installed_updates.finished
+          retries: "{{ install_updates_retry_limit }}"
+          delay: 30
+
+        - name: reboot the system if required
+          win_reboot:
+            reboot_timeout: 7200
+          when: installed_updates.reboot_required

      rescue:
+        - name: ensure there is connection
+          wait_for_connection:
+            delay: 60
+            sleep: 10
+            timeout: 600
+
+        # see https://learn.microsoft.com/en-us/sharepoint/troubleshoot/administration/800703fa-illegal-operation-error
+        # error code 0x800703FA happens with some updates when user is not logged in
+        # add the registry key to disable forcefully unloading users registry at user logoff
+        - include_tasks: force_user_registry.yml
+          vars:
+            task_state: present
+          when:
+            - installed_updates is defined
+            - installed_updates is failed
+            - installed_updates.msg is defined
+            - ('0x800703FA' in installed_updates.msg)
+
        - name: reboot the system to recover from a failed update
          win_reboot:
            reboot_timeout: 7200
@@ -36,32 +75,50 @@
        delay: 60
        sleep: 10
        timeout: 600
+    - block:
+        - name: work on any skipped KB
+          win_updates:
+            server_selection: "{{ win_update_server_selection }}"
+            category_names: "{{ win_update_category_names }}"
+            reject_list: "{{ win_update_reject_list | default(omit) }}"
+            accept_list: "{{ failed_kb | default(omit) }}"
+            reboot: false
+          async: 7200
+          poll: 0
+          register: installed_updates_retry_skipped_async

-    - name: work on any skipped KB
-      win_updates:
-        category_names: "{{ win_update_category_names }}"
-        blacklist: "{{ win_update_blacklist | default(omit) }}"
-        whitelist: "{{ failed_kb | default([]) }}"
-        reboot: yes
-      register: installed_updates_retry_skipped
+        - name: wait for updates to finish
+          async_status:
+            jid: "{{ installed_updates_retry_skipped_async.ansible_job_id }}"
+          register: installed_updates_retry_skipped
+          until: installed_updates_retry_skipped.finished
+          retries: "{{ install_updates_retry_limit }}"
+          delay: 30
+
+        - name: reboot the system if required
+          win_reboot:
+            reboot_timeout: 7200
+          when: installed_updates_retry_skipped.reboot_required
      when:
        - failed_kb is defined
        - failed_kb | length > 0

    - name: check for missing updates
      win_updates:
+        server_selection: "{{ win_update_server_selection }}"
        category_names: "{{ win_update_category_names }}"
-        blacklist: "{{ win_update_blacklist | default(omit) }}"
+        reject_list: "{{ win_update_reject_list | default(omit) }}"
        state: searched
      register: missing_updates

    - debug:
-        msg: |
+        msg: "{{ _msg.split('\n')[:-1] }}"
+      vars:
+        _msg: |
          {{ inventory_hostname }} has {{ missing_updates.found_update_count }} updates still missing.
          {% for update in updates %}
            - {{ update.title }}
          {% endfor %}
-      vars:
        updates: "{{ (missing_updates.updates.values() | list) if (missing_updates.updates is mapping) else (missing_updates.updates) }}"
      when: missing_updates.updates is defined

@@ -72,7 +129,7 @@
          {{ (update_retry_limit | int) - (update_retry_count | int) }} more retries left'
      when:
        - missing_updates.found_update_count > 0
-        - ((update_retry_limit | int) - (update_retry_count | int) >= 0)
+        - ((update_retry_limit | int) - (update_retry_count | int) > 0)

  rescue:
    - name: set update count
@@ -80,7 +137,14 @@
        update_retry_count: '{{ update_retry_count | default(0) | int + 1 }}'

    - debug:
-        msg: "Still more updates remaining - retrying... ({{ update_retry_count }}/{{ update_retry_limit }})"
+        msg: "Still more updates ({{ current_update_count }}) remaining - retrying... ({{ update_retry_count }}/{{ update_retry_limit }})"
+      vars:
+        current_update_count: "{{ missing_updates.found_update_count | default(installed_updates.found_update_count) | default('-') }}"
+
+    - name: ensure system is reachable
+      wait_for_connection:
+        sleep: 10
+        timeout: 600

    - include_tasks: updates-with-retry.yml
-      when: ((update_retry_limit | int) - (update_retry_count | int) >= 0)
+      when: ((update_retry_limit | int) - (update_retry_count | int) > 0)