102 lines
3.3 KiB
YAML
102 lines
3.3 KiB
YAML
---
|
|
|
|
- name: update over multiple reboots
|
|
block:
|
|
- name: check for available updates
|
|
win_updates:
|
|
category_names:
|
|
- CriticalUpdates
|
|
- DefinitionUpdates
|
|
- SecurityUpdates
|
|
- UpdateRollups
|
|
- Updates
|
|
state: searched
|
|
register: available_updates
|
|
|
|
- debug:
|
|
msg: |
|
|
{{ inventory_hostname }} has {{ available_updates.found_update_count }} updates available.
|
|
{% for update in updates %}
|
|
- {{ update.title }}
|
|
{% endfor %}
|
|
vars:
|
|
updates: "{{ (available_updates.updates.values() | list) if (available_updates.updates is mapping) else (available_updates.updates) }}"
|
|
when: available_updates.updates is defined
|
|
|
|
- block:
|
|
- name: install windows updates using powershell script
|
|
script: win-updates.ps1
|
|
become: yes
|
|
become_method: runas
|
|
become_user: SYSTEM
|
|
when:
|
|
- available_updates.updates is defined
|
|
- available_updates.found_update_count > 0
|
|
|
|
rescue:
|
|
- name: reboot the system to recover from a failed update
|
|
win_reboot:
|
|
reboot_timeout: 7200
|
|
|
|
- name: wait for system to be responsive after update
|
|
wait_for_connection:
|
|
delay: 60
|
|
sleep: 10
|
|
timeout: 600
|
|
|
|
- name: check to see if reboot is required
|
|
win_reg_stat:
|
|
path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
|
|
name: CustomRebootRequired
|
|
register: update_reboot_required_key
|
|
|
|
- name: reboot the system to continue with the update
|
|
win_reboot:
|
|
reboot_timeout: 7200
|
|
when: update_reboot_required_key.exists
|
|
|
|
- name: check for missing updates
|
|
win_updates:
|
|
category_names:
|
|
- CriticalUpdates
|
|
- DefinitionUpdates
|
|
- SecurityUpdates
|
|
- UpdateRollups
|
|
- Updates
|
|
state: searched
|
|
register: missing_updates
|
|
|
|
- debug:
|
|
msg: |
|
|
{{ inventory_hostname }} has {{ missing_updates.found_update_count }} updates still missing.
|
|
{% for update in updates %}
|
|
- {{ update.title }}
|
|
{% endfor %}
|
|
vars:
|
|
updates: "{{ (missing_updates.updates.values() | list) if (missing_updates.updates is mapping) else (missing_updates.updates) }}"
|
|
when: missing_updates.updates is defined
|
|
|
|
- block:
|
|
- name: set update count
|
|
set_fact:
|
|
update_retry_count: '{{ update_retry_count | default(0) | int + 1 }}'
|
|
|
|
- name: still more updates - need to retry
|
|
fail:
|
|
msg: >
|
|
'{{ inventory_hostname }} has {{ missing_updates.found_update_count }} updates still missing.
|
|
{{ (update_retry_limit | int) - (update_retry_count | int) }} more retries left'
|
|
when: ((update_retry_limit | int) - (update_retry_count | int) > 0)
|
|
when: missing_updates.found_update_count > 0
|
|
|
|
- name: ensure the CustomRebootRequired key doesn't exist
|
|
win_regedit:
|
|
path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
|
|
name: CustomRebootRequired
|
|
state: absent
|
|
|
|
rescue:
|
|
- debug:
|
|
msg: "Still more updates remaining - retrying..."
|
|
|
|
- include_tasks: updates-powershell.yml |