102 lines
2.6 KiB
YAML
102 lines
2.6 KiB
YAML
---
|
|
|
|
- include_tasks: enable_powershell.yml
|
|
|
|
- include_tasks: enable_tls_system_default.yml
|
|
|
|
- name: download script
|
|
raw: '[Net.ServicePointManager]::SecurityProtocol = [Enum]::ToObject([Net.SecurityProtocolType], 3072); (New-Object -TypeName System.Net.WebClient).DownloadFile("{{ powershell_script_url }}", "{{ powershell_upgrade_script_file }}")'
|
|
changed_when: False
|
|
check_mode: no
|
|
register: download_script
|
|
|
|
- name: set execution policy
|
|
raw: 'Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force'
|
|
changed_when: False
|
|
check_mode: no
|
|
ignore_errors: yes
|
|
|
|
- name: delete scheduled task if it exists
|
|
raw: 'SCHTASKS /Delete /TN upgrade /f'
|
|
args:
|
|
executable: cmd.exe
|
|
changed_when: False
|
|
check_mode: no
|
|
failed_when: False
|
|
|
|
- name: create a scheduled task to run powershell script
|
|
raw: >
|
|
SCHTASKS /Create /SC MONTHLY /MO first /D SUN /TN upgrade /TR "powershell.exe -Command
|
|
'& {{ powershell_upgrade_script_file }} -Version {{ powershell_target_version }}
|
|
-Username {{ ansible_user }} -Password {{ ansible_password }}'"
|
|
args:
|
|
executable: cmd.exe
|
|
changed_when: False
|
|
check_mode: no
|
|
|
|
- name: start windows update service
|
|
raw: net start wuauserv
|
|
args:
|
|
executable: cmd.exe
|
|
failed_when: false
|
|
|
|
- pause:
|
|
seconds: 60
|
|
|
|
- name: run scheduled task
|
|
raw: 'SCHTASKS /Run /TN upgrade'
|
|
args:
|
|
executable: cmd.exe
|
|
changed_when: False
|
|
check_mode: no
|
|
|
|
- pause:
|
|
seconds: "{{ upgrade_wait_timeout }}"
|
|
|
|
- name: wait for powershell upgrade task to finish
|
|
raw: '((schtasks /query /TN upgrade)[4] -split " +")[-2]'
|
|
changed_when: False
|
|
check_mode: no
|
|
register: upgrade_status_check
|
|
failed_when: false
|
|
until: (upgrade_status_check.stdout | trim | lower) == 'ready'
|
|
delay: 10
|
|
retries: 10
|
|
|
|
- debug:
|
|
msg: "{{ powershell_target_version }}"
|
|
|
|
# apply winrm memory hotfix for powershell 3.0
|
|
- include_tasks: winrm-memfix.yml
|
|
when: powershell_target_version is version('3.0', '==')
|
|
|
|
- name: wait for system to reboot after upgrade
|
|
wait_for_connection:
|
|
sleep: 60
|
|
timeout: 400
|
|
|
|
- name: delete scheduled task
|
|
win_scheduled_task:
|
|
name: upgrade
|
|
state: absent
|
|
|
|
- name: delete script
|
|
win_file:
|
|
path: "{{ powershell_upgrade_script_file }}"
|
|
state: absent
|
|
|
|
- name: ensure auto login is disabled
|
|
win_regedit:
|
|
path: HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
|
|
name: AutoAdminLogon
|
|
data: 0
|
|
type: string
|
|
|
|
- name: ensure auto login creds are removed
|
|
win_regedit:
|
|
path: HKLM:\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
|
|
name: "{{ item }}"
|
|
state: absent
|
|
loop:
|
|
- DefaultUserName
|
|
- DefaultPassword |