is it possible to cycle/loop through certain tasks until something is happening?
Im using ansible to deploy windows updates via cygwin/sshd-server, but the host needs multiple restarts and times to get finally patched. This is what i have in single tasks:
name: install windows updates
shell: powershell.exe -File “C:\ansible-tmpdir\InstallWindowsUpdates.ps1”
register: result
changed_when: result.stdout.find(“Reboot is required”) != -1
name: wait for server to come back
local_action:
wait_for
host={{ inventory_hostname }}
port=22
delay=10
timeout=300
state=started
connect_timeout=15
when: result.changed
It would now be nice to do a “do-until” over booth tasks like:
register: result
until: result.stdout.find(“Found [0] Updates in post search criteria”) != -1
retries: 99
delay: 30
But how do i do that on multiple tasks? I tired it using an include statement, but that didn’t work. When i use blocks ansible says “until is not a valid command here”
By the way, there is a win_updates module in ansible 2.0 and a win_reboot role in galaxy which you might find interesting if you consider moving away from using cygwin.
Hope this helps. Please let us know how you get on.
Since 2.0, the windows modules are really faster, but far away from fast enough to work with them in a productive way (copying of 20 files takes a half minute). Then there are the limitations through WinRM: to gain elevated rights, you have to disable UAC. That’s a no-way.
If you want to work with ansible for windows hosts, you have to script almost anything in powershell, but have the problem, that you can’t work with stdout. It always says “hello world!” instead of your own return code. So it comes that scripts are always marked as changed, even if you don’t want to do it that way.
Using cygwin, you don’t have these limitations. Sure, you have to script much in powershell, but you can work with stdout and have the good speed of ssh. Plus, you don’t have to change your inventory file. Windows hosts behave like linux hosts.
Thanks for this, I appreciate we are getting a bit off topic but I can’t help feeling you are maybe missing out a bit.
Regarding windows file transfer, Check you are using latest pywinrm as that makes a big speed boost, and keep your ansible controller ‘close’ to your hosts, in networking terms. If that’s still not enough for you, add a webserver to your ansible controller and fetch what you need from your ansible controller using win_get_url. Yes its a bit more complexity, but you can make a re-usable role to fetch stuff instead of copy stuff.
Yes WinRM has its limitations but there are workarounds, some of which are handled in the existing windows modules - win_updates for example.
If you need to disable UAC to do something, you can always re-enable it before your play finishes.
I think you can work with stdout, but ansible modules must return json. There’s not a huge amount of work to turn a powershell script into a module - mostly you are adding code to handle and check the incoming parameters and code to choose what is relevant to return in the json response. Moreover, a module is something that can be shared, maybe improved by others and we can all get the things we need automated a little quicker.
All depends on what you are optimizing for but if your roles and plays call a lot of custom powershell, then I think you loose a bit of the value of the playbooks as a way of telling others what it takes to build your machines. To me one of the reasons to use a tool like ansible is to keep the amount of custom scripting I have to do to a minimum.
Ultimately it sounds like you have something that works for you, though so I’m not knocking what you’ve got.
I know that my work is a bit “over the top” and that ansible is actually for keeping custom scripting at a minimum, but the project i’m working on is not about installing some Features and Windows Updates. It’s about renaming the Computer, calling Sysprep, adding it to a Windows Domain, installing an Service using NSSM (even for that i have to use a PowerShell Script because WinRM has problems with escaping), disabling Services and Tasks, running a Disk Cleanup etc.
I’ll keep a look how pywinrm and Ansible are developing and maybe i can do the switch in the close future :).