I’ve been struggling with trying to get Ansible working for Windows automation. Perhaps I’m asking too much, but here’s what I’m after - I want to update a group of servers, stop a particular service on a few of those server, then reboot the entire group. Updating and rebooting are the easy parts. My challenge is in identifying the servers that have the particular service running, and stopping that service if it’s running. The command that I’d use at the Windows cli would be this: sc query ListManager | find “RUNNING” or
sc query ListManager | find “STATE”, which return “STATE : 4 RUNNING”. I can extend that a bit, like so: sc query ListManager | find “RUNNING” >nul 2>&1 && echo running, which obviously returns “running”.
First, please try out the new win_updates module here (and +1 the PR if it works for you) - the way you’re kicking off the Windows updates asynchronously can fail in all sorts of interesting ways.
Second, while the approach you’re using will work, it can also mask other failures. I’m guessing you don’t really care if the services are running or not, merely that they’re installed, and if so, they should be stopped. The win_service module (and most Ansible modules) are designed to enforce a desired state, not just blindly run commands, so that part’s already taken care of. To just skip the task if not installed, I’d suggest something like:
tasks:
name: check for Lyris service
raw: sc query ListManager
register: lyris_hint
failed_when: lyris_hint.rc not in [0,1060] # 1060 == Service not installed
name: stop services
service: name={{ item }} state=stopped
with_items: [“ListManager”, “LyrisAlert”]
when: lyris_hint.rc == 0 # ie, the ListManager service is installed
This way, if it fails for some other reason than the service not being installed, your playbook will break instead of masking the failure.
I went ahead and installed the latest win_updates module. The only reason I wasn’t using it is that I’ve had good luck with running native Windows commands via the raw command. I understand why you recommend using win_updates, though, and I’ll work with it.
The two service-related tasks work a treat! Being pretty new to ansible, I was wondering where you got this from?: lyris_hint.rc not in [0,1060]. Knowing such things looks to be extremely valuable.
Also, why am I not seeing the output of sc query ListManager if I add - debug: var=reboot_hint.stdout_lines ? I created another play that returns whether or not a Linux x system requires a reboot because the kernel was updated:
Ah, and now I remember - I couldn’t get the win_updates module to work. When I update Windows servers, I want the install all available updates (e.g. critical and important), with the exception of optional. I’ve created a play to look like this: