Playbook for windows updates.

Hi Guys,

I am very new to Ansible. We are trying to automate windows montly patches. But our playbook keep on fail when there is a update which requires a reboot. How to handle intellegent system reboot only if it requires.

I have a very big doubt that once reboot is triggered the winrm connection will lost or it will wait for some seconds. If the connection is lost then we are planning to handle that with pause option but i need code logic it should pause the execution process only if rebooted is done.

Please help me.

Thanks,
Sunil.

The win_updates module will give a reboot_required: True return value when one is required. With that information you can register the task and then have a follow up win_reboot task when reboot_required: True. See below for how to accomplish this.

• name: Install Windows Updates
  win_updates:
  register: updates

• name: Reboot after installing updates
  win_reboot:
  when: updates.reboot_required

Hey Mike,

What you given is absolutely correct. But i was blocked with different condition. While patching some updates won’t move forward without restart. in that case if i restart the connection established with ansible server will lost. For that i am using pause module in ansible. Once that pause is condition is executed how to resume the patching?

Hey Sunil

You should be using the win_reboot module to handle updates. It reboots the server and waits for it to come back online so it should be seemless and won’t continue until it is ready for another task. Your playbook would look something like this

`

• name: install updates
  hosts: windows
  tasks:

• win_updates:
  categories: CriticalUpdates
  state: installed
  register: update_result

• win_reboot:
  when: update_result.reboot_required

• name: second round of updates
  win_updates:
  categories: CriticalUpdates
  state: installed
  register: update_result

• win_reboot:
  when: update_result.reboot_required
  `

Thanks

Hi Jordon,

I am almost there. Your code is working absolutely fine. But need to handle below logic.

1. We can’t say how many updates will ask for reboot so having win_updates multiple times in playbook can’t work (we cannot hard code) → If we have the logic when ever reboot is triggered the control should go for win_updates.

2. With the above given code. Second round of updates should execute only if win_reboot is executed other wise it should skip.

Me too new just from my scenario I am suggesting to use a handler on play book level.
And then added a notify to handler on each task where I expect a reboot to be done.

Below is a trial run we did.

.
├── README.md
├── ansible.cfg
├── group_vars
│ ├── all
│ ├── ccenter.yml
│ ├── linux.yml
│ └── windows.yml
├── handlers
│ └── main.yml
├── hosts
├── roles
│ ├── oc
│ │ └── tasks
│ │ └── main.yml
│ ├── todo
│ │ ├── files
│ │ │ └── temp_files
│ │ │ ├── 1.txt
│ │ │ ├── 2.txt
│ │ │ └── dummy
│ │ │ └── dummy.txt
│ │ └── tasks
│ │ └── main.yml
│ └── trial
│ ├── files
│ │ └── sample.xml
│ ├── meta
│ │ └── main.yml
│ └── tasks
│ ├── RedHat.yml
│ ├── Windows.yml
│ └── main.yml
├── site.retry
└── site.yml

handler/main.yml

• name: Reboot windows server

win_reboot:
msg: Reboot initiated by Ansible
test_command: whoami
register: win_reboot_result

sample task in the playbook

• name: Install Web Deploy 3.6
  win_package:
  name: Microsoft Web Deploy 3.6
  path: http://download.microsoft.com/download/0/1/D/01DC28EA-638C-4A22-A57B-4CEF97755C6C/WebDeploy_amd64_en-US.msi
  product_id: ‘{6773A61D-755B-4F74-95CC-97920E45E696}’
  arguments: ‘/q /norestart’
  state: present
  expected_return_code: [0, 666, 3010]
  notify:

• Reboot windows server

• name: force all notified handlers to run at this point, not waiting for normal sync points
  meta: flush_handlers

Note: Reboot will be done if any change identified on that task.

Thanks,
Sivakumar