I have tried multiple machines to download the updates but it’s not working. Playbook
tasks: - name: Search and download Windows updates without installing them win_updates: state: downloaded win_reboot: true
Throwing error -
fatal: [EC2AMAZ-5TQR7L8.corp.medqia.com]: FAILED! => {“changed”: false, “filtered_updates”: {“ca3bb521-a8ea-4e26-a563-2ad6e3108b9a”: {“categories”: [“Feature Packs”, “Silverlight”], “filtered_reason”: “category_names”, “id”: “ca3bb521-a8ea-4e26-a563-2ad6e3108b9a”, “installed”: false, “kb”: [“4481252”], “title”: “Microsoft Silverlight (KB4481252)”}}, “found_update_count”: 2, “installed_update_count”: 0, “msg”: “A reboot is required before more updates can be installed”, “reboot_required”: true, “updates”: {“46de78a6-89c2-4adc-a827-d55e913ca853”: {“categories”: [“Security Updates”, “Windows Server 2016”], “id”: “46de78a6-89c2-4adc-a827-d55e913ca853”, “installed”: false, “kb”: [“4534271”], “title”: “2020-01 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4534271)”}, “a4816cdf-d87e-4555-afa3-b839655fc564”: {“categories”: [“Update Rollups”, “Windows Server 2016”], “id”: “a4816cdf-d87e-4555-afa3-b839655fc564”, “installed”: false, “kb”: [“890830”], “title”: “Windows Malicious Software Removal Tool x64 - January 2020 (KB890830)”}}}
I have already enabled the command to reboot. why it’s not rebooting ? I can’t download or install anything through ansible… kinda sucks
nschende
(Nick Schendel - Solution Architect, Red Hat)
4
Based on that message it appears that a reboot is requried before you can install the patches. The win_updates module is not going to reboot the host after changes if it doesnt make any changes. Reboot the host manually, then try running again and I bet it goes. Otherwise you could probably put in a separate task to reboot the host first, then patch and reboot after if needed.
The filtered message says it’s filtered due to category_names, here are the categories you’ve applied in one of your tasks
Upgrades
Security Updates
When you omit the category_names here are the categories it uses by default (as per the docs)
CriticalUpdates (same as “Critical Updates”)
SecurityUpdates (same as “Security Updates”)
UpdateRollups (same as “Update Rollups”)
Here are the categories for KB2267602
Definition Updates
Windows Defender
You can see that none of the categories for KB2267602 are matching up in either of your tasks so they are being filtered out, hence the “filtered_reason”: “category_names” entry in the filtered list.
For an update to not be filtered you MUST specify at least one of the categories it belongs to, you have not done this. The whitelist/blacklist is only applied to updates that have already matched the categories as per the documentation
The whitelist is only validated on updates that were found based on category_names. It will not force the module to install an update if it was not in the category specified.
You cannot just specify a whitelist of categories and expect them to be match, they MUST first be part of the categories you have specified.
The reboot option in win_updates is ‘reboot: yes’, not ‘win_reboot: yes’, you would know that if you had read the docs and understand how the options work. The win_reboot module is a completely separate module
I’ve said in your original post that the win_updates module only handles reboots post installation, if a reboot is required before the install it won’t do that
Arguably 2 is something that we can do but it’s just not something that is available right now. Feel free to submit a PR to add that functionality if you desire it.