Trouble with win_package

Archives Ansible Project
1

All,

I’m running version 2.3 (can’t update to 2.4 just yet) and, despite what should be super stupid simple, I’ve never been able to get win_package to work. I’ve changed up my win_package play in every conceivable way, but no joy. Here’s my basic set-up, which is taken directly from the doc:

`

2

path should read:

path: C:\temp\windows6.1-kb3140245-x64_5b067ffb69a94a6e5f9da89ce88c658e52a0dec0.msu

3

There are a few issues you will come across;

  • You figured out that the path shouldn’t have the end single quote, unless you are start the path with a single quote. No need to escape the backslashes unless you enclose it in double quotes
  • While you specify the path as .msu, win_package doesn’t have any smarts in place to automatically use wusa.exe to install the hotfix, you need to modify the path and arguments to use wusa.exe
  • There is the win_hotfix module in 2.4 but this isn’t available for Server 2008, 2008 R2 without lots of messing around so for this hotfix it probably won’t matter but I’ve included an example anyway

The final issue is that on a WinRM process any access to the Windows Update API like wusa.exe will fail with access is denied, you need to escape the Network Logon process to get it working, there are multiple ways of doing this currently

  • Use Ansible and become to become an interactive process, while this was added in 2.3 it was experimental and only worked in certain situations. I would recommend you upgrade to 2.5 when it is out as it is no longer experimental and quite easy to use
  • Use a scheduled task to run the process, this works but it quite cumbersome to setup and run so I won’t give an example
  • Use psexec and the win_psexec module, it requires the psexec executable downloaded onto the host and chocolately can do that for you

Because you are on an older Ansible version the psexec option will be the easiest way for you to move forward so I recommend you look into that.

`

on 2.5 you could do the following for most Windows hosts

  • name: install hotfix KB3140245
    win_package:
    path: C:\Windows\System32\wusa.exe
    arguments: C:\temp\windows6.1-kb3140245-x64_5b067ffb69a94a6e5f9da89ce88c658e52a0dec0.msu /quiet /norestart
    product_id: MicrosoftTLS
    state: present
    register: hotfix_install
    become: yes
    become_method: runas
    become_user: SYSTEM

  • name: reboot if required
    win_reboot:
    when: hotfix_install.reboot_required

or from 2.4 onwards and Server 2012 or newer you can use win_hotfix (I know this is for Server 2008 R2 but keeping it here as an example for other updates)

  • name: install hotfix KB3140245
    win_hotfix:
    path: C:\temp\windows6.1-kb3140245-x64_5b067ffb69a94a6e5f9da89ce88c658e52a0dec0.msu
    hotfix_kb: KB3140245
    state: present
    register: hotfix_install

  • name: reboot host if required
    win_reboot:
    when: hotfix_install.reboot_required

finally if you cannot upgrade Ansible versions, you can get it working with psexec by running these tasks

  • name: make sure psexec is installed locally
    win_chocolatey:
    name: psexec
    state: present

  • name: check if hotfix KB3140245 is installed
    win_shell: if (Get-Hotfix -Id KB3140245 -ErrorAction SilentlyContinue) { “true” } else { “false” }
    register: hotfix_installed

  • name: install hotfix if not installed
    win_psexec:
    command: C:\Windows\System32\wusa.exe C:\temp\windows6.1-kb3140245-x64_5b067ffb69a94a6e5f9da89ce88c658e52a0dec0.msu /quiet /norestart
    system: yes
    register: hotfix_install_out
    failed_when: hotfix_install_out.rc not in [0, 3010]
    when: hotfix_installed.stdout_lines[0] == “false”

  • name: reboot system if required
    win_reboot:
    when: hotfix_install_out.rc == 3010

`


Thanks

Jordan