Using Ansible to update Windows servers
1,842 views
Skip to first unread message
Dimitri Yioulos
Mar 26, 2015, 10:27:10 AM3/26/15
to ansible...@googlegroups.com
All,
I've got Ansible working on a few Windows 2008 servers. The Ansible command server runs CentOS 6. I'm trying to get the module "win_updates" working, but am not having much success. I'd like to be able to run this both via the command line, and via a playbook. The extant documentation isn't very detailed. Here's what I've done/am trying (sorry, this will probably be long):
* I had to download the windows module of which win_updates is a part, and manually put it in "/usr/lib/python2.6/site-packages/ansible/modules/extras/"
* I installed "PSWindowsUpdate" on the Windows server
* If I run the command "ansible myhost -m win_updates", I get the following output:
myhost | success >> {
"changed": false,
"updates_already_present": null,
"updates_category": "critical",
"updates_installed": [],
"updates_installed_afterwards": null,
"updates_installed_count": 0,
"updates_reboot_needed": true,
"updates_success": "true"
}
Fine, but the updates aren't done. So, I figure I need an argument. The win_updates document gives the following example:
I've got Ansible working on a few Windows 2008 servers. The Ansible command server runs CentOS 6. I'm trying to get the module "win_updates" working, but am not having much success. I'd like to be able to run this both via the command line, and via a playbook. The extant documentation isn't very detailed. Here's what I've done/am trying (sorry, this will probably be long):
* I had to download the windows module of which win_updates is a part, and manually put it in "/usr/lib/python2.6/site-packages/ansible/modules/extras/"
* I installed "PSWindowsUpdate" on the Windows server
* If I run the command "ansible myhost -m win_updates", I get the following output:
myhost | success >> {
"changed": false,
"updates_already_present": null,
"updates_category": "critical",
"updates_installed": [],
"updates_installed_afterwards": null,
"updates_installed_count": 0,
"updates_reboot_needed": true,
"updates_success": "true"
}
Fine, but the updates aren't done. So, I figure I need an argument. The win_updates document gives the following example:
# Install updates from security category win_updates: category: security
I've tried every combination I can think of, as in:
"ansible myhost -m win_updates -a category=security" and "ansible myhost -m win_updates -a security" and "ansible myhost -m win_updates -a category:security", and I get something like this:
myhost | FAILED >> {
"failed": true,
"msg": "\nProcess is terminated due to StackOverflowException.\n",
"parsed": false
}
* I created the following playbook:
---
- name: update windows
hosts: windows
gather_facts: true
tasks:
- name: win update
win_updates:
category: security
It, too, fails, with a much more verbose error message (which I'll skip posting, for now). I've tried other combinations in the playbook and, they too, fail.
I would greatly appreciate help in getting this to work, both from the command line and from a playbook.
Dimitri
J Hawkesworth
Mar 26, 2015, 2:46:26 PM3/26/15
to ansible...@googlegroups.com
Hi Dimitri,
A few others have reported StackOverflow and OutOfMemory exceptions on unpatched Server 2008 machines - see https://github.com/ansible/ansible/pull/8345#issuecomment-52074837 for a hotfix that worked for me.
By the way you can put any custom modules you want to use in your /etc/ansible/library rather than have to insert things into your actual ansible installation.
What ansible version are you using?
Are you connecting as a local user or a domain user?
Also possibly sounds close to this bug report:
Hope some of the above helps,
Jon
Dimitri Yioulos
Mar 26, 2015, 3:16:01 PM3/26/15
to ansible...@googlegroups.com
Hi, Jon.
I appreciate the response, and certainly will look into your suggestions. I'm using version 1.8.4.
As I've continued to hack away, I've got this to work, kind of:
ansible somehost -m win_updates -a category:security
The output looks like this:
somehostb | success >> {
"changed": true,
"updates_already_present": [
"2506014",
"2506212",
"2511455",
"2509553",
"2506928",
~
I appreciate the response, and certainly will look into your suggestions. I'm using version 1.8.4.
As I've continued to hack away, I've got this to work, kind of:
ansible somehost -m win_updates -a category:security
The output looks like this:
somehostb | success >> {
"changed": true,
"updates_already_present": [
"2506014",
"2506212",
"2511455",
"2509553",
"2506928",
~
"updates_category": "critical",
"updates_installed": [],
"updates_installed_afterwards": [
"2506014",
"2506212",
"2511455",
"2509553",
"2506928",
~
"2506014",
"2506212",
"2511455",
"2509553",
"2506928",
~
"updates_installed_count": 0,
"updates_reboot_needed": true,
"updates_success": "true"
}
The curious thing is that no updates are made, despite the fact that updates are available on the Win server, and they are of the category "Security", as in the following:
Security Update for Windows Server 2008 R2 x64 Edition (KB3002657)
Download size: 1.3 MB
You may need to restart your computer for this update to take effect.
Update type: Important
That comes from the Windows Update Manager. I tried changing "Category:security" to "Category:important", and still no joy.
Ideas?
Security Update for Windows Server 2008 R2 x64 Edition (KB3002657)
Download size: 1.3 MB
You may need to restart your computer for this update to take effect.
Update type: Important
That comes from the Windows Update Manager. I tried changing "Category:security" to "Category:important", and still no joy.
Ideas?
J Hawkesworth
Mar 26, 2015, 6:00:27 PM3/26/15
to ansible...@googlegroups.com
What happens if you reboot the box? I haven't tried this myself but I've seen windows delay applying updates until shutdown (and I think following a reboot too in some cases).
Might need a bit of work judging by the comments but there is a win_reboot module which you could try.
Jon
Dimitri Yioulos
Mar 30, 2015, 12:06:33 PM3/30/15
to ansible...@googlegroups.com
Jon,
I would think that, at a minimum, WSUS would show that the updates were downloaded and applied, then would request a reboot. That said, there's no way of knowing from the Windows servers themselves whether or not the updates occurred. Also, as noted in my last post, Ansible seems to say that the command ran fine, but that no updates were applied, as per the following output:
I would think that, at a minimum, WSUS would show that the updates were downloaded and applied, then would request a reboot. That said, there's no way of knowing from the Windows servers themselves whether or not the updates occurred. Also, as noted in my last post, Ansible seems to say that the command ran fine, but that no updates were applied, as per the following output:
"updates_installed_count": 0,
"updates_reboot_needed": true,
"updates_success": "true"
Dimitri
Reply all
Reply to author
Forward
0 new messages