Ansible playbook is not working on the target host but shows in play recap

Jimmy

unread,

Jan 22, 2020, 2:39:36 PM1/22/20

to Ansible Project

Nothing changed on the target host, not even rebooted but able to ping and can do a handshake
Playbook -

PLAY [windows] *************************************************************************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************************************************
ok: [MQN-CKMH5E31UM7.corp.medqia.com]

TASK [Install all security, critical, and rollup updates without a scheduled task] *****************************************************************************************
ok: [MQN-CKMH5E31UM7.corp.medqia.com]

TASK [Install only security updates as a scheduled task for window machines] ***********************************************************************************************
ok: [MQN-CKMH5E31UM7.corp.medqia.com]

TASK [Install only particular updates based on the KB numbers] *************************************************************************************************************
ok: [MQN-CKMH5E31UM7.corp.medqia.com]

TASK [Install all security updates with automatic reboots] *****************************************************************************************************************
ok: [MQN-CKMH5E31UM7.corp.medqia.com]

TASK [Ensure WinRM starts when the system has settled and is ready to work reliably] ***************************************************************************************
ok: [MQN-CKMH5E31UM7.corp.medqia.com]

PLAY RECAP *****************************************************************************************************************************************************************
MQN-CKMH5E31UM7.corp.medqia.com : ok=6 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

Playbook contents =
hosts: windows
vars:
ansible_connection: winrm
ansible_ssh_port: 5986
anisble_winrm_transport: kerberos
ansible_winrm_server_cert_validation: ignore
validate_certs: false
ansible_winrm_scheme: https
ansibe_winrm_read_timeout_sec: 120
tasks:
name: Install all security, critical, and rollup updates without a scheduled task
win_updates:
category_names:

SecurityUpdates
CriticalUpdates
UpdateRollups

name: Install only security updates as a scheduled task for window machines
win_updates:
category_names: SecurityUpdates
use_scheduled_task: yes

name: Install only particular updates based on the KB numbers
win_updates:
category_name:

SecurityUpdates
whitelist:
KB4528760
KB890830
KB4534271
KB22677602
name: Install all security updates with automatic reboots
win_updates:
category_names:

SecurityUpdates
reboot: yes
name: Ensure WinRM starts when the system has settled and is ready to work reliably
win_service:
name: WinRM
start_mode: delayed

Jordan Borean

unread,

Jan 22, 2020, 3:21:15 PM1/22/20

to Ansible Project

It's showing OK because there was the state was already achieved. Ansible is running and the modules you are running with just have nothing to do.

Jimmy

unread,

Jan 22, 2020, 3:32:50 PM1/22/20

to Ansible Project

But the target host has not achieved the desired result like it's not updating/upgrading the OS based on KB number provided and is not rebooting. Any ideaa?

Jordan Borean

unread,

Jan 22, 2020, 3:38:11 PM1/22/20

to Ansible Project

That's probably because win_updates runs on various filters, you can't just specify the KB, you also need to specify the category the update applies to. If you run with -vvv you can see all the updates that have been filtered (skipped) and the categories they apply to. If the update is not in that filtered list then the Windows Update Agent can't see it as an applicable update and Ansible can't do anything about that.

Jimmy

unread,

Jan 22, 2020, 4:11:02 PM1/22/20

to Ansible Project

Can you give me an example that how to specify the category KB update applies too

Here is the output: -

ansible-playbook windows.yml -vvvansible-playbook 2.9.2

config file = /etc/ansible/ansible.cfg

configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']

ansible python module location = /usr/lib/python2.7/dist-packages/ansible

executable location = /usr/bin/ansible-playbook

python version = 2.7.12 (default, Oct 8 2019, 14:14:10) [GCC 5.4.0 20160609]

Using /etc/ansible/ansible.cfg as config file

host_list declined parsing /etc/ansible/hosts as it did not pass its verify_file() method

script declined parsing /etc/ansible/hosts as it did not pass its verify_file() method

auto declined parsing /etc/ansible/hosts as it did not pass its verify_file() method

Parsed /etc/ansible/hosts inventory source with ini plugin

PLAYBOOK: windows.yml ******************************************************************************************************************************************************

1 plays in windows.yml

PLAY [windows] *************************************************************************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************************************************

task path: /etc/ansible/windows-playbook/windows.yml:2

Using module file /usr/lib/python2.7/dist-packages/ansible/modules/windows/setup.ps1

Pipelining is enabled.

<MQN-CKMH5E31UM7.corp.medqia.com> ESTABLISH WINRM CONNECTION FOR USER: None on PORT 5986 TO MQN-CKMH5E31UM7.corp.medqia.com

EXEC (via pipeline wrapper)

ok: [MQN-CKMH5E31UM7.corp.medqia.com]

META: ran handlers

TASK [Install all security, critical, and rollup updates without a scheduled task] *****************************************************************************************

task path: /etc/ansible/windows-playbook/windows.yml:12

win_updates: running win_updates module

Using module file /usr/lib/python2.7/dist-packages/ansible/modules/windows/win_updates.ps1

Pipelining is enabled.

<MQN-CKMH5E31UM7.corp.medqia.com> ESTABLISH WINRM CONNECTION FOR USER: None on PORT 5986 TO MQN-CKMH5E31UM7.corp.medqia.com

EXEC (via pipeline wrapper)

ok: [MQN-CKMH5E31UM7.corp.medqia.com] => {

"changed": false,

"filtered_updates": {

"20668013-76d9-43ec-a6f2-f76fb4271642": {

"categories": [

"Definition Updates",

"Windows Defender"

],

"filtered_reason": "category_names",

"id": "20668013-76d9-43ec-a6f2-f76fb4271642",

"installed": false,

"kb": [

"2267602"

],

"title": "Security Intelligence Update for Windows Defender Antivirus - KB2267602 (Version 1.307.2832.0)"

},

"5bb32ece-7c8c-4f07-ace1-7ba1d36736a1": {

"categories": [

"Updates",

"Windows 10"

],

"filtered_reason": "category_names",

"id": "5bb32ece-7c8c-4f07-ace1-7ba1d36736a1",

"installed": false,

"kb": [

"4494452"

],

"title": "2019-05 Update for Windows 10 Version 1709 for x64-based Systems (KB4494452)"

},

"65ecc208-c6b1-4fce-b892-fc2c93917d76": {

"categories": [

"Drivers"

],

"filtered_reason": "category_names",

"id": "65ecc208-c6b1-4fce-b892-fc2c93917d76",

"installed": false,

"kb": [],

"title": "Logitech - Image - 10/24/2018 12:00:00 AM - 1.3.89.0"

},

"79bfbb87-ae9d-480d-9f6f-5c82361e015d": {

"categories": [

"Upgrades"

],

"filtered_reason": "category_names",

"id": "79bfbb87-ae9d-480d-9f6f-5c82361e015d",

"installed": false,

"kb": [

"4530684"

],

"title": "Feature update to Windows 10, version 1909"

}

},

"found_update_count": 0,

"installed_update_count": 0,

"reboot_required": false,

"updates": {}

}

TASK [Install only security updates as a scheduled task for window machines] ***********************************************************************************************

task path: /etc/ansible/windows-playbook/windows.yml:19

win_updates: running win_updates module

Using module file /usr/lib/python2.7/dist-packages/ansible/modules/windows/win_updates.ps1

Pipelining is enabled.

<MQN-CKMH5E31UM7.corp.medqia.com> ESTABLISH WINRM CONNECTION FOR USER: None on PORT 5986 TO MQN-CKMH5E31UM7.corp.medqia.com

EXEC (via pipeline wrapper)

ok: [MQN-CKMH5E31UM7.corp.medqia.com] => {

"changed": false,

"filtered_updates": {

"20668013-76d9-43ec-a6f2-f76fb4271642": {

"categories": [

"Definition Updates",

"Windows Defender"

],

"filtered_reason": "category_names",

"id": "20668013-76d9-43ec-a6f2-f76fb4271642",

"installed": false,

"kb": [

"2267602"

],

"title": "Security Intelligence Update for Windows Defender Antivirus - KB2267602 (Version 1.307.2832.0)"

},

"5bb32ece-7c8c-4f07-ace1-7ba1d36736a1": {

"categories": [

"Updates",

"Windows 10"

],

"filtered_reason": "category_names",

"id": "5bb32ece-7c8c-4f07-ace1-7ba1d36736a1",

"installed": false,

"kb": [

"4494452"

],

"title": "2019-05 Update for Windows 10 Version 1709 for x64-based Systems (KB4494452)"

},

"65ecc208-c6b1-4fce-b892-fc2c93917d76": {

"categories": [

"Drivers"

],

"filtered_reason": "category_names",

"id": "65ecc208-c6b1-4fce-b892-fc2c93917d76",

"installed": false,

"kb": {

"Count": 0,

"ReadOnly": true,

"_NewEnum": "System.__ComObject"

},

"title": "Logitech - Image - 10/24/2018 12:00:00 AM - 1.3.89.0"

},

"79bfbb87-ae9d-480d-9f6f-5c82361e015d": {

"categories": [

"Upgrades"

],

"filtered_reason": "category_names",

"id": "79bfbb87-ae9d-480d-9f6f-5c82361e015d",

"installed": false,

"kb": [

"4530684"

],

"title": "Feature update to Windows 10, version 1909"

}

},

"found_update_count": 0,

"installed_update_count": 0,

"reboot_required": false,

"updates": {}

}

TASK [Install only particular updates based on the KB numbers] *************************************************************************************************************

task path: /etc/ansible/windows-playbook/windows.yml:24

win_updates: running win_updates module

Using module file /usr/lib/python2.7/dist-packages/ansible/modules/windows/win_updates.ps1

Pipelining is enabled.

<MQN-CKMH5E31UM7.corp.medqia.com> ESTABLISH WINRM CONNECTION FOR USER: None on PORT 5986 TO MQN-CKMH5E31UM7.corp.medqia.com

EXEC (via pipeline wrapper)

ok: [MQN-CKMH5E31UM7.corp.medqia.com] => {

"changed": false,

"filtered_updates": {

"20668013-76d9-43ec-a6f2-f76fb4271642": {

"categories": [

"Definition Updates",

"Windows Defender"

],

"filtered_reason": "whitelist",

"id": "20668013-76d9-43ec-a6f2-f76fb4271642",

"installed": false,

"kb": [

"2267602"

],

"title": "Security Intelligence Update for Windows Defender Antivirus - KB2267602 (Version 1.307.2832.0)"

},

"5bb32ece-7c8c-4f07-ace1-7ba1d36736a1": {

"categories": [

"Updates",

"Windows 10"

],

"filtered_reason": "whitelist",

"id": "5bb32ece-7c8c-4f07-ace1-7ba1d36736a1",

"installed": false,

"kb": [

"4494452"

],

"title": "2019-05 Update for Windows 10 Version 1709 for x64-based Systems (KB4494452)"

},

"65ecc208-c6b1-4fce-b892-fc2c93917d76": {

"categories": [

"Drivers"

],

"filtered_reason": "whitelist",

"id": "65ecc208-c6b1-4fce-b892-fc2c93917d76",

"installed": false,

"kb": [],

"title": "Logitech - Image - 10/24/2018 12:00:00 AM - 1.3.89.0"

},

"79bfbb87-ae9d-480d-9f6f-5c82361e015d": {

"categories": [

"Upgrades"

],

"filtered_reason": "whitelist",

"id": "79bfbb87-ae9d-480d-9f6f-5c82361e015d",

"installed": false,

"kb": [

"4530684"

],

"title": "Feature update to Windows 10, version 1909"

}

},

"found_update_count": 0,

"installed_update_count": 0,

"reboot_required": false,

"updates": {}

}

TASK [Install all security updates with automatic reboots] *****************************************************************************************************************

task path: /etc/ansible/windows-playbook/windows.yml:34

win_updates: running win_updates module

Using module file /usr/lib/python2.7/dist-packages/ansible/modules/windows/win_updates.ps1

Pipelining is enabled.

<MQN-CKMH5E31UM7.corp.medqia.com> ESTABLISH WINRM CONNECTION FOR USER: None on PORT 5986 TO MQN-CKMH5E31UM7.corp.medqia.com

EXEC (via pipeline wrapper)

ok: [MQN-CKMH5E31UM7.corp.medqia.com] => {

"changed": false,

"filtered_updates": {

"20668013-76d9-43ec-a6f2-f76fb4271642": {

"categories": [

"Definition Updates",

"Windows Defender"

],

"filtered_reason": "category_names",

"id": "20668013-76d9-43ec-a6f2-f76fb4271642",

"installed": false,

"kb": [

"2267602"

],

"title": "Security Intelligence Update for Windows Defender Antivirus - KB2267602 (Version 1.307.2832.0)"

},

"5bb32ece-7c8c-4f07-ace1-7ba1d36736a1": {

"categories": [

"Updates",

"Windows 10"

],

"filtered_reason": "category_names",

"id": "5bb32ece-7c8c-4f07-ace1-7ba1d36736a1",

"installed": false,

"kb": [

"4494452"

],

"title": "2019-05 Update for Windows 10 Version 1709 for x64-based Systems (KB4494452)"

},

"65ecc208-c6b1-4fce-b892-fc2c93917d76": {

"categories": [

"Drivers"

],

"filtered_reason": "category_names",

"id": "65ecc208-c6b1-4fce-b892-fc2c93917d76",

"installed": false,

"kb": [],

"title": "Logitech - Image - 10/24/2018 12:00:00 AM - 1.3.89.0"

},

"79bfbb87-ae9d-480d-9f6f-5c82361e015d": {

"categories": [

"Upgrades"

],

"filtered_reason": "category_names",

"id": "79bfbb87-ae9d-480d-9f6f-5c82361e015d",

"installed": false,

"kb": [

"4530684"

],

"title": "Feature update to Windows 10, version 1909"

}

},

"found_update_count": 0,

"installed_update_count": 0,

"reboot_required": false,

"updates": {}

}

TASK [Ensure WinRM starts when the system has settled and is ready to work reliably] ***************************************************************************************

task path: /etc/ansible/windows-playbook/windows.yml:40

Using module file /usr/lib/python2.7/dist-packages/ansible/modules/windows/win_service.ps1

Pipelining is enabled.

<MQN-CKMH5E31UM7.corp.medqia.com> ESTABLISH WINRM CONNECTION FOR USER: None on PORT 5986 TO MQN-CKMH5E31UM7.corp.medqia.com

EXEC (via pipeline wrapper)

ok: [MQN-CKMH5E31UM7.corp.medqia.com] => {

"can_pause_and_continue": false,

"changed": false,

"depended_by": [],

"dependencies": [

"RPCSS",

"HTTP"

],

"description": "Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix.",

"desktop_interact": false,

"display_name": "Windows Remote Management (WS-Management)",

"exists": true,

"name": "WinRM",

"path": "C:\\WINDOWS\\System32\\svchost.exe -k NetworkService -p",

"start_mode": "delayed",

"state": "running",

"username": "NT AUTHORITY\\NetworkService"

}

META: ran handlers

PLAY RECAP *****************************************************************************************************************************************************************

MQN-CKMH5E31UM7.corp.medqia.com : ok=6 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

Jordan Borean

unread,

Jan 22, 2020, 4:17:28 PM1/22/20

to Ansible Project

Have a look through your output, the "filtered_updates" key show all the updates that the Windows Update Agent can find and also displays why they have been filtered in the win_updates task. So there's nothing the win_updates module is set to do because Windows is reporting no updates are available that match the criteria you are wanting.

You should see the exact same thing if you were to log onto the computer manually and search for update, Ansible isn't doing anything special here.

Jimmy Malhan

unread,

Jan 22, 2020, 4:24:26 PM1/22/20

to ansible...@googlegroups.com

Attached is the target host and it shows that it needs to be updated. I have provided the update in KB number but it's not working. and it's not rebooting too.

On Wed, Jan 22, 2020 at 1:17 PM Jordan Borean <jbor...@gmail.com> wrote:

Have a look through your output, the "filtered_updates" key show all the updates that the Windows Update Agent can find and also displays why they have been filtered in the win_updates task. So there's nothing the win_updates module is set to do because Windows is reporting no updates are available that match the criteria you are wanting.

You should see the exact same thing if you were to log onto the computer manually and search for update, Ansible isn't doing anything special here.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/d1b60c38-6cad-448e-bee3-6db9181b3f10%40googlegroups.com.

Jordan Borean

unread,

Jan 22, 2020, 4:52:17 PM1/22/20

to Ansible Project

So read your filtered updates list, you can see both updates are in there

The win_updates modules has 2 filters that are applied to available updates

It first filters the updates based on the categories that are set. By default Critical Updates, Security Updates, and Update Rollups are applied and any other filtered
From there if you have a whitelist or blacklist these filters are applied to the list

We can see that both the defender update and the feature update have been filtered due to the category name not matching from the input. If you want them to be applied you will have to add the 'Upgrades' category for the feature upgrade and the 'Windows Defender' or 'Definition Updates' for the defender update. Say you wanted to make sure that only the feature update to Windows 10, version 1909 is installed you can do

- name: ensure Windows 10 has 1909 feature upgrade installed
  win_updates:
    category_names:
    - Upgrades
    whitelist:
    - KB4530684
    reboot: yes

If you didn't care about the actual KB and want all Upgrades installed then just remove the whitelist.

Jimmy Malhan

unread,

Jan 22, 2020, 5:04:01 PM1/22/20

to ansible...@googlegroups.com

I ran through an error

here is the playbook : -

---
- hosts: windows

vars:
ansible_connection: winrm
ansible_ssh_port: 5986
anisble_winrm_transport: kerberos
ansible_winrm_server_cert_validation: ignore
validate_certs: false
ansible_winrm_scheme: https
ansibe_winrm_read_timeout_sec: 120
tasks:

- name: Install all security, critical, and rollup updates without a scheduled task
win_updates:
category_names:
- Upgrades
reboot: yes
~
~

root@ip-10-0-2-209:/etc/ansible/windows-playbook# ansible-playbook upgrades.yml

PLAY [windows] *************************************************************************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************************************************

ok: [MQN-CKMH5E31UM7.corp.medqia.com]

TASK [Install all security, critical, and rollup updates without a scheduled task] *****************************************************************************************

fatal: [MQN-CKMH5E31UM7.corp.medqia.com]: FAILED! => {"changed": false, "filtered_updates": {"48715a8c-3c38-4dfb-86e7-077be8b8663e": {"categories": ["Definition Updates", "Windows Defender"], "filtered_reason": "category_names", "id": "48715a8c-3c38-4dfb-86e7-077be8b8663e", "installed": false, "kb": ["2267602"], "title": "Security Intelligence Update for Windows Defender Antivirus - KB2267602 (Version 1.307.2839.0)"}, "5bb32ece-7c8c-4f07-ace1-7ba1d36736a1": {"categories": ["Updates", "Windows 10"], "filtered_reason": "category_names", "id": "5bb32ece-7c8c-4f07-ace1-7ba1d36736a1", "installed": false, "kb": ["4494452"], "title": "2019-05 Update for Windows 10 Version 1709 for x64-based Systems (KB4494452)"}, "65ecc208-c6b1-4fce-b892-fc2c93917d76": {"categories": ["Drivers"], "filtered_reason": "category_names", "id": "65ecc208-c6b1-4fce-b892-fc2c93917d76", "installed": false, "kb": [], "title": "Logitech - Image - 10/24/2018 12:00:00 AM - 1.3.89.0"}}, "found_update_count": 1, "installed_update_count": 0, "msg": "Failed to install update from Update Collection: Exception from HRESULT: 0x80240016", "reboot_required": false, "updates": {"79bfbb87-ae9d-480d-9f6f-5c82361e015d": {"categories": ["Upgrades"], "id": "79bfbb87-ae9d-480d-9f6f-5c82361e015d", "installed": false, "kb": ["4530684"], "title": "Feature update to Windows 10, version 1909"}}}

PLAY RECAP *****************************************************************************************************************************************************************
MQN-CKMH5E31UM7.corp.medqia.com : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0

--

You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/8e43d291-1018-4533-affe-6cb378f7f48a%40googlegroups.com.

Jimmy Malhan

unread,

Jan 22, 2020, 5:09:10 PM1/22/20

to ansible...@googlegroups.com

root@ip-10-0-2-209:/etc/ansible/windows-playbook# ansible-playbook upgrades.yml -vvv

ansible-playbook 2.9.2
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 2.7.12 (default, Oct 8 2019, 14:14:10) [GCC 5.4.0 20160609]
Using /etc/ansible/ansible.cfg as config file
host_list declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
script declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
auto declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
Parsed /etc/ansible/hosts inventory source with ini plugin

PLAYBOOK: upgrades.yml *****************************************************************************************************************************************************
1 plays in upgrades.yml

PLAY [windows] *************************************************************************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************************************************

task path: /etc/ansible/windows-playbook/upgrades.yml:2

Using module file /usr/lib/python2.7/dist-packages/ansible/modules/windows/setup.ps1
Pipelining is enabled.
<MQN-CKMH5E31UM7.corp.medqia.com> ESTABLISH WINRM CONNECTION FOR USER: None on PORT 5986 TO MQN-CKMH5E31UM7.corp.medqia.com
EXEC (via pipeline wrapper)
ok: [MQN-CKMH5E31UM7.corp.medqia.com]
META: ran handlers

TASK [Install all security, critical, and rollup updates without a scheduled task] *****************************************************************************************

task path: /etc/ansible/windows-playbook/upgrades.yml:12

win_updates: running win_updates module
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/windows/win_updates.ps1
Pipelining is enabled.
<MQN-CKMH5E31UM7.corp.medqia.com> ESTABLISH WINRM CONNECTION FOR USER: None on PORT 5986 TO MQN-CKMH5E31UM7.corp.medqia.com
EXEC (via pipeline wrapper)

Jordan Borean

unread,

Jan 22, 2020, 5:46:40 PM1/22/20

to Ansible Project

According to https://docs.microsoft.com/en-us/previous-versions/windows/desktop/hh968413(v=vs.85), the HRESULT value 0x80240016 corresponds to WU_E_INSTALL_NOT_ALLOWED

Operation tried to install while another installation was in progress or the system was pending a mandatory restart.

Sounds like you either have some other installer working in the background or a reboot is pending

Jimmy Malhan

unread,

Jan 22, 2020, 6:07:32 PM1/22/20

to ansible...@googlegroups.com

1. Well we provided reboot: yes doesn't it suppose to make mandatory reboot by itself?

2. I used the same playbook to a different instance. For some reason, it filtered out the required information but didn't install.

root@ip-10-0-2-209:/etc/ansible/windows-playbook# ansible-playbook upgrades.yml -vvv
ansible-playbook 2.9.2
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 2.7.12 (default, Oct 8 2019, 14:14:10) [GCC 5.4.0 20160609]
Using /etc/ansible/ansible.cfg as config file
host_list declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
script declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
auto declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
Parsed /etc/ansible/hosts inventory source with ini plugin

PLAYBOOK: upgrades.yml *****************************************************************************************************************************************************
1 plays in upgrades.yml

PLAY [windows] *************************************************************************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************************************************
task path: /etc/ansible/windows-playbook/upgrades.yml:2
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/windows/setup.ps1
Pipelining is enabled.

<EC2AMAZ-3FFNIJH.CORP.MEDQIA.COM> ESTABLISH WINRM CONNECTION FOR USER: None on PORT 5986 TO EC2AMAZ-3FFNIJH.CORP.MEDQIA.COM
EXEC (via pipeline wrapper)
ok: [EC2AMAZ-3FFNIJH.CORP.MEDQIA.COM]

META: ran handlers

TASK [Install all security, critical, and rollup updates without a scheduled task] *****************************************************************************************
task path: /etc/ansible/windows-playbook/upgrades.yml:12
win_updates: running win_updates module
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/windows/win_updates.ps1
Pipelining is enabled.

<EC2AMAZ-3FFNIJH.CORP.MEDQIA.COM> ESTABLISH WINRM CONNECTION FOR USER: None on PORT 5986 TO EC2AMAZ-3FFNIJH.CORP.MEDQIA.COM
EXEC (via pipeline wrapper)
ok: [EC2AMAZ-3FFNIJH.CORP.MEDQIA.COM] => {
"changed": false,
"filtered_updates": {
"68d313ad-b2ef-4722-a437-a8f4b8260ce7": {

"categories": [
"Definition Updates",
"Windows Defender"
],

"filtered_reason": "category_names",
"id": "68d313ad-b2ef-4722-a437-a8f4b8260ce7",

"installed": false,
"kb": [
"2267602"
],

"title": "Security Intelligence Update for Windows Defender Antivirus - KB2267602 (Version 1.307.2841.0)"

}
},
"found_update_count": 0,
"installed_update_count": 0,
"reboot_required": false,
"updates": {}
}

META: ran handlers
META: ran handlers

PLAY RECAP *****************************************************************************************************************************************************************

EC2AMAZ-3FFNIJH.CORP.MEDQIA.COM : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

After I installed the update manually on the server for " Security Intelligence Update for Windows Defender Antivirus - KB2267602 (Version 1.307.2841.0)". the prompt went away. Why it didn't update?

root@ip-10-0-2-209:/etc/ansible/windows-playbook# ansible-playbook upgrades.yml -vvv
ansible-playbook 2.9.2
config file = /etc/ansible/ansible.cfg
configured module search path = [u'/root/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python2.7/dist-packages/ansible
executable location = /usr/bin/ansible-playbook
python version = 2.7.12 (default, Oct 8 2019, 14:14:10) [GCC 5.4.0 20160609]
Using /etc/ansible/ansible.cfg as config file
host_list declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
script declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
auto declined parsing /etc/ansible/hosts as it did not pass its verify_file() method
Parsed /etc/ansible/hosts inventory source with ini plugin

PLAYBOOK: upgrades.yml *****************************************************************************************************************************************************
1 plays in upgrades.yml

PLAY [windows] *************************************************************************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************************************************
task path: /etc/ansible/windows-playbook/upgrades.yml:2
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/windows/setup.ps1
Pipelining is enabled.

<EC2AMAZ-3FFNIJH.CORP.MEDQIA.COM> ESTABLISH WINRM CONNECTION FOR USER: None on PORT 5986 TO EC2AMAZ-3FFNIJH.CORP.MEDQIA.COM
EXEC (via pipeline wrapper)
ok: [EC2AMAZ-3FFNIJH.CORP.MEDQIA.COM]

META: ran handlers

TASK [Install all security, critical, and rollup updates without a scheduled task] *****************************************************************************************
task path: /etc/ansible/windows-playbook/upgrades.yml:12
win_updates: running win_updates module
Using module file /usr/lib/python2.7/dist-packages/ansible/modules/windows/win_updates.ps1
Pipelining is enabled.

<EC2AMAZ-3FFNIJH.CORP.MEDQIA.COM> ESTABLISH WINRM CONNECTION FOR USER: None on PORT 5986 TO EC2AMAZ-3FFNIJH.CORP.MEDQIA.COM
EXEC (via pipeline wrapper)
ok: [EC2AMAZ-3FFNIJH.CORP.MEDQIA.COM] => {
"changed": false,
"filtered_updates": {},

"found_update_count": 0,
"installed_update_count": 0,
"reboot_required": false,
"updates": {}
}

META: ran handlers
META: ran handlers

PLAY RECAP *****************************************************************************************************************************************************************

EC2AMAZ-3FFNIJH.CORP.MEDQIA.COM : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

"

--

You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/c0009163-cfc7-49ba-a53b-8fb30f9a3e28%40googlegroups.com.

Jimmy Malhan

unread,

Jan 22, 2020, 6:10:54 PM1/22/20

to ansible...@googlegroups.com

why did it filter this time? I don't understand...

---
- hosts: windows
vars:
ansible_connection: winrm
ansible_ssh_port: 5986
anisble_winrm_transport: kerberos
ansible_winrm_server_cert_validation: ignore
validate_certs: false
ansible_winrm_scheme: https
ansibe_winrm_read_timeout_sec: 120
tasks:

- name: Install all security, critical, and rollup updates without a scheduled task
win_updates:
category_names:
- Upgrades
state: installed
reboot: yes

Jordan Borean

unread,

Jan 22, 2020, 6:30:43 PM1/22/20

to Ansible Project

Please read through the doc for win_updates again https://docs.ansible.com/ansible/latest/modules/win_updates_module.html. I've told you multiple times why updates can be filtered and in your case it's because the categories you specify don't match up with the updates that are available. Even the filtered updates entries tell you what categories they apply to and the reason why they have been filtered.

1. Well we provided reboot: yes doesn't it suppose to make mandatory reboot by itself?

In a perfect world yes but right now reboot: yes only applies to reboots that need to happen post installation, the win_updates module does not have reboots that need to occur before an update is installed. There's no reason why this isn't possible it's just not implemented.

2. I used the same playbook to a different instance. For some reason, it filtered out the required information but didn't install.

See my first comment, there's a reason why updates are filtered, it's because they are for categories you never specified.

After I installed the update manually on the server for " Security Intelligence Update for Windows Defender Antivirus - KB2267602 (Version 1.307.2841.0)". the prompt went away. Why it didn't update?

Because the update is installed it won't appear in the list anymore and once again, if the categories for an update do not match up with what you specify it will be filtered.

Jimmy Malhan

unread,

Jan 22, 2020, 6:42:31 PM1/22/20

to ansible...@googlegroups.com

Hi Jordan, thanks for explaining. My question was referenced to the playbook that you gave me as it says Upgrades. I thought if we run this it is automatically going to upgrade everything in windows host but it didn't.

tasks:
- name: Install all security, critical, and rollup updates without a scheduled task
win_updates:
category_names:
- Upgrades

reboot: yes

--

You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/e3193879-b277-44ae-905a-73ae84795e72%40googlegroups.com.

Alan Woods

unread,

Jul 7, 2020, 12:07:14 PM7/7/20

to Ansible Project

Hello I am wandering if this ever got resolved. I am also running a play book to upgrade a windows 10 box to 1909. The play book seems to run fine it says there were changes the windows 10 box re-boots several times but at the end it is not upgraded. I tried the play from this post which was:

- name: ensure Windows 10 has 1909 feature upgrade installed
win_updates:
    category_names:
    - Upgrades
    whitelist:

reboot: yes

with out the KB and it ran for hours but the windows 10 box was never updated. I also run a playbook to find what updates are needed and it keeps finding these:

{
    "updates":  {
                    "ac2b20ab-6186-4267-8d55-4b3ca35197d1":  {
                                                                 "categories":  [
                                                                                    "Upgrades"


                                                                                ],
                                                                 "title":  "Feature update to Windows 10, version 1909",


                                                                 "id":  "ac2b20ab-6186-4267-8d55-4b3ca35197d1",
                                                                 "installed":  false,
                                                                 "kb":  [
                                                                            "4560960"
                                                                        ]
                                                             }
                },
    "found_update_count":  1,
    "changed":  false,
    "reboot_required":  false,
    "installed_update_count":  0,
    "filtered_updates":  {
                             "f9d81e60-32f2-41f3-b553-2261ff953ee8":  {
                                                                          "id":  "f9d81e60-32f2-41f3-b553-2261ff953ee8",
                                                                          "filtered_reason":  "category_names",
                                                                          "title":  "Security Intelligence Update for Microsoft Defender Antivirus - KB2267602 (Version 1.319.975.0)",
                                                                          "categories":  [
                                                                                             "Definition Updates",
                                                                                             "Microsoft Defender Antivirus"
                                                                                         ],
                                                                          "kb":  [
                                                                                     "2267602"
                                                                                 ],
                                                                          "installed":  false
                                                                      }

if you were able to resolve this and get the system upgraded to 1909 I would love to know how. I also started a topic on this here that shows teh playbook I was using I have changed it several times to see if I can get it working to no avail- https://groups.google.com/forum/#!searchin/ansible-project/windows$2010$20upgrades|sort:date/ansible-project/GhF7VndaQWU/_F9eVDaIBQAJ

Reply all

Reply to author

Forward

Ansible playbook is not working on the target host but shows in play recap - OK

Jimmy

Jordan Borean

Jimmy

Jordan Borean

Jimmy

Jordan Borean

Jimmy Malhan

Jordan Borean

Jimmy Malhan

Jimmy Malhan

Jordan Borean

Jimmy Malhan

Jimmy Malhan

Jordan Borean

Jimmy Malhan

Alan Woods