windows update playbook failed

[Tony Wong]

I brought up a new 2012 server and decided to use anisble to patch it. 

but it failed on some patches

fatal: [vasvw-winpsctst]: FAILED! => {
    "changed": true,
    "failed_update_count": 0,
    "filtered_updates": {
        "2221dd34-39bb-4f16-b320-be49fe4a6b95": {
            "categories": [
                "Update Rollups",
                "Windows Server 2012 R2"
            ],
            "filtered_reason": "category_names",
            "id": "2221dd34-39bb-4f16-b320-be49fe4a6b95",
            "installed": false,
            "kb": [
                "890830"
            ],
            "title": "Windows Malicious Software Removal Tool x64 - v5.82 (KB890830)"
        },
        "7aba6a05-fb0e-4002-a1d1-eb272c2df7c3": {
            "categories": [
                "Updates",
                "Windows Server 2012 R2"
            ],
            "filtered_reason": "category_names",
            "id": "7aba6a05-fb0e-4002-a1d1-eb272c2df7c3",
            "installed": false,
            "kb": [
                "4462930"
            ],
            "title": "Update for Adobe Flash Player for Windows Server 2012 R2 (KB4462930)"
        },
        "d1fe2427-174b-4b7b-ba04-69aa90060d12": {
            "categories": [
                "Feature Packs",
                "Windows Server 2012 R2"
            ],
            "filtered_reason": "category_names",
            "id": "d1fe2427-174b-4b7b-ba04-69aa90060d12",
            "installed": false,
            "kb": [

my playbook

---
- name: Install all critical and security updates
  hosts: all
  tasks:
    - name: Install windows updates
      win_updates:
        category_names:
        - CriticalUpdates
        - SecurityUpdates
        server_selection: windows_update
        state: installed
        log_path: c:\ansible_wu.txt
        register: update_result
        reboot: yes
        reboot_timeout: 60

[Tony Wong]

also what is the difference with having 

reboot: yes

vs

- name: reboot host if required

          win_reboot:

          when: update_result.reboot_required

[Jordan Borean]

It didn’t fail on any patches, the ones listed were filtered because they didn’t match any of the categories you listed in the task.

The difference between reboot: yes and win_reboot is that the former will reboot during the win_updates take and continue to check if there are more updates available. I highly recommend you use the reboot: yes instead of win_reboot as it is better at handling reboots that take a long time to come back online compared to win_reboot.

[Tony Wong]

Thank you

What else can I add to this playbook?

On Sat, Jun 6, 2020 at 2:23 PM Jordan Borean <jbor...@gmail.com> wrote:

It didn’t fail on any patches, the ones listed were filtered because they didn’t match any of the categories you listed in the task.

The difference between reboot: yes and win_reboot is that the former will reboot during the win_updates take and continue to check if there are more updates available. I highly recommend you use the reboot: yes instead of win_reboot as it is better at handling reboots that take a long time to come back online compared to win_reboot.

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ca260ffe-d583-4c4e-ad29-e600e01e8c0co%40googlegroups.com.