installing windows updates on windows hosts

[Tony Wong]

---

- name: Install all critical and security updates

  hosts: all

  win_updates:

    category_names:

    - CriticalUpdates

    - SecurityUpdates

    state: installed

  register: update_result

- name: Reboot host if required

  win_reboot:

  when: update_result.reboot_required

but getting this

ERROR! 'win_updates' is not a valid attribute for a Play

The error appears to be in '/home/tony/windows/install_windows_updates.yml': line 2, column 3, but may

be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

---

- name: Install all critical and security updates

  ^ here

[harry devine]

Your “hosts” line needs to be before the - name line. 

Harry

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/ad2e6e39-2858-42dc-836a-9edb29f22736%40googlegroups.com.

[David Foley]

Also appears you are missing the Tasks: element in your playbook

[Tony Wong]

change some indentation and it went through but still getting errors

On Wed, May 13, 2020 at 3:45 PM David Foley <david...@mycit.ie> wrote:

Also appears you are missing the Tasks: element in your playbook

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/6e144217-99a6-4ee1-b03c-7da997a244e3%40googlegroups.com.

[David Foley]

Again you seem to be missing vaules

reboot: yes
When: """

[Tony Wong]

I am not sure what it should be

I logged everything to a file and doesnt look like any updates but still getting this error

TASK [Reboot host if required] ******************************************************************************************
fatal: [10.50.1.231]: FAILED! => {"changed": false, "msg": "Invalid options for win_reboot: when"}

log on my win host:

2020-05-14 09:47:08Z WUA is available in current logon process, running natively
2020-05-14 09:47:08Z Creating Windows Update session...
2020-05-14 09:47:08Z Create Windows Update searcher...
2020-05-14 09:47:08Z Setting the Windows Update Agent source catalog...
2020-05-14 09:47:08Z Requested search source is 'default'
2020-05-14 09:47:08Z Search source set to 'default' (ServerSelection = 0)
2020-05-14 09:47:08Z Searching for updates to install
2020-05-14 09:47:11Z Found 0 updates
2020-05-14 09:47:11Z Creating update collection...
2020-05-14 09:47:11Z Calculating pre-install reboot requirement...
2020-05-14 09:47:11Z Native job completed with output:
Name                           Value                                                                                                                                                                                                                                                                        
----                           -----                                                                                                                                                                                                                                                                        
updates                        {}                                                                                                                                                                                                                                                                          
found_update_count             0                                                                                                                                                                                                                                                                            
changed                        False                                                                                                                                                                                                                                                                        
reboot_required                False                                                                                                                                                                                                                                                                        
installed_update_count         0                                                                                                                                                                                                                                                                            
filtered_updates               {}                                                                                                                                                                                                                                                                           

--
You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/719f19da-9014-4fde-beaa-d97f6666c617%40googlegroups.com.

[Tony Wong]

Just found out when I run windows update manually on the machine, there were 3 updates that ansible didnt report back?

why is that

[Jordan Borean]

TASK [Reboot host if required] ******************************************************************************************

fatal: [10.50.1.231]: FAILED! => {"changed": false, "msg": "Invalid options for win_reboot: when"}

I can't see you task but this sounds like your when clause is not indented correctly. You have it as a module option for win_reboot when it should be on the same indentation as the module name.

Just found out when I run windows update manually on the machine, there were 3 updates that ansible didnt report back?

From your screenshot it indicated those updates are only available through the public Windows Update catalogue and not your org's WSUS catalog. The win_updates module defaults to whatever the OS settings are so if you have a WSUS server configured it will only look there by default. In Ansible 2.8 and newer you can use the 'server_selection' option as documented [1] to force win_updates to check the public Windows update catalog and not the configured WSUS server.

[1] - https://docs.ansible.com/ansible/latest/modules/win_updates_module.html

[Tony Wong]

nice thank you.

Do I need to specify the win_reboot module?

here is my playbook

---

- name: Install all critical and security updates

  hosts: all

  tasks:

    - name: Install windows updates

      win_updates:

        category_names:

        - CriticalUpdates

        - SecurityUpdates

        server_selection: windows_update

        state: downloaded

        log_path: c:\ansible_wu.txt

        register: update_result

        reboot: yes

        reboot_timeout: 60

also noticed that when installing windows update there is no progress bar or cant see the progress. is there a way to get that from ansible?

[Tony Wong]

I got 2 updates installed on the windows host. but in my task it just errored out after the host rebooted. should i be doing something to my playbook here?

--

You received this message because you are subscribed to the Google Groups "Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/5ff8d90b-95d7-44cd-aba7-5c8371b4d64e%40googlegroups.com.