Running Ansible windows-update from Packer permissions error

25 views
Skip to first unread message

Stephen Bennett

unread,
Sep 9, 2019, 4:03:21 PM9/9/19
to Packer
Hi, 

I have ansible doing application installs and everything else (Ie must be running in admin) i want from a packer build, but when it comes to running a ansible windows-update it errors out with: 

TASK [Install all security, critical, and rollup updates] **********************
amazon-ebs: An exception occurred during task execution. To see the full traceback, use -vvv. The error was: KeyError: 'runas'
amazon-ebs: fatal: [default]: FAILED! => {"msg": "Unexpected failure during module execution.", "stdout": ""}
amazon-ebs:     to retry, use: --limit @/home/vsts/work/1/s/packer/hardening-win/ansible/hardening.retry


Ansible file: 

---
- hosts: all
tasks:
- name: Install all security, critical, and rollup updates
win_updates:
category_names:
- SecurityUpdates
- CriticalUpdates
- UpdateRollups

- hosts: all
tasks:
- name: Reboot, if needed
win_reboot:
when: update_result.reboot_required


Packer provisioner: 

{
"type": "ansible",
"playbook_file": "{{ template_dir }}/ansible/hardening.yml",
"extra_arguments": [
"--connection", "packer",
"--extra-vars", "ansible_shell_type=powershell ansible_shell_executable=None"
]
}


Any ideas on a fix or a better way to do windows patching? 

Thanks 
S










trey perrone

unread,
Sep 10, 2019, 1:34:25 PM9/10/19
to Packer
I've seen the same an Windows updates using ansible (regardless of packer).

Do a register on the ansible task, then use retry, delay, and until. The until should look for something in the register like a return value found_update_count = 0. just typing on my phone so you probably want to ignore errors and debug the register to find a value that suits you.

trey perrone

unread,
Sep 13, 2019, 1:49:21 PM9/13/19
to Packer
Also, i apparently didn't read it all...derp.

I do not have an issue running my similar playbooks with packer and the normal admin account w autogenerated password. Are you elevating or changing user contexts somewhere else in ansible.cfg, etc? i dont see become or become_method in your playbooks attached. If you are using an account with admin priv on the windows box, then there shouldn't be a need to elevate/runas.

Stephen Bennett

unread,
Sep 16, 2019, 4:08:29 PM9/16/19
to Packer
Hi Trey, 

Thanks for the reply and apologies for the late reply.

Attached full playbook and packer file to see if that helps. rather new to both, so stumbling along. Will read up on register etc and try them! thanks .

S
packer.json
hardening.yml
Reply all
Reply to author
Forward
0 new messages