how to install a specific KB from windows update

[Tony Wong]

I am trying to install a specific update KB4541509

but it is not getting installed. I got the playbook running but not getting installed

here is from the ansible win log

2020-05-17 10:22:51Z Creating Windows Update session...

2020-05-17 10:22:51Z Create Windows Update searcher...

2020-05-17 10:22:51Z Setting the Windows Update Agent source catalog...

2020-05-17 10:22:51Z Requested search source is 'windows_update'

2020-05-17 10:22:51Z Search source set to 'windows_update' (ServerSelection = 2)

2020-05-17 10:22:51Z Searching for updates to install

2020-05-17 10:28:12Z Found 6 updates

2020-05-17 10:28:12Z Creating update collection...

2020-05-17 10:28:12Z Skipping update d1fe2427-174b-4b7b-ba04-69aa90060d12 - Microsoft .NET Framework 4.8 for Windows Server 2012 R2 for x64 (KB4486105) as it was not found in the whitelist

2020-05-17 10:28:12Z Skipping update ce061df5-b9f2-475f-9850-50ad5b7b9693 - 2020-02 Security Update for Adobe Flash Player for Windows Server 2012 R2 for x64-based Systems (KB4537759) as it was not found in the whitelist

2020-05-17 10:28:12Z Skipping update ebfa39a3-52fe-4ff1-b7d4-375ad1654c04 - 2020-03 Servicing Stack Update for Windows Server 2012 R2 for x64-based Systems (KB4540725) as it was not found in the whitelist

2020-05-17 10:28:12Z Skipping update 533cf583-0396-4862-a1d5-6200a46f82ba - 2020-05 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Server 2012 R2 for x64 (KB4556401) as it was not found in the whitelist

2020-05-17 10:28:12Z Skipping update 2221dd34-39bb-4f16-b320-be49fe4a6b95 - Windows Malicious Software Removal Tool x64 - v5.82 (KB890830) as it was not found in the whitelist

2020-05-17 10:28:12Z Skipping update 4aeb4fc1-39c2-4514-be30-33e57845a002 - 2020-05 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB4556846) as it was not found in the whitelist

2020-05-17 10:28:12Z Calculating pre-install reboot requirement...

2020-05-17 10:28:12Z Native job completed with output: 

Name                           Value                                                                                                                                                                                                                                                                        

----                           -----                                                                                                                                                                                                                                                                        

updates                        {}                                                                                                                                                                                                                                                                           

found_update_count             0                                                                                                                                                                                                                                                                            

changed                        False                                                                                                                                                                                                                                                                        

reboot_required                False                                                                                                                                                                                                                                                                        

installed_update_count         0                                                                                                                                                                                                                                                                            

filtered_updates               {2221dd34-39bb-4f16-b320-be49fe4a6b95, 4aeb4fc1-39c2-4514-be30-33e57845a002, d1fe2427-174b-4b7b-ba04-69aa90060d12, ce061df5-b9f2-475f-9850-50ad5b7b9693...}                                                                                                                  

not sure why it was looking for those KB as I whitelisted only 1 KB to install

[David Foley]

When you Run Windows Update it returns all available Updates as you can see from your Output it's skipping as they aren't in the Whitelist

Your WHEN statement is wrong.  you need to Set it to something like when: update_result.reboot_required == True 

[Tony Wong]

this is my error

FAILED! => {"msg": "The conditional check 'update_result.reboot_required == true' failed. The error was: error while evaluating conditional (update_result.reboot_required == true): 'update_result' is undefined\n\nThe error appears to be in '/home/tony/windows/install_windows_KBxxxxx_updates.yml': line 15, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n    - name: reboot host if required\n      ^ here\n"}

[Dick Visser]

Your register statement on the win_updates task is incorrectly indented

On Mon, 18 May 2020 at 07:00, Tony Wong <tdub...@gmail.com> wrote:
>
> this is my error
>
>
> FAILED! => {"msg": "The conditional check 'update_result.reboot_required == true' failed. The error was: error while evaluating conditional (update_result.reboot_required == true): 'update_result' is undefined\n\nThe error appears to be in '/home/tony/windows/install_windows_KBxxxxx_updates.yml': line 15, column 7, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n - name: reboot host if required\n ^ here\n"}
>

> --
> You received this message because you are subscribed to the Google Groups "Ansible Project" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to ansible-proje...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/14e35a8f-ec2c-483c-ad83-008e4cf0445b%40googlegroups.com.



--
Dick Visser
Trust & Identity Service Operations Manager
GÉANT

[Tony Wong]

Thank you

To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/CAL8fbwM7DAVJRUGpKRJh0%3DPfDrMGWJiN%2BypKPuEjkCnq4rWRKQ%40mail.gmail.com.

[Tony Wong]

any idea how I would installed one specific KB and ignore anything else from windows update?

would it be like this?

---
- name: Install updates on whitelist
  hosts: all
  tasks:
    - name: Install windows updates
      win_updates:
        category_names:
        - CriticalUpdates
        - SecurityUpdates

   whitelist:

    - KB4056892

    - KB4073117

        server_selection: windows_update
        state: installed
        log_path: c:\ansible_wu.txt
      register: update_result

    - name: reboot host if required

      win_reboot:
      when: update_result.reboot_required == true

[David Foley]

It seems every Question you post in here 90% of the troubleshooting seems to be issues around your indentation, I'll recommend reading up on the basic of Ansible and how yaml works if your having issues like these... Also can you Please fix this from the code you have above, Run it and see what error comes out from it ? 

If you read the Ansible Doc on Win_update https://docs.ansible.com/ansible/latest/modules/win_updates_module.html   You code seems fine, again Run it and see what issues you get..