Try SpotterDownload and install Windows updates
| "added in version" 2.0 of ansible.builtin"
Authors: Matt Davis (@nitzmahone)
preview | supported by core
pipInstall with pip install ansible==2.5.15
Searches, downloads, and installs Windows updates synchronously by automating the Windows Update client
- name: Install all security, critical, and rollup updates
win_updates:
category_names:
- SecurityUpdates
- CriticalUpdates
- UpdateRollups
- name: Install only security updates
win_updates:
category_names: SecurityUpdates
- name: Search-only, return list of found updates (if any), log to c:\ansible_wu.txt
win_updates:
category_names: SecurityUpdates
state: searched
log_path: c:\ansible_wu.txt
- name: Install all security updates with automatic reboots
win_updates:
category_names:
- SecurityUpdates
reboot: yes
- name: Install only particular updates based on the KB numbers
win_updates:
category_name:
- SecurityUpdates
whitelist:
- KB4056892
- KB4073117
- name: Exlude updates based on the update title
win_updates:
category_name:
- SecurityUpdates
- CriticalUpdates
blacklist:
- Windows Malicious Software Removal Tool for Windows
- \d{4}-\d{2} Cumulative Update for Windows Server 2016
# Note async works on Windows Server 2012 or newer - become must be explicitly set on the task for this to work
- name: Search for Windows updates asynchronously
win_updates:
category_names:
- SecurityUpdates
state: searched
async: 180
poll: 10
register: updates_to_install
become: yes
become_method: runas
become_user: SYSTEM
# Async can also be run in the background in a fire and forget fashion
- name: Search for Windows updates asynchronously (poll and forget)
win_updates:
category_names:
- SecurityUpdates
state: searched
async: 180
poll: 0
register: updates_to_install_async
- name: get status of Windows Update async job
async_status:
jid: '{{ updates_to_install_async.ansible_job_id }}'
register: updates_to_install_result
become: yes
become_method: runas
become_user: SYSTEM
state:
choices:
- installed
- searched
default: installed
description:
- Controls whether found updates are returned as a list or actually installed.
- This module also supports Ansible check mode, which has the same effect as setting
state=searched
required: false
reboot:
default: 'no'
description:
- Ansible will automatically reboot the remote host if it is required and continue
to install updates after the reboot.
- This can be used instead of using a M(win_reboot) task after this one and ensures
all updates for that category is installed in one go.
- Async does not work when C(reboot=True).
type: bool
version_added: '2.5'
version_added_collection: ansible.builtin
log_path:
description:
- If set, C(win_updates) will append update progress to the specified file. The directory
must already exist.
required: false
blacklist:
description:
- A list of update titles or KB numbers that can be used to specify which updates
are to be excluded from installation.
- If an available update does match one of the entries, then it is skipped and not
installed.
- Each entry can either be the KB article or Update title as a regex according to
the PowerShell regex rules.
required: false
version_added: '2.5'
version_added_collection: ansible.builtin
whitelist:
description:
- A list of update titles or KB numbers that can be used to specify which updates
are to be searched or installed.
- If an available update does not match one of the entries, then it is skipped and
not installed.
- Each entry can either be the KB article or Update title as a regex according to
the PowerShell regex rules.
- The whitelist is only validated on updates that were found based on I(category_names).
It will not force the module to install an update if it was not in the category
specified.
required: false
version_added: '2.5'
version_added_collection: ansible.builtin
category_names:
choices:
- Application
- Connectors
- CriticalUpdates
- DefinitionUpdates
- DeveloperKits
- FeaturePacks
- Guidance
- SecurityUpdates
- ServicePacks
- Tools
- UpdateRollups
- Updates
default:
- CriticalUpdates
- SecurityUpdates
- UpdateRollups
description:
- A scalar or list of categories to install updates from
required: false
reboot_timeout:
default: 1200
description:
- The time in seconds to wait until the host is back online from a reboot.
- This is only used if C(reboot=True) and a reboot is required.
version_added: '2.5'
version_added_collection: ansible.builtin
failed_update_count:
description: The number of updates that failed to install
returned: always
sample: 0
type: int
filtered_updates:
contains: {}
description: List of updates that were found but were filtered based on I(blacklist)
or I(whitelist). The return value is in the same form as I(updates).
returned: success
sample: see the updates return value
type: complex
found_update_count:
description: The number of updates found needing to be applied
returned: success
sample: 3
type: int
installed_update_count:
description: The number of updates successfully installed
returned: success
sample: 2
type: int
reboot_required:
description: True when the target server requires a reboot to complete updates (no
further updates can be installed until after a reboot)
returned: success
sample: true
type: boolean
updates:
contains:
failure_hresult_code:
description: The HRESULT code from a failed update
returned: on install failure
sample: 2147942402
type: boolean
id:
description: Internal Windows Update GUID
returned: always
sample: fb95c1c8-de23-4089-ae29-fd3351d55421
type: string (guid)
installed:
description: Was the update successfully installed
returned: always
sample: true
type: boolean
kb:
description: A list of KB article IDs that apply to the update
returned: always
sample:
- '3004365'
type: list of strings
title:
description: Display name
returned: always
sample: Security Update for Windows Server 2012 R2 (KB3004365)
type: string
description: List of updates that were found/installed
returned: success
sample: null
type: complex