ansible / ansible.builtin / v2.6.0 / module / win_updates Download and install Windows updates | "added in version" 2.0 of ansible.builtin" Authors: Matt Davis (@nitzmahone) preview | supported by coreansible.builtin.win_updates (v2.6.0) — module
pip
Install with pip install ansible==2.6.0
Searches, downloads, and installs Windows updates synchronously by automating the Windows Update client.
- name: Install all security, critical, and rollup updates without a scheduled task win_updates: category_names: - SecurityUpdates - CriticalUpdates - UpdateRollups
- name: Install only security updates as a scheduled task for Server 2008 win_updates: category_names: SecurityUpdates use_scheduled_task: yes
- name: Search-only, return list of found updates (if any), log to C:\ansible_wu.txt win_updates: category_names: SecurityUpdates state: searched log_path: C:\ansible_wu.txt
- name: Install all security updates with automatic reboots win_updates: category_names: - SecurityUpdates reboot: yes
- name: Install only particular updates based on the KB numbers win_updates: category_name: - SecurityUpdates whitelist: - KB4056892 - KB4073117
- name: Exlude updates based on the update title win_updates: category_name: - SecurityUpdates - CriticalUpdates blacklist: - Windows Malicious Software Removal Tool for Windows - \d{4}-\d{2} Cumulative Update for Windows Server 2016
state: choices: - installed - searched default: installed description: - Controls whether found updates are returned as a list or actually installed. - This module also supports Ansible check mode, which has the same effect as setting state=searched reboot: default: 'no' description: - Ansible will automatically reboot the remote host if it is required and continue to install updates after the reboot. - This can be used instead of using a M(win_reboot) task after this one and ensures all updates for that category is installed in one go. - Async does not work when C(reboot=True). type: bool version_added: '2.5' version_added_collection: ansible.builtin log_path: description: - If set, C(win_updates) will append update progress to the specified file. The directory must already exist. blacklist: description: - A list of update titles or KB numbers that can be used to specify which updates are to be excluded from installation. - If an available update does match one of the entries, then it is skipped and not installed. - Each entry can either be the KB article or Update title as a regex according to the PowerShell regex rules. version_added: '2.5' version_added_collection: ansible.builtin whitelist: description: - A list of update titles or KB numbers that can be used to specify which updates are to be searched or installed. - If an available update does not match one of the entries, then it is skipped and not installed. - Each entry can either be the KB article or Update title as a regex according to the PowerShell regex rules. - The whitelist is only validated on updates that were found based on I(category_names). It will not force the module to install an update if it was not in the category specified. version_added: '2.5' version_added_collection: ansible.builtin category_names: choices: - Application - Connectors - CriticalUpdates - DefinitionUpdates - DeveloperKits - FeaturePacks - Guidance - SecurityUpdates - ServicePacks - Tools - UpdateRollups - Updates default: - CriticalUpdates - SecurityUpdates - UpdateRollups description: - A scalar or list of categories to install updates from reboot_timeout: default: 1200 description: - The time in seconds to wait until the host is back online from a reboot. - This is only used if C(reboot=True) and a reboot is required. version_added: '2.5' version_added_collection: ansible.builtin use_scheduled_task: default: 'no' description: - Will not auto elevate the remote process with I(become) and use a scheduled task instead. - Set this to C(yes) when using this module with async on Server 2008, 2008 R2, or Windows 7, or on Server 2008 that is not authenticated with basic or credssp. - Can also be set to C(yes) on newer hosts where become does not work due to further privilege restrictions from the OS defaults. type: bool version_added: '2.6' version_added_collection: ansible.builtin
failed_update_count: description: The number of updates that failed to install returned: always sample: 0 type: int filtered_updates: contains: {} description: List of updates that were found but were filtered based on I(blacklist) or I(whitelist). The return value is in the same form as I(updates). returned: success sample: see the updates return value type: complex found_update_count: description: The number of updates found needing to be applied returned: success sample: 3 type: int installed_update_count: description: The number of updates successfully installed returned: success sample: 2 type: int reboot_required: description: True when the target server requires a reboot to complete updates (no further updates can be installed until after a reboot) returned: success sample: true type: boolean updates: contains: failure_hresult_code: description: The HRESULT code from a failed update returned: on install failure sample: 2147942402 type: boolean id: description: Internal Windows Update GUID returned: always sample: fb95c1c8-de23-4089-ae29-fd3351d55421 type: string (guid) installed: description: Was the update successfully installed returned: always sample: true type: boolean kb: description: A list of KB article IDs that apply to the update returned: always sample: - '3004365' type: list of strings title: description: Display name returned: always sample: Security Update for Windows Server 2012 R2 (KB3004365) type: string description: List of updates that were found/installed returned: success sample: null type: complex