Try SpotterDownload and install Windows updates
| "added in version" 2.0 of ansible.builtin"
Authors: Matt Davis (@nitzmahone)
preview | supported by core
pipInstall with pip install ansible==2.6.0
Searches, downloads, and installs Windows updates synchronously by automating the Windows Update client.
- name: Install all security, critical, and rollup updates without a scheduled task
win_updates:
category_names:
- SecurityUpdates
- CriticalUpdates
- UpdateRollups
- name: Install only security updates as a scheduled task for Server 2008
win_updates:
category_names: SecurityUpdates
use_scheduled_task: yes
- name: Search-only, return list of found updates (if any), log to C:\ansible_wu.txt
win_updates:
category_names: SecurityUpdates
state: searched
log_path: C:\ansible_wu.txt
- name: Install all security updates with automatic reboots
win_updates:
category_names:
- SecurityUpdates
reboot: yes
- name: Install only particular updates based on the KB numbers
win_updates:
category_name:
- SecurityUpdates
whitelist:
- KB4056892
- KB4073117
- name: Exlude updates based on the update title
win_updates:
category_name:
- SecurityUpdates
- CriticalUpdates
blacklist:
- Windows Malicious Software Removal Tool for Windows
- \d{4}-\d{2} Cumulative Update for Windows Server 2016
state:
choices:
- installed
- searched
default: installed
description:
- Controls whether found updates are returned as a list or actually installed.
- This module also supports Ansible check mode, which has the same effect as setting
state=searched
reboot:
default: 'no'
description:
- Ansible will automatically reboot the remote host if it is required and continue
to install updates after the reboot.
- This can be used instead of using a M(win_reboot) task after this one and ensures
all updates for that category is installed in one go.
- Async does not work when C(reboot=True).
type: bool
version_added: '2.5'
version_added_collection: ansible.builtin
log_path:
description:
- If set, C(win_updates) will append update progress to the specified file. The directory
must already exist.
blacklist:
description:
- A list of update titles or KB numbers that can be used to specify which updates
are to be excluded from installation.
- If an available update does match one of the entries, then it is skipped and not
installed.
- Each entry can either be the KB article or Update title as a regex according to
the PowerShell regex rules.
version_added: '2.5'
version_added_collection: ansible.builtin
whitelist:
description:
- A list of update titles or KB numbers that can be used to specify which updates
are to be searched or installed.
- If an available update does not match one of the entries, then it is skipped and
not installed.
- Each entry can either be the KB article or Update title as a regex according to
the PowerShell regex rules.
- The whitelist is only validated on updates that were found based on I(category_names).
It will not force the module to install an update if it was not in the category
specified.
version_added: '2.5'
version_added_collection: ansible.builtin
category_names:
choices:
- Application
- Connectors
- CriticalUpdates
- DefinitionUpdates
- DeveloperKits
- FeaturePacks
- Guidance
- SecurityUpdates
- ServicePacks
- Tools
- UpdateRollups
- Updates
default:
- CriticalUpdates
- SecurityUpdates
- UpdateRollups
description:
- A scalar or list of categories to install updates from
reboot_timeout:
default: 1200
description:
- The time in seconds to wait until the host is back online from a reboot.
- This is only used if C(reboot=True) and a reboot is required.
version_added: '2.5'
version_added_collection: ansible.builtin
use_scheduled_task:
default: 'no'
description:
- Will not auto elevate the remote process with I(become) and use a scheduled task
instead.
- Set this to C(yes) when using this module with async on Server 2008, 2008 R2, or
Windows 7, or on Server 2008 that is not authenticated with basic or credssp.
- Can also be set to C(yes) on newer hosts where become does not work due to further
privilege restrictions from the OS defaults.
type: bool
version_added: '2.6'
version_added_collection: ansible.builtin
failed_update_count:
description: The number of updates that failed to install
returned: always
sample: 0
type: int
filtered_updates:
contains: {}
description: List of updates that were found but were filtered based on I(blacklist)
or I(whitelist). The return value is in the same form as I(updates).
returned: success
sample: see the updates return value
type: complex
found_update_count:
description: The number of updates found needing to be applied
returned: success
sample: 3
type: int
installed_update_count:
description: The number of updates successfully installed
returned: success
sample: 2
type: int
reboot_required:
description: True when the target server requires a reboot to complete updates (no
further updates can be installed until after a reboot)
returned: success
sample: true
type: boolean
updates:
contains:
failure_hresult_code:
description: The HRESULT code from a failed update
returned: on install failure
sample: 2147942402
type: boolean
id:
description: Internal Windows Update GUID
returned: always
sample: fb95c1c8-de23-4089-ae29-fd3351d55421
type: string (guid)
installed:
description: Was the update successfully installed
returned: always
sample: true
type: boolean
kb:
description: A list of KB article IDs that apply to the update
returned: always
sample:
- '3004365'
type: list of strings
title:
description: Display name
returned: always
sample: Security Update for Windows Server 2012 R2 (KB3004365)
type: string
description: List of updates that were found/installed
returned: success
sample: null
type: complex