Try SpotterDownload and install Windows updates
Authors: Matt Davis (@nitzmahone)
This plugin has a corresponding action plugin.
Install with ansible-galaxy collection install ansible.windows:==2.3.0
collections:
- name: ansible.windows
version: 2.3.0Searches, downloads, and installs Windows updates synchronously by automating the Windows Update client.
- name: Install all updates and reboot as many times as needed
ansible.windows.win_updates:
category_names: '*'
reboot: true
- name: Set a server alive interval during update stage for the ssh connection plugin
ansible.windows.win_updates:
category_names: '*'
reboot: true
vars:
# This can be set in a few ways, see the ssh connection plugin for more
# information. ControlMaster should be disabled to ensure the new timeout
# value is applied for this connection instead of through the cached
# connection.
ansible_ssh_args: -o ControlMaster=no -o ServerAliveInterval=30
- name: Install all security, critical, and rollup updates without a scheduled task
ansible.windows.win_updates:
category_names:
- SecurityUpdates
- CriticalUpdates
- UpdateRollups
become: true
become_method: runas
become_user: SYSTEM
- name: Search-only, return list of found updates (if any), log to C:\ansible_wu.txt
ansible.windows.win_updates:
category_names: SecurityUpdates
state: searched
log_path: C:\ansible_wu.txt
- name: Install all security updates with automatic reboots
ansible.windows.win_updates:
category_names:
- SecurityUpdates
reboot: true
- name: Install only particular updates based on the KB numbers
ansible.windows.win_updates:
category_names:
- SecurityUpdates
accept_list:
- KB4056892
- KB4073117
- name: Exclude updates based on the update title
ansible.windows.win_updates:
category_names:
- SecurityUpdates
- CriticalUpdates
reject_list:
- Windows Malicious Software Removal Tool for Windows
- \d{4}-\d{2} Cumulative Update for Windows Server 2016
# Optionally, you can increase the reboot_timeout to survive long updates during reboot
- name: Ensure we wait long enough for the updates to be applied during reboot
ansible.windows.win_updates:
reboot: true
reboot_timeout: 3600
# Search and download Windows updates
- name: Search and download Windows updates without installing them
ansible.windows.win_updates:
state: downloaded
state:
choices:
- installed
- searched
- downloaded
default: installed
description:
- Controls whether found updates are downloaded or installed or listed
- This module also supports Ansible check mode, which has the same effect as setting
state=searched
type: str
reboot:
default: false
description:
- Ansible will automatically reboot the remote host if it is required and continue
to install updates after the reboot.
- This can be used instead of using a M(ansible.windows.win_reboot) task after this
one and ensures all updates for that category is installed in one go.
- Async does not work when C(reboot=true).
type: bool
log_path:
description:
- If set, C(win_updates) will append update progress to the specified file. The directory
must already exist.
type: path
_operation:
choices:
- start
- cancel
- poll
default: start
description:
- Internal use only.
type: str
accept_list:
description:
- A list of update titles or KB numbers that can be used to specify which updates
are to be searched or installed.
- If an available update does not match one of the entries, then it is skipped and
not installed.
- Each entry can either be the KB article or Update title as a regex according to
the PowerShell regex rules.
- The accept list is only validated on updates that were found based on I(category_names).
It will not force the module to install an update if it was not in the category
specified.
elements: str
type: list
reject_list:
description:
- A list of update titles or KB numbers that can be used to specify which updates
are to be excluded from installation.
- If an available update does match one of the entries, then it is skipped and not
installed.
- Each entry can either be the KB article or Update title as a regex according to
the PowerShell regex rules.
elements: str
type: list
skip_optional:
default: false
description:
- Skip optional updates where the update has BrowseOnly set by Microsoft.
- Microsoft documents show that BrowseOnly means that the update should not be installed
automatically and appear as optional updates.
type: bool
version_added: 1.8.0
version_added_collection: ansible.windows
category_names:
default:
- CriticalUpdates
- SecurityUpdates
- UpdateRollups
description:
- A scalar or list of categories to install updates from. To get the list of categories,
run the module with C(state=searched). The category must be the full category string,
but is case insensitive.
- Some possible categories are Application, Connectors, Critical Updates, Definition
Updates, Developer Kits, Feature Packs, Guidance, Security Updates, Service Packs,
Tools, Update Rollups, Updates, and Upgrades.
- Since C(v1.7.0) the value C(*) will match all categories.
elements: str
type: list
reboot_timeout:
default: 1200
description:
- The time in seconds to wait until the host is back online from a reboot.
- This is only used if C(reboot=true) and a reboot is required.
type: int
server_selection:
choices:
- default
- managed_server
- windows_update
default: default
description:
- Defines the Windows Update source catalog.
- C(default) Use the default search source. For many systems default is set to the
Microsoft Windows Update catalog. Systems participating in Windows Server Update
Services (WSUS) or similar corporate update server environments may default to those
managed update sources instead of the Windows Update catalog.
- C(managed_server) Use a managed server catalog. For environments utilizing Windows
Server Update Services (WSUS) or similar corporate update servers, this option selects
the defined corporate update source.
- C(windows_update) Use the Microsoft Windows Update catalog.
type: str
_operation_options:
description:
- Internal use only.
type: dict
failed_update_count:
description: The number of updates that failed to install.
returned: always
sample: 0
type: int
filtered_updates:
contains:
filtered_reason:
description:
- The reason why this update was filtered.
- This value has been deprecated since C(1.7.0), use C(filtered_reasons) which
contain a list of all the reasons why the update is filtered.
returned: always
sample: skip_hidden
type: str
filtered_reasons:
description:
- A list of reasons why the update has been filtered.
- Can be C(accept_list), C(reject_list), C(hidden), C(category_names), or C(skip_optional).
elements: str
sample:
- category_names
- accept_list
type: list
version_added: 1.7.0
version_added_collection: ansible.windows
description: Updates that were found but were filtered based on I(blacklist), I(whitelist)
or I(category_names). The return value is in the same form as I(updates), along
with I(filtered_reason).
returned: success
sample: see the updates return value
type: dict
found_update_count:
description: The number of updates found needing to be applied.
returned: success
sample: 3
type: int
installed_update_count:
description: The number of updates successfully installed or downloaded.
returned: success
sample: 2
type: int
reboot_required:
description: True when the target server requires a reboot to complete updates (no
further updates can be installed until after a reboot).
returned: success
sample: true
type: bool
rebooted:
description:
- Set to C(true) when the target Windows host has been rebooted by C(win_updates).
returned: success
sample: false
type: bool
version_added: 1.14.0
version_added_collection: ansible.windows
updates:
contains:
categories:
description: A list of category strings for this update.
elements: str
returned: always
sample:
- Critical Updates
- Windows Server 2012 R2
type: list
downloaded:
description: Was the update downloaded.
returned: always
sample: true
type: bool
version_added: 1.7.0
version_added_collection: ansible.windows
failure_hresult_code:
description: The HRESULT code from a failed update.
returned: on install or download failure
sample: 2147942402
type: bool
failure_msg:
description: The error message with more details on the failure.
returned: on install or download failure and not running with async
sample: Operation did not complete because there is no logged-on interactive
user (WU_E_NO_INTERACTIVE_USER 0x80240020)
type: str
version_added: 1.7.0
version_added_collection: ansible.windows
id:
description: Internal Windows Update GUID.
returned: always
sample: fb95c1c8-de23-4089-ae29-fd3351d55421
type: str
installed:
description: Was the update successfully installed.
returned: always
sample: true
type: bool
kb:
description: A list of KB article IDs that apply to the update.
elements: str
returned: always
sample:
- '3004365'
type: list
title:
description: Display name.
returned: always
sample: Security Update for Windows Server 2012 R2 (KB3004365)
type: str
description:
- Updates that were found/installed.
- The key for each update is the C(id) of the update.
returned: success
sample: null
type: dict