Ansible Pilot

Rolling Update Windows-like systems - Ansible module win_updates

How to automate the Windows Update process and rebook if needed on Windows-like systems using Ansible Playbook and win_updates module.

March 15, 2022
Access the Complete Video Course and Learn Quick Ansible by 200+ Practical Lessons

How to perform Rolling Update with Ansible on Windows-like systems?

Every System Administrator knows how important is to maintain an up-to-date fleet in a consistent state. I’m going to show you a live demo with some simple Ansible code. I’m Luca Berton and welcome to today’s episode of Ansible Pilot

Ansible Rolling Update Windows-like systems

Today we’re talking about the Ansible module win_updates. The full name is ansible.windows.win_updates , which means that is part of the collection of modules specialized to interact with Windows target host. It’s a module pretty stable and out for years. It works in Windows and Windows Server operating systems. It downloads and installs Windows updates. For Linux target use the yum module for RedHat-like systems, apt for Debian-like, and zypper for Suse-like.

Parameters

The parameter list is pretty wide but today we are focused only on the relevant for our use case. The most important is “category_names”. The options are a lot here. The default is to enable only “CriticalUpdates”, “SecurityUpdates” and “UpdateRollups” but could add or remove different categories. The “state” parameter specifies if the update is going to be only “searched”, “downloaded” or “installed”. If you prefer to only download the code and perform the actual update a second time you need to select the “downloaded” option. With the “reboot” option Ansible will automatically reboot the remote host if it is required and continue to install updates after the reboot. There is a default timeout of 1200 seconds to wait until the host is back online from a reboot. You could increase using the “reboot_timeout” option. Some System Administrators prefer to keep a log about the update operation using the “log_path” option to save to the target disk a log file of the performed operations. You could specify a list of update titles or KB numbers that specify which updates are to be searched or installed using the “accept_list” parameter as well as a list of exclusion in the “reject_list” parameter.

The Best Resources For Ansible

Video Course

Books

demo

How to install Rolling Update on Windows-like systems, save the log in “C:\ansible.txt” and reboot if necessary with Ansible Playbook.

code

---
- name: windows rolling update
  hosts: all
  tasks:
    - name: Install all critical and security updates
      ansible.windows.win_updates:
        category_names:
          - CriticalUpdates
          - SecurityUpdates
        state: installed
        reboot: true
        log_path: C:\ansible.txt

execution

ansible-pilot $ ansible-playbook -i virtualmachines/win/inventory windows/update.yml
PLAY [windows rolling update] *********************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [WindowsServer]
TASK [Install all critical and security updates] **************************************************
ok: [WindowsServer]
PLAY RECAP ****************************************************************************************
WindowsServer              : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
ansible-pilot $

idempotency

ansible-pilot $ ansible-playbook -i virtualmachines/win/inventory windows/update.yml
PLAY [windows rolling update] *********************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [WindowsServer]
TASK [Install all critical and security updates] **************************************************
ok: [WindowsServer]
PLAY RECAP ****************************************************************************************
WindowsServer              : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
ansible-pilot $

before execution

win_updates before execution

after execution

win_updates after execution

code with ❤️ in GitHub

Recap

Now you know how to perform Rolling Update in Windows-like systems.

Subscribe to the YouTube channel, Medium, Website, Twitter, and Substack to not miss the next episode of the Ansible Pilot.

Academy

Learn the Ansible automation technology with some real-life examples in my

My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps

BUY the Complete PDF BOOK to easily Copy and Paste the 200+ Ansible code

Want to keep this project going? Please donate

Access the Complete Video Course and Learn Quick Ansible by 200+ Practical Lessons
Trustpilot
Follow me

Subscribe not to miss any new releases

FREE Top 10 Best Practices

Top 10 Best Practices of Ansible Automation: save time, reduce errors and stress