Rolling Update Windows-like systems - Ansible module win_updates

How to automate the Windows Update process and rebook if needed on Windows-like systems using Ansible Playbook and win_updates module.

March 15, 2022

How to perform Rolling Update with Ansible on Windows-like systems?

Every System Administrator knows how important is to maintain an up-to-date fleet in a consistent state. I’m going to show you a live demo with some simple Ansible code. I’m Luca Berton and welcome to today’s episode of Ansible Pilot

Ansible Rolling Update Windows-like systems

• ansible.windows.win_updates
• Download and install Windows updates

Today we’re talking about the Ansible module win_updates. The full name is ansible.windows.win_updates , which means that is part of the collection of modules specialized to interact with Windows target host. It’s a module pretty stable and out for years. It works in Windows and Windows Server operating systems. It downloads and installs Windows updates. For Linux target use the yum module for RedHat-like systems, apt for Debian-like, and zypper for Suse-like.

Parameters

• category_names string - CriticalUpdates, DefinitionUpdates, DeveloperKits, FeaturePacks, SecurityUpdates, ServicePacks, UpdateRollups
• state string - searched / downloaded / installed
• reboot boolean /reboot_timeout - no / yes
• log_path path - append log file
• accept_list / reject_list list - titles or KB to whitelist or blacklist

The parameter list is pretty wide but today we are focused only on the relevant for our use case. The most important is “category_names”. The options are a lot here. The default is to enable only “CriticalUpdates”, “SecurityUpdates” and “UpdateRollups” but could add or remove different categories. The “state” parameter specifies if the update is going to be only “searched”, “downloaded” or “installed”. If you prefer to only download the code and perform the actual update a second time you need to select the “downloaded” option. With the “reboot” option Ansible will automatically reboot the remote host if it is required and continue to install updates after the reboot. There is a default timeout of 1200 seconds to wait until the host is back online from a reboot. You could increase using the “reboot_timeout” option. Some System Administrators prefer to keep a log about the update operation using the “log_path” option to save to the target disk a log file of the performed operations. You could specify a list of update titles or KB numbers that specify which updates are to be searched or installed using the “accept_list” parameter as well as a list of exclusion in the “reject_list” parameter.

Links

• ansible.windows.win_updates
• Using Ansible and Windows

The Best Resources For Ansible

Certifications

• The Linux Foundation Linux Performance Tuning - Build a broad toolkit to optimize Linux performance from the kernel up

• Coursera Pro - Unlimited access to 7,000+ world-class courses, hands-on projects, and job-ready certificate programs—all included in your subscription

Video Course

• Udemy: Learn Ansible Automation in 250+examples & practical lessons: Learn Ansible with some real-life examples of how to use the most common modules and Ansible Playbook

Printed Book

• Ansible For VMware by Examples
  Buy on Amazon Buy on Apress
• Ansible for Kubernetes by Example
  Buy on Amazon Buy on Apress
• Hands-on Ansible Automation
  Buy on Amazon Buy on BPB
• Red Hat Ansible Automation Platform
  Buy on Amazon Buy on BPB

eBooks

• Buy on Leanpub Ansible by Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps
• Buy on Leanpub Ansible Cookbook: A Comprehensive Guide to Unleashing the Power of Ansible via Best Practices, Troubleshooting, and Linting Rules with Luca Berton
• Buy on Leanpub Terraform By Example: A Practical Approach for Beginners to Learn Cloud Infrastructure with Terraform
• Buy on Leanpub Ansible For Windows By Examples: 50+ Automation Examples For Windows System Administrator And DevOps
• Buy on Leanpub Ansible For Linux by Examples: 100+ Automation Examples For Linux System Administrator and DevOps
• Buy on Leanpub Ansible Linux Filesystem By Examples: 40+ Automation Examples on Linux File and Directory Operation for Modern IT Infrastructure
• Buy on Leanpub Ansible For Security by Examples: 100+ Automation Examples to Automate Security and Verify Compliance for IT Modern Infrastructure
• Buy on Leanpub Ansible Tips and Tricks: 10+ Ansible Examples to Save Time and Automate More Tasks
• Buy on Leanpub Ansible Linux Users & Groups By Examples: 20+ Automation Examples on Linux Users and Groups Operation for Modern IT Infrastructure
• Buy on Leanpub Ansible For PostgreSQL by Examples: 10+ Examples To Automate Your PostgreSQL database
• Buy on Leanpub Ansible For Amazon Web Services AWS By Examples: 10+ Examples To Automate Your AWS Modern Infrastructure
• Buy on Leanpub Ansible Automation Platform By Example: A step-by-step guide for the most common user scenarios

demo

How to install Rolling Update on Windows-like systems, save the log in “C:\ansible.txt” and reboot if necessary with Ansible Playbook.

code

---
- name: windows rolling update
  hosts: all
  tasks:
    - name: Install all critical and security updates
      ansible.windows.win_updates:
        category_names:
          - CriticalUpdates
          - SecurityUpdates
        state: installed
        reboot: true
        log_path: C:\ansible.txt

execution

ansible-pilot $ ansible-playbook -i virtualmachines/win/inventory windows/update.yml
PLAY [windows rolling update] *********************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [WindowsServer]
TASK [Install all critical and security updates] **************************************************
ok: [WindowsServer]
PLAY RECAP ****************************************************************************************
WindowsServer              : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
ansible-pilot $

idempotency

ansible-pilot $ ansible-playbook -i virtualmachines/win/inventory windows/update.yml
PLAY [windows rolling update] *********************************************************************
TASK [Gathering Facts] ****************************************************************************
ok: [WindowsServer]
TASK [Install all critical and security updates] **************************************************
ok: [WindowsServer]
PLAY RECAP ****************************************************************************************
WindowsServer              : ok=2    changed=0    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0
ansible-pilot $

before execution

after execution

code with ❤️ in GitHub

Recap

Now you know how to perform Rolling Update in Windows-like systems.

Academy

Learn the Ansible automation technology with some real-life examples in my 200+ Lessons Video Course

My book Ansible By Examples: 200+ Automation Examples For Linux and Windows System Administrator and DevOps

Donate

Want to keep this project going? Please donate

Patreon Buy me a Pizza