Ansible Windows Update: Rolling Updates with win_updates Module (Guide) — Video Tutorial

How to perform Rolling Update with Ansible on Windows-like systems? Every System Administrator knows how important is to maintain an up-to-date fleet in a consistent state. I'm going to show you a live Playbook with some simple Ansible code. I'm Luca Berton and welcome to today's episode of Ansible Pilot Ansible Rolling Update Windows-like systems - `ansible.windows.win_updates` - Download and install Windows updates Today we're talking about the Ansible module `win_updates`. The full name is `ansible.windows.win_updates `, which means that is part of the collection of modules specialized to interact with Windows target host. It's a module pretty stable and out for years. It works in Windows and Windows Server operating systems. It downloads and installs Windows updates. For Linux target use the `yum` module for RedHat-like systems, `apt` for Debian-like, and `zypper` for Suse-like. Parameters - category_names _string_ - **CriticalUpdates**, DefinitionUpdates, DeveloperKits, FeaturePacks, **SecurityUpdates**, ServicePacks, **UpdateRollups** - state _string_ - searched / downloaded / **installed** - reboot _boolean_ /reboot_timeout - no / yes - log_path _path_ - append log file - accept_list / reject_list _list_ - titles or KB to whitelist or blacklist The parameter list is pretty wide but today we are focused only on the relevant for our use case. The most important is "category_names". The options are a lot here. The default is to enable only "CriticalUpdates", "SecurityUpdates" and "UpdateRollups" but could add or remove different categories. The "state" parameter specifies if the update is going to be only "searched", "downloaded" or "installed". If you prefer to only download the code and perform the actual update a second time you need to select the "downloaded" option. With the "reboot" option Ansible will automatically reboot the remote host if it is required and continue to install updates after the reboot. There is a default timeout of 1200 seconds to wait until the host is back online from a reboot. You could increase using the "reboot_timeout" option. Some System Administrators prefer to keep a log about the update operation using the "log_path" option to save to the target disk a log file of the performed operations. You could specify a list of update titles or KB numbers that specify which updates are to be searched or installed using the "accept_list" parameter as well as a list of exclusion in the "reject_list" parameter. Links - [ansible.windows.win_updates](https://docs.ansible.com/ansible/latest/collections/ansible/windows/win_updates_module.html) - [Using Ansible and Windows](https://docs.ansible.com/ansible/latest/user_guide/windows_usage.html) ## Playbook How to install Rolling Update on Windows-like systems, save the log in "C:\ansible.txt" and reboot if necessary with Ansible Playbook. code ```yaml --- - name: windows rolling update hosts: all tasks: - name: Install all critical and security updates