From 7c77f292da6f66cca6bb0b19b18c1589c1015cb5 Mon Sep 17 00:00:00 2001 From: Diane Wang Date: Mon, 8 Jan 2024 14:41:38 +0800 Subject: [PATCH] [Windows] Add a new tasks file for Windows Updates installation (#523) Signed-off-by: Diane Wang --- windows/utils/win_get_os_version.yml | 70 +++++++++++++++++++++++++++ windows/utils/win_install_updates.yml | 60 +++++++++++++++++++++++ 2 files changed, 130 insertions(+) create mode 100644 windows/utils/win_get_os_version.yml create mode 100644 windows/utils/win_install_updates.yml diff --git a/windows/utils/win_get_os_version.yml b/windows/utils/win_get_os_version.yml new file mode 100644 index 000000000..ee2b418fc --- /dev/null +++ b/windows/utils/win_get_os_version.yml @@ -0,0 +1,70 @@ +# Copyright 2023 VMware, Inc. +# SPDX-License-Identifier: BSD-2-Clause +--- +# Get guest OS version with major and minor build number. +# Return: +# win_os_version_build: Windows OS version. +# +- name: "Initialize the Windows OS version and registry path" + ansible.builtin.set_fact: + win_os_version_build: "" + win_os_version_reg_path: "" + +- name: "Get the registry key path for getting OS version" + include_tasks: win_execute_cmd.yml + vars: + win_powershell_cmd: >- + (Get-ChildItem -Path + "HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Update\\TargetingInfo\\Installed\\*.OS.*").Name + win_execute_cmd_ignore_error: true + +- name: "Set fact of registry key path for getting OS version" + ansible.builtin.set_fact: + win_os_version_reg_path: "{{ win_powershell_cmd_output.stdout_lines[0] | replace('HKEY_LOCAL_MACHINE', 'HKLM:') }}" + when: + - win_powershell_cmd_output.failed is defined + - not win_powershell_cmd_output.failed + - win_powershell_cmd_output.stdout_lines is defined + - win_powershell_cmd_output.stdout_lines | length == 1 + +- name: "Get Windows OS version" + when: win_os_version_reg_path + block: + - name: "Get registry key value for getting OS version" + include_tasks: win_execute_cmd.yml + vars: + win_powershell_cmd: >- + Get-ItemPropertyValue -Path "{{ win_os_version_reg_path }}" -Name Version + win_execute_cmd_ignore_error: true + - name: "Set fact of Windows OS version" + ansible.builtin.set_fact: + win_os_version_build: "{{ win_powershell_cmd_output.stdout_lines[0] }}" + when: + - win_powershell_cmd_output.failed is defined + - not win_powershell_cmd_output.failed + - win_powershell_cmd_output.stdout_lines is defined + - win_powershell_cmd_output.stdout_lines | length == 1 + +- name: "Get Windows OS version" + when: not win_os_version_reg_path + block: + - name: "Get registry key value for getting OS version" + include_tasks: win_execute_cmd.yml + vars: + win_powershell_cmd: >- + $majorver = Get-ItemPropertyValue -Path "HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion" -Name CurrentMajorVersionNumber; + $minorver = Get-ItemPropertyValue -Path "HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion" -Name CurrentMinorVersionNumber; + $buildnum = (Get-ItemPropertyValue -Path "HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion" -Name BuildLabEx) -match "\d{5}\.\d{4}"; + Write-Host($majorver, $minorver, $matches[0] -join '.') + win_execute_cmd_ignore_error: true + - name: "Set fact of Windows OS version" + ansible.builtin.set_fact: + win_os_version_build: "{{ win_powershell_cmd_output.stdout_lines[0] }}" + when: + - win_powershell_cmd_output.failed is defined + - not win_powershell_cmd_output.failed + - win_powershell_cmd_output.stdout_lines is defined + - win_powershell_cmd_output.stdout_lines | length == 1 + +- name: "Print Windows OS version" + ansible.builtin.debug: var=win_os_version_build diff --git a/windows/utils/win_install_updates.yml b/windows/utils/win_install_updates.yml new file mode 100644 index 000000000..f7733cc02 --- /dev/null +++ b/windows/utils/win_install_updates.yml @@ -0,0 +1,60 @@ +# Copyright 2023 VMware, Inc. +# SPDX-License-Identifier: BSD-2-Clause +--- +# Search and install Windows Updates in all categories, +# and skip optional ones in Windows guest OS. +# Return: +# win_udpates_log_file: Windows Updates install log file path. +# +- name: "Set fact of Windows Updates install log path" + ansible.builtin.set_fact: + win_udpates_log_file: "C:\\win_updates_log.txt" + +- name: "Get the list of available Windows Updates" + ansible.windows.win_updates: + server_selection: "windows_update" + category_names: '*' + log_path: "{{ win_udpates_log_file }}" + skip_optional: true + state: "searched" + delegate_to: "{{ vm_guest_ip }}" + register: win_updates_list +- name: "Print the list of Windows Updates" + ansible.builtin.debug: var=win_updates_list + +- name: "Install Windows Updates when updates found" + when: + - win_updates_list.found_update_count is defined + - win_updates_list.found_update_count | int != 0 + - win_updates_list.updates is defined + - win_updates_list.updates | length != 0 + block: + - name: "Install Windows Updates" + ansible.windows.win_updates: + server_selection: "windows_update" + category_names: '*' + log_path: "{{ win_udpates_log_file }}" + skip_optional: true + state: "installed" + reboot: true + reboot_timeout: 1800 + delegate_to: "{{ vm_guest_ip }}" + register: win_updates_install_result + - name: "Print Windows Updates install result" + debug: var=win_updates_install_result + - name: "Check updates found are installed" + ansible.builtin.assert: + that: + - win_updates_install_result.found_update_count is defined + - win_updates_install_result.installed_update_count is defined + - win_updates_install_result.found_update_count | int == win_updates_install_result.installed_update_count | int + fail_msg: >- + Installed update count '{{ win_updates_install_result.installed_update_count | default(0) }}', + is not match found update count '{{ win_updates_install_result.found_update_count | default(0) }}'. + +- name: "No need to install Windows Updates" + ansible.builtin.debug: + msg: "Will not execute Windows Updates installation task due to no update found." + when: > + (win_updates_list.found_update_count is undefined) or + (win_updates_list.found_update_count | int == 0)