address comments

Signed-off-by: Yanan Shen <yanans@vmware.com>
vmware · Nov 15, 2023 · 4f36ca9 · 4f36ca9
1 parent 3eec4ff
commit 4f36ca9
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 36 deletions.
diff --git a/windows/guest_customization/win_gosc_prepare.yml b/windows/guest_customization/win_gosc_prepare.yml
@@ -63,34 +63,23 @@
     - guest_os_ansible_distribution_ver is version('10.0.22000.0', '>=')
     - guest_os_product_type | lower == 'client'
 
-- name: "Initialize BitLocker vars"
-  ansible.builtin.set_fact:
-    need_disable_bitlocker: false
-
-- name: "Check if need to disable BitLocker"
-  block:
-    - name: "Check if there are encrypted volumes in guest OS"
-      include_tasks: ../utils/win_get_bitlocker_volume.yml
+- name: "Check if there are encrypted volumes in guest OS"
+  include_tasks: ../utils/win_get_bitlocker_volume.yml
 
-    - name: "Get BitLocker service status"
-      include_tasks: ../utils/win_get_service_status.yml
-      vars:
-        win_service_name: "BDESVC"
-
-    - name: "Set the value for BitLocker var"
-      ansible.builtin.set_fact:
-        need_disable_bitlocker: true
-      when: >-
-        (bitlocker_volume_list | length > 0) or
-        service_status == "Running"
+- name: "Get BitLocker service status"
+  include_tasks: ../utils/win_get_service_status.yml
+  vars:
+    win_service_name: "BDESVC"
 
 # Disable BitLocker which will cause sysprep failure.
 - name: "Disable Bitlocker"
   include_tasks: ../utils/win_disable_bitlocker.yml
-  when: need_disable_bitlocker | bool
+  when: >-
+    (bitlocker_volume_list | length > 0) or
+    service_status == "Running"
 
 # Shutdown guest OS before execute guest customization
-- name: "Shut down OS"
+- name: "Shutdown OS"
   include_tasks: ../utils/win_shutdown_restart.yml
   vars:
     set_win_power_state: "shutdown"
diff --git a/windows/utils/win_disable_bitlocker.yml b/windows/utils/win_disable_bitlocker.yml
@@ -4,7 +4,7 @@
 # Disable BitLocker service and decrypt the volumes
 # Parameters:
 #   decrypt_wait_time: the time in seconds to wait for the volume decryption.
-
+#
 - name: "Initialize the decryption wait time"
   ansible.builtin.set_fact:
     decrypt_wait_time: 900
@@ -15,15 +15,6 @@
   vars:
     win_powershell_cmd: "Set-Service -Name BDESVC -Status stopped -StartupType disabled"
 
-- name: "Check BitLocker service status"
-  include_tasks: ../utils/win_get_service_status.yml
-  vars:
-    win_service_name: "BDESVC"
-
-- name: "Set BitLocker service status"
-  ansible.builtin.set_fact:
-    bitlocker_service_status: "{{ service_status }}"
-
 - name: "Decrypt the BitLocker volumes"
   include_tasks: win_execute_cmd.yml
   vars:
@@ -35,6 +26,7 @@
   ansible.windows.win_shell: "(Get-BitLockerVolume | Where-Object { $_.EncryptionPercentage -GT 0 } | measure).Count"
   register: win_powershell_cmd_output
   delegate_to: "{{ vm_guest_ip }}"
+  ignore_errors: true
   until:
     - win_powershell_cmd_output.stdout_lines[0] | int == 0
   retries: "{{ (decrypt_wait_time | int / 60) | int }}"
@@ -43,14 +35,19 @@
 - name: "Get BitLocker encrypted volumes"
   include_tasks: ../utils/win_get_bitlocker_volume.yml
 
+- name: "Check BitLocker service status"
+  include_tasks: ../utils/win_get_service_status.yml
+  vars:
+    win_service_name: "BDESVC"
+
 - name: "Display the bitlocker disablement result"
   ansible.builtin.assert:
     that:
-      - bitlocker_service_status == "Stopped"
+      - service_status == "Stopped"
       - bitlocker_volume_list | length == 0
     fail_msg: >-
       BitLocker is not disabled either due to the service is not stopped or the OS volumes are not decrypted. 
-      BitLocker service status: '{{ bitlocker_service_status }}'.
+      BitLocker service status: '{{ service_status }}'.
       BitLocker encrypted volumes list: '{{ bitlocker_volume_list }}'.
     success_msg: >-
       BitLocker service is disabled and the OS volumes are decrypted. 

diff --git a/windows/utils/win_get_bitlocker_volume.yml b/windows/utils/win_get_bitlocker_volume.yml
@@ -4,8 +4,8 @@
 # Get the volumes encrypted by BitLocker Device Encryption
 # Return:
 #   bitlocker_volume_list: the list of encrypted volume drives
-
-- name: "Initialize the variables"
+#
+- name: "Initialize the BtiLocker volume list"
   ansible.builtin.set_fact:
     bitlocker_volume_list: []
 
@@ -14,7 +14,7 @@
   vars:
     win_powershell_cmd: "(Get-BitLockerVolume | Where-Object { $_.EncryptionPercentage -GT 0 }).MountPoint"
 
-- name: "Set bitlocker volume list"
+- name: "Set BitLocker volume list"
   ansible.builtin.set_fact:
     bitlocker_volume_list: "{{ win_powershell_cmd_output.stdout_lines | select }}"
   when: