diff --git a/windows/guest_customization/win_gosc_prepare.yml b/windows/guest_customization/win_gosc_prepare.yml index de6de6bf1..528820549 100644 --- a/windows/guest_customization/win_gosc_prepare.yml +++ b/windows/guest_customization/win_gosc_prepare.yml @@ -63,34 +63,23 @@ - guest_os_ansible_distribution_ver is version('10.0.22000.0', '>=') - guest_os_product_type | lower == 'client' -- name: "Initialize BitLocker vars" - ansible.builtin.set_fact: - need_disable_bitlocker: false - -- name: "Check if need to disable BitLocker" - block: - - name: "Check if there are encrypted volumes in guest OS" - include_tasks: ../utils/win_get_bitlocker_volume.yml +- name: "Check if there are encrypted volumes in guest OS" + include_tasks: ../utils/win_get_bitlocker_volume.yml - - name: "Get BitLocker service status" - include_tasks: ../utils/win_get_service_status.yml - vars: - win_service_name: "BDESVC" - - - name: "Set the value for BitLocker var" - ansible.builtin.set_fact: - need_disable_bitlocker: true - when: >- - (bitlocker_volume_list | length > 0) or - service_status == "Running" +- name: "Get BitLocker service status" + include_tasks: ../utils/win_get_service_status.yml + vars: + win_service_name: "BDESVC" # Disable BitLocker which will cause sysprep failure. - name: "Disable Bitlocker" include_tasks: ../utils/win_disable_bitlocker.yml - when: need_disable_bitlocker | bool + when: >- + (bitlocker_volume_list | length > 0) or + service_status == "Running" # Shutdown guest OS before execute guest customization -- name: "Shut down OS" +- name: "Shutdown OS" include_tasks: ../utils/win_shutdown_restart.yml vars: set_win_power_state: "shutdown" diff --git a/windows/utils/win_disable_bitlocker.yml b/windows/utils/win_disable_bitlocker.yml index 93330f157..7dc5a22a9 100644 --- a/windows/utils/win_disable_bitlocker.yml +++ b/windows/utils/win_disable_bitlocker.yml @@ -4,7 +4,7 @@ # Disable BitLocker service and decrypt the volumes # Parameters: # decrypt_wait_time: the time in seconds to wait for the volume decryption. - +# - name: "Initialize the decryption wait time" ansible.builtin.set_fact: decrypt_wait_time: 900 @@ -15,15 +15,6 @@ vars: win_powershell_cmd: "Set-Service -Name BDESVC -Status stopped -StartupType disabled" -- name: "Check BitLocker service status" - include_tasks: ../utils/win_get_service_status.yml - vars: - win_service_name: "BDESVC" - -- name: "Set BitLocker service status" - ansible.builtin.set_fact: - bitlocker_service_status: "{{ service_status }}" - - name: "Decrypt the BitLocker volumes" include_tasks: win_execute_cmd.yml vars: @@ -35,6 +26,7 @@ ansible.windows.win_shell: "(Get-BitLockerVolume | Where-Object { $_.EncryptionPercentage -GT 0 } | measure).Count" register: win_powershell_cmd_output delegate_to: "{{ vm_guest_ip }}" + ignore_errors: true until: - win_powershell_cmd_output.stdout_lines[0] | int == 0 retries: "{{ (decrypt_wait_time | int / 60) | int }}" @@ -43,14 +35,19 @@ - name: "Get BitLocker encrypted volumes" include_tasks: ../utils/win_get_bitlocker_volume.yml +- name: "Check BitLocker service status" + include_tasks: ../utils/win_get_service_status.yml + vars: + win_service_name: "BDESVC" + - name: "Display the bitlocker disablement result" ansible.builtin.assert: that: - - bitlocker_service_status == "Stopped" + - service_status == "Stopped" - bitlocker_volume_list | length == 0 fail_msg: >- BitLocker is not disabled either due to the service is not stopped or the OS volumes are not decrypted. - BitLocker service status: '{{ bitlocker_service_status }}'. + BitLocker service status: '{{ service_status }}'. BitLocker encrypted volumes list: '{{ bitlocker_volume_list }}'. success_msg: >- BitLocker service is disabled and the OS volumes are decrypted. diff --git a/windows/utils/win_get_bitlocker_volume.yml b/windows/utils/win_get_bitlocker_volume.yml index 6ca58e403..d28f5f3f0 100644 --- a/windows/utils/win_get_bitlocker_volume.yml +++ b/windows/utils/win_get_bitlocker_volume.yml @@ -4,8 +4,8 @@ # Get the volumes encrypted by BitLocker Device Encryption # Return: # bitlocker_volume_list: the list of encrypted volume drives - -- name: "Initialize the variables" +# +- name: "Initialize the BtiLocker volume list" ansible.builtin.set_fact: bitlocker_volume_list: [] @@ -14,7 +14,7 @@ vars: win_powershell_cmd: "(Get-BitLockerVolume | Where-Object { $_.EncryptionPercentage -GT 0 }).MountPoint" -- name: "Set bitlocker volume list" +- name: "Set BitLocker volume list" ansible.builtin.set_fact: bitlocker_volume_list: "{{ win_powershell_cmd_output.stdout_lines | select }}" when: