Address new comments

Signed-off-by: Yanan Shen <yanans@vmware.com>

windows/guest_customization/win_gosc_prepare.yml

@@ -63,22 +63,9 @@
     - guest_os_ansible_distribution_ver is version('10.0.22000.0', '>=')
     - guest_os_product_type | lower == 'client'
 
-- name: "Check if there are encrypted volumes in guest OS"
-  include_tasks: ../utils/win_get_bitlocker_volume.yml
-
-- name: "Get BitLocker service status"
-  include_tasks: ../utils/win_get_service_status.yml
-  vars:
-    win_service_name: "BDESVC"
-
-- name: "Set variable if need to disable BitLocker"
-  ansible.builtin.set_fact:
-    need_disable_bitlocker: "{{ (bitlocker_volume_list | length > 0) or service_status == 'Running' }}"
-
 # Disable BitLocker which will cause sysprep failure.
 - name: "Disable Bitlocker"
   include_tasks: ../utils/win_disable_bitlocker.yml
-  when: need_disable_bitlocker | bool
 
 # Shutdown guest OS before execute guest customization
 - name: "Shutdown OS"

windows/utils/win_disable_bitlocker.yml

@@ -10,44 +10,56 @@
     decrypt_wait_time: 900
   when: decrypt_wait_time is undefined or not decrypt_wait_time
 
+- name: "Get BitLocker service status"
+  include_tasks: win_get_service_status.yml
+  vars:
+    win_service_name: "BDESVC"
+
 - name: "Stop and disable BitLocker service in guest OS"
   include_tasks: win_execute_cmd.yml
   vars:
     win_powershell_cmd: "Set-Service -Name BDESVC -Status stopped -StartupType disabled"
+  when: service_status == "Running"
+
+- name: "Check if there are encrypted volumes in guest OS"
+  include_tasks: win_get_bitlocker_volume.yml
 
 - name: "Decrypt the BitLocker volumes"
-  include_tasks: win_execute_cmd.yml
-  vars:
-    win_powershell_cmd: >-
-      $BLV = Get-BitLockerVolume;
-      Disable-BitLocker -MountPoint $BLV
-
-- name: "Check if Decryption is completed"
-  ansible.windows.win_shell: "(Get-BitLockerVolume | Where-Object { $_.EncryptionPercentage -GT 0 } | measure).Count"
-  register: decrypt_volume_result
-  delegate_to: "{{ vm_guest_ip }}"
-  ignore_errors: true
-  until:
-    - decrypt_volume_result.stdout_lines[0] | int == 0
-  retries: "{{ (decrypt_wait_time | int / 60) | int }}"
-  delay: 60
-
-- name: "Volume decryption failed"
-  ansible.builtin.fail:
-    msg: "Failed to decrypt the OS volumes in {{ decrypt_wait_time }} seconds."
-  when:
-    - decrypt_volume_result.failed is defined
-    - decrypt_volume_result.failed
+  when:  bitlocker_volume_list | length > 0
+  block:
+    - name: "Decrypt the BitLocker volumes"
+      include_tasks: win_execute_cmd.yml
+      vars:
+        win_powershell_cmd: >-
+          $BLV = Get-BitLockerVolume;
+          Disable-BitLocker -MountPoint $BLV
+
+    - name: "Check if Decryption is completed"
+      ansible.windows.win_shell: "(Get-BitLockerVolume | Where-Object { $_.EncryptionPercentage -GT 0 } | measure).Count"
+      register: decrypt_volume_result
+      delegate_to: "{{ vm_guest_ip }}"
+      ignore_errors: true
+      until:
+        - decrypt_volume_result.stdout_lines[0] | int == 0
+      retries: "{{ (decrypt_wait_time | int / 60) | int }}"
+      delay: 60
+
+    - name: "Volume decryption failed"
+      ansible.builtin.fail:
+        msg: "Failed to decrypt the OS volumes in {{ decrypt_wait_time }} seconds."
+      when:
+        - decrypt_volume_result.failed is defined
+        - decrypt_volume_result.failed
 
 - name: "Get BitLocker encrypted volumes"
-  include_tasks: ../utils/win_get_bitlocker_volume.yml
+  include_tasks: win_get_bitlocker_volume.yml
 
-- name: "Check BitLocker service status"
-  include_tasks: ../utils/win_get_service_status.yml
+- name: "Get BitLocker service status"
+  include_tasks: win_get_service_status.yml
   vars:
     win_service_name: "BDESVC"
 
-- name: "Display the bitlocker disablement result"
+- name: "Display the BitLocker disablement result"
   ansible.builtin.assert:
     that:
       - service_status == "Stopped"