Shulou(Shulou.com)06/02 Report--

Welcome to our Windows-centric fourth part of the getting started series!

One of the responsibilities of most IT departments is to keep the system up to date. In this article, we will quickly learn how to use Ansible to manage updates on Windows nodes. Starting with a small example of six Windows machines, we will show an example of a game for these hosts. Finally, we will share a complete example.

Updates, Updates, Updates...

Managing Windows updates is something that can be understood and quickly customized using Ansible. The following is a small-scale example of running updates on a host that can be updated flexibly in the process. The example here assumes that a domain exists and that host domain credentials are being passed. If you want to test this example, be sure to read the earlier introduction to Bianca to connect to the Windows host.

Because this example runs against an exclusive Windows machine, the information required for the connection can be included in the inventory file:

[all:vars] ansible_connection: winrmansible_user: administratoransible_password: This-Should-Be-a-Password! For example

The sample host consists of three sets of servers, two in each group. There are terminal server, application server and directory server. For demonstration purposes, we will handle the WindowsUpdate requirements of each group differently. Specifying groups in the inventory file makes it easy to process each group as needed.

[terminalservers] rocket.milano.localgroot.milano.local[ appservers] drax.milano.localmantis.milano.local[ directoryservers] peter.milano.localgamora.milano.localWin_UPDATE module

In a previous article, Jack talked about WIN packaging and WIN chocolate packaging management. For Windows updates, there is another module called WIN updates that manages updates from Microsoft at some granularity.

In our example, the terminal server is used to receive general application updates, general updates, and security / critical updates, as well as definition updates for malware protection. This group will also get a specific patch that will be white with its KB number. The Ansible 2.5 reboot parameter allows the system to perform a reboot when needed, while the reboot_timeout parameter sets the length of time (in seconds) to wait for the reboot to complete.

-name: Run Updates on Terminal Servers then wait 7 mins hosts: terminalservers connection: winrm tasks: win_updates: category_names:-Application-CriticalUpdates-DefinitionUpdates-SecurityUpdates-Updates whitelist:-KB4093120 reboot: yes reboot_timeout: 420

The update category selection for the application server group is slightly different, and there are different KB whitelists. On our imagined application server, it might take more time to gracefully shut down and restart, so the restart timeout was set for a few minutes to be safe.

-name: Run Updates on App Servers and wait 10 mins hosts: appservers connection: winrm tasks: win_updates: category_names:-CriticalUpdates-DefinitionUpdates-SecurityUpdates-Updates whitelist:-KB4022723 reboot: yes reboot_timeout: 600

Finally, the last set is set to receive only critical and security updates. Blacklist parameters are also passed to block unwanted updates. In cases where any update requires a restart, the timeout counter is increased to 15 minutes to ensure that the ActiveDirectory server has sufficient time to back up before completing any updates.

-name: Run Updates on Directory Servers then wait 15 mins hosts: directoryservers connection: winrm tasks: win_updates: category_names:-CriticalUpdates-SecurityUpdates blacklist:-Microsoft Silverlight reboot: yes reboot_timeout: 900 that's it

Your actual environment may be slightly different from the example we use, but the usage will be similar. It is important to note that the win_update module does not specify a source for updates. This means that anything configured on the target host-Microsoft Update, Windows Update, WSUS--will be the source that the target host uses for updates. In addition, depending on the patch size and how often the update is run, this is a longer process than the 7-15 minutes we used in the example, and longer than the default time (1200 milliseconds or 20 minutes). As usual, test it before use in the field.

More information

Download and install the Windows update: Win_Update module documentation

GitHub example: github.com/Ansible-Getting-Started/win_updates_usage

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.