public/AWX
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

9

Browse Source
This commit is contained in:
mhorak@totalservice.cz
2025-08-18 15:03:31 +02:00
parent 93e90b375a
commit dcf9c12365
1 changed files with 30 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
patch-dc-controllers.yaml
View File

@@ -1,31 +1,45 @@
--- ---
- name: Patch DCs via SYSTEM scheduled task - name: Run DC patch task via SYSTEM scheduled task
hosts: domain_controllers hosts: domain_controllers
gather_facts: no gather_facts: no
vars:
task_path: "\" # e.g. "\" or "\Microsoft\Windows\WindowsUpdate\"
task_name: "Patching-windows-task"
tasks: tasks:
- name: Start the SYSTEM patch task - name: Start the SYSTEM patch task
ansible.windows.win_command: >
schtasks /Run /TN "{{ task_path }}{{ task_name }}"
register: start_task
changed_when: start_task.rc == 0
failed_when: start_task.rc not in [0] and
("SUCCESS" not in (start_task.stdout | default('')))
- name: Poll task until it is Ready or Disabled
ansible.windows.win_powershell: ansible.windows.win_powershell:
script: | script: |
Start-ScheduledTask -TaskName 'Patching-windows-task' $ErrorActionPreference = 'Stop'
Import-Module ScheduledTasks
- name: Poll task until finished (Ready/Disabled) $tp = '{{ task_path }}'
community.windows.win_scheduled_task_stat: $tn = '{{ task_name }}'
name: "Patching-windows-task" # Confirm it exists (throws if not)
register: patch_task $null = Get-ScheduledTask -TaskPath $tp -TaskName $tn
failed_when: false # don't fail mid-poll if stat errors $state = (Get-ScheduledTaskInfo -TaskPath $tp -TaskName $tn).State
retries: 3 # Return plain text state for Ansible to parse
$state
register: task_state
failed_when: false
retries: 3 # up to 3 hours
delay: 60 delay: 60
until: > until: task_state.stdout | trim in ['Ready','Disabled']
(patch_task is not failed)
and (patch_task.task is defined)
and (patch_task.task.state | default('') in ['Ready','Disabled'])
- name: Debug last observed task object (optional) - name: Show last observed task state (debug)
ansible.builtin.debug: ansible.builtin.debug:
var: patch_task.task msg:
- "Task '{{ task_path }}{{ task_name }}' final state: {{ task_state.stdout | trim }}"
- name: Reboot if needed - name: Reboot if needed
ansible.windows.win_reboot: ansible.windows.win_reboot:
reboot_timeout: 3600 reboot_timeout: 3600
when: patch_task.task is defined and patch_task.task.state == 'Ready' when: task_state.stdout | trim == 'Ready'