9

patch-dc-controllers.yaml

@@ -1,41 +1,9 @@
----
-- name: Run DC patch task via SYSTEM scheduled task
+
+- name: Patch Domain Controller via JEA
   hosts: domain_controllers
-  gather_facts: no
-
-  vars:
-    task_path: '\\'             # or '\\Microsoft\\Windows\\WindowsUpdate\\'
-    task_name: 'Patching-windows-task'
-
   tasks:
-    - name: Start the SYSTEM patch task (schtasks)
-      ansible.windows.win_command: >
-        schtasks /Run /TN "{{ task_path }}{{ task_name }}"
-      register: start_task
-      failed_when: false
-      changed_when: >
-        (start_task is defined) and
-        (
-          (start_task.rc | default(999)) == 0
-          or ('SUCCESS' in (start_task.stdout | default('')))
-        )
-
-    - name: Poll task until Ready/Disabled (PowerShell)
-      ansible.windows.win_powershell:
-        script: |
-          $ErrorActionPreference = 'Stop'
-          Import-Module ScheduledTasks
-          $tp = '{{ task_path }}'
-          $tn = '{{ task_name }}'
-          $null = Get-ScheduledTask -TaskPath $tp -TaskName $tn
-          (Get-ScheduledTaskInfo -TaskPath $tp -TaskName $tn).State
-      register: task_state
-      failed_when: false
-      retries: 180
-      delay: 60
-      until: (task_state.stdout | default('') | trim) in ['Ready','Disabled']
-
-    - name: Reboot if needed
-      ansible.windows.win_reboot:
-        reboot_timeout: 3600
-      when: (task_state.stdout | default('') | trim) == 'Ready'
+    - name: Install Windows Updates
+      win_updates:
+        category_names:
+          - All
+        reboot: yes