From f5c980827a9e8169281bac17eb4bc1c06375f1e5 Mon Sep 17 00:00:00 2001 From: "mhorak@totalservice.cz" Date: Mon, 18 Aug 2025 15:31:40 +0200 Subject: [PATCH] 9 --- patch-dc-controllers.yaml | 46 ++++++--------------------------------- 1 file changed, 7 insertions(+), 39 deletions(-) diff --git a/patch-dc-controllers.yaml b/patch-dc-controllers.yaml index 30525d4..a67ceae 100644 --- a/patch-dc-controllers.yaml +++ b/patch-dc-controllers.yaml @@ -1,41 +1,9 @@ ---- -- name: Run DC patch task via SYSTEM scheduled task + +- name: Patch Domain Controller via JEA hosts: domain_controllers - gather_facts: no - - vars: - task_path: '\\' # or '\\Microsoft\\Windows\\WindowsUpdate\\' - task_name: 'Patching-windows-task' - tasks: - - name: Start the SYSTEM patch task (schtasks) - ansible.windows.win_command: > - schtasks /Run /TN "{{ task_path }}{{ task_name }}" - register: start_task - failed_when: false - changed_when: > - (start_task is defined) and - ( - (start_task.rc | default(999)) == 0 - or ('SUCCESS' in (start_task.stdout | default(''))) - ) - - - name: Poll task until Ready/Disabled (PowerShell) - ansible.windows.win_powershell: - script: | - $ErrorActionPreference = 'Stop' - Import-Module ScheduledTasks - $tp = '{{ task_path }}' - $tn = '{{ task_name }}' - $null = Get-ScheduledTask -TaskPath $tp -TaskName $tn - (Get-ScheduledTaskInfo -TaskPath $tp -TaskName $tn).State - register: task_state - failed_when: false - retries: 180 - delay: 60 - until: (task_state.stdout | default('') | trim) in ['Ready','Disabled'] - - - name: Reboot if needed - ansible.windows.win_reboot: - reboot_timeout: 3600 - when: (task_state.stdout | default('') | trim) == 'Ready' \ No newline at end of file + - name: Install Windows Updates + win_updates: + category_names: + - All + reboot: yes