39 lines
977 B
YAML
39 lines
977 B
YAML
---
|
|
- name: Patch DCs via JEA (minimal allowed cmdlets)
|
|
hosts: domain_controllers
|
|
gather_facts: no
|
|
|
|
tasks:
|
|
- name: List available updates
|
|
ansible.windows.win_powershell:
|
|
script: |
|
|
Get-WindowsUpdate -MicrosoftUpdate -AcceptAll -IgnoreReboot
|
|
register: available_updates
|
|
changed_when: false
|
|
|
|
- name: Install updates (no reboot yet)
|
|
ansible.windows.win_powershell:
|
|
script: |
|
|
Install-WindowsUpdate -MicrosoftUpdate -AcceptAll -IgnoreReboot -Verbose
|
|
register: install_result
|
|
|
|
- name: Reboot if required
|
|
ansible.windows.win_powershell:
|
|
script: |
|
|
Restart-Computer -Force
|
|
async: 1
|
|
poll: 0
|
|
|
|
- name: Check update history
|
|
ansible.windows.win_powershell:
|
|
script: |
|
|
Get-WUHistory | Select-Object -First 5
|
|
register: wu_history
|
|
changed_when: false
|
|
|
|
- name: Show update history
|
|
debug:
|
|
var: wu_history.stdout_lines
|
|
|
|
|