56 lines
2.0 KiB
YAML
56 lines
2.0 KiB
YAML
---
|
|
- name: Run DC patch task via JEA-PatchOps
|
|
hosts: domain_controllers
|
|
gather_facts: no
|
|
|
|
vars:
|
|
task_path: '\\' # root folder
|
|
task_name: 'Patching-windows-task'
|
|
poll_delay: 60
|
|
finish_retries: 3 # up to 6h
|
|
|
|
tasks:
|
|
- name: Ensure the task is enabled
|
|
ansible.windows.win_powershell:
|
|
script: |
|
|
Import-Module ScheduledTasks
|
|
$tp='{{ task_path }}'; $tn='{{ task_name }}'
|
|
$t = Get-ScheduledTask -TaskPath $tp -TaskName $tn
|
|
if (-not $t.Settings.Enabled) { Enable-ScheduledTask -TaskPath $tp -TaskName $tn | Out-Null }
|
|
|
|
- name: Start the SYSTEM patch task
|
|
ansible.windows.win_command: >
|
|
schtasks /Run /TN "{{ task_path }}{{ task_name }}"
|
|
register: start_task
|
|
failed_when: false
|
|
changed_when: >
|
|
(start_task.rc | default(1)) == 0
|
|
or ('SUCCESS' in (start_task.stdout | default('')))
|
|
|
|
- name: Poll until Ready/Disabled with LastTaskResult 0
|
|
ansible.windows.win_powershell:
|
|
script: |
|
|
$ErrorActionPreference = 'Stop'
|
|
Import-Module ScheduledTasks
|
|
$tp='{{ task_path }}'; $tn='{{ task_name }}'
|
|
$i = Get-ScheduledTaskInfo -TaskPath $tp -TaskName $tn
|
|
[PSCustomObject]@{ State=$i.State; LastTaskResult=$i.LastTaskResult; LastRunTime=$i.LastRunTime } |
|
|
ConvertTo-Json -Compress
|
|
register: task_info
|
|
failed_when: false
|
|
retries: "{{ finish_retries }}"
|
|
delay: "{{ poll_delay }}"
|
|
until: >
|
|
((task_info.stdout | default('')) | length > 0)
|
|
and (((task_info.stdout | default('{}')) | from_json).State in ['Ready','Disabled'])
|
|
and ((((task_info.stdout | default('{}')) | from_json).LastTaskResult | int) in [0,3010])
|
|
|
|
- name: Parse task info safely
|
|
ansible.builtin.set_fact:
|
|
task_info_parsed: "{{ (task_info.stdout | default('{}')) | from_json }}"
|
|
|
|
- name: Reboot if needed (state Ready)
|
|
ansible.windows.win_reboot:
|
|
reboot_timeout: 5400
|
|
when: task_info_parsed.State == 'Ready'
|