ansible-collections / community.windows

Windows community collection for Ansible
https://galaxy.ansible.com/community/windows
GNU General Public License v3.0
203 stars 155 forks source link

win_feature : possibility to bypass WSUS server #575

Open LaurentLienhard opened 3 months ago

LaurentLienhard commented 3 months ago
SUMMARY

in some cases, when WSUS is present, the installation of Windows features may fail

ISSUE TYPE

Adding a boolean variable "bypass_wsus" (true/false) and if the variable is true change the parameter in the registry HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\UseWUServer

COMPONENT NAME

win_feature

ADDITIONAL INFORMATION

My exemple playbook

---
- name: Install windows feature in test
  hosts: rdsgtw:&test
  gather_facts: true
  collections:
    - laurentlienhard.managedwindowsserver
  tasks:
    - name: Install RDS Gateway
      ansible.builtin.import_role:
        name: install_windowsfeature
      vars:
        bypass_wsus: true 
        include_management_tools: true
        include_sub_features: false
        state: present
        win_feature: 
          - RDS-Gateway

I made an example in a test collection

My task

- name: Allow acces to Microsoft Update
  ansible.windows.win_regedit:
    path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    name: UseWUServer
    data: 0
    type: dword
    state: present
  register: data_changed
  when: (bypass_wsus == true)

- name: Reboot WSUS service
  ansible.windows.win_service:
    name: wuauserv
    state: restarted
  when: (data_changed.changed == true)

- name: Install Windows Feature 
  become: true
  ansible.windows.win_feature:
    name: '{{ item }}'
    include_management_tools: "{{ include_management_tools }}"
    include_sub_features: "{{ include_sub_features }}"
    state: '{{ state }}'
  loop:
    '{{win_feature}}'
  register: result

- name: Deny acces to Microsoft Update
  ansible.windows.win_regedit:
    path: HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    name: UseWUServer
    data: 1
    type: dword
    state: present
  when: (data_changed.changed == true)

- name: Reboot WSUS service
  ansible.windows.win_service:
    name: wuauserv
    state: restarted
  when: (data_changed.changed == true)