Merge pull request #16 from p3ck/manage_updates

Add windows_manage_updates role

extensions/patterns/manage_updates/exec_env/.gitignore

@@ -0,0 +1 @@
+context/**

extensions/patterns/manage_updates/exec_env/README.md

@@ -0,0 +1,8 @@
+Build EE manually, push to quay.io
+
+```
+ansible-builder build
+# podman build -f context/Containerfile -t ansible-execution-env:latest context
+podman tag ansible-execution-env:latest quay.io/p3ck/apd-ee-25-experience:latest
+podman push quay.io/p3ck/apd-ee-25-experience:latest
+```

extensions/patterns/manage_updates/exec_env/execution-environment.yml

@@ -0,0 +1,13 @@
+---
+version: 3
+images:
+  base_image:
+    name: quay.io/ansible-product-demos/apd-ee-25:latest
+dependencies:
+  galaxy: requirements.yml
+  ansible_core:
+    package_pip: ansible-core
+  ansible_runner:
+    package_pip: ansible-runner
+  system:
+    - podman

extensions/patterns/manage_updates/exec_env/requirements.yml

@@ -0,0 +1,6 @@
+---
+collections:
+  # - name: ansible.experience_demo
+  - name: https://github.com/redhat-cop/infra.windows_ops.git
+    type: git
+    version: main

extensions/patterns/manage_updates/playbooks/run_manage_updates.yml

@@ -0,0 +1,12 @@
+---
+- name: Manage Windows Updates Play
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Manage Windows Updates
+      ansible.builtin.include_role:
+        name: infra.windows_ops.windows_manage_updates
+      vars:
+        windows_manage_updates_categories: "{{ updates_categories }}"  # Set by survey
+        windows_manage_updates_reboot: "{{ updates_reboot }}"  # Set by survey
+        windows_manage_updates_state: "{{ updates_state }}"  # Set by survey

extensions/patterns/manage_updates/setup.yml

@@ -0,0 +1,47 @@
+---
+# Labels
+#
+controller_labels:
+  - name: infra.windows_ops
+    organization: "{{ organization | default('Default') }}"
+  - name: manage_updates_pattern
+    organization: "{{ organization | default('Default') }}"
+  - name: run_manage_updates
+    organization: "{{ organization | default('Default') }}"
+
+# Execution Environments
+#
+controller_execution_environments:
+  - name: apd-ee-25-windows
+    description: Allow running Windows experience demo. Based on apd-ee-25.
+    image: quay.io/p3ck/apd-ee-25-experience:latest
+    pull: always
+
+# Projects
+#
+controller_projects:
+  - name: Windows Operations / Project
+    organization: Default
+    scm_branch: main
+    scm_clean: 'no'
+    scm_delete_on_update: 'no'
+    scm_type: git
+    scm_update_on_launch: 'yes'
+    scm_url: https://github.com/redhat-cop/infra.windows_ops.git
+
+
+# Job Templates
+#
+controller_templates:
+  - name: Windows Operations / Manage Updates
+    ask_inventory_on_launch: true
+    labels:
+      - infra.windows_ops
+      - manage_updates_pattern
+      - run_manage_updates
+    playbook: "extensions/patterns/manage_updates/playbooks/run_manage_updates.yml' }}"
+    project: Windows Operations / Project
+    survey_enabled: true
+    survey_spec: "{{ lookup('file', pattern.path.replace('setup.yml', '') + 'template_surveys/manage_updates.yml') | from_yaml }}"
+    ask_credential_on_launch: true
+    execution_environment: apd-ee-25-windows

extensions/patterns/manage_updates/template_surveys/manage_updates.yml

@@ -0,0 +1,42 @@
+---
+name: "Manage Updates Configuration Survey"
+description: "Survey to configure Windows Updates options"
+spec:
+  - type: "multiselect"
+    question_name: "Categories"
+    question_description: "Which Categories to install?"
+    variable: "updates_categories"
+    choices:
+      - "Application"
+      - "Connectors"
+      - "CriticalUpdates"
+      - "DefinitionUpdates"
+      - "DeveloperKits"
+      - "FeaturePacks Guidance"
+      - "SecurityUpdates"
+      - "ServicePacks"
+      - "Tools"
+      - "UpdateRollups"
+      - "Updates"
+    default:
+      - "CriticalUpdates"
+      - "SecurityUpdates"
+
+  - type: "multiplechoice"
+    question_name: "Reboot after install?"
+    question_description: "If the server needs to reboot, then do so after install"
+    variable: "updates_reboot"
+    choices:
+      - "Yes"
+      - "No"
+    default: Yes
+
+  - type: "multiplechoice"
+    question_name: "Install updates, download or just search for updates?"
+    question_description: "By default we will just list what updates would be applied"
+    variable: "updates_state"
+    choices:
+      - "installed"
+      - "searched"
+      - "downloaded"
+    default: "searched"

roles/windows_manage_updates/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+windows_manage_updates_state: "searched"

roles/windows_manage_updates/meta/argument_specs.yml

@@ -0,0 +1,30 @@
+---
+argument_specs:
+  main:
+    version_added: 1.0.0
+    short_description: A role to Manage Windows Updates.
+    description:
+      - A role to Manage Windows Updates.
+    options:
+      windows_manage_updates_catagories:
+        type: list
+        elements: str
+        default:
+          - "CriticalUpdates"
+          - "SecurityUpdates"
+        description: Which Categories to install?
+      windows_manage_updates_reboot:
+        type: str
+        choices:
+          - "Yes"
+          - "No"
+        default: "Yes"
+        description: If the server needs to reboot, then do so after install.
+      windows_manage_updates_state:
+        type: str
+        choices:
+          - "installed"
+          - "searched"
+          - "downloaded"
+        default: "searched"
+        description: State for the updates, Installed, Searched (list) and Downloaded.

roles/windows_manage_updates/tasks/main.yml

@@ -0,0 +1,39 @@
+---
+# tasks file for windows_manage_updates
+
+- name: Ensure WUA service is running
+  ansible.windows.win_service:
+    name: wuauserv
+    state: started
+    start_mode: manual
+
+- name: Install Windows Updates Block
+  block:
+  - name: Install Windows Updates
+    ansible.windows.win_updates:
+      category_names: "{{ windows_manage_updates_categories | default(omit) }}"
+      state: "{{ windows_manage_updates_state }}"
+    become: yes
+    become_method: ansible.builtin.runas
+    become_user: SYSTEM
+    register: windows_manage_updates_output
+
+  - name: Reboot when required and requested
+    ansible.windows.win_reboot:
+      test_command: '(Get-Service -Name Netlogon).Status -ne "Running"'
+    when:
+      - windows_manage_updates_output.reboot_required
+      - windows_manage_updates_reboot_server
+
+  rescue:
+  - name: Windows update failed?
+    ansible.builtin.debug:
+      msg: "error: {{ windows_manage_updates_output.msg }}"
+    when:
+      - windows_manage_updates_output is failed
+      - windows_manage_updates_output.msg is defined
+
+  always:
+  - name: Report results
+    ansible.builtin.debug:
+      var: windows_manage_updates_output