diff --git a/ansible/connection_plugins/packer.py b/ansible/connection_plugins/packer.py deleted file mode 100644 index 8ef8c054..00000000 --- a/ansible/connection_plugins/packer.py +++ /dev/null @@ -1,218 +0,0 @@ -from __future__ import (absolute_import, division, print_function) -__metaclass__ = type - -from ansible.plugins.connection.ssh import Connection as SSHConnection - -DOCUMENTATION = ''' - connection: packer - short_description: ssh based connections for powershell via packer - description: - - This connection plugin allows ansible to communicate to the target packer machines via ssh based connections for powershell. - author: Packer Community - version_added: na - options: - host: - description: Hostname/ip to connect to. - default: inventory_hostname - vars: - - name: ansible_host - - name: ansible_ssh_host - host_key_checking: - description: Determines if ssh should check host keys - type: boolean - ini: - - section: defaults - key: 'host_key_checking' - - section: ssh_connection - key: 'host_key_checking' - version_added: '2.5' - env: - - name: ANSIBLE_HOST_KEY_CHECKING - - name: ANSIBLE_SSH_HOST_KEY_CHECKING - version_added: '2.5' - vars: - - name: ansible_host_key_checking - version_added: '2.5' - - name: ansible_ssh_host_key_checking - version_added: '2.5' - password: - description: Authentication password for the C(remote_user). Can be supplied as CLI option. - vars: - - name: ansible_password - - name: ansible_ssh_pass - ssh_args: - description: Arguments to pass to all ssh cli tools - default: '-C -o ControlMaster=auto -o ControlPersist=60s' - ini: - - section: 'ssh_connection' - key: 'ssh_args' - env: - - name: ANSIBLE_SSH_ARGS - ssh_common_args: - description: Common extra args for all ssh CLI tools - vars: - - name: ansible_ssh_common_args - ssh_executable: - default: ssh - description: - - This defines the location of the ssh binary. It defaults to ``ssh`` which will use the first ssh binary available in $PATH. - - This option is usually not required, it might be useful when access to system ssh is restricted, - or when using ssh wrappers to connect to remote hosts. - env: [{name: ANSIBLE_SSH_EXECUTABLE}] - ini: - - {key: ssh_executable, section: ssh_connection} - #const: ANSIBLE_SSH_EXECUTABLE - version_added: "2.2" - sftp_executable: - default: sftp - description: - - This defines the location of the sftp binary. It defaults to ``sftp`` which will use the first binary available in $PATH. - env: [{name: ANSIBLE_SFTP_EXECUTABLE}] - ini: - - {key: sftp_executable, section: ssh_connection} - version_added: "2.6" - scp_executable: - default: scp - description: - - This defines the location of the scp binary. It defaults to `scp` which will use the first binary available in $PATH. - env: [{name: ANSIBLE_SCP_EXECUTABLE}] - ini: - - {key: scp_executable, section: ssh_connection} - version_added: "2.6" - scp_extra_args: - description: Extra exclusive to the ``scp`` CLI - vars: - - name: ansible_scp_extra_args - sftp_extra_args: - description: Extra exclusive to the ``sftp`` CLI - vars: - - name: ansible_sftp_extra_args - ssh_extra_args: - description: Extra exclusive to the 'ssh' CLI - vars: - - name: ansible_ssh_extra_args - retries: - # constant: ANSIBLE_SSH_RETRIES - description: Number of attempts to connect. - default: 3 - type: integer - env: - - name: ANSIBLE_SSH_RETRIES - ini: - - section: connection - key: retries - - section: ssh_connection - key: retries - port: - description: Remote port to connect to. - type: int - default: 22 - ini: - - section: defaults - key: remote_port - env: - - name: ANSIBLE_REMOTE_PORT - vars: - - name: ansible_port - - name: ansible_ssh_port - remote_user: - description: - - User name with which to login to the remote server, normally set by the remote_user keyword. - - If no user is supplied, Ansible will let the ssh client binary choose the user as it normally - ini: - - section: defaults - key: remote_user - env: - - name: ANSIBLE_REMOTE_USER - vars: - - name: ansible_user - - name: ansible_ssh_user - pipelining: - default: ANSIBLE_PIPELINING - description: - - Pipelining reduces the number of SSH operations required to execute a module on the remote server, - by executing many Ansible modules without actual file transfer. - - This can result in a very significant performance improvement when enabled. - - However this conflicts with privilege escalation (become). - For example, when using sudo operations you must first disable 'requiretty' in the sudoers file for the target hosts, - which is why this feature is disabled by default. - env: - - name: ANSIBLE_PIPELINING - #- name: ANSIBLE_SSH_PIPELINING - ini: - - section: defaults - key: pipelining - #- section: ssh_connection - # key: pipelining - type: boolean - vars: - - name: ansible_pipelining - - name: ansible_ssh_pipelining - private_key_file: - description: - - Path to private key file to use for authentication - ini: - - section: defaults - key: private_key_file - env: - - name: ANSIBLE_PRIVATE_KEY_FILE - vars: - - name: ansible_private_key_file - - name: ansible_ssh_private_key_file - control_path: - description: - - This is the location to save ssh's ControlPath sockets, it uses ssh's variable substitution. - - Since 2.3, if null, ansible will generate a unique hash. Use `%(directory)s` to indicate where to use the control dir path setting. - env: - - name: ANSIBLE_SSH_CONTROL_PATH - ini: - - key: control_path - section: ssh_connection - control_path_dir: - default: ~/.ansible/cp - description: - - This sets the directory to use for ssh control path if the control path setting is null. - - Also, provides the `%(directory)s` variable for the control path setting. - env: - - name: ANSIBLE_SSH_CONTROL_PATH_DIR - ini: - - section: ssh_connection - key: control_path_dir - sftp_batch_mode: - default: 'yes' - description: 'TODO: write it' - env: [{name: ANSIBLE_SFTP_BATCH_MODE}] - ini: - - {key: sftp_batch_mode, section: ssh_connection} - type: bool - scp_if_ssh: - default: smart - description: - - "Prefered method to use when transfering files over ssh" - - When set to smart, Ansible will try them until one succeeds or they all fail - - If set to True, it will force 'scp', if False it will use 'sftp' - env: [{name: ANSIBLE_SCP_IF_SSH}] - ini: - - {key: scp_if_ssh, section: ssh_connection} - use_tty: - version_added: '2.5' - default: 'yes' - description: add -tt to ssh commands to force tty allocation - env: [{name: ANSIBLE_SSH_USETTY}] - ini: - - {key: usetty, section: ssh_connection} - type: bool - yaml: {key: connection.usetty} -''' - -class Connection(SSHConnection): - ''' ssh based connections for powershell via packer''' - - transport = 'packer' - has_pipelining = True - become_methods = [] - allow_executable = False - module_implementation_preferences = ('.ps1', '') - - def __init__(self, *args, **kwargs): - super(Connection, self).__init__(*args, **kwargs) \ No newline at end of file diff --git a/ansible/windows_update.yml b/ansible/windows_update.yml index c1bacecd..2fb5cd76 100644 --- a/ansible/windows_update.yml +++ b/ansible/windows_update.yml @@ -1,6 +1,6 @@ - hosts: all tasks: - - name: Install only security updates + - name: Install security updates, critical updates and update rollups win_updates: category_names: - SecurityUpdates diff --git a/ansible/windows_update_security_updates.yml b/ansible/windows_update_security_updates.yml index e1cc1dc4..ca16afab 100644 --- a/ansible/windows_update_security_updates.yml +++ b/ansible/windows_update_security_updates.yml @@ -1,6 +1,6 @@ - hosts: all tasks: - - name: Install only security updates + - name: Install security updates win_updates: category_names: - SecurityUpdates diff --git a/scripts/win-7-update-2016-convenience-rollup.ps1 b/scripts/win-7-update-2016-convenience-rollup.ps1 index a10e54ef..aea849c9 100644 --- a/scripts/win-7-update-2016-convenience-rollup.ps1 +++ b/scripts/win-7-update-2016-convenience-rollup.ps1 @@ -10,7 +10,19 @@ Write-Host "$(Get-Date -Format G): Extracting $update" Start-Process -FilePath "wusa.exe" -ArgumentList "C:\Updates\$kbid.msu /extract:C:\Updates" -Wait Write-Host "$(Get-Date -Format G): Installing $update" -Start-Process -FilePath "dism.exe" -ArgumentList "/online /add-package /PackagePath:C:\Updates\$kbid.cab /quiet /norestart /LogPath:C:\Windows\Temp\$kbid.log" -Wait +$process = (Start-Process -FilePath "dism.exe" -ArgumentList "/online /add-package /PackagePath:C:\Updates\$kbid.cab /quiet /norestart /LogPath:C:\Windows\Temp\$kbid.log" -PassThru) + +# https://stackoverflow.com/questions/10262231/obtaining-exitcode-using-start-process-and-waitforexit-instead-of-wait#comment71507068_23797762 +$handle = $process.Handle # cache proc.Handle + +while ($null -eq $process.ExitCode) +{ + Write-Host "$(Get-Date -Format G): Convenience rollup update for Windows 7 is still installing (PID $($process.Id))" + Wait-Process -Id $process.Id -Timeout 180 -ErrorAction SilentlyContinue + $process.Refresh() +} + +Write-Host "$(Get-Date -Format G): Convenience rollup update for Windows 7 exited with exit code $($process.ExitCode)" Remove-Item -LiteralPath "C:\Updates" -Force -Recurse Write-Host "$(Get-Date -Format G): Finished installing $update. The VM will now reboot and continue the installation process." \ No newline at end of file diff --git a/scripts/win-7-update-sp1.ps1 b/scripts/win-7-update-sp1.ps1 index b89472a6..e068013b 100644 --- a/scripts/win-7-update-sp1.ps1 +++ b/scripts/win-7-update-sp1.ps1 @@ -16,7 +16,19 @@ Write-Host "$(Get-Date -Format G): Downloading Windows 7 Service Pack 1" (New-Object Net.WebClient).DownloadFile("https://download.microsoft.com/download/0/A/F/0AFB5316-3062-494A-AB78-7FB0D4461357/windows6.1-KB976932-X64.exe", "C:\Updates\windows6.1-KB976932-X64.exe") Write-Host "$(Get-Date -Format G): Installing Windows 7 Service Pack 1" -Start-Process -FilePath "C:\Updates\Windows6.1-KB976932-X64.exe" -ArgumentList "/unattend /nodialog /norestart" -Wait +$process = (Start-Process -FilePath "C:\Updates\Windows6.1-KB976932-X64.exe" -ArgumentList "/unattend /nodialog /norestart" -PassThru) + +# https://stackoverflow.com/questions/10262231/obtaining-exitcode-using-start-process-and-waitforexit-instead-of-wait#comment71507068_23797762 +$handle = $process.Handle # cache proc.Handle + +while ($null -eq $process.ExitCode) +{ + Write-Host "$(Get-Date -Format G): Windows 7 Service Pack 1 is still installing (PID $($process.Id))" + Wait-Process -Id $process.Id -Timeout 180 -ErrorAction SilentlyContinue + $process.Refresh() +} + +Write-Host "$(Get-Date -Format G): Windows 7 Service Pack 1 exited with exit code $($process.ExitCode)" Remove-Item -LiteralPath "C:\Updates" -Force -Recurse diff --git a/windows_7.json b/windows_7.json index deaac5d6..457a65ed 100644 --- a/windows_7.json +++ b/windows_7.json @@ -197,12 +197,9 @@ "type": "windows-restart" }, { - "extra_arguments": [ - "--extra-vars", - "ansible_shell_type=powershell ansible_shell_executable=None", - "--connection", - "packer" - ], + "user": "vagrant", + "use_proxy": false, + "extra_arguments": ["-e", "ansible_winrm_server_cert_validation=ignore", "-e", "ansible_winrm_scheme=http"], "playbook_file": "./ansible/windows_update_security_updates.yml", "type": "ansible" }, @@ -211,12 +208,9 @@ "type": "windows-restart" }, { - "extra_arguments": [ - "--extra-vars", - "ansible_shell_type=powershell ansible_shell_executable=None", - "--connection", - "packer" - ], + "user": "vagrant", + "use_proxy": false, + "extra_arguments": ["-e", "ansible_winrm_server_cert_validation=ignore", "-e", "ansible_winrm_scheme=http"], "playbook_file": "./ansible/windows_update.yml", "type": "ansible" },