/packer-plugin-windows-update

Packer plugin for installing Windows updates

Primary LanguagePowerShellMozilla Public License 2.0MPL-2.0

Packer Windows Update Provisioner

Build status

This is a Packer plugin for installing Windows updates (akin to rgl/vagrant-windows-update).

NB This was only tested with Packer 1.11.2 and the images at rgl/windows-vagrant, so YMMV.

Usage

Configure your packer template to require a release version of the plugin, e.g.:

packer {
  required_plugins {
    windows-update = {
      version = "0.16.8"
      source  = "github.com/rgl/windows-update"
    }
  }
}

Initialize your packer template (it will install the plugin):

packer init your-template.pkr.hcl

Use this provisioner plugin from your packer template file, e.g. like in rgl/windows-vagrant:

build {
  provisioner "windows-update" {
  }
}

Note, the plugin automatically restarts the machine after Windows Updates are applied. The reboots occur similar to the windows-restart provisioner built into packer where packer is aware that a shutdown is in progress.

Search Criteria, Filters and Update Limit

You can select which Windows Updates are installed by defining the search criteria, a set of filters, and how many updates are installed at a time.

Normally you would use one of the following settings:

Name search_criteria filters
Important AutoSelectOnWebSites=1 and IsInstalled=0 $true
Recommended BrowseOnly=0 and IsInstalled=0 $true
All IsInstalled=0 $true
Optional Only AutoSelectOnWebSites=0 and IsInstalled=0 $_.BrowseOnly

NB Recommended is the default setting.

But you can customize them, e.g.:

build {
  provisioner "windows-update" {
    search_criteria = "IsInstalled=0"
    filters = [
      "exclude:$_.Title -like '*Preview*'",
      "include:$true",
    ]
    update_limit = 25
  }
}

NB For more information about the search criteria see the IUpdateSearcher::Search method documentation and the xWindowsUpdateAgent DSC resource source.

NB If the update_limit attribute is not declared, it defaults to 1000.

The general filter syntax is:

ACTION:EXPRESSION

ACTION is a string that can have one of the following values:

action description
include includes the update when the expression evaluates to $true
exclude excludes the update when the expression evaluates to $true

NB If no ACTION evaluates to $true the update will NOT be installed.

EXPRESSION is a PowerShell expression. When it returns $true, the ACTION is executed and no further filters are evaluated.

Inside an expression, the Windows Update IUpdate interface can be referenced by the $_ variable.

Development

Build:

make

Install the rgl/windows-vagrant vagrant box.

Test with QEMU:

make test