Configures WSUS clients to retrieve approved updates.
The PowerShell script will always fail if run via the winrm vagrant provider as the IUpdateSession::CreateUpdateDownloader is not available remotely.
The Microsoft.Update.Session object keeps a log in: C:\Windows\WindowsUpdate.log
This cookbook recommends Chef 12.6+.
- Windows XP
- Windows Vista
- Windows Server 2003 R2
- Windows 7
- Windows Server 2008 (R1, R2)
- Windows 8 and 8.1
- Windows Server 2012 (R1, R2)
- Windows 10
- Windows Server 2016
Using this cookbook is quite easy; add the desired recipes to the run list of a node, or role. Adjust any attributes as desired. For example, to configure a windows server role that connects to your WSUS server:
$ cat roles/updated_windows_server.rb
name 'updated_windows_server'
description 'Setup a windows server to keep up-to-date'
run_list(
'wsus-client::default'
)
default_attributes(
wsus_client: {
wsus_server: 'http://wsus-server.my-corporation.com:8530',
update_group: 'updated_server2015',
},
)This provider allows to synchronously download and/or install available windows updates.
| Action | Description |
|---|---|
| download | Download available updates |
| install | Install downloaded updates |
NOTE: The default behavior is
[:download, :install]
| Attribute | Description | Type | Default |
|---|---|---|---|
| actions | An array of actions to perform (see. actions above) | Symbol array | [:download, :install] |
| name | Name of the resource | String | |
| download_timeout | Time alloted to the download operation before failing | Integer | 3600 |
| install_timeout | Time alloted to the install operation before failing | Integer | 3600 |
| handle_reboot | Indicate whether to reboot or not after update install | TrueClass, FalseClass | false |
| reboot_delay | The amount of time (in minutes) to delay the reboot | Integer | 1 |
Convenience recipe that configures WSUS client and performs a synchronous update.
It basically includes wsus-client::configure and wsus-client::update
This recipe modifies the Windows registry to configure WSUS update settings.
The following attributes are used to configure the wsus-client::configure recipe, accessible via node['wsus_client'][attribute].
| Attribute | Description | Type | Default |
|---|---|---|---|
| wsus_server | Defines a custom WSUS server to use instead of Microsoft Windows Update server | String, URI | nil |
| update_group | Defines the current computer update group. (see client-side targeting) | String | nil |
| disable_windows_update_access | Disables access to Windows Update (or your WSUS server) | TrueClass, FalseClass | false |
| enable_non_microsoft_updates | Allows signed non-Microsoft updates. | TrueClass, FalseClass | true |
| allow_user_to_install_updates | Authorizes Users to approve or disapprove updates. | TrueClass, FalseClass | false |
| auto_install_minor_updates | Defines whether minor update should be automatically installed. | TrueClass, FalseClass | false |
| no_reboot_with_logged_users | Disables automatic reboot with logged-on users. | TrueClass, FalseClass | true |
| automatic_update_behavior | Defines auto update behavior. | Symbol* |
:disabled |
| detection_frequency | Defines times in hours between detection cycles. | FixNum | 22 |
| schedule_install_day | Defines the day of the week to schedule update install. | Symbol** |
:every_day |
| schedule_install_time | Defines the time of day in 24-hour format to schedule update install. | FixNum (1-23) | 0 |
| schedule_retry_wait | Defines the time in minutes to wait at startup before applying update from a missed scheduled time | FixNum (0-60) | 0 |
| reboot_warning | Defines time in minutes of the restart warning countdown after reboot-required updates automatic install | FixNum (1-30) | 5 |
| reboot_prompt_timeout | Defines time in minutes between prompts for a scheduled restart | FixNum (1-1440) | 10 |
* automatic_update_behavior values are:
# :disabled = Disables automatic updates
# :detect = Only notify users of new updates
# :download = Download updates, but let users install them
# :install = Download and install updates
# :manual = Lets the users configure the behavior** schedule_install_day possible values are: :every_day, :sunday, :monday, :tuesday, :wednesday, :thursday, :friday, :saturday
This recipe performs a synchronous detection and install of available Windows updates.
The following attributes are used to configure the wsus-client::update recipe, accessible via node['wsus_client']['update'][attribute].
| Attribute | Description | Type | Default |
|---|---|---|---|
| action | Define actions performed by the update recipe. | Array of symbols | [:download, :install] |
| download_timeout | Time alloted to the download operation before failing. | Integer | 3600 |
| install_timeout | Time alloted to the install operation before failing. | Integer | 3600 |
| handle_reboot | Indicate whether to reboot or not after update install. | TrueClass, FalseClass | false |
| reboot_delay | The amount of time (in minutes) to delay the reboot. | Integer | 1 |
- Fork the repository on Github
- Create a named feature branch (like
add_component_x) - Write your change
- Write tests for your change (if applicable)
- Run the tests, ensuring they all pass
- Submit a Pull Request using Github
Authors: Baptiste Courtois (b.courtois@criteo.com)
Copyright 2014-2015, Criteo.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.