Skip to main content
Redhat Developers  Logo
  • Products

    Featured

    • Red Hat Enterprise Linux
      Red Hat Enterprise Linux Icon
    • Red Hat OpenShift AI
      Red Hat OpenShift AI
    • Red Hat Enterprise Linux AI
      Linux icon inside of a brain
    • Image mode for Red Hat Enterprise Linux
      RHEL image mode
    • Red Hat OpenShift
      Openshift icon
    • Red Hat Ansible Automation Platform
      Ansible icon
    • Red Hat Developer Hub
      Developer Hub
    • View All Red Hat Products
    • Linux

      • Red Hat Enterprise Linux
      • Image mode for Red Hat Enterprise Linux
      • Red Hat Universal Base Images (UBI)
    • Java runtimes & frameworks

      • JBoss Enterprise Application Platform
      • Red Hat build of OpenJDK
    • Kubernetes

      • Red Hat OpenShift
      • Microsoft Azure Red Hat OpenShift
      • Red Hat OpenShift Virtualization
      • Red Hat OpenShift Lightspeed
    • Integration & App Connectivity

      • Red Hat Build of Apache Camel
      • Red Hat Service Interconnect
      • Red Hat Connectivity Link
    • AI/ML

      • Red Hat OpenShift AI
      • Red Hat Enterprise Linux AI
    • Automation

      • Red Hat Ansible Automation Platform
      • Red Hat Ansible Lightspeed
    • Developer tools

      • Red Hat Trusted Software Supply Chain
      • Podman Desktop
      • Red Hat OpenShift Dev Spaces
    • Developer Sandbox

      Developer Sandbox
      Try Red Hat products and technologies without setup or configuration fees for 30 days with this shared Openshift and Kubernetes cluster.
    • Try at no cost
  • Technologies

    Featured

    • AI/ML
      AI/ML Icon
    • Linux
      Linux Icon
    • Kubernetes
      Cloud icon
    • Automation
      Automation Icon showing arrows moving in a circle around a gear
    • View All Technologies
    • Programming Languages & Frameworks

      • Java
      • Python
      • JavaScript
    • System Design & Architecture

      • Red Hat architecture and design patterns
      • Microservices
      • Event-Driven Architecture
      • Databases
    • Developer Productivity

      • Developer productivity
      • Developer Tools
      • GitOps
    • Secure Development & Architectures

      • Security
      • Secure coding
    • Platform Engineering

      • DevOps
      • DevSecOps
      • Ansible automation for applications and services
    • Automated Data Processing

      • AI/ML
      • Data Science
      • Apache Kafka on Kubernetes
      • View All Technologies
    • Start exploring in the Developer Sandbox for free

      sandbox graphic
      Try Red Hat's products and technologies without setup or configuration.
    • Try at no cost
  • Learn

    Featured

    • Kubernetes & Cloud Native
      Openshift icon
    • Linux
      Rhel icon
    • Automation
      Ansible cloud icon
    • Java
      Java icon
    • AI/ML
      AI/ML Icon
    • View All Learning Resources

    E-Books

    • GitOps Cookbook
    • Podman in Action
    • Kubernetes Operators
    • The Path to GitOps
    • View All E-books

    Cheat Sheets

    • Linux Commands
    • Bash Commands
    • Git
    • systemd Commands
    • View All Cheat Sheets

    Documentation

    • API Catalog
    • Product Documentation
    • Legacy Documentation
    • Red Hat Learning

      Learning image
      Boost your technical skills to expert-level with the help of interactive lessons offered by various Red Hat Learning programs.
    • Explore Red Hat Learning
  • Developer Sandbox

    Developer Sandbox

    • Access Red Hat’s products and technologies without setup or configuration, and start developing quicker than ever before with our new, no-cost sandbox environments.
    • Explore Developer Sandbox

    Featured Developer Sandbox activities

    • Get started with your Developer Sandbox
    • OpenShift virtualization and application modernization using the Developer Sandbox
    • Explore all Developer Sandbox activities

    Ready to start developing apps?

    • Try at no cost
  • Blog
  • Events
  • Videos

Managing Windows Updates with Ansible in Red Hat Enterprise Linux

June 2, 2017
Jose Angel Munoz
Related topics:
DevOpsLinux
Related products:
Streams for Apache KafkaRed Hat Enterprise Linux

Share:

    Introduction

    When looking for installation instructions of Ansible under RHEL, I have always have found two ways:

    1. With epel-release (Which I don't like just because I want to keep my system clean).
    2. From source code (Which I don't like either for the same reason).

    Packages Installation

    For me, the right approach for the installation is installing from the Official Red Hat Repository and following the instructions below:

    Select the server-extras-beta repository (Here we will find the ansible packages)

    subscription-manager repos --enable=rhel-7-server-extras-beta-rpms

    Install some extra packages we will need later (in order to install some python packages and have Kerberos auth for Windows):

    yum -y install gcc python-devel krb5-devel krb5-workstation

    And go for Ansible installation:

    yum install -y ansible

    And now, the non-standard part. We will use pip in for the Kerberos Authentication support.

    easy_install pip
    pip install https://github.com/diyan/pywinrm/archive/master.zip#egg=pywinrm
    pip install kerberos
    pip install requests_Kerberos

    Ansible Configuration

    Edit the Ansible hosts file adding the Windows Servers and the Kerberos Authentication:

    /etc/ansible/hosts

    [windows]
    server.domain.com
    appserver.domain.com

    [windows:vars]
    ansible_ssh_user=user@DOMAIN.COM
    ansible_ssh_pass=SecretPassword
    ansible_ssh_port=5986
    ansible_connection=winrm
    ansible_winrm_server_cert_validation=ignore

    Edit the Kerberos Configuration file and add your domain configuration

    /etc/krb5.conf

    # Configuration snippets may be placed in this directory as well
    includedir /etc/krb5.conf.d/
    
    [logging]
    default = FILE:/var/log/krb5libs.log
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/kadmind.log
    
    [libdefaults]
    dns_lookup_realm = false
    ticket_lifetime = 24h
    renew_lifetime = 7d
    forwardable = true
    rdns = false
    default_realm = DOMAIN.COM
    default_ccache_name = KEYRING:persistent:%{uid}
    default_tgs_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
    default_tkt_enctypes = arcfour-hmac-md5 des-cbc-crc des-cbc-md5
    
    [realms]
    DOMAIN.COM = {
      kdc = server.domain.com
      admin_server = server.domain.com
    }
    
    [domain_realm]
    .domain.com = DOMAIN.COM
    domain.com = DOMAIN.COM

    Windows Configuration

    Under the Windows Servers (Mine are 2012R2), we will download and run the following script as follows:

    ConfigureRemotingForAnsible.ps1

    powershell.exe -File ConfigureRemotingForAnsible.ps1 -ForceNewSSLCert

    Server Test

    In order to test our installation, we will ping our server with the command:

    ansible server.domain.com -m win_ping

    If everything goes right, we will have the following result:

    server.domain.com | SUCCESS => {
      "changed": false,
      "ping": "pong"
    }

    Playbook for Windows Update

    We just want to know if the server has updates available. The following playbook will do the job:

    ---
    # windows-updates.yml
    
    - hosts: windows
      serial: 1
      remote_user: user@DOMAIN.COM
    
      tasks:
    
        # Check of there are missing updates
          - block:
              - name: Check for missing updates.
                win_updates: state=searched
                register: update_count
              - name: List missing updates
                debug: var=update_count

    Running the playbook

    We will be able to run the playbook for a single server with the command:

    ansible-playbook -l appserver.domain.com windows-updates.yml

    We will have two possible results:

    1. If there are updates available

      PLAY [windows] ******************************************************************************************************************************************************************************************************************************
      TASK [Gathering Facts] **********************************************************************************************************************************************************************************************************************
      ok: [appserver.domain.com]
      TASK [Check for missing updates.] ***********************************************************************************************************************************************************************************************************
      changed: [appserver.domain.com]
      TASK [List missing updates] *****************************************************************************************************************************************************************************************************************
      ok: [appserver.domain.com] => {
          "changed": false,
          "update_count": {
              "changed": true,
              "failed_update_count": 0,
              "found_update_count": 3,
              "installed_update_count": 3,
              "reboot_required": true,
              "updates": {
                  "38c0bc96-f072-4bfc-9f5a-c704b1b0b30c": {
                      "id": "38c0bc96-f072-4bfc-9f5a-c704b1b0b30c",
                      "installed": true,
                      "kb": [
                          "890830"
                      ],
                      "title": "Windows Malicious Software Removal Tool for Windows 8, 8.1, 10 and Windows Server 2012, 2012 R2, 2016 x64 Edition - May 2017 (KB890830)"
                  },
                  "5ee9120d-5bfe-4093-8ad6-9e83a6b0f02b": {
                      "id": "5ee9120d-5bfe-4093-8ad6-9e83a6b0f02b",
                      "installed": true,
                      "kb": [
                          "4019114"
                      ],
                      "title": "May, 2017 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 on Windows 8.1 and Windows Server 2012 R2 for x64 (KB4019114)"
                  },
                  "d2281849-7314-4da5-bed1-9e8e4d74b4ed": {
                      "id": "d2281849-7314-4da5-bed1-9e8e4d74b4ed",
                      "installed": true,
                      "kb": [
                          "4019215"
                      ],
                      "title": "2017-05 Security Monthly Quality Rollup for Windows Server 2012 R2 for x64-based Systems (KB4019215)"
                  }
              }
          }
      }
      PLAY RECAP **********************************************************************************************************************************************************************************************************************************
      appserver.domain.com   : ok=3    changed=1    unreachable=0    failed=0
    2. If the System is Up to Date

      server.domain.com | SUCCESS => {
          "changed": false,
          "found_update_count": 0,
          "installed_update_count": 0,
          "reboot_required": true,
          "updates": {}
      }
    Last updated: July 25, 2023

    Recent Posts

    • Storage considerations for OpenShift Virtualization

    • Upgrade from OpenShift Service Mesh 2.6 to 3.0 with Kiali

    • EE Builder with Ansible Automation Platform on OpenShift

    • How to debug confidential containers securely

    • Announcing self-service access to Red Hat Enterprise Linux for Business Developers

    Red Hat Developers logo LinkedIn YouTube Twitter Facebook

    Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform

    Build

    • Developer Sandbox
    • Developer Tools
    • Interactive Tutorials
    • API Catalog

    Quicklinks

    • Learning Resources
    • E-books
    • Cheat Sheets
    • Blog
    • Events
    • Newsletter

    Communicate

    • About us
    • Contact sales
    • Find a partner
    • Report a website issue
    • Site Status Dashboard
    • Report a security problem

    RED HAT DEVELOPER

    Build here. Go anywhere.

    We serve the builders. The problem solvers who create careers with code.

    Join us if you’re a developer, software engineer, web designer, front-end designer, UX designer, computer scientist, architect, tester, product manager, project manager or team lead.

    Sign me up

    Red Hat legal and privacy links

    • About Red Hat
    • Jobs
    • Events
    • Locations
    • Contact Red Hat
    • Red Hat Blog
    • Inclusion at Red Hat
    • Cool Stuff Store
    • Red Hat Summit
    © 2025 Red Hat

    Red Hat legal and privacy links

    • Privacy statement
    • Terms of use
    • All policies and guidelines
    • Digital accessibility

    Report a website issue