Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

win_updates installing network driver from Microsoft Windows Updates causes error #668

Open
agibson2 opened this issue Oct 16, 2024 · 0 comments

Comments

@agibson2
Copy link
Contributor

agibson2 commented Oct 16, 2024

SUMMARY

When windows updates with the Drivers category included, An error is generated when a network driver is installed.

ISSUE TYPE

Bug

COMPONENT NAME

win_updates

ANSIBLE VERSION
I am using the ansible version included with the latest up-to-date Rocky Linux 9 (similar to RHEL 9).
ansible [core 2.14.14]
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible
  python version = 3.9.18 (main, Aug 23 2024, 00:00:00) [GCC 11.4.1 20231218 (Red Hat 11.4.1-3)] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True
COLLECTION VERSION
I am using the collections updated and pulled using ansible-galaxy
Collection        Version
----------------- -------
ansible.posix     1.6.1
ansible.windows   2.5.0
community.general 9.5.0
community.windows 2.3.0
CONFIGURATION
COLOR_DEBUG(/home/ansible/.ansible.cfg) = bright gray
CONFIG_FILE() = /home/ansible/.ansible.cfg
OS / ENVIRONMENT

Windows Server 2022 ( 21H2 OS Build 20348.2762)

STEPS TO REPRODUCE

run win_updates on target server when it needs network driver update from Windows Updates

- name: Create win_updates log directory
  win_file:
    path: C:\Support\win_updates
    state: directory
  changed_when: no

- name: "{{ 'Check' if ansible_check_mode else 'Apply' }} updates"
  win_updates:
    category_names:
      - SecurityUpdates
      - CriticalUpdates
      - Updates
      - Update Rollups
      - FeaturePacks
      - Drivers
    state: installed
    reboot: yes
    skip_optional: yes
    reboot_timeout: 1800
    log_path: C:\Support\win_updates\apply_wulog.txt
    reject_list:
      - ' Preview '
  register: update_result

- name: Show updates
  vars:
    msg: |
        {% for k in update_result.updates %}
        {{ 'Needed' if ansible_check_mode else 'Installed' }}: {{ update_result.updates[k].title }}
        {% endfor %}
        {% for kk in update_result.filtered_updates %}
        Filtered:{{ update_result.filtered_updates[kk].title }} ({{ update_result.filtered_updates[kk].filtered_reason }})
        {% endfor %}
  debug:
    msg: "{{ msg.split('\n')[:-1] }}"
EXPECTED RESULTS

Update to succeed without an error. When the driver gets updated, the network is unavailable for several seconds or so. I would expect it to retry for some amount of time to get the results instead of failing.

ACTUAL RESULTS

Running the win_updates task causes an error when the network connection is brought down for the driver update.


Running a in check mode shows these updates are needed.  The one causing problems is Broadcom Inc. - Net - 1.9.19.0 network driver update.
*** This output is from check mode
changed: [10.254.254.62] => {"changed": true, "failed_update_count": 0, "filtered_updates": {"cc09b5bd-2a04-49ed-8a6a-31116f758e7e": {"categories": ["Definition Updates", "Microsoft Defender Antivirus"], 
"downloaded": false, "filtered_reason": "category_names", "filtered_reasons": ["category_names"], "id": 
"cc09b5bd-2a04-49ed-8a6a-31116f758e7e", "installed": false, "kb": ["2267602"], "title": "Security Intelligence Update for 
Microsoft Defender Antivirus - KB2267602(Version 1.419.532.0) - Current Channel (Broad)"}}, "found_update_count": 
2,"installed_update_count": 0, "reboot_required": false, "rebooted": false, "updates": {"7a31ed63-6ecb-4c37-
baab-0376417b3af1": {"categories": ["Drivers"], "downloaded": false, "id": "7a31ed63-6ecb-4c37-baab-0376417b3af1", 
"installed": false, "kb": [], "title": "Broadcom Inc. - System - 9.8.18.1"}, "b8ea6ec3-d055-46d7-8d6a-820573f4d9e0": 
{"categories": ["Drivers"], "downloaded": false, "id": "b8ea6ec3-d055-46d7-8d6a-820573f4d9e0", "installed": false, "kb": [],
 "title": "Broadcom Inc. - Net - 1.9.19.0"}}}


Running when not in check mode to apply the updates, this is the results...

Ansible vault playbook password:
ansible-playbook [core 2.14.14]
  config file = /home/ansible/.ansible.cfg
  configured module search path = ['/home/ansible/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /home/ansible/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/bin/ansible-playbook
  python version = 3.9.18 (main, Aug 23 2024, 00:00:00) [GCC 11.4.1 20231218 (Red Hat 11.4.1-3)] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True
Using /home/ansible/.ansible.cfg as config file
setting up inventory plugins
host_list declined parsing /home/ansible/Windows/hosts-production as it did not pass its verify_file() method
script declined parsing /home/ansible/Windows/hosts-production as it did not pass its verify_file() method
auto declined parsing /home/ansible/Windows/hosts-production as it did not pass its verify_file() method
Parsed /home/ansible/Windows/hosts-production inventory source with ini plugin
Loading callback plugin default of type stdout, v2.0 from /usr/lib/python3.9/site-packages/ansible/plugins/callback/default.py
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a st�dout callback.
Skipping callback 'oneline', as we already have a stdout callback.

PLAYBOOK: winupdates-production.yaml ********************************************************************************************************************************************************************************************************
Positional arguments: winupdates-production.yaml
verbosity: 4
connection: smart
timeout: 10
become_method: sudo
tags: ('all',)
inventory: ('/home/ansible/Windows/hosts-production',)
subset: 10.254.254.62
vault_password_files: ('/home/ansible/.ansiblepw',)
forks: 5
2 plays in winupdates-production.yaml

PLAY [all] ************************************************************************************************************************
skipping: no hosts matched

PLAY [all] ***
Trying secret FileVaultSecret(filename='/home/ansible/.ansiblepw') for vault_id=default

TASK [Gathering Facts] **********************************************************************************************************************************************************************************************************************
task path: /home/ansible/Windows/winupdates-production.yaml:7
redirecting (type: modules) ansible.builtin.setup to ansible.windows.setup
Loading collection ansible.windows from /home/ansible/.ansible/collections/ansible_collections/ansible/windows
[WARNING]: Collection ansible.windows does not support Ansible version 2.14.14
Using module file /home/ansible/.ansible/collections/ansible_collections/ansible/windows/plugins/modules/setup.ps1
Pipelining is enabled.
<10.254.254.62> ESTABLISH PSRP CONNECTION FOR USER: administrator ON PORT 5985 TO 10.254.254.62
PSRP: EXEC (via pipeline wrapper)
ok: [10.254.254.62]

TASK [windows_updates : include_tasks] ******************************************************************************************************************************************************************************************************
task path: /home/ansible/Windows/roles/windows_updates/tasks/main.yml:1
redirecting (type: modules) ansible.builtin.win_file to ansible.windows.win_file
Loading collection ansible.windows from /home/ansible/.ansible/collections/ansible_collections/ansible/windows
[WARNING]: Collection ansible.windows does not support Ansible version 2.14.14
redirecting (type: action) ansible.builtin.win_updates to ansible.windows.win_updates
included: /home/ansible/Windows/roles/windows_updates/tasks/wu.yml for 10.254.254.62

TASK [windows_updates : Create win_updates log directory] ***********************************************************************************************************************************************************************************
task path: /home/ansible/Windows/roles/windows_updates/tasks/wu.yml:1
redirecting (type: modules) ansible.builtin.win_file to ansible.windows.win_file
redirecting (type: modules) ansible.builtin.win_file to ansible.windows.win_file
Using module file /home/ansible/.ansible/collections/ansible_collections/ansible/windows/plugins/modules/win_file.ps1
Pipelining is enabled.
<10.254.254.62> ESTABLISH PSRP CONNECTION FOR USER: administrator ON PORT 5985 TO 10.254.254.62
PSRP: EXEC (via pipeline wrapper)
ok: [10.254.254.62] => {
    "changed": false
}
redirecting (type: action) ansible.builtin.win_updates to ansible.windows.win_updates

TASK [windows_updates : Apply updates (default)] ********************************************************************************************************************************************************************************************
task path: /home/ansible/Windows/roles/windows_updates/tasks/wu.yml:9
redirecting (type: modules) ansible.builtin.win_updates to ansible.windows.win_updates
redirecting (type: action) ansible.builtin.win_updates to ansible.windows.win_updates
redirecting (type: action) ansible.builtin.win_updates to ansible.windows.win_updates
<10.254.254.62> Running win_updates - round 1
<10.254.254.62> Starting update task
Using module file /home/ansible/.ansible/collections/ansible_collections/ansible/windows/plugins/modules/win_updates.ps1
Pipelining is enabled.
<10.254.254.62> ESTABLISH PSRP CONNECTION FOR USER: administrator ON PORT 5985 TO 10.254.254.62
PSRP: EXEC (via pipeline wrapper)
<10.254.254.62> Starting polling for update results
Using module file /home/ansible/.ansible/collections/ansible_collections/ansible/windows/plugins/modules/win_updates.ps1
Pipelining is enabled.
PSRP: EXEC (via pipeline wrapper)
Using module file /home/ansible/.ansible/collections/ansible_collections/ansible/windows/plugins/modules/win_updates.ps1
Pipelining is enabled.
PSRP: EXEC (via pipeline wrapper)
[WARNING]: Connection failure when polling update result - attempting to retry: HTTPConnectionPool(host='10.254.254.62', port=5985): Read timed out. (read timeout=30)
Using module file /home/ansible/.ansible/collections/ansible_collections/ansible/windows/plugins/modules/win_updates.ps1
Pipelining is enabled.
PSRP: EXEC (via pipeline wrapper)
[WARNING]: Unknown failure when polling update result - attempting to cancel task: Bad HTTP response returned from the server. Code: 400, Content: ''
Using module file /home/ansible/.ansible/collections/ansible_collections/ansible/windows/plugins/modules/win_updates.ps1
Pipelining is enabled.
PSRP: EXEC (via pipeline wrapper)
[WARNING]: Unknown failure when cancelling update task: Bad HTTP response returned from the server. Code: 400, Content: ''
The full traceback is:
Traceback (most recent call last):
  File "/home/ansible/.local/lib/python3.9/site-packages/pypsrp/wsman.py", line 474, in invoke
    raise self._parse_wsman_fault(err.response_text)
  File "/home/ansible/.local/lib/python3.9/site-packages/pypsrp/wsman.py", line 598, in _parse_wsman_fault
    xml = ET.fromstring(xml_text)
  File "/usr/lib64/python3.9/xml/etree/ElementTree.py", line 1343, in XML
    return parser.close()
xml.etree.ElementTree.ParseError: no element found: line 1, column 0

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/ansible/.ansible/collections/ansible_collections/ansible/windows/plugins/action/win_updates.py", line 679, in run
    result = self._run_sync(task_vars, module_options, reboot, reboot_timeout)
  File "/home/ansible/.ansible/collections/ansible_collections/ansible/windows/plugins/action/win_updates.py", line 752, in _run_sync
    update_result = self._run_updates(task_vars, module_options)
  File "/home/ansible/.ansible/collections/ansible_collections/ansible/windows/plugins/action/win_updates.py", line 862, in _run_updates
    poll_result = self._execute_win_updates(
  File "/home/ansible/.ansible/collections/ansible_collections/ansible/windows/plugins/action/win_updates.py", line 920, in _execute_win_updates
    result = self._execute_module(
  File "/usr/lib/python3.9/site-packages/ansible/plugins/action/__init__.py", line 1167, in _execute_module
    res = self._low_level_execute_command(cmd, sudoable=sudoable, in_data=in_data)
  File "/usr/lib/python3.9/site-packages/ansible/plugins/action/__init__.py", line 1320, in _low_level_execute_command
    rc, stdout, stderr = self._connection.exec_command(cmd, in_data=in_data, sudoable=sudoable)
  File "/usr/lib/python3.9/site-packages/ansible/plugins/connection/psrp.py", line 463, in exec_command
    rc, stdout, stderr = self._exec_psrp_script(script, in_data)
  File "/usr/lib/python3.9/site-packages/ansible/plugins/connection/psrp.py", line 820, in _exec_psrp_script
    ps.invoke(input=input_data)
  File "/home/ansible/.local/lib/python3.9/site-packages/pypsrp/powershell.py", line 1217, in invoke
    self.begin_invoke(input, add_to_history, apartment_state, redirect_shell_error_to_out, remote_stream_options)
  File "/home/ansible/.local/lib/python3.9/site-packages/pypsrp/powershell.py", line 1152, in begin_invoke
    self._invoke(create_pipeline)
  File "/home/ansible/.local/lib/python3.9/site-packages/pypsrp/powershell.py", line 1427, in _invoke
    resp = self.runspace_pool.shell.command("", arguments=[first_frag], command_id=self.id)
  File "/home/ansible/.local/lib/python3.9/site-packages/pypsrp/shell.py", line 151, in command
    return self.wsman.command(self.resource_uri, cmd, option_set=options, selector_set=self._selector_set)
  File "/home/ansible/.local/lib/python3.9/site-packages/pypsrp/wsman.py", line 268, in command
    res = self.invoke(WSManAction.COMMAND, resource_uri, resource, option_set, selector_set, timeout)
  File "/home/ansible/.local/lib/python3.9/site-packages/pypsrp/wsman.py", line 481, in invoke
    raise err
  File "/home/ansible/.local/lib/python3.9/site-packages/pypsrp/wsman.py", line 470, in invoke
    response = self.transport.send(xml)
  File "/home/ansible/.local/lib/python3.9/site-packages/pypsrp/wsman.py", line 837, in send
    return self._send_request(prep_request)
  File "/home/ansible/.local/lib/python3.9/site-packages/pypsrp/wsman.py", line 862, in _send_request
    raise WinRMTransportError("http", code, response_text)
pypsrp.exceptions.WinRMTransportError: Bad HTTP response returned from the server. Code: 400, Content: ''
fatal: [10.254.254.62]: FAILED! => {
    "changed": false,
    "failed_update_count": 0,
    "filtered_updates": {},
    "found_update_count": 0,
    "installed_update_count": 0,
    "invocation": {
        "module_args": {
            "accept_list": null,
            "category_names": [
                "SecurityUpdates",
                "CriticalUpdates",
                "Updates",
                "Update Rollups",
                "FeaturePacks",
                "Drivers"
            ],
            "log_path": "C:\\Support\\win_updates\\apply_wulog.txt",
            "reboot": true,
            "reboot_timeout": 1800,
            "reject_list": [
                " Preview ",
            ],
            "server_selection": "default",
            "skip_optional": true,
            "state": "installed"
        }
    },
    "msg": "Bad HTTP response returned from the server. Code: 400, Content: ''",
    "updates": {}
}

PLAY RECAP **********************************************************************************************************************************************************************************************************************************
10.254.254.62                : ok=3    changed=0    unreachable=0    failed=1    skipped=0    rescued=0    ignored=0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant