cookbook 'wsus-client', '= 1.0.0'
wsus-client (13) Versions 1.0.0 Follow13
Configures wsus client
cookbook 'wsus-client', '= 1.0.0', :supermarket
knife supermarket install wsus-client
knife supermarket download wsus-client
Wsus-client Cookbook
Configures WSUS clients to retrieve approved updates.
Testing
The PowerShell script will always fail if run via the winrm vagrant provider
as the IUpdateSession::CreateUpdateDownloader is not available remotely.
Logs
The Microsoft.Update.Session object keeps a log in: C:\Windows\WindowsUpdate.log
Requirements
This cookbook requires Chef 11.12.0+ because it leverages the guard_interpreter
feature for powershell scripts.
Platforms
- Windows XP
- Windows Vista
- Windows Server 2003 R2
- Windows 7
- Windows Server 2008 (R1, R2)
- Windows 8 and 8.1
- Windows Server 2012 (R1, R2)
Usage
Using this cookbook is quite easy; add the desired recipes to the run list of a node, or role.
Adjust any attributes as desired. For example, to configure a windows server role that connects to your WSUS server:
```ruby
$ cat roles/updated_windows_server.rb
name 'updated_windows_server'
description 'Setup a windows server to keep up-to-date'
run_list(
'wsus-client::default'
)
default_attributes(
wsus_client: {
wsus_server: 'http://wsus-server.my-corporation.com:8530',
update_group: 'updated_server2015',
# allow 3h timeout to synchronize updates
timeout: 10_800,
},
)
```
Recipes
wsus-client::default
Convenience recipe that configures WSUS client and performs a synchronous update.
It basically includes wsus-client::configure
and wsus-client::update
wsus-client::configure
This recipe modifies the Windows registry to configure WSUS update settings.
Attributes
The following attributes are used to configure the wsus-client::configure
recipe, accessible via node['wsus_client'][attribute]
.
Attribute | Description | Type | Default |
---|---|---|---|
wsus_server | Defines a custom WSUS server to use instead of Microsoft Windows Update server | String, URI | nil |
update_group | Defines the current computer update group. (see client-side targeting) | String | nil |
disable_windows_update_access | Disables access to Windows Update (or your WSUS server) | TrueClass, FalseClass | false |
enable_non_microsoft_updates | Allows signed non-Microsoft updates. | TrueClass, FalseClass | true |
allow_user_to_install_updates | Authorizes Users to approve or disapprove updates. | TrueClass, FalseClass | false |
auto_install_minor_updates | Defines whether minor update should be automatically installed. | TrueClass, FalseClass | false |
no_reboot_with_logged_users | Disables automatic reboot with logged-on users. | TrueClass, FalseClass | true |
automatic_update_behavior | Defines auto update behavior. | Symbol*
|
:disabled |
detection_frequency | Defines times in hours between detection cycles. | FixNum | 22 |
schedule_install_day | Defines the day of the week to schedule update install. | Symbol**
|
:every_day |
schedule_install_time | Defines the time of day in 24-hour format to schedule update install. | FixNum (1-23) | 0 |
schedule_retry_wait | Defines the time in minutes to wait at startup before applying update from a missed scheduled time | FixNum (0-60) | 0 |
reboot_warning | Defines time in minutes of the restart warning countdown after reboot-required updates automatic install | FixNum (1-30) | 5 |
reboot_prompt_timeout | Defines time in minutes between prompts for a scheduled restart | FixNum (1-1440) | 10 |
*
automatic_update_behavior values are:
```ruby
:disabled = Disables automatic updates
:detect = Only notify users of new updates
:download = Download updates, but let users install them
:install = Download and install updates
:manual = Lets the users configure the behavior
`**` schedule_install_day possible values are: `:every_day`, `:sunday`, `:monday`, `:tuesday`, `:wednesday`, `:thursday`, `:friday`, `:saturday`
## wsus-client::update
This recipe performs a synchronous detection and install of available Windows updates.
### Attributes
The following attributes are used to configure the `wsus-client::update` recipe, accessible via `node['wsus_client'][attribute]`.
Attribute | Description | Type | Default
---------------|----------------------------------------------------------------------|--------|--------
update_timeout | The maximum amount of time the synchronous update is allowed to run. | FixNum | `7200`
> **Note:** mixlib-shellout < 2.0.1 does not terminating the process after the allowed timeout. Chef 12.0.4 includes the new version.
Contributing
------------
1. Fork the [repository on Github][repository]
2. Create a named feature branch (like `add_component_x`)
3. Write your change
4. Write tests for your change (if applicable)
5. Run the tests, ensuring they all pass
6. Submit a Pull Request using Github
License and Authors
-------------------
Authors: [Baptiste Courtois][author] ()
```text
Copyright 2014-2015, Criteo.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Wsus-client CHANGELOG
This file is used to list changes made in each version of the wsus-client cookbook.
1.0.0 (2015-06-03)
- Workaround foodcritic false positive
- Rename attribute
disable_windows_update_acces
todisable_windows_update_access
- Explicitly set attribute value of
detection_frequency
to 22 hours - Force WU detection on configuration change
- Complete README.md
0.1.3 (2015-01-29)
- Fail chef run on guard failure
- Configure basic rake tasks and travis build
0.1.2 (2014-09-15)
- Fix update script guard condition
0.1.1 (2014-09-15)
- Add windows supports in metadata
0.1.0 (2014-08-27)
- Initial release of wsus-client
- Client recipes do nothing on non-windows platform
- Add client recipes that configures automatic updates and initiates download and install
Foodcritic Metric
1.0.0 passed this metric
1.0.0 passed this metric