This is a Packer plugin for installing Windows updates (akin to rgl/vagrant-windows-update).
NB This was only tested with Packer 1.11.2 and the images at rgl/windows-vagrant, so YMMV.
Configure your packer template to require a release version of the plugin, e.g.:
packer {
required_plugins {
windows-update = {
version = "0.16.8"
source = "github.com/rgl/windows-update"
}
}
}
Initialize your packer template (it will install the plugin):
packer init your-template.pkr.hcl
Use this provisioner plugin from your packer template file, e.g. like in rgl/windows-vagrant:
build {
provisioner "windows-update" {
}
}
Note, the plugin automatically restarts the machine after Windows Updates are applied. The reboots occur similar to the windows-restart provisioner built into packer where packer is aware that a shutdown is in progress.
You can select which Windows Updates are installed by defining the search criteria, a set of filters, and how many updates are installed at a time.
Normally you would use one of the following settings:
Name | search_criteria |
filters |
---|---|---|
Important | AutoSelectOnWebSites=1 and IsInstalled=0 |
$true |
Recommended | BrowseOnly=0 and IsInstalled=0 |
$true |
All | IsInstalled=0 |
$true |
Optional Only | AutoSelectOnWebSites=0 and IsInstalled=0 |
$_.BrowseOnly |
NB Recommended
is the default setting.
But you can customize them, e.g.:
build {
provisioner "windows-update" {
search_criteria = "IsInstalled=0"
filters = [
"exclude:$_.Title -like '*Preview*'",
"include:$true",
]
update_limit = 25
}
}
NB For more information about the search criteria see the IUpdateSearcher::Search method documentation and the xWindowsUpdateAgent DSC resource source.
NB If the update_limit
attribute is not declared, it defaults to 1000
.
The general filter syntax is:
ACTION:EXPRESSION
ACTION
is a string that can have one of the following values:
action | description |
---|---|
include |
includes the update when the expression evaluates to $true |
exclude |
excludes the update when the expression evaluates to $true |
NB If no ACTION
evaluates to $true
the update will NOT be installed.
EXPRESSION
is a PowerShell expression. When it returns $true
, the
ACTION
is executed and no further filters are evaluated.
Inside an expression, the Windows Update IUpdate interface can be referenced by the $_
variable.
Build:
make
Install the rgl/windows-vagrant vagrant box.
Test with QEMU:
make test