Installs WSUS (Windows Server Update Services) and configure approved updates.
This cookbook requires Chef 11.12.0+ because it leverages the guard_interpreter
feature for powershell scripts.
- Windows Server 2008 (R1, R2)
- Windows Server 2012 (R1, R2)
The following cookbooks are required as noted:
- windows (
wsus-server::install
leverages windows_package and windows_feature LWRPs)
Place an explicit dependency on this cookbook (using depends in the cookbook's metadata.rb) from any cookbook where you would like to use the Wsus-Server-specific resources/providers that ship with this cookbook.
depends 'wsus-server'
Then include the recipes you want, or use one the LWRP provided.
Resource provider for configuring WSUS server global settings, for example specify a proxy server if necessary, the update languages to download, and whether the updates are stored locally. This is a mapping of the IUpdateServerConfiguration interface.
Attribute | Description | Type |
---|---|---|
name | Name of the resource | String |
endpoint | Url of the server to configure | String, URI |
master_server | Url of the upstream server | String, URI |
proxy_password | Password to access the proxy server | String |
properties | Hash to configure all IUpdateServerConfiguration writeable properties | Hash |
update_languages | Update languages to download | Array |
Resource provider for configuring WSUS notifications and e-mail settings, such as user account and e-mail server. This is a mapping of the IEmailNotificationConfiguration interface.
Attribute | Description | Type |
---|---|---|
name | Name of the resource | String |
endpoint | Url of the server to configure | String, URI |
enable_sync_notification | Whether update alerts should be sent | TrueClass, FalseClass |
enable_smtp_authentication | Whether the SMTP server requires authentication | TrueClass, FalseClass |
enable_status_notification | Whether new update status summaries are to be sent | TrueClass, FalseClass |
language | Language used in the e-mail | String |
properties | Hash to configure all IEmailNotificationConfiguration writeable properties | Hash |
sender_address | E-mail address of the sender | String |
sender_name | Display name of the e-mail sender | String |
smtp_host | Password of the e-mail sender | String |
smtp_password | Name of the SMTP server | String |
smtp_port | SMTP port number | FixNum |
smtp_user | Username of the e-mail sender | String |
status_notification_frequency | Frequency with which e-mail notifications should be sent | String |
status_notification_time | Time of the day e-mail notifications should be sent | String |
Resource provider for configuring WSUS synchronization settings. This is a mapping of the ISubscription interface.
Attribute | Description | Type |
---|---|---|
name | Name of the resource | String |
endpoint | Url of the server to configure | String, URI |
automatic_synchronization | Whether to automatically synchronizes updates | TrueClass, FalseClass |
categories | Categories of updates that WSUS synchronizes | Array |
classifications | Classifications of updates that WSUS synchronizes | Array |
properties | Hash to configure all ISubscription writeable properties | Hash |
synchronization_per_day | Number of server-to-server synchronizations a day | FixNum |
synchronization_time | Time of day to automatically synchronize updates | String |
synchronize_categories | Whether to only synchronize categories not updates | TrueClass, FalseClass |
configure_timeout | Timeout in seconds for subscription configuration | FixNum |
All recipes described below are configurable via attributes, as described in the previous section.
This is the main recipe to configure WSUS servers. It configures the service itself - upstream server, listening port, etc. - but also subscriptions and notifications
The following attributes are used to configure the wsus-server::configure
recipe.
Accessible via node['wsus_server']['configuration']
.
Attribute | Description | Type | Default |
---|---|---|---|
proxy_password | Password to use when accessing the proxy server | String | nil |
update_languages | Enables update for the specified list of languages | Array | ['en'] |
master_server | Defines the upstream server and set the current server as its replica | String, URI | nil |
properties | Hash to configure all IUpdateServerConfiguration writeable properties | Hash | { 'TargetingMode' => 'Client' } |
Accessible via node['wsus_server']['notification']
.
Attribute | Description | Type | Default |
---|---|---|---|
enable_sync_notification | Whether new update alerts should be sent | TrueClass, FalseClass | false |
enable_smtp_authentication | Whether the SMTP server requires authentication | TrueClass, FalseClass | false |
enable_status_notification | Whether the new update status summaries should be send | TrueClass, FalseClass | false |
language | Language used to send notification e-mails | String | en |
properties | Hash to configure all ISubscription writeable properties | Hash | {} |
sender_address | E-mail address of the notification sender | String | nil |
sender_name | Display name of the notification sender | String | nil |
smtp_host | Hostname of the SMTP server used by notifications | String | nil |
smtp_password | Time of day when WSUS synchronize updates and categories | String | nil |
smtp_port | port of the SMTP server used for notifications | FixNum | 25 |
smtp_user | Username of the notification sender | String | nil |
status_notification_frequency | E-mail notification frequency (Daily or Weekly ) |
String | Daily |
status_notification_time | Time of the day e-mail notifications should be sent | String | 00:00:00 |
Accessible via node['wsus_server']['subscription']
.
Attribute | Description | Type | Default |
---|---|---|---|
automatic_synchronization | Controls automatic updates synchronization | TrueClass, FalseClass | true |
categories | List of update categories to synchronize (ID or Title) | Array | [] |
classifications | List of update classifications to synchronize (ID or Title) | Array | [] |
properties | Hash to configure all ISubscription writeable properties | Hash | {} |
synchronization_per_day | Number of server-to-server synchronizations a day | FixNum | 12 |
synchronization_time | Time of day when WSUS synchronize updates and categories | String | 00:00:00 |
synchronize_categories | Synchronizes categories before configuring other settings | TrueClass, FalseClass | true |
configure_timeout | Timeout in seconds for subscription configuration | FixNum | 900 |
Convenience recipe that installs and configures latest WSUS then synchronizes updates.
It basicly includes wsus-server::install
and wsus-server::synchronize
Convenience recipe that tries to create a new Computer target group then approves all available updates for this specific group.
Accessible via node['wsus_server']['freeze']
.
Attribute | Description | Type | Default |
---|---|---|---|
name | Name of the frozen update list (computer group) to create | String | nil |
This recipe can be included in a node's run_list to installs the latest available Windows Server Update Services.
On Windows Server 2008 and 2008R2 it leverages the windows_package
LWRP to installs WSUS 3.0 SP2
On Windows Server 2012 and 2012R2 it leverages the windows_feature
LWRP to enable WSUS 4.0.
In order to setup WSUS services properly it also enables some IIS components.
Accessible via node['wsus_server']['setup']
Attribute | Description | Type | Default |
---|---|---|---|
content_dir | Directory to store localy WSUS content | String | nil |
sqlinstance_name | Local or remote SQL instance for WSUS configuration | String | nil |
Accessible via node['wsus_server']['setup']
Attribute | Description | Type | Default |
---|---|---|---|
enable_inventory | Enables the inventory feature | TrueClass, FalseClass | false |
frontend_setup | Whether WSUS should be setup as an additional frontend server | TrueClass, FalseClass | false |
join_improvement_program | Joins the Microsoft Update Improvement Program | TrueClass, FalseClass | false |
use_default_website | Whether WSUS should be set as default website - port 80 instead of 8530 | TrueClass, FalseClass | false |
wyukon_data_dir | Path to windows internal database data directory | String | nil |
Accessible via node['wsus_server']['package']
Attribute | Description | Type | Default |
---|---|---|---|
name | Name of the windows package | String | Microsoft Server Update Services 3.0 SP2 |
source | Source of the windows package | String | depends of the architecture |
checksum | Checksum of the windows package | String | depends of the architecture |
options | Options to use when installing the windows package | String | /q |
Install reporting viewer 2008 SP1 to enable wsus reports.
Accessible via node['wsus_server']['report_viewer']
.
Attribute | Description | Type | Default |
---|---|---|---|
name | Name of the windows package | String | Microsoft Report Viewer Redistributable 2008 SP1 |
source | Source of the windows package | String | http://download.microsoft.com/.../ReportViewer.exe |
checksum | Checksum of the windows package | String | 1a0e41b1d82125ae214d3...f287290874ca2874b78f86a9 |
options | Options to use when installing the windows package | String | /q |
This recipe performs a synchronous update of the update catalog, according to the configured subscriptions.
Accessible via node['wsus_server']['synchronize']
.
Attribute | Description | Type | Default |
---|---|---|---|
timeout | Synchronization timeout in minutes (zero or negative value for asynchronous synchronization) |
FixNum | 60 |
- Fork the repository on Github
- Create a named feature branch (like
add_component_x
) - Write your change
- Write tests for your change (if applicable)
- Run the tests, ensuring they all pass
- Submit a Pull Request using Github
Authors: Baptiste Courtois ([email protected])
Copyright 2014, Criteo.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.