cookbook 'wsus-server', '= 1.0.2'
wsus-server (15) Versions 1.0.2 Follow10
Installs wsus server
cookbook 'wsus-server', '= 1.0.2', :supermarket
knife supermarket install wsus-server
knife supermarket download wsus-server
Wsus-server Cookbook
Installs WSUS (Windows Server Update Services) and configure approved updates.
Requirements
This cookbook requires Chef 11.12.0+ because it leverages the guard_interpreter
feature for powershell scripts.
Platforms
- Windows Server 2008 (R1, R2)
- Windows Server 2012 (R1, R2)
Cookbooks
The following cookbooks are required as noted:
-
windows (
wsus-server::install
leverages windows_package and windows_feature LWRPs)
Usage
Place an explicit dependency on this cookbook (using depends in the cookbook's metadata.rb) from any cookbook where you would like to use the Wsus-Server-specific resources/providers that ship with this cookbook.
depends 'wsus-server'
Then include the recipes you want, or use one the LWRP provided.
Providers & Resources
wsus_server_configuration
Resource provider for configuring WSUS server global settings, for example specify a proxy server if necessary, the update languages to download, and whether the updates are stored locally.
This is a mapping of the IUpdateServerConfiguration interface.
Attributes
Attribute | Description | Type |
---|---|---|
name | Name of the resource | String |
endpoint | Url of the server to configure | String, URI |
master_server | Url of the upstream server | String, URI |
proxy_password | Password to access the proxy server | String |
properties | Hash to configure all IUpdateServerConfiguration writeable properties | Hash |
update_languages | Update languages to download | Array |
wsus_server_notification
Resource provider for configuring WSUS notifications and e-mail settings, such as user account and e-mail server.
This is a mapping of the IEmailNotificationConfiguration interface.
Attributes
Attribute | Description | Type |
---|---|---|
name | Name of the resource | String |
endpoint | Url of the server to configure | String, URI |
enable_sync_notification | Whether update alerts should be sent | TrueClass, FalseClass |
enable_smtp_authentication | Whether the SMTP server requires authentication | TrueClass, FalseClass |
enable_status_notification | Whether new update status summaries are to be sent | TrueClass, FalseClass |
language | Language used in the e-mail | String |
properties | Hash to configure all IEmailNotificationConfiguration writeable properties | Hash |
sender_address | E-mail address of the sender | String |
sender_name | Display name of the e-mail sender | String |
smtp_host | Password of the e-mail sender | String |
smtp_password | Name of the SMTP server | String |
smtp_port | SMTP port number | FixNum |
smtp_user | Username of the e-mail sender | String |
status_notification_frequency | Frequency with which e-mail notifications should be sent | String |
status_notification_time | Time of the day e-mail notifications should be sent | String |
wsus_server_subscription
Resource provider for configuring WSUS synchronization settings.
This is a mapping of the ISubscription interface.
Attributes
Attribute | Description | Type |
---|---|---|
name | Name of the resource | String |
endpoint | Url of the server to configure | String, URI |
automatic_synchronization | Whether to automatically synchronizes updates | TrueClass, FalseClass |
categories | Categories of updates that WSUS synchronizes | Array |
classifications | Classifications of updates that WSUS synchronizes | Array |
properties | Hash to configure all ISubscription writeable properties | Hash |
synchronization_per_day | Number of server-to-server synchronizations a day | FixNum |
synchronization_time | Time of day to automatically synchronize updates | String |
synchronize_categories | Whether to only synchronize categories not updates | TrueClass, FalseClass |
Recipes
All recipes described below are configurable via attributes, as described in the previous section.
wsus-server::configure
This is the main recipe to configure WSUS servers.
It configures the service itself - upstream server, listening port, etc. - but also subscriptions and notifications
Attributes
The following attributes are used to configure the wsus-server::configure
recipe.
WSUS global settings
Accessible via node['wsus_server']['configuration']
.
Attribute | Description | Type | Default |
---|---|---|---|
proxy_password | Password to use when accessing the proxy server | String | nil |
update_languages | Enables update for the specified list of languages | Array | ['en'] |
master_server | Defines the upstream server and set the current server as its replica | String, URI | nil |
properties | Hash to configure all IUpdateServerConfiguration writeable properties | Hash | { 'TargetingMode' => 'Client' } |
WSUS notification settings
Accessible via node['wsus_server']['notification']
.
Attribute | Description | Type | Default |
---|---|---|---|
enable_sync_notification | Whether new update alerts should be sent | TrueClass, FalseClass | false |
enable_smtp_authentication | Whether the SMTP server requires authentication | TrueClass, FalseClass | false |
enable_status_notification | Whether the new update status summaries should be send | TrueClass, FalseClass | false |
language | Language used to send notification e-mails | String | en |
properties | Hash to configure all ISubscription writeable properties | Hash | {} |
sender_address | E-mail address of the notification sender | String | nil |
sender_name | Display name of the notification sender | String | nil |
smtp_host | Hostname of the SMTP server used by notifications | String | nil |
smtp_password | Time of day when WSUS synchronize updates and categories | String | nil |
smtp_port | port of the SMTP server used for notifications | FixNum | 25 |
smtp_user | Username of the notification sender | String | nil |
status_notification_frequency | E-mail notification frequency (Daily or Weekly ) |
String | Daily |
status_notification_time | Time of the day e-mail notifications should be sent | String | 00:00:00 |
WSUS synchronization settings
Accessible via node['wsus_server']['subscription']
.
Attribute | Description | Type | Default |
---|---|---|---|
automatic_synchronization | Controls automatic updates synchronization | TrueClass, FalseClass | true |
categories | List of update categories to synchronize (ID or Title) | Array | [] |
classifications | List of update classifications to synchronize (ID or Title) | Array | [] |
properties | Hash to configure all ISubscription writeable properties | Hash | {} |
synchronization_per_day | Number of server-to-server synchronizations a day | FixNum | 12 |
synchronization_time | Time of day when WSUS synchronize updates and categories | String | 00:00:00 |
synchronization_categories | Synchronizes category before configuring other settings | TrueClass, FalseClass | true |
wsus-server::default
Convenience recipe that installs and configures latest WSUS then synchronizes updates.
It basicly includes wsus-server::install
and wsus-server::synchronize
wsus-server::freeze
Convenience recipe that tries to create a new Computer target group then approves all available updates for this specific group.
Attributes
Accessible via node['wsus_server']['freeze']
.
Attribute | Description | Type | Default |
---|---|---|---|
name | Name of the frozen update list (computer group) to create | String | nil |
default['wsus_server']['freeze']['name'] = nil
wsus-server::install
This recipe can be included in a node's run_list to installs the latest available Windows Server Update Services.
On Windows Server 2008 and 2008R2 it leverages the windows_package
LWRP to installs WSUS 3.0 SP2
On Windows Server 2012 and 2012R2 it leverages the windows_feature
LWRP to enable WSUS 4.0.
In order to setup WSUS services properly it also enables some IIS components.
Attributes
Accessible via node['wsus_server']['setup']
Attribute | Description | Type | Default |
---|---|---|---|
content_dir | Directory to store localy WSUS content | String | nil |
sqlinstance_name | Local or remote SQL instance for WSUS configuration | String | nil |
More Setup attributes for Windows Server 2008R2 and earlier
Accessible via node['wsus_server']['setup']
Attribute | Description | Type | Default |
---|---|---|---|
enable_inventory | Enables the inventory feature | TrueClass, FalseClass | false |
frontend_setup | Whether WSUS should be setup as an additional (frontend server](http://technet.microsoft.com/en-us/library/dd939896.aspx) | TrueClass, FalseClass | false |
join_improvement_program | Joins the Microsoft Update Improvement Program | TrueClass, FalseClass | false |
use_default_website | Whether WSUS should be set as default website - port 80 instead of 8530 | TrueClass, FalseClass | false |
wyukon_data_dir | Path to windows internal database data directory | String | nil |
Package attributes for Windows Server 2008R2 and earlier
Accessible via node['wsus_server']['package']
Attribute | Description | Type | Default |
---|---|---|---|
name | Name of the windows package | String | Microsoft Server Update Services 3.0 SP2 |
source | Source of the windows package | String | depends of the architecture |
checksum | Checksum of the windows package | String | depends of the architecture |
options | Options to use when installing the windows package | String | /q |
wsus-server::report_viewer
Install reporting viewer 2008 SP1 to enable wsus reports.
Attributes
Accessible via node['wsus_server']['report_viewer']
.
Attribute | Description | Type | Default |
---|---|---|---|
name | Name of the windows package | String | Microsoft Report Viewer Redistributable 2008 SP1 |
source | Source of the windows package | String | http://download.microsoft.com/.../ReportViewer.exe |
checksum | Checksum of the windows package | String | 1a0e41b1d82125ae214d3...f287290874ca2874b78f86a9 |
options | Options to use when installing the windows package | String | /q |
wsus-server::synchronize
This recipe performs a synchronous update of the update catalog, according to the configured subscriptions.
Attributes
Accessible via node['wsus_server']['synchronize']
.
Attribute | Description | Type | Default |
---|---|---|---|
timeout | Synchronization timeout in minutes<br/>(zero or negative value for asynchronous synchronization) | FixNum | 60 |
Contributing
- Fork the repository on Github
- Create a named feature branch (like
add_component_x
) - Write your change
- Write tests for your change (if applicable)
- Run the tests, ensuring they all pass
- Submit a Pull Request using Github
License and Authors
Authors: Baptiste Courtois (b.courtois@criteo.com)
Copyright 2014, Criteo. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Dependent cookbooks
windows >= 0.0.0 |
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Wsus-server CHANGELOG
This file is used to list changes made in each version of the wsus-server cookbook.
1.0.2 (2014-04-30)
- PR 6 - Fix bugs in freeze recipe
1.0.1 (2014-02-26)
- PR 5 - Fix property hash initialization
1.0.0 (2014-02-24)
- Supports Windows Server 2012 properly
- Fix powershell execution on x64 node
- Remove dependency on iis and powershell cookbooks
- Depends on Chef 11.12.0+
- Add Chefspec tests and proper documentation
0.1.0 (2014-08-27)
- Initial release of wsus-server
- Server recipes do nothing on non-windows platform
- Add recipe to install Microsoft Report Viewer Redistributable 2008 SP1 (WSUS prerequist)
- Add server recipe that install WSUS 3.0 SP2
- Add new recipe server_configuration to configure WSUS and its notification and subscription settings.
- Add new LWRP wsus_server to configure WSUS main settings.
- Add new LWRP wsus_subscription to configure WSUS update subscription.
- Add new LWRP wsus_notification to configure WSUS e-mail notification.
Foodcritic Metric
1.0.2 passed this metric
1.0.2 passed this metric