I’m working on a project to perform windows patching across a large pool of 450 Windows build agents. The build agents need to be patched monthly. Once a month, each agent needs to be offlined as a build agent, patched using bigfix, reboot - and then brought back online as a build agent. I have written a series of python scripts launched from ansible to do this - and it works pretty well but is not optimal.
Currently, the project works against 5 build agents at a time to reduce the impact associated with greatly reducing build resources at any given time. To do this, I utilize the serial: 5 option on my playbook plays - which works to limit the patching to 5 agents at a time. However, all agents must be complete before ansible moves on to the next group of 5 agents. Some of our build agents get involved with activities that can take as long as 8 hours to offline, but much more often they take less than 20 minutes. Since all 5 agents must be finished prior to the play continuing on to the next set of agents, this greatly increases the length of time to apply these patches. I can’t move on unless the blocking 8 hour agent is finished!
What I would like is to be able to specify 5 agents “at a time,” meaning that, when one of the 5 agents finishes with the patching play, it will automatically start the play against another agent - always keeping the maximum number of agents getting patched at any give time to be 5. That way, if one agent is blocked for 8 hours, the remaining 4 slots can be used to cycle through the remaining build agents - and so on.
Is there some combination of the serial/forks options that would provide me this kind of capability - or am I asking for a new feature enhancement?
