Could you have a 'canary' group that you apply the updates to and get timings for that, before rolling out to your other hosts?
How would powershell on linux help? On Wednesday, September 7, 2016 at 8:07:29 AM UTC+1, Mike Fennemore wrote: > > Hi Matt, > > Thanks for the quick reply. Well in our scenario we 100+ servers we're > loking at patching using the simple combo of WSUS and Ansible. Our policies > set the servers to download the updates from WSUS prior to us doing the > Ansible side. This way the updates are literally waiting to be installed > when we run our playbook. The issue seems to be that although the playbook > works it takes longer than if I manually logon to each server and run > updates. Given that we have a set windows for updates not being able to > tell how long or even estimate with the automation makes it difficult to > put forward the playbook as a solution. Is there anything going forward > with regards to possible integration of Powershell on linux for the windows > modules? > > On Wednesday, September 7, 2016 at 2:09:50 AM UTC+2, Matt Davis wrote: >> >> Ansible isn't doing anything magic around Windows Updates (other than >> synchronous application)- we're just using the Windows Update client API, >> so it should take about the same amount of time via Ansible as it would to >> do it interactively. If you're doing something like booting a 2008R2 RTM >> image and hitting it with win_updates, it may possibly take hours and >> numerous reboots... >> >> Running from a local WSUS server instead of public Windows Update servers >> can shave a HUGE amount of time off the process as well- public WU servers >> have extremely variable performance. In my testing when building >> win_updates, during peak times, just doing an update check on a >> fully-patched host against public WU could take upwards of 10min, where >> using WSUS would be 15-30sec. >> >> Do you have any other specific asks about win_updates around perf >> (besides "make it faster", as we're pretty much at Microsoft's mercy on >> that one)? The only one we've gotten a few times (that I'll probably try to >> do something about in 2.3) is to allow idempotent application of a list of >> specific updates (eg, emergency vulnerability mitigation). >> >> -Matt >> >> >> On Tuesday, September 6, 2016 at 7:32:14 AM UTC-7, Mike Fennemore wrote: >>> >>> Ansible has the functionality to be used for configuration management >>> but it seems the win_update module takes a considerable amount of time to >>> run. >>> Are there plans to improve the performance of the module? I would >>> ideally like to be able to use it to force immediate installation of >>> updates across servers or stagger them. >>> >> -- You received this message because you are subscribed to the Google Groups "Ansible Project" group. To unsubscribe from this group and stop receiving emails from it, send an email to ansible-project+unsubscr...@googlegroups.com. To post to this group, send email to ansible-project@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/ansible-project/75c9d35f-d2c5-4d42-9982-6c5ffdac3ee4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
