Configuration lifecycle management
This article covers network configuration lifecycle management for Azure Modular Datacenter.
This methodology for updating switch configurations in the field applies to all and any type of configuration updates. Because of many unknown variables outside of our control, like manual configurations applied by customers or by the OEM, this manual process has multiple steps. At this time, there's no guarantee of uptime. Updates should be performed during a maintenance window.
Make a backup of the current configuration files for edge1, edge2, tor1, tor2, and BMC switches. Copy these files off the switch.
Make a note of the toolkit build number of the existing configuration. All configurations should have this number in the motd banner. Do a search for BUILDNUMBER.
Regenerate the initial configurations by using the same toolkit version from step 2.
Load the configurations from step 3 onto their respective switches. The point of this action is to wash the config generated by our tools through a switch to get a baseline. This action could be performed by the OEM on separate hardware, like in the OEM's lab, or onsite with the customer.
Make a backup of the config file from step 4. Copy it to a remote location.
Using the diff tool of your choice, compare the backup of the current config from step 1 to the backup of the baseline configuration from step 5. Make a note or copy of all the differences that should be carried over to the upgraded switch configuration per device.
Run the new toolkit that will generate the updated switch configurations.
Merge the differences from step 6 into the new switch configurations.
Load the new configurations onto the respective switches. Run the post-validation commands provided in the output directory from our tooling.
Save the configurations.
You can use the privileged endpoint (PEP) to update the time server in Azure Stack. Use a host name that resolves to two or more Network Time Protocol (NTP) server IP addresses.
Azure Stack uses the NTP to connect to time servers on the internet. NTP servers provide accurate system time. Time is used across Azure Stack's physical network switches, hardware lifecycle host, infrastructure service, and virtual machines. If the clock isn't synchronized, Azure Stack might experience severe issues with the network and authentication. Log files, documents, and other files might be created with incorrect timestamps.
Providing one time server (NTP) is required for Azure Stack to synchronize time. When you deploy Azure Stack, you provide the address of an NTP server. Time is a critical datacenter infrastructure service. If the service changes, you'll need to update the time.
Azure Stack supports synchronizing time with only one time server (NTP). You can't provide multiple NTPs for Azure Stack to synchronize time with. We recommend you set up Domain Name System (DNS) entry that resolves to multiple NTP servers.
Update NTP post deployment
Connect to the PEP. You don't need to open a support ticket to unlock it.
Run the following command to review the current configured NTP server.
Run the following command to update Azure Stack to use the new NTP server and to immediately synchronize the time.
Set-AzsTimeSource -Timeserver NEWTIMESERVER -resync
This procedure doesn't update the time server on the physical switches.
This section covers how to update DNS forwarders to resolve external names.
Update the DNS forwarder in Azure Stack
At least one reachable DNS forwarder is necessary for the Azure Stack infrastructure to resolve external names. A DNS forwarder must be provided for the deployment of Azure Stack. That input is used for the Azure Stack internal DNS servers as forwarder and enables external name resolution for services like authentication, marketplace management, or usage.
DNS is a critical datacenter infrastructure service that can change. If it does change, Azure Stack must be updated.
This article describes using the PEP to update the DNS forwarder in Azure Stack. We recommend that you use two reliable DNS forwarder IP addresses.
Connect to the PEP. It isn't necessary to unlock the PEP by opening a support ticket.
Run the following command to review the current configured DNS forwarder. As an alternative, you can also use the admin portal region properties.
Run the following command to update Azure Stack to use the new DNS forwarder.
Set-AzsDnsForwarder -IPAddress "IPAddress 1", "IPAddress 2"
Review the output of the command for any errors.