Azure Stack 中心耐用网络配置生命周期管理Azure Stack Hub ruggedized network configuration lifecycle management

本主题介绍网络配置的生命周期管理。This topic covers lifecycle management for network configuration.

更新配置Update configuration

一种在字段中更新交换机配置的方法。A methodology for updating switch configurations in the field. 这适用于所有类型的配置更新。This applies to all and any type of configuration updates. 由于许多未知变量超出我们的控制范围(例如客户或 OEM 应用的手动配置),因此这将是一个多步手动过程。Due to many unknown variables outside of our control, like manual configurations applied by customers or by the OEM this will be a multi-step manual process. 目前无法保证正常运行时间,因此应在维护时段内执行更新。At this time there is no guarantee of uptime and updates should be performed during a maintenance window.

# 1- 备份 tor1、tor2 和 BMC 交换机的当前配置文件。#1 - Make a backup of the current configuration files for tor1, tor2 and BMC switches. 在交换机中复制这些文件。Copy these files off the switch.

#2 - 记下现有配置的工具包生成号。#2 - Make a note of the toolkit build number of the existing configuration. 所有配置都应在 motd 横幅中包含此项。All configurations should have this in the motd banner. 搜索“BUILDNUMBER”Do a search for "BUILDNUMBER"

#3 - 使用步骤 #2 中的相同工具包版本重新生成初始配置。#3 - Regenerate the initial configurations using the same toolkit version from step #2.

#4- 将步骤 #3 中的配置加载到各自的交换机。#4 - Load the configurations from step #3 onto their respective switches. 这样做的目的是通过交换机清洗我们的工具生成的配置来获得基线。The point of this is to wash the config generated by our tools through a switch to get a baseline. 这可以由 OEM 在单独的硬件上(如 OEM 实验室中)或客户现场执行。This could be performed by the OEM on separate hardware, like in the OEM’s lab, or onsite with the customer.

#5 - 对步骤 #4 中的配置文件进行备份,并将其复制到远程位置#5 - Make a backup of the config file from step #4 and copy it to a remote location

#6 - 使用所选的差异工具,比较步骤 #1 中当前配置的备份与步骤 #5 中基线配置的备份。#6 - Using to the diff tool of your choice compare the backup of the current config from step #1 to the backup of the baseline configuration from step #5. 记录/复制每个设备应转移到已升级的交换机配置的所有差异内容。Make a note/copy of all the differences that should be carried over to the upgraded switch configuration per device.

- #7 - 运行新的工具包,它将生成更新的交换机配置。#7 - Run the new toolkit that will generate the updated switch configurations.

#8 - 将步骤 6 中的差异合并到新的交换机配置中。#8 - Merge the differences from step 6 into the new switch configurations.

#9 - 将新配置加载到相应的交换机上,并运行工具的输出目录中提供的后验证命令。#9 - Load the new configurations onto the respective switches and run the post validation commands provided in the output directory from our tooling.

#10 - 保存配置。#10 - Save the configurations.


可以使用特权终结点 (PEP) 来更新 Azure Stack 中的时间服务器。You can use the privileged endpoint (PEP) to update the time server in Azure Stack. 使用一个可以解析成两个或多个 NTP 服务器 IP 地址的主机名。Use a host name that resolves to two or more NTP server IP addresses.

Azure Stack 使用网络时间协议 (NTP) 连接到 Internet 上的时间服务器。Azure Stack uses the Network Time Protocol (NTP) to connect to time servers on the Internet. NTP 服务器提供准确的系统时间。NTP servers provide accurate system time. Azure Stack 的物理网络交换机、硬件生命周期主机、基础结构服务和虚拟机都使用时间。Time is used across Azure Stack's physical network switches, hardware lifecycle host, infrastructure service, and virtual machines. 如果时钟未同步,Azure Stack 可能会遇到严重的网络和身份验证问题。If the clock isn't synchronized, Azure Stack may experience severe issues with the network and authentication. 在创建日志文件、文档和其他文件时,时间戳可能会不正确。Log files, documents, and other files may be created with incorrect timestamps.

必须提供一个时间服务器 (NTP),这样 Azure Stack 才能同步时间。Providing one time server (NTP) is required for Azure Stack to synchronize time. 部署 Azure Stack 时,请提供 NTP 服务器的地址。When you deploy Azure Stack, you provide the address of an NTP server. 时间是重要的数据中心基础结构服务。Time is a critical datacenter infrastructure service. 如果服务更改,则需更新时间。If the service changes, you will need to update the time.

Azure Stack 支持只与一个时间服务器 (NTP) 同步时间。Azure Stack supports synchronizing time with only one time server (NTP). 不能提供多个 NTP 供 Azure Stack 与其同步时间。You cannot provide multiple NTPs for Azure Stack to synchronize time with. 建议设置可解析为多个 NTP 服务器的 DNS 条目。It is recommended to setup DNS entry that resolves to multiple NTP servers.

在部署后更新 NTPUpdate NTP post deployment

  1. 连接到特权终结点 (PEP)。Connect to the privileged endpoint (PEP). 无需开具支持票证即可解锁特权终结点。You don't need to open a support ticket to unlock the privileged endpoint. |

  2. 运行以下命令即可查看当前的已配置 NTP 服务器:Run the following command to review the current configured NTP server:

  3. 运行以下命令,将 Azure Stack 更新为使用新的 NTP 服务器并立即同步时间:Run the following command to update Azure Stack to use the new NTP Server and to immediately synchronize the time:

    Set-AzsTimeSource -Timeserver NEWTIMESERVER -resync


    此过程不会更新物理交换机上的时间服务器。This procedure doesn’t update the time server on the physical switches.


在 Azure Stack 中更新 DNS 转发器Update the DNS forwarder in Azure Stack

Azure Stack 基础结构至少需要一个可访问的 DNS 转发器来解析外部名称。At least one reachable DNS forwarder is necessary for the Azure Stack infrastructure to resolve external names. 必须提供 DNS 转发器才能部署 Azure Stack。A DNS forwarder must be provided for the deployment of Azure Stack. 该输入在 Azure Stack 内部 DNS 服务器中用作转发器,并为身份验证、市场管理或使用情况等服务启用外部名称解析。That input is used for the Azure Stack internal DNS servers as forwarder, and enables external name resolution for services like authentication, marketplace management, or usage.

DNS 是一项可更改的关键数据中心基础结构服务,如果 DNS 更改,则必须更新 Azure Stack。DNS is a critical datacenter infrastructure service that can change, and if it does, Azure Stack must be updated.

本文介绍如何使用特权终结点 (PEP) 在 Azure Stack 中更新 DNS 转发器。This article describes using the privileged endpoint (PEP) to update the DNS forwarder in Azure Stack. 建议使用两个可靠的 DNS 转发器 IP 地址。It is recommended that you use two reliable DNS forwarder IP addresses.

  1. 连接到特权终结点 (PEP)。Connect to the privileged endpoint (PEP). 无需开具支持票证即可解锁特权终结点。You don't need to open a support ticket to unlock the privileged endpoint.

  2. 运行以下命令,查看当前配置的 DNS 转发器。Run the following command to review the current configured DNS forwarder. 或者,也可以使用管理门户区域属性:As an alternative, you can also use the admin portal region properties:

  3. 运行以下命令更新 Azure Stack,以使用新的 DNS 转发器:Run the following command to update Azure Stack to use the new DNS forwarder:

    Set-AzsDnsForwarder -IPAddress "IPAddress 1", "IPAddress 2" 
  4. 请查看命令输出中是否有错误。Review the output of the command for any errors.