Cluster aware updating v1.0

Preview:

DESCRIPTION

Hyper-V.nu event 16-04-2013 - Cluster Aware Updating by Maarten Wijsman

Citation preview

#hypervnu

Cluster-Aware Updating

Maarten Wijsman

Wortell | maarten.wijsman@wortell.nl | www.hyper-v.nu | @myhyper & @hypervnu

about the speaker

• Engineer @ Wortell• Focus on:• System Center Virtual Machine Manager • System Center AppController• Server virtualization

• Blog: www.hyper-v.nu | blogs.wortell.nl• Twitter: @myhyperv | @hypervnu• Mail: maarten.wijsman@wortell.nl

Cluster Aware Updating (CAU)Update orchestration across all nodes in a cluster• Windows Server 2012 only & available in the box• No intended to reinvent Windows Updating & Patching• Ability to preview, apply & reports on updates for a cluster

Two modes: Self-updating & Remote-updating• Workload reduction through increased automation > Self-updating• Needed where closer administrator attention is preferred or warranted > Remote-updating

Extensible • Integrate with your patching tools with plug-ins (API)• Two inbox plug-ins: Windows Update & hotfix plug-in• Per-node pre-update and post-update scripts

Where to put CAU?

Windows Update Services

CAU ships with two plug-ins

1. Windows Update Plug-in• Installs GDRs* => From Windows Update Or WSUS

2. Hotfix Plug-in • Installs QFEs** from a SMB 3.0 file share

• 3rd party updates such as BIOS & Firmware Updates from a SMB 3.0 File Share*GDR = General Distribution Release | **QFE = Quick Fix Engineering (nickname for hotfix)

Plug-ins & Supported Update Types

Windows Server 2012 Hyper-V clusters | nodes 1 - 64

Windows Server 2012 File Server (SMB 3.0) Dedicated WSUS server

Microsoft Update Services

You, Cluster Admin (RSAT)

CAU overview

Windows Server 2012 Failover Cluster

Windows Server 2012 File Server (SMB 3.0) Dedicated WSUS server

Microsoft Update Services

You, Cluster Admin (RSAT)

Why not apply

updates on this cluster

1. Moves the clustered roles off the node being updated 2. Places the node being updated into maintenance mode 3. Installs the required updates 4. Performs a restart if necessary5. Brings the node out of maintenance mode 6. Restores the clustered roles on the node7. Proceeds to the next node to complete the same process

Cluster Aware Updating Process

Windows Server 2012 Failover Cluster

Windows Server 2012 File Server (SMB 3.0) Dedicated WSUS server

Microsoft Update Services

You, Cluster Admin (RSAT)

CAU UC

Self-Updating Mode

Windows Server 2012 Failover Cluster

Windows Server 2012 File Server (SMB 3.0) Dedicated WSUS server

Microsoft Update Services

You, Cluster Admin (RSAT)

Remote-Updating Mode

CAU UC

DEMO

DefaultHotfixConfig.xml

Hotfixes applicable to all nodes

CAU Hotfix Root Folder

CAUHotfix_All

MySwUpdateTypeSpecial software updates

Hotfixes applicable to < Node Name 1 >

< Node Name 1 >

MySwUpdateTypeSpecial software updates

Hotfixes applicable to < Node Name N >

< Node Name N >

MySwUpdateTypeSpecial software updates

Hotfixes Folder Structure & Security

<ExtensionRules><Extension name="MSI"><Extension name="MSU"><Extension name="MSP">

<FolderRules> <Folder name="MySwUpdateType" alwaysReboot="true">

“Hotfix” Support Internals

• Rich/extensible Hotfix installation– Microsoft QFEs, or third-party driver updates, or even Firmware/BIOS updates…

• Select hotfix behavior at start. Two key inputs:1. Root Folder: on an SMB File Share2. Configuration xml file: defines the Rules

\System32\WindowsPowerShell\v1.0\Modules\ClusterAwareUpdating\DefaultHotfixConfig.xml

• Configuration Rules are the key to flexibility– Easy to specify new Rules

» hotfix installer name, install options, reboot behavior, return values etc.

NTFS permissions CAUFile SHARE

• First you’ll need to do your home work as described in the TechNet article

• But that doesn’t quite cover it

• Adjust NTFS Permissions on the CAU Share– Give cluster node computer accounts (or an AD group containing them, which

makes for easier administration) Read/Execute permission to the location– If Not => they can’t run the DUPs.

NTFS permissions Log File

• DUPs allows logging with /L switch

• Locally (per node) or to central share

• Must use another share than the CAU Share:– Need to give the computer accounts (or an AD group containing them, which makes for easier

administration) write permission to the location– You’re not allowed to do that for other then specific accounts as described on TechNet

• The log can grow quite large if used a lot– Keep an eye on it– For clarities sake use different log per cluster or folder type

CAU Hotfix plug-in in action

LinksCluster-Aware Updating Overview • http://technet.microsoft.com/en-us/library/hh831694.aspx

Cluster-Aware Updating Cmdlets in Windows PowerShell • http://technet.microsoft.com/en-us/library/hh847221.aspx

Starting with Cluster-Aware Updating: Self-Updating• http://blogs.technet.com/b/filecab/archive/2012/05/17/starting-with-cluster-aware-updating-self-updating.aspx

Update Dell Servers with Microsoft Windows Server 2012 Cluster Aware Update by Integrating SUU/DUP• http://en.community.dell.com/techcenter/extras/m/white_papers/20217029.aspx

Troubleshoot CAU: Log Files for Cluster-Aware Updating• http://social.technet.microsoft.com/wiki/contents/articles/13414.troubleshoot-cau-log-files-for-cluster-aware-updating.aspx

#hypervnu

Questions & Answers

Many, many thanks to: