使用特权终结点监视 Azure Stack Hub 中的更新Monitor updates in Azure Stack Hub using the privileged endpoint

可以使用特权终结点来监视 Azure Stack Hub 更新运行的进度。You can use the privileged endpoint to monitor the progress of an Azure Stack Hub update run. 也可以使用特权终结点在 Azure Stack Hub 门户不可用时,从最后一个成功的步骤恢复失败的更新运行。You can also use the privileged endpoint to resume a failed update run from the last successful step should the Azure Stack Hub portal become unavailable. 使用 Azure Stack Hub 门户是管理 Azure Stack Hub 中的更新的建议方法。Using the Azure Stack Hub portal is the recommended method to manage updates in Azure Stack Hub.

Azure Stack Hub 集成系统 1710 更新版中包含以下用于更新管理的新 PowerShell cmdlet。The following new PowerShell cmdlets for update management are included in the 1710 update for Azure Stack Hub integrated systems.

CmdletCmdlet 说明Description
Get-AzureStackUpdateStatus 返回当前正在运行的、已完成的或失败的更新状态。Returns the status of the currently running, completed, or failed update. 提供更新操作的高级状态以及描述当前步骤和相应状态的 XML 文档。Provides the high-level status of the update operation and an XML document that describes both the current step and the corresponding state.
Resume-AzureStackUpdate 从更新失败的位置恢复更新。Resumes a failed update at the point where it failed. 在某些情况下,可能需要先完成风险缓解步骤,然后才能恢复更新。In certain scenarios, you may have to complete mitigation steps before you resume the update.

验证 cmdlet 是否可用Verify the cmdlets are available

由于 cmdlet 是适用于 Azure Stack Hub 1710 更新包中的新功能,因此 1710 更新过程需要运行到特定的步骤,才能使用监视功能。Because the cmdlets are new in the 1710 update package for Azure Stack Hub, the 1710 update process needs to get to a certain point before the monitoring capability is available. 一般而言,如果管理员门户中的状态指示 1710 更新正在执行“重启存储主机”步骤,则可以使用 cmdlet。Typically, the cmdlets are available if the status in the administrator portal indicates that the 1710 update is at the Restart Storage Hosts step. 具体来说,cmdlet 更新发生在步骤:正在运行步骤 2.6 - 更新 PrivilegedEndpoint 允许列表期间。Specifically, the cmdlet update occurs during Step: Running step 2.6 - Update PrivilegedEndpoint whitelist.

也可以通过从特权终结点查询命令列表,来确定是否可以编程方式使用 cmdlet。You can also determine whether the cmdlets are available programmatically by querying the command list from the privileged endpoint. 若要执行此查询,请从硬件生命周期主机或特权访问工作站运行以下命令。To do this query, run the following commands from the hardware lifecycle host or from a Privileged Access Workstation. 此外,请确保特权终结点是受信任的主机。Also, make sure the privileged endpoint is a trusted host. 有关详细信息,请参阅访问特权终结点的步骤 1。For more information, see step 1 of Access the privileged endpoint.

  1. 在 Azure Stack Hub 环境中的任何 ERCS 虚拟机 (VM)(Prefix-ERCS01、Prefix-ERCS02 或 Prefix-ERCS03)上创建 PowerShell 会话。Create a PowerShell session on any of the ERCS virtual machines (VMs) in your Azure Stack Hub environment (Prefix-ERCS01, Prefix-ERCS02, or Prefix-ERCS03). 将 Prefix 替换为环境特定的 VM 前缀字符串。Replace Prefix with the VM prefix string that's specific to your environment.

    $cred = Get-Credential
    
    $pepSession = New-PSSession -ComputerName <Prefix>-ercs01 -Credential $cred -ConfigurationName PrivilegedEndpoint 
    

    系统提示输入凭据时,请使用 <Azure Stack Hub 域>\cloudadmin 帐户或属于 CloudAdmins 组成员的帐户。When prompted for credentials, use the <Azure Stack Hub domain>\cloudadmin account, or an account that's a member of the CloudAdmins group. 对于 CloudAdmin 帐户,请输入安装 AzureStackAdmin 域管理员帐户期间提供的相同密码。For the CloudAdmin account, enter the same password that was provided during installation for the AzureStackAdmin domain administrator account.

  2. 获取特权终结点中可用的完整命令列表。Get the full list of commands that are available in the privileged endpoint.

    $commands = Invoke-Command -Session $pepSession -ScriptBlock { Get-Command } 
    
  3. 确定特权终结点是否已更新。Determine if the privileged endpoint was updated.

    $updateManagementModuleName = "Microsoft.Azurestack.UpdateManagement"
     if (($commands | ? Source -eq $updateManagementModuleName)) {
    Write-Host "Privileged endpoint was updated to support update monitoring tools."
     } else {
    Write-Host "Privileged endpoint has not been updated yet. Please try again later."
     } 
    
  4. 列出 Microsoft.AzureStack.UpdateManagement 模块特定的命令。List the commands specific to the Microsoft.AzureStack.UpdateManagement module.

    $commands | ? Source -eq $updateManagementModuleName 
    

    例如:For example:

    $commands | ? Source -eq $updateManagementModuleName
    
    CommandType     Name                                               Version    Source                                                  PSComputerName
     -----------     ----                                               -------    ------                                                  --------------
    Function        Get-AzureStackUpdateStatus                         0.0        Microsoft.Azurestack.UpdateManagement                   Contoso-ercs01
    Function        Resume-AzureStackUpdate                            0.0        Microsoft.Azurestack.UpdateManagement                   Contoso-ercs01
    

使用更新管理 cmdletUse the update management cmdlets

备注

从硬件生命周期主机或特权访问工作站运行以下命令。Run the following commands from the hardware lifecycle host or from a Privileged Access Workstation. 此外,请确保特权终结点是受信任的主机。Also, make sure the privileged endpoint is a trusted host. 有关详细信息,请参阅访问特权终结点的步骤 1。For more information, see step 1 of Access the privileged endpoint.

连接到特权终结点并分配会话变量Connect to the privileged endpoint and assign session variable

运行以下命令,在 Azure Stack Hub 环境中的任何 ERCS VM(Prefix-ERCS01、Prefix-ERCS02 或 Prefix-ERCS03)上创建 PowerShell 会话,并分配会话变量。Run the following commands to create a PowerShell session on any of the ERCS VMs in your Azure Stack Hub environment (Prefix-ERCS01, Prefix-ERCS02, or Prefix-ERCS03), and to assign a session variable.

$cred = Get-Credential

$pepSession = New-PSSession -ComputerName <Prefix>-ercs01 -Credential $cred -ConfigurationName PrivilegedEndpoint 

系统提示输入凭据时,请使用 <Azure Stack Hub 域>\cloudadmin 帐户或属于 CloudAdmins 组成员的帐户。When prompted for credentials, use the <Azure Stack Hub domain>\cloudadmin account, or an account that's a member of the CloudAdmins group. 对于 CloudAdmin 帐户,请输入安装 AzureStackAdmin 域管理员帐户期间提供的相同密码。For the CloudAdmin account, enter the same password that was provided during installation for the AzureStackAdmin domain administrator account.

获取当前更新运行的高级状态Get high-level status of the current update run

若要获取当前更新运行的高级状态,请运行以下命令:To get a high-level status of the current update run, run the following commands:

$statusString = Invoke-Command -Session $pepSession -ScriptBlock { Get-AzureStackUpdateStatus -StatusOnly }

$statusString.Value 

可能的值包括:Possible values include:

  • 正在运行Running
  • 已完成Completed
  • 已失败Failed
  • 已取消Canceled

可以重复运行这些命令来查看最新状态。You can run these commands repeatedly to see the most up-to-date status. 无需重新建立连接即可再次检查状态。You don't have to re-establish a connection to check again.

获取完整更新运行状态和详细信息Get the full update run status with details

可以获取 XML 字符串形式的完整更新运行摘要。You can get the full update run summary as an XML string. 可将此字符串写入文件供检查,或将其转换为 XML 文档,然后使用 PowerShell 进行分析。You can write the string to a file for examination, or convert it to an XML document and use PowerShell to parse it. 以下命令分析 XML,以获取当前正在运行的步骤的分层列表:The following command parses the XML to get a hierarchical list of the currently running steps:

[xml]$updateStatus = Invoke-Command -Session $pepSession -ScriptBlock { Get-AzureStackUpdateStatus }

$updateStatus.SelectNodes("//Step[@Status='InProgress']")

在以下示例中,顶级步骤(云更新)包含一个更新并重启存储主机的子计划。In the following example, the top-level step (Cloud Update) has a child plan to update and restart the storage hosts. 其中显示“重启存储主机”计划正在某台主机上更新 Blob 存储服务。It shows that the Restart Storage Hosts plan is updating the Blob Storage service on one of the hosts.

[xml]$updateStatus = Invoke-Command -Session $pepSession -ScriptBlock { Get-AzureStackUpdateStatus }

$updateStatus.SelectNodes("//Step[@Status='InProgress']") 

    FullStepIndex : 2
    Index         : 2
    Name          : Cloud Update
    Description   : Perform cloud update.
    StartTimeUtc  : 2017-10-13T12:50:39.9020351Z
    Status        : InProgress
    Task          : Task
    
    FullStepIndex  : 2.9
    Index          : 9
    Name           : Restart Storage Hosts
    Description    : Restart Storage Hosts.
    EceErrorAction : Stop
    StartTimeUtc   : 2017-10-13T15:44:06.7431447Z
    Status         : InProgress
    Task           : Task
    
    FullStepIndex : 2.9.2
    Index         : 2
    Name          : PreUpdate ACS Blob Service
    Description   : Check function level, update deployment artifacts, configure Blob service settings
    StartTimeUtc  : 2017-10-13T15:44:26.0708525Z
    Status        : InProgress
    Task          : Task

恢复失败的更新操作Resume a failed update operation

如果更新失败,可以从更新中断的位置恢复更新运行。If the update fails, you can resume the update run where it left off.

Invoke-Command -Session $pepSession -ScriptBlock { Resume-AzureStackUpdate } 

故障排除Troubleshoot

特权终结点适用于 Azure Stack Hub 环境中的所有 ERCS VM。The privileged endpoint is available on all ERCS VMs in the Azure Stack Hub environment. 由于未与高度可用的终结点建立连接,因此可能会遇到偶发性中断、警告或错误消息。Because the connection isn't made to a highly available endpoint, you may experience occasional interruptions, warning, or error messages. 这些消息可能指示会话已断开,或者与 ECE 服务通信时出错。These messages may indicate that the session was disconnected or that there was an error communicating with the ECE Service. 这是预期的行为。This behavior is expected. 可以在几分钟后重试此操作,或者在其他某个 ERCS VM 上新建特权终结点会话。You can retry the operation in a few minutes or create a new privileged endpoint session on one of the other ERCS VMs.

有关故障排除更新的详细信息,请参阅 Azure Stack 故障排除For more information on troubleshooting updates, see Azure Stack Troubleshooting

后续步骤Next steps