Merge pull request #16222 from sethmanheim/mc11-1

sethmanheim · web-flow · commit c33d42304fb2 · 2024-11-01T11:33:07.000-07:00
Sync release-ash-2501 with main, fix merge
diff --git a/azure-managed-lustre/TOC.yml b/azure-managed-lustre/TOC.yml
@@ -54,3 +54,7 @@
   items:
   - name: Recover from a regional outage
     href: amlfs-region-recovery.md
+- name: Troubleshooting
+  items:
+    - name: Troubleshoot cluster deployment failures
+      href: troubleshoot-deployment.md
diff --git a/azure-managed-lustre/troubleshoot-deployment.md b/azure-managed-lustre/troubleshoot-deployment.md
@@ -0,0 +1,78 @@
+---
+title: Troubleshoot Azure Managed Lustre cluster deployment issues
+description: Learn how to troubleshoot common cluster deployment issues in Azure Managed Lustre
+author: pauljewellmsft
+ms.author: pauljewell
+ms.service: azure-managed-lustre
+ms.topic: troubleshooting-general
+ms.date: 11/01/2024
+
+---
+
+# Troubleshoot Azure Managed Lustre deployment issues
+
+In this article, you learn how to troubleshoot common issues that you might encounter when deploying an Azure Managed Lustre file system.
+
+## Cluster deployment fails due to incorrect network configuration
+
+In this section, we cover the following causes:
+
+- [Cause 1: Network ports are blocked](#cause-1-network-ports-are-blocked)
+- [Cause 2: Resources within the subnet are incompatible](#cause-2-resources-within-the-subnet-are-incompatible)
+- [Cause 3: Network security group rules aren't configured correctly](#cause-3-network-security-group-rules-arent-configured-correctly)
+
+### Cause 1: Network ports are blocked
+
+Port 988 and port 22 must be open within the subnet for the cluster to communicate with the Azure Managed Lustre service. If either port is blocked, the deployment fails.
+
+### Solution: Verify the network configuration
+
+Allow inbound and outbound access between hosts within the Azure Managed Lustre subnet. For example, access to TCP port 22 (SSH) is necessary for cluster deployment.
+
+Your network security group (NSG) must allow inbound and outbound access on port 988 and ports 1019-1023. No other services can reserve or use these ports on your Lustre clients. If you use the `ypbind` daemon on your clients to maintain Network Information Services (NIS) binding information, you must ensure that `ypbind` doesn't reserve port 988.
+
+Make sure that the virtual network, subnet, and NSG meet the requirements for Azure Managed Lustre. To learn more, see [Network prerequisites](amlfs-prerequisites.md#network-prerequisites).
+
+### Cause 2: Resources within the subnet are incompatible
+
+Azure Managed Lustre and Azure NetApp Files resources can't share a subnet. The deployment fails if you try to create an Azure Managed Lustre file system in a subnet that currently contains, or has previously contained, Azure NetApp Files resources.
+
+### Solution: Verify the subnet configuration
+
+If you use the Azure NetApp Files service, you must create your Azure Managed Lustre file system in a separate subnet. To learn more, see [Network prerequisites](amlfs-prerequisites.md#network-prerequisites).
+
+### Cause 3: Network security group rules aren't configured correctly
+
+If you're using a network security group to filter network traffic between Azure resources in an Azure virtual network, the security rules that allow or deny inbound and outbound network traffic must be properly configured. If the network security group rules aren't correctly configured for Azure Managed Lustre file system support, the deployment fails.
+
+### Solution: Verify the network security group configuration
+
+For detailed guidance about configuring inbound and outbound security rules to support Azure Managed Lustre file systems, see [Configure network security group rules](configure-network-security-group.md#configure-network-security-group-rules).
+
+## Cluster deployment fails due to incorrect blob container configuration
+
+In this section, we cover the following causes:
+
+- [Cause 1: Blob container allows public access](#cause-1-blob-container-allows-public-access)
+- [Cause 2: Blob container can't be accessed by the file system](#cause-2-blob-container-cant-be-accessed-by-the-file-system)
+
+### Cause 1: Blob container allows public access
+
+To comply with security requirements, the blob container anonymous access level must be set to private. If the blob container is set to public, the deployment fails.
+
+### Solution: Set the blob container access level to private
+
+Configure the blob container to allow private access only. You can disallow public access at the storage account level, or you can configure access at the container level. To learn more, see [About anonymous read access](/azure/storage/blobs/anonymous-read-access-configure#about-anonymous-read-access).
+
+### Cause 2: Blob container can't be accessed by the file system
+
+If the file system can't access the blob container, the deployment fails. You must add role assignments at the storage account scope or higher to allow the file system to access the container.
+
+### Solution: Authorize access to the storage account
+
+To authorize access to the storage account, add the following role assignments to the service principal **HPC Cache Resource Provider**:
+
+- [Storage Account Contributor](/azure/role-based-access-control/built-in-roles#storage-account-contributor)
+- [Storage Blob Data Contributor](/azure/role-based-access-control/built-in-roles#storage-blob-data-contributor)
+
+To learn more, see [Access role for blob integration](amlfs-prerequisites.md#access-roles-for-blob-integration).
diff --git a/azure-stack/operator/app-service-rotate-certificates.md b/azure-stack/operator/app-service-rotate-certificates.md
@@ -3,7 +3,7 @@ title: Rotate App Service on Azure Stack Hub secrets and certificates
 description: Learn how to rotate secrets and certificates used by Azure App Service on Azure Stack Hub.
 author: sethmanheim
 ms.topic: article
-ms.date: 08/19/2024
+ms.date: 10/31/2024
 ms.author: sethm
 ms.reviewer: anwestg
 ms.lastreviewed: 04/09/2020
@@ -165,13 +165,16 @@ To rotate the system credentials used within Azure App Service on Azure Stack Hu
 
 1. Go to the **Secrets** menu option.
 
-1. Select the **Rotate** button in the System Credentials section.
+1. Select the **Rotate** button in the **System Credentials** section.
 
-1. Select the **Scope** of the System Credential you're rotating. Operators can choose to rotate the system credentials for all roles or individual roles.
+   > [!IMPORTANT]
+   > If the scope you select is **All** or **Management Server**, the credential for the controllers is also updated with the specified new username and password.
+
+1. Select the **Scope** of the system credential you're rotating. Operators can choose to rotate the system credentials for all roles, or for individual roles.  
 
 1. Specify a **new Local Admin User Name** and a new **Password**. Then confirm the **Password** and select **OK**.
 
-1. The credential(s) are rotated as required throughout the corresponding Azure App Service on Azure Stack Hub role instance. Operators can check the status of the procedure using the **Status** button.
+1. The credentials are rotated as required throughout the corresponding Azure App Service on Azure Stack Hub role instance. Operators can check the status of the procedure using the **Status** button.
 
 ## Next steps
 
diff --git a/azure-stack/operator/known-issues.md b/azure-stack/operator/known-issues.md
@@ -3,7 +3,7 @@ title: Azure Stack Hub known issues
 description: Learn about known issues in Azure Stack Hub releases.
 author: sethmanheim
 ms.topic: article
-ms.date: 10/30/2024
+ms.date: 10/31/2024
 ms.author: sethm
 ms.reviewer: rtiberiu
 ms.lastreviewed: 11/30/2023
@@ -72,7 +72,12 @@ To access known issues for a different version, use the version selector dropdow
 ::: moniker-end
 
 ::: moniker range="azs-2408"
-<!-- ## Update -->
+## Update
+
+- Applicable: This issue applies to release 2408.
+- Cause: An internal failure of Live Update forces the update method to use FRU instead, which significantly extends the overall update period. Due to this issue, each node update takes an additional 5 hours to complete (approximately).
+- Remediation: If you have more than 8 node stamps, it's advised that you delay your updates if possible, until a hotfix/inline fix is released.
+- Occurrence: Common.
 
 <!-- ## Networking -->
 
diff --git a/azure-stack/operator/release-notes.md b/azure-stack/operator/release-notes.md
@@ -3,7 +3,7 @@ title: Azure Stack Hub release notes
 description: Release notes for Azure Stack Hub integrated systems, including updates and bug fixes.
 author: sethmanheim
 ms.topic: article
-ms.date: 10/30/2024
+ms.date: 10/31/2024
 ms.author: sethm
 ms.reviewer: rtiberiu
 ms.lastreviewed: 04/22/2024
@@ -137,7 +137,11 @@ For more information about update build types, see [Manage updates in Azure Stac
 
 ### What's new
 
-<!-- ### Improvements -->
+> [!IMPORTANT]
+> [See this known 2408 update issue](known-issues.md#update).
+
+- With the 2408 update, we are introducing the ESv3 and DSv3 VM SKUs. These new SKUs are designed to provide higher IOPS for both OS and data disks. For more information, see [Azure Stack Hub VM SKUs](../user/azure-stack-vm-sizes.md).
+- We are also introducing [two new VM SKUs to support the L40s GPUs](../user/gpu-vms-about.md#nc_l40s-v4).
 
 ### Changes
 
