Nutanix LCM – Dark Site on IIS with PowerShell and DFS-R guide

Shares

Upgrading Nutanix clusters with one-click upgrade when you do not have direct Internet connectivity is easy with Dark Site solution. But what if you have large, geographically distributed environment often connected via not the fastest links on the planet? Then you can set up local systems that will sync content and expose them via HTTP and your clusters will pull content locally with no harm to WAN link bandwidth. With DFS-R you can control replication speed during business hours so your business users will be kept happy. Here is scripted process so you do not have to click to much

 

Setting up DarkSite host

Assumptions:

  • Content is stored on E drive,
  • PS script has two modes – one for source server on which files will be updated (read-write location) and remote location where locations will be set to read-only,
  • save PS script and run from elevated PS session,
  • tested on WS2019,
  • DFS-R replication schedule is set according to MS documentation for 16Mbps between 7PM-7AM and 1Mbps 7AM-7PM local time of receiving member
Powershell script to configure IIS and DFS-R:
param
(
[string][ValidateSet("root_lcm", "lcm")]$srvtype
)

function set_acl {
param (
[string]$identity,
[string][ValidateSet("ReadAndExecute", "Modify", "FullControl")]$rights,
[string][ValidateSet("ContainerInherit, ObjectInherit", "None")]$inheritance,
[string][ValidateSet("None", "NoPropagateInherit", "InheritOnly")]$propagation,
[string][ValidateSet("Allow", "Deny")]$type,
[string]$path
)

$inheritance = "ContainerInherit, ObjectInherit"
$propagation = "None"
$type = "Allow"

$ace = New-Object System.Security.AccessControl.FileSystemAccessRule($identity,$rights,$inheritance,$propagation,$type)

$acl = Get-Acl -Path $path
$acl.AddAccessRule($ace)
Set-Acl -path $path -AclObject $acl
}

switch ($srvtype)
{
root_lcm {
#install IIS and DFS if not already installed
if (!(Get-WindowsFeature Web-Server).Installed) {Install-WindowsFeature -name Web-Server -IncludeManagementTools}
if (!(Get-WindowsFeature FS-DFS-Replication).Installed) {Install-WindowsFeature -name FS-DFS-Replication}

#create folders
New-Item -Path e:\ -Name NutanixLCM -ItemType Directory
set_acl -identity 'IUSR' -rights "ReadAndExecute" -inheritance "ContainerInherit, ObjectInherit" -propagation "None" -type "Allow" -path "E:\NutanixLCM"
set_acl -identity 'IIS_IUSRS' -rights "ReadAndExecute" -inheritance "ContainerInherit, ObjectInherit" -propagation "None" -type "Allow" -path "E:\NutanixLCM"

#Set IIS config
Import-Module -Name WebAdministration

Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -location 'Default Web Site' -filter "system.webServer/security/authentication/anonymousAuthentication" -name "enabled" -value "True"
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -location 'Default Web Site' -filter "system.webServer/security/authentication/windowsAuthentication" -name "enabled" -value "False"

New-WebVirtualDirectory -Site 'Default Web Site' -Name NutanixLCM -PhysicalPath E:\NutanixLCM\

#Create web.config file with all mimeType details and dump it to virtual directory
$webconfig = '<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<directoryBrowse enabled="true" />
<security>
<requestFiltering>
<fileExtensions>
<add fileExtension=".sign" allowed="true" />
<add fileExtension=".json" allowed="true" />
<add fileExtension=".iso" allowed="true" />
<add fileExtension=".xz" allowed="true" />
<add fileExtension=".BD" allowed="true" />
<add fileExtension=".bin" allowed="true" />
<add fileExtension=".csv" allowed="true" />
<add fileExtension=".exe" allowed="true" />
<add fileExtension=".frm" allowed="true" />
<add fileExtension=".lod" allowed="true" />
<add fileExtension=".md" allowed="true" />
<add fileExtension=".std" allowed="true" />
<add fileExtension=".tgz" allowed="true" />
<add fileExtension=".tar" allowed="true" />
<add fileExtension=".vib" allowed="true" />
<add fileExtension=".txt" allowed="true" />
<add fileExtension=".zip" allowed="true" />
</fileExtensions>
</requestFiltering>
</security>
<staticContent>
<clear />
<mimeMap fileExtension=".sign" mimeType="plain/text" />
<mimeMap fileExtension=".json" mimeType="plain/text" />
<mimeMap fileExtension=".iso" mimeType="plain/text" />
<mimeMap fileExtension=".xz" mimeType="plain/text" />
<mimeMap fileExtension=".BD" mimeType="papplication/x-iso9660-image" />
<mimeMap fileExtension=".bin" mimeType="papplication/x-iso9660-image" />
<mimeMap fileExtension=".csv" mimeType="papplication/x-iso9660-image" />
<mimeMap fileExtension=".exe" mimeType="papplication/x-iso9660-image" />
<mimeMap fileExtension=".frm" mimeType="papplication/x-iso9660-image" />
<mimeMap fileExtension=".lod" mimeType="papplication/x-iso9660-image" />
<mimeMap fileExtension=".md" mimeType="papplication/x-iso9660-image" />
<mimeMap fileExtension=".std" mimeType="papplication/x-iso9660-image" />
<mimeMap fileExtension=".tgz" mimeType="papplication/x-iso9660-image" />
<mimeMap fileExtension=".tar" mimeType="papplication/x-iso9660-image" />
<mimeMap fileExtension=".vib" mimeType="papplication/x-iso9660-image" />
<mimeMap fileExtension=".gz" mimeType="papplication/x-iso9660-image" />
<mimeMap fileExtension=".txt" mimeType="plain/text" />
<mimeMap fileExtension=".zip" mimeType="application/zip" />
</staticContent>
</system.webServer>
</configuration>'
$webconfig | Out-File E:\NutanixLCM\web.config

#Create DFS replication group if not exist
if (!(Get-DfsReplicationGroup -GroupName NutanixLCM)){
New-DfsReplicationGroup -GroupName "NutanixLCM" | New-DfsReplicatedFolder -FolderName "NutanixLCM" | Add-DfsrMember -ComputerName "$env:computername"
Set-DfsrMembership -GroupName "NutanixLCM" -FolderName "NutanixLCM" -ContentPath "E:\NutanixLCM" -ComputerName "$env:computername" -PrimaryMember $True -StagingPathQuotaInMB 16384 -Force
Set-DfsrGroupSchedule -GroupName "NutanixLCM" -Day Monday,Tuesday,Wednesday,Thursday,Friday,Saturday,Sunday -BandwidthDetail AAAAAAAAAAAAAAAAAAAAAAAAAAAA66666666666666666666666666666666666666666666AAAAAAAAAAAAAAAAAAAAAAAA
}

}

lcm {
#install IIS and DFS if not already installed
if (!(Get-WindowsFeature Web-Server).Installed) {Install-WindowsFeature -name Web-Server -IncludeManagementTools}
if (!(Get-WindowsFeature FS-DFS-Replication).Installed) {Install-WindowsFeature -name FS-DFS-Replication}

#create folders - NTFS permissions and data will be properly created with DFS-Replication
New-Item -Path E:\ -Name NutanixLCM -ItemType Directory

#Set IIS config

Import-Module -Name WebAdministration

Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -location 'Default Web Site' -filter "system.webServer/security/authentication/anonymousAuthentication" -name "enabled" -value "True"
Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST' -location 'Default Web Site' -filter "system.webServer/security/authentication/windowsAuthentication" -name "enabled" -value "False"

New-WebVirtualDirectory -Site 'Default Web Site' -Name NutanixLCM -PhysicalPath E:\NutanixLCM

#DFS config
Add-DfsrMember -GroupName "NutanixLCM" -ComputerName "$env:computername"
Add-DfsrConnection -GroupName "NutanixLCM" -SourceComputerName "put your source server name here" -DestinationComputerName "$env:computername"
Set-DfsrMembership -GroupName "NutanixLCM" -FolderName "NutanixLCM" -ContentPath "E:\NutanixLCM" -ComputerName "$env:computername" -StagingPathQuotaInMB 16384 -Force -ReadOnly $true

}
}

 

Populating content on your source LCM server

Now you need to download and unpack LCM bundles from Nutanix portal. Main package is available at LCM download link. You can use built-in tar (WS2019 or W10) to extract archive to your root folder (E:\NutanixLCM). Syntax is easy just make sure your PowerShell session is in E:\NutanixLCM and run “PS C:\temp\lcm> tar -xf ‘<path to your downloaded archive\lcm_dark_site_bundle_2.4.4.28447.tar.gz'”.

Then you can download and do the same with NCC, AOS, Foundation, Foundation Platforms, AHV and other Nutanix products that support LCM based updates. This includes firmware also – they are available for download by platform at LCM download links.

Give your DFS-R replication a while for replication to kick in and sync content around the globe.

Remediating Clusters with LCM

Configure PE to use DarkSite for LCM repository – point to local based DarkSite repo

Clusters may have older version of LCM engine – then it will look a bit different at initial configuration. To set it up choose LCM from main menu and then in Options choose Advanced Settings and provide your nearest Dark Site url. After that perform Inventory to update LCM engine on the cluster:

LCM LCM Advanced Settings Dark Site URL

For newer LCM engine on the cluster UI looks a bit different and you can find Dark Site under Settings in Update Source:

LCM Dark Site

Once you set your update source run Inventory:

LCM Inventory

  

This process may take a while especially if LCM engine needs to be updated. LCM engine on PC and PE needs to be in the same version so make sure you keep them in sync. If they are in sync but you see warnings – make sure to clear browser cache.

With inventory process finished you may proceed with software update via LCM. Choose Updates -> Software:

LCM software update step 1

Select updates you want to perform and view update plan

LCM software update step 2

LCM software update step 3

Make sure your PC supports AOS version to which you’re upgrading (this really should be done before you populate your production Dark Site source – you can check it on Nutanix Portal):

LCM software update step 4

Some components will only update once previous update is done. Perfect example is Foundation Platforms which require specific Foundation version. So it may be required that after initial update Inventory is needed to discover potential updates that are still required – please make sure to always perform inventory after successful update.

LCM software update step 5

End result should be fully patched cluster with all modules matching software modules that you have on your Dark Site source.

LCM fully patched

5 1 vote
Article Rating

Michal Tomczak

Michal is Principal Architect responsible for HCI, virtualization and IaaS solutions. Expert at Nutanix and VMware products. VCIX and NCM-MCI certified. His goal is to make HCI/Cloud workload blend to provide invisible platform to boost business productivity.

You may also like...

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x

FOR FREE. Download Nutanix port diagrams

Join our mailing list to receive an email with instructions on how to download 19 port diagrams in MS Visio format.

NOTE: if you do not get an email within 1h, check your SPAM filters

You have Successfully Subscribed!

Pin It on Pinterest