設定叢集見證Set up a cluster witness

適用于 Azure Stack HCI,版本 20H2;Windows Server 2019Applies to Azure Stack HCI, version 20H2; Windows Server 2019

設定見證資源對所有叢集都是必要的,而且應該在建立叢集之後立即設定。Setting up a witness resource is mandatory for all clusters, and should be set up right after you create a cluster. 雙節點叢集需要見證,如此一來,伺服器離線也不會造成其他節點變成無法使用。Two-node clusters need a witness so that either server going offline does not cause the other node to become unavailable as well. 有三個以上的節點叢集需要見證,才能承受兩部伺服器故障或離線。Three and higher-node clusters need a witness to be able to withstand two servers failing or being offline.

您可以使用 SMB 檔案共用做為見證,或使用 Azure 雲端見證。You can either use an SMB file share as a witness or use an Azure cloud witness. 如果叢集中的所有伺服器節點都有可靠的網際網路連線,則建議使用 Azure 雲端見證。An Azure cloud witness is recommended, provided all server nodes in the cluster have a reliable internet connection. 如需詳細資訊,請參閱為 容錯移轉叢集部署雲端見證For more information, see Deploy a Cloud Witness for a Failover Cluster.

針對檔案共用見證,檔案伺服器有一些需求。For file-share witnesses, there are requirements for the file server. 如需詳細資訊,請參閱 系統需求See System requirements for more information.

使用 Windows Admin Center 設定見證Set up a witness using Windows Admin Center

  1. 在 Windows Admin Center 中,從頂端的下拉式箭號選取 [叢集 管理員 ]。In Windows Admin Center, select Cluster Manager from the top drop-down arrow.
  2. 在 [叢集連線] 底下,選取叢集。Under Cluster connections , select the cluster.
  3. 在 [ 工具 ] 底下,選取 [ 設定 ]。Under Tools , select Settings .
  4. 選取右窗格中的 [ 見證 ]。In the right pane, select Witness .
  5. 針對 [ 見證類型 ],選取下列其中一項:For Witness type , select one of the following:
    • 雲端見證 -輸入您的 Azure 儲存體帳戶名稱、存取金鑰和端點 URL,如下所述Cloud witness - enter your Azure storage account name, access key, and endpoint URL, as described below
    • 檔案 共用見證 -輸入檔案共用路徑 " (//server/share) "File share witness - enter the file share path "(//server/share)"

注意

第三個選項([ 磁片見證 ])不適合用于延伸的叢集。The third option, Disk witness , is not suitable for use in stretched clusters.

建立用來作為雲端見證的 Azure 儲存體帳戶Create an Azure Storage Account to use as a Cloud Witness

本節說明如何建立儲存體帳戶,並查看並複製該帳戶的端點 Url 和存取金鑰。This section describes how to create a storage account and view and copy endpoint URLs and access keys for that account.

若要設定雲端見證,您必須具有有效的 Azure 儲存體帳戶,可用來儲存 blob 檔案 (用於仲裁) 。To configure Cloud Witness, you must have a valid Azure Storage Account which can be used to store the blob file (used for arbitration). Cloud 見證會在 Microsoft 儲存體帳戶下建立知名的容器 msft-雲端見證Cloud Witness creates a well-known Container msft-cloud-witness under the Microsoft Storage Account. 雲端見證會寫入單一 blob 檔案,其中包含對應叢集的唯一識別碼,用來作為此 msft-雲端見證 容器下的 blob 檔案名。Cloud Witness writes a single blob file with corresponding cluster's unique ID used as the file name of the blob file under this msft-cloud-witness container. 這表示您可以使用相同的 Microsoft Azure 儲存體帳戶來設定多個不同叢集的雲端見證。This means that you can use the same Microsoft Azure Storage Account to configure a Cloud Witness for multiple different clusters.

當您使用相同的 Azure 儲存體帳戶來設定多個不同叢集的雲端見證時,系統會自動建立單一的 msft-雲端見證 容器。When you use the same Azure Storage Account for configuring Cloud Witness for multiple different clusters, a single msft-cloud-witness container gets created automatically. 此容器會在每個叢集包含一個 blob 檔案。This container will contain one-blob file per cluster.

注意

雲端見證使用 HTTPS (預設埠 443) 來建立與 Azure blob 服務的通訊。Cloud Witness uses HTTPS (default port 443) to establish communication with Azure blob service. 確定可以透過網路 Proxy 存取 HTTPS 埠。Ensure that HTTPS port is accessible via network Proxy.

若要建立 Azure 儲存體帳戶To create an Azure storage account

  1. 登入 Azure 入口網站Sign in to the Azure portal.
  2. 在 [集線器] 功能表中,選擇 [新增] -> [資料 + 儲存體] -> [儲存體帳戶]。On the Hub menu, select New -> Data + Storage -> Storage account.
  3. 在 [建立儲存體帳戶] 頁面中,執行下列動作:In the Create a storage account page, do the following:
    1. 輸入儲存體帳戶的名稱。Enter a name for your storage account.
      儲存體帳戶名稱必須介於 3 到 24 個字元的長度,而且只能包含數字和小寫字母。Storage account names must be between 3 and 24 characters in length and may contain numbers and lowercase letters only. 儲存體帳戶名稱在 Azure 內也必須是唯一的。The storage account name must also be unique within Azure.
    2. 針對 [ 帳戶類型 ],選取 [一般用途 ]。For Account kind , select General purpose .
      您無法將 Blob 儲存體帳戶用於雲端見證。You can't use a Blob storage account for a Cloud Witness.
    3. 針對 [效能],請選取 [標準]。For Performance , select Standard .
      您無法將 Azure 進階儲存體用於雲端見證。You can't use Azure Premium Storage for a Cloud Witness.
    4. 針對 複寫 ,請選取 [ 本機-多餘的儲存體] (LRS)For Replication , select Locally-redundant storage (LRS) .
      「容錯移轉叢集」會使用 blob 檔案作為仲裁點,在讀取資料時需要一些一致性保證。Failover Clustering uses the blob file as the arbitration point, which requires some consistency guarantees when reading the data. 因此,您 必須針對複寫 類型選取 本機-多餘的儲存體Therefore you must select Locally-redundant storage for Replication type.

查看並複製您 Azure 儲存體帳戶的儲存體存取金鑰View and copy storage access keys for your Azure Storage Account

當您建立 Microsoft Azure 儲存體帳戶時,它會與自動產生的兩個存取金鑰(主要存取金鑰和次要存取金鑰)相關聯。When you create a Microsoft Azure Storage Account, it is associated with two Access Keys that are automatically generated - Primary Access key and Secondary Access key. 如果是第一次建立雲端見證,請使用 主要存取金鑰For a first-time creation of Cloud Witness, use the Primary Access Key . 對於要用於雲端見證的金鑰,沒有任何相關限制。There is no restriction regarding which key to use for Cloud Witness.

若要查看及複製儲存體存取金鑰To view and copy storage access keys

在 Azure 入口網站中,流覽至您的儲存體帳戶,按一下 [ 所有設定 ],然後按一下 [ 存取金鑰 ],以查看、複製及重新產生您的帳戶存取金鑰。In the Azure portal, navigate to your storage account, click All settings and then click Access Keys to view, copy, and regenerate your account access keys. [存取金鑰] 刀鋒視窗也包含使用您主要與次要金鑰的預先設定連接字串,讓您可以複製以在應用程式中使用。The Access Keys blade also includes pre-configured connection strings using your primary and secondary keys that you can copy to use in your applications.

雲端見證存取金鑰

當您建立儲存體帳戶時,會使用下列格式產生下列 Url: https://<Storage Account Name>.<Storage Type>.<Endpoint>When you create a Storage Account, the following URLs are generated using the format: https://<Storage Account Name>.<Storage Type>.<Endpoint>

雲端見證一律使用 Blob 作為儲存體類型。Cloud Witness always uses Blob as the storage type. Azure 會使用 core.windows.net 作為端點。Azure uses .core.windows.net as the Endpoint. 設定雲端見證時,您可能會根據您的案例使用不同的端點進行設定 (例如,中國的 Microsoft Azure datacenter 有不同的端點) 。When configuring Cloud Witness, it is possible that you configure it with a different endpoint as per your scenario (for example the Microsoft Azure datacenter in China has a different endpoint).

注意

端點 URL 是由雲端見證資源自動產生的,而且不需要額外的 URL 設定步驟。The endpoint URL is generated automatically by Cloud Witness resource and there is no extra step of configuration necessary for the URL.

在 Azure 入口網站中,流覽至您的儲存體帳戶,按一下 [ 所有設定 ],然後按一下 [ 屬性 ],以查看並複製您的端點 url。In the Azure portal, navigate to your storage account, click All settings and then click Properties to view and copy your endpoint URLs.

雲端見證端點 URL

使用 Windows PowerShell 設定見證Set up a witness using Windows PowerShell

若要使用 PowerShell 來設定叢集見證,請執行下列其中一個 Cmdlet。To setup a cluster witness using PowerShell, run one of the following cmdlets.

使用下列 Cmdlet 來建立 Azure 雲端見證:Use the following cmdlet to create an Azure cloud witness:

Set-ClusterQuorum –Cluster "Cluster1" -CloudWitness -AccountName "AzureStorageAccountName" -AccessKey "AzureStorageAccountAccessKey"

使用下列 Cmdlet 來建立檔案共用見證:Use the following cmdlet to create a file-share witness:

Set-ClusterQuorum -FileShareWitness "\\fileserver\share" -Credential (Get-Credential)

下一步Next steps