更新 Azure Stack HCI 叢集Update Azure Stack HCI clusters

適用于: Azure Stack HCI、版本 20H2;Windows Server 2019Applies to: Azure Stack HCI, version 20H2; Windows Server 2019

更新 Azure Stack HCI 叢集時,其目標是要藉由一次只更新叢集中的一部伺服器來維護可用性。When updating Azure Stack HCI clusters, the goal is to maintain availability by updating only one server in the cluster at a time. 許多作業系統更新都需要讓伺服器離線,例如重新開機或更新軟體(例如網路堆疊)。Many operating system updates require taking the server offline, for example to do a restart or to update software such as the network stack. 我們建議使用 Cluster-Aware 更新 (CAU) ,這項功能可讓您輕鬆地在叢集中的每部伺服器上安裝更新,同時讓您的應用程式保持運作。We recommend using Cluster-Aware Updating (CAU), a feature that makes it easy to install updates on every server in your cluster while keeping your applications running. 在安裝更新並重新啟動伺服器時(如有必要),Cluster-Aware 更新會自動將伺服器移入和移出維護模式。Cluster-Aware Updating automates taking the server in and out of maintenance mode while installing updates and restarting the server, if necessary. Cluster-Aware 更新是 Windows Admin Center 所使用的預設更新方法,也可以使用 PowerShell 來初始化。Cluster-Aware Updating is the default updating method used by Windows Admin Center and can also be initiated using PowerShell.

本主題著重于作業系統和軟體更新。This topic focuses on operating system and software updates. 如果您需要讓伺服器離線,以在硬體上執行維護,請參閱 讓伺服器離線進行維護If you need to take a server offline to perform maintenance on the hardware, see Take a server offline for maintenance.

使用 Windows Admin Center 更新叢集Update a cluster using Windows Admin Center

Windows Admin Center 可讓您輕鬆地更新叢集,並使用簡單的使用者介面來套用作業系統和方案更新。Windows Admin Center makes it easy to update a cluster and apply operating system and solution updates using a simple user interface. 如果您已向 Microsoft 硬體合作夥伴購買整合式系統,則可以輕鬆地直接從 Windows Admin Center 取得最新的驅動程式、固件和其他更新,方法是 (s) 安裝適當的夥伴更新擴充功能。If you've purchased an integrated system from a Microsoft hardware partner, it’s easy to get the latest drivers, firmware, and other updates directly from Windows Admin Center by installing the appropriate partner update extension(s). 如果您的硬體未以整合系統的形式購買,則可能需要個別執行固件和驅動程式更新,請遵循硬體廠商的建議。If your hardware was not purchased as an integrated system, firmware and driver updates may need to be performed separately, following the hardware vendor's recommendations.

遵循下列步驟來安裝更新:Follow these steps to install updates:

  1. 當您連線到叢集時,如果有一或多部伺服器已準備好要安裝的更新,Windows Admin Center 儀表板會發出警示,並提供立即更新的連結。When you connect to a cluster, the Windows Admin Center dashboard will alert you if one or more servers have updates ready to be installed, and provide a link to update now. 或者,您可以從左側的 [工具] 功能表中選取 [更新]。Alternatively, you can select Updates from the Tools menu at the left.

  2. 如果您是第一次更新叢集,Windows Admin Center 會檢查叢集是否已正確設定為執行 Cluster-Aware 更新,並在需要時詢問您是否要 Windows Admin Center 為您設定 CAU,包括安裝 CAU 叢集角色以及啟用必要的防火牆規則。If you are updating your cluster for the first time, Windows Admin Center will check if the cluster is properly configured to run Cluster-Aware Updating, and if needed, will ask if you’d like Windows Admin Center to configure CAU for you, including installing the CAU cluster role and enabling the required firewall rules. 若要開始更新程式,請按一下 [ 開始]。To begin the update process, click Get Started.

    Windows Admin Center 會自動將叢集設定為執行 Cluster-Aware 更新

    注意

    若要在 Windows Admin Center 中使用 Cluster-Aware 更新工具,您必須啟用 (CredSSP) 的認證安全性服務提供者,並提供明確的認證。To use the Cluster-Aware updating tool in Windows Admin Center, you must enable Credential Security Service Provider (CredSSP) and provide explicit credentials. 如果系統詢問您是否應啟用 CredSSP,請按一下 [是]If you are asked if CredSSP should be enabled, click Yes. 指定您的使用者名稱和密碼,然後按一下 [ 繼續]。Specify your username and password, and click Continue.

  3. 叢集的更新狀態將會顯示;按一下 [ 檢查更新 ],取得叢集中每部伺服器可用的作業系統更新清單。The cluster's update status will be displayed; click Check for updates to get a list of the operating system updates that are available for each server in the cluster. 您可能需要提供系統管理員認證。You may need to supply administrator credentials. 如果沒有可用的作業系統更新,請按一下 [下一步:硬體更新] ,然後繼續進行步驟7。If no operating system updates are available, click Next: hardware updates and proceed to step 7.

  4. 選取 [下一步]:安裝 以繼續安裝作業系統更新,或按一下 [ 略過 ] 將其排除。Select Next: Install to proceed to install the operating system updates, or click Skip to exclude them.

    按 [下一步]:安裝以繼續安裝作業系統更新,或按一下 [略過] 將其排除

  5. 選取 [ 安裝 ],在叢集中的每部伺服器上安裝作業系統更新。Select Install to install the operating system updates on each server in the cluster. 您會看到更新狀態變更為「正在安裝更新」。You will see the update status change to "installing updates." 如果有任何更新需要重新開機,伺服器會一次重新開機,在伺服器之間移動叢集角色(例如虛擬機器),以避免停機。If any of the updates requires a restart, servers will be restarted one at a time, moving cluster roles such as virtual machines between servers to prevent downtime.

    按一下 [安裝],在叢集中的每部伺服器上安裝作業系統更新

  6. 當作業系統更新完成時,更新狀態將會變更為「成功」。When operating system updates are complete, the update status will change to "succeeded." 按一下 [下一步]: [硬體更新] 以繼續前往 [硬體更新] 畫面。Click Next: hardware updates to proceed to the hardware updates screen.

  7. Windows Admin Center 會檢查叢集是否有支援特定伺服器硬體的已安裝擴充功能。Windows Admin Center will check the cluster for installed extensions that support your specific server hardware. 按一下 [下一步]: [安裝] ,在叢集中的每部伺服器上安裝硬體更新。Click Next: install to install the hardware updates on each server in the cluster. 如果找不到任何擴充功能或更新, 請按一下 [ 結束]。If no extensions or updates are found, click Exit.

  8. 若要改善安全性,請在完成安裝更新後立即停用 CredSSP:To improve security, disable CredSSP as soon as you're finished installing the updates:

    • 在 Windows Admin Center 的 [ 所有 連線] 下,選取叢集中的第一部伺服器,然後選取 [連線]In Windows Admin Center, under All connections, select the first server in your cluster, and then select Connect.
    • 在 [ 總覽 ] 頁面上,選取 [ 停用 credssp],然後在 [ 停用 credssp ] 快顯視窗上,選取 [是]。On the Overview page, select Disable CredSSP, and then on the Disable CredSSP pop-up window, select Yes.

使用 PowerShell 更新叢集Update a cluster using PowerShell

在您可以使用 Cluster-Aware 更新來更新叢集之前,您必須先安裝 容錯移轉叢集工具(這是 遠端伺服器管理工具 (RSAT 的一部分)) 並包含 Cluster-Aware 更新軟體。Before you can update a cluster using Cluster-Aware Updating, you first need to install the Failover Clustering Tools, which are part of the Remote Server Administration Tools (RSAT) and include the Cluster-Aware Updating software. 如果您要更新現有的叢集,可能已經安裝這些工具。If you're updating an existing cluster, these tools may already be installed.

若要測試容錯移轉叢集是否已正確設定為使用 Cluster-Aware 更新來套用軟體更新,請執行 Test-causetup PowerShell Cmdlet,此 Cmdlet 會執行最佳做法分析程式, (BPA) 掃描容錯移轉叢集和網路環境,並警示您有任何警告或錯誤:To test whether a failover cluster is properly set up to apply software updates using Cluster-Aware Updating, run the Test-CauSetup PowerShell cmdlet, which performs a Best Practices Analyzer (BPA) scan of the failover cluster and network environment and alerts you of any warnings or errors:

Test-CauSetup -ClusterName Cluster1

如果您需要安裝功能、工具或角色,請參閱下一節。If you need to install features, tools, or roles, see the next sections. 否則,請直接跳到以 PowerShell 檢查是否有更新Otherwise, skip ahead to Check for updates with PowerShell.

使用 PowerShell 安裝容錯移轉叢集和容錯移轉叢集工具Install Failover Clustering and Failover Clustering Tools using PowerShell

若要檢查叢集或伺服器是否已安裝容錯移轉叢集功能和容錯移轉叢集工具,請 Get-WindowsFeature 從您的管理電腦發出 PowerShell Cmdlet (或直接在叢集或伺服器上執行,並省略-ComputerName 參數) :To check if a cluster or server has the Failover Clustering feature and Failover Clustering Tools already installed, issue the Get-WindowsFeature PowerShell cmdlet from your management PC (or run it directly on the cluster or server, omitting the -ComputerName parameter):

Get-WindowsFeature -Name Failover*, RSAT-Clustering* -ComputerName Server1

請確定已安裝「安裝狀態」,且 X 在 Windows PowerShell 的容錯移轉叢集和容錯移轉叢集模組之前出現:Make sure "Install State" says Installed and that an X appears before both Failover Clustering and Failover Cluster Module for Windows PowerShell:

Display Name                                            Name                       Install State
------------                                            ----                       -------------
[X] Failover Clustering                                 Failover-Clustering            Installed
        [X] Failover Clustering Tools                   RSAT-Clustering                Installed
            [X] Failover Cluster Module for Windows ... RSAT-Clustering-Powe...        Installed
            [ ] Failover Cluster Automation Server      RSAT-Clustering-Auto...        Available
            [ ] Failover Cluster Command Interface      RSAT-Clustering-CmdI...        Available

如果未安裝容錯移轉叢集功能,請 Install-WindowsFeature 使用-IncludeAllSubFeature 和-IncludeManagementTools 參數,在叢集中的每部伺服器上安裝它:If the Failover Clustering feature is not installed, install it on each server in the cluster with the Install-WindowsFeature cmdlet, using the -IncludeAllSubFeature and -IncludeManagementTools parameters:

Install-WindowsFeature –Name Failover-Clustering -IncludeAllSubFeature –IncludeManagementTools -ComputerName Server1

此命令也會安裝適用于 PowerShell 的容錯移轉叢集模組,其中包含用來管理容錯移轉叢集的 PowerShell Cmdlet,以及適用于 PowerShell 的 Cluster-Aware 更新模組,以安裝容錯移轉叢集上的軟體更新。This command will also install the Failover Cluster Module for PowerShell, which includes PowerShell cmdlets for managing failover clusters, and the Cluster-Aware Updating module for PowerShell, for installing software updates on failover clusters.

如果已安裝容錯移轉叢集功能,但 Windows PowerShell 的容錯移轉叢集模組不是,只要將它安裝在叢集中的每部伺服器上,並使用 installIf the Failover Clustering feature is already installed but the Failover Cluster Module for Windows PowerShell is not, simply install it on each server in the cluster with the Install-WindowsFeature cmdlet:

Install-WindowsFeature –Name RSAT-Clustering-PowerShell -ComputerName Server1

選擇更新模式Choose an updating mode

Cluster-Aware 更新可以在兩種模式中協調完整的叢集更新作業:Cluster-Aware Updating can coordinate the complete cluster updating operation in two modes:

  • 自行更新模式 在此模式中,Cluster-Aware 更新叢集角色會設定為要更新之容錯移轉叢集上的工作負載,並定義相關聯的更新排程。Self-updating mode For this mode, the Cluster-Aware Updating clustered role is configured as a workload on the failover cluster that is to be updated, and an associated update schedule is defined. 叢集會使用預設或自訂更新執行設定檔,在排程的時間自行更新。The cluster updates itself at scheduled times by using a default or custom updating run profile. 在「更新執行」期間,Cluster-Aware 更新協調器進程會從目前擁有 Cluster-Aware 更新叢集角色的節點開始,而此程式會依序在每個叢集節點上執行更新。During the updating run, the Cluster-Aware Updating Update Coordinator process starts on the node that currently owns the Cluster-Aware Updating clustered role, and the process sequentially performs updates on each cluster node. 若要更新目前的叢集節點,Cluster-Aware 更新叢集角色會容錯移轉到另一個叢集節點,而該節點上的新更新協調器程式會假設有「更新執行」的控制權。To update the current cluster node, the Cluster-Aware Updating clustered role fails over to another cluster node, and a new Update Coordinator process on that node assumes control of the updating run. 在自行更新模式中,Cluster-Aware 更新可以使用完全自動化的端對端更新程式來更新容錯移轉叢集。In self-updating mode, Cluster-Aware Updating can update the failover cluster by using a fully automated, end-to-end updating process. 在這個模式中,系統管理員也可以依需要觸發更新,或只是使用遠端更新方式 (如果想要的話)。An administrator can also trigger updates on-demand in this mode, or simply use the remote-updating approach if desired.

  • 遠端更新模式 在此模式中,遠端系統管理電腦 (通常是具有容錯移轉叢集之網路連線,但不是容錯移轉叢集成員的 Windows 10 電腦) 會使用容錯移轉叢集工具進行設定。Remote updating mode For this mode, a remote management computer (usually a Windows 10 PC) that has network connectivity to the failover cluster but is not a member of the failover cluster is configured with the Failover Clustering Tools. 從遠端系統管理電腦(稱為「更新協調器」),系統管理員會使用預設或自訂「更新執行」設定檔來觸發隨選更新執行。From the remote management computer, called the Update Coordinator, the administrator triggers an on-demand updating run by using a default or custom updating run profile. 遠端更新模式適用于監視在「更新執行」期間的即時進度,以及在 Server Core 安裝上執行的叢集。Remote updating mode is useful for monitoring real-time progress during the updating run, and for clusters that are running on Server Core installations.

注意

從 Windows 10 2018 年 10 月更新開始,RSAT 會以一組「隨選功能」的形式包含在 Windows 10 中。Starting with Windows 10 October 2018 Update, RSAT is included as a set of "Features on Demand" right from Windows 10. 只要移至 [設定 > 應用程式 > 應用程式與功能 > 選用功能 > 新增功能 > RSAT:容錯移轉叢集工具],然後選取 [安裝] 即可。Simply go to Settings > Apps > Apps & features > Optional features > Add a feature > RSAT: Failover Clustering Tools, and select Install. 若要檢視安裝進度,請按一下 [上一步] 按鈕,在 [管理選用功能] 頁面上檢視狀態。To see installation progress, click the Back button to view status on the "Manage optional features" page. 已安裝的功能在 Windows 10 版本升級後仍將保存。The installed feature will persist across Windows 10 version upgrades. 若要在2018年10月更新之前安裝 RSAT 以進行 Windows 10,請 下載 rsat 套件To install RSAT for Windows 10 prior to the October 2018 Update, download an RSAT package.

將 CAU 叢集角色新增至叢集Add CAU cluster role to the cluster

自動更新模式需要 Cluster-Aware 更新叢集角色。The Cluster-Aware Updating cluster role is required for self-updating mode. 如果您要使用 Windows Admin Center 來執行更新,則會自動新增叢集角色。If you're using Windows Admin Center to perform the updates, the cluster role will automatically be added.

Get-CauClusterRole Cmdlet 會顯示指定叢集上 Cluster-Aware 更新叢集角色的設定屬性。The Get-CauClusterRole cmdlet displays the configuration properties of the Cluster-Aware Updating cluster role on the specified cluster.

Get-CauClusterRole -ClusterName Cluster1

如果尚未在叢集上設定角色,您將會看到下列錯誤訊息:If the role is not yet configured on the cluster, you will see the following error message:

Get-CauClusterRole : The current cluster is not configured with a Cluster-Aware Updating clustered role.

若要使用 PowerShell 新增自動更新模式的 Cluster-Aware 更新叢集角色,請使用 Add-CauClusterRole Cmdlet 並提供適當的 參數,如下列範例所示:To add the Cluster-Aware Updating cluster role for self-updating mode using PowerShell, use the Add-CauClusterRole cmdlet and supply the appropriate parameters, as in the following example:

Add-CauClusterRole -ClusterName Cluster1 -MaxFailedNodes 0 -RequireAllNodesOnline -EnableFirewallRules -VirtualComputerObjectName Cluster1-CAU -Force -CauPluginName Microsoft.WindowsUpdatePlugin -MaxRetriesPerNode 3 -CauPluginArguments @{ 'IncludeRecommendedUpdates' = 'False' } -StartDate "3/2/2020 3:00:00 AM" -DaysOfWeek 4 -WeeksOfMonth @(3) -verbose

注意

您必須從管理電腦或網域控制站執行上述命令。The above command must be run from a management PC or domain controller.

啟用防火牆規則以允許遠端重新開機Enable firewall rules to allow remote restarts

您必須允許伺服器在更新過程中從遠端重新開機。You'll need to allow the servers to restart remotely during the update process. 如果您使用 Windows Admin Center 來執行更新,則會在每部伺服器上自動更新 Windows 防火牆規則,以允許遠端重新開機。If you're using Windows Admin Center to perform the updates, Windows Firewall rules will automatically be updated on each server to allow remote restarts. 如果您要使用 PowerShell 進行更新,請在 Windows 防火牆中啟用遠端關機防火牆規則群組,或將-EnableFirewallRules 參數傳遞給 Cmdlet (如上述範例所示)。If you're updating with PowerShell, either enable the Remote Shutdown firewall rule group in Windows Firewall, or pass the -EnableFirewallRules parameter to the cmdlet such as in the example above.

使用 PowerShell 檢查更新Check for updates with PowerShell

您可以使用指令程式 Invoke-CAUScan 來掃描伺服器是否有適用的更新,以及取得一組將套用至指定叢集中每部伺服器的初始更新清單:You can use the Invoke-CAUScan cmdlet to scan servers for applicable updates and get a list of the initial set of updates that are applied to each server in a specified cluster:

Invoke-CauScan -ClusterName Cluster1 -CauPluginName Microsoft.WindowsUpdatePlugin -Verbose

產生清單可能需要幾分鐘的時間才能完成。Generation of the list can take a few minutes to complete. 預覽清單只包含一組初始的更新;它不包含在安裝初始更新之後可能會變成適用的更新。The preview list includes only an initial set of updates; it does not include updates that might become applicable after the initial updates are installed.

使用 PowerShell 安裝更新Install updates with PowerShell

若要掃描伺服器以取得適用的更新,並在指定的叢集上執行完整的更新執行,請使用 Invoke-CAURun Cmdlet:To scan servers for applicable updates and perform a full updating run on the specified cluster, use the Invoke-CAURun cmdlet:

Invoke-CauRun -ClusterName Cluster1 -CauPluginName Microsoft.WindowsUpdatePlugin -MaxFailedNodes 1 -MaxRetriesPerNode 3 -RequireAllNodesOnline -EnableFirewallRules -Force

此命令會在名為 Cluster1 的叢集上執行掃描和完整更新執行。This command performs a scan and a full updating run on the cluster named Cluster1. 此 Cmdlet 會使用 Microsoft.windowsupdateplugin 外掛程式,並要求所有叢集節點都必須在線上,才能執行這個 Cmdlet。This cmdlet uses the Microsoft.WindowsUpdatePlugin plug-in and requires that all cluster nodes be online before running this cmdlet. 此外,此 Cmdlet 在將節點標示為失敗之前,每個節點不能有三次以上的重試,而且在將整個更新執行標示為失敗之前,不能有多個節點失敗。In addition, this cmdlet allows no more than three retries per node before marking the node as failed, and allows no more than one node to fail before marking the entire updating run as failed. 它也會啟用防火牆規則,以允許伺服器從遠端重新開機。It also enables firewall rules to allow the servers to restart remotely. 因為此命令會指定 Force 參數,所以會執行 Cmdlet 而不會顯示確認提示。Because the command specifies the Force parameter, the cmdlet runs without displaying confirmation prompts.

更新執行套裝程式含下列各項:The updating run process includes the following:

  • 在叢集中的每部伺服器上掃描及下載適用的更新Scanning for and downloading applicable updates on each server in the cluster
  • 將目前正在執行的叢集角色移出每部伺服器Moving currently running clustered roles off each server
  • 在每部伺服器上安裝更新Installing the updates on each server
  • 如果已安裝的更新需要重新開機伺服器Restarting the server if required by the installed updates
  • 將叢集角色移回源伺服器Moving the clustered roles back to the original server

「更新執行」程式也包括確保仲裁維持不變、檢查是否有其他更新可在安裝初始更新集之後安裝,以及儲存所採取動作的報告。The updating run process also includes ensuring that quorum is maintained, checking for additional updates that can only be installed after the initial set of updates are installed, and saving a report of the actions taken.

檢查更新執行的狀態Check on the status of an updating run

系統管理員可以藉由執行下列 Cmdlet 來取得正在進行更新執行的摘要資訊 Get-CauRunAn administrator can get summary information about an updating run in progress by running the Get-CauRun cmdlet:

Get-CauRun -ClusterName Cluster1

以下是一些範例輸出:Here's some sample output:

RunId                   : 834dd11e-584b-41f2-8d22-4c9c0471dbad 
RunStartTime            : 10/13/2019 1:35:39 PM 
CurrentOrchestrator     : NODE1 
NodeStatusNotifications : { 
Node      : NODE1 
Status    : Waiting 
Timestamp : 10/13/2019 1:35:49 PM 
} 
NodeResults             : { 
Node                     : NODE2 
Status                   : Succeeded 
ErrorRecordData          : 
NumberOfSucceededUpdates : 0 
NumberOfFailedUpdates    : 0 
InstallResults           : Microsoft.ClusterAwareUpdating.UpdateInstallResult[] 
}

對叢集中的所有伺服器執行快速、離線更新Perform a fast, offline update of all servers in a cluster

此方法可讓您一次將叢集中的所有伺服器關機,並同時更新所有伺服器。This method allows you to take all the servers in a cluster down at once and update them all at the same time. 這可節省更新程式期間的時間,但代價是託管資源的停機時間。This saves time during the updating process, but the trade-off is downtime for the hosted resources.

如果有需要快速套用的重大安全性更新,或您需要確保在維護期間內完成更新,您可以使用此方法。If there is a critical security update that you need to apply quickly, or you need to ensure that updates complete within your maintenance window, this method may be for you. 此程式會關閉 Azure Stack HCI 叢集、補救伺服器,然後重新開機。This process brings down the Azure Stack HCI cluster, updates the servers, and brings it all up again.

  1. 規劃維護時間範圍。Plan your maintenance window.

  2. 讓虛擬磁片離線。Take the virtual disks offline.

  3. 停止叢集以使存放集區離線。Stop the cluster to take the storage pool offline. 執行 停止 叢集 Cmdlet 或使用 Windows Admin Center 停止叢集。Run the Stop-Cluster cmdlet or use Windows Admin Center to stop the cluster.

  4. 在每部伺服器上的 services.msc 中,將叢集服務設定為 [ 停用 ]。Set the cluster service to Disabled in Services.msc on each server. 這可防止叢集服務在更新時啟動。This prevents the cluster service from starting up while being updated.

  5. 將 Windows Server 累計更新和任何必要的服務堆疊更新套用至所有伺服器。Apply the Windows Server Cumulative Update and any required Servicing Stack Updates to all servers. 您可以同時更新所有伺服器-因為叢集已關閉,所以不需要等待。You can update all servers at the same time - there's no need to wait, because the cluster is down.

  6. 重新開機伺服器,並確定一切看起來都正確。Restart the servers, and ensure everything looks good.

  7. 在每部伺服器上將叢集服務設回 [ 自動 ]。Set the cluster service back to Automatic on each server.

  8. 啟動叢集。Start the cluster. 執行 啟動 叢集 Cmdlet 或使用 Windows Admin Center。Run the Start-Cluster cmdlet or use Windows Admin Center.

    請稍候幾分鐘。Give it a few minutes. 請確定存放集區的狀況良好。Make sure the storage pool is healthy.

  9. 讓虛擬磁片恢復上線。Bring the virtual disks back online.

  10. 藉由執行 取得 磁片區和 VirtualDisk 指令程式,來監視虛擬磁片的狀態。Monitor the status of the virtual disks by running the Get-Volume and Get-VirtualDisk cmdlets.

後續步驟Next steps

如需相關資訊,另請參閱:For related information, see also: