設定叢集見證Set up a cluster witness

適用于 Azure Stack HCI,版本 20H2;Windows Server 2019Applies to Azure Stack HCI, version 20H2; Windows Server 2019

針對所有叢集,強烈建議設定見證資源,而且應該在建立叢集後立即設定。Setting up a witness resource is highly recommended for all clusters, and should be set up right after you create a cluster. 雙節點叢集需要見證,如此一來,伺服器離線也不會造成其他節點變成無法使用。Two-node clusters need a witness so that either server going offline does not cause the other node to become unavailable as well. 有三個以上的節點叢集需要見證,才能承受兩部伺服器故障或離線。Three and higher-node clusters need a witness to be able to withstand two servers failing or being offline.

您可以使用 SMB 檔案共用做為見證或 Azure 雲端見證。You can either use an SMB file share as a witness or an Azure cloud witness. 如果叢集中的所有伺服器節點都有可靠的網際網路連線,則建議使用 Azure 雲端見證。An Azure cloud witness is recommended, provided all server nodes in the cluster have a reliable internet connection. 本文涵蓋如何建立雲端見證。This article covers creating a cloud witness.

開始之前Before you begin

您必須擁有 Azure 帳戶和訂用帳戶,並向 Azure 註冊您的 Azure Stack HCI 叢集,才能建立雲端見證。Before you can create a cloud witness, you must have an Azure account and subscription, and register your Azure Stack HCI cluster with Azure. 如需詳細資訊,請參閱下列文章:See the following articles for more information:

針對檔案共用見證,檔案伺服器有一些需求。For file share witnesses, there are requirements for the file server. 如需詳細資訊,請參閱 系統需求See System requirements for more information.

建立 Azure 儲存體帳戶Create an Azure storage account

本節說明如何建立 Azure 儲存體帳戶。This section describes how to create an Azure storage account. 此帳戶用來儲存用於仲裁的 Azure blob 檔案,以用於特定叢集。This account is used to store an Azure blob file used for arbitration for a specific cluster. 您可以使用相同的 Azure 儲存體帳戶來設定多個叢集的雲端見證。You can use the same Azure storage account to configure a cloud witness for multiple clusters.

  1. 登入 Azure 入口網站Sign in to the Azure portal.

  2. 在 Azure 入口網站首頁] 功能表的 [ Azure 服務] 下,選取 [ 儲存體帳戶]。On the Azure portal home menu, under Azure services, select Storage accounts. 如果缺少此圖示,請選取 [ 建立資源 ] 以先建立 儲存體帳戶 資源。If this icon is missing, select Create a resource to create a Storage accounts resource first.

    Azure 入口網站主畫面

  3. 在 [ 儲存體帳戶 ] 頁面上,選取 [ 新增]。On the Storage accounts page, select New.

    Azure 新儲存體帳戶

  4. 在 [ 建立儲存體帳戶 ] 頁面上,完成下列步驟:On the Create storage account page, complete the following:

    1. 選取要將儲存體帳戶套用到其中的 Azure 用帳戶。Select the Azure Subscription to apply the storage account to.
    2. 選取要套用儲存體帳戶的 Azure 資源群組Select the Azure Resource group to apply the storage account to.
    3. 輸入 [儲存體帳戶名稱]。Enter a Storage account name.
      儲存體帳戶名稱必須介於 3 到 24 個字元的長度,而且只能包含數字和小寫字母。Storage account names must be between 3 and 24 characters in length and may contain numbers and lowercase letters only. 此名稱在 Azure 內也必須是唯一的。This name must also be unique within Azure.
    4. 選取最接近您實際的 位置Select a Location that is closest to you physically.
    5. 針對 [效能],請選取 [標準]。For Performance, select Standard.
    6. 針對 [ 帳戶類型],選取 [儲存體一般用途]。For Account kind, select Storage general purpose.
    7. 針對 複寫,請選取 [ 本機-多餘的儲存體] (LRS)For Replication, select Locally-redundant storage (LRS).
    8. 完成時,按一下 [ 審核 + 建立]。When finished, click Review + create.

    Azure 建立儲存體帳戶

  5. 確定儲存體帳戶通過驗證,然後檢查帳戶設定。Ensure that the storage account passes validation and then review account settings. 完成後,按一下 [建立]。When finished, click Create.

    Azure 儲存體帳戶驗證

  6. 帳戶部署可能需要幾秒鐘的時間才會出現在 Azure 中。It may take a few seconds for account deployment to occur in Azure. 當部署完成時,按一下 [ 移至資源]。When deployment is complete, click Go to resource.

    Azure 儲存體帳戶部署

複製存取金鑰和端點 URLCopy the access key and endpoint URL

當您建立 Azure 儲存體帳戶時,此程式會自動產生兩個存取金鑰, (key1) 的主鍵和次要金鑰 (key2) 。When you create an Azure storage account, the process automatically generates two access keys, a primary key (key1) and a secondary key (key2). 第一次建立雲端見證時,會使用 key1For the first time creation of a cloud witness, key1 is used. 端點 URL 也會自動產生。The endpoint URL is also generated automatically.

Azure 雲端見證會使用 blob 檔案進行儲存,並以 storage_account_name 的格式產生端點作為端點來產生。An Azure cloud witness uses a blob file for storage, with an endpoint generated of the form storage_account_name.blob.core.windows.net as the endpoint.

注意

Azure 雲端見證使用 HTTPS (預設埠 443) 來建立與 Azure blob 服務的通訊。An Azure cloud witness uses HTTPS (default port 443) to establish communication with the Azure blob service. 確定 HTTPS 埠可供存取。Ensure that the HTTPS port is accessible.

複製帳戶名稱和存取金鑰Copy the account name and access key

  1. 在 [Azure 入口網站] 的 [ 設定] 底下,選取 [ 存取金鑰]。In the Azure portal, under Settings, select Access keys.

  2. 選取 [ 顯示 金鑰] 以顯示重要資訊。Select Show keys to display key information.

  3. 按一下 儲存體帳戶名稱key1 欄位右邊的 [複製並貼上] 圖示,並將每個文字字串貼到 [記事本] 或其他文字編輯器中。Click the copy-and-paste icon to the right of the Storage account name and key1 fields and paste each text string to Notepad or other text editor.

    Azure 儲存體帳戶存取金鑰

(選用) 複製端點 URLCopy the endpoint URL (optional)

端點 URL 是選擇性的,且可能不需要雲端見證。The endpoint URL is optional and may not be needed for a cloud witness.

  1. 在 [Azure 入口網站中,選取 [ 屬性]。In the Azure portal, select Properties.

  2. 選取 [ 顯示金鑰 ] 以顯示端點資訊。Select Show keys to display endpoint information.

  3. 在 [ blob 服務] 底下,按一下 [ blob 服務 ] 欄位右邊的 [複製並貼上] 圖示,然後將文字字串貼到 [記事本] 或其他文字編輯器中。Under Blob service, click the copy-and-paste icon to the right of the Blob service field and paste the text string to Notepad or other text editor.

    Azure blob 端點

使用 Windows Admin Center 建立雲端見證Create a cloud witness using Windows Admin Center

現在您已準備好使用 Windows Admin Center 建立叢集的見證實例。Now you are ready to create a witness instance for your cluster using Windows Admin Center.

  1. 在 Windows Admin Center 中,從頂端的下拉式箭號選取 [叢集 管理員 ]。In Windows Admin Center, select Cluster Manager from the top drop-down arrow.

  2. 在 [叢集連線] 底下,選取叢集。Under Cluster connections, select the cluster.

  3. 在 [ 工具] 底下,選取 [ 設定]。Under Tools, select Settings.

  4. 選取右窗格中的 [ 見證]。In the right pane, select Witness.

  5. 針對 [ 見證類型],選取下列其中一項:For Witness type, select one of the following:

    • 雲端見證 -輸入您的 Azure 儲存體帳戶名稱、存取金鑰和端點 URL (如先前所述)Cloud witness - enter your Azure storage account name, access key, and endpoint URL, as described previously
    • 檔案 共用見證-輸入檔案共用路徑 " (//server/share) "File share witness - enter the file share path "(//server/share)"
  6. 若為雲端見證,請針對下欄欄位,貼上您先前複製的文字字串:For a cloud witness, for the following fields, paste the text strings you copied previously for:

    1. Azure 儲存體帳戶名稱Azure storage account name
    2. Azure 儲存體存取金鑰Azure storage access key
    3. Azure 服務端點Azure service endpoint

    雲端見證存取金鑰

  7. 完成時,按一下 [儲存]。When finished, click Save. 資訊可能需要一點時間才會傳播至 Azure。It might take a bit for the information to propagate to Azure.

注意

第三個選項([ 磁片見證])不適合用于延伸的叢集。The third option, Disk witness, is not suitable for use in stretched clusters.

使用 Windows PowerShell 建立雲端見證Create a cloud witness using Windows PowerShell

或者,您可以使用 PowerShell 建立叢集的見證實例。Alternatively, you can create a witness instance for your cluster using PowerShell.

使用下列 Cmdlet 來建立 Azure 雲端見證。Use the following cmdlet to create an Azure cloud witness. 如先前所述,輸入 Azure 儲存體帳戶名稱和存取金鑰資訊:Enter the Azure storage account name and access key information as described previously:

Set-ClusterQuorum –Cluster "Cluster1" -CloudWitness -AccountName "AzureStorageAccountName" -AccessKey "AzureStorageAccountAccessKey"

使用下列 Cmdlet 來建立檔案共用見證。Use the following cmdlet to create a file share witness. 輸入檔案伺服器共用的路徑:Enter the path to the file server share:

Set-ClusterQuorum -FileShareWitness "\\fileserver\share" -Credential (Get-Credential)

下一步Next steps