驗證 Azure Stack Hub 系統狀態Validate Azure Stack Hub system state

身為 Azure Stack Hub 操作員,能夠依需求判斷系統的健康情況和狀態非常重要。As an Azure Stack Hub operator, being able to determine the health and status of your system on demand is essential. Azure Stack Hub 驗證工具 (Test-AzureStack) 是一個 PowerShell Cmdlet,可讓您在系統上執行一系列的測試來找出故障 (如果有的話)。The Azure Stack Hub validation tool (Test-AzureStack) is a PowerShell cmdlet that lets you run a series of tests on your system to identify failures if present. 當您連絡 Microsoft 客戶服務支援 (Microsoft 支援服務) 解決問題時,通常會要求您透過特殊權限端點 (PEP) 來執行此工具。You'll typically be asked to run this tool through the privileged end point (PEP) when you contact Microsoft Customer Services Support (Microsoft Support) with an issue. 利用現有的全系統健康情況和狀態資訊,Microsoft 支援服務可以收集和分析詳細的記錄,專注於錯誤發生的區域,並與您一起解決問題。With the system-wide health and status information at hand, Microsoft Support can collect and analyze detailed logs, focus on the area where the error occurred, and work with you to fix the issue.

執行驗證工具並存取結果Running the validation tool and accessing results

如上所述,驗證工具是透過 PEP 執行。As stated above, the validation tool is run via the PEP. 每項測試會在 PowerShell 視窗中傳回 PASS/FAIL (通過/失敗) 狀態。Each test returns a PASS/FAIL status in the PowerShell window. 以下是端對端驗證測試流程的大綱:Here's an outline of the end-to-end validation testing process:

  1. 建立信任關係。Establish the trust. 在整合的系統中,從提升權限的 Windows PowerShell 工作階段執行下列命令,將 PEP 新增為在硬體生命週期主機或特殊權限存取工作站上執行的強化 VM 的受信任主機。On an integrated system, run the following command from an elevated Windows PowerShell session to add the PEP as a trusted host on the hardened VM running on the hardware lifecycle host or the Privileged Access Workstation.

    winrm s winrm/config/client '@{TrustedHosts="<IP Address of Privileged Endpoint>"}'
    

    如果您是執行 Azure Stack 開發套件 (ASDK),請登入開發套件主機。If you're running the Azure Stack Development Kit (ASDK), sign in to the development kit host.

  2. 存取 PEP。Access the PEP. 執行下列命令來建立 PEP 工作階段:Run the following commands to establish a PEP session:

    Enter-PSSession -ComputerName "<ERCS VM-name/IP address>" -ConfigurationName PrivilegedEndpoint -Credential $localcred 
    

    提示

    若要存取 Azure Stack 開發套件 (ASDK) 主機電腦上的 PEP,請使用 AzS-ERCS01 for -ComputerName。To access the PEP on an Azure Stack Development Kit (ASDK) host computer, use AzS-ERCS01 for -ComputerName.

  3. 當您在 PEP 中,請執行:Once you're in the PEP, run:

    Test-AzureStack
    

    如需詳細資訊,請參閱參數考量使用案例範例For more information, see Parameter considerations and Use case examples.

  4. 如果任何測試報告 FAIL (失敗),請執行 Get-AzureStackLogIf any tests report FAIL, run Get-AzureStackLog. 如需整合系統的指示,請參閱在 Azure Stack Hub 整合系統上執行 Get-AzureStackLogFor instructions on an integrated system, see how to run Get-AzureStackLog on Azure Stack Hub integrated systems.

    此 Cmdlet 會收集 Test-AzureStack 所產生的記錄。The cmdlet gathers logs generated by Test-AzureStack. 如果測試回報 [警告],我們建議您不要收集記錄,而是連絡 Microsoft 支援服務。We recommend you don't collect logs and contact Microsoft Support instead if tests report WARN.

  5. 如果您已透過 Microsoft 支援服務指示來執行驗證工具,Microsoft 支援服務代表會要求您提供收集的記錄,以繼續對問題進行疑難排解。If you're instructed to run the validation tool by the Microsoft Support, the Microsoft Support representative will request the logs you collected to continue troubleshooting your issue.

測試可供使用Tests available

驗證工具可讓您執行一系列系統層級的測試和基本雲端案例,使您能夠深入了解目前狀態,並讓您修正系統中的問題。The validation tool lets you run a series of system-level tests and basic cloud scenarios that provide you with insight to the current state, allowing you to fix issues in your system.

雲端基礎結構測試Cloud infrastructure tests

這些影響不大的測試適用於基礎結構層級,並為您提供有關各種系統元件和函式的相關資訊。These low impact tests work on an infrastructure level and provide you with information on various system components and functions. 目前,測試分組為以下類別:Currently, tests are grouped into the following categories:

測試分類Test Category -Include 和 -Ignore 的引數Argument for -Include and -Ignore
Azure Stack Hub ACS 摘要Azure Stack Hub ACS Summary AzsAcsSummaryAzsAcsSummary
Azure Stack Hub Active Directory 摘要Azure Stack Hub Active Directory Summary AzsAdSummaryAzsAdSummary
Azure Stack Hub 警示摘要Azure Stack Hub Alert Summary AzsAlertSummaryAzsAlertSummary
Azure Stack Hub 應用程式損毀摘要Azure Stack Hub Application Crash Summary AzsApplicationCrashSummaryAzsApplicationCrashSummary
Azure Stack Hub 備份共用的可及性摘要Azure Stack Hub Backup Share Accessibility Summary AzsBackupShareAccessibilityAzsBackupShareAccessibility
Azure Stack Hub BMC 摘要Azure Stack Hub BMC Summary AzsStampBMCSummaryAzsStampBMCSummary
Azure Stack Hub 雲端裝載基礎結構摘要Azure Stack Hub Cloud Hosting Infrastructure Summary AzsHostingInfraSummaryAzsHostingInfraSummary
Azure Stack Hub 雲端裝載基礎結構使用率Azure Stack Hub Cloud Hosting Infrastructure Utilization AzsHostingInfraUtilizationAzsHostingInfraUtilization
Azure Stack Hub 控制平面摘要Azure Stack Hub Control Plane Summary AzsControlPlaneAzsControlPlane
Azure Stack Hub Defender 摘要Azure Stack Hub Defender Summary AzsDefenderSummaryAzsDefenderSummary
Azure Stack Hub 裝載基礎結構韌體摘要Azure Stack Hub Hosting Infrastructure Firmware Summary AzsHostingInfraFWSummaryAzsHostingInfraFWSummary
Azure Stack Hub 基礎結構容量Azure Stack Hub Infrastructure Capacity AzsInfraCapacityAzsInfraCapacity
Azure Stack Hub 基礎結構效能Azure Stack Hub Infrastructure Performance AzsInfraPerformanceAzsInfraPerformance
Azure Stack Hub 基礎結構角色摘要Azure Stack Hub Infrastructure Role Summary AzsInfraRoleSummaryAzsInfraRoleSummary
Azure Stack Hub 網路基礎結構Azure Stack Hub Network Infra AzsNetworkInfraAzsNetworkInfra
Azure Stack Hub 入口網站和 API 摘要Azure Stack Hub Portal and API Summary AzsPortalAPISummaryAzsPortalAPISummary
Azure Stack Hub 縮放單位 VM 事件Azure Stack Hub Scale Unit VM Events AzsScaleUnitEventsAzsScaleUnitEvents
Azure Stack Hub 縮放單位 VM 資源Azure Stack Hub Scale Unit VM Resources AzsScaleUnitResourcesAzsScaleUnitResources
Azure Stack Hub 案例Azure Stack Hub Scenarios AzsScenariosAzsScenarios
Azure Stack Hub SDN 驗證摘要Azure Stack Hub SDN Validation Summary AzsSDNValidationAzsSDNValidation
Azure Stack Hub Service Fabric 角色摘要Azure Stack Hub Service Fabric Role Summary AzsSFRoleSummaryAzsSFRoleSummary
Azure Stack Hub 儲存體資料平面Azure Stack Hub Storage Data Plane AzsStorageDataPlaneAzsStorageDataPlane
Azure Stack Hub 儲存體服務摘要Azure Stack Hub Storage Services Summary AzsStorageSvcsSummaryAzsStorageSvcsSummary
Azure Stack Hub SQL 存放區摘要Azure Stack Hub SQL Store Summary AzsStoreSummaryAzsStoreSummary
Azure Stack Hub 更新摘要Azure Stack Hub Update Summary AzsInfraUpdateSummaryAzsInfraUpdateSummary
Azure Stack Hub VM 放置摘要Azure Stack Hub VM Placement Summary AzsVmPlacementAzsVmPlacement

雲端案例測試Cloud scenario tests

除了上述基礎結構測試之外,您還可以執行雲端案例測試,以檢查基礎結構元件之間的功能。In addition to the infrastructure tests above, you can also run cloud scenario tests to check functionality across infrastructure components. 因為這些測試涉及資源部署,所以需要雲端系統管理員認證才能執行這些測試。Cloud admin credentials are required to run these tests because they involve resource deployment.

注意

您目前無法使用 Active Directory 同盟服務 (AD FS) 認證執行雲端案例測試。Currently you can't run cloud scenario tests using Active Directory Federated Services (AD FS) credentials.

下列雲端案例都經過驗證工具測試:The following cloud scenarios are tested by the validation tool:

  • 資源群組建立Resource group creation
  • 方案建立Plan creation
  • 供應項目建立Offer creation
  • 儲存體帳戶建立Storage account creation
  • 虛擬機器建立 (VM)Virtual machine creation (VM)
  • Blob 儲存體作業Blob storage operation
  • 佇列儲存體作業Queue storage operation
  • 資料表儲存體作業Table storage operation

參數考量Parameter considerations

  • List 參數可用來顯示所有可用的測試類別。The parameter List can be used to display all available test categories.

  • IncludeIgnore 參數可用來包含或排除測試分類。The parameters Include and Ignore can be used to include or exclude test categories. 如需關於些引數的詳細資訊,請參閱下一節。For more information about these arguments, see the following section.

    Test-AzureStack -Include AzsSFRoleSummary, AzsInfraCapacity
    
    Test-AzureStack -Ignore AzsInfraPerformance
    
  • 租用戶 VM 會隨著雲端案例測試而部署。A tenant VM is deployed as part of the cloud scenario tests. 您可以使用 DoNotDeployTenantVm 來停用此 VM 部署。You can use DoNotDeployTenantVm to disable this VM deployment.

  • 您必須提供 ServiceAdminCredential 參數來執行雲端案例測試,如 使用案例範例一節中所述。You need to supply the ServiceAdminCredential parameter to run cloud scenario tests as described in the Use case examples section.

  • 在測試基礎結構備份設定時,使用了 BackupSharePathBackupShareCredential,如 使用案例範例一節中所示。BackupSharePath and BackupShareCredential are used when testing infrastructure backup settings as shown in the Use case examples section.

  • DetailedResults 可用來取得每個測試及整體執行的成功/失敗/警告資訊。DetailedResults can be used to get pass/fail/warning information for each test, as well as the overall run. 未指定時,如果沒有任何失敗,Test-AzureStack 會傳回 $true,如果發生失敗,則傳回 $falseWhen not specified, Test-AzureStack returns $true if there are no failures, and $false if there are failures.

  • TimeoutSeconds 可用來設定完成每個群組的特定時間。TimeoutSeconds can be used to set a specific time for each group to complete.

  • 驗證工具也支援一般 PowerShell 參數:Verbose、Debug、ErrorAction、ErrorVariable、WarningAction、WarningVariable、OutBuffer、PipelineVariable 和 OutVariable。The validation tool also supports common PowerShell parameters: Verbose, Debug, ErrorAction, ErrorVariable, WarningAction, WarningVariable, OutBuffer, PipelineVariable, and OutVariable. 如需詳細資訊,請參閱關於一般參數For more information, see About Common Parameters.

使用案例範例Use case examples

執行沒有雲端案例的驗證Run validation without cloud scenarios

執行沒有 ServiceAdminCredential 參數的驗證工具,以略過執行雲端案例測試:Run the validation tool without the ServiceAdminCredential parameter to skip running cloud scenario tests:

New-PSSession -ComputerName "<ERCS VM-name/IP address>" -ConfigurationName PrivilegedEndpoint -Credential $localcred
Test-AzureStack

執行具有雲端案例的驗證Run validation with cloud scenarios

依預設提供具有 ServiceAdminCredentials 參數的驗證工具,以執行雲端案例測試:Supplying the validation tool with the ServiceAdminCredentials parameter runs the cloud scenario tests by default:

Enter-PSSession -ComputerName "<ERCS VM-name/IP address>" -ConfigurationName PrivilegedEndpoint -Credential $localcred 
Test-AzureStack -ServiceAdminCredential "<Cloud administrator user name>" 

如果您希望僅執行雲端案例而不執行其餘測試,則可以使用 Include 參數來執行這項操作:If you wish to run ONLY cloud scenarios without running the rest of the tests, you can use the Include parameter to do so:

Enter-PSSession -ComputerName "<ERCS VM-name/IP address>" -ConfigurationName PrivilegedEndpoint -Credential $localcred 
Test-AzureStack -ServiceAdminCredential "<Cloud administrator user name>" -Include AzsScenarios   

以 UPN 格式輸入雲端系統管理員的使用者名稱:serviceadmin@contoso.onmicrosoft.com (Azure AD)。The cloud admin user name must be typed in the UPN format: serviceadmin@contoso.onmicrosoft.com (Azure AD). 出現提示時,輸入雲端管理員帳戶的密碼。When prompted, type the password to the cloud admin account.

群組Groups

為改善操作員的體驗,我們已啟用可同時執行多個測試分類的 Group 參數。To improve the operator experience, a Group parameter has been enabled to run multiple test categories at the same time. 目前有 3 個已定義的群組:DefaultUpdateReadinessSecretRotationReadinessCurrently, there are three groups defined: Default, UpdateReadiness, and SecretRotationReadiness.

  • 預設值:我們將其視為 Test-AzureStack 的標準執行。Default: Considered to be a standard run of Test-AzureStack. 如果未選取任何其他群組,則會預設執行此群組。This group is run by default if no other groups are selected.

  • UpdateReadiness:查看是否可以更新 Azure Stack Hub 執行個體。UpdateReadiness: A check to see if the Azure Stack Hub instance can be updated. 執行 UpdateReadiness 群組時,主控台輸出中的警告會顯示為錯誤,而且應被視為更新的阻礙。When the UpdateReadiness group is run, warnings are displayed as errors in the console output, and they should be considered as blockers for the update. 自 Azure Stack Hub 1910 版開始,下列類別屬於 UpdateReadiness 群組:As of Azure Stack Hub Version 1910 the following categories are part of the UpdateReadiness group:

    • AzsInfraFileValidationAzsInfraFileValidation
    • AzsActionPlanStatusAzsActionPlanStatus
    • AzsStampBMCSummaryAzsStampBMCSummary
  • SecretRotationReadiness:查看 Azure Stack Hub 執行個體是否處在可執行祕密輪替的狀態。SecretRotationReadiness: A check to see if the Azure Stack Hub instance is in a state in which secret rotation can be run. 執行 SecretRotationReadiness 群組時,主控台輸出中的警告會顯示為錯誤,而且應被視為祕密輪替的阻礙。When the SecretRotationReadiness group is run, warnings are displayed as errors in the console output and they should be considered as blockers for secret rotation. 下列是屬於 SecretRotationReadiness 群組的類別:The following categories are part of the SecretRotationReadiness Group:

    • AzsAcsSummaryAzsAcsSummary
    • AzsDefenderSummaryAzsDefenderSummary
    • AzsHostingInfraSummaryAzsHostingInfraSummary
    • AzsInfraCapacityAzsInfraCapacity
    • AzsInfraRoleSummaryAzsInfraRoleSummary
    • AzsPortalAPISummaryAzsPortalAPISummary
    • AzsSFRoleSummaryAzsSFRoleSummary
    • AzsStorageSvcsSummaryAzsStorageSvcsSummary
    • AzsStoreSummaryAzsStoreSummary

群組參數範例Group parameter example

下列範例會在使用 Group 安裝更新或 Hotfix 之前,執行 Test-AzureStack 來測試系統的整備狀態。The following example runs Test-AzureStack to test system readiness before installing an update or hotfix using Group. 在開始安裝更新或 Hotfix 之前,執行 Test-AzureStack 來檢查您的 Azure Stack Hub 狀態:Before you start the installation of an update or hotfix, run Test-AzureStack to check the status of your Azure Stack Hub:

Test-AzureStack -Group UpdateReadiness

如果您的 Azure Stack Hub 執行早於 1811 的版本,應使用下列 PowerShell 命令來執行 Test-AzureStackIf your Azure Stack Hub is running a version before 1811, use the following PowerShell commands to run Test-AzureStack:

New-PSSession -ComputerName "<ERCS VM-name/IP address>" -ConfigurationName PrivilegedEndpoint -Credential $localcred 
Test-AzureStack -Include AzsControlPlane, AzsDefenderSummary, AzsHostingInfraSummary, AzsHostingInfraUtilization, AzsInfraCapacity, AzsInfraRoleSummary, AzsPortalAPISummary, AzsSFRoleSummary, AzsStampBMCSummary

執行驗證工具以測試基礎結構備份設定Run validation tool to test infrastructure backup settings

設定基礎結構備份 之前,您可以使用 AzsBackupShareAccessibility 測試來測試備份共用路徑和認證:Before configuring infrastructure backup, you can test the backup share path and credential using the AzsBackupShareAccessibility test:

Enter-PSSession -ComputerName "<ERCS VM-name/IP address>" -ConfigurationName PrivilegedEndpoint -Credential $localcred 
Test-AzureStack -Include AzsBackupShareAccessibility -BackupSharePath "\\<fileserver>\<fileshare>" -BackupShareCredential $using:backupcred

設定好備份 之後,您可以執行 AzsBackupShareAccessibility 以驗證是否可以從 ERCS 存取共用:After configuring backup, you can run AzsBackupShareAccessibility to validate the share is accessible from the ERCS:

Enter-PSSession -ComputerName "<ERCS VM-name/IP address>" -ConfigurationName PrivilegedEndpoint -Credential $localcred 
Test-AzureStack -Include AzsBackupShareAccessibility

若要對設定的備份共用測試新認證,請執行:To test new credentials with the configured backup share, run:

Enter-PSSession -ComputerName "<ERCS VM-name/IP address>" -ConfigurationName PrivilegedEndpoint -Credential $localcred 
Test-AzureStack -Include AzsBackupShareAccessibility -BackupShareCredential "<PSCredential for backup share>"

執行驗證工具來測試網路基礎結構Run validation tool to test network infrastructure

此測試會略過 Azure Stack Hub 軟體所定義的網路 (SDN),藉此確認網路基礎結構的連線能力。This test checks the connectivity of the network infrastructure bypassing the Azure Stack Hub software defined network (SDN). 其會示範從公用 VIP 對所設定 DNS 轉寄站、NTP 伺服器和驗證端點的連線。It demonstrates connectivity from a Public VIP to the configured DNS forwarders, NTP servers, and authentication endpoints. 這包括使用 Azure AD 作為識別提供者時的 Azure 連線能力,或是使用 ADFS 作為識別提供者時的同盟伺服器連線能力。This includes connectivity to Azure when using Azure AD as identity provider or the federated server when using AD FS as identity provider.

請納入偵錯參數以取得命令的詳細輸出:Include the debug parameter to get a detailed output of the command:

Test-AzureStack -Include AzsNetworkInfra -Debug

後續步驟Next steps

若要深入了解 Azure Stack Hub 診斷工具和問題記錄的詳細資訊,請參閱 Azure Stack Hub 診斷工具To learn more about Azure Stack Hub diagnostics tools and issue logging, see Azure Stack Hub diagnostics tools.

若要深入了解疑難排解,請參閱 Microsoft Azure Stack Hub 疑難排解To learn more about troubleshooting, see Microsoft Azure Stack Hub troubleshooting.