使用 Windows PowerShell 部署网络控制器Deploy Network Controller using Windows PowerShell

适用于 Azure Stack HCI 版本 20H2;Windows Server 2019Applies to Azure Stack HCI version 20H2; Windows Server 2019

本主题说明了如何使用 Windows PowerShell 在一个或多个在 Azure Stack HCI 群集上运行的虚拟机 (VM) 上部署网络控制器功能。This topic provides instructions on using Windows PowerShell to deploy Network Controller feature on one or more virtual machines (VMs) that are running on an Azure Stack HCI cluster. 网络控制器是软件定义的网络 (SDN) 的组件。Network Controller is a component of Software Defined Networking (SDN).

还可以使用 Windows Admin Center 中的“创建群集”向导部署网络控制器。You can also deploy Network Controller using the Create Cluster wizard in Windows Admin Center. 有关详细信息,请参阅使用 Windows Admin Center 创建 Azure Stack HCI 群集For more information, see Create an Azure Stack HCI cluster using Windows Admin Center.

备注

SDN 不受支持或不可用于拉伸群集。SDN is not supported or available for stretched clusters.

使用 Windows PowerShellUsing Windows PowerShell

可以在主机服务器上的远程桌面 (RDP) 会话中本地运行 PowerShell,也可以从管理计算机远程运行 PowerShell。You can either run PowerShell locally in a Remote Desktop (RDP) session on a host server, or you can run PowerShell remotely from a management computer.

从某一管理计算机运行 PowerShell 时,请将 -Name-Cluster 参数与所管理的服务器或群集的名称配合使用。When running PowerShell from a management computer, include the -Name or -Cluster parameter with the name of the server or cluster you are managing. 此外,在将 -ComputerName 参数用于服务器时,可能需要指定完全限定的域名 (FQDN)。In addition, you may need to specify the fully qualified domain name (FQDN) when using the -ComputerName parameter for a server.

还将需要用于 Hyper-V 和故障转移群集的远程服务器管理工​​具 (RSAT) cmdlet 和 PowerShell 模块。You will also need the Remote Server Administration Tools (RSAT) cmdlets and PowerShell modules for Hyper-V and Failover Clustering. 如果管理计算机上的 PowerShell 会话中尚未提供这些项,则可以使用以下命令添加它们:Add-WindowsFeature RSAT-Clustering-PowerShellIf these aren't already available in your PowerShell session on your management computer, you can add them using the following command: Add-WindowsFeature RSAT-Clustering-PowerShell.

安装网络控制器服务器角色Install the Network Controller server role

使用此过程可在虚拟机 (VM) 上安装网络控制器服务器角色。Use this procedure to install the Network Controller server role on a virtual machine (VM).

重要

不要将网络控制器服务器角色部署在物理主机上。Do not deploy the Network Controller server role on physical hosts. 若要部署网络控制器,必须在安装在 Hyper-V 主机上的 Hyper-V VM 上安装网络控制器服务器角色。To deploy Network Controller, you must install the Network Controller server role on a Hyper-V VM that is installed on a Hyper-V host. 在三个不同 Hyper-V 主机中的 VM 上安装网络控制器之后,必须通过将主机添加到网络控制器,为软件定义的网络 (SDN) 启用 Hyper-V 主机。After you have installed Network Controller on VMs on three different Hyper-V hosts, you must enable the Hyper-V hosts for Software Defined Networking (SDN) by adding the hosts to Network Controller. 这样做会使 SDN 软件负载均衡器可正常工作。By doing so, you are enabling the SDN Software Load Balancer to function.

执行此过程需要管理员组中的成员身份或等效身份。Membership in the Administrators group, or equivalent, is required to perform this procedure.

备注

如果要使用服务器管理器而不是 Windows PowerShell 来安装网络控制器,请参阅使用服务器管理器安装网络控制器服务器角色If you want to use Server Manager instead of Windows PowerShell to install Network Controller, see Install the Network Controller server role using Server Manager

若要安装网络控制器,请键入以下命令:To install Network Controller, type the following commands:

Install-WindowsFeature -Name NetworkController -IncludeManagementTools

安装网络控制器需要重新启动计算机。Installation of Network Controller requires that you restart the computer. 若要执行此操作,请键入以下命令:To do so, type the following command:

Restart-Computer

配置网络控制器群集Configure the Network Controller cluster

网络控制器群集可为网络控制器应用程序提供高可用性和可伸缩性(可以在创建群集之后配置该应用程序,并在群集上托管它)。The Network Controller cluster provides high availability and scalability to the Network Controller application, which you can configure after creating the cluster, and which is hosted on top of the cluster.

备注

可以直接在安装了网络控制器的 VM 上执行以下部分中的过程,也可以从运行 Windows Admin Center 的远程计算机执行这些过程。You can perform the procedures in the following sections either directly on the VM where you installed Network Controller, or you can perform the procedures from a remote computer that is running Windows Admin Center. 此外,执行此过程需要管理员组中的成员身份或等效身份。In addition, membership in the Administrators group, or equivalent, is required to perform this procedure. 如果安装了网络控制器的计算机或 VM 已加入域,则用户帐户必须是域用户组的成员。If the computer or VM upon which you installed Network Controller is joined to a domain, your user account must be a member of the Domain Users group.

可以通过创建节点对象,然后配置群集来创建网络控制器群集。You can create a Network Controller cluster by creating a node object and then configuring the cluster.

创建节点对象Create a node object

需要为作为网络控制器群集成员的每个 VM 创建一个节点对象。You need to create a node object for each VM that is a member of the Network Controller cluster.

若要创建节点对象,请键入以下命令。To create a node object, type the following command. 确保为每个参数使用适用于部署的值。Ensure that you use values for each parameter that are appropriate for your deployment.

New-NetworkControllerNodeObject -Name <string> -Server "ServerName" -FaultDomain "SiteName" -RestInterface "Name" [-NodeCertificate <X509Certificate2>]

下表提供 New-NetworkControllerNodeObject 命令的每个参数的说明。The following table provides descriptions for each parameter of the New-NetworkControllerNodeObject command.

参数Parameter 说明Description
名称Name Name 参数指定要添加到群集的服务器的友好名称The Name parameter specifies the friendly name of the server that you want to add to the cluster
服务器Server Server 参数指定要添加到群集的服务器的主机名、完全限定的域名 (FQDN) 或 IP 地址。The Server parameter specifies the host name, Fully Qualified Domain Name (FQDN), or IP address of the server that you want to add to the cluster. 对于已加入域的计算机,需要 FQDN。For domain-joined computers, FQDN is required.
FaultDomainFaultDomain FaultDomain 参数指定要添加到群集的服务器的容错域。The FaultDomain parameter specifies the failure domain for the server that you are adding to the cluster. 此参数定义可能与要添加到群集的服务器同时遇到故障的服务器。This parameter defines the servers that might experience failure at the same time as the server that you are adding to the cluster. 此故障可能是由于共享物理依赖项(如电源和网络源)所导致。This failure might be due to shared physical dependencies such as power and networking sources. 容错域通常表示与这些共享依赖项相关的层次结构,更多服务器可能会从容错域树中的更高点一起发生故障。Fault domains typically represent hierarchies that are related to these shared dependencies, with more servers likely to fail together from a higher point in the fault domain tree. 在运行时期间,网络控制器会考虑群集中的容错域,并尝试分散网络控制器服务以便它们处于单独的容错域中。During runtime, Network Controller considers the fault domains in the cluster and attempts to spread out the Network Controller services so that they are in separate fault domains. 在任何一个容错域发生故障时,此过程有助于确保该服务及其状态的可用性不遭到破坏。This process helps ensure, in case of failure of any one fault domain, that the availability of that service and its state is not compromised. 容错域以分层格式指定。Fault domains are specified in a hierarchical format. 例如:“Fd:/DC1/Rack1/Host1”,其中 DC1 是数据中心名称,Rack1 是机架名称,Host1 是放置节点的主机的名称。For example: "Fd:/DC1/Rack1/Host1", where DC1 is the datacenter name, Rack1 is the rack name and Host1 is the name of the host where the node is placed.
RestInterfaceRestInterface RestInterface 参数指定表述性状态转移 (REST) 通信终止的节点上接口的名称。The RestInterface parameter specifies the name of the interface on the node where the Representational State Transfer (REST) communication is terminated. 此网络控制器接口从网络的管理层接收 Northbound API 请求。This Network Controller interface receives Northbound API requests from the network's management layer.
NodeCertificateNodeCertificate NodeCertificate 参数指定网络控制器用于计算机身份验证的证书。The NodeCertificate parameter specifies the certificate that Network Controller uses for computer authentication. 如果使用基于证书的身份验证在群集内进行通信,则需要证书;证书还用于加密网络控制器服务之间的流量。The certificate is required if you use certificate-based authentication for communication within the cluster; the certificate is also used for encryption of traffic between Network Controller services. 证书使用者名称必须与节点的 DNS 名称相同。The certificate subject name must be same as the DNS name of the node.

配置群集Configure the cluster

若要配置群集,请键入以下命令。To configure the cluster, type the following command. 确保为每个参数使用适用于部署的值。Ensure that you use values for each parameter that are appropriate for your deployment.

Install-NetworkControllerCluster -Node "NetworkControllerNodeName" -ClusterAuthentication "ClusterAuthenticationType" [-ManagementSecurityGroup <string>][-DiagnosticLogLocation <string>][-LogLocationCredential <PSCredential>] [-CredentialEncryptionCertificate <X509Certificate2>][-Credential <PSCredential>][-CertificateThumbprint <String>] [-UseSSL][-ComputerName <string>][-LogSizeLimitInMBs<UInt32>] [-LogTimeLimitInDays<UInt32>]

下表提供 Install-NetworkControllerCluster 命令的每个参数的说明。The following table provides descriptions for each parameter of the Install-NetworkControllerCluster command.

参数Parameter 说明Description
ClusterAuthenticationClusterAuthentication ClusterAuthentication 参数指定用于保护节点之间的通信,还用于加密网络控制器服务之间的流量的身份验证类型。The ClusterAuthentication parameter specifies the authentication type that is used for securing the communication between nodes and is also used for encryption of traffic between Network Controller services. 支持的值为 Kerberos、X509 和 None 。The supported values are Kerberos, X509 and None. Kerberos 身份验证使用域帐户,仅当网络控制器节点已加入域时才能使用。Kerberos authentication uses domain accounts and can only be used if the Network Controller nodes are domain joined. 如果指定基于 X509 的身份验证,则必须在 NetworkControllerNode 对象中提供证书。If you specify X509-based authentication, you must provide a certificate in the NetworkControllerNode object. 此外,必须在运行此命令之前手动预配证书。In addition, you must manually provision the certificate before you run this command.
ManagementSecurityGroupManagementSecurityGroup ManagementSecurityGroup 参数指定包含允许从远程计算机运行管理 cmdlet 的用户的安全组名称。The ManagementSecurityGroup parameter specifies the name of the security group that contains users that are allowed to run the management cmdlets from a remote computer. 这仅在 ClusterAuthentication 为 Kerberos 时才适用。This is only applicable if ClusterAuthentication is Kerberos. 必须指定域安全组,而不是本地计算机上的安全组。You must specify a domain security group and not a security group on the local computer.
节点Node Node 参数指定使用 New-NetworkControllerNodeObject 命令创建的网络控制器节点的列表 。The Node parameter specifies the list of Network Controller nodes that you created by using the New-NetworkControllerNodeObject command.
DiagnosticLogLocationDiagnosticLogLocation DiagnosticLogLocation 参数指定用于定期上传诊断日志的共享位置。The DiagnosticLogLocation parameter specifies the share location where the diagnostic logs are periodically uploaded. 如果未指定此参数的值,则日志会在每个节点上本地存储。If you do not specify a value for this parameter, the logs are stored locally on each node. 日志以本地方式存储在 %systemdrive%\Windows\tracing\SDNDiagnostics 文件夹中。Logs are stored locally in the folder %systemdrive%\Windows\tracing\SDNDiagnostics. 群集日志以本地方式存储在 %systemdrive%\ProgramData\Microsoft\Service Fabric\log\Traces 文件夹中。Cluster logs are stored locally in the folder %systemdrive%\ProgramData\Microsoft\Service Fabric\log\Traces.
LogLocationCredentialLogLocationCredential LogLocationCredential 参数指定访问用于存储日志的共享位置所需的凭据。The LogLocationCredential parameter specifies the credentials that are required for accessing the share location where the logs are stored.
CredentialEncryptionCertificateCredentialEncryptionCertificate CredentialEncryptionCertificate 参数指定一个证书,网络控制器使用该证书对用于访问网络控制器二进制文件和 LogLocationCredential(如果指定)的凭据进行加密。The CredentialEncryptionCertificate parameter specifies the certificate that Network Controller uses to encrypt the credentials that are used to access Network Controller binaries and the LogLocationCredential, if specified. 必须在运行此命令之前在所有网络控制器节点上预配证书,并且必须在所有群集节点上注册相同证书。The certificate must be provisioned on all of the Network Controller nodes before you run this command, and the same certificate must be enrolled on all of the cluster nodes. 在生产环境中,建议使用此参数保护网络控制器二进制文件和日志。Using this parameter to protect Network Controller binaries and logs is recommended in production environments. 如果不使用此参数,凭据会以明文形式存储,可能由任何未经授权的用户滥用。Without this parameter, the credentials are stored in clear text and can be misused by any unauthorized user.
凭据Credential 仅当从远程计算机运行此命令时,此参数才是必需的。This parameter is required only if you are running this command from a remote computer. Credential 参数指定有权在目标计算机上运行此命令的用户帐户。The Credential parameter specifies a user account that has permission to run this command on the target computer.
CertificateThumbprintCertificateThumbprint 仅当从远程计算机运行此命令时,此参数才是必需的。This parameter is required only if you are running this command from a remote computer. CertificateThumbprint 参数指定有权在目标计算机上运行此命令的用户帐户的数字公钥证书 (X509)。The CertificateThumbprint parameter specifies the digital public key certificate (X509) of a user account that has permission to run this command on the target computer.
UseSSLUseSSL 仅当从远程计算机运行此命令时,此参数才是必需的。This parameter is required only if you are running this command from a remote computer. UseSSL 参数指定用于建立与远程计算机的连接的安全套接字层 (SSL) 协议。The UseSSL parameter specifies the Secure Sockets Layer (SSL) protocol that is used to establish a connection to the remote computer. 默认情况下,不使用 SSL。By default, SSL is not used.
计算机名ComputerName ComputerName 参数指定在其上运行此命令的网络控制器节点。The ComputerName parameter specifies the Network Controller node on which this command is run. 如果未指定此参数的值,则默认情况下使用本地计算机。If you do not specify a value for this parameter, the local computer is used by default.
LogSizeLimitInMBsLogSizeLimitInMBs 此参数指定网络控制器可以存储的最大日志大小(以 MB 为单位)。This parameter specifies the maximum log size, in MB, that Network Controller can store. 日志以循环方式存储。Logs are stored in circular fashion. 如果提供了 DiagnosticLogLocation,则此参数的默认值为 40 GB。If DiagnosticLogLocation is provided, the default value of this parameter is 40 GB. 如果未提供 DiagnosticLogLocation,则日志存储在网络控制器节点上,此参数的默认值为 15 GB。If DiagnosticLogLocation is not provided, the logs are stored on the Network Controller nodes and the default value of this parameter is 15 GB.
LogTimeLimitInDaysLogTimeLimitInDays 此参数指定存储日志的持续时间限制(以天为单位)。This parameter specifies the duration limit, in days, for which the logs are stored. 日志以循环方式存储。Logs are stored in circular fashion. 此参数的默认值为 3 天。The default value of this parameter is 3 days.

配置网络控制器应用程序Configure the Network Controller application

若要配置网络控制器应用程序,请键入以下命令。To configure the Network Controller application, type the following command. 确保为每个参数使用适用于部署的值。Ensure that you use values for each parameter that are appropriate for your deployment.

Install-NetworkController -Node <NetworkControllerNode[]> -ClientAuthentication <ClientAuthentication>  [-ClientCertificateThumbprint <string[]>]  [-ClientSecurityGroup <string>] -ServerCertificate <X509Certificate2> [-RESTIPAddress <String>] [-RESTName <String>] [-Credential <PSCredential>][-CertificateThumbprint <String> ] [-UseSSL]

下表提供 Install-NetworkController 命令的每个参数的说明。The following table provides descriptions for each parameter of the Install-NetworkController command.

参数Parameter 说明Description
ClientAuthenticationClientAuthentication ClientAuthentication 参数指定用于保护 REST 与网络控制器之间的通信的身份验证类型。The ClientAuthentication parameter specifies the authentication type that is used for securing the communication between REST and Network Controller. 支持的值为 Kerberos、X509 和 None 。The supported values are Kerberos, X509 and None. Kerberos 身份验证使用域帐户,仅当网络控制器节点已加入域时才能使用。Kerberos authentication uses domain accounts and can only be used if the Network Controller nodes are domain joined. 如果指定基于 X509 的身份验证,则必须在 NetworkControllerNode 对象中提供证书。If you specify X509-based authentication, you must provide a certificate in the NetworkControllerNode object. 此外,必须在运行此命令之前手动预配证书。In addition, you must manually provision the certificate before you run this command.
节点Node Node 参数指定使用 New-NetworkControllerNodeObject 命令创建的网络控制器节点的列表 。The Node parameter specifies the list of Network Controller nodes that you created by using the New-NetworkControllerNodeObject command.
ClientCertificateThumbprintClientCertificateThumbprint 仅当为网络控制器客户端使用基于证书的身份验证时,此参数才是必需的。This parameter is required only when you are using certificate-based authentication for Network Controller clients. ClientCertificateThumbprint 参数指定注册到 Northbound 层上客户端的证书的指纹。The ClientCertificateThumbprint parameter specifies the thumbprint of the certificate that is enrolled to clients on the Northbound layer.
ServerCertificateServerCertificate ServerCertificate 参数指定网络控制器用于向客户端证明其身份的证书。The ServerCertificate parameter specifies the certificate that Network Controller uses to prove its identity to clients. 服务器证书必须在增强型密钥使用扩展中包括服务器身份验证用途,并且必须由客户端所信任的 CA 颁发给网络控制器。The server certificate must include the Server Authentication purpose in Enhanced Key Usage extensions, and must be issued to Network Controller by a CA that is trusted by clients.
RESTIPAddressRESTIPAddress 对于网络控制器的单节点部署,不需要为 RESTIPAddress 指定值。You do not need to specify a value for RESTIPAddress with a single node deployment of Network Controller. 对于多节点部署,RESTIPAddress 参数以 CIDR 表示法指定 REST 终结点的 IP 地址。For multiple-node deployments, the RESTIPAddress parameter specifies the IP address of the REST endpoint in CIDR notation. 例如 192.168.1.10/24。For example, 192.168.1.10/24. ServerCertificate 的使用者名称值必须解析为 RESTIPAddress 参数的值 。The Subject Name value of ServerCertificate must resolve to the value of the RESTIPAddress parameter. 当所有节点都处于同一子网中时,必须为所有多节点网络控制器部署指定此参数。This parameter must be specified for all multiple-node Network Controller deployments when all of the nodes are on the same subnet. 如果节点处于不同子网中,则必须使用 RestName 参数,而不是使用 RESTIPAddress 。If nodes are on different subnets, you must use the RestName parameter instead of using RESTIPAddress.
RestNameRestName 对于网络控制器的单节点部署,不需要为 RestName 指定值。You do not need to specify a value for RestName with a single node deployment of Network Controller. 仅当多节点部署的节点处于不同子网中时,才必须为 RestName 指定值。The only time you must specify a value for RestName is when multiple-node deployments have nodes that are on different subnets. 对于多节点部署,RestName 参数指定网络控制器群集的 FQDN。For multiple-node deployments, the RestName parameter specifies the FQDN for the Network Controller cluster.
ClientSecurityGroupClientSecurityGroup ClientSecurityGroup 参数指定其成员是网络控制器客户端的 Active Directory 安全组的名称。The ClientSecurityGroup parameter specifies the name of the Active Directory security group whose members are Network Controller clients. 仅当对 ClientAuthentication 使用 Kerberos 身份验证时,此参数才是必需的。This parameter is required only if you use Kerberos authentication for ClientAuthentication. 安全组必须包含从中访问 REST API 的帐户,你必须在运行此命令之前创建安全组并添加成员。The security group must contain the accounts from which the REST APIs are accessed, and you must create the security group and add members before running this command.
凭据Credential 仅当从远程计算机运行此命令时,此参数才是必需的。This parameter is required only if you are running this command from a remote computer. Credential 参数指定有权在目标计算机上运行此命令的用户帐户。The Credential parameter specifies a user account that has permission to run this command on the target computer.
CertificateThumbprintCertificateThumbprint 仅当从远程计算机运行此命令时,此参数才是必需的。This parameter is required only if you are running this command from a remote computer. CertificateThumbprint 参数指定有权在目标计算机上运行此命令的用户帐户的数字公钥证书 (X509)。The CertificateThumbprint parameter specifies the digital public key certificate (X509) of a user account that has permission to run this command on the target computer.
UseSSLUseSSL 仅当从远程计算机运行此命令时,此参数才是必需的。This parameter is required only if you are running this command from a remote computer. UseSSL 参数指定用于建立与远程计算机的连接的安全套接字层 (SSL) 协议。The UseSSL parameter specifies the Secure Sockets Layer (SSL) protocol that is used to establish a connection to the remote computer. 默认情况下,不使用 SSL。By default, SSL is not used.

完成网络控制器应用程序的配置之后,网络控制器部署已完成。After you complete the configuration of the Network Controller application, your deployment of Network Controller is complete.

网络控制器部署验证Network Controller deployment validation

若要验证网络控制器部署,可以将凭据添加到网络控制器,然后检索该凭据。To validate your Network Controller deployment, you can add a credential to the Network Controller and then retrieve the credential.

如果使用 Kerberos 作为 ClientAuthentication 类型,则需要创建的 ClientSecurityGroup 组中的成员身份才能执行此过程。If you are using Kerberos as the ClientAuthentication type, membership in the ClientSecurityGroup group that you created is required to perform this procedure.

  1. 在客户端计算机上,如果使用 Kerberos 作为 ClientAuthentication 类型,请使用作为 ClientSecurityGroup 组的成员的用户帐户登录。On a client computer, if you are using Kerberos as the ClientAuthentication type, log on with a user account that is a member of your ClientSecurityGroup group.

  2. 在 PowerShell 中,键入以下命令。In PowerShell, type the following commands. 确保为每个参数使用适用于部署的值。Ensure that you use values for each parameter that are appropriate for your deployment.

    $cred=New-Object Microsoft.Windows.Networkcontroller.credentialproperties
    $cred.type="usernamepassword"
    $cred.username="admin"
    $cred.value="abcd"
    
    New-NetworkControllerCredential -ConnectionUri "https://networkcontroller"-Properties $cred -ResourceId "cred1"
    
  3. 若要检索添加到网络控制器中的凭据,请键入以下命令。To retrieve the credential that you added to Network Controller, type the following command. 确保为每个参数使用适用于部署的值。Ensure that you use values for each parameter that are appropriate for your deployment.

    Get-NetworkControllerCredential -ConnectionUri https://networkcontroller -ResourceId cred1  
    
  4. 查看命令输出,它应类似于以下示例输出。Review the command output, which should be similar to the following example output.

    Tags                   :
    ResourceRef     : /credentials/cred1
    CreatedTime    : 1/1/0001 12:00:00 AM
    InstanceId        : e16ffe62-a701-4d31-915e-7234d4bc5a18
    Etag                  : W/"1ec59631-607f-4d3e-ac78-94b0822f3a9d"
    ResourceMetadata :
    ResourceId       : cred1
    Properties       : Microsoft.Windows.NetworkController.CredentialProperties
    

    备注

    运行 Get-NetworkControllerCredential 命令时,可以使用点运算符列出凭据的属性,从而将该命令的输出分配给变量。When you run the Get-NetworkControllerCredential command, you can assign the output of the command to a variable by using the dot operator to list the properties of the credentials. 例如:$cred.PropertiesFor example: $cred.Properties.

用于网络控制器的其他 PowerShell 命令Additional PowerShell commands for Network Controller

部署网络控制器之后,可以使用 PowerShell 命令管理和修改部署。After you deploy Network Controller, you can use PowerShell commands to manage and modify your deployment. 下面是一些可以对部署进行的更改。Following are some of the changes that you can make to your deployment.

  • 修改网络控制器节点、群集和应用程序设置Modify Network Controller node, cluster, and application settings

  • 删除网络控制器群集和应用程序Remove the Network Controller cluster and application

  • 管理网络控制器群集节点,包括添加、删除、启用和禁用节点。Manage Network Controller cluster nodes, including adding, removing, enabling, and disabling nodes.

下表提供了可用于完成这些任务的 PowerShell 命令的语法。The following table provides the syntax for PowerShell commands that you can use to accomplish these tasks.

任务Task 命令Command 语法Syntax
修改网络控制器群集设置Modify Network Controller cluster settings Set-NetworkControllerClusterSet-NetworkControllerCluster Set-NetworkControllerCluster [-ManagementSecurityGroup <string>][-Credential <PSCredential>] [-computerName <string>][-CertificateThumbprint <String> ] [-UseSSL]
修改网络控制器应用程序设置Modify Network Controller application settings Set-NetworkControllerSet-NetworkController Set-NetworkController [-ClientAuthentication <ClientAuthentication>] [-Credential <PSCredential>] [-ClientCertificateThumbprint <string[]>] [-ClientSecurityGroup <string>] [-ServerCertificate <X509Certificate2>] [-RestIPAddress <String>] [-ComputerName <String>][-CertificateThumbprint <String> ] [-UseSSL]
修改网络控制器节点设置Modify Network Controller node settings Set-NetworkControllerNodeSet-NetworkControllerNode Set-NetworkControllerNode -Name <string> > [-RestInterface <string>] [-NodeCertificate <X509Certificate2>] [-Credential <PSCredential>] [-ComputerName <string>][-CertificateThumbprint <String> ] [-UseSSL]
修改网络控制器诊断设置Modify Network Controller diagnostic settings Set-NetworkControllerDiagnosticSet-NetworkControllerDiagnostic Set-NetworkControllerDiagnostic [-LogScope <string>] [-DiagnosticLogLocation <string>] [-LogLocationCredential <PSCredential>] [-UseLocalLogLocation] >] [-LogLevel <loglevel>][-LogSizeLimitInMBs <uint32>] [-LogTimeLimitInDays <uint32>] [-Credential <PSCredential>] [-ComputerName <string>][-CertificateThumbprint <String> ] [-UseSSL]
删除网络控制器应用程序Remove the Network Controller application Uninstall-NetworkControllerUninstall-NetworkController Uninstall-NetworkController [-Credential <PSCredential>][-ComputerName <string>] [-CertificateThumbprint <String> ] [-UseSSL]
删除网络控制器群集Remove the Network Controller cluster Uninstall-NetworkControllerClusterUninstall-NetworkControllerCluster Uninstall-NetworkControllerCluster [-Credential <PSCredential>][-ComputerName <string>][-CertificateThumbprint <String> ] [-UseSSL]
向网络控制器群集添加节点Add a node to the Network Controller cluster Add-NetworkControllerNodeAdd-NetworkControllerNode Add-NetworkControllerNode -FaultDomain <String> -Name <String> -RestInterface <String> -Server <String> [-CertificateThumbprint <String> ] [-ComputerName <String> ] [-Credential <PSCredential> ] [-Force] [-NodeCertificate <X509Certificate2> ] [-PassThru] [-UseSsl]
禁用网络控制器群集节点Disable a Network Controller cluster node Disable-NetworkControllerNodeDisable-NetworkControllerNode Disable-NetworkControllerNode -Name <String> [-CertificateThumbprint <String> ] [-ComputerName <String> ] [-Credential <PSCredential> ] [-PassThru] [-UseSsl]
启用网络控制器群集节点Enable a Network Controller cluster node Enable-NetworkControllerNodeEnable-NetworkControllerNode Enable-NetworkControllerNode -Name <String> [-CertificateThumbprint <String> ] [-ComputerName <String> ] [-Credential <PSCredential> ] [-PassThru] [-UseSsl]
从群集中删除网络控制器节点Remove a Network Controller node from a cluster Remove-NetworkControllerNodeRemove-NetworkControllerNode Remove-NetworkControllerNode [-CertificateThumbprint <String> ] [-ComputerName <String> ] [-Credential <PSCredential> ] [-Force] [-Name <String> ] [-PassThru] [-UseSsl]

若要了解详细信息,请参阅 NetworkController 上适用于网络控制器的 Windows PowerShell 参考文档。To learn more, see the Windows PowerShell reference documentation for Network Controller at NetworkController.

示例网络控制器配置脚本Sample Network Controller configuration script

下面的示例配置脚本演示如何创建多节点网络控制器群集并安装网络控制器应用程序。The following sample configuration script shows how to create a multi-node Network Controller cluster and install the Network Controller application. 此外,$cert 变量会从本地计算机证书存储中选择与使用者名称字符串“networkController.contoso.com”匹配的证书。In addition, the $cert variable selects a certificate from the local computer certificates store that matches the subject name string "networkController.contoso.com".

$a = New-NetworkControllerNodeObject -Name "Node1" -Server "NCNode1.contoso.com" -FaultDomain "fd:/rack1/host1" -RestInterface Internal
$b = New-NetworkControllerNodeObject -Name "Node2" -Server "NCNode2.contoso.com" -FaultDomain "fd:/rack1/host2" -RestInterface Internal
$c = New-NetworkControllerNodeObject -Name "Node3" -Server "NCNode3.contoso.com" -FaultDomain "fd:/rack1/host3" -RestInterface Internal

$cert= get-item Cert:\LocalMachine\My | get-ChildItem | where {$_.Subject -imatch "networkController.contoso.com" }

Install-NetworkControllerCluster -Node @($a,$b,$c)  -ClusterAuthentication Kerberos -DiagnosticLogLocation \\share\Diagnostics - ManagementSecurityGroup Contoso\NCManagementAdmins -CredentialEncryptionCertificate $cert  
Install-NetworkController -Node @($a,$b,$c) -ClientAuthentication Kerberos -ClientSecurityGroup Contoso\NCRESTClients -ServerCertificate $cert -RestIpAddress 10.0.0.1/24

后续步骤Next steps

如果未将 Kerberos 用于网络控制器部署,则必须部署证书。If you are not using Kerberos with your Network Controller deployment, you must deploy certificates. 有关详细信息,请参阅网络控制器的部署后步骤For more information, see Post-Deployment Steps for Network Controller.