设置群集见证Set up a cluster witness

适用于 Azure Stack HCI 版本 20H2;Windows Server 2019Applies to Azure Stack HCI, version 20H2; Windows Server 2019

所有群集都必须设置见证资源,并且应在创建群集后立即设置。Setting up a witness resource is mandatory for all clusters, and should be set up right after you create a cluster. 双节点群集需要见证,这样其中任一服务器脱机就不会导致另一个节点不可用。Two-node clusters need a witness so that either server going offline does not cause the other node to become unavailable as well. 三个及更多节点的群集需要见证,才能承受两台服务器故障或脱机。Three and higher-node clusters need a witness to be able to withstand two servers failing or being offline.

可以使用 SMB 文件共享作为见证或使用 Azure 云见证。You can either use an SMB file share as a witness or use an Azure cloud witness. 建议使用 Azure 云见证,前提是群集中的所有服务器节点都具有可靠的 Internet 连接。An Azure cloud witness is recommended, provided all server nodes in the cluster have a reliable internet connection. 有关详细信息,请参阅部署故障转移群集的云见证For more information, see Deploy a Cloud Witness for a Failover Cluster.

文件共享见证对文件服务器有要求。For file-share witnesses, there are requirements for the file server. 有关详细信息,请参阅系统需求See System requirements for more information.

使用 Windows Admin Center 设置见证Set up a witness using Windows Admin Center

  1. 在 Windows Admin Center 中,从顶部下拉箭头中选择“群集管理器”。In Windows Admin Center, select Cluster Manager from the top drop-down arrow.
  2. 在“群集连接”下,选择该群集。Under Cluster connections, select the cluster.
  3. 在“工具”下,选择“设置” 。Under Tools, select Settings.
  4. 在右窗格中,选择“见证”。In the right pane, select Witness.
  5. 对于“见证类型”,请选择以下选项之一:For Witness type, select one of the following:
    • 云见证 - 输入 Azure 存储帐户名称、访问密钥和终结点 URL,如下所述Cloud witness - enter your Azure storage account name, access key, and endpoint URL, as described below
    • 文件共享见证 - 输入文件共享路径“(//server/share)”File share witness - enter the file share path "(//server/share)"

备注

第三个选项 磁盘见证 不适用于延伸群集。The third option, Disk witness, is not suitable for use in stretched clusters.

创建要用作云见证的 Azure 存储帐户Create an Azure Storage Account to use as a Cloud Witness

本部分介绍如何创建存储帐户并查看和复制该帐户的终结点 URL 和访问密钥。This section describes how to create a storage account and view and copy endpoint URLs and access keys for that account.

若要配置云见证,你必须有一个有效的 Azure 存储帐户,该帐户可用于存储 blob 文件(用于仲裁)。To configure Cloud Witness, you must have a valid Azure Storage Account which can be used to store the blob file (used for arbitration). 云见证在存储帐户下创建一个已知容器 msft-cloud-witness。Cloud Witness creates a well-known Container msft-cloud-witness under the Storage Account. 云见证写入一个 blob 文件,其中包含对应群集的唯一 ID,该 ID 用作此 msft-cloud-witness 容器下 blob 文件的文件名。Cloud Witness writes a single blob file with corresponding cluster's unique ID used as the file name of the blob file under this msft-cloud-witness container. 这意味着,可以使用相同的 Azure 存储帐户来配置多个不同群集的云见证。This means that you can use the same Azure Storage Account to configure a Cloud Witness for multiple different clusters.

使用相同的 Azure 存储帐户为多个不同的群集配置云见证时,会自动创建一个 msft-cloud-witness 容器。When you use the same Azure Storage Account for configuring Cloud Witness for multiple different clusters, a single msft-cloud-witness container gets created automatically. 此容器将为每个群集包含一个 blob 文件。This container will contain one-blob file per cluster.

备注

云见证使用 HTTPS(默认端口 443)来与 Azure blob 服务建立通信。Cloud Witness uses HTTPS (default port 443) to establish communication with Azure blob service. 确保可通过网络代理访问 HTTPS 端口。Ensure that HTTPS port is accessible via network Proxy.

创建 Azure 存储帐户To create an Azure storage account

  1. 登录 Azure 门户Sign in to the Azure portal.
  2. 在“中心”菜单上,选择“新建”->“数据 + 存储”->“存储帐户”。On the Hub menu, select New -> Data + Storage -> Storage account.
  3. 在“创建存储帐户”页中执行以下操作:In the Create a storage account page, do the following:
    1. 为存储帐户输入名称。Enter a name for your storage account.
      存储帐户名称必须为 3 到 24 个字符,并且只能包含数字和小写字母。Storage account names must be between 3 and 24 characters in length and may contain numbers and lowercase letters only. 存储帐户名称在 Azure 中也必须是唯一的。The storage account name must also be unique within Azure.
    2. 对于“帐户类型”,选择“常规用途” 。For Account kind, select General purpose.
      不能将 Blob 存储帐户用于云见证。You can't use a Blob storage account for a Cloud Witness.
    3. 对于“性能”,请选择“标准”。For Performance, select Standard.
      不能将 Azure 高级存储用于云见证。You can't use Azure Premium Storage for a Cloud Witness.
    4. 对于“复制”,选择“本地冗余存储(LRS)” 。For Replication, select Locally-redundant storage (LRS) .
      故障转移群集使用 blob 文件作为仲裁点,这在读取数据时需要一些一致性保证。Failover Clustering uses the blob file as the arbitration point, which requires some consistency guarantees when reading the data. 因此“副本”类型必须选择“本地冗余存储” 。Therefore you must select Locally-redundant storage for Replication type.

查看和复制 Azure 存储帐户的存储访问密钥View and copy storage access keys for your Azure Storage Account

创建 Azure 存储帐户时,它会与自动生成的两个访问密钥关联 - 主访问密钥和辅助访问密钥。When you create a Azure Storage Account, it is associated with two Access Keys that are automatically generated - Primary Access key and Secondary Access key. 首次创建云见证时,请使用主访问密钥。For a first-time creation of Cloud Witness, use the Primary Access Key. 对于要用于云见证的密钥没有任何限制。There is no restriction regarding which key to use for Cloud Witness.

查看和复制存储访问密钥To view and copy storage access keys

在 Azure 门户中,导航到你的存储帐户,单击“所有设置”,然后单击“配置”以查看、复制和再生成帐户访问密钥 。In the Azure portal, navigate to your storage account, click All settings and then click Access Keys to view, copy, and regenerate your account access keys. “访问密钥”边栏选项卡还包含使用主密钥和辅助密钥预配置的连接字符串,可复制到应用程序中使用。The Access Keys blade also includes pre-configured connection strings using your primary and secondary keys that you can copy to use in your applications.

云见证访问密钥

创建存储帐户时,将使用此格式生成以下 URL:https://<Storage Account Name>.<Storage Type>.<Endpoint>When you create a Storage Account, the following URLs are generated using the format: https://<Storage Account Name>.<Storage Type>.<Endpoint>

云见证始终使用 Blob 作为存储类型。Cloud Witness always uses Blob as the storage type. Azure 使用 .core.chinacloudapi.cn 作为终结点。Azure uses .core.chinacloudapi.cn as the Endpoint.

备注

此终结点 URL 由云见证资源自动生成,并且该 URL 无需额外的配置步骤。The endpoint URL is generated automatically by Cloud Witness resource and there is no extra step of configuration necessary for the URL.

在 Azure 门户中,导航到你的存储帐户,单击“所有设置”,然后单击“属性”以查看和复制终结点 URL 。In the Azure portal, navigate to your storage account, click All settings and then click Properties to view and copy your endpoint URLs.

云见证终结点 URL

使用 Windows PowerShell 设置见证Set up a witness using Windows PowerShell

若要使用 PowerShell 设置群集见证,请运行以下 cmdlet 之一。To setup a cluster witness using PowerShell, run one of the following cmdlets.

使用以下 cmdlet 创建 Azure 云见证:Use the following cmdlet to create an Azure cloud witness:

Set-ClusterQuorum –Cluster "Cluster1" -CloudWitness -AccountName "AzureStorageAccountName" -AccessKey "AzureStorageAccountAccessKey"

使用以下 cmdlet 创建文件共享见证:Use the following cmdlet to create a file-share witness:

Set-ClusterQuorum -FileShareWitness "\\fileserver\share" -Credential (Get-Credential)

后续步骤Next steps