独立 Windows 群集的配置设置Configuration settings for a standalone Windows cluster

本文介绍可使用 ClusterConfig.json 文件设置的独立 Azure Service Fabric 群集的配置设置。This article describes configuration settings of a standalone Azure Service Fabric cluster that can be set in the ClusterConfig.json file. 需要使用该文件指定有关群集节点、安全配置以及有关容错域和升级域的网络拓扑信息。You will use this file to specify information about the cluster's nodes, security configurations, as well as the network topology in terms of fault and upgrade domains. 更改或添加配置设置后,可以创建一个独立的群集,也可以升级独立群集的配置After changing or adding configuration settings, you can either create a standalone cluster or upgrade the configuration of a standalone cluster.

下载独立的 Service Fabric 包时还会附带 ClusterConfig.json 示例。When you download the standalone Service Fabric package, ClusterConfig.json samples are also included. 名称中包含“DevCluster”的示例可使用逻辑节点创建所有三个节点都在同一台计算机上的群集。The samples that have "DevCluster" in their names create a cluster with all three nodes on the same machine, using logical nodes. 在这些节点中,必须至少将一个节点标记为主节点。Out of these nodes, at least one must be marked as a primary node. 此群集类型可用于开发或测试环境。This type of cluster is useful for development or test environments. 不支持将它用作生产群集。It is not supported as a production cluster. 名称中包含“MultiMachine”的示例可帮助创建生产等级群集,其中的每个节点位于不同的计算机上。The samples that have "MultiMachine" in their names help create production grade clusters, with each node on a separate machine. 这些群集的主节点数取决于群集的可靠性级别The number of primary nodes for these clusters is based on the cluster's reliability level. 在版本 5.7 API 版本 05-2017 中,我们删除了可靠性级别属性。In release 5.7, API Version 05-2017, we removed the reliability-level property. 取而代之的是,我们的代码将计算群集的最优可靠性级别。Instead, our code calculates the most optimized reliability level for your cluster. 请勿尝试在版本 5.7 及以上版本中设置此属性的值。Do not try to set a value for this property in versions 5.7 onwards.

  • ClusterConfig.Unsecure.DevCluster.json 和 ClusterConfig.Unsecure.MultiMachine.json 分别说明如何创建不安全的测试群集和生产群集。ClusterConfig.Unsecure.DevCluster.json and ClusterConfig.Unsecure.MultiMachine.json show how to create an unsecured test or production cluster, respectively.

  • ClusterConfig.Windows.DevCluster.json 和 ClusterConfig.Windows.MultiMachine.json 说明如何创建使用 Windows 安全性保护的测试群集和生产群集。ClusterConfig.Windows.DevCluster.json and ClusterConfig.Windows.MultiMachine.json show how to create test or production clusters that are secured by using Windows security.

  • ClusterConfig.X509.DevCluster.json 和 ClusterConfig.X509.MultiMachine.json 说明如何创建使用基于 X509 证书的安全性保护的测试群集和生产群集。ClusterConfig.X509.DevCluster.json and ClusterConfig.X509.MultiMachine.json show how to create test or production clusters that are secured by using X509 certificate-based security.

现在,让我们查看 ClusterConfig.json 文件的各个部分。Now let's examine the various sections of a ClusterConfig.json file.

常规群集配置General cluster configurations

常规群集配置包括特定于群集的配置,如以下 JSON 代码片段中所示:General cluster configurations cover the broad cluster-specific configurations, as shown in the following JSON snippet:

    "name": "SampleCluster",
    "clusterConfigurationVersion": "1.0.0",
    "apiVersion": "01-2017",

可为 Service Fabric 群集指定任何友好名称,只需将该名称分配到 name 变量即可。You can give any friendly name to your Service Fabric cluster by assigning it to the name variable. clusterConfigurationVersion 是群集的版本号。The clusterConfigurationVersion is the version number of your cluster. 每次升级 Service Fabric 群集时,都应该递增该编号。Increase it every time you upgrade your Service Fabric cluster. 请将 apiVersion 保留为默认值。Leave apiVersion set to the default value.

群集上的节点Nodes on the cluster

可以使用 nodes 节配置 Service Fabric 群集上的节点,如以下代码片段中所示:You can configure the nodes on your Service Fabric cluster by using the nodes section, as the following snippet shows:

"nodes": [{
        "nodeName": "vm0",
        "iPAddress": "localhost",
        "nodeTypeRef": "NodeType0",
        "faultDomain": "fd:/dc1/r0",
        "upgradeDomain": "UD0"
    },
    {
        "nodeName": "vm1",
        "iPAddress": "localhost",
        "nodeTypeRef": "NodeType1",
        "faultDomain": "fd:/dc1/r1",
        "upgradeDomain": "UD1"
    },
    {
        "nodeName": "vm2",
        "iPAddress": "localhost",
        "nodeTypeRef": "NodeType2",
        "faultDomain": "fd:/dc1/r2",
        "upgradeDomain": "UD2"
    }
],

一个 Service Fabric 群集必须至少包含三个节点。A Service Fabric cluster must contain at least three nodes. 可以根据设置向此节添加更多节点。You can add more nodes to this section according to your setup. 下表说明了每个节点的配置设置:The following table explains configuration settings for each node:

节点配置Node configuration 说明Description
nodeNamenodeName 可以为节点提供任何友好名称。You can give any friendly name to the node.
iPAddressiPAddress 打开命令窗口并键入 ipconfig,找出节点的 IP 地址。Find out the IP address of your node by opening a command window and typing ipconfig. 记下 IPV4 地址,并将其分配给 iPAddress 变量。Note the IPV4 address, and assign it to the iPAddress variable.
nodeTypeRefnodeTypeRef 可以为每个节点分配不同的节点类型。Each node can be assigned a different node type. 节点类型在以下节中定义。The node types are defined in the following section.
faultDomainfaultDomain 容错域可让群集管理员定义可能因共享的物理依赖项而同时发生故障的物理节点。Fault domains enable cluster administrators to define the physical nodes that might fail at the same time due to shared physical dependencies.
upgradeDomainupgradeDomain 升级域描述几乎在相同时间关闭以进行 Service Fabric 升级的节点集。Upgrade domains describe sets of nodes that are shut down for Service Fabric upgrades at about the same time. 可以选择将哪些节点分配到哪些升级域,因为这不受任何物理要求的限制。You can choose which nodes to assign to which upgrade domains, because they aren't limited by any physical requirements.

群集属性Cluster properties

ClusterConfig.json 中的属性部分用于配置群集,如下所示:The properties section in the ClusterConfig.json is used to configure the cluster as shown:

可靠性Reliability

reliabilityLevel 的概念定义可在群集的主节点上运行的 Service Fabric 系统服务副本或实例数。The concept of reliabilityLevel defines the number of replicas or instances of the Service Fabric system services that can run on the primary nodes of the cluster. 它会确定这些服务以及群集的可靠性。It determines the reliability of these services and hence the cluster. 在群集创建和升级过程中,由系统计算该值。The value is calculated by the system at cluster creation and upgrade time.

诊断Diagnostics

在 diagnosticsStore 节中可以配置参数,以便能够诊断和排查节点或群集故障,如以下代码片段中所示:In the diagnosticsStore section, you can configure parameters to enable diagnostics and troubleshooting node or cluster failures, as shown in the following snippet:

"diagnosticsStore": {
    "metadata":  "Please replace the diagnostics store with an actual file share accessible from all cluster machines.",
    "dataDeletionAgeInDays": "7",
    "storeType": "FileShare",
    "IsEncrypted": "false",
    "connectionstring": "c:\\ProgramData\\SF\\DiagnosticsStore"
}

metadata 用于描述群集诊断,可以根据具体的情况进行设置。The metadata is a description of your cluster diagnostics and can be set according to your setup. 这些变量有助于收集 ETW 跟踪日志、故障转储和性能计数器。These variables help in collecting ETW trace logs and crash dumps as well as performance counters. 有关 ETW 跟踪日志的详细信息,请阅读 TracelogETW 跟踪For more information on ETW trace logs, see Tracelog and ETW tracing. 可将所有日志(包含故障转储性能计数器)定向到计算机上的 connectionString 文件夹。All logs, including crash dumps and performance counters, can be directed to the connectionString folder on your machine. 还可以使用 AzureStorage 来存储诊断信息。You also can use AzureStorage to store diagnostics. 请参阅以下示例代码片段:See the following sample snippet:

"diagnosticsStore": {
    "metadata":  "Please replace the diagnostics store with an actual file share accessible from all cluster machines.",
    "dataDeletionAgeInDays": "7",
    "storeType": "AzureStorage",
    "IsEncrypted": "false",
    "connectionstring": "xstore:DefaultEndpointsProtocol=https;AccountName=[AzureAccountName];AccountKey=[AzureAccountKey]"
}

安全性Security

对于安全的 Service Fabric 独立群集,必须使用 security 节。The security section is necessary for a secure standalone Service Fabric cluster. 以下代码片段显示了该部分的一部分内容:The following snippet shows a part of this section:

"security": {
    "metadata": "This cluster is secured using X509 certificates.",
    "ClusterCredentialType": "X509",
    "ServerCredentialType": "X509",
    . . .
}

metadata 用于描述安全群集,可根据具体的情况进行设置。The metadata is a description of your secure cluster and can be set according to your setup. ClusterCredentialType 和 ServerCredentialType 确定群集与节点将要实现的安全类型。The ClusterCredentialType and ServerCredentialType determine the type of security that the cluster and the nodes implement. 可将这两项设置为 X509 来实现基于证书的安全性,或者设置为 Windows 来实现基于 Active Directory 的安全性。They can be set to either X509 for a certificate-based security or Windows for Active Directory-based security. security 节的余下设置基于安全类型。The rest of the security section is based on the type of security. 若要了解如何填充 security 节的余下设置,请参阅独立群集中基于证书的安全性,或独立群集中的 Windows 安全性For information on how to fill out the rest of the security section, see Certificates-based security in a standalone cluster or Windows security in a standalone cluster.

节点类型Node types

nodeTypes 节描述群集中的节点类型。The nodeTypes section describes the type of nodes that your cluster has. 一个群集必须指定至少一个节点类型,如以下代码片段所示:At least one node type must be specified for a cluster, as shown in the following snippet:

"nodeTypes": [{
    "name": "NodeType0",
    "clientConnectionEndpointPort": "19000",
    "clusterConnectionEndpointPort": "19001",
    "leaseDriverEndpointPort": "19002"
    "serviceConnectionEndpointPort": "19003",
    "httpGatewayEndpointPort": "19080",
    "reverseProxyEndpointPort": "19081",
    "applicationPorts": {
        "startPort": "20575",
        "endPort": "20605"
    },
    "ephemeralPorts": {
        "startPort": "20606",
        "endPort": "20861"
    },
    "isPrimary": true
}]

name 是此特定节点类型的友好名称。The name is the friendly name for this particular node type. 要创建这种类型的节点,请如前所述,将该节点的友好名称分配到其 nodeTypeRef 变量。To create a node of this node type, assign its friendly name to the nodeTypeRef variable for that node, as previously mentioned. 对于每个节点类型,请定义要使用的连接终结点。For each node type, define the connection endpoints that are used. 可为这些连接终结点选择任意端口号,只要不与此群集中的任何其他终结点冲突即可。You can choose any port number for these connection endpoints, as long as they don't conflict with any other endpoints in this cluster. 在多节点群集中,根据 reliabilityLevel,将有一个或多个主节点(即,isPrimary 设置为 true)。In a multinode cluster, there are one or more primary nodes (that is, isPrimary is set to true), depending on the reliabilityLevel. 若要详细了解主节点类型和非主节点类型,请参阅 Service Fabric 群集容量规划注意事项,了解有关 nodeTypes 和 reliabilityLevel 的信息。To learn more about primary and nonprimary node types, see Service Fabric cluster capacity planning considerations for information on nodeTypes and reliabilityLevel.

用于配置节点类型的终结点Endpoints used to configure the node types

  • clientConnectionEndpointPort 是使用客户端 API 时,客户端用来连接群集的端口。clientConnectionEndpointPort is the port used by the client to connect to the cluster when client APIs are used.
  • clusterConnectionEndpointPort 是节点相互通信时使用的端口。clusterConnectionEndpointPort is the port where the nodes communicate with each other.
  • leaseDriverEndpointPort 是群集租用驱动程序用来判断节点是否仍处于活动状态的端口。leaseDriverEndpointPort is the port used by the cluster lease driver to find out if the nodes are still active.
  • serviceConnectionEndpointPort 是节点上部署的应用程序和服务用来与该特定节点上的 Service Fabric 客户端通信的端口。serviceConnectionEndpointPort is the port used by the applications and services deployed on a node to communicate with the Service Fabric client on that particular node.
  • httpGatewayEndpointPort 是 Service Fabric Explorer 用来连接群集的端口。httpGatewayEndpointPort is the port used by Service Fabric Explorer to connect to the cluster.
  • ephemeralPorts 重写 OS 使用的动态端口ephemeralPorts override the dynamic ports used by the OS. Service Fabric 使用其中的一部分端口作为应用程序端口,剩余的端口供 OS 使用。Service Fabric uses a part of these ports as application ports, and the remaining are available for the OS. 它还会将此范围映射到 OS 中的现有范围,因此,无论何时,都可以使用示例 JSON 文件中指定的范围。It also maps this range to the existing range present in the OS, so for all purposes, you can use the ranges given in the sample JSON files. 确保起始端口与结束端口至少相差 255。Make sure that the difference between the start and the end ports is at least 255. 如果此差过小,可能会遇到冲突,因为此范围与 OS 共享。You might run into conflicts if this difference is too low, because this range is shared with the OS. 若要查看配置的动态端口范围,请运行 netsh int ipv4 show dynamicport tcpTo see the configured dynamic port range, run netsh int ipv4 show dynamicport tcp.
  • applicationPorts 是 Service Fabric 应用程序使用的端口。applicationPorts are the ports that are used by the Service Fabric applications. 应用程序端口范围的大小应足以满足应用程序的终结点要求。The application port range should be large enough to cover the endpoint requirement of your applications. 此范围在计算机上的动态端口范围中应是独占的,即按配置中设置的 ephemeralPorts 范围。This range should be exclusive from the dynamic port range on the machine, that is, the ephemeralPorts range as set in the configuration. 每当需要新端口时,Service Fabric 将使用这些端口,并负责为这些端口打开防火墙。Service Fabric uses these ports whenever new ports are required and takes care of opening the firewall for these ports.
  • reverseProxyEndpointPort 是可选的反向代理终结点。reverseProxyEndpointPort is an optional reverse proxy endpoint. 有关详细信息,请参阅 Service Fabric 反向代理For more information, see Service Fabric reverse proxy.

日志设置Log settings

在 fabricSettings 节中,可以设置 Service Fabric 数据和日志的根目录。In the fabricSettings section, you can set the root directories for the Service Fabric data and logs. 只能在初次创建群集时自定义这些目录。You can customize these directories only during the initial cluster creation. 请参阅此节的以下示例代码片段:See the following sample snippet of this section:

"fabricSettings": [{
    "name": "Setup",
    "parameters": [{
            "name": "FabricDataRoot",
            "value": "C:\\ProgramData\\SF"
        },
        {
            "name": "FabricLogRoot",
            "value": "C:\\ProgramData\\SF\\Log"
        }
    ]
}]

建议使用非 OS 驱动器作为 FabricDataRoot 和 FabricLogRoot。We recommend that you use a non-OS drive as the FabricDataRoot and FabricLogRoot. 此类驱动器提供更高的可靠性,可防止 OS 停止响应的情况。It provides more reliability in avoiding situations when the OS stops responding. 如果只自定义数据根目录,则会将日志根目录放置在比数据根目录低一级的位置。If you customize only the data root, the log root is placed one level below the data root.

有状态 Reliable Services 设置Stateful Reliable Services settings

在 KtlLogger 节中,可以设置 Reliable Services 的全局配置设置。In the KtlLogger section, you can set the global configuration settings for Reliable Services. 有关这些设置的详细信息,请阅读配置有状态 Reliable ServicesFor more information on these settings, see Configure Stateful Reliable Services. 以下示例演示如何更改创建的共享事务日志,以备份有状态服务的任何可靠集合:The following example shows how to change the shared transaction log that gets created to back any reliable collections for stateful services:

"fabricSettings": [{
    "name": "KtlLogger",
    "parameters": [{
        "name": "SharedLogSizeInMB",
        "value": "4096"
    }]
}]

附加功能Add-on features

若要配置附加功能,请将 apiVersion 配置为 04-2017 或更高,并按如下所示配置 addonFeatures:To configure add-on features, configure the apiVersion as 04-2017 or higher, and configure the addonFeatures as shown here:

"apiVersion": "04-2017",
"properties": {
    "addOnFeatures": [
        "DnsService",
        "RepairManager"
    ]
}

可在 Service Fabric REST API 参考中查看所有可用的附加功能。All available add-on features can be seen in the Service Fabric REST API Reference.

容器支持Container support

若要为 Windows Server 容器和独立群集的 Hyper-V 容器启用容器支持,必须启用 DnsService 附加功能。To enable container support for both Windows Server containers and Hyper-V containers for standalone clusters, the DnsService add-on feature must be enabled.

后续步骤Next steps

根据独立群集设置配置一个完整的 ClusterConfig.json 文件后,即可可部署群集 。After you have a complete ClusterConfig.json file configured according to your standalone cluster setup, you can deploy your cluster. 请遵循创建独立 Service Fabric 群集中所述的步骤。Follow the steps in Create a standalone Service Fabric cluster.

如果已部署了独立群集,还可以升级独立群集的配置If you have a stand alone cluster deployed, you can also upgrade the configuration of a standalone cluster.

了解如何使用 Service Fabric Explorer 可视化群集Learn how to visualize your cluster with Service Fabric Explorer.