對 SQL Server 巨量資料叢集 Active Directory 整合進行疑難排解
適用於:SQL Server 2019 (15.x)
本文說明如何對 Active Directory 模式中的 SQL Server 巨量資料叢集部署進行疑難排解。
重要
Microsoft SQL Server 2019 巨量資料叢集附加元件將會淘汰。 SQL Server 2019 巨量資料叢集的支援將於 2025 年 2 月 28 日結束。 平台上將完全支援含軟體保證 SQL Server 2019 的所有現有使用者,而且軟體將會持續透過 SQL Server 累積更新來維護,直到該時間為止。 如需詳細資訊,請參閱公告部落格文章與 Microsoft SQL Server 平台上的巨量資料選項。
徵狀
您已開始使用 Active Directory 模式部署 SQL Server 巨量資料叢集。 部署停滯且不會繼續進行。
下列範例顯示某個 Bash 殼層中的部署結果。
The privacy statement can be viewed at:
https://go.microsoft.com/fwlink/?LinkId=853010
The license terms for SQL Server Big Data Cluster can be viewed at:
Enterprise: https://go.microsoft.com/fwlink/?linkid=2104292
Standard: https://go.microsoft.com/fwlink/?linkid=2104294
Developer: https://go.microsoft.com/fwlink/?linkid=2104079
Cluster deployment documentation can be viewed at:
https://aka.ms/bdc-deploy
NOTE: Cluster creation can take a significant amount of time depending on
configuration, network speed, and the number of nodes in the cluster.
Starting cluster deployment.
Cluster controller endpoint is available at bdc-control.contoso.com:30080, 193.168.5.14:30080.
Waiting for control plane to be ready after 5 minutes.
Waiting for control plane to be ready after 10 minutes.
Waiting for control plane to be ready after 15 minutes.
Waiting for control plane to be ready after 20 minutes.
Waiting for control plane to be ready after 25 minutes.
檢查目前已部署的 Pod。
kubectl get pods -n mssql-cluster
下列清單顯示只部署了屬於控制器的 Pod。 並不會建立任何計算、資料或存放集區 Pod。
NAME READY STATUS RESTARTS AGE
appproxy-6q4rm 2/2 Running 0 32m
compute-0-0 3/3 Running 0 32m
control-n8jqh 3/3 Running 0 35m
controldb-0 2/2 Running 0 35m
controlwd-fgpj8 1/1 Running 0 34m
data-0-0 3/3 Running 0 32m
data-0-1 3/3 Running 0 32m
dns-fjp7n 2/2 Running 0 34m
gateway-0 2/2 Running 0 32m
logsdb-0 1/1 Running 0 34m
logsui-d26c5 1/1 Running 0 34m
master-0 3/4 Running 0 32m
master-1 3/4 Running 0 32m
master-2 3/4 Running 0 32m
metricsdb-0 1/1 Running 0 34m
metricsdc-c2kbh 1/1 Running 0 34m
metricsdc-lmqzx 1/1 Running 0 34m
metricsdc-r6499 1/1 Running 0 34m
metricsdc-tj99w 1/1 Running 0 34m
metricsui-dg8rz 1/1 Running 0 34m
mgmtproxy-dvzpc 2/2 Running 0 34m
nmnode-0-0 2/2 Running 0 32m
nmnode-0-1 2/2 Running 0 32m
operator-27gt9 1/1 Running 0 32m
sparkhead-0 4/4 Running 0 31m
sparkhead-1 4/4 Running 0 31m
storage-0-0 4/4 Running 0 31m
storage-0-1 4/4 Running 0 31m
storage-0-2 4/4 Running 0 31m
zookeeper-0 2/2 Running 0 32m
zookeeper-1 2/2 Running 0 32m
zookeeper-2 2/2 Running 0 32m
查看記錄
如果部署在未建立計算、資料或儲存體 Pod 的情況下結束,請檢查下列記錄以找出原因:
檢查
controller.log
(<folderOfDebugCopyLog>\debuglogs-mssql-cluster-20200219-093941\mssql-cluster\control-<suffix>\controller\controller\<date>\controller.log)。 尋找下列項目︰WARN | StatefulSet master is not ready with 0 ready pods and 3 unready pods
檢查
master-0
provisioner.log
(<folderOfDebugCopyLog>\debuglogs-mssql-cluster-20200219-093941\mssql-cluster\master-0\mssql-server\provisioner\provisioner.log)ERROR | Failed to create sql login for domain user [<domain>.<top-level-domain>\<domain-group>] Traceback (most recent call last): File "/opt/provisioner/bin/scripts/provisioningpool.py", line 214, in executeNonQueries connection.execute_non_query(command) File "src/_mssql.pyx", line 1033, in _mssql.MSSQLConnection.execute_non_query File "src/_mssql.pyx", line 1061, in _mssql.MSSQLConnection.execute_non_query File "src/_mssql.pyx", line 1634, in _mssql.check_and_raise File "src/_mssql.pyx", line 1683, in _mssql.maybe_raise_MSSQLDatabaseException _mssql.MSSQLDatabaseException: (15401, b"Windows NT user or group '<domain>.<top-level-domain>\\<domain-group>' not found. Check the name again.DB-Lib error message 20018, severity 16:\nGeneral SQL Server error: Check messages from the SQL Server\n") WARNING | [3/3] Provisioning exception occurred during provisioning step: ProvisioningMasterPool. WARNING | Failed to create sql login for domain user [<domain>.<top-level-domain>\<domain-group>] WARNING | Retrying.
原因
在上述範例中,因為網域群組的範圍是網域本機,所以部署無法為網域使用者建立登入。 使用全域或通用範圍群組。 若要了解 Active Directory 群組範圍需求,請參閱以 Active Directory 模式部署 SQL Server 巨量資料叢集。
驗證
檢查網域群組 (<domain-group>
) 的範圍。 使用 get-adgroup。
如果 <domain-group>
群組範圍為網域本機 (DomainLocal
),則部署會失敗。
下列 PowerShell 指令碼會檢查名為 bdcadmins
和 bdcusers
的兩個 Active Directory 群組範圍。 以群組的名稱取代這些名稱。
#Administrators and users Active Directory groups
$Cluster_admins_group='bdcadmins'
$Cluster_users_group='bdcusers'
#Performing Active Directory Group Checks...
#Active Directory admin group Check
$ClusterAdminGroupScope_Result = New-Object System.Collections.ArrayList
try {
$GroupScope = Get-ADgroup -Identity $Cluster_admins_group | Select-Object -ExpandProperty GroupScope
if ($GroupScope -eq 'DomainLocal') {
[void]$ClusterAdminGroupScope_Result.Add("Misconfiguration - $Cluster_admins_group Group scope is $GroupScope, this scope is not supported, Please change group scope to either Global or Universal")
}
else {
[void]$ClusterAdminGroupScope_Result.Add("OK - $Cluster_admins_group Group scope is $GroupScope")
}
}
catch {
[void]$ClusterAdminGroupScope_Result.Add("Error - " + $_.exception.message)
}
#Ad users group check
$ClusterUsersGroupScope_Result = New-Object System.Collections.ArrayList
$GroupScope = ''
try {
$GroupScope = Get-ADgroup -Identity $Cluster_users_group | Select-Object -ExpandProperty GroupScope
if ($GroupScope -eq 'DomainLocal') {
[void]$ClusterUsersGroupScope_Result.Add("Misconfiguration - $Cluster_users_group Group scope is $GroupScope, this scope is not supported, Please change group scope to either Global or Universal")
}
else
{ [void]$ClusterUsersGroupScope_Result.Add("OK - $Cluster_users_group Group scope is $GroupScope") }
}
catch {
[void]$ClusterUsersGroupScope_Result.Add("Error - " + $_.exception.message)
}
#Display the results
$ClusterUsersGroupScope_Result
解決方案
若要解決此問題,請建立具有通用或全域範圍的 Active Directory 群組,然後再次執行部署。