当前位置:网站首页>【Azure微服务 Service Fabric 】因证书过期导致Service Fabric集群挂掉(升级无法完成,节点不可用)
【Azure微服务 Service Fabric 】因证书过期导致Service Fabric集群挂掉(升级无法完成,节点不可用)
2022-07-07 21:39:00 【51CTO】
问题描述
创建Service Fabric时,证书在整个集群中是非常重要的部分,有着用户身份验证,节点之间通信,SF升级时的身份及授权认证等功能。如果证书过期则会导致节点受到影响集群无法正常工作。
当证书过期或吊销后,通常出现的问题为:
- Service Fabric群集无法使用升级服务
- Service Fabric Explorer无法连接
- 节点全部停用,无法查看到任何节点信息
当出现以上的情况,最快的办法为新建全新的Service Fabric集群,这也是最高效的一种办法。为了预防证书过期的情况发送,有以下两点建议:
一:在Key Vault中创建证书时候,选择自动续订新版本证书。
二:而如果没有自动续订新版本证书,则需指定维护计划,在证书过期之前就更新证书。而Service Fabric更换安全证书的过程,首先您需要把新的证书上传到key vault中,然后通过powershell或者模板的方式为群集添加辅助证书,然后在Portal操作切换证书。
添加辅助证书请参考:(在当前Service Fabric的资源组中导出模板,对certificateSecondary节点进行修改)
当完成辅助证书添加后,可以在门户中看见两个证书,点击红框中的...来交换主要/辅助证书。
使用Powershell命令加载次要证书 (Secondary Certificate):
执行命令参考:
执行Add-AzServiceFabricClusterCertificate命令后的提示进度如下:
参考链接:
####
Add-AzServiceFabricClusterCertificate: Add a secondary cluster certificate to the cluster, https://docs.microsoft.com/en-us/powershell/module/az.servicefabric/add-azservicefabricclustercertificate?view=azps-5.2.0
####
az sf cluster certificate add: Add a secondary cluster certificate to the cluster. https://docs.microsoft.com/en-us/cli/azure/sf/cluster/certificate?view=azure-cli-latest#az_sf_cluster_certificate_add
####
管理SF群集证书的文档可以参考: https://docs.azure.cn/zh-cn/service-fabric/service-fabric-cluster-security-update-certs-azure
当在复杂的环境中面临问题,格物之道需:浊而静之徐清,安以动之徐生。 云中,恰是如此!
边栏推荐
- Jerry's power on automatic pairing [chapter]
- 双塔模型的最强出装,谷歌又开始玩起“老古董”了?
- Index summary (assault version)
- The maximum number of meetings you can attend [greedy + priority queue]
- 201215-03-19 - cocos2dx memory management - specific explanation "recommended collection"
- null == undefined
- Typescript TS basic knowledge type declaration
- How to turn on win11 game mode? How to turn on game mode in win11
- 【colmap】稀疏重建转为MVSNet格式输入
- Preparing for the interview and sharing experience
猜你喜欢
How to turn on win11 game mode? How to turn on game mode in win11
![Jerry's about TWS channel configuration [chapter]](/img/94/fde5054fc412b786cd9864215e912c.png)
Jerry's about TWS channel configuration [chapter]
QT compile IOT management platform 39 alarm linkage
What if the win11u disk does not display? Solution to failure of win11 plug-in USB flash disk
Display optimization when the resolution of easycvr configuration center video recording plan page is adjusted
Ad domain group policy management
EasyCVR配置中心录像计划页面调整分辨率时的显示优化
【JDBC Part 1】概述、获取连接、CRUD
![Jerry's about TWS pairing mode configuration [chapter]](/img/fd/dd1e252617d30dd7147dbab25de5b4.png)
Jerry's about TWS pairing mode configuration [chapter]
cv2.resize函数报错:error: (-215:Assertion failed) func != 0 in function ‘cv::hal::resize‘
随机推荐
Time standard library
Devil daddy A0 English zero foundation self-improvement Road
Have you ever been confused? Once a test / development programmer, ignorant gadget C bird upgrade
Jerry's manual matching method [chapter]
An in-depth understanding of fp/fn/precision/recall
Debugging and handling the problem of jamming for about 30s during SSH login
Restore backup data on persistent volumes
Lingyun going to sea | saihe & Huawei cloud: jointly help the sustainable development of cross-border e-commerce industry
Jerry's initiation of ear pairing, reconnection, and opening of discoverable and connectable cyclic functions [chapter]
ISO 26262 - considerations other than requirements based testing
Use br to recover backup data on azure blob storage
谈谈制造企业如何制定敏捷的数字化转型策略
How polardb-x does distributed database hotspot analysis
Win11时间怎么显示星期几?Win11怎么显示今天周几?
What stocks can a new account holder buy? Is the stock trading account safe
Actual combat: sqlserver 2008 Extended event XML is converted to standard table format [easy to understand]
双塔模型的最强出装,谷歌又开始玩起“老古董”了?
Where is the big data open source project, one-stop fully automated full life cycle operation and maintenance steward Chengying (background)?
DNS series (I): why does the updated DNS record not take effect?
Navicat connect 2002 - can't connect to local MySQL server through socket '/var/lib/mysql/mysql Sock 'solve