当前位置:网站首页>【Azure微服务 Service Fabric 】因证书过期导致Service Fabric集群挂掉(升级无法完成,节点不可用)
【Azure微服务 Service Fabric 】因证书过期导致Service Fabric集群挂掉(升级无法完成,节点不可用)
2022-07-07 21:39:00 【51CTO】
问题描述
创建Service Fabric时,证书在整个集群中是非常重要的部分,有着用户身份验证,节点之间通信,SF升级时的身份及授权认证等功能。如果证书过期则会导致节点受到影响集群无法正常工作。
当证书过期或吊销后,通常出现的问题为:
- Service Fabric群集无法使用升级服务
- Service Fabric Explorer无法连接
- 节点全部停用,无法查看到任何节点信息
当出现以上的情况,最快的办法为新建全新的Service Fabric集群,这也是最高效的一种办法。为了预防证书过期的情况发送,有以下两点建议:
一:在Key Vault中创建证书时候,选择自动续订新版本证书。
二:而如果没有自动续订新版本证书,则需指定维护计划,在证书过期之前就更新证书。而Service Fabric更换安全证书的过程,首先您需要把新的证书上传到key vault中,然后通过powershell或者模板的方式为群集添加辅助证书,然后在Portal操作切换证书。
添加辅助证书请参考:(在当前Service Fabric的资源组中导出模板,对certificateSecondary节点进行修改)
当完成辅助证书添加后,可以在门户中看见两个证书,点击红框中的...来交换主要/辅助证书。
使用Powershell命令加载次要证书 (Secondary Certificate):
执行命令参考:
执行Add-AzServiceFabricClusterCertificate命令后的提示进度如下:
参考链接:
####
Add-AzServiceFabricClusterCertificate: Add a secondary cluster certificate to the cluster, https://docs.microsoft.com/en-us/powershell/module/az.servicefabric/add-azservicefabricclustercertificate?view=azps-5.2.0
####
az sf cluster certificate add: Add a secondary cluster certificate to the cluster. https://docs.microsoft.com/en-us/cli/azure/sf/cluster/certificate?view=azure-cli-latest#az_sf_cluster_certificate_add
####
管理SF群集证书的文档可以参考: https://docs.azure.cn/zh-cn/service-fabric/service-fabric-cluster-security-update-certs-azure
当在复杂的环境中面临问题,格物之道需:浊而静之徐清,安以动之徐生。 云中,恰是如此!
边栏推荐
- How does win11 unblock the keyboard? Method of unlocking keyboard in win11
- Qt编写物联网管理平台39-报警联动
- An overview of the latest research progress of "efficient deep segmentation of labels" at Shanghai Jiaotong University, which comprehensively expounds the deep segmentation methods of unsupervised, ro
- Time standard library
- Matplotlib drawing interface settings
- Wechat official account oauth2.0 authorizes login and displays user information
- The latest Android interview collection, Android video extraction audio
- Which financial products will yield high returns in 2022?
- Focusing on safety in 1995, Volvo will focus on safety in the field of intelligent driving and electrification in the future
- Where is the big data open source project, one-stop fully automated full life cycle operation and maintenance steward Chengying (background)?
猜你喜欢
三元表达式、各生成式、匿名函数
![Jerry's test box configuration channel [chapter]](/img/d4/fb67f5ee0fe413c22e4e5cd5037938.png)
Jerry's test box configuration channel [chapter]
Where is the big data open source project, one-stop fully automated full life cycle operation and maintenance steward Chengying (background)?
What if the win11u disk does not display? Solution to failure of win11 plug-in USB flash disk
![[开源] .Net ORM 访问 Firebird 数据库](/img/a2/4eff4f0af53bf3b9839a73019a212f.png)
[开源] .Net ORM 访问 Firebird 数据库
Use json Stringify() to realize deep copy, be careful, there may be a huge hole
Qt编写物联网管理平台39-报警联动
Solve the problem of uni in uni app Request sent a post request without response.
Reinforcement learning - learning notes 9 | multi step TD target
How does win11 unblock the keyboard? Method of unlocking keyboard in win11
随机推荐
Description of the difference between character varying and character in PostgreSQL database
Codemail auto collation code of visual studio plug-in
Wechat official account oauth2.0 authorizes login and displays user information
Restapi version control strategy [eolink translation]
L'enregistreur de disque dur NVR est connecté à easycvr par le Protocole GB 28181. Quelle est la raison pour laquelle l'information sur le canal de l'appareil n'est pas affichée?
大数据开源项目,一站式全自动化全生命周期运维管家ChengYing(承影)走向何方?
An overview of the latest research progress of "efficient deep segmentation of labels" at Shanghai Jiaotong University, which comprehensively expounds the deep segmentation methods of unsupervised, ro
Demon daddy guide post - simple version
Ten thousand word summary data storage, three knowledge points
SAR影像质量评估
Why can't win11 display seconds? How to solve the problem that win11 time does not display seconds?
L2: current situation, prospects and pain points of ZK Rollup
Meta force force meta universe system development fossage model
Display optimization when the resolution of easycvr configuration center video recording plan page is adjusted
Use camunda to do workflow design and reject operations
L2:ZK-Rollup的现状,前景和痛点
How does win11 time display the day of the week? How does win11 display the day of the week today?
Prometheus remote_ write InfluxDB,unable to parse authentication credentials,authorization failed
Debugging and handling the problem of jamming for about 30s during SSH login
How much does it cost to develop a small program mall?