当前位置:网站首页>【Azure微服务 Service Fabric 】因证书过期导致Service Fabric集群挂掉(升级无法完成,节点不可用)
【Azure微服务 Service Fabric 】因证书过期导致Service Fabric集群挂掉(升级无法完成,节点不可用)
2022-07-07 21:39:00 【51CTO】
问题描述
创建Service Fabric时,证书在整个集群中是非常重要的部分,有着用户身份验证,节点之间通信,SF升级时的身份及授权认证等功能。如果证书过期则会导致节点受到影响集群无法正常工作。
当证书过期或吊销后,通常出现的问题为:
- Service Fabric群集无法使用升级服务
- Service Fabric Explorer无法连接
- 节点全部停用,无法查看到任何节点信息
当出现以上的情况,最快的办法为新建全新的Service Fabric集群,这也是最高效的一种办法。为了预防证书过期的情况发送,有以下两点建议:
一:在Key Vault中创建证书时候,选择自动续订新版本证书。
二:而如果没有自动续订新版本证书,则需指定维护计划,在证书过期之前就更新证书。而Service Fabric更换安全证书的过程,首先您需要把新的证书上传到key vault中,然后通过powershell或者模板的方式为群集添加辅助证书,然后在Portal操作切换证书。
添加辅助证书请参考:(在当前Service Fabric的资源组中导出模板,对certificateSecondary节点进行修改)
当完成辅助证书添加后,可以在门户中看见两个证书,点击红框中的...来交换主要/辅助证书。
使用Powershell命令加载次要证书 (Secondary Certificate):
执行命令参考:
执行Add-AzServiceFabricClusterCertificate命令后的提示进度如下:
参考链接:
####
Add-AzServiceFabricClusterCertificate: Add a secondary cluster certificate to the cluster, https://docs.microsoft.com/en-us/powershell/module/az.servicefabric/add-azservicefabricclustercertificate?view=azps-5.2.0
####
az sf cluster certificate add: Add a secondary cluster certificate to the cluster. https://docs.microsoft.com/en-us/cli/azure/sf/cluster/certificate?view=azure-cli-latest#az_sf_cluster_certificate_add
####
管理SF群集证书的文档可以参考: https://docs.azure.cn/zh-cn/service-fabric/service-fabric-cluster-security-update-certs-azure
当在复杂的环境中面临问题,格物之道需:浊而静之徐清,安以动之徐生。 云中,恰是如此!
边栏推荐
- [开源] .Net ORM 访问 Firebird 数据库
- 为什么Win11不能显示秒数?Win11时间不显示秒怎么解决?
- SAR影像质量评估
- 大数据开源项目,一站式全自动化全生命周期运维管家ChengYing(承影)走向何方?
- Use json Stringify() to realize deep copy, be careful, there may be a huge hole
- Using enumeration to realize English to braille
- 使用 CustomPaint 绘制基本图形
- Which financial products will yield high returns in 2022?
- UVA 12230 – crossing rivers (probability) "suggested collection"
- Codemail auto collation code of visual studio plug-in
猜你喜欢
What if the win11u disk does not display? Solution to failure of win11 plug-in USB flash disk
Using enumeration to realize English to braille
The strongest installation of the twin tower model, Google is playing "antique" again?
Redis - basic use (key, string, list, set, Zset, hash, geo, bitmap, hyperloglog, transaction)
Use json Stringify() to realize deep copy, be careful, there may be a huge hole
Tcp/ip protocol stack
Embedded development: how to choose the right RTOS for the project?
Win11U盘不显示怎么办?Win11插U盘没反应的解决方法
![[C language] advanced pointer --- do you really understand pointer?](/img/ee/79c0646d4f1bfda9543345b9da0f25.png)
[C language] advanced pointer --- do you really understand pointer?
Where is the big data open source project, one-stop fully automated full life cycle operation and maintenance steward Chengying (background)?
随机推荐
Use json Stringify() to realize deep copy, be careful, there may be a huge hole
UVA 11080 – place the guards
Reinforcement learning - learning notes 9 | multi step TD target
Ad domain group policy management
ISO 26262 - considerations other than requirements based testing
Use camunda to do workflow design and reject operations
Main functions of OS, Sys and random Standard Libraries
ByteDance senior engineer interview, easy to get started, fluent
Using enumeration to realize English to braille
Ten thousand word summary data storage, three knowledge points
Meta force force meta universe system development fossage model
The difference between NPM uninstall and RM direct deletion
Build your own website (18)
Programming mode - table driven programming
Code of "digital image processing principle and Practice (matlab version)" part2[easy to understand]
Tcp/ip protocol stack
[C language] advanced pointer --- do you really understand pointer?
cv2.resize函数报错:error: (-215:Assertion failed) func != 0 in function ‘cv::hal::resize‘
Ant destination multiple selection
Display optimization when the resolution of easycvr configuration center video recording plan page is adjusted