当前位置:网站首页>【Azure微服务 Service Fabric 】因证书过期导致Service Fabric集群挂掉(升级无法完成,节点不可用)
【Azure微服务 Service Fabric 】因证书过期导致Service Fabric集群挂掉(升级无法完成,节点不可用)
2022-07-07 21:39:00 【51CTO】
问题描述
创建Service Fabric时,证书在整个集群中是非常重要的部分,有着用户身份验证,节点之间通信,SF升级时的身份及授权认证等功能。如果证书过期则会导致节点受到影响集群无法正常工作。
当证书过期或吊销后,通常出现的问题为:
- Service Fabric群集无法使用升级服务
- Service Fabric Explorer无法连接
- 节点全部停用,无法查看到任何节点信息
当出现以上的情况,最快的办法为新建全新的Service Fabric集群,这也是最高效的一种办法。为了预防证书过期的情况发送,有以下两点建议:
一:在Key Vault中创建证书时候,选择自动续订新版本证书。
二:而如果没有自动续订新版本证书,则需指定维护计划,在证书过期之前就更新证书。而Service Fabric更换安全证书的过程,首先您需要把新的证书上传到key vault中,然后通过powershell或者模板的方式为群集添加辅助证书,然后在Portal操作切换证书。
添加辅助证书请参考:(在当前Service Fabric的资源组中导出模板,对certificateSecondary节点进行修改)
当完成辅助证书添加后,可以在门户中看见两个证书,点击红框中的...来交换主要/辅助证书。
使用Powershell命令加载次要证书 (Secondary Certificate):
执行命令参考:
执行Add-AzServiceFabricClusterCertificate命令后的提示进度如下:
参考链接:
####
Add-AzServiceFabricClusterCertificate: Add a secondary cluster certificate to the cluster, https://docs.microsoft.com/en-us/powershell/module/az.servicefabric/add-azservicefabricclustercertificate?view=azps-5.2.0
####
az sf cluster certificate add: Add a secondary cluster certificate to the cluster. https://docs.microsoft.com/en-us/cli/azure/sf/cluster/certificate?view=azure-cli-latest#az_sf_cluster_certificate_add
####
管理SF群集证书的文档可以参考: https://docs.azure.cn/zh-cn/service-fabric/service-fabric-cluster-security-update-certs-azure
当在复杂的环境中面临问题,格物之道需:浊而静之徐清,安以动之徐生。 云中,恰是如此!
边栏推荐
- Navicat connect 2002 - can't connect to local MySQL server through socket '/var/lib/mysql/mysql Sock 'solve
- Index summary (assault version)
- Open source OA development platform: contract management user manual
- Insufficient permissions
- 648. Word replacement
- [开源] .Net ORM 访问 Firebird 数据库
- Which futures company is the safest to open a futures account?
- GridView defines its own time for typesetting "suggestions collection"
- 反爬通杀神器
- Virtual machine network configuration in VMWare
猜你喜欢
![[200 opencv routines] 223 Polygon fitting for feature extraction (cv.approxpolydp)](/img/1e/055df228853d9b464fc4bcbde0a7ee.png)
[200 opencv routines] 223 Polygon fitting for feature extraction (cv.approxpolydp)
L'enregistreur de disque dur NVR est connecté à easycvr par le Protocole GB 28181. Quelle est la raison pour laquelle l'information sur le canal de l'appareil n'est pas affichée?
The little money made by the program ape is a P!
Kirin Xin'an operating system derivative solution | storage multipath management system, effectively improving the reliability of data transmission
null == undefined
Automatic classification of defective photovoltaic module cells in electronic images
![[JDBC Part 1] overview, get connection, CRUD](/img/53/d79f29f102c81c9b0b7b439c78603b.png)
[JDBC Part 1] overview, get connection, CRUD
双塔模型的最强出装,谷歌又开始玩起“老古董”了?
Where is the big data open source project, one-stop fully automated full life cycle operation and maintenance steward Chengying (background)?
用语雀写文章了,功能真心强大!
随机推荐
解决uni-app中uni.request发送POST请求没有反应。
Nine degree 1201 - traversal of binary sort number - binary sort tree "suggestions collection"
What is the reason for the abnormal flow consumption of 4G devices accessing the easygbs platform?
Reptile combat (VII): pictures of the king of reptiles' heroes
Ten thousand word summary data storage, three knowledge points
使用 CustomPaint 绘制基本图形
Navicat connect 2002 - can't connect to local MySQL server through socket '/var/lib/mysql/mysql Sock 'solve
[200 opencv routines] 223 Polygon fitting for feature extraction (cv.approxpolydp)
Devil daddy A0 English zero foundation self-improvement Road
UVA 11080 – place the guards
JNI primary contact
Node:504 error reporting
ByteDance senior engineer interview, easy to get started, fluent
The latest Android interview collection, Android video extraction audio
Jenkins user rights management
TCP/IP 协议栈
ByteDance Android interview, summary of knowledge points + analysis of interview questions
使用 BlocConsumer 同时构建响应式组件和监听状态
Redis - basic use (key, string, list, set, Zset, hash, geo, bitmap, hyperloglog, transaction)
Jerry's fast pairing does not support canceling pairing [article]