当前位置:网站首页>【Azure微服务 Service Fabric 】因证书过期导致Service Fabric集群挂掉(升级无法完成,节点不可用)
【Azure微服务 Service Fabric 】因证书过期导致Service Fabric集群挂掉(升级无法完成,节点不可用)
2022-07-07 21:39:00 【51CTO】
问题描述
创建Service Fabric时,证书在整个集群中是非常重要的部分,有着用户身份验证,节点之间通信,SF升级时的身份及授权认证等功能。如果证书过期则会导致节点受到影响集群无法正常工作。
当证书过期或吊销后,通常出现的问题为:
- Service Fabric群集无法使用升级服务
- Service Fabric Explorer无法连接
- 节点全部停用,无法查看到任何节点信息
当出现以上的情况,最快的办法为新建全新的Service Fabric集群,这也是最高效的一种办法。为了预防证书过期的情况发送,有以下两点建议:
一:在Key Vault中创建证书时候,选择自动续订新版本证书。
二:而如果没有自动续订新版本证书,则需指定维护计划,在证书过期之前就更新证书。而Service Fabric更换安全证书的过程,首先您需要把新的证书上传到key vault中,然后通过powershell或者模板的方式为群集添加辅助证书,然后在Portal操作切换证书。
添加辅助证书请参考:(在当前Service Fabric的资源组中导出模板,对certificateSecondary节点进行修改)
当完成辅助证书添加后,可以在门户中看见两个证书,点击红框中的...来交换主要/辅助证书。
使用Powershell命令加载次要证书 (Secondary Certificate):
执行命令参考:
执行Add-AzServiceFabricClusterCertificate命令后的提示进度如下:
参考链接:
####
Add-AzServiceFabricClusterCertificate: Add a secondary cluster certificate to the cluster, https://docs.microsoft.com/en-us/powershell/module/az.servicefabric/add-azservicefabricclustercertificate?view=azps-5.2.0
####
az sf cluster certificate add: Add a secondary cluster certificate to the cluster. https://docs.microsoft.com/en-us/cli/azure/sf/cluster/certificate?view=azure-cli-latest#az_sf_cluster_certificate_add
####
管理SF群集证书的文档可以参考: https://docs.azure.cn/zh-cn/service-fabric/service-fabric-cluster-security-update-certs-azure
当在复杂的环境中面临问题,格物之道需:浊而静之徐清,安以动之徐生。 云中,恰是如此!
边栏推荐
- Typescript TS basic knowledge type declaration
- [open source] Net ORM accessing Firebird database
- The function is really powerful!
- Main functions of OS, Sys and random Standard Libraries
- Nine degree 1201 - traversal of binary sort number - binary sort tree "suggestions collection"
- L2:ZK-Rollup的现状,前景和痛点
- Arlo's troubles
- Backup tidb cluster to persistent volume
- How polardb-x does distributed database hotspot analysis
- 用语雀写文章了,功能真心强大!
猜你喜欢
The strongest installation of the twin tower model, Google is playing "antique" again?
Node:504 error reporting
648. Word replacement
The little money made by the program ape is a P!
Usage of MySQL subquery keywords (exists)
【JDBC Part 1】概述、获取连接、CRUD
Jenkins user rights management
反爬通杀神器
What if the win11u disk does not display? Solution to failure of win11 plug-in USB flash disk
三元表达式、各生成式、匿名函数
随机推荐
为什么Win11不能显示秒数?Win11时间不显示秒怎么解决?
SQL injection error report injection function graphic explanation
The function is really powerful!
Win11U盘不显示怎么办?Win11插U盘没反应的解决方法
Reinforcement learning - learning notes 9 | multi step TD target
Ant destination multiple selection
The latest Android interview collection, Android video extraction audio
What if the win11u disk does not display? Solution to failure of win11 plug-in USB flash disk
Google SEO external chain backlinks research tool recommendation
QT compile IOT management platform 39 alarm linkage
Jerry's about TWS pairing mode configuration [chapter]
Time standard library
How much does it cost to develop a small program mall?
Demon daddy B2 breaks through grammar and completes orthodox oral practice
NVR硬盤錄像機通過國標GB28181協議接入EasyCVR,設備通道信息不顯示是什麼原因?
Talk about relational database and serverless
Addition, deletion, modification and query of sqlhelper
L2:ZK-Rollup的现状,前景和痛点
Jerry's configuration of TWS cross pairing [article]
Demon daddy guide post - simple version