当前位置:网站首页>【Azure微服务 Service Fabric 】因证书过期导致Service Fabric集群挂掉(升级无法完成,节点不可用)
【Azure微服务 Service Fabric 】因证书过期导致Service Fabric集群挂掉(升级无法完成,节点不可用)
2022-07-07 21:39:00 【51CTO】
问题描述
创建Service Fabric时,证书在整个集群中是非常重要的部分,有着用户身份验证,节点之间通信,SF升级时的身份及授权认证等功能。如果证书过期则会导致节点受到影响集群无法正常工作。
当证书过期或吊销后,通常出现的问题为:
- Service Fabric群集无法使用升级服务
- Service Fabric Explorer无法连接
- 节点全部停用,无法查看到任何节点信息
当出现以上的情况,最快的办法为新建全新的Service Fabric集群,这也是最高效的一种办法。为了预防证书过期的情况发送,有以下两点建议:
一:在Key Vault中创建证书时候,选择自动续订新版本证书。
二:而如果没有自动续订新版本证书,则需指定维护计划,在证书过期之前就更新证书。而Service Fabric更换安全证书的过程,首先您需要把新的证书上传到key vault中,然后通过powershell或者模板的方式为群集添加辅助证书,然后在Portal操作切换证书。
添加辅助证书请参考:(在当前Service Fabric的资源组中导出模板,对certificateSecondary节点进行修改)
当完成辅助证书添加后,可以在门户中看见两个证书,点击红框中的...来交换主要/辅助证书。
使用Powershell命令加载次要证书 (Secondary Certificate):
执行命令参考:
执行Add-AzServiceFabricClusterCertificate命令后的提示进度如下:
参考链接:
####
Add-AzServiceFabricClusterCertificate: Add a secondary cluster certificate to the cluster, https://docs.microsoft.com/en-us/powershell/module/az.servicefabric/add-azservicefabricclustercertificate?view=azps-5.2.0
####
az sf cluster certificate add: Add a secondary cluster certificate to the cluster. https://docs.microsoft.com/en-us/cli/azure/sf/cluster/certificate?view=azure-cli-latest#az_sf_cluster_certificate_add
####
管理SF群集证书的文档可以参考: https://docs.azure.cn/zh-cn/service-fabric/service-fabric-cluster-security-update-certs-azure
当在复杂的环境中面临问题,格物之道需:浊而静之徐清,安以动之徐生。 云中,恰是如此!
边栏推荐
- Qt编写物联网管理平台39-报警联动
- Talk about relational database and serverless
- Google SEO external chain backlinks research tool recommendation
- It's worth seeing. Interview sites and interview skills
- How to turn on win11 game mode? How to turn on game mode in win11
- Automatic classification of defective photovoltaic module cells in electronic images
- Typescript TS basic knowledge type declaration
- Validutil, "Rethinking the setting of semi supervised learning on graphs"
- Jerry's manual matching method [chapter]
- 使用 BlocConsumer 同时构建响应式组件和监听状态
猜你喜欢
ByteDance senior engineer interview, easy to get started, fluent
Where is the big data open source project, one-stop fully automated full life cycle operation and maintenance steward Chengying (background)?
NVR硬盤錄像機通過國標GB28181協議接入EasyCVR,設備通道信息不顯示是什麼原因?
反爬通杀神器
Focusing on safety in 1995, Volvo will focus on safety in the field of intelligent driving and electrification in the future
TCP/IP 协议栈
![Restapi version control strategy [eolink translation]](/img/65/decbc158f467ab8c8923c5947af535.png)
Restapi version control strategy [eolink translation]
Talk about relational database and serverless
建立自己的网站(18)
NVR硬盘录像机通过国标GB28181协议接入EasyCVR,设备通道信息不显示是什么原因?
随机推荐
大数据开源项目,一站式全自动化全生命周期运维管家ChengYing(承影)走向何方?
Reinforcement learning - learning notes 9 | multi step TD target
Demon daddy C
Google SEO external chain backlinks research tool recommendation
Where is the big data open source project, one-stop fully automated full life cycle operation and maintenance steward Chengying (background)?
Develop those things: go plus c.free to free memory, and what are the reasons for compilation errors?
Wechat official account oauth2.0 authorizes login and displays user information
Latest Android advanced interview questions summary, Android interview questions and answers
Use json Stringify() to realize deep copy, be careful, there may be a huge hole
UVA 11080 – place the guards
Have you ever been confused? Once a test / development programmer, ignorant gadget C bird upgrade
The difference between NPM uninstall and RM direct deletion
强化学习-学习笔记9 | Multi-Step-TD-Target
使用 BlocConsumer 同时构建响应式组件和监听状态
Devil daddy A0 English zero foundation self-improvement Road
What if the win11u disk does not display? Solution to failure of win11 plug-in USB flash disk
The cyberspace office announced the measures for data exit security assessment, which will come into force on September 1
Awk processing JSON processing
648. Word replacement
Jenkins user rights management