Azure service fabric 安装安全的独立服务结构开发群集
我正试着遵循这一点: 我已经编辑了Azure service fabric 安装安全的独立服务结构开发群集,azure-service-fabric,Azure Service Fabric,我正试着遵循这一点: 我已经编辑了ClusterConfig.X509.DevCluster.json,并为我的机器的IP替换了localhost。我已将我的证书包括在其中,security节点如下所示: "security": { "metadata": "The Credential type X509 indicates this is cluster is secured using X509 Certificates. The thumbprint forma
ClusterConfig.X509.DevCluster.json
,并为我的机器的IP替换了localhost
。我已将我的证书包括在其中,security
节点如下所示:
"security": {
"metadata": "The Credential type X509 indicates this is cluster is secured using X509 Certificates. The thumbprint format is - d5 ec 42 3b 79 cb e5 07 fd 83 59 3c 56 b9 d5 31 24 25 42 64.",
"ClusterCredentialType": "X509",
"ServerCredentialType": "X509",
"CertificateInformation": {
"ClusterCertificate": {
"Thumbprint": "xx xx xx xx dc c9 a1 2e ae 2d 68 90 8e 7d f0 1e 79 05 d6 6b",
"X509StoreName": "My"
},
"ServerCertificate": {
"Thumbprint": "xx xx xx xx dc c9 a1 2e ae 2d 68 90 8e 7d f0 1e 79 05 d6 6b",
"X509StoreName": "My"
},
"ReverseProxyCertificate": {
"Thumbprint": "xx xx xx xx ee 08 00 ea f0 69 7f 4f 2c 61 49 0c 28 20 11 8b",
"X509StoreName": "My"
}
}
},
我的配置似乎有效:
ClusterConfigFilePath: ClusterConfig.json
DeploymentComponents extracted.
Trace folder doesn't exist. Creating trace folder: C:\SF-Install\DeploymentTraces
Running Best Practices Analyzer...
Best Practices Analyzer completed successfully.
LocalAdminPrivilege : True
IsJsonValid : True
IsCabValid :
RequiredPortsOpen : True
RemoteRegistryAvailable : True
FirewallAvailable : True
RpcCheckPassed : True
NoConflictingInstallations : True
FabricInstallable : True
DataDrivesAvailable : True
Passed : True
安装超时,出现以下错误:
Timed out waiting for Installer Service to complete for machine 192.168.168.114. Investigation order: FabricInstallerService -> FabricSetup -> FabricDeployer -> Fabric
CreateCluster Error: System.AggregateException: One or more errors occurred. ---> System.ServiceProcess.TimeoutException : Timed out waiting for Installer Service to complete for machine 192.168.168.114. Investigation order: FabricInstallerS
ervice -> FabricSetup -> FabricDeployer -> Fabric
at Microsoft.ServiceFabric.DeploymentManager.DeploymentManagerInternal.StartAndValidateInstallerServiceCompletion(String machineName, ServiceController installerSvc)
at System.Threading.Tasks.Parallel.<>c__DisplayClass17_0`1.<ForWorker>b__1()
at System.Threading.Tasks.Task.InnerInvokeWithArg(Task childTask)
at System.Threading.Tasks.Task.<>c__DisplayClass176_0.<ExecuteSelfReplicating>b__0(Object )
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
at System.Threading.Tasks.Parallel.ForWorker[TLocal](Int32 fromInclusive, Int32 toExclusive, ParallelOptions parallelOptions, Action`1 body, Action`2 bodyWithState, Func`4 bodyWithLocal, Func`1 localInit, Action`1 localFinally)
at System.Threading.Tasks.Parallel.ForEachWorker[TSource,TLocal](IEnumerable`1 source, ParallelOptions parallelOptions, Action`1 body, Action`2 bodyWithState, Action`3 bodyWithStateAndIndex, Func`4 bodyWithStateAndLocal, Func`5 bodyWithEverything, Func`1 localInit, Action`1 localFinally)
at System.Threading.Tasks.Parallel.ForEach[TSource](IEnumerable`1 source, Action`1 body)
at Microsoft.ServiceFabric.DeploymentManager.DeploymentManagerInternal.RunFabricServices(List`1 machines, FabricPackageType fabricPackageType)
at Microsoft.ServiceFabric.DeploymentManager.DeploymentManagerInternal.<CreateClusterAsyncInternal>d__7.MoveNext()
---> (Inner Exception #0) System.ServiceProcess.TimeoutException: Timed out waiting for Installer Service to complete for machine 192.168.168.114. Investigation order: FabricInstallerService -> FabricSetup -> FabricDeployer -> Fabric
at Microsoft.ServiceFabric.DeploymentManager.DeploymentManagerInternal.StartAndValidateInstallerServiceCompletion(String machineName, ServiceController installerSvc)
at System.Threading.Tasks.Parallel.<>c__DisplayClass17_0`1.<ForWorker>b__1()
at System.Threading.Tasks.Task.InnerInvokeWithArg(Task childTask)
at System.Threading.Tasks.Task.<>c__DisplayClass176_0.<ExecuteSelfReplicating>b__0(Object )<---
从用户
网络服务
来看,问题是网络服务需要为SF使用的证书添加到ACL
请参阅“安装证书”对于我来说,设置证书ACL的Microsoft PS脚本不起作用,因为我使用的是CNG证书,这意味着$cert.PrivateKey返回空值 我的解决办法是使用
certutil -store my certificate_thumbprint
要获取唯一容器名称,然后通过根共享通过GUI授予网络服务完全控制权,请执行以下操作:
\\headlesshost\c$\programdata\microsoft\Crypto\Keys\unique_container_name
\\headlesshost\c$\programdata\microsoft\Crypto\Keys\unique_container_name