【问题标题】:Error while deploying service fabric using ARM template with Active Directory integration使用带有 Active Directory 集成的 ARM 模板部署服务结构时出错
【发布时间】:2019-03-11 17:06:23
【问题描述】:

我想使用带有 AD 集成的 ARM 模板设置 Service Fabric 集群。我正在按照给出的说明进行操作 https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-creation-create-template

我收到以下错误

message": "通用名称和指纹不应同时定义为 一个特定的证书。",

{
   "apiVersion":"2018-02-01",
   "type":"Microsoft.ServiceFabric/clusters",
   "name":"[parameters('clusterName')]",
   "location":"[parameters('clusterLocation')]",
   "dependsOn":[
      "[concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName'))]"
   ],
   "properties":{
      "addonFeatures":[
         "DnsService",
         "RepairManager"
      ],
      "certificate":{
         "thumbprint":"[parameters('certificateThumbprint')]",
         "x509StoreName":"[parameters('certificateStoreValue')]"
      },
      "certificateCommonNames":{
         "commonNames":[
            {
               "certificateCommonName":"[parameters('certificateCommonName')]",
               "certificateIssuerThumbprint":""
            }
         ],
         "x509StoreName":"[parameters('certificateStoreValue')]"
      },
      "azureActiveDirectory":{
         "tenantId":"[parameters('aadTenantId')]",
         "clusterApplication":"[parameters('aadClusterApplicationId')]",
         "clientApplication":"[parameters('aadClientApplicationId')]"
      },
      "clientCertificateCommonNames":[

      ],
      "clientCertificateThumbprints":[

      ],
      "clusterState":"Default",
      "diagnosticsStorageAccountConfig":{
         "blobEndpoint":"[reference(concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.blob]",
         "protectedAccountKeyName":"StorageAccountKey1",
         "queueEndpoint":"[reference(concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.queue]",
         "storageAccountName":"[parameters('supportLogStorageAccountName')]",
         "tableEndpoint":"[reference(concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.table]"
      },
      "fabricSettings":[
         {
            "parameters":[
               {
                  "name":"ClusterProtectionLevel",
                  "value":"[parameters('clusterProtectionLevel')]"
               }
            ],
            "name":"Security"
         }
      ],
      "managementEndpoint":"[concat('https://',reference(concat(parameters('lbIPName'),'-','0')).dnsSettings.fqdn,':',parameters('nt0fabricHttpGatewayPort'))]",
      "nodeTypes":[
         {
            "name":"[parameters('vmNodeType0Name')]",
            "applicationPorts":{
               "endPort":"[parameters('nt0applicationEndPort')]",
               "startPort":"[parameters('nt0applicationStartPort')]"
            },
            "clientConnectionEndpointPort":"[parameters('nt0fabricTcpGatewayPort')]",
            "durabilityLevel":"Bronze",
            "ephemeralPorts":{
               "endPort":"[parameters('nt0ephemeralEndPort')]",
               "startPort":"[parameters('nt0ephemeralStartPort')]"
            },
            "httpGatewayEndpointPort":"[parameters('nt0fabricHttpGatewayPort')]",
            "isPrimary":true,
            "reverseProxyEndpointPort":"[parameters('nt0reverseProxyEndpointPort')]",
            "vmInstanceCount":"[parameters('nt0InstanceCount')]"
         }
      ],
      "provisioningState":"Default",
      "reliabilityLevel":"Silver",
      "upgradeMode":"Automatic",
      "vmImage":"Windows"
   },
   "tags":{
      "resourceType":"Service Fabric",
      "clusterName":"[parameters('clusterName')]"
   }
}

【问题讨论】:

    标签: azure-active-directory azure-service-fabric arm-template


    【解决方案1】:

    错误说明了一切,删除模板的证书部分

      "certificate":{
         "thumbprint":"[parameters('certificateThumbprint')]",
         "x509StoreName":"[parameters('certificateStoreValue')]"
      },
    

    【讨论】:

      【解决方案2】:

      错误消息很清楚Common names and thumbprints should not be both defined for a particular certificatedocs 明确指出如果您想通过通用名称查找证书,则必须删除 证书指纹设置

      它在第 1 步提到它

      1. 在参数部分,添加一个certificateCommonName参数:... 还可以考虑删除证书指纹,它可能不再是 需要。

      第二步

      1. 添加“commonNames”:[“[parameters('certificateCommonName')]”],以及 删除 "thumbprint": "[parameters('certificateThumbprint')]",.

      和 3

      1. 添加带有 commonNames 属性的 certificateCommonNames 设置和 删除证书设置(带有指纹属性),如 以下示例:

      【讨论】:

        猜你喜欢
        • 1970-01-01
        • 2017-12-19
        • 2018-12-21
        • 1970-01-01
        • 2022-08-20
        • 1970-01-01
        • 2023-01-13
        • 2019-11-06
        • 2017-01-14
        相关资源
        最近更新 更多