如何让 Visual Studio 将应用程序发布到由证书公用名而不是指纹保护的 Service Fabric 集群?
How to Get Visual Studio to Publish an Application to Service Fabric Cluster Secured by Certificate Common Name Instead of Thumbprint?
我按照 here 中记录的步骤将我现有的 ARM 模板转换为使用公用名设置而不是指纹。部署成功,在典型的证书选择弹出窗口后,我能够使用我的浏览器连接到 Service Fabric Explorer。接下来,我尝试像以前一样将应用程序部署到集群。尽管我可以在 VS public 服务结构应用程序对话框中看到集群连接端点 URI,但 VS 无法连接到集群。之前会提示允许VS访问本地证书。有谁知道如何让 VS 使用证书公用名将应用程序部署到服务结构集群设置?
从上面的 MS link 中摘录:
"virtualMachineProfile": {
"extensionProfile": {
"extensions": [`enter code here`
{
"name": "[concat('ServiceFabricNodeVmExt','_vmNodeType0Name')]",
"properties": {
"type": "ServiceFabricNode",
"autoUpgradeMinorVersion": true,
"protectedSettings": {
"StorageAccountKey1": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('supportLogStorageAccountName')),'2015-05-01-preview').key1]",
"StorageAccountKey2": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('supportLogStorageAccountName')),'2015-05-01-preview').key2]"
},
"publisher": "Microsoft.Azure.ServiceFabric",
"settings": {
"clusterEndpoint": "[reference(parameters('clusterName')).clusterEndpoint]",
"nodeTypeRef": "[variables('vmNodeType0Name')]",
"dataPath": "D:\SvcFab",
"durabilityLevel": "Bronze",
"enableParallelJobs": true,
"nicPrefixOverride": "[variables('subnet0Prefix')]",
"certificate": {
"commonNames": [
"[parameters('certificateCommonName')]"
],
"x509StoreName": "[parameters('certificateStoreValue')]"
}
},
"typeHandlerVersion": "1.0"
}
},
和
{
"apiVersion": "2018-02-01",
"type": "Microsoft.ServiceFabric/clusters",
"name": "[parameters('clusterName')]",
"location": "[parameters('clusterLocation')]",
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', variables('supportLogStorageAccountName'))]"
],
"properties": {
"addonFeatures": [
"DnsService",
"RepairManager"
],
"certificateCommonNames": {
"commonNames": [
{
"certificateCommonName": "[parameters('certificateCommonName')]",
"certificateIssuerThumbprint": ""
}
],
"x509StoreName": "[parameters('certificateStoreValue')]"
},
...
我找到了 Visual Studio 的解决方案。我需要 add/update 到 PublishProfiles/Cloud.xml 文件。我将 ServerCertThumbprint 替换为 ServerCommonName,然后将证书 CN 用于新的 属性 和现有的 FindValue 属性。此外,我将 FindType 的 属性 更改为 FindBySubjectName。我现在能够成功连接并将我的应用程序发布到集群。
<ClusterConnectionParameters
ConnectionEndpoint="sf-commonnametest-scus.southcentralus.cloudapp.azure.com:19000"
X509Credential="true"
ServerCommonName="sfrpe2eetest.southcentralus.cloudapp.azure.com"
FindType="FindBySubjectName"
FindValue="sfrpe2eetest.southcentralus.cloudapp.azure.com"
StoreLocation="CurrentUser"
StoreName="My" />
我按照 here 中记录的步骤将我现有的 ARM 模板转换为使用公用名设置而不是指纹。部署成功,在典型的证书选择弹出窗口后,我能够使用我的浏览器连接到 Service Fabric Explorer。接下来,我尝试像以前一样将应用程序部署到集群。尽管我可以在 VS public 服务结构应用程序对话框中看到集群连接端点 URI,但 VS 无法连接到集群。之前会提示允许VS访问本地证书。有谁知道如何让 VS 使用证书公用名将应用程序部署到服务结构集群设置?
从上面的 MS link 中摘录:
"virtualMachineProfile": {
"extensionProfile": {
"extensions": [`enter code here`
{
"name": "[concat('ServiceFabricNodeVmExt','_vmNodeType0Name')]",
"properties": {
"type": "ServiceFabricNode",
"autoUpgradeMinorVersion": true,
"protectedSettings": {
"StorageAccountKey1": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('supportLogStorageAccountName')),'2015-05-01-preview').key1]",
"StorageAccountKey2": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('supportLogStorageAccountName')),'2015-05-01-preview').key2]"
},
"publisher": "Microsoft.Azure.ServiceFabric",
"settings": {
"clusterEndpoint": "[reference(parameters('clusterName')).clusterEndpoint]",
"nodeTypeRef": "[variables('vmNodeType0Name')]",
"dataPath": "D:\SvcFab",
"durabilityLevel": "Bronze",
"enableParallelJobs": true,
"nicPrefixOverride": "[variables('subnet0Prefix')]",
"certificate": {
"commonNames": [
"[parameters('certificateCommonName')]"
],
"x509StoreName": "[parameters('certificateStoreValue')]"
}
},
"typeHandlerVersion": "1.0"
}
},
和
{
"apiVersion": "2018-02-01",
"type": "Microsoft.ServiceFabric/clusters",
"name": "[parameters('clusterName')]",
"location": "[parameters('clusterLocation')]",
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', variables('supportLogStorageAccountName'))]"
],
"properties": {
"addonFeatures": [
"DnsService",
"RepairManager"
],
"certificateCommonNames": {
"commonNames": [
{
"certificateCommonName": "[parameters('certificateCommonName')]",
"certificateIssuerThumbprint": ""
}
],
"x509StoreName": "[parameters('certificateStoreValue')]"
},
...
我找到了 Visual Studio 的解决方案。我需要 add/update 到 PublishProfiles/Cloud.xml 文件。我将 ServerCertThumbprint 替换为 ServerCommonName,然后将证书 CN 用于新的 属性 和现有的 FindValue 属性。此外,我将 FindType 的 属性 更改为 FindBySubjectName。我现在能够成功连接并将我的应用程序发布到集群。
<ClusterConnectionParameters
ConnectionEndpoint="sf-commonnametest-scus.southcentralus.cloudapp.azure.com:19000"
X509Credential="true"
ServerCommonName="sfrpe2eetest.southcentralus.cloudapp.azure.com"
FindType="FindBySubjectName"
FindValue="sfrpe2eetest.southcentralus.cloudapp.azure.com"
StoreLocation="CurrentUser"
StoreName="My" />