安装Secure Standalone Service Fabric Dev Cluster

时间:2017-04-04 09:36:25

标签: azure-service-fabric

我正试图遵循这个:

https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-windows-cluster-x509-security

我已编辑ClusterConfig.X509.DevCluster.json并将localhost替换为我的机器的IP。我已将证书包含在其中,security节点如下:

    "security": {
        "metadata": "The Credential type X509 indicates this is cluster is secured using X509 Certificates. The thumbprint format is - d5 ec 42 3b 79 cb e5 07 fd 83 59 3c 56 b9 d5 31 24 25 42 64.",
        "ClusterCredentialType": "X509",
        "ServerCredentialType": "X509",
        "CertificateInformation": {
            "ClusterCertificate": {
                "Thumbprint": "xx xx xx xx dc c9 a1 2e ae 2d 68 90 8e 7d f0 1e 79 05 d6 6b",
                "X509StoreName": "My"
            },
            "ServerCertificate": {
                "Thumbprint": "xx xx xx xx dc c9 a1 2e ae 2d 68 90 8e 7d f0 1e 79 05 d6 6b",
                "X509StoreName": "My"
            },
            "ReverseProxyCertificate": {
                "Thumbprint": "xx xx xx xx ee 08 00 ea f0 69 7f 4f 2c 61 49 0c 28 20 11 8b",
                "X509StoreName": "My"
            }
        }
    },

我的配置似乎有效:

ClusterConfigFilePath: ClusterConfig.json
DeploymentComponents extracted.
Trace folder doesn't exist. Creating trace folder: C:\SF-Install\DeploymentTraces
Running Best Practices Analyzer...
Best Practices Analyzer completed successfully.


LocalAdminPrivilege        : True
IsJsonValid                : True
IsCabValid                 :
RequiredPortsOpen          : True
RemoteRegistryAvailable    : True
FirewallAvailable          : True
RpcCheckPassed             : True
NoConflictingInstallations : True
FabricInstallable          : True
DataDrivesAvailable        : True
Passed                     : True

安装超时,出现以下错误:

Timed out waiting for Installer Service to complete for machine 192.168.168.114. Investigation order: FabricInstallerService -> FabricSetup -> FabricDeployer -> Fabric
CreateCluster Error: System.AggregateException: One or more errors occurred. ---> System.ServiceProcess.TimeoutException : Timed out waiting for Installer Service to complete for machine 192.168.168.114. Investigation order: FabricInstallerS
ervice -> FabricSetup -> FabricDeployer -> Fabric
   at Microsoft.ServiceFabric.DeploymentManager.DeploymentManagerInternal.StartAndValidateInstallerServiceCompletion(String machineName, ServiceController installerSvc)
   at System.Threading.Tasks.Parallel.<>c__DisplayClass17_0`1.<ForWorker>b__1()
   at System.Threading.Tasks.Task.InnerInvokeWithArg(Task childTask)
   at System.Threading.Tasks.Task.<>c__DisplayClass176_0.<ExecuteSelfReplicating>b__0(Object )
   --- End of inner exception stack trace ---
   at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)
   at System.Threading.Tasks.Task.Wait(Int32 millisecondsTimeout, CancellationToken cancellationToken)
   at System.Threading.Tasks.Parallel.ForWorker[TLocal](Int32 fromInclusive, Int32 toExclusive, ParallelOptions parallelOptions, Action`1 body, Action`2 bodyWithState, Func`4 bodyWithLocal, Func`1 localInit, Action`1 localFinally)
   at System.Threading.Tasks.Parallel.ForEachWorker[TSource,TLocal](IEnumerable`1 source, ParallelOptions parallelOptions, Action`1 body, Action`2 bodyWithState, Action`3 bodyWithStateAndIndex, Func`4 bodyWithStateAndLocal, Func`5 bodyWithEverything, Func`1 localInit, Action`1 localFinally)
   at System.Threading.Tasks.Parallel.ForEach[TSource](IEnumerable`1 source, Action`1 body)
   at Microsoft.ServiceFabric.DeploymentManager.DeploymentManagerInternal.RunFabricServices(List`1 machines, FabricPackageType fabricPackageType)
   at Microsoft.ServiceFabric.DeploymentManager.DeploymentManagerInternal.<CreateClusterAsyncInternal>d__7.MoveNext()
---> (Inner Exception #0) System.ServiceProcess.TimeoutException: Timed out waiting for Installer Service to complete for machine 192.168.168.114. Investigation order: FabricInstallerService -> FabricSetup -> FabricDeployer -> Fabric
   at Microsoft.ServiceFabric.DeploymentManager.DeploymentManagerInternal.StartAndValidateInstallerServiceCompletion(String machineName, ServiceController installerSvc)
   at System.Threading.Tasks.Parallel.<>c__DisplayClass17_0`1.<ForWorker>b__1()
   at System.Threading.Tasks.Task.InnerInvokeWithArg(Task childTask)
   at System.Threading.Tasks.Task.<>c__DisplayClass176_0.<ExecuteSelfReplicating>b__0(Object )<---

我完全可以安装ClusterConfig.Unsecure.DevCluster.json

我正在全新安装Windows Server 2016。

我的证书是使用New-SelfSignedCertificate -DnsName "xxxx"

创建的

在事件日志中我正在

SecurityCredentials
AcquireCredentialsHandle(Microsoft Unified Security Protocol Provider) failed: 0x8009030d

来自用户NETWORK SERVICE

2 个答案:

答案 0 :(得分:1)

问题是网络服务需要为SF使用的证书添加ACL。

请参阅“安装证书”here

答案 1 :(得分:0)

对我来说,用于设置证书ACL的Microsoft PS脚本不起作用,因为我正在使用CNG证书,这意味着$ cert.PrivateKey返回null。

对我来说,解决方案是使用

certutil -store my certificate_thumbprint

获得唯一的容器名称,然后通过root共享通过GUI授予NETWORK SERVICE完全控制权:

\\headlesshost\c$\programdata\microsoft\Crypto\Keys\unique_container_name
相关问题
最新问题