使用PowerShell创建服务结构集群时失败

时间:2018-03-25 08:20:34

标签: powershell azure-service-fabric

我正在尝试使用powershell脚本创建服务结构群集。这是脚本:

Param(
    [Parameter(HelpMessage="Azure user name")]
    [String]$azUserName,
    [Parameter(HelpMessage="Azure password")]
    [String]$azPassword,
    [Parameter(HelpMessage="What is the resource group name?")]
    [String]$ResourceGroupName="sfLinuxClusterRg",
    [Parameter(HelpMessage="What is the key vault group name?")]
    [String]$KeyVaultResourceGroupName="KeyVaultRg",
    [Parameter(HelpMessage="Where is the azure location?")]
    [String]$Location="uksouth",
    [Parameter(HelpMessage="what is the key vault group?")]
    [String]$VaultGroupName="linuxclusterkeyvaultgroup",
    [Parameter(HelpMessage="Where is the certificate stored locally?")]
    [String]$CertFileName="certificate.pfx",
    [Parameter(HelpMessage="What is the subscription id?")]
    [String]$SubscriptionId,
    [Parameter(HelpMessage="What is the tenant id?")]
    [String]$TenantId
)

Function DecryptSecureString([SecureString] $secureText){
    return [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($secureText))    
}

Function CreateKeyVaultCert(){

    try{
        Select-AzureRmSubscription -SubscriptionId $SubscriptionId `
                            -TenantId $TenantId

        # Create a Resource Group to hold your Key Vault(s)
        # Note this should be separate from your other resources so you can delete those other resource groups without impacting your registered certs
        New-AzureRmResourceGroup -Name $KeyVaultResourceGroupName -Location uksouth  -Force 

        # Create a Key Vault to hold your secrets
        New-AzureRmKeyVault -VaultName $vaultName -ResourceGroupName $KeyVaultResourceGroupName `
            -Location uksouth -EnabledForDeployment `
            -EnabledForDiskEncryption -EnabledForTemplateDeployment 

        # Have Key Vault create the certificate with a simple policy
        $policy = New-AzureKeyVaultCertificatePolicy `
            -SubjectName "CN=cluster123.uksouth.cloudapp.azure.com" `
            -IssuerName Self -ValidityInMonths 12 

        Add-AzureKeyVaultCertificate -VaultName $vaultName -Name cert1 -CertificatePolicy $policy 

        Set-AzureRmKeyVaultAccessPolicy -VaultName $vaultName -EnabledForDeployment

        Set-AzureRmKeyVaultAccessPolicy -VaultName $vaultName -EmailAddress $azUserName -PermissionsToSecrets Get
    }
    catch{
        Write-Host $_.Exception.Message
        exit
    }  
}

$azPassword = $azPassword | ConvertTo-SecureString -AsPlainText -Force
Import-AzureRmContext -Path "C:\stuff\AzureProfile.json"

$Date = Get-Date
$VaultName="VaultLearn" + $Date.ToString("hhmmss")

# sign in to your Azure account and select your subscription
$certName = "CN=cluster123.uksouth.cloudapp.azure.com"
$clustersize=5 
$clustername = "cluster123" + $Date.ToString("hhmmss")
$adminuser="admin" 
$vmsku = "Standard_D2_v2"
$os = "UbuntuServer1604"

Select-AzureRmSubscription -SubscriptionId $SubscriptionId

CreateKeyVaultCert

New-AzureRmServiceFabricCluster -Name $clustername `
                                -ResourceGroupName $ResourceGroupName `
                                -Location uksouth `
                                -ClusterSize $clustersize `
                                -VmUserName $adminuser -VmPassword $azPassword `
                                -CertificateSubjectName $certName `
                                -CertificatePassword $azPassword `
                                -VmSku $vmsku `
                                -CertificateOutputFolder 'C:\stuff' `
                                -OS $os `
                                -KeyVaultName $VaultName

Write-Host "Created service fabric cluster in resource group $ResourceGroupName"

#Add-AzureRmAccount
# $path = "C:\stuff\AzureProfile.json"
# Save-AzureRmContext -Path $path -Force

我一直收到错误:

New-AzureRmServiceFabricCluster:名称'VaultLearn090903'已在使用中。

这真的很奇怪,因为我很确定昨天这个脚本至少试图创建集群,虽然我收到了另一个关于Ubuntu图像找不到的错误。可能导致此错误的原因是什么?

顺便说一下,为了运行这个脚本,我之前运行过这段代码:

Add-AzureRmAccount
$path = "C:\stuff\AzureProfile.json"
Save-AzureRmContext -Path $path -Force

已在本地缓存我的azure凭据。

我在脚本中专门添加了两个语句,用于添加访问keyvault的策略:

            Set-AzureRmKeyVaultAccessPolicy -VaultName $vaultName -EnabledForDeployment
            Set-AzureRmKeyVaultAccessPolicy -VaultName $vaultName -EmailAddress $azUserName -PermissionsToSecrets Get

我知道这可能是矫枉过正,但我​​正试图摆脱这个问题。

另一个奇怪的事情是我尝试了Azure Sample Github repo

我对如何继续使用服务结构感到茫然。

1 个答案:

答案 0 :(得分:0)

为了完整性:

我设法通过访问azure门户网站,创建服务结构集群并下载ARM模板(包括一些PowerShell脚本)来获得不同的工作。

感谢