我正在尝试使用此处所述的PowerShell脚本创建Azure Service Fabric群集: https://docs.microsoft.com/en-us/azure/service-fabric/scripts/service-fabric-powershell-create-secure-cluster-cert
该脚本通过调用New-AzureRmServiceFabricCluster命令一步一步创建所有内容(包括Key Vault)。
设置变量并在PowerShell中运行脚本后,出现此警告,然后出现异常:
WARNING: Access policy is not set. No user or application have access permission to use this vault. Please use Set-AzureRmKeyVaultAccessPolicy to set a
ccess policies.
New-AzureRmServiceFabricCluster : 10:00:24 AM - System.AggregateException: One or more errors occurred. --->
Microsoft.Azure.KeyVault.Models.KeyVaultErrorException: Operation returned an invalid status code 'Forbidden'
at Microsoft.Azure.KeyVault.KeyVaultClient.<CreateCertificateWithHttpMessagesAsync>d__84.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Azure.KeyVault.KeyVaultClientExtensions.<CreateCertificateAsync>d__68.MoveNext()
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at Microsoft.Azure.Commands.ServiceFabric.Commands.ServiceFabricClusterCertificateCmdlet.CreateSelfSignedCertificate(String subjectName, String
keyVaultUrl, String& thumbprint, CertificateBundle& certificateBundle, String& outputFilePath)
---> (Inner Exception #0) Microsoft.Azure.KeyVault.Models.KeyVaultErrorException: Operation returned an invalid status code 'Forbidden'
at Microsoft.Azure.KeyVault.KeyVaultClient.<CreateCertificateWithHttpMessagesAsync>d__84.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Azure.KeyVault.KeyVaultClientExtensions.<CreateCertificateAsync>d__68.MoveNext()<---
At C:\GitVSTS\BusinessPlatform\Scripts\Create_SF_Secure_Cluster.ps1:50 char:1
+ New-AzureRmServiceFabricCluster -Name $clustername -ResourceGroupName ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [New-AzureRmServiceFabricCluster], Exception
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ServiceFabric.Commands.NewAzureRmServiceFabricCluster
New-AzureRmServiceFabricCluster : One or more errors occurred.
At C:\GitVSTS\BusinessPlatform\Scripts\Create_SF_Secure_Cluster.ps1:50 char:1
+ New-AzureRmServiceFabricCluster -Name $clustername -ResourceGroupName ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [New-AzureRmServiceFabricCluster], AggregateException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.ServiceFabric.Commands.NewAzureRmServiceFabricCluster
在门户中浏览资源组时,我可以看到实际创建的KeyVault,尽管没有其他内容。
这真的很奇怪,因为在创建Key Vault之前我没有机会设置访问策略。
我尝试在创建的KeyVault上创建访问策略,然后再次运行脚本-同样的错误。
我确定我是该订阅的所有者,并且拥有所有管理员权限。 有人知道这是怎么回事吗?
答案 0 :(得分:1)
我终于弄明白了。
发生这种情况的原因是,我在不同的用户帐户下拥有两个Azure订阅,并且之前我都为它们运行了Azure PowerShell脚本。 PowerShell记住了我的会话,并在创建群集时以某种方式将它们混合在一起,并应用了错误的凭据。
此问题的解决方法是清理PowerShell会话:
Clear-AzureRmContext -Scope CurrentUser
这为我修复了它。