我正在尝试连接到成功创建的单节点群集,但到目前为止无法从节点本身或从单独的客户端计算机进行连接。
设置是一个单节点群集,其中群集和服务器/节点相同。我使用的是自签名证书,并且(从理论上来说)已经在群集/服务器上安装了主证书和辅助证书,并在客户端计算机上安装了管理员和标准客户端证书。
如果在计算机上安装了不安全的群集,则可以通过浏览器成功导航到该群集,但是当我创建安全的群集时,将无法连接。
尝试通过PowerShell错误和“身份验证服务器失败”身份进行连接。
使用Chrome浏览到服务器失败。
集群JSON配置如下:
{
"name": "SomeFancyCluster",
"clusterConfigurationVersion": "1.0.0",
"apiVersion": "10-2017",
"nodes": [
{
"nodeName": "vm0",
"iPAddress": "some.server.name",
"nodeTypeRef": "NodeType0",
"faultDomain": "fd:/dc1/r0",
"upgradeDomain": "UD0"
}
],
"properties": {
"diagnosticsStore": {
"metadata": "Please replace the diagnostics file share with an actual file share accessible from all cluster machines.",
"dataDeletionAgeInDays": "21",
"storeType": "FileShare",
"connectionstring": "c:\\ProgramData\\SF\\DiagnosticsStore"
},
"security": {
"metadata": "The Credential type X509 indicates this is cluster is secured using X509 Certificates. The thumbprint format is - d5 ec 42 3b 79 cb e5 07 fd 83 59 3c 56 b9 d5 31 24 25 42 64.",
"ClusterCredentialType": "Windows",
"ServerCredentialType": "X509",
"WindowsIdentities": {
"ClusterIdentity": "some.server"
},
"CertificateInformation": {
"ClusterCertificate": {
"Thumbprint": "ab123456789123456789123456789123456789cd",
"ThumbprintSecondary": "ef123456789123456789123456789123456789gh",
"X509StoreName": "My"
},
"ServerCertificate": {
"Thumbprint": "ab123456789123456789123456789123456789cd",
"ThumbprintSecondary": "ef123456789123456789123456789123456789gh",
"X509StoreName": "My"
},
"ClientCertificateThumbprints": [{
"CertificateThumbprint": "ab123456789123456789123456789123456789ef",
"IsAdmin": false
}, {
"CertificateThumbprint": "ab123456789123456789123456789123456789gh",
"IsAdmin": true
}]
}
},
"nodeTypes": [
{
"name": "NodeType0",
"clientConnectionEndpointPort": "19000",
"clusterConnectionEndpointPort": "19001",
"leaseDriverEndpointPort": "19002",
"serviceConnectionEndpointPort": "19003",
"httpGatewayEndpointPort": "19080",
"reverseProxyEndpointPort": "30000",
"applicationPorts": {
"startPort": "20001",
"endPort": "20031"
},
"ephemeralPorts": {
"startPort": "20032",
"endPort": "20287"
},
"isPrimary": true
}
],
"fabricSettings": [
{
"name": "Setup",
"parameters": [
{
"name": "FabricDataRoot",
"value": "C:\\ProgramData\\SF"
},
{
"name": "FabricLogRoot",
"value": "C:\\ProgramData\\SF\\Log"
}
]
}
]
}
}
然后我尝试根据文档使用以下PowerShell命令进行连接
Connect-ServiceFabricCluster -ConnectionEndpoint some.server.name:19000 -KeepAliveIntervalInSec 10 -X509Credential -ServerCertThumbprint <Server Thumbprint> -FindType FindByThumbprint -FindValue <Client Thumbprint> -StoreLocation CurrentUser -StoreName My
我将客户端证书安装到“证书-当前用户/个人/证书”
在服务器上,证书全部位于“证书(本地计算机)/个人/证书”中
在“证书(本地计算机)/受信任的根证书颁发机构”中也具有主服务器/群集证书,其CN等于some.server.name。
关于以上遗漏/错误的任何想法吗?
答案 0 :(得分:1)
我感觉这与配置中的ClusterIdentity字段有关。你能告诉我为什么要添加吗?
您正在通过证书进行身份验证,因此,如果要通过证书连接到群集,请完全删除import 'dart:io';
void main() async {
HttpServer server = await HttpServer.bind('localhost', 5600);
server.transform(WebSocketTransformer()).listen(onWebSocketData);
}
void onWebSocketData(WebSocket client){
client.listen((data) {
client.add('Echo: $data');
});
}
部分,并将WindowsIdentities更改为ClusterCredentialType。更新群集配置,您应该可以连接。
否则,在连接时请提供X509参数而不是证书。