我想使用带有AD集成的ARM模板设置Service Fabric群集。我正在按照给出的说明进行操作 https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-creation-create-template
我收到以下错误
message“:”不应同时定义通用名称和指纹 特定证书。”,
{
"apiVersion":"2018-02-01",
"type":"Microsoft.ServiceFabric/clusters",
"name":"[parameters('clusterName')]",
"location":"[parameters('clusterLocation')]",
"dependsOn":[
"[concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName'))]"
],
"properties":{
"addonFeatures":[
"DnsService",
"RepairManager"
],
"certificate":{
"thumbprint":"[parameters('certificateThumbprint')]",
"x509StoreName":"[parameters('certificateStoreValue')]"
},
"certificateCommonNames":{
"commonNames":[
{
"certificateCommonName":"[parameters('certificateCommonName')]",
"certificateIssuerThumbprint":""
}
],
"x509StoreName":"[parameters('certificateStoreValue')]"
},
"azureActiveDirectory":{
"tenantId":"[parameters('aadTenantId')]",
"clusterApplication":"[parameters('aadClusterApplicationId')]",
"clientApplication":"[parameters('aadClientApplicationId')]"
},
"clientCertificateCommonNames":[
],
"clientCertificateThumbprints":[
],
"clusterState":"Default",
"diagnosticsStorageAccountConfig":{
"blobEndpoint":"[reference(concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.blob]",
"protectedAccountKeyName":"StorageAccountKey1",
"queueEndpoint":"[reference(concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.queue]",
"storageAccountName":"[parameters('supportLogStorageAccountName')]",
"tableEndpoint":"[reference(concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.table]"
},
"fabricSettings":[
{
"parameters":[
{
"name":"ClusterProtectionLevel",
"value":"[parameters('clusterProtectionLevel')]"
}
],
"name":"Security"
}
],
"managementEndpoint":"[concat('https://',reference(concat(parameters('lbIPName'),'-','0')).dnsSettings.fqdn,':',parameters('nt0fabricHttpGatewayPort'))]",
"nodeTypes":[
{
"name":"[parameters('vmNodeType0Name')]",
"applicationPorts":{
"endPort":"[parameters('nt0applicationEndPort')]",
"startPort":"[parameters('nt0applicationStartPort')]"
},
"clientConnectionEndpointPort":"[parameters('nt0fabricTcpGatewayPort')]",
"durabilityLevel":"Bronze",
"ephemeralPorts":{
"endPort":"[parameters('nt0ephemeralEndPort')]",
"startPort":"[parameters('nt0ephemeralStartPort')]"
},
"httpGatewayEndpointPort":"[parameters('nt0fabricHttpGatewayPort')]",
"isPrimary":true,
"reverseProxyEndpointPort":"[parameters('nt0reverseProxyEndpointPort')]",
"vmInstanceCount":"[parameters('nt0InstanceCount')]"
}
],
"provisioningState":"Default",
"reliabilityLevel":"Silver",
"upgradeMode":"Automatic",
"vmImage":"Windows"
},
"tags":{
"resourceType":"Service Fabric",
"clusterName":"[parameters('clusterName')]"
}
}
答案 0 :(得分:0)
错误说明了一切,请删除模板的证书部分
"certificate":{
"thumbprint":"[parameters('certificateThumbprint')]",
"x509StoreName":"[parameters('certificateStoreValue')]"
},
答案 1 :(得分:0)
错误消息清晰Common names and thumbprints should not be both defined for a particular certificate,docs清楚地表明,如果您想按通用名称查找证书,则必须删除证书指纹设置。
它在第1步中提到了
- 在“参数”部分中,添加一个certificateCommonName参数:... 也可以考虑删除证书缩略图,它可能不再是 需要。
第2步
- 添加“ commonNames”:[“ [parameters('certificateCommonName')]”]],和 删除“ thumbprint”:“ [parameters('certificateThumbprint')]”,。
和3
- 添加具有commonNames属性的certificateCommonNames设置,然后 删除证书设置(具有指纹属性),方法如下 以下示例: