Question

我正在尝试使用以下脚本部署服务矩阵集群：

$subscriptionName="mysubscription"
$resourceGroupName="screenshot-bot" # you can keep this same as cluster name for convenience
$keyvaultName="screenshot-bot"
$parameterFilePath="C:\Users\t-rorose\source\repos\teams-verticals-healthcare\Healthcare\ScreenshotBot\Samples\V1.0Samples\LocalMediaSamples\HueBot\HueBot\ARM_Deployment\AzureDeploy.Parameters.json"
$templateFilePath="C:\Users\t-rorose\source\repos\teams-verticals-healthcare\Healthcare\ScreenshotBot\Samples\V1.0Samples\LocalMediaSamples\HueBot\HueBot\ARM_Deployment\AzureDeploy.json"
$secretID="https://screenshot-bot.vault.azure.net/secrets/ScreenshotBotAzureSSL/<redacted>"

Connect-AzureRmAccount
Select-AzureRmSubscription -SubscriptionName $subscriptionName

Set-AzureRmKeyVaultAccessPolicy -VaultName $keyvaultName -EnabledForDeployment
New-AzureRmServiceFabricCluster -ResourceGroupName $resourceGroupName -SecretIdentifier $secretID -TemplateFile $templateFilePath -ParameterFile $parameterFilePath

但是由于似乎缺少证书，在尝试部署VM时出现错误：

Account          : t-rorose@microsoft.com
SubscriptionName : Azure SDK Engineering System
SubscriptionId   : a18897a6-7e44-457d-9260-f2854c0aca42
TenantId         : 72f988bf-86f1-41af-91ab-2d7cd011db47
Environment      : AzureCloud


Name               : [t-rorose@microsoft.com, a9da32c3-d579-4e94-89fc-4fc2ab1f0070]
Account            : t-rorose@microsoft.com
Environment        : AzureCloud
Subscription       : a9da32c3-d579-4e94-89fc-4fc2ab1f0070
Tenant             : 72f988bf-86f1-41af-91ab-2d7cd011db47
TokenCache         : Microsoft.Azure.Commands.Common.Authentication.AuthenticationStoreTokenCache
VersionProfile     :
ExtendedProperties : {}

New-AzureRmServiceFabricCluster : Code: DeploymentFailed, Message: At least one resource deployment operation failed.
Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.
Details: Code: Conflict, Message: {
  "status": "Failed",
  "error": {
    "code": "ResourceDeploymentFailure",
    "message": "The resource operation completed with terminal provisioning state 'Failed'.",
    "details": [
      {
        "code": "VMExtensionProvisioningError",
        "message": "VM has reported a failure when processing extension 'ServiceFabricNodeVmExt_vmNodeType0Name'.
Error message: \"Cannot find certificate with 'FindByThumbprint' 'D4DE20D05E66FC53FE1A50882C78DB2852CAE474' in store
'My'\"."
      }
    ]
  }
}
Details:
At C:\Users\t-rorose\source\repos\teams-verticals-healthcare\Healthcare\ScreenshotBot\Samples\setup-sf.ps1:12 char:1
+ New-AzureRmServiceFabricCluster -ResourceGroupName $resourceGroupName ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [New-AzureRmServiceFabricCluster], Exception
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.ServiceFabric.Commands.NewAzureRmServiceFabricCluster

New-AzureRmServiceFabricCluster : One or more errors occurred.
At C:\Users\t-rorose\source\repos\teams-verticals-healthcare\Healthcare\ScreenshotBot\Samples\setup-sf.ps1:12 char:1
+ New-AzureRmServiceFabricCluster -ResourceGroupName $resourceGroupName ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [New-AzureRmServiceFabricCluster], AggregateException
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.ServiceFabric.Commands.NewAzureRmServiceFabricCluster

缺少的证书（D4Detc ...）是巴尔的摩CyberTrust根证书，它是我为服务生成的证书的根证书。我不确定如何解决此错误。

Answer 1

您的ARM模板是否具有以下fabricSettings？

"fabricSettings": [
  {
    "name": "Security",
    "parameters": [
      {
        "name": "ClusterProtectionLevel",
        "value": "EncryptAndSign"
      }
    ]
  }

调试证书时还要检查的另一件事是，证书链是否受信任，Azure内部的证书链是否受信任？

由于缺少根证书，Azure Service Fabric部署失败？

1 个答案: