我在下面编写了一个 Terraform 脚本,用于在 Azure 中设置 Service Fabric 集群。该脚本完美执行,但在浏览 Service Fabric Management Endpoint 时。
它给了我一个客户端证书错误。如图所示。
用于设置集群和创建 VMSS 的代码。
也创建了其他资源,如 KeyVault、公共 IP、负载均衡器
resource "azurerm_service_fabric_cluster" "fabric_cluster" {
name = "${var.environment}${var.sfname}"
resource_group_name = azurerm_resource_group.resource.name
location = azurerm_resource_group.resource.location
reliability_level = "Silver"
upgrade_mode = "Automatic"
#cluster_code_version = "7.2.432.9590"
vm_image = "Windows"
management_endpoint = "https://${var.prefix}servicefabric.${var.location}.cloudapp.azure.com:19080"
node_type {
name = "prmry"
instance_count = 5
is_primary = true
client_endpoint_port = 19000
http_endpoint_port = 19080
durability_level = "Silver"
application_ports {
start_port = 20000
end_port = 30000
}
ephemeral_ports{
start_port = 49152
end_port = 65534
}
}
azure_active_directory{
tenant_id= "****"
cluster_application_id="****"
client_application_id= "***"
}
reverse_proxy_certificate {
thumbprint = azurerm_key_vault_certificate.vault_certificate.thumbprint
x509_store_name = "My"
}
certificate {
thumbprint = azurerm_key_vault_certificate.vault_certificate.thumbprint
x509_store_name = "My"
}
/*
client_certificate_thumbprint {
thumbprint = azurerm_key_vault_certificate.vault_certificate.thumbprint
is_admin = true
}
*/
}
resource "azurerm_windows_virtual_machine_scale_set" "vm_scale" {
name = "${var.prefix}sf"
resource_group_name = azurerm_resource_group.resource.name
location = azurerm_resource_group.resource.location
sku = "Standard_D1_v2"
instances = 5
admin_username = "adminuser"
admin_password = "P@ssw0rd1234!"
computer_name_prefix = var.prefix
overprovision = false
upgrade_mode = "Automatic"
source_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2019-Datacenter"
version = "latest"
}
network_interface {
name = "Sf_interface"
primary = true
ip_configuration {
name = "internal"
primary = true
subnet_id = azurerm_subnet.subnet.id
load_balancer_backend_address_pool_ids = [
azurerm_lb_backend_address_pool.backend_address.id
]
load_balancer_inbound_nat_rules_ids = [
azurerm_lb_nat_pool.nat_pool.id
]
}
}
os_disk {
storage_account_type = "Standard_LRS"
caching = "ReadWrite"
}
/*certificate {
url= azurerm_key_vault.key_vault.vault_uri
store= "My"
}
*/
secret {
certificate {
store = "My"
url = azurerm_key_vault_certificate.vault_certificate.secret_id
}
key_vault_id = azurerm_key_vault.key_vault.id
}
extension {
name = "prmry"
publisher = "Microsoft.Azure.ServiceFabric"
type = "ServiceFabricNode"
type_handler_version = "1.1"
auto_upgrade_minor_version = false
settings = jsonencode({
"clusterEndpoint" = azurerm_service_fabric_cluster.fabric_cluster.cluster_endpoint
"nodeTypeRef" = azurerm_service_fabric_cluster.fabric_cluster.node_type[0].name
"durabilityLevel" = "Silver"
"nicPrefixOverride" = azurerm_subnet.subnet.address_prefixes[0]
"enableParallelJobs" = true
"dataPath"= "D:\\\\SvcFab"
"certificate" = {
"thumbprint" = azurerm_key_vault_certificate.vault_certificate.thumbprint
"x509StoreName" = "My"
}
})
protected_settings = jsonencode({
"StorageAccountKey1" = azurerm_storage_account.storageaccount.primary_access_key
"StorageAccountKey2" = azurerm_storage_account.storageaccount.secondary_access_key
})
}
}