stackoom
  简体   繁体   中英

How to run secure service fabric stateful service in Azure?

 原文  2016-04-30 18:54:31       c#/ azure/ replication/ azure-service-fabric

Question

I've been able to get this to work locally using the following Settings.xml file. 

<Section Name="ReplicatorSecurityConfig">
  <Parameter Name="CredentialType" Value="X509" />
  <Parameter Name="FindType" Value="FindByThumbprint" />
  <Parameter Name="FindValue" Value="InsertLocalhostThumbprintHere" />
  <Parameter Name="StoreLocation" Value="LocalMachine" />
  <Parameter Name="StoreName" Value="My" />
  <Parameter Name="ProtectionLevel" Value="EncryptAndSign" />
  <Parameter Name="AllowedCommonNames" Value="localhost" />
</Section>

This however does not work in the real cluster in Azure that was setup securely using a cert. Here is my modified Settings.xml that I thought would work but it is not. 

<Section Name="ReplicatorSecurityConfig">
  <Parameter Name="CredentialType" Value="X509" />
  <Parameter Name="FindType" Value="FindByThumbprint" />
  <Parameter Name="FindValue" Value="InsertClusterThumbprintHere" />
  <Parameter Name="StoreLocation" Value="LocalMachine" />
  <Parameter Name="StoreName" Value="My" />
  <Parameter Name="ProtectionLevel" Value="EncryptAndSign" />
  <Parameter Name="AllowedCommonNames" Value="testapp1.eastus.cloudapp.azure.com" />
</Section>

What happens on the real cluster in azure is the Secondary get stuck in status "In Build" and their role says IdleSecondary instead of the normal ActiveSecondary that I'm used to.

What settings should I use for AllowedCommonNames? What exactly is this doing? Why does it not use RemoteCommonNames? I thought AllowedCommonNames was deprecated in favor of RemoteCommonNames. I've tried, even locally if I modify AllowedCommonNames to RemoteCommonNames it breaks my service locally.

Any help is appreciated.

1 answers

solution1
 0  2016-04-30 19:30:45

Looks like I solved my own issue, my modified config was fine for the cloud the only difference was I needed to log into each VM underneath the VM scale set in the cluster and add the public key of the cert to the trusted root since this was a self signed cert. After doing that, things started working.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Access Azure Service Fabric stateful service state Run scheduled background job on stateful service in azure service fabric to update some data in Reliable Dictionary on schedule time Exception when create new Azure Service Fabric Stateful Service How to obtain PartitionInfo in an Azure Service Fabric ASP.NET Core stateful service? Azure Service Fabric : Use stateless service to store data into stateful service (c# programming) Microsoft Service Fabric Stateful Service will not start Service Fabric - Calling a named partition for a stateful service Does azure service fabric stateful service reliable collection now supports offloading data to disk? Azure service fabric, can a stateful service only ever have a single primary? Azure Service Fabric Scaling
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM