App Service on Azure Stack Hub 更新 7 版本資訊App Service on Azure Stack Hub update 7 release notes

這些版本資訊說明 App Service on Azure Stack Hub 更新 7 的新功能、修正和已知問題。These release notes describe new features, fixes, and known issues in Azure App Service on Azure Stack Hub update 7. 已知問題分為兩部分:升級程序的相關問題,以及組建 (安裝後) 的問題。Known issues are divided into two sections: issues related to the upgrade process and issues with the build (post-installation).

重要

在部署 Azure App Service 1.7 之前,請先將 1910 更新套用到您的 Azure Stack 整合式系統,或部署最新的 Azure Stack 開發套件 (ASDK)。Apply the 1910 update to your Azure Stack integrated system or deploy the latest Azure Stack Development Kit (ASDK) before deploying Azure App Service 1.7.

建置參考Build reference

App Service on Azure Stack Hub 更新 7 組建編號是 84.0.2.10The App Service on Azure Stack Hub Update 7 build number is 84.0.2.10.

PrerequisitesPrerequisites

開始部署之前,請參閱部署 App Service on Azure Stack Hub 的必要條件See Prerequisites for deploying App Service on Azure Stack Hub before beginning deployment.

開始將 Azure App Service on Azure Stack Hub 升級至 1.7 之前:Before you begin the upgrade of Azure App Service on Azure Stack Hub to 1.7:

  • 確定 Azure Stack Hub 系統管理員入口網站的 Azure App Service 管理中所有角色都已就緒。Ensure all roles are ready in Azure App Service administration in the Azure Stack Hub administrator portal.

  • 在 Azure Stack Hub 管理入口網站中使用 App Service 管理來備份 App Service 祕密Backup App Service Secrets using the App Service Administration in the Azure Stack Hub Admin Portal

  • 備份 App Service 和 master 資料庫:Back up the App Service and master Databases:

    • AppService_Hosting;AppService_Hosting;
    • AppService_Metering;AppService_Metering;
    • mastermaster
  • 備份租用戶應用程式內容檔案共用。Back up the tenant app content file share.

    重要

    雲端操作員負責維護和操作檔案伺服器與 SQL Server。Cloud operators are responsible for the maintenance and operation of the File Server and SQL Server. 資源提供者不會管理這些資源。The resource provider does not manage these resources. 雲端操作員負責備份 App Service 資料庫和租用戶內容檔案共用。The cloud operator is responsible for backing up the App Service databases and tenant content file share.

  • 從 Azure Marketplace 同步發佈 自訂指令碼擴充功能 1.9.3 版。Syndicate the Custom Script Extension version 1.9.3 from the Azure Stack Hub Marketplace.

新功能和修正New features and fixes

Azure App Service on Azure Stack Hub 更新 7 包含下列改良功能和修正:Azure App Service on Azure Stack Hub Update 7 includes the following improvements and fixes:

  • CVE-2019-1372 遠端程式碼執行弱點的解決方式。Resolution for CVE-2019-1372 Remote Code Execution Vulnerability.

  • App Service 租用戶、系統管理員、Functions 入口網站和 Kudu 工具 的更新。Updates to App Service tenant, administrator, functions portals, and Kudu tools. 與 Azure Stack Hub 入口網站 SDK 版本保持一致。Consistent with Azure Stack Hub Portal SDK version.

  • Azure Functions 執行階段 更新至 v1.0.12582Updates Azure Functions runtime to v1.0.12582.

  • 用來改善可靠性和錯誤訊息以利進行常見問題診斷的核心服務更新。Updates to core service to improve reliability and error messaging enabling easier diagnosis of common issues.

  • 下列應用程式架構和工具的更新Updates to the following app frameworks and tools:

    • ASP.NET Core 2.2.46ASP.NET Core 2.2.46
    • Zul OpenJDK 8.38.0.13Zul OpenJDK 8.38.0.13
    • Tomcat 7.0.94Tomcat 7.0.94
    • Tomcat 8.5.42Tomcat 8.5.42
    • Tomcat 9.0.21Tomcat 9.0.21
    • PHP 5.6.40PHP 5.6.40
    • PHP 7.3.6PHP 7.3.6
    • 已將 Kudu 更新至 82.10503.3890Updated Kudu to 82.10503.3890
  • 所有角色的基礎作業系統更新Updates to underlying operating system of all roles:

  • 現已在使用者入口網站中啟用存取限制Access restrictions now enabled in user portal:

    注意

    Azure App Service on Azure Stack Hub 不支援服務端點。Azure App Service on Azure Stack Hub does not support service endpoints.

  • 部署選項 (傳統) 功能已還原Deployment options (classic) functionality restored:

    • 使用者可再次使用部署選項 (傳統),從 GitHub、Bitbucket、Dropbox、OneDrive、本機和外部存放庫設定其應用程式的部署,以及為其應用程式設定部署認證。Users can once again use the deployment options (classic) to configure deployment of their apps from GitHub, Bitbucket, Dropbox, OneDrive, local and external repositories, and to set the deployment credentials for their apps.
  • Azure 函式監視 已正確設定。Azure function monitoring configured correctly.

  • Windows Update 行為:根據客戶的意見反應,我們從更新 7 開始變更了在 App Service 角色上設定 Windows Update 的方式:Windows update behavior: Based on customer feedback, we've changed the way Windows Update is configured on App Service roles from Update 7:

    • 三種模式:Three modes:
      • 停用 - 停用 Windows Update 服務,而 Windows 會以 Azure App Service on Azure Stack Hub 發行隨附的 KB 進行更新;Disabled - Windows Update service disabled, Windows is updated with the KB that's shipped with Azure App Service on Azure Stack Hub releases;
      • 自動 - 啟用 Windows Update 服務,且 Windows Update 會決定更新的方式和時機;Automatic - Windows Update service enabled and Windows Update determines how and when to update;
      • 受控 - 停用 Windows Update 服務,且 Azure App Service 會在個別角色的 OnStart 期間執行 Windows Update 週期。Managed - Windows Update service is disabled, Azure App Service performs a Windows Update cycle during OnStart of the individual role.

    新的 部署 - 依預設會停用 Windows Update 服務。New Deployments - Windows Update service is disabled by default.

    現有 部署 - 如果您已修改控制器上的設定,其值將會從 [False] 變更為 [停用] ,且先前的值 [True] 將會變成 [自動] 。Existing Deployments - If you've modified the setting on the controller, the value will change from False to Disabled and a previous value of true will become Automatic.

部署後步驟Post-deployment steps

重要

如果您已對 App Service 資源提供者提供 SQL Always On 執行個體,就「必須」將 appservice_hosting 和 appservice_metering 資料庫新增至可用性群組並同步處理資料庫,以避免在資料庫進行容錯移轉時中斷服務。If you've provided the App Service resource provider with a SQL Always On Instance you MUST add the appservice_hosting and appservice_metering databases to an availability group and synchronize the databases to prevent any loss of service in the event of a database failover.

已知問題 (安裝後)Known issues (post-installation)

  • 將應用程式服務部署在現有的虛擬網路中且只能在私人網路上使用檔案伺服器時,背景工作角色無法連線到檔案伺服器,如 Azure App Service on Azure Stack Hub 部署文件中所述。Workers are unable to reach file server when App Service is deployed in an existing virtual network and the file server is only available on the private network, as called out in the Azure App Service on Azure Stack Hub deployment documentation.

如果您選擇要部署到現有的虛擬網路並以內部 IP 位址連線到檔案伺服器,便必須新增輸出安全性規則,以啟用背景工作角色子網路與檔案伺服器之間的 SMB 流量。If you chose to deploy into an existing virtual network and an internal IP address to connect to your file server, you must add an outbound security rule, enabling SMB traffic between the worker subnet and the file server. 移至系統管理員入口網站中的 WorkersNsg,然後使用下列屬性新增輸出安全性規則:Go to the WorkersNsg in the administrator portal and add an outbound security rule with the following properties:

  • 來源:任意Source: Any
  • 來源連接埠範圍:*Source port range: *
  • 目的地:IP 位址Destination: IP addresses
  • 目的地 IP 位址範圍:檔案伺服器的 IP 範圍Destination IP address range: Range of IPs for your file server
  • 目的地連接埠範圍:445Destination port range: 445
  • 通訊協定:TCPProtocol: TCP
  • 動作:AllowAction: Allow
  • 優先順序:700Priority: 700
  • 名稱:Outbound_Allow_SMB445Name: Outbound_Allow_SMB445

雲端管理員操作 Azure App Service on Azure Stack Hub 時的已知問題Known issues for cloud admins operating Azure App Service on Azure Stack Hub

請參閱 Azure Stack Hub 1907 版本資訊中的文件Refer to the documentation in the Azure Stack Hub 1907 release notes

後續步驟Next steps