在 Azure 中建立安全的 Service Fabric Linux 叢集Create a secure Service Fabric Linux cluster in Azure

此命令會建立自我簽署的憑證,然後將其加入金鑰保存庫並在本機下載憑證。This command creates a self-signed certificate, adds it to a key vault and downloads the certificate locally. 新的憑證會用來在部署叢集時保護叢集。The new certificate is used to secure the cluster when it deploys. 您也可以使用現有的憑證,而不用建立新的。You can also use an existing certificate instead of creating a new one. 無論是哪一方法,憑證的主體名稱必須與您用來存取 Service Fabric 叢集的網域相符。Either way, the certificate's subject name must match the domain that you use to access the Service Fabric cluster. 必須如此相符,才能為叢集的 HTTPS 管理端點和 Service Fabric Explorer 提供 SSL。This match is required to provide an SSL for the cluster's HTTPS management endpoints and Service Fabric Explorer. 您無法從 CA 取得 .cloudapp.azure.com 網域的 SSL 憑證。You cannot obtain an SSL certificate from a CA for the .cloudapp.azure.com domain. 您必須為您的叢集取得自訂網域名稱。You must obtain a custom domain name for your cluster. 當您向 CA 要求憑證時,憑證的主體名稱必須與用於您叢集的自訂網域名稱相符。When you request a certificate from a CA, the certificate's subject name must match the custom domain name that you use for your cluster.

視需要安裝 Azure CLIIf needed, install the Azure CLI.

範例指令碼Sample script

#!/bin/bash

# Variables
ResourceGroupName="aztestclustergroup" 
ClusterName="aztestcluster" 
Location="southcentralus" 
Password="q6D7nN%6ck@6" 
Subject="aztestcluster.southcentralus.cloudapp.azure.com" 
VaultName="aztestkeyvault" 
VmPassword="Mypa$$word!321"
VmUserName="sfadminuser"

# Create resource group
az group create --name $ResourceGroupName --location $Location 

# Create secure five node Linux cluster. Creates a key vault in a resource group
# and creates a certficate in the key vault. The certificate's subject name must match 
# the domain that you use to access the Service Fabric cluster.  The certificate is downloaded locally.
az sf cluster create --resource-group $ResourceGroupName --location $Location \ 
  --certificate-output-folder . --certificate-password $Password --certificate-subject-name $Subject \
  --cluster-name $ClusterName --cluster-size 5 --os UbuntuServer1604 --vault-name $VaultName \ 
  --vault-resource-group $ResourceGroupName --vm-password $VmPassword --vm-user-name $VmUserName
    

清除部署Clean up deployment

在執行過指令碼範例之後,您可以使用下列命令來移除資源群組、叢集和所有相關資源。After the script sample has been run, the following command can be used to remove the resource group, cluster, and all related resources.

ResourceGroupName = "aztestclustergroup"
az group delete --name $ResourceGroupName

指令碼說明Script explanation

此指令碼會使用下列命令。This script uses the following commands. 下表中的每個命令都會連結至命令特定的文件。Each command in the table links to command specific documentation.

命令Command 注意Notes
az sf cluster createaz sf cluster create 建立新的 Service Fabric 叢集。Creates a new Service Fabric cluster.

後續步驟Next steps

您可以在 Service Fabric CLI 範例中找到適用於 Azure Service Fabric 的其他 Service Fabric CLI 範例。Additional Service Fabric CLI samples for Azure Service Fabric can be found in the Service Fabric CLI samples.