Error while deploying service fabric using ARM template with Active Directory integration

0
votes

I want to setup Service Fabric cluster using ARM template with AD integration. I am following the instructions given https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-creation-create-template

I get the following error

message": "Common names and thumbprints should not be both defined for a particular certificate.",

{
   "apiVersion":"2018-02-01",
   "type":"Microsoft.ServiceFabric/clusters",
   "name":"[parameters('clusterName')]",
   "location":"[parameters('clusterLocation')]",
   "dependsOn":[
      "[concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName'))]"
   ],
   "properties":{
      "addonFeatures":[
         "DnsService",
         "RepairManager"
      ],
      "certificate":{
         "thumbprint":"[parameters('certificateThumbprint')]",
         "x509StoreName":"[parameters('certificateStoreValue')]"
      },
      "certificateCommonNames":{
         "commonNames":[
            {
               "certificateCommonName":"[parameters('certificateCommonName')]",
               "certificateIssuerThumbprint":""
            }
         ],
         "x509StoreName":"[parameters('certificateStoreValue')]"
      },
      "azureActiveDirectory":{
         "tenantId":"[parameters('aadTenantId')]",
         "clusterApplication":"[parameters('aadClusterApplicationId')]",
         "clientApplication":"[parameters('aadClientApplicationId')]"
      },
      "clientCertificateCommonNames":[

      ],
      "clientCertificateThumbprints":[

      ],
      "clusterState":"Default",
      "diagnosticsStorageAccountConfig":{
         "blobEndpoint":"[reference(concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.blob]",
         "protectedAccountKeyName":"StorageAccountKey1",
         "queueEndpoint":"[reference(concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.queue]",
         "storageAccountName":"[parameters('supportLogStorageAccountName')]",
         "tableEndpoint":"[reference(concat('Microsoft.Storage/storageAccounts/', parameters('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.table]"
      },
      "fabricSettings":[
         {
            "parameters":[
               {
                  "name":"ClusterProtectionLevel",
                  "value":"[parameters('clusterProtectionLevel')]"
               }
            ],
            "name":"Security"
         }
      ],
      "managementEndpoint":"[concat('https://',reference(concat(parameters('lbIPName'),'-','0')).dnsSettings.fqdn,':',parameters('nt0fabricHttpGatewayPort'))]",
      "nodeTypes":[
         {
            "name":"[parameters('vmNodeType0Name')]",
            "applicationPorts":{
               "endPort":"[parameters('nt0applicationEndPort')]",
               "startPort":"[parameters('nt0applicationStartPort')]"
            },
            "clientConnectionEndpointPort":"[parameters('nt0fabricTcpGatewayPort')]",
            "durabilityLevel":"Bronze",
            "ephemeralPorts":{
               "endPort":"[parameters('nt0ephemeralEndPort')]",
               "startPort":"[parameters('nt0ephemeralStartPort')]"
            },
            "httpGatewayEndpointPort":"[parameters('nt0fabricHttpGatewayPort')]",
            "isPrimary":true,
            "reverseProxyEndpointPort":"[parameters('nt0reverseProxyEndpointPort')]",
            "vmInstanceCount":"[parameters('nt0InstanceCount')]"
         }
      ],
      "provisioningState":"Default",
      "reliabilityLevel":"Silver",
      "upgradeMode":"Automatic",
      "vmImage":"Windows"
   },
   "tags":{
      "resourceType":"Service Fabric",
      "clusterName":"[parameters('clusterName')]"
   }
}
2
azure-active-directoryazure-service-fabricarm-template

2 Answers

0
votes

the error says it all, remove the certificate section of your template

  "certificate":{
     "thumbprint":"[parameters('certificateThumbprint')]",
     "x509StoreName":"[parameters('certificateStoreValue')]"
  },
0
votes

The error message is clear Common names and thumbprints should not be both defined for a particular certificate and the docs clearly says if you want to find certificate by Common Name, your have to remove the certificate thumbprint setting.

It mentions it on step 1

  1. In the parameters section, add a certificateCommonName parameter: ... Also consider removing the certificateThumbprint, it may no longer be needed.

step 2

  1. add "commonNames": ["[parameters('certificateCommonName')]"], and remove "thumbprint": "[parameters('certificateThumbprint')]",.

and 3

  1. add a certificateCommonNames setting with a commonNames property and remove the certificate setting (with the thumbprint property) as in the following example: