基于 Azure Stack Hub 的应用服务 2020 Q3 发行说明App Service on Azure Stack Hub 2020 Q3 release notes

这些发行说明介绍了基于 Azure Stack Hub 的 Azure 应用服务 2020 Q3 中的改进和修复,以及任何已知问题。These release notes describe the improvements and fixes in Azure App Service on Azure Stack Hub 2020 Q3 and any known issues. 已知问题分为与部署、更新过程直接相关的问题,以及内部版本(安装后)的问题。Known issues are divided into issues directly related to the deployment, update process, and issues with the build (post-installation).

重要

在部署或更新应用服务资源提供程序 (RP) 之前,如有必要,请将 Azure Stack Hub 更新到支持的版本(或部署最新的 Azure Stack 开发工具包)。Update Azure Stack Hub to a supported version (or deploy the latest Azure Stack Development Kit) if necessary, before deploying or updating the App Service resource provider (RP). 请务必阅读 RP 发行说明,了解新功能、修补程序以及可能影响部署的任何已知问题。Be sure to read the RP release notes to learn about new functionality, fixes, and any known issues that could affect your deployment.

支持的 Azure Stack Hub 版本Supported Azure Stack Hub version 应用服务 RP 版本App Service RP version
20082008 2020.Q3 安装程序发行说明2020.Q3 Installer (release notes)
20052005 2020.Q2 安装程序发行说明2020.Q2 Installer (release notes)
20022002 2020.Q2 安装程序发行说明2020.Q2 Installer (release notes)

内部版本参考Build reference

基于 Azure Stack Hub 的应用服务 2020 Q3 的内部版本号为 89.0.2.15The App Service on Azure Stack Hub 2020 Q3 build number is 89.0.2.15

先决条件Prerequisites

在开始部署之前,请参阅准备工作文档Refer to the Before You Get Started documentation before beginning deployment.

开始将基于 Azure Stack 的 Azure 应用服务升级到 2020 Q3 之前,请满足以下先决条件:Before you begin the upgrade of Azure App Service on Azure Stack to 2020 Q3:

  • 确保所有角色在 Azure Stack Hub 管理门户的 Azure应用服务管理中处于“就绪”状态Ensure all roles are Ready in the Azure App Service Administration in the Azure Stack Hub Admin Portal

  • 在 Azure Stack Hub 管理员门户中使用“应用服务管理”来备份应用服务机密Backup App Service Secrets using the App Service Administration in the Azure Stack Hub Admin Portal

  • 备份应用服务和 Master 数据库:Back up the App Service and Master Databases:

    • AppService_Hosting;AppService_Hosting;
    • AppService_Metering;AppService_Metering;
    • MasterMaster

  • 备份租户应用内容文件共享Back up the Tenant App content file share

    重要

    云操作员负责文件服务器和 SQL Server 的维护和操作。Cloud operators are responsible for the maintenance and operation of the File Server and SQL Server. 资源提供程序不管理这些资源。The resource provider does not manage these resources. 云操作员负责备份应用服务数据库和租户内容文件共享。The cloud operator is responsible for backing up the App Service databases and tenant content file share.

  • 同步发布市场的 自定义脚本扩展 版本 1.9.3Syndicate the Custom Script Extension version 1.9.3 from the Marketplace

更新Updates

基于 Azure Stack 的 Azure 应用服务 Update Q3 包含以下改进和修复:Azure App Service on Azure Stack Update Q3 includes the following improvements and fixes:

  • 针对 应用服务租户、管理员、函数门户和 Kudu 工具 的更新。Updates to App Service Tenant, Admin, Functions portals and Kudu tools. 与 Azure Stack 门户 SDK 版本一致。Consistent with Azure Stack Portal SDK version.

  • 为 Web 应用和函数应用添加了全屏创建体验Addition of Full Screen Create experience for Web and Function Apps

  • 新增了与 Web 应用一致的 Azure Functions 门户体验New Azure Functions Portal Experience to be consistent with Web Apps

  • 将 Azure Functions 运行时更新到 v1.0.13154 。Updates Azure Functions runtime to v1.0.13154.

  • 针对核心服务的更新,用于提高可靠性和错误消息传递,以便更轻松地诊断常见问题。Updates to core service to improve reliability and error messaging enabling easier diagnosis of common issues.

  • 针对以下应用程序框架和工具的更新Updates to the following application frameworks and tools:

    • ASP.NET Core 2.1.22ASP.NET Core 2.1.22
    • ASP.NET Core 2.2.14ASP.NET Core 2.2.14
    • ASP.NET Core 3.1.8ASP.NET Core 3.1.8
    • ASP.NET Core 模块 v2 13.1.19331.0ASP.NET Core Module v2 13.1.19331.0
    • Azul OpenJDKAzul OpenJDK
      • 8.42.0.238.42.0.23
      • 8.44.0.118.44.0.11
      • 11.35.1511.35.15
      • 11.37.1711.37.17
    • Curl 7.55.1Curl 7.55.1
    • Git for Windows 2.28.0.1Git for Windows 2.28.0.1
    • MSDeploy 3.5.90702.36MSDeploy 3.5.90702.36
    • NodeJSNodeJS
      • 14.10.114.10.1
    • NPMNPM
      • 6.14.86.14.8
    • PHP 7.4.5PHP 7.4.5
    • TomcatTomcat
      • 8.5.478.5.47
      • 8.5.518.5.51
      • 9.0.2739.0.273
      • 9.0.319.0.31
    • 已将 Kudu 更新到 90.21005.4823Updated Kudu to 90.21005.4823

  • 对所有角色的基础操作系统的更新Updates to underlying operating system of all roles:

  • Windows Server 的累积更新现在会在部署和升级过程中应用到控制器角色Cumulative Updates for Windows Server are now applied to Controller roles as part of deployment and upgrade

此版本中已修复的问题Issues fixed in this release

  • 租户现在可使用租户门户中“应用服务计划”视图上的“新建”创建应用服务计划Tenants can now create App Service Plan using new on App Service Plan view in tenant portal

  • 租户可在租户门户中管理其应用程序的证书Tenants can manage certificates for their applications in the tenant portal

  • Functions 监视现在可以从强制执行 TLS 1.2 的存储终结点中检索数据Functions monitoring can now retrieve data from storage endpoints enforcing TLS 1.2

  • 将“等待管理服务器”步骤移出了安装期间的“部署云”步骤,以提高部署和升级的可靠性Moved wait for Management Servers step outside of Deploy Cloud step during installation to improve reliability of deployment and upgrade

  • 在清理逻辑出错后,由于辅助角色运行时日志文件文件夹大小违反了配额限制,导致辅助角色无法完成运行状况检查操作的问题。Issue whereby workers fail to complete the health check exercise due to worker runtime log file folder size violating quota limit after error in clean-up logic. 此更新已修复了清理逻辑。Clean-up logic has been fixed in this update.

更新前步骤Pre-Update steps

查看更新的已知问题,并采取规定的操作。Review the known issues for update and take any action prescribed.

部署后步骤Post-deployment steps

重要

如果已经为应用服务资源提供程序提供 SQL Always On 实例,则必须将 appservice_hosting 和 appservice_metering 数据库添加到可用性组并同步数据库,以免在进行数据库故障转移时丢失服务。If you have provided the App Service resource provider with a SQL Always On Instance you MUST add the appservice_hosting and appservice_metering databases to an availability group and synchronize the databases to prevent any loss of service in the event of a database failover.

已知问题(更新)Known issues (update)

  • 在客户已将 appservice_hosting 和 appservice_metering 数据库转换为包含的数据库的情况下,如果未将登录名成功迁移到包含的用户,则升级可能会失败In situations where a customer has converted the appservice_hosting and appservice_metering databases to contained database, upgrade may fail if logins have not been successfully migrated to contained users

如果在部署后客户已将 appservice_hosting 和 appservice_metering 数据库转换为包含的数据库,但尚未将数据库登录名成功迁移到包含的用户,则可能会遇到升级失败的情况。Customers that have converted the appservice_hosting and appservice_metering databases to contained database post deployment, and have not successfully migrated the database logins to contained users, may experience upgrade failures.

在将基于 Azure Stack Hub 的 Azure 应用服务安装升级到 2020 Q3 之前,客户必须对托管 appservice_hosting 和 appservice_metering 的 SQL Server 执行以下脚本。Customers must execute the following script against the SQL Server hosting appservice_hosting and appservice_metering before upgrading your Azure App Service on Azure Stack Hub installation to 2020 Q3. 此脚本是非破坏性的,不会导致停机This script is non-destructive and will not cause downtime.

必须在满足以下条件的情况下运行此脚本This script must be run under the following conditions

  • 此脚本由具有系统管理员权限的用户(例如 SQL SA 帐户)运行;By a user that has the system administrator privilege, for example the SQL SA Account;

  • 如果使用 SQL Always On,请确保从包含了以下格式的所有应用服务登录名的 SQL 实例中运行该脚本:If using SQL Always on, ensure the script is run from the SQL instance that contains all App Service logins in the form:

    • appservice_hosting_FileServerappservice_hosting_FileServer
    • appservice_hosting_HostingAdminappservice_hosting_HostingAdmin
    • appservice_hosting_LoadBalancerappservice_hosting_LoadBalancer
    • appservice_hosting_Operationsappservice_hosting_Operations
    • appservice_hosting_Publisherappservice_hosting_Publisher
    • appservice_hosting_SecurePublisherappservice_hosting_SecurePublisher
    • appservice_hosting_WebWorkerManagerappservice_hosting_WebWorkerManager
    • appservice_metering_Commonappservice_metering_Common
    • appservice_metering_Operationsappservice_metering_Operations
    • 所有 WebWorker 登录名,其格式为 WebWorker_All WebWorker logins - which are in the form WebWorker_
        USE appservice_hosting
        IF EXISTS(SELECT * FROM sys.databases WHERE Name=DB_NAME() AND containment = 1)
        BEGIN
        DECLARE @username sysname ;  
        DECLARE user_cursor CURSOR  
        FOR
            SELECT dp.name
            FROM sys.database_principals AS dp  
            JOIN sys.server_principals AS sp
                ON dp.sid = sp.sid  
                WHERE dp.authentication_type = 1 AND dp.name NOT IN ('dbo','sys','guest','INFORMATION_SCHEMA');
            OPEN user_cursor  
            FETCH NEXT FROM user_cursor INTO @username  
                WHILE @@FETCH_STATUS = 0  
                BEGIN  
                    EXECUTE sp_migrate_user_to_contained
                    @username = @username,  
                    @rename = N'copy_login_name',  
                    @disablelogin = N'do_not_disable_login';  
                FETCH NEXT FROM user_cursor INTO @username  
            END  
            CLOSE user_cursor ;  
            DEALLOCATE user_cursor ;
            END
        GO

        USE appservice_metering
        IF EXISTS(SELECT * FROM sys.databases WHERE Name=DB_NAME() AND containment = 1)
        BEGIN
        DECLARE @username sysname ;  
        DECLARE user_cursor CURSOR  
        FOR
            SELECT dp.name
            FROM sys.database_principals AS dp  
            JOIN sys.server_principals AS sp
                ON dp.sid = sp.sid  
                WHERE dp.authentication_type = 1 AND dp.name NOT IN ('dbo','sys','guest','INFORMATION_SCHEMA');
            OPEN user_cursor  
            FETCH NEXT FROM user_cursor INTO @username  
                WHILE @@FETCH_STATUS = 0  
                BEGIN  
                    EXECUTE sp_migrate_user_to_contained
                    @username = @username,  
                    @rename = N'copy_login_name',  
                    @disablelogin = N'do_not_disable_login';  
                FETCH NEXT FROM user_cursor INTO @username  
            END  
            CLOSE user_cursor ;  
            DEALLOCATE user_cursor ;
            END
        GO

已知问题(安装后)Known issues (post-installation)

  • 如 Azure Stack 上的 Azure 应用服务部署文档中所述,当应用服务部署在现有虚拟网络中并且文件服务器仅在专用网络上可用时,工作人员将无法访问文件服务器。Workers are unable to reach file server when App Service is deployed in an existing virtual network and the file server is only available on the private network, as called out in the Azure App Service on Azure Stack deployment documentation.

    如果选择部署到现有虚拟网络和内部 IP 地址以连接到文件服务器,则必须添加出站安全规则,以便在工作子网和文件服务器之间启用 SMB 流量。If you chose to deploy into an existing virtual network and an internal IP address to connect to your file server, you must add an outbound security rule, enabling SMB traffic between the worker subnet and the file server. 转到管理门户中的 WorkersNsg 并添加具有以下属性的出站安全规则:Go to the WorkersNsg in the Admin Portal and add an outbound security rule with the following properties:

    • 源:任意Source: Any
    • 源端口范围:*Source port range: *
    • 目标:IP 地址Destination: IP Addresses
    • 目标 IP 地址范围:文件服务器的 IP 范围Destination IP address range: Range of IPs for your file server
    • 目标端口范围:445Destination port range: 445
    • 协议:TCPProtocol: TCP
    • 操作:允许Action: Allow
    • 优先级:700Priority: 700
    • 姓名:Outbound_Allow_SMB445Name: Outbound_Allow_SMB445

云管理员在操作基于 Azure Stack 的 Azure 应用服务时的已知问题Known issues for Cloud Admins operating Azure App Service on Azure Stack

  • 自定义域在离线环境中不受支持Custom domains are not supported in disconnected environments

应用服务针对公共 DNS 终结点执行域所有权验证,因此,在离线场景下不支持自定义域。App Service performs domain ownership verification against public DNS endpoints, as a result custom domains are not supported in disconnected scenarios.

后续步骤Next steps