Azure Stack Hub 上的应用服务 Update 4 发行说明App Service on Azure Stack Hub Update 4 release notes

这些发行说明介绍 Azure Stack Hub 上的 Azure 应用服务 Update 4 中的改进、修复和已知问题。These release notes describe improvements, fixes, and known issues in Azure App Service on Azure Stack Hub Update 4. 已知问题分为三个部分:与部署直接相关的问题、更新过程问题,以及内部版本(安装后)的问题。Known issues are divided into three sections: issues directly related to deployment, issues with the update process, and issues with the build (post-installation).

重要

请将 1809 更新应用于 Azure Stack Hub 集成系统,或部署最新的 Azure Stack 开发工具包 (ASDK),然后部署 Azure 应用服务 1.4。Apply the 1809 update to your Azure Stack Hub integrated system or deploy the latest Azure Stack Development Kit (ASDK) before deploying Azure App Service 1.4.

内部版本参考Build reference

Azure Stack Hub 上的应用服务 Update 4 的内部版本号为 78.0.13698.5The App Service on Azure Stack Hub Update 4 build number is 78.0.13698.5

先决条件Prerequisites

在开始部署之前,请参阅在 Azure Stack Hub 上部署应用服务的先决条件Refer to the Prerequisites for deploying App Service on Azure Stack Hub before beginning deployment.

开始将 Azure Stack Hub 上的 Azure 应用服务升级到 1.4 之前:Before you begin the upgrade of Azure App Service on Azure Stack Hub to 1.4:

  • 确保所有角色在 Azure Stack Hub 管理员门户的 Azure应用服务管理中处于“就绪”状态。Ensure all roles are ready in the Azure App Service administration in the Azure Stack Hub administrator portal.

  • 在 Azure Stack Hub 管理员门户中使用应用服务管理来备份应用服务机密Backup App Service Secrets using the App Service Administration in the Azure Stack Hub Admin Portal

  • 备份应用服务和 Master 数据库:Back up the App Service and Master Databases:

    • AppService_Hosting;AppService_Hosting;
    • AppService_Metering;AppService_Metering;
    • MasterMaster
  • 备份租户应用内容文件共享Back up the Tenant App content file share

    重要

    云操作员负责文件服务器和 SQL Server 的维护和操作。Cloud operators are responsible for the maintenance and operation of the File Server and SQL Server. 资源提供程序不管理这些资源。The resource provider does not manage these resources. 云操作员负责备份应用服务数据库和租户内容文件共享。The cloud operator is responsible for backing up the App Service databases and tenant content file share.

  • 同步发布 Azure 市场的自定义脚本扩展版本 1.9Syndicate the Custom Script Extension version 1.9 from Azure Marketplace.

新功能和修复New features and fixes

Azure Stack Hub 上的 Azure 应用服务 Update 4 包含以下改进和修复:Azure App Service on Azure Stack Hub Update 4 includes the following improvements and fixes:

  • 解决了 CVE 2018-8600 跨站点脚本 (XSS) 漏洞。Resolution for CVE 2018-8600 cross-site scripting (XSS) vulnerability.

  • 添加了对应用服务2018-02-01 API 版本的支持。Added support for App Service 2018-02-01 API version.

  • 针对应用服务租户、管理员、函数门户和 Kudu 工具的更新。Updates to App Service Tenant, Admin, Functions portals and Kudu tools. 与 Azure Stack Hub 门户 SDK 版本一致。Consistent with Azure Stack Hub portal SDK version.

  • Azure Functions 运行时更新到 v1.0.11959Updates Azure Functions runtime to v1.0.11959.

  • 针对核心服务的更新,用于提高可靠性和错误消息传递,以便更轻松地诊断常见问题。Updates to core service to improve reliability and error messaging enabling easier diagnosis of common issues.

  • 针对以下应用框架和工具的更新Updates to the following app frameworks and tools:

    • 添加了 NodeJS 10.6.0Added NodeJS 10.6.0
    • 添加了 NPM 6.1.0Added NPM 6.1.0
    • 添加了 Zulu OpenJDK 8.31.0.2Added Zulu OpenJDK 8.31.0.2
    • 添加了 Tomcat 8.5.34 和 9.0.12Added Tomcat 8.5.34 and 9.0.12
    • 添加了 PHP 版本:Added PHP Versions:
      • 5.6.375.6.37
      • 7.0.317.0.31
      • 7.1.207.1.20
      • 7.2.87.2.8
    • Python 版本更新:Update to Python versions:
      • 2.7.152.7.15
      • 3.6.63.6.6
    • 已将适用于 Windows 的 Git 更新到 v 2.17.1.2Updated Git for Windows to v 2.17.1.2
    • 已将 Kudu 更新到 78.11022.3613Updated Kudu to 78.11022.3613
  • 对所有角色的基础操作系统的更新Updates to underlying operating system of all roles:

  • 解决了部署 Wordpress、DNN 和 Orchard CMS 库项时的模板验证问题。Resolved template validation issue when deploying Wordpress, DNN, and Orchard CMS gallery items.

  • 解决了 Azure Stack Hub 轮换 Azure 资源管理器客户端证书时的配置问题。Resolved configuration issue when Azure Stack Hub rotates the Azure Resource Manager client certificate.

  • 还原了应用服务用户门户中跨域资源共享设置中的功能。Restored functionality in the cross-origin resource sharing settings in the App Service user portal.

  • 当资源提供程序控制平面无法连接到配置的 SQL Server 实例时,应用服务管理员门户中现在会显示错误消息。Error message is now displayed in App Service administrator portal when the resource provider control plane can't connect to the configured SQL Server instance.

  • 确保在新的函数应用中指定终结点时,也会在自定义存储连接字符串中指定终结点。Ensure endpoint is specified in custom storage connection string when specified in new Function app.

部署后步骤Post-deployment steps

重要

如果已经为应用服务资源提供程序提供 SQL Always On 实例,则必须将 appservice_hosting 和 appservice_metering 数据库添加到可用性组并同步数据库,以免在进行数据库故障转移时丢失服务。If you've provided the App Service resource provider with a SQL Always On Instance you must add the appservice_hosting and appservice_metering databases to an availability group and synchronize the databases to prevent any loss of service in the event of a database failover.

更新后的步骤(可选)Post-update steps (optional)

对于希望为基于 Azure Stack Hub 的现有 Azure 应用服务部署迁移到包含的数据库的客户,请在完成基于 Azure Stack Hub 的 Azure 应用服务 1.4 更新后执行以下步骤:For customers wishing to migrate to a contained database for existing Azure App Service on Azure Stack Hub deployments, execute these steps after the Azure App Service on Azure Stack Hub 1.4 update has completed:

重要

迁移过程大约需要花费 5-10 分钟。The migration procedure takes approximately 5-10 minutes. 该过程涉及终止现有的数据库登录会话。The procedure involves killing the existing database login sessions. 计划停机时间来进行迁移,并在迁移后验证 Azure Stack Hub 上的 Azure 应用服务。Plan for downtime to migrate and validate Azure App Service on Azure Stack Hub post migration. 如果在更新到 Azure Stack Hub 上的 Azure 应用服务 1.3 之后已完成这些步骤,则无需再次执行这些步骤。If you completed these steps after updating to Azure App Service on Azure Stack Hub 1.3 then these steps aren't required.

  1. 将 AppService 数据库(appservice_hosting 和 appservice_metering)添加到可用性组Add AppService databases (appservice_hosting and appservice_metering) to an Availability group.

  2. 启用包含的数据库。Enable contained database.

    
        sp_configure 'contained database authentication', 1;
        GO
        RECONFIGURE;
            GO
    
  3. 将数据库转换为“部分包含”会造成停机,因为需要终止所有活动的会话。Converting a database to partially contained, the conversion will incur downtime as all active sessions need to be killed.

        /******** [appservice_metering] Migration Start********/
            USE [master];
    
            -- kill all active sessions
            DECLARE @kill varchar(8000) = '';  
            SELECT @kill = @kill + 'kill ' + CONVERT(varchar(5), session_id) + ';'  
            FROM sys.dm_exec_sessions
            WHERE database_id  = db_id('appservice_metering')
    
            EXEC(@kill);
    
            USE [master]  
            GO  
            ALTER DATABASE [appservice_metering] SET CONTAINMENT = PARTIAL  
            GO  
    
        /********[appservice_metering] Migration End********/
    
        /********[appservice_hosting] Migration Start********/
    
            -- kill all active sessions
            USE [master];
    
            DECLARE @kill varchar(8000) = '';  
            SELECT @kill = @kill + 'kill ' + CONVERT(varchar(5), session_id) + ';'  
            FROM sys.dm_exec_sessions
            WHERE database_id  = db_id('appservice_hosting')
    
            EXEC(@kill);
    
            -- Convert database to contained
            USE [master]  
            GO  
            ALTER DATABASE [appservice_hosting] SET CONTAINMENT = PARTIAL  
            GO  
    
            /********[appservice_hosting] Migration End********/
    
  4. 将登录名迁移到包含的数据库用户。Migrate logins to contained database users.

        USE appservice_hosting
        IF EXISTS(SELECT * FROM sys.databases WHERE Name=DB_NAME() AND containment = 1)
        BEGIN
        DECLARE @username sysname ;  
        DECLARE user_cursor CURSOR  
        FOR
            SELECT dp.name
            FROM sys.database_principals AS dp  
            JOIN sys.server_principals AS sp
                ON dp.sid = sp.sid  
                WHERE dp.authentication_type = 1 AND dp.name NOT IN ('dbo','sys','guest','INFORMATION_SCHEMA');
            OPEN user_cursor  
            FETCH NEXT FROM user_cursor INTO @username  
                WHILE @@FETCH_STATUS = 0  
                BEGIN  
                    EXECUTE sp_migrate_user_to_contained
                    @username = @username,  
                    @rename = N'copy_login_name',  
                    @disablelogin = N'do_not_disable_login';  
                FETCH NEXT FROM user_cursor INTO @username  
            END  
            CLOSE user_cursor ;  
            DEALLOCATE user_cursor ;
            END
        GO
    
        USE appservice_metering
        IF EXISTS(SELECT * FROM sys.databases WHERE Name=DB_NAME() AND containment = 1)
        BEGIN
        DECLARE @username sysname ;  
        DECLARE user_cursor CURSOR  
        FOR
            SELECT dp.name
            FROM sys.database_principals AS dp  
            JOIN sys.server_principals AS sp
                ON dp.sid = sp.sid  
                WHERE dp.authentication_type = 1 AND dp.name NOT IN ('dbo','sys','guest','INFORMATION_SCHEMA');
            OPEN user_cursor  
            FETCH NEXT FROM user_cursor INTO @username  
                WHILE @@FETCH_STATUS = 0  
                BEGIN  
                    EXECUTE sp_migrate_user_to_contained
                    @username = @username,  
                    @rename = N'copy_login_name',  
                    @disablelogin = N'do_not_disable_login';  
                FETCH NEXT FROM user_cursor INTO @username  
            END  
            CLOSE user_cursor ;  
            DEALLOCATE user_cursor ;
            END
        GO
    

验证Validate

  1. 检查 SQL Server 是否启用了包含。Check if SQL Server has containment enabled.

        sp_configure  @configname='contained database authentication'
    
  2. 检查现有的包含的行为。Check existing contained behavior.

        SELECT containment FROM sys.databases WHERE NAME LIKE (SELECT DB_NAME())
    

已知问题(安装后)Known issues (post-installation)

  • 当应用服务部署在现有虚拟网络中并且文件服务器仅在专用网络上可用时,工作人员将无法访问文件服务器。Workers are unable to reach file server when App Service is deployed in an existing virtual network and the file server is only available on the private network. 在 Azure Stack Hub 部署文档的 Azure 应用服务中也提到了此问题。This issue is called out in the Azure App Service on Azure Stack Hub deployment documentation.

如果选择部署到现有虚拟网络和内部 IP 地址以连接到文件服务器,则必须添加出站安全规则,以便在工作子网和文件服务器之间启用 SMB 流量。If you chose to deploy into an existing virtual network and an internal IP address to connect to your file server, you must add an outbound security rule which enables SMB traffic between the worker subnet and the file server. 转到管理员门户中的 WorkersNsg 并添加包含以下属性的出站安全规则:Go to the WorkersNsg in the administrator portal and add an outbound security rule with the following properties:

  • 源:任意Source: Any
  • 源端口范围:*Source port range: *
  • 目标:IP 地址Destination: IP addresses
  • 目标 IP 地址范围:文件服务器的 IP 范围Destination IP address range: Range of IPs for your file server
  • 目标端口范围:445Destination port range: 445
  • 协议:TCPProtocol: TCP
  • 操作:允许Action: Allow
  • 优先级:700Priority: 700
  • 姓名:Outbound_Allow_SMB445Name: Outbound_Allow_SMB445

云管理员在操作基于 Azure Stack Hub 的 Azure 应用服务时的已知问题Known issues for cloud admins operating Azure App Service on Azure Stack Hub

请参阅 Azure Stack Hub 1809 发行说明中的文档Refer to the documentation in the Azure Stack Hub 1809 Release Notes

后续步骤Next steps