Azure Stack Hub 上的应用服务 Update 1 发行说明App Service on Azure Stack Hub Update 1 release notes

这些发行说明介绍 Azure Stack Hub 上的 Azure 应用服务 Update 1 中的改进、修复和已知问题。These release notes describe improvements, fixes, and known issues in Azure App Service on Azure Stack Hub Update 1. 已知问题分为三个部分:与部署直接相关的问题、更新过程问题,以及内部版本(安装后)的问题。Known issues are divided into three sections: issues directly related to deployment, issues with the update process, and issues with the build (post-installation).

重要

请将 1802 更新应用于 Azure Stack Hub 集成系统,或部署最新的 Azure Stack 开发工具包 (ASDK),然后部署 Azure 应用服务。Apply the 1802 update to your Azure Stack Hub integrated system or deploy the latest Azure Stack Development Kit (ASDK) before deploying Azure App Service.

内部版本参考Build reference

Azure Stack Hub 上的应用服务 Update 1 的内部版本号为 69.0.13698.9The App Service on Azure Stack Hub Update 1 build number is 69.0.13698.9.

先决条件Prerequisites

重要

基于 Azure Stack Hub 的 Azure 应用服务的新部署现在要求提供三使用者通配型证书,因为在 Azure 应用服务中处理适用于 Kudu 的 SSO 的方式已改进。New deployments of Azure App Service on Azure Stack Hub now require a three-subject wildcard certificate due to improvements in the way in which SSO for Kudu is handled in Azure App Service. 新使用者为“*.sso.appservice.<region>.<domainname>.<extension>”The new subject is *.sso.appservice.<region>.<domainname>.<extension>

在开始部署之前,请参阅在 Azure Stack Hub 上部署应用服务的先决条件Refer to the Prerequisites for deploying App Service on Azure Stack Hub before beginning deployment.

新功能和修复New features and fixes

Azure Stack Hub 上的 Azure 应用服务 Update 1 包含以下改进和修复:Azure App Service on Azure Stack Hub Update 1 includes the following improvements and fixes:

  • Azure 应用服务的高可用性 - Azure Stack Hub 1802 更新允许跨容错域部署工作负荷,这样,当你跨容错域部署应用服务基础结构时,该基础结构就是容错的。High Availability of Azure App Service - The Azure Stack Hub 1802 update enabled workloads to be deployed across fault domains, allowing App Service infrastructure to be fault tolerant as it's deployed across fault domains. 默认情况下,Azure应用服务的所有新部署都有此功能。By default, all new deployments of Azure App Service have this capability. 但是,如果是在应用 Azure Stack Hub 1802 更新之前完成的部署,请参阅应用服务容错域文档However, for deployments completed prior to Azure Stack Hub 1802 update being applied, refer to the App Service Fault Domain documentation.

  • 在现有的虚拟网络中进行部署 - 客户现在可以在现有的虚拟网络中部署基于 Azure Stack Hub 的应用服务。Deploy in existing virtual network - Customers can now deploy App Service on Azure Stack Hub within an existing virtual network. 在现有的虚拟网络中进行部署以后,客户就可以通过专用端口连接到 Azure 应用服务所需的 SQL Server 和文件服务器。Deploying in an existing virtual network enables customers to connect to the SQL Server and file server, required for Azure App Service, over private ports. 在部署过程中,客户可以选择在现有的虚拟网络中进行部署,但在部署之前必须创建供应用服务使用的子网During deployment, customers can select to deploy in an existing virtual network, however they must create subnets for use by App Service prior to deployment.

  • 针对应用服务租户、管理员、函数门户和 Kudu 工具的更新。Updates to App Service Tenant, Admin, Functions portals and Kudu tools. 与 Azure Stack Hub 门户 SDK 版本一致。Consistent with Azure Stack Hub portal SDK version.

  • Azure Functions 运行时更新到 v1.0.11388Updates Azure Functions runtime to v1.0.11388.

  • 针对以下应用程序框架和工具的更新Updates to the following application frameworks and tools:

    • 增加了 .NET Core 2.0 支持。Added .NET Core 2.0 support.

    • 增加了 Node.JS 版本:Added Node.JS versions:

      • 6.11.26.11.2
      • 6.11.56.11.5
      • 7.10.17.10.1
      • 8.0.08.0.0
      • 8.1.48.1.4
      • 8.4.08.4.0
      • 8.5.08.5.0
      • 8.7.08.7.0
      • 8.8.18.8.1
      • 8.9.08.9.0
    • 增加了 NPM 版本:Added NPM versions:

      • 3.10.103.10.10
      • 4.2.04.2.0
      • 5.0.05.0.0
      • 5.0.35.0.3
      • 5.3.05.3.0
      • 5.4.25.4.2
      • 5.5.15.5.1
    • 增加了 PHP 更新:Added PHP updates:

      • 5.6.325.6.32
      • 7.0.26(x86 和 x64)7.0.26 (x86 and x64)
      • 7.1.12(x86 和 x64)7.1.12 (x86 and x64)
    • 已将适用于 Windows 的 Git 更新到 v2.14.1Updated Git for Windows to v 2.14.1

    • 已将 Mercurial 更新到 v4.5.0Updated Mercurial to v4.5.0

    • 增加了对“仅限 HTTPS”功能的支持,该功能位于应用服务用户门户的“自定义域”功能中。Added support for HTTPS Only feature within Custom Domain feature in the App Service user portal.

    • 增加了在 Azure Functions 的自定义存储选取器中对存储连接进行验证的功能。Added validation of storage connection in the custom storage picker for Azure Functions.

修复项Fixes

  • 创建脱机部署包时,客户再也不会一打开应用服务安装程序中的文件夹就收到拒绝访问错误消息。When creating an offline deployment package, customers will no longer receive an access denied error message when opening the folder from the App Service installer.

  • 解决了在应用服务用户门户中使用自定义域功能时遇到的问题。Resolved issues when working in the custom domains feature in the App Service user portal.

  • 防止客户使用在安装过程中保留的管理员名称。Prevent customers from using reserved admin names during setup.

  • 允许通过已加入域的文件服务器进行应用服务部署。Enabled App Service deployment with domain joined file server.

  • 改进了在脚本中检索 Azure Stack Hub 根证书的功能,并添加了在应用服务安装程序中验证该根证书的功能。Improved retrieval of Azure Stack Hub root certificate in script and added ability to validate the root cert in the App Service installer.

  • 修复了在删除 Microsoft.Web 命名空间中包含资源的订阅时,返回到 Azure 资源管理器的状态不正确的问题。Fixed incorrect status being returned to Azure Resource Manager when a subscription is deleted that contained resources in the Microsoft.Web namespace.

部署过程的已知问题Known issues with the deployment process

  • 证书验证错误。Certificate validation errors.

    如果在集成的系统中进行部署,则某些客户会在向应用服务安装程序提供证书时遇到问题,因为安装程序中的验证限制性太强。Some customers have experienced issues when providing certificates to the App Service installer when deploying on an integrated system due to overly restrictive validation in the installer. 应用服务安装程序已重新发布,客户应下载更新的安装程序The App Service installer has been re-released and customers should download the updated installer. 如果在使用更新的安装程序验证证书时仍然遇到问题,请与支持部门联系。If you continue to experience issues validating certificates with the updated installer, contact support.

  • 从集成的系统中检索 Azure Stack Hub 根证书时遇到问题。Problem retrieving Azure Stack Hub root certificate from integrated system.

    Get-AzureStackRootCert.ps1 出错,导致客户在尚未安装 Azure Stack Hub 根证书的计算机上执行此脚本时无法检索该根证书。An error in the Get-AzureStackRootCert.ps1 caused customers to fail to retrieve the Azure Stack Hub root certificate when executing the script on a machine that doesn't have the root certificate installed. 现在,此脚本也已重新发布,解决了此问题。The script has also now been re-released which resolves the issue. 在此处下载更新的帮助程序脚本Download the updated helper scripts here. 如果在使用更新的脚本检索根证书时仍然遇到问题,请与支持部门联系。If you continue to experience issues retrieving the root certificate with the updated script, contact support.

更新过程的已知问题Known issues with the update process

  • 基于 Azure Stack Hub 的 Azure 应用服务 Update 1 的更新没有已知问题。There are no known issues for the update of Azure App Service on Azure Stack Hub Update 1.

已知问题(安装后)Known issues (post-installation)

  • 槽交换不正常。Slot swap doesn't function.

此版本中的站点槽交换功能无法使用。Site slot swap is broken in this release. 若要还原功能,请完成以下步骤:To restore functionality, complete these steps:

  1. 将 ControllersNSG 网络安全组的设置修改为 Allow,允许通过远程桌面连接到应用服务控制器实例。Modify the ControllersNSG Network Security Group to Allow remote desktop connections to the App Service controller instances. 将 AppService.local 替换为部署应用服务时所在资源组的名称。Replace AppService.local with the name of the resource group you deployed App Service in.

      Add-AzureRmAccount -EnvironmentName AzureStackAdmin
    
      $nsg = Get-AzureRmNetworkSecurityGroup -Name "ControllersNsg" -ResourceGroupName "AppService.local"
    
      $RuleConfig_Inbound_Rdp_3389 =  $nsg | Get-AzureRmNetworkSecurityRuleConfig -Name "Inbound_Rdp_3389"
    
      Set-AzureRmNetworkSecurityRuleConfig -NetworkSecurityGroup $nsg `
        -Name $RuleConfig_Inbound_Rdp_3389.Name `
        -Description "Inbound_Rdp_3389" `
        -Access Allow `
        -Protocol $RuleConfig_Inbound_Rdp_3389.Protocol `
        -Direction $RuleConfig_Inbound_Rdp_3389.Direction `
        -Priority $RuleConfig_Inbound_Rdp_3389.Priority `
        -SourceAddressPrefix $RuleConfig_Inbound_Rdp_3389.SourceAddressPrefix `
        -SourcePortRange $RuleConfig_Inbound_Rdp_3389.SourcePortRange `
        -DestinationAddressPrefix $RuleConfig_Inbound_Rdp_3389.DestinationAddressPrefix `
        -DestinationPortRange $RuleConfig_Inbound_Rdp_3389.DestinationPortRange
    
      # Commit the changes back to NSG
      Set-AzureRmNetworkSecurityGroup -NetworkSecurityGroup $nsg
    
  2. 浏览到 Azure Stack Hub 管理员门户中“虚拟机”下的 CN0-VM,单击“连接”,以便通过控制器实例打开远程桌面会话。Browse to the CN0-VM under Virtual Machines in the Azure Stack Hub administrator portal and click Connect to open a remote desktop session with the controller instance. 使用在部署应用服务期间指定的凭据。Use the credentials specified during the deployment of App Service.

  3. 以管理员身份启动 PowerShell 并执行以下脚本:Start PowerShell as an Administrator and execute the following script:

        Import-Module appservice
    
        $sm = new-object Microsoft.Web.Hosting.SiteManager
    
        if($sm.HostingConfiguration.SlotsPollWorkerForChangeNotificationStatus=$true)
        {
          $sm.HostingConfiguration.SlotsPollWorkerForChangeNotificationStatus=$false
        #  'Slot swap mode reverted'
        }
    
        # Confirm new setting is false
        $sm.HostingConfiguration.SlotsPollWorkerForChangeNotificationStatus
    
        # Commit Changes
        $sm.CommitChanges()
    
        Get-AppServiceServer -ServerType ManagementServer | ForEach-Object Repair-AppServiceServer
    
    
  4. 关闭远程桌面会话。Close the remote desktop session.

  5. 将 ControllersNSG 网络安全组的设置还原为 Deny,拒绝通过远程桌面连接到应用服务控制器实例。Revert the ControllersNSG Network Security Group to Deny remote desktop connections to the App Service controller instances. 将 AppService.local 替换为部署应用服务时所在资源组的名称。Replace AppService.local with the name of the resource group you deployed App Service in.

    
        Add-AzureRmAccount -EnvironmentName AzureStackAdmin
    
        $nsg = Get-AzureRmNetworkSecurityGroup -Name "ControllersNsg" -ResourceGroupName "AppService.local"
    
        $RuleConfig_Inbound_Rdp_3389 =  $nsg | Get-AzureRmNetworkSecurityRuleConfig -Name "Inbound_Rdp_3389"
    
        Set-AzureRmNetworkSecurityRuleConfig -NetworkSecurityGroup $nsg `
          -Name $RuleConfig_Inbound_Rdp_3389.Name `
          -Description "Inbound_Rdp_3389" `
          -Access Deny `
          -Protocol $RuleConfig_Inbound_Rdp_3389.Protocol `
          -Direction $RuleConfig_Inbound_Rdp_3389.Direction `
          -Priority $RuleConfig_Inbound_Rdp_3389.Priority `
          -SourceAddressPrefix $RuleConfig_Inbound_Rdp_3389.SourceAddressPrefix `
          -SourcePortRange $RuleConfig_Inbound_Rdp_3389.SourcePortRange `
          -DestinationAddressPrefix $RuleConfig_Inbound_Rdp_3389.DestinationAddressPrefix `
          -DestinationPortRange $RuleConfig_Inbound_Rdp_3389.DestinationPortRange
    
        # Commit the changes back to NSG
        Set-AzureRmNetworkSecurityGroup -NetworkSecurityGroup $nsg
    
  6. 当应用服务部署在现有虚拟网络中并且文件服务器仅在专用网络上可用时,工作人员将无法访问文件服务器。Workers are unable to reach file server when App Service is deployed in an existing virtual network and the file server is only available on the private network.

如果选择部署到现有虚拟网络和内部 IP 地址以连接到文件服务器,则必须添加出站安全规则,以便在工作子网和文件服务器之间启用 SMB 流量。If you chose to deploy into an existing virtual network and an internal IP address to connect to your file server, you must add an outbound security rule which enables SMB traffic between the worker subnet and the file server. 转到管理员门户中的 WorkersNsg 并添加包含以下属性的出站安全规则:Go to the WorkersNsg in the administrator portal and add an outbound security rule with the following properties:

  • 源:任意Source: Any
  • 源端口范围:*Source port range: *
  • 目标:IP 地址Destination: IP addresses
  • 目标 IP 地址范围:文件服务器的 IP 范围Destination IP address range: Range of IPs for your file server
  • 目标端口范围:445Destination port range: 445
  • 协议:TCPProtocol: TCP
  • 操作:允许Action: Allow
  • 优先级:700Priority: 700
  • 姓名:Outbound_Allow_SMB445Name: Outbound_Allow_SMB445

云管理员在操作基于 Azure Stack Hub 的 Azure 应用服务时的已知问题Known issues for cloud admins operating Azure App Service on Azure Stack Hub

请参阅 Azure Stack Hub 1802 发行说明中的文档Refer to the documentation in the Azure Stack Hub 1802 Release Notes

后续步骤Next steps