Azure Stack Hub 上的应用服务 Update 7 发行说明App Service on Azure Stack Hub update 7 release notes

这些发行说明介绍 Azure Stack Hub 上的 Azure 应用服务 Update 7 中的新功能、修复和已知问题。These release notes describe new features, fixes, and known issues in Azure App Service on Azure Stack Hub update 7. 已知问题分为两部分:与升级过程相关的问题,以及内部版本(安装后)的问题。Known issues are divided into two sections: issues related to the upgrade process and issues with the build (post-installation).

重要

请将 1910 更新应用于 Azure Stack 集成系统,或部署最新的 Azure Stack 开发工具包 (ASDK),然后部署 Azure 应用服务 1.7。Apply the 1910 update to your Azure Stack integrated system or deploy the latest Azure Stack Development Kit (ASDK) before deploying Azure App Service 1.7.

内部版本参考Build reference

Azure Stack Hub 上的应用服务 Update 7 的内部版本号为 84.0.2.10****。The App Service on Azure Stack Hub Update 7 build number is 84.0.2.10.

先决条件Prerequisites

在开始部署之前,请参阅在 Azure Stack Hub 上部署应用服务的先决条件See Prerequisites for deploying App Service on Azure Stack Hub before beginning deployment.

开始将 Azure Stack Hub 上的 Azure 应用服务升级到 1.7 之前:Before you begin the upgrade of Azure App Service on Azure Stack Hub to 1.7:

  • 请确保所有角色在 Azure Stack Hub 管理员门户的 Azure 应用服务管理中处于“就绪”状态。Ensure all roles are ready in Azure App Service administration in the Azure Stack Hub administrator portal.

  • 在 Azure Stack Hub 管理员门户中使用应用服务管理来备份应用服务机密Backup App Service Secrets using the App Service Administration in the Azure Stack Hub Admin Portal

  • 备份应用服务和 master 数据库:Back up the App Service and master Databases:

    • AppService_Hosting;AppService_Hosting;
    • AppService_Metering;AppService_Metering;
    • master
  • 备份租户应用内容文件共享。Back up the tenant app content file share.

    重要

    云操作员负责文件服务器和 SQL Server 的维护和操作。Cloud operators are responsible for the maintenance and operation of the File Server and SQL Server. 资源提供程序不管理这些资源。The resource provider does not manage these resources. 云操作员负责备份应用服务数据库和租户内容文件共享。The cloud operator is responsible for backing up the App Service databases and tenant content file share.

  • 同步发布 Azure Stack Hub 市场的自定义脚本扩展版本 1.9.3**** ****。Syndicate the Custom Script Extension version 1.9.3 from the Azure Stack Hub Marketplace.

新功能和修复New features and fixes

Azure Stack Hub 上的 Azure 应用服务 Update 7 包含以下改进和修复:Azure App Service on Azure Stack Hub Update 7 includes the following improvements and fixes:

  • CVE-2019-1372 远程代码执行漏洞的解决方案。Resolution for CVE-2019-1372 Remote Code Execution Vulnerability.

  • 针对应用服务租户、管理员、函数门户和 Kudu 工具**** 的更新。Updates to App Service tenant, administrator, functions portals, and Kudu tools. 与 Azure Stack Hub 门户 SDK 版本一致。Consistent with Azure Stack Hub Portal SDK version.

  • Azure Functions 运行时更新到 v1.0.12582Updates Azure Functions runtime to v1.0.12582.

  • 针对核心服务的更新,用于提高可靠性和错误消息传递,以便更轻松地诊断常见问题。Updates to core service to improve reliability and error messaging enabling easier diagnosis of common issues.

  • 针对以下应用框架和工具的更新Updates to the following app frameworks and tools:

    • ASP.NET Core 2.2.46ASP.NET Core 2.2.46
    • Zul OpenJDK 8.38.0.13Zul OpenJDK 8.38.0.13
    • Tomcat 7.0.94Tomcat 7.0.94
    • Tomcat 8.5.42Tomcat 8.5.42
    • Tomcat 9.0.21Tomcat 9.0.21
    • PHP 5.6.40PHP 5.6.40
    • PHP 7.3.6PHP 7.3.6
    • 已将 Kudu 更新到 82.10503.3890Updated Kudu to 82.10503.3890
  • 对所有角色的基础操作系统的更新Updates to underlying operating system of all roles:

  • 访问限制现已在用户门户中启用Access restrictions now enabled in user portal:

    备注

    Azure Stack Hub 上的 Azure 应用服务不支持服务终结点。Azure App Service on Azure Stack Hub does not support service endpoints.

  • 部署选项(经典)功能已还原Deployment options (classic) functionality restored:

    • 用户可以再次使用“部署选项(经典)”从 GitHub、Bitbucket、Dropbox、OneDrive、本地和外部存储库配置其应用的部署,以及为其应用设置部署凭据。Users can once again use the deployment options (classic) to configure deployment of their apps from GitHub, Bitbucket, Dropbox, OneDrive, local and external repositories, and to set the deployment credentials for their apps.
  • Azure 函数监视**** 已正确配置。Azure function monitoring configured correctly.

  • Windows 更新行为:我们已根据用户反馈更改了通过 Update 7 在应用服务角色上对 Windows 更新进行配置的方式:Windows update behavior: Based on customer feedback, we've changed the way Windows Update is configured on App Service roles from Update 7:

    • 三种模式:Three modes:
      • 禁用 - Windows 更新服务处于禁用状态,Windows 将使用 KB 进行更新,该 KB 随附在基于 Azure Stack Hub 的 Azure 应用服务发布版中;Disabled - Windows Update service disabled, Windows is updated with the KB that's shipped with Azure App Service on Azure Stack Hub releases;
      • 自动 - Windows 更新服务处于启用状态,由 Windows 更新决定以何种方式在何时进行更新;Automatic - Windows Update service enabled and Windows Update determines how and when to update;
      • 托管 - Windows 更新服务处于禁用状态,Azure 应用服务会在对单个角色执行 OnStart 期间执行 Windows 更新循环。Managed - Windows Update service is disabled, Azure App Service performs a Windows Update cycle during OnStart of the individual role.

    部署 - Windows 更新服务默认禁用。New Deployments - Windows Update service is disabled by default.

    现有部署 - 如果在控制器上修改了设置,则该值会从“False”**** 更改为“Disabled”****,以前的值“true”**** 会变为“Automatic”****。Existing Deployments - If you've modified the setting on the controller, the value will change from False to Disabled and a previous value of true will become Automatic.

部署后步骤Post-deployment steps

重要

如果已为应用服务资源提供程序提供了 SQL Always On 实例,则必须将 appservice_hosting 和 appservice_metering 数据库添加到可用性组并同步数据库,以免在进行数据库故障转移时丢失服务。If you've provided the App Service resource provider with a SQL Always On Instance you MUST add the appservice_hosting and appservice_metering databases to an availability group and synchronize the databases to prevent any loss of service in the event of a database failover.

已知问题(安装后)Known issues (post-installation)

  • 如 Azure Stack Hub 上的 Azure 应用服务部署文档中所述,当应用服务部署在现有虚拟网络中并且文件服务器仅在专用网络上可用时,工作线程将无法访问文件服务器。Workers are unable to reach file server when App Service is deployed in an existing virtual network and the file server is only available on the private network, as called out in the Azure App Service on Azure Stack Hub deployment documentation.

如果选择部署到现有虚拟网络和内部 IP 地址以连接到文件服务器,则必须添加出站安全规则,以便在工作子网和文件服务器之间启用 SMB 流量。If you chose to deploy into an existing virtual network and an internal IP address to connect to your file server, you must add an outbound security rule, enabling SMB traffic between the worker subnet and the file server. 转到管理员门户中的 WorkersNsg 并添加包含以下属性的出站安全规则:Go to the WorkersNsg in the administrator portal and add an outbound security rule with the following properties:

  • 源:任意Source: Any
  • 源端口范围:*Source port range: *
  • 目标:IP 地址Destination: IP addresses
  • 目标 IP 地址范围:文件服务器的 IP 范围Destination IP address range: Range of IPs for your file server
  • 目标端口范围:445Destination port range: 445
  • 协议:TCPProtocol: TCP
  • 操作:允许Action: Allow
  • 优先级:700Priority: 700
  • 姓名:Outbound_Allow_SMB445Name: Outbound_Allow_SMB445

云管理员在操作基于 Azure Stack Hub 的 Azure 应用服务时的已知问题Known issues for cloud admins operating Azure App Service on Azure Stack Hub

请参阅 Azure Stack Hub 1907 发行说明中的文档Refer to the documentation in the Azure Stack Hub 1907 release notes

后续步骤Next steps