配置 Reliable Actors 的 FabricTransport 设置Configure FabricTransport settings for Reliable Actors

以下为用户可以配置的设置:Here are the settings that you can configure:

可以通过以下方式修改 FabricTransport 的默认配置。You can modify the default configuration of FabricTransport in following ways.

程序集属性Assembly attribute

需要在执行组件客户端和执行组件服务程序集上应用 FabricTransportActorRemotingProvider 属性。The FabricTransportActorRemotingProvider attribute needs to be applied on the actor client and actor service assemblies.

以下示例演示如何更改 FabricTransport OperationTimeout 设置的默认值:The following example shows how to change the default value of FabricTransport OperationTimeout settings:

using Microsoft.ServiceFabric.Actors.Remoting.FabricTransport;
[assembly:FabricTransportActorRemotingProvider(OperationTimeoutInSeconds = 600)]

第二个示例更改 FabricTransport MaxMessageSize 和 OperationTimeoutInSeconds 的默认值。Second example changes default Values of FabricTransport MaxMessageSize and OperationTimeoutInSeconds.

using Microsoft.ServiceFabric.Actors.Remoting.FabricTransport;
[assembly:FabricTransportActorRemotingProvider(OperationTimeoutInSeconds = 600,MaxMessageSize = 134217728)]

配置包Config package

可以使用配置包修改默认配置。You can use a config package to modify the default configuration.

Important

在 Linux 节点上,证书必须是 PEM 格式。On Linux nodes, certificates must be PEM-formatted. 若要详细了解如何查找和配置适用于 Linux 的证书,请参阅在 Linux 上配置证书To learn more about locating and configuring certificates for Linux, see Configure certificates on Linux.

配置执行组件服务的 FabricTransport 设置Configure FabricTransport settings for the actor service

在 settings.xml 文件中添加 TransportSettings 节。Add a TransportSettings section in the settings.xml file.

默认情况下,执行组件代码寻找“<ActorName>TransportSettings”形式的 SectionName。By default, actor code looks for SectionName as "<ActorName>TransportSettings". 如果未找到,则会查找“TransportSettings”形式的 SectionName。If that's not found, it checks for SectionName as "TransportSettings".

<Section Name="MyActorServiceTransportSettings">
     <Parameter Name="MaxMessageSize" Value="10000000" />
     <Parameter Name="OperationTimeoutInSeconds" Value="300" />
     <Parameter Name="SecurityCredentialsType" Value="X509" />
     <Parameter Name="CertificateFindType" Value="FindByThumbprint" />
     <Parameter Name="CertificateFindValue" Value="4FEF3950642138446CC364A396E1E881DB76B48C" />
     <Parameter Name="CertificateRemoteThumbprints" Value="b3449b018d0f6839a2c5d62b5b6c6ac822b6f662" />
     <Parameter Name="CertificateStoreLocation" Value="LocalMachine" />
     <Parameter Name="CertificateStoreName" Value="My" />
     <Parameter Name="CertificateProtectionLevel" Value="EncryptAndSign" />
     <Parameter Name="CertificateRemoteCommonNames" Value="ServiceFabric-Test-Cert" />
 </Section>

配置执行组件客户端程序集的 FabricTransport 设置Configure FabricTransport settings for the actor client assembly

如果客户端不是作为服务一部分运行,则可在客户端 .exe 文件所在的同一位置创建“<Client Exe Name>.settings.xml”文件。If the client is not running as part of a service, you can create a "<Client Exe Name>.settings.xml" file in the same location as the client .exe file. 然后,在此文件中添加 TransportSettings 部分。Then add a TransportSettings section in that file. SectionName 应为“TransportSettings”。SectionName should be "TransportSettings".

<?xml version="1.0" encoding="utf-8"?>
<Settings xmlns:xsd="https://www.w3.org/2001/XMLSchema" xmlns:xsi="https://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/2011/01/fabric">
  <Section Name="TransportSettings">
    <Parameter Name="SecurityCredentialsType" Value="X509" />
    <Parameter Name="OperationTimeoutInSeconds" Value="300" />
    <Parameter Name="CertificateFindType" Value="FindByThumbprint" />
    <Parameter Name="CertificateFindValue" Value="b3449b018d0f6839a2c5d62b5b6c6ac822b6f662" />
    <Parameter Name="CertificateRemoteThumbprints" Value="4FEF3950642138446CC364A396E1E881DB76B48C" />
    <Parameter Name="OperationTimeoutInSeconds" Value="300" />
    <Parameter Name="CertificateStoreLocation" Value="LocalMachine" />
    <Parameter Name="CertificateStoreName" Value="My" />
    <Parameter Name="CertificateProtectionLevel" Value="EncryptAndSign" />
    <Parameter Name="CertificateRemoteCommonNames" Value="WinFabric-Test-SAN1-Alice" />
  </Section>
</Settings>
  • 使用辅助证书为安全执行组件服务/客户端配置 FabricTransport 设置。Configuring FabricTransport Settings for Secure Actor Service/Client With Secondary Certificate. 可通过添加参数 CertificateFindValuebySecondary 来添加辅助证书信息。Secondary certificate information can be added by adding parameter CertificateFindValuebySecondary. 以下是侦听器 TransportSettings 的示例。Below is the example for the Listener TransportSettings.

    <Section Name="TransportSettings">
    <Parameter Name="SecurityCredentialsType" Value="X509" />
    <Parameter Name="CertificateFindType" Value="FindByThumbprint" />
    <Parameter Name="CertificateFindValue" Value="b3449b018d0f6839a2c5d62b5b6c6ac822b6f662" />
    <Parameter Name="CertificateFindValuebySecondary" Value="h9449b018d0f6839a2c5d62b5b6c6ac822b6f690" />
    <Parameter Name="CertificateRemoteThumbprints" Value="4FEF3950642138446CC364A396E1E881DB76B48C,a9449b018d0f6839a2c5d62b5b6c6ac822b6f667" />
    <Parameter Name="CertificateStoreLocation" Value="LocalMachine" />
    <Parameter Name="CertificateStoreName" Value="My" />
    <Parameter Name="CertificateProtectionLevel" Value="EncryptAndSign" />
    </Section>
    

    以下是客户端 TransportSettings 的示例。Below is the example for the Client TransportSettings.

    <Section Name="TransportSettings">
    <Parameter Name="SecurityCredentialsType" Value="X509" />
    <Parameter Name="CertificateFindType" Value="FindByThumbprint" />
    <Parameter Name="CertificateFindValue" Value="4FEF3950642138446CC364A396E1E881DB76B48C" />
    <Parameter Name="CertificateFindValuebySecondary" Value="a9449b018d0f6839a2c5d62b5b6c6ac822b6f667" />
    <Parameter Name="CertificateRemoteThumbprints" Value="b3449b018d0f6839a2c5d62b5b6c6ac822b6f662,h9449b018d0f6839a2c5d62b5b6c6ac822b6f690" />
    <Parameter Name="CertificateStoreLocation" Value="LocalMachine" />
    <Parameter Name="CertificateStoreName" Value="My" />
    <Parameter Name="CertificateProtectionLevel" Value="EncryptAndSign" />
    </Section>
    
  • 通过使用者名称为安全执行组件服务/客户端配置 FabricTransport 设置。Configuring FabricTransport Settings for Securing Actor Service/Client Using Subject Name. 用户需提供 findType 作为 FindBySubjectName,并添加 CertificateIssuerThumbprints 和 CertificateRemoteCommonNames 值。User needs to provide findType as FindBySubjectName,add CertificateIssuerThumbprints and CertificateRemoteCommonNames values. 以下是侦听器 TransportSettings 的示例。Below is the example for the Listener TransportSettings.

    <Section Name="TransportSettings">
    <Parameter Name="SecurityCredentialsType" Value="X509" />
    <Parameter Name="CertificateFindType" Value="FindBySubjectName" />
    <Parameter Name="CertificateFindValue" Value="CN = WinFabric-Test-SAN1-Alice" />
    <Parameter Name="CertificateIssuerThumbprints" Value="b3449b018d0f6839a2c5d62b5b6c6ac822b6f662" />
    <Parameter Name="CertificateRemoteCommonNames" Value="WinFabric-Test-SAN1-Bob" />
    <Parameter Name="CertificateStoreLocation" Value="LocalMachine" />
    <Parameter Name="CertificateStoreName" Value="My" />
    <Parameter Name="CertificateProtectionLevel" Value="EncryptAndSign" />
    </Section>
    

    以下是客户端 TransportSettings 的示例。Below is the example for the Client TransportSettings.

    <Section Name="TransportSettings">
    <Parameter Name="SecurityCredentialsType" Value="X509" />
    <Parameter Name="CertificateFindType" Value="FindBySubjectName" />
    <Parameter Name="CertificateFindValue" Value="CN = WinFabric-Test-SAN1-Bob" />
    <Parameter Name="CertificateStoreLocation" Value="LocalMachine" />
    <Parameter Name="CertificateStoreName" Value="My" />
    <Parameter Name="CertificateRemoteCommonNames" Value="WinFabric-Test-SAN1-Alice" />
    <Parameter Name="CertificateProtectionLevel" Value="EncryptAndSign" />
    </Section>