I am able to successfully deploy Service Fabric services to my local cluster from Azure Devops using the ServiceFabricDeploy task with a configured service connection. What I need is the ability to run some arbitrary powershell scripts against the fabric in order to perform other maintenance tasks that I want to automate via CI/CD.
How can I get a normal inline powershell task connected to my local fabric so I can interact with the cluster?
You can use the SF PowerShell module for that.
First connect to the cluster.
Next, manage the cluster using the provided functions.
Under water, these commands use the REST API of SF. Therefore you can't just run arbitrary code.
If you want to do that, you'll need to use SSH or something like PowerShell remoting.
More info on how to set it up in the Load Balancer here.
Related
I made a Terraform to create an infrastructure on Azure.
I used the provider "microsoft/azuredevops".
I need to add VMs and Azure Kubernetes Service on a specific environment that I created.
My question is how to deploy the script (which put tags) to them ?
It's not possible to deploy it in an Azure DevOps Pipeline because this last doesn't know VMs (and AKS).
I don't see anything else to made it with the provider azuredevops.
The solution (I think) will would be to extract the original script from an environment on Pipeline/Environment. I need to change all variables as personal access token and others too.
But I don't know if Microsoft change the script regularly.
What's the best solution ?
Thank you.
If you want to manage Azure resources with Terraform then you need to use the AzureRM provider not the Azure DevOps provider. The Azure DevOps provider is for managing your Azure DevOps instance.
The AzureRM provider contains resources for managing Linux and Windows VM's or for other types of resource such as AKS
Once you've written your terraform code, you can use a pipeline to run the terraform against Azure. Microsoft provide a terraform extension which can be used to call terraform in your pipeline
For the pipeline to be able to authenticate against Azure you'll need to set up a service connection. This will allow the pipeline to use a service principle in azure which can be given the appropriate level of permissions to create, update, destroy Azure Resources
Hashicorp have a good tutorial on getting started with Terraform and Azure and Microsoft also have some good documentation
Microsoft also have a tutorial on using Terraform from a pipeline, it uses the classic GUI based pipelines rather than YAML but the tasks and principles will be the same for both
Looking at the new functionality called MSI (Managed Service Identity)
Is it possible to use MSI inside VM scale sets or even better inside an Azure Service Fabric Cluster? I guess using the resource manager it might be possible, but just want to hear a confirming answer about that.
As I want to access a keyvault it would be very nice to be able to use MSI from inside a microservice running inside a Service Fabric cluster.
This is a very old question - but the answer is "Yes", now. Both via ARM template or the portal, you can assign a SystemIdentity or 1+ User identities to your VMSS
We have a Service Fabric cluster on-premise and would like to deploy code to it from Visual Studio Team Services. We use this cluster for testing and it does not have an endpoint exposed to the outside world. It is only accessible internally from inside our network.
From inside Team Services the normal way to deploy a Service Fabric application is with the "Service Fabric Application Deployment" task. This task requires a "Cluster Connection" parameter, or link to the Service Fabric Service endpoint that Team Services can access. On this cluster I can't provide an endpoint to the outside world, so this method won't work.
Is there a good, accepted way of accomplishing this? I'm considering looking at having an Agent on one of the Service Fabric nodes that can run a PowerShell script as part of the build process. I can kick off a PowerShell script on the node as part of the build process. If I could retrieve the artifacts from Team Services with this script I believe the rest of the release would be relatively straightforward.
Is this a good line of thought, or is there a more straightforward way to deploy to Service Fabric from Team Services without exposing an endpoint?
We have the same set up and using VSTS. We set up a On-Prem agent pool where agent is within our network. The agent is hook with VSTS so build and release can be trigger from VSTS. Agent have access to the artifact on VSTS and can download it for deployment. The different might be we set up a service fabric end point instead of using powershell.
Its a very simple set up and works well for us.Good luck
I want to use an azure automation account to connect to a service fabric cluster and run a health check. I'm struggling with establishing a connection to the cluster because the service fabric sdk is not present.
Is there a way to use the service fabric powershell cmdlets in an azure automation runbook?
You could import AzureRM.ServiceFabric 0.2.4 module to Azure automation account. Open the link https://www.powershellgallery.com/packages/AzureRM.ServiceFabric/0.2.4 and click Deploy to Azure Automation. Then, you could use some Service Fabric PowerShell cmdlets.
Another solution is using Hybrid Runbook Worker.
The Hybrid Runbook Worker feature of Azure Automation allows you to
run runbooks directly on the computer hosting the role and against
resources in the environment to manage those local resources.
You could install fabric cluster SDK on your local, and use Runbook worker to execute it.
I have a bit of trouble finding differences about Azure and on-premise Service Fabric versions. I did read somewhere that on-premise version does not support auto-scaling, but this is easy to understand.
However, does on-premise version offer any type of operational capabilities such as resource managers, visual management of cluster, etc.?
The core Service Fabric platform is simply a runtime that gets installed on a set of virtual or physical machines. Once you tell those machines how to find each other, they form a cluster and provide a set of management capabilities that includes the Service Fabric Explorer UI, a REST API, and a TCP endpoint for PowerShell. All of that is common whether you're running on Azure, on-premises, or in another public cloud.
What's different in those environments is everything that lives outside of the machines that form the cluster. That includes:
Autoscaling
While Service Fabric can easily handle new machines being added and removed from the cluster, it has no knowledge of how that process actually works, so some external agent needs to handle it. In Azure, that's a virtual machine scale set.
Failure domain/Upgrade domain management
Good management of failure and upgrade domains is critical to ensuring availability and data reliability in Service Fabric. In Azure, clusters are automatically spread across FDs/UDs and maintenance is coordinated to avoid impact to your clusters. In other environments, this is your responsibility.
Cluster setup and management
In Azure, a Service Fabric cluster is a 1st class resource that can be created and managed through the Azure Resource Manager and the Azure portal. Outside of Azure, you must do that management using the cluster configuration JSON template.
Incidentally, just so there's no confusion since there are overloaded terms... you can't currently use the Azure Resource Manager (ARM) with Service Fabric outside of the Azure environment. However, Service Fabric's cluster resource manager is part of the core runtime and is available everywhere.
Diagnostics pipeline
By default, Service Fabric logging (on Windows) is done via ETW. However, without any component to pick up those events from the individual machines in the cluster and ship them somewhere for easy aggregation and inspection, the logs aren't very useful. In Azure, that process is handled by the Windows Azure Diagnostics (WAD) agent, whereas in other environments you are responsible for setting up that pipeline.
You don't get to use the resource manager on premises. You can access the Service Fabric Explorer at port 19080.
https://azure.microsoft.com/en-us/documentation/articles/service-fabric-deploy-anywhere/
https://azure.microsoft.com/en-us/documentation/articles/service-fabric-visualizing-your-cluster/
Powershell management & deployment will also work.