How to deploy service fabric application to remote server? - azure-service-fabric

I tried publishing the Service fabric application from Visual studio to remote VM, but it didn't work. Is it possible to deploy the service fabric app from the visual studio to a remote VM? If yes please let me know.

Follow step 4 from docs here
Manually edit the publishprofile xml file:
<ClusterConnectionParameters
ConnectionEndpoint="yourcluster:19000"
X509Credential="true"
ServerCertThumbprint="0123456789012345678901234567890123456789"
FindType="FindByThumbprint"
FindValue="9876543210987654321098765432109876543210"
StoreLocation="CurrentUser"
StoreName="My" />
Change the value of yourcluster into the machine name or IP of the VM.
Change the thumbprint to match your cluster cert.
Make sure to install the cluster certificate on your local machine too.

Related

CLI could not contact EJBCA instance

I can't access to ejbca CLI althought the deploy build successfully, JBoss is up and running, FirewallD is not running and all Troubleshooting steps are treated mentioned here:
https://doc.primekey.com/ejbca/troubleshooting-guide/command-line-interface
/opt/ejbca/bin/ejbcaa.sh return
Error: CLI could not contact EJBCA instance. Either your application server is not up and running, EJBCA has not been deployed successfully, or some firewall rule is blocking the CLI from the application server.
This is most commonly due to that EJBCA has not been deployed correctly. Check the server.log file in WildFly/JBoss for errors.

TFS: Best way to deploy to remote web server

we have a TFS 2018 running inside our Intranet and want to deploy to a remote machine outside of our intranet. The TFS is not visible from the outside (behind Firewall and does not have its own IP)
So we came up with this solution, that might work:
Set up a VPN connection between the target machine and our intranet
Create an Azure Pipeline Agent on the target machine that uses a private access token to communicate to the TFS
Is there an easier solution to this, which doesn't require a VPN connection?
We thought we could deploy to a web share from TFS and then trigger the Azure Pipeline Agent on the target machine, to start the deployment. But from the documentation of Microsoft it seems as if the Agent has to have direct access to the TFS trough HTTPS and only "listens" to jobs in the TFS queue.
That means that the only other solution to a VPN connection from the target machine would be, to make our TFS accessible from the internet trough HTTPS, right?
Unfortunately, until now we haven't found a lot of documentation on "best practices" for this use case. That's why I decided to share it here. Thanks!

service fabric failed to contact the server. please try again later or get help from "how to configure secure connections"

I'm trying to deploy a service fabric application to an unsecure Azure Service Fabric cluster. When I open the publish window in VS 2017 I get the following. If my cluster is unsecure, shouldn't I be able to publish it w/o configuring the cert?
I tried a publish anyways and I got:
Try accessing the server via powershell to maybe get a better error. Usually, errors like this are caused by firewalls blocking the port 19000.

Set TrustedHosts on Visual Studio Team Services

I'm trying to deploy a build to a VM using the Manage IIS App agent task on Visual Studio Team Services. However, when I attempt to connect via HTTP, it comes back with the following error:
The WinRM client cannot process the request. If the authentication scheme is different from Kerberos, or if the client computer is not joined to a domain, then HTTPS transport must be used or the destination machine must be added to the TrustedHosts
Unfortunately, I don't have the ability to deploy over HTTPs for reasons beyond my control so I'm trying to get around this issue by setting the VM as a trusted host, but I can't figure out how to do this using VS Online.
You can’t add trusted host to Hosted build agent (Get access is denied result if add trusted host via winrm command during build)
You can setup a new build agent and configure it to add trusted host with winrm s winrm/config/client '#{TrustedHosts="RemoteComputer"} command, after that, using this build agent to build/release.
About how to setup a new build agent, you can refer to this article.

Is there a documented way to secure (with SSL) the localhost cluster for Azure service fabric?

This article shows to how to secure the service fabric cluster in the Azure:
https://azure.microsoft.com/en-us/documentation/articles/service-fabric-visualstudio-configure-secure-connections/
But it makes no references as to how to configure developer's machine for the same. I tried to apply the same principles in the above link to see if I can make it work. It always fails to deploy services locally but works like a charm when I publish them to azure's service fabric cluster. If I remove the secure bindings, I can deploy services to local cluster successfully. But this becomes tedious whenever I want to publish the services to the azure's secure cluster.
Does any one have an idea as to how to go about creating a secure service fabric cluster on developer's machine?
I am using Service Fabric version 5.5.216.0 and it seems to be working. Run powershell command:
PS C:\Program Files\Microsoft SDKs\Service Fabric\ClusterSetup> .\DevClusterSetup.ps1 -PathToClusterDataRoot "C:\SfDevCluster\Data" -PathToClusterLogRoot "C:\SfDevCluster\Log" -AsSecureCluster
Then, open IE to browse "https://localhost:19080/Explorer/". You will see a popup asking you to choose which client certificate to connect. Use the one with name 'ServiceFabricDevClusterCert'. Chrome didn't work for me as it failed directly with no useful warning. Maybe somewhere in chrome I should enable popup window?