Azure Service Fabric is a distributed systems platform that makes it easy to package, deploy, and manage scalable and reliable microservices. It can be deployed on Azure, but also on-premise, thus making OpenStack a great choice for the latter.
We are going to use Juju to deploy our Azure Service Fabric cluster directly on OpenStack with Active Directory for authentication / authorization and HAProxy to do a reverse proxy for the GUI and API endpoints across the cluster.
Deployment steps
Before anything else, make sure the following prerequisites are available in your OpenStack environment:
Make sure OpenStack images for both Windows Server 2012 R2 or 2016 and Ubuntu Xenial are available in Glance. Any OpenStack supported hypervisor works, including Hyper-V, KVM and ESXi. Bare Metal (Ironic) works as well.
Create a Neutron private network connected with a router to a public network that has floating IPs available for the deployment. Juju will boot Nova instances attached to the private network and it will allocate and associate a floating IP from the public network for the cluster.
Set up the Nova flavors to be used by Juju in order to boot the instances, see here for more details.
Once all the prerequisites are met, install the Juju binaries by executing the following commands on a Ubuntu Xenial machine that has access to the OpenStack cloud API:
After Juju is installed, you need to add your OpenStack cloud API endpoint details. First of all, create a yaml file with the following structure:
Now, execute the following commands to let Juju know about your cloud:
Generate Juju simplestreams metadata:
Now, you are ready to create a Juju controller instance on OpenStack:
We are now going to use Juju charms to deploy and configure a three node Azure Service Fabric cluster with Active Directory (AD) node-to-node and client-to-node security. On top of this we will add HAProxy to load-balance requests for the GUI and API endpoints of the ASF cluster.
In this scenario, we deploy charms for the following services: Azure Service Fabric, Active Directory and HAProxy.
The Azure Service Fabric charm needs the following resources in order to be deployed. Those need to be downloaded on your Juju client machine before starting the actual deployment:
.NET framework version 4.5.1 (or higher);
Service Fabric standalone zip package (section Download the Service Fabric standalone package).
Once you have your Juju resources ready, the following commands will do the magic and take care of the entire deployment:
You can monitor the deployment progress:
This is how the deployment looks like in the Juju GUI:
After the deployment finishes, the HAProxy public address can be discovered by running the following command:
Given the HAProxy public address, you may then:
Query the API at the following endpoint:
:19000
Access the Service Fabric dashboard at the the following URL: http://
:19080
One of the following two Active Directory domain user credentials are required to gain access to either the GUI or the API endpoints of the Azure Service Fabric cluster. The AD users have been requested by the Service Fabric charm from Active Directory during the deployment process, one (asf-admin) having full cluster administrative privileges, the other (asf-user) being just a normal user with read-only access to the cluster.
Passwords for these domain users are randomly generated by the AD charm. You can find their passwords by running the get-ad-user-credentials Juju action:
This is how the Service Fabric Explorer dashboard looks like after you login:
If at any point in time you decide to scale-up your cluster, you can add one or more nodes to it by simply typing the following command:
Juju will spawn more instances on OpenStack, do the proper installation / configuration and join them to the existing Service Fabric cluster.
Deploy applications from Visual Studio
In order to be able to publish applications from Visual Studio directly on your Service Fabric cluster, you need to install the Service Fabric runtime, SDK and tools for Visual Studio.
Before you start publishing applications, you need to make sure that you can successfully create a connection to the Service Fabric cluster. Since the client-to-cluster communication uses WindowsCredential Active Directory authentication, you will need to make sure you have the domain credential stored before trying to publish an application from Visual Studio. We will use the Cmdkey tool to store the Service Fabric cluster administrator credential in PowerShell:
The
, as well as both the
and the
are the ones obtained in the previous steps. To test if you can successfully connect to the cluster, you can execute the following PowerShell cmdlet:
This will return True and give you some information about the currently established session to the cluster.
Once you have validated that you can connect to the Service Fabric cluster, you can start publishing applications. For a quick demonstration, start Visual Studio, go to File -> New -> Project and create a Service Fabric Application using the Stateful Service template:
After the application is created, right click on it from the solution explorer and click Publish:
Specify the correct connection endpoint, expand Advanced Connection Parameters and set WindowsCredential to True. You should see a green check-mark near the connection endpoint box indicating that a successful connection to the cluster was made:
Now you are ready to publish the application by hitting the Publish button. In a few seconds the application should have been successfully published, which you can see either in the Visual Studio console or by checking the Service Fabric dashboard:
Notes:
If you get any errors when trying to publish the application from Visual Studio, make sure you target the .NET framework version you have previously installed on your cluster nodes.
The dashboard will show the endpoints with the private addresses of the cluster nodes for published applications that expose some particular endpoints. In order to access those endpoints, you will need to use the public address of the cluster node, instead of the private address shown in the dashboard.
What’s next?
Stay tuned for learning how to move your Service Fabric applications between on-premise OpenStack and Azure public cloud!
The post Azure Service Fabric on OpenStack appeared first on Cloudbase Solutions.