chackdan / service-fabric Goto Github PK

PowerShell 59.77% Python 40.23%

service-fabric's Introduction

Introduction

This is a public repo that I use to share out PowerShell Modules, ARM templates and other helpful documents, that I have had customers ask me for and the ones that I have personally found to be very helpful with using Microsoft Azure service fabric

Microsoft Azure Service Fabric Helper PowerShell module

You can find ServiceFabricRPHelper module under the Scripts folder.

This PowerShell module allows you to do two things easily. The ReadMe.txt file in that folder explains the syntax.

Create and upload a certificate to azure Key Vault : For detailed instructions, refer to Service Fabric Security

Microsoft Azure Service Fabric ARM templates

This repository contains templates that you can use to deploy Microsoft Azure Service Fabric Clusters into Microsoft Azure. I have posted two of these templates to the azure template gallery as well.

If you are wanting to create a custom ARM template for your cluster, then you have to choices.

You can acquire this sample template make changes to it.
Log into the azure portal and use the service fabric portal pages to generate the template for you to customize. 3. Log on to the Azure Portal http://aka.ms/servicefabricportal. 2. Go through the process of creating the cluster as described in Creating Service Fabric Cluster via portal , but do not click on *OK, instead go to Summary and download the template.
```
 ![DownloadTemplate][DownloadTemplate]
```
1. you can save the downloaded template to your local machine, make any changes you need and deploy to azure.

Refer to Deploying ARM templates using PS if you need guidance on how to.

service-fabric's People

Contributors

Stargazers

Watchers

Forkers

benaadams seppa dkallen davidkulpe kjeyakumar darylscorner xuxiaopao vsssrinivas1985 tillmaurer jrbancel ninlar sonalpatilitron edtheshed kook005 miclip denispitcher shenglesoft paulirwin crael conx-ryan bnkumark glentb rshirani rajaprad sunilbirari greatmaster75 craigmpeters strobaek pulkittomar ajiangcn saidrad vdhanasekar jaldeep alkreddy jseely beroder lasthero jbaarssen asagarw pika382 derekhoneywell edpaca miranda-ge shekharreddyn roopeshnair smohrle vijayaramb inriveracademy purdeeph vbhadrir anush89 jwendl donaldmcn magnusolden abrimer-mtn mauliksoni cortextual thibautranise vishalishere ssstopalle kavyako tocorobo ivansemenovv siddharth-dhawan jcolinmurray directsales omardelrio farchide dieuwertjek olandese seabassw kspoojary cjrosa alexhhh dialalpha dleblond312 forester123 tuomast bibliothek simply-awesome heeldin d3ncyl0br1n0 cristma codejockey0x01 ross-p-smith baburb abhi-hike ptoonen hirayamanaoki mschulz531 arsherwani smartpcr cthia sprab lararubbelke mviswan krystay bhavanakonchada sonata82 greatjun007

service-fabric's Issues

Error Could not load file or assembly System.Fabric.CSMTemplate.dll' or one of its dependencies. Operation is not supported

ServiceFabricRPHelpers.psm1 [-Provider parameter no longer valid for powershell v5+?]

The "New-SelfSignedCertificate" in the else block no longer works with powershell v5 (and higher?):

$PspkiVersion = (Get-Module PSPKI).Version
if($PSPKIVersion.Major -ieq 3 -And $PspkiVersion.Minor -ieq 2 -And $PspkiVersion.Build -ieq 5) {
New-SelfsignedCertificateEx -Subject "CN=$DnsName" -EKU "Server Authentication", "Client authentication" -KeyUsage "KeyEncipherment, DigitalSignature" -Path $NewPfxFilePath -Password $securePassword -Exportable
}
else {
New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My -DnsName $DnsName -Provider 'Microsoft Enhanced Cryptographic Provider v1.0' | Export-PfxCertificate -FilePath $NewPfxFilePath -Password $securePassword | Out-Null
}
We got it to work by removing "-Provider 'Microsoft Enhanced Cryptographic Provider v1.0'" from the New-SelfSignedCertificate line.

Connection to Service Fabric Cluster Endpoint From Behind Corporate Proxy

How to get connected to SF Cluster Endpoints from behind corporate proxy?
As I am getting below:
WARNING: Failed to contact Naming Service. Attempting to contact Failover Manager Service... WARNING: Failed to contact Failover Manager Service, Attempting to contact FMM... False WARNING: No connection could be made because the target machine actively refused it 40.117.45.185:19000 Connect-ServiceFabricCluster : No cluster endpoint is reachable, please check if there is connectivity/firewall/DNS issue. At line:1 char:1 + Connect-ServiceFabricCluster -ConnectionEndpoint mycluster.westus.cloudap ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [Connect-ServiceFabricCluster], FabricException + FullyQualifiedErrorId : TestClusterConnectionErrorId,Microsoft.ServiceFabric.Powershell.ConnectCluster

The term 'New-AzureRmResourceGroup' is not recognized

Invoke-AddCertToKeyVault -SubscriptionId "xxxxxxxx-8cfb-4b8a-9c6f-4d1d5484852d" -ResourceGroupName "ServiceFabric_rg" -Location "eastus" -VaultName "sfkeyv2" -CertificateName "servicefabriccertificate1" -Password "Password@1234" -CreateSelfSignedCertificate -DnsName "www.appsfabric.eastus.cloudapp.azure.com" -OutputPath "C:\Certificate
recognized

Invoke-AddCertToKeyVault : The term 'New-AzureRmResourceGroup' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling
of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1

Invoke-AddCertToKeyVault -SubscriptionId "1428e18b-8cfb-4b8a-9c6f-4d1 ...

  + CategoryInfo          : ObjectNotFound: (New-AzureRmResourceGroup:String) [Invoke-AddCertToKeyVault], CommandNotFoundException
  + FullyQualifiedErrorId : CommandNotFoundException,Invoke-AddCertToKeyVault

Cannot import module from PowerShell

When attempting to import this on my Windows 10 laptop, I get the following error:

Add-Type : Could not load file or assembly
'file:///C:\users\tom.medhurst\Desktop\sfmodule\Scripts\ServiceFabricRPHelpers\System.Fabric.CSMTemplate\System.Fabric.CSMTemplate.dll' or
one of its dependencies. Operation is not supported. (Exception from HRESULT: 0x80131515)
At C:\users\tom.medhurst\Desktop\sfmodule\Scripts\ServiceFabricRPHelpers\ServiceFabricRPHelpers.psm1:11 char:1
Add-Type -Path "$invocationDir\System.Fabric.CSMTemplate\System.Fabri ...
- CategoryInfo          : NotSpecified: (:) [Add-Type], FileLoadException
- FullyQualifiedErrorId : System.IO.FileLoadException,Microsoft.PowerShell.Commands.AddTypeCommand

I have downloaded the entire contents of the repo and have even tried an escalated powershell but neither seem to work.

The assembly exists, but there must be another dependency etc. that is missing?

Command ran:
import-module "C:\users\tom.medhurst\Desktop\sfmodule\Scripts\ServiceFabricRPHelpers\ServiceFabricRPHelpers.psm1"

Error creating cluster using 5-VM-1-NodeTypes-SecureRP_ServiceCertValidationNone.json

New-AzureRmServiceFabricCluster : The primary certificate parameters names in the parameters file should be specified with 'sourceVaultValue','certificateThumbprint','certificateUrlValue', if the secondary certificate parameters are specified in the parameters file,
the parameters names should be specified with 'secSourceVaultValue','secCertificateThumbprint','secCertificateUrlValue'.
At line:1 char:1
+ New-AzureRmServiceFabricCluster -ResourceGroupName $resourceGroupName ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [New-AzureRmServiceFabricCluster], PSArgumentException
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.ServiceFabric.Commands.NewAzureRmServiceFabricCluster

After changing the parameters

  "clusterCertificateStorevalue": {
      "value": "My"
    },
    "clusterCertificateThumbprint": {
      "value": ""
    },
    "sourceVaultvalue": {
      "value": ""
    },
    "clusterCertificateUrlvalue": {
      "value": ""
    },

to:

   "certificateStorevalue": {
      "value": "My"
    },
    "certificateThumbprint": {
      "value": ""
    },
    "sourceVaultvalue": {
      "value": ""
    },
    "certificateUrlvalue": {
      "value": ""
    },

I get the error

New-AzureRmServiceFabricCluster : Code:DeploymentFailed, Message:At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details. ,Details: Code:BadRequest, Message:{
  "error": {
    "code": "InvalidRequestFormat",
    "message": "Cannot parse the request.",
    "details": [
      {
        "code": "InvalidRequestFormat",
        "message": "The Thumbprint field is required."
      }
    ]
  }
} ,Details:
At line:1 char:1
+ New-AzureRmServiceFabricCluster -ResourceGroupName $resourceGroupName ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [New-AzureRmServiceFabricCluster], Exception
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.ServiceFabric.Commands.NewAzureRmServiceFabricCluster

New-AzureRmServiceFabricCluster : One or more errors occurred.
At line:1 char:1
+ New-AzureRmServiceFabricCluster -ResourceGroupName $resourceGroupName ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [New-AzureRmServiceFabricCluster], AggregateException
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.ServiceFabric.Commands.NewAzureRmServiceFabricCluster

5-VM-1-NodeTypes-SecureRP_ServiceCertValidationNone.json.txt
5-VM-1-NodeTypes-SecureRP_ServiceCertValidationNone.parameters.json.txt

Invoke-AddCertToKeyVault without private key

The powershell command you created Invoke-AddCertToKeyVault has the following parameters to upload an existing certificate to KeyVault:

-UseExistingCertificate
-ExistingPfxFilePath

The Json blob you create even specifies dataType = 'pfx'

How would I modify this script to upload a certificate that does not contain a private key, e.g. a .cer file instead of a .pfx file?

A parameter cannot be found that matches parameter name 'Provider'.

Line 409
New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My -DnsName $DnsName -Provider 'Microsoft Enhanced Cryptographic Provider v1.0' | Export-PfxCertificate -FilePath $NewPfxFilePath -Password $securePassword | Out-Null

results into an error:

Invoke-AddCertToKeyVault : A parameter cannot be found that matches parameter name 'Provider'.

I have been looking around and found only powershell scripts for ProviderName, but not out of the box.

System.IO.FileLoadException

I am getting this error. I am running the latest

PSPKI module changes

It seems the latest PSPKI module has changed. New-SelfSignedCertificate is now New-SelfSignedCertificateEx

PSPKI Documentation for New-SelfSignedCertificateEx

Running your script from VSTS

This is probably more of a VSTS thing than ServiceFabric, however I was trying to execute your script from VSTS as an inline powershell task. I can clone your repo, import your module and execute the script. However I get an Access Denied in KeyVaultDataServiceClient.SetSecret. I have also gone to the KeyVault and added the Microsoft.VisualStudio.Online Application Name in the Access Policies. Will I have to interact with KeyVault in a different way if I am using a ServicePrincipal?