I'm currently trying to change the deployment model I have on my project so that I can deploy an existing Service Fabric application using ARM templates and enable Managed Identity in Azure.
During this process, I had to configure the managed identity on the application manifest:
<ManagedIdentities>
<ManagedIdentity Name="SystemAssigned" />
</ManagedIdentities>
and add identity binding policies to each of the services like so:
<Policies>
<IdentityBindingPolicy ServiceIdentityRef="KeyVaultUser" ApplicationIdentityRef="SystemAssigned" />
</Policies>
If I deploy this application manifest to Azure, I have no problems. However, locally is quite different since now I cannot deploy to my local development cluster, and this is the log of the deployment script:
>Application package is registered.
>Removing application package from image store...
>Remove application package succeeded
>Creating application...
>New-ServiceFabricApplication : Application managed identity PrincipalId cannot be null or empty.
>FileName: ManagedApplicationIdentity
>At C:\Program Files\Microsoft SDKs\Service
>Fabric\Tools\PSModule\ServiceFabricSDK\Publish-NewServiceFabricApplication.ps1:466 char:3
>+ New-ServiceFabricApplication -ApplicationName $ApplicationNam ...
>+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> + CategoryInfo : InvalidOperation: (Microsoft.Servi...usterConnection:ClusterConnection) [New-ServiceFabr
> icApplication], FabricException
> + FullyQualifiedErrorId : CreateApplicationInstanceErrorId,Microsoft.ServiceFabric.Powershell.NewApplication
>
>Finished executing script 'Deploy-FabricApplication.ps1'.
As far as I could investigate, there is no way to add the identity binding policies using the services ARM definitions, so those need to be in the manifest.
Any ideas on how to overcome this issue and be able to deploy both to Azure and local clusters?
Related
Azure App Service Deploy finishes successfully, but the files were not updated.
I'm using the pipeline step version 4.*
The WebApp.zip is retrieved successfully from the build and it contains the files, but in a strange subfolder structure: Content\d_C\a\1\s\Platform\Backend\Backend.WebApp (my path starts at 'Platform').
I already tried to use the WebApp release step, but it says it's not compatible with zip files.
This is the log output of the release step:
2019-05-21T13:09:43.6381219Z ##[section]Starting: Azure App Service Deploy: contras
2019-05-21T13:09:43.6498586Z ==============================================================================
2019-05-21T13:09:43.6498697Z Task : Azure App Service Deploy
2019-05-21T13:09:43.6498814Z Description : Update Azure App Services on Windows, Web App on Linux with built-in images or Docker containers, ASP.NET, .NET Core, PHP, Python or Node.js based Web applications, Function Apps on Windows or Linux with Docker Containers, Mobile Apps, API applications, Web Jobs using Web Deploy / Kudu REST APIs
2019-05-21T13:09:43.6498952Z Version : 4.3.24
2019-05-21T13:09:43.6499008Z Author : Microsoft Corporation
2019-05-21T13:09:43.6499078Z Help : [More information](https://aka.ms/azurermwebdeployreadme)
2019-05-21T13:09:43.6499169Z ==============================================================================
2019-05-21T13:09:44.4804024Z Got service connection details for Azure App Service:'contras'
2019-05-21T13:09:44.9625484Z Updating App Service Application settings. Data: {"WEBSITE_RUN_FROM_PACKAGE":"0"}
2019-05-21T13:09:58.0865664Z Updated App Service Application settings and Kudu Application settings.
2019-05-21T13:09:58.4962410Z [command]"C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe" -verb:sync -source:package='D:\a\r1\a\_MoonDesk Test\drop\WebApp.zip' -dest:auto,ComputerName='https://contras-staging.scm.azurewebsites.net:443/msdeploy.axd?site=contras',UserName='$contras__staging',Password='***',AuthType='Basic' -setParam:name='IIS Web Application Name',value='contras' -enableRule:AppOffline -retryAttempts:6 -retryInterval:10000 -enableRule:DoNotDeleteRule -userAgent:VSTS_7c1c6e1c-7491-4898-bc4d-a85345921032_Release__16_26_1
2019-05-21T13:09:59.9100098Z Info: Using ID 'fe8253d8-98f3-4403-9e0d-98ceb9f2a406' for connections to the remote server.
2019-05-21T13:10:11.3653059Z Total changes: 0 (0 added, 0 deleted, 0 updated, 0 parameters changed, 0 bytes copied)
2019-05-21T13:10:11.4450004Z Updating App Service Application settings. Data: {"CloudVersion":"1.4.2"}
2019-05-21T13:10:22.5003712Z Updated App Service Application settings and Kudu Application settings.
2019-05-21T13:10:26.5732176Z Successfully updated App Service configuration details
2019-05-21T13:10:33.4106055Z Successfully updated deployment History at https://contras-staging.scm.azurewebsites.net/api/deployments/161558444226571
2019-05-21T13:10:33.4184229Z App Service Application URL: http://contras-staging.azurewebsites.net
2019-05-21T13:10:33.4378162Z ##[section]Finishing: Azure App Service Deploy: contras
Solved it here...The solution/problem lay in the VS solution, which resulted in an invalid zip content.
https://developercommunity.visualstudio.com/content/problem/587989/azure-devops-release-pipeline-azure-app-service-fi.html
I am planning to use service fabric chaos to test my service, however starting it gives me the following error:
Start-ServiceFabricChaos : An error occurred during this operation. Please check the trace logs for more details.
At line:1 char:1
+ Start-ServiceFabricChaos -TimeToRunMinute 60 -MaxConcurrentFaults 3 - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Microsoft.Servi...usterConnection:ClusterConnection) [Start-ServiceFabricChaos], FabricException
+ FullyQualifiedErrorId : StartChaosCommandErrorId,Microsoft.ServiceFabric.Powershell.StartChaos
I don't see any trace files but upon looking at Service Fabric explorer, I don't see the Fault Analysis Service listed under System application. The only system services I see are clustermanagerservice, failovermanagerservice, namingservice.
What is causing the fault analysis service to be missing ?
Control panel shows the following bits installed:
Microsoft Azure Service Fabric 6.2.283.9494
Microsoft Azure Service Fabric SDK 3.1.283.9494
The service only starts if minimum 5 node dev cluster used. After resetting the cluster by following the link here, it worked as expected. All services showed up.
reset SF cluster
I have created a new Azure DevOps project. Asp.Net core 2.1, Service Fabric deploy.
First deploy went fine. Without any changes subsequent releases are failing
warnings and error
2018-10-10T08:24:17.8368242Z ##[section]Starting: Deploy Service Fabric Application
2018-10-10T08:24:17.8375072Z ==============================================================================
2018-10-10T08:24:17.8375163Z Task : Service Fabric Application Deployment
2018-10-10T08:24:17.8375234Z Description : Deploy a Service Fabric application to a cluster.
2018-10-10T08:24:17.8375288Z Version : 1.7.22
2018-10-10T08:24:17.8375356Z Author : Microsoft Corporation
2018-10-10T08:24:17.8375410Z Help : [More Information](https://go.microsoft.com/fwlink/?LinkId=820528)
2018-10-10T08:24:17.8375479Z ==============================================================================
2018-10-10T08:24:20.0073284Z Searching for path: D:\a\r1\a\**\drop\projectartifacts\**\PublishProfiles\Cloud.xml
2018-10-10T08:24:20.2879096Z Found path: D:\a\r1\a\Drop\drop\projectartifacts\Application\Voting\PublishProfiles\Cloud.xml
2018-10-10T08:24:20.3657104Z Searching for path: D:\a\r1\a\**\drop\applicationpackage
2018-10-10T08:24:20.4618957Z Found path: D:\a\r1\a\Drop\drop\applicationpackage
2018-10-10T08:24:20.7317155Z Imported cluster client certificate with thumbprint '25826D862588CBFA3D2113D882255156F7233F44'.
2018-10-10T08:25:02.0637557Z ##[warning]Failed to contact Naming Service. Attempting to contact Failover Manager Service...
2018-10-10T08:25:42.0730582Z ##[warning]Failed to contact Failover Manager Service, Attempting to contact FMM...
2018-10-10T08:26:22.0962942Z ##[warning]No such host is known
2018-10-10T08:26:22.2408731Z Service fabric SDK version: 3.2.176.9494.
2018-10-10T08:26:22.4279087Z ##[error]No cluster endpoint is reachable, please check if there is connectivity/firewall/DNS issue.
2018-10-10T08:26:22.4687237Z ##[section]Finishing: Deploy Service Fabric Application
All other devops project releases are failing also for same reason.
Any help to debug appreciated
well, this clearly has nothing to do with the release if all the releases are failing. Something happened to your cluster or to your service endpoint
You would need to check if you can connect to the cluster endpoint manually with powershell, for example (connect-servicefabricluster or something along those lines).
misunderstanding of built in release task.
guess cluster was created by DevOps project create and not release task as I thought.
I'm trying to publish a solution to a service fabric cluster, but something's going wrong. I've got access to a party cluster, downloaded the cert and installed. Connecting to Service Fabric Explorer works fine. Connecting to the cluster using Powershell seems to work. But the "Publish Service Fabric Application" dialog in Visual Studio 2017 does not accept the Connection Endpoint and shows a red icon next to the textbox. If I try to publish the solution anyway I get the following output in the console:
WARNING: Failed to contact Naming Service. Attempting to contact Failover Manager Service...
4>WARNING: Failed to contact Failover Manager Service, Attempting to contact FMM...
4>Connect-ServiceFabricCluster : Could not ping any of the provided Service Fabric gateway endpoints.
4>At C:\Users\jnsst\source\repos\Voting\Voting\Scripts\Deploy-FabricApplication.ps1:185 char:16
4>+ ... [void](Connect-ServiceFabricCluster #ClusterConnectionParameters ...
4>+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4> + CategoryInfo : InvalidOperation: (:) [Connect-ServiceFabricCluster], FabricTransientException
4> + FullyQualifiedErrorId : TestClusterConnectionerror.Id,Microsoft.ServiceFabric.Powershell.ConnectCluster
4>
4>WARNING: Unable to Verify connection to Service Fabric cluster.
4>Test-ServiceFabricClusterConnection : Cluster connection instance is null
I've followed all the instructions on learn.microsoft.com, but I'm obviously doing something wrong. Probably some silly small mistake.
I'm running Visual Studio 2017 Community on Windows 10.
Maybe I need to tell Visual Studio where the certs are stored?
Do you have any ideas?
install the certificate in your personal store, make sure it has the private key
make sure your publish profile (cloud.xml) looks similar to this:
<ClusterConnectionParameters
ConnectionEndpoint="mycluster.westus.cloudapp.azure.com:19000"
X509Credential="true"
ServerCertThumbprint="0123456789012345678901234567890123456789"
FindType="FindByThumbprint"
FindValue="9876543210987654321098765432109876543210"
StoreLocation="CurrentUser"
StoreName="My" />
My app service is
running on Azure
has authentication enabled (API Management - ClientId and Secret)
has a deployment slot called staging
Before we enabled the authentication we could run the following powershell command to swap staging and production slots:
Switch-AzureRmWebAppSlot -SourceSlotName "staging" -DestinationSlotName "production" -Name "app1" -ResourceGroupName "group1" -verbose -SwapWithPreviewAction ApplySlotConfig
Swap with preview allows us to verify the deployed code works with the production configuration settings before switching users over to the newly deployed version.
However, after we enabled authentication to protect our app, we now receive the following error using the SwapWithPreviewAction
Switch-AzureRmWebAppSlot : Swap with Preview cannot be used when one of the slots has site authentication enabled.
At line:3 char:19
+ ... e-Command { Switch-AzureRmWebAppSlot -SourceSlotName "staging" -Desti ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Switch-AzureRmWebAppSlot], CloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.WebApps.Cmdlets.DeploymentSlots.SwitchAzureWebAppSlot
Does anyone know if it is possible to run swaps with authentication enabled? If so, how?
If you are using Authentication Authorization you can't 2 stage swap (aka swap with preview) however you should be able to do regular swap.
The main reason here is that Authentication/Authorization feature relies on having the right hostnames configured so that requests can be redirected back to the application after the authentication handshake.
This is also the reason why authentication/authorization is sticky to the slot.
EDIT
I have included a screenshot that shows the error the API generates for this operation.