I have looked for documentation on the right set of steps to get an agent within our network to deploy to a service fabric cluster (also within our network) using gMSA.
The error received is "##[error]Could not ping any of the provided Service Fabric gateway endpoints."
The same agent can connect to the cluster using PowerShell just fine. What's worse, there is a development cluster on the agent itself and it cannot even connect to that.
There is nothing about how to ensure an on-prem agent can connect to an on-prem machine if using the online version (Azure DevOps) and gMSA for the Service Connection. If anyone has had success in this area or has pointers to better documentation, it would be greatly appreciated.
I'd think your agent service needs to run under the gMSA identity, not under system identity or network service. reinstall it\reconfigure it to use gMSA identity and it should work
Related
I'm trying to create working solution with Ocelot API Gateway. I managed to create working solution locally on my pc. Now I want to move to the next step which is to deploy this solution to Azure.
As far as I know in order to do that I need one of those things :
-Docker host, in your local dev PC, on-premises or in the cloud
-Kubernetes cluster, on-premises or in managed cloud such as Azure Kubernetes Service (AKS)
-Service Fabric cluster, on-premises or in the cloud
-Service Fabric mesh, as PaaS/Serverless in Azure
I don't have much experience in any of those but I think the best one will be to use Docker App Service within Azure.
I'm working on deploying my projects but I believe I will need to create some Virtual Networks so those docker images will be able to communicate with each other. Maybe there is some tutorial online ? Or anybody has done something similar ? I would appreciate some help.
I'am using AzureDevOps to build and pack my docker application.
The goal is to execute docker-compose commands in Azure VM, which is behind the firewall and can be access only thru vpn connection or standard web-browsing ports.
You can use deployment groups to achieve that. Reason this will work, because it is a one way communication (from agent to Azure Devops), so you dont really need to open ports for the VM, the VM has to only be able to reach Azure Devops endspoints (more on this).
TLDR. Using agents will work, because its an outgoing connection from the agent, not from Azure Devops to the agent.
I'm taking my first foray into Azure Service Fabric using a cluster hosted in Azure. I've successfully deployed my cluster via ARM template, which includes the cluster manager resource, VMs for hosting Service Fabric, a Load Balancer, an IP Address and several storage accounts. I've successfully configured the certificate for the management interface and I've successfully written and deployed an application to my cluster. However, when I try to connect to my API via Postman (or even via browser, e.g. Chrome) the connection invariably times out and does not get a response. I've double checked all of my settings for the Load Balancer and traffic should be getting through since I've configured my load balancing rules using the same port for the front and back ends to use the same port for my API in Service Fabric. Can anyone provide me with some tips for how to troubleshoot this situation and find out where exactly the connection problem lies ?
To clarify, I've examined the documentation here, here and here
Have you tried logging in to one of your service fabric nodes via remote desktop and calling your API directly from the VM? I have found that if I can confirm it's working directly on a node, the issue likely lies within the LB or potentially an NSG.
I have an Azure Website and it is required to consume an elastic search service that's running on a VM.
Although I need to be able to lock the access to elastic search down so only the Azure Website can access it, I can't seem to work out how to do this using the endpoint configuration on the VM.
Am I looking in the wrong place?
Thanks
Carl
You will need to setup a Hybrid Connection between your Web Site and the VM:
Hybrid Connections create a safe tunnel between your Web Site and a VM for example. The screenshot shows the integration between a Web Site and the corporate network, but this also works for VMs running in Azure.
The only requirement is that you install the Hybrid Connection Manager on your VM. More information:
http://azure.microsoft.com/en-us/documentation/articles/integration-hybrid-connection-overview/
Just installed azure connect on my localhost, but it won't connect. I see my machine dbates-HP as a active endpoint in my vistual network/connect section on my azure portal and organized it into a group.
I can see in the azure connect portal that the machine endpoint is active, and that it refreshes since the last connected updates.
My local connect client lists the following diagnostics messages:
Policy Check: There is no connectivity policy on this machine.
IPsec certificate check: No IPsec certificate was found.
Also tried with firewall turned off.
Duncan
In some scenarios getting Windows Azure connect to working becomes very complex. I have worked on multiple such scenarios and found most common issues are related with network settings. To start investigate you need to collect the Azure Connect logs first from your machine and try to figure the problem out by yourself. I have described some info about collecting log here:
http://blogs.msdn.com/b/avkashchauhan/archive/2011/05/17/collecting-diagnostics-information-for-windows-azure-connect-related-issues.aspx
To open a free Windows Azure support incident please use link below:
https://support.microsoft.com/oas/default.aspx?gprid=14928&st=1&wfxredirect=1&sd=gn
Have you "linked" your Azure role with the machine group you created? The message "There is no connectivity policy on this machine" suggests that you haven't defined (in portal) to whom this machine should connect to.