How to install the service Fabric for Windows cluster in the on-premises data center

Source: Internet
Author: User
Tags account security docker registry

Overview

First of all, this article is only a refinement of the official documents (Chinese, English), detailed installation instructions please read the official documents carefully.

While the official name of service fabric is often added to Azure, in fact (many people don't know) that service fabric can be installed on an on-premises datacenter or on any public cloud, there is a chapter in the official documentation on how to install content to AWS.

So now for the sake of differentiation, the out-of-the-box PAAs provided on Azure is generally called azure service fabric, and locally installed is called Service fabric Standalone.

At the same time, Service fabric can be deployed either on Windows Server or on Linux. However, when writing this article, the Linux version can only be used by Azure, and the official has not released the local version of the installation package (but will certainly be there in the future). So this article is also limited to Windows cluster content.

When you install a service Fabric for Windows cluster in your on-premises data center, you may be affected by the following limitations:

    • The network of servers in the data center is isolated
    • Data center servers are not accessible to the Internet
Environment preparation

The preparation of the machine requires at least the following requirements to be met:

    • Minimum 16G memory
    • Minimum 40G hard disk space
    • CPU above 4 cores
    • All machines that are nodes of a cluster are in the same network segment and are mutually
    • Windows Server R2 or Windows Server 2016 is installed on the machine, and if you intend to use containers, it is recommended that you use Windows Server 1805, which supports smaller 1805-base container mirroring.
    • Make sure that Windows is installed with. NET FX 4.5.1 or more
    • Make sure Windows has PowerShell 3.0
    • Ensure that the RemoteRegistry service is running on all machines

domain environment and domain accounts:

    • There should be a domain control in the data center
    • Create a common domain account, such as: Sfadmin
    • Join the cluster machine to the domain (the machine name can be named SFNode-01, SFNODE-XX, etc.) and add the sfadmin to the local Administrators group of the cluster machine
    • Create a machine group (global security Group) in the domain, such as: Sfnodes, add all the cluster machines to this group

Although it is possible to run a service fabric installation package on a cluster machine, I recommend using a single machine. Preparation of the operating machine:

    • You can use the following operating systems:
      • Windows 7
      • Windows 8/windows 8.1
      • Windows Server R2
      • Windows Server 2016
      • Windows 10
    • Add the operator to the field
    • and cluster machine in a network segment, or be able to access the cluster machine
    • Enable PowerShell script execution permissions: Set-executionpolicy-executionpolicy unrestricted-force-scope CurrentUser
    • Install the service Fabric SDK. Since the operator may not be able to do the Internet properly, you can get the SDK by downloading the offline package.
installation package Preparation

The Service Fabric for Windows installation package is divided into two sections:

    1. Service Fabric Standalone package-windows Server, this is the installer. The following is called an installation package.
    2. Service Fabric runtime-windows Server, this is the runtime installed on the cluster machine. The following is called the run package.

Download the two installation packages through other channels and copy them to the intranet environment first.

Unzip the zip archive of the installation package on the operating machine, such as extracting to the Sfsetup folder. Copy the CAB package to the Sfsetup folder for backup (without decompression).

Cluster installation

First, prepare the cluster configuration file.

Depending on the security configuration and cluster configuration, the installation package provides multiple profile templates, namely:

    • ClusterConfig.gMSA.Windows.MultiMachine.json relies on GMSA (Group Managed Service account) security mechanism for multi-machine clusters
    • ClusterConfig.Unsecure.DevCluster.json non-Secure development cluster
    • ClusterConfig.Unsecure.MultiMachine non-secure multi-machine cluster
    • ClusterConfig.Unsecure.OneNode non-secure single node cluster
    • ClusterConfig.Windows.DevCluster a development cluster that relies on the Windows account security mechanism
    • ClusterConfig.Windows.MultiMachine multi-machine clusters that rely on Windows account security
    • ClusterConfig.Windows.OneNode a single-node cluster that relies on Windows account security
    • ClusterConfig.Windows.X509.DevCluster Client access relies on the Windows account server to access a development cluster that relies on X509 certificates
    • ClusterConfig.Windows.X509.MultiMachine Client access relies on the Windows account server to access a multi-machine cluster that relies on X509 certificates
    • ClusterConfig.Windows.X509.OneNode Client access relies on the Windows account server to access a single-node cluster that relies on X509 certificates
    • ClusterConfig.X509.DevCluster a development cluster that relies on the X509 certificate security mechanism
    • ClusterConfig.X509.MultiMachine Multi-machine cluster relying on X509 certificate security mechanism
    • ClusterConfig.X509.OneNode single node cluster relying on X509 certificate security mechanism

In summary, Service Fabric for Windows supports 5 security modes such as non-secure, Windows account, Group managed service account, X509 certificate, and Windows account +x509 hybrid.

Personal advice to choose the Windows account model, because the preparation work to be simple, the odds of success is also greater. If the error has been reported inexplicably, then the use of non-safe mode approximate rate can be successful. Non-secure mode is also acceptable in cases where network security is more stringent and the machine is joined to a domain.

For example, a multi-machine cluster that relies on Windows account security Copy an ClusterConfig.Windows.MultiMachine.json file and rename it to a convenient name, such as Thisclusterconfig.1.0.json. Open the JSON file with an editor such as Vscode. Edit the Nodes section. The main thing is to modify the machine name IPAddress for each machine. Clusteridentity fill in the name of the machine group Sfnodes,identity to the name of the private domain account sfadmin. NodeTypes temporarily use one or more customizations, depending on the situation.

Examples are as follows:

For non-secure mode clusters, nothing more than the Security configuration section is removed.

Next, test the configuration file.

Open PowerShell on the Sfsetup folder and execute the following command:

. \testconfiguration.ps1-clusterconfigfilepath. \thisclusterconfig.1.0.json

If there is nothing wrong with the configuration file, the following prompt is displayed:

In the intranet environment, Iscabvalid should be displayed as false, this need not worry.

Finally, the cluster is created based on the configuration file.

Continue to execute the following command in PS:

. \createservicefabriccluster.ps1-clusterconfigfilepath. \thisclusterconfig.1.0.json–fabricruntimepackagepath. \ Microsoftazureservicefabric.6.3.162.9494.cab

Now pray it can run successfully once, if 5 machines, should be able to succeed within 5 minutes.

After the prompt is successful, try to connect to the management port of the cluster by entering the following command to verify:

Connect-servicefabriccluster-connectionendpoint sfnode-01.contoso.com:19000

or open the admin background with a browser: http://SFNode-01.contoso.com:19080/Explorer/index.html

Container environment

If you need to use service fabric to orchestrate Windows container, you need to pre-install Docker on the cluster machine.

Because of the limitations of the intranet environment, installing Docker can be a bit cumbersome. According to Docker.com's Official document: https://docs.docker.com/install/windows/docker-ee/#use-a-script-to-install-docker-ee

You can enable container support for Windows by using the command:

(Install-WindowsFeature Containers).RestartNeeded

Download the Docker offline package to the intranet environment and follow the steps to install it.

At the same time, in order to support the cluster machine to get the Docker image, it is possible to run a Docker registry as a private image repository for internal application image storage in the intranet environment, and run a Docker registry as the Mirror of the public image in the external network. For use by private warehouses and cluster machines.

How to install the service Fabric for Windows cluster in the on-premises data center

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.