快速入门:使用 ARM 模板创建 Service Fabric 群集Quickstart: Create a Service Fabric cluster using ARM template

Azure Service Fabric 是一款分布式系统平台,可方便用户轻松打包、部署和管理可缩放的可靠微服务和容器。Azure Service Fabric is a distributed systems platform that makes it easy to package, deploy, and manage scalable and reliable microservices and containers. Service Fabric 群集是一组联网的虚拟机,可在其中部署和管理微服务。A Service Fabric cluster is a network-connected set of virtual machines into which your microservices are deployed and managed. 本文介绍如何使用 Azure 资源管理器模板(ARM 模板)在 Azure 中部署 Service Fabric 测试群集。This article describes how to deploy a Service Fabric test cluster in Azure using an Azure Resource Manager template (ARM template).

ARM 模板是定义项目基础结构和配置的 JavaScript 对象表示法 (JSON) 文件。An ARM template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. 该模板使用声明性语法,使你可以声明要部署的内容,而不需要编写一系列编程命令来进行创建。The template uses declarative syntax, which lets you state what you intend to deploy without having to write the sequence of programming commands to create it.

此五节点 Windows 群集由一个自签名证书提供保护,因此仅适用于教学(不能用于生产工作负载)。This five-node Windows cluster is secured with a self-signed certificate and thus only intended for instructional purposes (rather than production workloads). 我们将使用 Azure PowerShell 来部署模板。We'll use Azure PowerShell to deploy the template. 除了 Azure PowerShell,还可以使用 Azure 门户、Azure CLI 和 REST API。In addition to Azure PowerShell, you can also use the Azure portal, Azure CLI, and REST API. 若要了解其他部署方法,请参阅部署模板To learn other deployment methods, see Deploy templates.

如果你的环境满足先决条件,并且你熟悉如何使用 ARM 模板,请选择“部署到 Azure”按钮。If your environment meets the prerequisites and you're familiar with using ARM templates, select the Deploy to Azure button. Azure 门户中会打开模板。The template will open in the Azure portal.

部署到 Azure Deploy to Azure

先决条件Prerequisites

如果没有 Azure 订阅,请在开始之前创建一个免费帐户。If you don't have an Azure subscription, create a free account before you begin.

安装 Service Fabric SDK 和 PowerShell 模块Install Service Fabric SDK and PowerShell modules

若要完成本快速入门,需执行以下操作:To complete this quickstart, you'll need to:

下载示例模板和证书帮助程序脚本Download the sample template and certificate helper script

克隆或下载 Azure 资源管理器快速入门模板存储库。Clone or download the Azure Resource Manager quickstart Templates repo. 或者,在本地从 service-fabric-secure-cluster-5-node-1-nodetype 文件夹复制要使用的以下文件:Alternatively, copy down locally the following files we'll be using from the service-fabric-secure-cluster-5-node-1-nodetype folder:

备注

必须修改从 GitHub 存储库“azure-quickstart-templates”下载或参考的模板,以适应 Azure 中国云环境。Templates you downloaded or referenced from the GitHub Repo "azure-quickstart-templates" must be modified in order to fit in the Azure China Cloud Environment. 例如,替换某些终结点(将“blob.core.windows.net”替换为“blob.core.chinacloudapi.cn”,将“cloudapp.azure.com”替换为“chinacloudapp.cn”);必要时更改某些不受支持的 VM 映像、VM 大小、SKU 以及资源提供程序的 API 版本。For example, replace some endpoints -- "blob.core.windows.net" by "blob.core.chinacloudapi.cn", "cloudapp.azure.com" by "chinacloudapp.cn"; change some unsupported VM images, VM sizes, SKU and resource-provider's API Version when necessary.

备注

例如,当我们尝试在 Azure 中安装部署 5 节点安全群集时。For example, When we try to install the Deploy a 5 Node Secure Cluster in Azure. 在成功下载相应的模板文件后,我们应当替换以下配置来满足 Azure 中国环境:We should replace the following configurations to meet Azure China Environment after the corresponding template files have been downloaded successfully:

  • 替换 New-ServiceFabricClusterCertificate.ps1 中的 Location。Replace Location in New-ServiceFabricClusterCertificate.ps1.
    • WestUS 替换为 chinaeastReplace WestUS with chinaeast.
  • 替换 azuredeploy.json 中的 storageAccountEndPoint。Repalce storageAccountEndPoint in azuredeploy.json.
    • "storageAccountEndPoint": "https://core.windows.net/" 替换为 "storageAccountEndPoint": "https://core.chinacloudapi.cn/"Replace "storageAccountEndPoint": "https://core.windows.net/" with "storageAccountEndPoint": "https://core.chinacloudapi.cn/".

登录 AzureSign in to Azure

登录到 Azure,指定要用于创建 Service Fabric 群集的订阅。Sign in to Azure and designate the subscription to use for creating your Service Fabric cluster.

# Sign in to your Azure account
Connect-AzAccount -Environment AzureChinaCloud -SubscriptionId "<subscription ID>"

创建一个存储在 Key Vault 中的自签名证书Create a self-signed certificate stored in Key Vault

Service Fabric 使用 X.509 证书来保护群集并提供应用程序安全功能,它使用 Key Vault 来管理那些证书。Service Fabric uses X.509 certificates to secure a cluster and provide application security features, and Key Vault to manage those certificates. 若要成功创建群集,需要使用群集证书来实现节点到节点通信。Successful cluster creation requires a cluster certificate to enable node-to-node communication. 为了创建此快速入门测试群集,我们将创建一个用于群集身份验证的自签名证书。For the purpose of creating this quickstart test cluster, we'll create a self-signed certificate for cluster authentication. 生产工作负载需要多个使用正确配置的 Windows Server 证书服务创建的证书,或由已批准的证书颁发机构 (CA) 提供的证书。Production workloads require certificates created using a correctly configured Windows Server certificate service or one from an approved certificate authority (CA).

# Designate unique (within cloudapp.chinacloudapi.cn) names for your resources
$resourceGroupName = "SFQuickstartRG"
$keyVaultName = "SFQuickstartKV"

# Create a new resource group for your Key Vault and Service Fabric cluster
New-AzResourceGroup -Name $resourceGroupName -Location chinaeast

# Create a Key Vault enabled for deployment
New-AzKeyVault -VaultName $KeyVaultName -ResourceGroupName $resourceGroupName -Location chinaeast -EnabledForDeployment

# Generate a certificate and upload it to Key Vault
.\scripts\New-ServiceFabricClusterCertificate.ps1

此脚本会提示你输入以下内容(请务必修改下面的示例值中的 CertDNSName 和 KeyVaultName):The script will prompt you for the following (be sure to modify CertDNSName and KeyVaultName from the example values below):

  • 密码: Password!1Password: Password!1
  • CertDNSName: sfquickstart.chinaeast.cloudapp.chinacloudapi.cnCertDNSName: sfquickstart.chinaeast.cloudapp.chinacloudapi.cn
  • KeyVaultName: SFQuickstartKVKeyVaultName: SFQuickstartKV
  • KeyVaultSecretName: clustercertKeyVaultSecretName: clustercert

完成后,该脚本会提供模板部署所需的参数值。Upon completion, the script will provide the parameter values needed for template deployment. 请确保将它们存储在以下变量中,因为部署群集模板需要它们:Be sure to store these in the following variables, as they will be needed to deploy your cluster template:

$sourceVaultId = "<Source Vault Resource Id>"
$certUrlValue = "<Certificate URL>"
$certThumbprint = "<Certificate Thumbprint>"

查看模板Review the template

本快速入门中使用的模板来自 Azure 快速启动模板The template used in this quickstart is from Azure Quickstart Templates. 本文的模板太长,无法在此处显示。The template for this article is too long to show here. 若要查看模板,请参阅 azuredeploy.json 文件。To view the template, see the azuredeploy.json file.

该模板中已定义了多个 Azure 资源:Multiple Azure resources have been defined in the template:

  • Microsoft.Storage/storageAccountsMicrosoft.Storage/storageAccounts
  • Microsoft.Network/virtualNetworksMicrosoft.Network/virtualNetworks
  • Microsoft.Network/publicIPAddressesMicrosoft.Network/publicIPAddresses
  • Microsoft.Network/loadBalancersMicrosoft.Network/loadBalancers
  • Microsoft.Compute/virtualMachineScaleSetsMicrosoft.Compute/virtualMachineScaleSets
  • Microsoft.ServiceFabric/clustersMicrosoft.ServiceFabric/clusters

若要查找与 Azure Service Fabric 相关的更多模板,请参阅 Azure 快速入门模板To find more templates that are related to Azure Service Fabric, see Azure quickstart Templates.

自定义参数文件Customize the parameters file

打开 azuredeploy.parameters.json 并编辑参数值,以实现以下目的:Open azuredeploy.parameters.json and edit the parameter values so that:

  • clusterName 与你在创建群集证书时为 CertDNSName 提供的值匹配clusterName matches the value you supplied for CertDNSName when creating your cluster certificate
  • adminUserName 是不同于默认的 GEN-UNIQUE 令牌的某个值adminUserName is some value other than the default GEN-UNIQUE token
  • adminPassword 是不同于默认的 GEN-PASSWORD 令牌的某个值adminPassword is some value other than the default GEN-PASSWORD token
  • certificateThumbprint、sourceVaultResourceId 和 certificateUrlValue 都是空字符串 ("")certificateThumbprint, sourceVaultResourceId, and certificateUrlValue are all empty string ("")

例如:For example:

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "clusterName": {
      "value": "sfquickstart"
    },
    "adminUsername": {
      "value": "testadm"
    },
    "adminPassword": {
      "value": "Password#1234"
    },
    "certificateThumbprint": {
      "value": ""
    },
    "sourceVaultResourceId": {
      "value": ""
    },
    "certificateUrlValue": {
      "value": ""
    }
  }
}

部署模板Deploy the template

将 ARM 模板和参数文件的路径存储在变量中,然后部署模板。Store the paths of your ARM template and parameter files in variables, then deploy the template.

$templateFilePath = "<full path to azuredeploy.json>"
$parameterFilePath = "<full path to azuredeploy.parameters.json>"

New-AzResourceGroupDeployment `
    -ResourceGroupName $resourceGroupName `
    -TemplateFile $templateFilePath `
    -TemplateParameterFile $parameterFilePath `
    -CertificateThumbprint $certThumbprint `
    -CertificateUrlValue $certUrlValue `
    -SourceVaultResourceId $sourceVaultId `
    -Verbose

查看已部署的资源Review deployed resources

部署完成后,在输出中找到 managementEndpoint 值,然后在 Web 浏览器中打开该地址,以便在 Service Fabric Explorer 中查看群集。Once the deployment completes, find the managementEndpoint value in the output and open the address in a web browser to view your cluster in Service Fabric Explorer.

Service Fabric Explorer,其中显示了新群集

在 Azure 门户中,还可以通过 Service Fabric 资源边栏选项卡找到 Service Fabric Explorer 终结点。You can also find the Service Fabric Explorer endpoint from your Service Explorer resource blade in Azure portal.

Service Fabric 资源边栏选项卡,其中显示了 Service Fabric Explorer 终结点

清理资源Clean up resources

如果不再需要资源组,可以将其删除,这将删除资源组中的资源。When no longer needed, delete the resource group, which deletes the resources in the resource group.

$resourceGroupName = Read-Host -Prompt "Enter the Resource Group name"
Remove-AzResourceGroup -Name $resourceGroupName
Write-Host "Press [ENTER] to continue..."

接下来,从本地存储中删除群集证书。Next, remove the cluster certificate from your local store. 列出已安装的证书以查找群集的指纹:List installed certificates to find the thumbprint for your cluster:

Get-ChildItem Cert:\CurrentUser\My\

然后删除证书:Then remove the certificate:

Get-ChildItem Cert:\CurrentUser\My\{THUMBPRINT} | Remove-Item

后续步骤Next steps

若要了解如何创建自定义 Azure Service Fabric 群集模板,请参阅:To learn about creating a custom Azure Service Fabric cluster template, see: