教程:将 Java 应用程序部署到 Azure 中的 Service Fabric 群集Tutorial: Deploy a Java application to a Service Fabric cluster in Azure

本教程是一个系列的第三部分,介绍如何将 Service Fabric 应用程序部署到 Azure 中的群集。This tutorial is part three of a series and shows you how to deploy a Service Fabric application to a cluster in Azure.

在该系列的第三部分中,你会学习如何:In part three of the series, you learn how to:

  • 在 Azure 中创建安全的 Linux 群集Create a secure Linux cluster in Azure
  • 将应用程序部署到群集Deploy an application to the cluster

在此系列教程中,你会学习如何:In this tutorial series you learn how to:

先决条件Prerequisites

在开始学习本教程之前:Before you begin this tutorial:

缩放 Azure 中的 Service Fabric 群集Create a Service Fabric cluster in Azure

以下步骤创建的资源是将应用程序部署到 Service Fabric 群集所必需的。The following steps create the necessary resources required to deploy your application to a Service Fabric cluster. 另外还会设置通过 ELK(Elasticsearch、Logstash、Kibana)堆栈监视解决方案的运行状况所需的资源。Additionally, resources necessary to monitor the health of your solution using the ELK (Elasticsearch, Logstash, Kibana) stack are set up. 具体说来,事件中心用作接收器,接收来自 Service Fabric 的日志。Specifically, Event Hubs is used as a sink for logs from Service Fabric. 根据配置,它可以将日志从 Service Fabric 群集发送到 Logstash 实例。It is configured to send logs from the Service Fabric cluster to your Logstash instance.

  1. 打开一个终端,下载以下包,其中包含的帮助程序脚本和模板是在 Azure 中创建资源所必需的Open a terminal and download the following package that contains necessary helper scripts and the templates to create the resources in Azure

    git clone https://github.com/Azure-Samples/service-fabric-java-quickstart.git
    
  2. 登录到 Azure 帐户Sign in to your Azure account

    az login
    
  3. 设置需要用于创建资源的 Azure 订阅Set your Azure subscription that you want to use to create the resources

    az account set --subscription [SUBSCRIPTION-ID]
    
  4. service-fabric-java-quickstart/AzureCluster 文件夹中运行以下命令,以便在 Key Vault 中创建群集证书。From the service-fabric-java-quickstart/AzureCluster folder, run the following command to create a cluster certificate in Key Vault. 此证书用于保护 Service Fabric 群集。This certificate is used to secure your Service Fabric cluster. 提供区域(必须与 Service Fabric 群集所在区域相同)、密钥保管库资源组名称、密钥保管库名称、证书密码以及群集 DNS 名称。Provide the region (must be the same as your Service Fabric cluster), key vault resource group name, key vault name, certificate password, and cluster DNS name.

    ./new-service-fabric-cluster-certificate.sh [REGION] [KEY-VAULT-RESOURCE-GROUP] [KEY-VAULT-NAME] [CERTIFICATE-PASSWORD] [CLUSTER-DNS-NAME-FOR-CERTIFICATE]
    
    Example: ./new-service-fabric-cluster-certificate.sh 'chinanorth' 'testkeyvaultrg' 'testkeyvault' '<password>' 'testservicefabric.chinanorth.cloudapp.chinacloudapi.cn'
    

    上述命令返回以下信息,该信息应该记下来供以后使用。The preceding command returns the following information that should be noted for use later.

    Source Vault Resource Id: /subscriptions/<subscription_id>/resourceGroups/testkeyvaultrg/providers/Microsoft.KeyVault/vaults/<name>
    Certificate URL: https://<name>.vault.azure.cn/secrets/<cluster-dns-name-for-certificate>/<guid>
    Certificate Thumbprint: <THUMBPRINT>
    
  5. 为存储日志的存储帐户创建一个资源组Create a resource group for the storage account that stores your logs

    az group create --location [REGION] --name [RESOURCE-GROUP-NAME]
    
    Example: az group create --location chinanorth --name teststorageaccountrg
    
  6. 创建一个存储帐户,用来存储要生成的日志Create a storage account which will be used to store the logs that will be produced

    az storage account create -g [RESOURCE-GROUP-NAME] -l [REGION] --name [STORAGE-ACCOUNT-NAME] --kind Storage
    
    Example: az storage account create -g teststorageaccountrg -l chinanorth --name teststorageaccount --kind Storage
    
  7. 访问 Azure 门户,导航到供存储帐户使用的“共享访问签名”选项卡。Access the Azure portal and navigate to the Shared Access Signature tab for your Storage account. 生成 SAS 令牌,如下所示。Generate the SAS token as follows.

    生成用于存储的 SAS

  8. 复制帐户 SAS URL,留待创建 Service Fabric 群集之用。Copy the account SAS URL and set it aside for use when creating your Service Fabric cluster. 它类似于以下 URL:It resembles the following URL:

    ?sv=2017-04-17&ss=bfqt&srt=sco&sp=rwdlacup&se=2018-01-31T03:24:04Z&st=2018-01-30T19:24:04Z&spr=https,http&sig=IrkO1bVQCHcaKaTiJ5gilLSC5Wxtghu%2FJAeeY5HR%2BPU%3D
    
  9. 创建包含事件中心资源的资源组。Create a resource group that contains the Event Hub resources. 事件中心用于将消息从 Service Fabric 发送到运行 ELK 资源的服务器。Event Hubs is used to send messages from Service Fabric to the server running the ELK resources.

    az group create --location [REGION] --name [RESOURCE-GROUP-NAME]
    
    Example: az group create --location chinanorth --name testeventhubsrg
    
  10. 使用以下命令创建事件中心资源。Create an Event Hubs resource using the following command. 按提示输入 namespaceName、eventHubName、consumerGroupName、sendAuthorizationRule 和 receiveAuthorizationRule 的详细信息。Follow the prompts to enter details for the namespaceName, eventHubName, consumerGroupName, sendAuthorizationRule, and receiveAuthorizationRule.

    az group deployment create -g [RESOURCE-GROUP-NAME] --template-file eventhubsdeploy.json
    
    Example:
    az group deployment create -g testeventhubsrg --template-file eventhubsdeploy.json
    Please provide string value for 'namespaceName' (? for help): testeventhubnamespace
    Please provide string value for 'eventHubName' (? for help): testeventhub
    Please provide string value for 'consumerGroupName' (? for help): testeventhubconsumergroup
    Please provide string value for 'sendAuthorizationRuleName' (? for help): sender
    Please provide string value for 'receiveAuthorizationRuleName' (? for help): receiver
    

    将“输出”字段的内容复制到上一命令的 JSON 输出中。Copy the contents of the output field in the JSON output of the preceding command. 创建 Service Fabric 群集时,使用发送方信息。The sender information is used when the Service Fabric cluster is created. 接收方名称和密钥应该保存,供下一教程使用。在下一教程中,Logstash 服务配置为接收事件中心的消息。The receiver name and key should be saved for use in the next tutorial when the Logstash service is configured to receive messages from Event Hub. 以下 Blob 为 JSON 输出示例:The following blob is an example JSON output:

    "outputs": {
        "receiver Key": {
            "type": "String",
            "value": "[KEY]"
        },
        "receiver Name": {
            "type": "String",
            "value": "receiver"
        },
        "sender Key": {
            "type": "String",
            "value": "[KEY]"
        },
        "sender Name": {
            "type": "String",
            "value": "sender"
        }
    }
    
  11. 运行 eventhubssastoken.py 脚本,为创建的 EventHubs 资源生成 SAS URL。Run the eventhubssastoken.py script to generate the SAS url for the EventHubs resource you created. 此 SAS URL 由 Service Fabric 群集用来将日志发送到事件中心。This SAS URL is used by the Service Fabric cluster to send logs to Event Hubs. 因此,发送方策略用于生成此 URL。As a result, the sender policy is used to generate the URL. 此脚本返回事件中心资源的 SAS URL,该资源用在以下步骤中:The script returns the SAS URL for the Event Hubs resource that is used in the following step:

    python3 eventhubssastoken.py 'testeventhubs' 'testeventhubs' 'sender' '[PRIMARY-KEY]'
    

    复制返回的 JSON 中的 sr 字段的值。Copy the value of the sr field in the JSON returned. sr 字段值是 EventHubs 的 SAS 令牌。The sr field value is the SAS token for EventHubs. 以下 URL 是 sr 字段的示例:The following URL is an example of the sr field:

    https%3A%2F%testeventhub.servicebus.chinacloudapi.cn%testeventhub&sig=7AlFYnbvEm%2Bat8ALi54JqHU4i6imoFxkjKHS0zI8z8I%3D&se=1517354876&skn=sender
    

    EventHubs 的 SAS URL 遵循以下结构:https://<namespacename>.servicebus.chinacloudapi.cn/<eventhubsname>?sr=<sastoken>Your SAS URL for the EventHubs follows the structure: https://<namespacename>.servicebus.chinacloudapi.cn/<eventhubsname>?sr=<sastoken>. 例如: https://testeventhubnamespace.servicebus.chinacloudapi.cn/testeventhub?sr=https%3A%2F%testeventhub.servicebus.chinacloudapi.cn%testeventhub&sig=7AlFYnbvEm%2Bat8ALi54JqHU4i6imoFxkjKHS0zI8z8I%3D&se=1517354876&skn=senderFor example, https://testeventhubnamespace.servicebus.chinacloudapi.cn/testeventhub?sr=https%3A%2F%testeventhub.servicebus.chinacloudapi.cn%testeventhub&sig=7AlFYnbvEm%2Bat8ALi54JqHU4i6imoFxkjKHS0zI8z8I%3D&se=1517354876&skn=sender

  12. 打开 sfdeploy.parameters.json 文件,替换前述步骤中的以下内容。Open the sfdeploy.parameters.json file and replace the following contents from the preceding steps. [SAS-URL-STORAGE-ACCOUNT] 已在步骤 8 中记录。[SAS-URL-STORAGE-ACCOUNT] was noted in step 8. [SAS-URL-EVENT-HUBS] 已在步骤 11 中记录。[SAS-URL-EVENT-HUBS] was noted in step 11.

    "applicationDiagnosticsStorageAccountName": {
        "value": "teststorageaccount"
    },
    "applicationDiagnosticsStorageAccountSasToken": {
        "value": "[SAS-URL-STORAGE-ACCOUNT]"
    },
    "loggingEventHubSAS": {
        "value": "[SAS-URL-EVENT-HUBS]"
    }
    
  13. 打开 sfdeploy.parameters.jsonOpens sfdeploy.parameters.json. 更改以下参数,然后保存文件。Change the following parameters and then save the file.

    • clusterNameclusterName. 只使用小写字母和数字。Use only lower-case letters and numerals.
    • adminUserName(更改为非空值)adminUserName (to a value other than blank)
    • adminPassword(更改为非空值)adminPassword (to a value other than blank)
  14. 运行以下命令,创建 Service Fabric 群集Run the following command to create your Service Fabric cluster

    az sf cluster create --location 'chinanorth' --resource-group 'testlinux' --template-file sfdeploy.json --parameter-file sfdeploy.parameters.json --secret-identifier <certificate_url_from_step4>
    

将应用程序部署到群集Deploy your application to the cluster

  1. 在部署应用程序之前,需将以下代码片段添加到 Voting/VotingApplication/ApplicationManifest.xml 文件。Before deploying your application, you need to add the following snippet to the Voting/VotingApplication/ApplicationManifest.xml file. X509FindValue 字段是从“在 Azure 中创建 Service Fabric 群集”部分的步骤 4 返回的指纹。The X509FindValue field is the thumbprint returned from Step 4 of the Create a Service Fabric cluster in Azure section. 此代码片段嵌套在 ApplicationManifest 字段(根字段)下。This snippet is nested under the ApplicationManifest field (the root field).

    <Certificates>
          <SecretsCertificate X509FindType="FindByThumbprint" X509FindValue="[CERTIFICATE-THUMBPRINT]" />
    </Certificates>
    
  2. 若要将应用程序部署到此群集,必须使用 SFCTL 来建立到群集的连接。To deploy your application to this cluster, you must use SFCTL to establish a connection to the cluster. SFCTL 需要一个带有公钥和私钥的 PEM 文件才能连接到群集。SFCTL requires a PEM file with both the public and private key to connect to the cluster. 运行以下命令以生成带有公钥和私钥的 PEM 文件。Run the following command to produce a PEM file with both the public and private key.

    openssl pkcs12 -in <clustername>.<region>.cloudapp.chinacloudapi.cn.pfx -out sfctlconnection.pem -nodes -passin pass:<password>
    
  3. 运行以下命令以连接到群集。Run the following command to connect to the cluster.

    sfctl cluster select --endpoint https://<clustername>.<region>.cloudapp.chinacloudapi.cn:19080 --pem sfctlconnection.pem --no-verify
    
  4. 若要部署应用程序,请导航到 Voting/Scripts 文件夹,然后运行 install.sh 脚本。To deploy your application, navigate to the Voting/Scripts folder and run the install.sh script.

    ./install.sh
    
  5. 若要访问 Service Fabric Explorer,请打开最常用的浏览器,然后键入 https://testlinuxcluster.chinanorth.cloudapp.chinacloudapi.cn:19080To access Service Fabric Explorer, open your favorite browser and type in https://testlinuxcluster.chinanorth.cloudapp.chinacloudapi.cn:19080. 从证书存储中选择需要用来连接到此终结点的证书。Choose the certificate from the certificate store that you want to use to connect to this endpoint. 如果使用 Linux 计算机,则必须将通过 new-service-fabric-cluster-certificate.sh 脚本生成的证书导入到 Chrome 中,然后才能查看 Service Fabric Explorer。If you are using a Linux machine, the certificates that were generated by the new-service-fabric-cluster-certificate.sh script has to be imported into Chrome to view Service Fabric Explorer. 如果使用 Mac,则必须将 PFX 文件安装到密钥链中。If you are using a Mac, you have to install the PFX file into your Keychain. 你注意到应用程序已安装到群集上。You notice your application has been installed on the cluster.

    SFX Java Azure

  6. 若要访问应用程序,请键入 https://testlinuxcluster.chinanorth.cloudapp.chinacloudapi.cn:8080To access your application, type in https://testlinuxcluster.chinanorth.cloudapp.chinacloudapi.cn:8080

    Voting 应用 Java Azure

  7. 若要从群集中卸载应用程序,请在 Scripts 文件夹中运行 uninstall.sh 脚本To uninstall your application from the cluster, run the uninstall.sh script in the Scripts folder

    ./uninstall.sh