教程:创建用于托管 Service Fabric 群集的 AWS 基础结构Tutorial: Create AWS infrastructure to host a Service Fabric cluster

Service Fabric 独立群集为你提供选择自己的环境的选项,并创建群集作为 Service Fabric 所采用的“任何 OS、任何云”方法的一部分。Service Fabric standalone clusters offer you the option to choose your own environment and create a cluster as part of the "any OS, any cloud" approach that Service Fabric is taking. 在本系列教程中,我们将创建一个托管在 AWS 上的独立群集,并将应用程序安装到其中。In this tutorial series, you create a standalone cluster hosted on AWS and install an application into it.

本教程是一个系列中的第一部分。This tutorial is part one of a series. 在本文中,我们将生成所需的 AWS 资源用于托管 Service Fabric 的独立群集。In this article, you generate the AWS resources required to host your standalone cluster of Service Fabric. 在后续文章中,我们需要安装 Service Fabric 独立套件、将示例应用程序安装到群集,最后清理群集。In future articles you need install the Service Fabric standalone suite, install a sample application into your cluster, and finally, clean up your cluster.

在该系列的第一部分中,你会学习如何:In part one of the series, you learn how to:

  • 创建一组 EC2 实例Create a set of EC2 instances
  • 修改安全组Modify the security group
  • 登录到其中一个实例Sign in to one of the instances
  • 准备 Service Fabric 的实例Prep the instance for Service Fabric

必备条件Prerequisites

若要完成本教程,需要一个 AWS 帐户。To complete this tutorial, you need an AWS account. 如果没有帐户,请转到 AWS 控制台创建一个帐户。If you don't already have an account, go to the AWS console to create one.

创建 EC2 实例Create EC2 instances

登录到 AWS 控制台,在搜索框中输入 EC2,然后选择“云中的 EC2 虚拟服务器” Sign in to the AWS Console > Enter EC2 in the search box > EC2 Virtual Servers in the Cloud

AWS 控制台搜索

选择“启动实例”,在下一个屏幕中选择“Microsoft Windows Server 2016 Base”旁边的“选择”。 Select Launch Instance, on the next screen choose Select next to Microsoft Windows Server 2016 Base.

EC2 实例选择

依次选择“t2.medium”、“下一步: 配置实例详细信息”,在下一个屏幕中,将实例数目更改为 3,然后选择“高级详细信息”展开该部分。Select t2.medium, then select Next: Configure Instance Details, on the next screen change the number of instances to 3, then select Advanced Details to expand that section.

若要在 Service Fabric 中将虚拟机连接到一起,托管基础结构的 VM 需有相同的凭据。To connect your virtual machines together in Service Fabric, the VMs that are hosting your infrastructure need to have the same credentials. 可通过两种常用方法获取一致的凭据:将所有 VM 加入同一个域,或者在每个 VM 上设置相同的管理员密码。There are two common ways to get consistent credentials: join them all to the same domain, or set the same administrator password on each VM. 本教程使用用户数据脚本将所有 EC2 实例设置为采用相同的密码。For this tutorial, you use a user data script to set the EC2 instances to all have the same password. 在生产环境中,将主机加入 Windows 域会更安全。In a production environment, joining the hosts to a windows domain is more secure.

在控制台上的用户数据字段中输入以下脚本:Enter the following script in the user data field on the console:

<powershell>
$user = [adsi]"WinNT://localhost/Administrator,user"
$user.SetPassword("serv1ceF@bricP@ssword")
$user.SetInfo()
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
New-NetFirewallRule -DisplayName "Service Fabric Ports" -Direction Inbound -Action Allow -RemoteAddress LocalSubnet -Protocol TCP -LocalPort 135, 137-139, 445
</powershell>

输入 PowerShell 脚本后,选择“查看和启动” Once you've entered the PowerShell script select Review and Launch

EC2 查看和启动

在查看屏幕上,选择“启动”。 On the review screen, select Launch. 然后,将下拉列表项更改为“在不使用密钥对的情况下继续”,并选中指出你知道密码的复选框。 Then change the drop-down to Proceed without a key pair and select the checkbox indicating that you know the password.

AWS 密钥对选择

最后,依次选择“启动实例”、“查看实例”。 Finally, select Launch Instances, and then View Instances. 现已获得所创建的 Service Fabric 群集的基本信息,接下来需将一些最终配置添加到实例本身,以便为 Service Fabric 配置准备好这些实例。You have the basis for your Service Fabric cluster created, now you need to add a few final configurations to the instances themselves to prep them for the Service Fabric configuration.

修改安全组Modify the security group

Service Fabric 要求在群集中的主机之间打开一些端口。Service Fabric requires a number of ports open between the hosts in your cluster. 若要在 AWS 基础结构中打开这些端口,请选择创建的某个实例。To open these ports in the AWS infrastructure, select one of the instances that you created. 然后选择安全组的名称,例如 launch-wizard-1Then select the name of the security group, for example, launch-wizard-1. 现在,请选择“入站”选项卡。 Now, select the Inbound tab.

为了避免向外界打开这些端口,请只对同一安全组中的主机打开这些端口。To avoid opening these ports to the world, you instead open them only for hosts in the same security group. 记下安全组 ID(在本示例中为 sg-c4fb1eba)。Take note of the security group ID, in the example it's sg-c4fb1eba. 然后选择“编辑”。 Then select Edit.

接下来,在安全组中添加针对服务依赖项的四个规则,并额外添加针对 Service Fabric 本身的三个规则。Next, add four rules to the security group for service dependencies, and then three more for Service Fabric itself. 第一个规则允许 ICMP 流量,用于执行基本连接性检查。The first rule is to allow ICMP traffic, for basic connectivity checks. 其他规则打开所需的端口,以启用 SMB 和远程注册表。The others rules open the required ports to enable SMB and Remote Registry.

对于第一个规则,请选择“添加规则”,然后从下拉菜单中选择“所有 ICMP - IPv4”。 For the first rule select Add Rule, then from the dropdown menu selects All ICMP - IPv4. 选择自定义规则旁边的输入框,并输入前面记下的安全组 ID。Select the entry box next to custom and enter your security group ID from above.

对于最后三个依赖项,需要遵循类似的过程。For the last three dependencies, you need to follow a similar process. 选择“添加规则”,从下拉菜单中选择“自定义 TCP 规则”,并在端口范围中为每个规则输入 135137-139445 中的一项。Select Add Rule, from the drop-down select Custom TCP Rule, in the port range enter one of 135, 137-139, and 445 for each rule. 最后,在源框中输入安全组 ID。Finally, in the source box enter your security group ID.

安全组端口

打开依赖项的端口后,需要针对 Service Fabric 本身用来通信的端口执行相同的操作。Now that the ports for the dependencies are open, you need to do the same thing for the ports that Service Fabric itself uses to communicate. 选择“添加规则”,从下拉菜单中选择“自定义 TCP 规则”,在端口范围中输入 20001-20031,并在源框中输入安全组。Select Add Rule, from the drop-down select Custom TCP Rule, in the port range enter 20001-20031 enter the security group in the source box.

接下来,针对临时端口范围添加规则。Next, add a rule for the ephemeral port range. 选择“添加规则”,从下拉菜单中选择“自定义 TCP 规则”,并在端口范围中输入 20606-20861Select Add Rule, from the drop-down select Custom TCP Rule, in the port range enter 20606-20861. 最后,在源框中输入安全组 ID。Finally, in the source box enter your security group ID.

对于 Service Fabric 的最后两个规则,请对外界打开端口,以便可以在个人电脑中管理 Service Fabric 群集。For the final two rules for Service Fabric, open it up to the world so you can manage your service fabric cluster from your personal computer. 选择“添加规则”,从下拉菜单中选择“自定义 TCP 规则”,在端口范围中输入 19000-1900319080-19081 中的一项,然后将“源”下拉列表项更改为“任意位置”。Select Add Rule, from the drop-down select Custom TCP Rule, in the port range enter one of 19000-19003, and 19080-19081 then change the Source drop down to Anywhere.

最后,只需打开端口 8080,以便在部署应用程序时能够看到它。Finally, we just need to open up port 8080 so you can see the application when it's deployed. 选择“添加规则”,从下拉菜单中选择“自定义 TCP 规则”,在端口范围中输入 8080,然后将“源”下拉列表项更改为“任意位置”。Select Add Rule, from the drop-down select Custom TCP Rule, in the port range enter 8080 then change the Source drop down to Anywhere.

现已输入所有规则。All of the rules are now entered. 选择“保存”。 Select Save.

连接到实例并验证连接Connect to an instance and validate connectivity

在安全组选项卡上,从左侧菜单中选择“实例”。 From the security group tab, select Instances from the left-hand menu. 选择创建的每个实例并记下其专用 IP 地址。以下示例将使用 172.31.21.141172.31.20.163Select each of the instances that you've created and note their private IP addresses for the examples below will use 172.31.21.141 and 172.31.20.163.

获取所有 IP 地址后,选择要连接到的某个实例,右键单击该实例并选择“连接”。 Once you have all of the IP addresses select one of the instances to connect to, right-click on the instance and select Connect. 在此处可以下载此特定实例的 RDP 文件。From here, you can download the RDP file for this particular instance. 选择“下载远程桌面文件”,然后打开下载的文件,以与此实例建立远程桌面连接 (RDP)。 Select Download Remote Desktop File, and then open the file that is downloaded to establish your remote desktop connection (RDP) to this instance. 根据提示输入密码 serv1ceF@bricP@sswordWhen prompted enter your password serv1ceF@bricP@ssword.

下载远程桌面文件

成功连接到实例后,验证是否能够在不同的实例之间建立连接,以及是否能够共享文件。Once you have successfully connected to your instance validate that you can connect between them and also share files. 现已收集所有实例的 IP 地址,接下来请选择当前未连接到的 IP 地址。You've gathered the IP addresses for all the instances, select one that you are not currently connected to. 转到“开始”,输入 cmd,并选择“命令提示符”。Go to Start, enter cmd and select Command Prompt.

在这些示例中,已经与以下 IP 地址建立 RDP 连接:172.31.21.141。In these examples the RDP connection was established to the following IP address: 172.31.21.141. 然后,针对另一个 IP 地址执行所有连接测试:172.31.20.163。All connectivity test then occur to the other IP address: 172.31.20.163.

若要验证基本连接是否正常,请使用 ping 命令。To validate that basic connectivity works, use the ping command.

ping 172.31.20.163

如果类似于 Reply from 172.31.20.163: bytes=32 time<1ms TTL=128 的输出重复出现四次,则表示实例之间的连接正常。If your output looks like Reply from 172.31.20.163: bytes=32 time<1ms TTL=128 repeated four times then your connection between the instances is working. 现在,使用以下命令验证 SMB 共享功能是否正常工作:Now validate that your SMB sharing works with the following command:

net use * \\172.31.20.163\c$

此命令应返回 Drive Z: is now connected to \\172.31.20.163\c$. 作为输出。It should return Drive Z: is now connected to \\172.31.20.163\c$. as the output.

准备 Service Fabric 的实例Prep instances for Service Fabric

如果从头开始创建了此项目,则需要执行几个额外的步骤。If you were creating this from scratch, you'd need to take a couple extra steps. 即,需要验证远程注册表是否已运行、启用 SMB,并为 SMB 和远程注册表打开所需的端口。Namely, you'd need to validate that remote registry was running, enable SMB, and open the requisite ports for SMB and remote registry.

为方便操作,我们在启动实例时已使用用户数据脚本嵌入了所有这些工作。To make it easier you embedded all of this work when you bootstrapped the instances with your user data script.

为了启用 SMB,我们使用了以下 PowerShell 命令:To enable SMB, this is the PowerShell command you used:

netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes

若要在防火墙中打开端口,请使用以下 PowerShell 命令:To open the ports in the firewall here is the PowerShell command:

New-NetFirewallRule -DisplayName "Service Fabric Ports" -Direction Inbound -Action Allow -RemoteAddress LocalSubnet -Protocol TCP -LocalPort 135, 137-139, 445

后续步骤Next steps

本系列教程的第一篇文章介绍了如何启动三个 EC2 实例,并将其配置为用于 Service Fabric 安装:In part one of the series, you learned how to launch three EC2 instances and get them configured for the Service Fabric installation:

  • 创建一组 EC2 实例Create a set of EC2 instances
  • 修改安全组Modify the security group
  • 登录到其中一个实例Sign in to one of the instances
  • 准备 Service Fabric 的实例Prep the instance for Service Fabric

请继续学习本系列教程的第二篇文章,了解如何在群集中配置 Service Fabric。Advance to part two of the series to configure Service Fabric on your cluster.