How-To: Serie Deploy Secure ASF with ARM – Step 09 – Install SF Cluster with ARM

This step 9 of 10 in the post-serie “How-To: How installing a secure Service Azure Fabric Cluster (ASF) with Azure Resource Management (ARM) Template”. In this step we will create the build and release tasks in VSTS and then run the ARM template that will create the Secure Service Fabric Cluster.

ARM Template to create the Secure Service Fabric Cluster can be found here.

Overview of the steps
01. Create and import the certificates
02. Register SF Application in AAD and create AppKey
03. Generate encrypted AppKey
04. Lookup the service principles
05. Create the Key Vaults with ARM
06. Adjust the SF Application settings
07. Upload certificates to Key Vault
08. Register the Service Fabric System Applications
09. [CURRENT] Install SF Cluster with ARM
10. Coming soon!
Step 09: Setup Service Fabric Cluster

I assume you have downloaded the ARM templates from mine GitHub and placed them into a Git repository on your own VSTS.

Create Build task in VSTS

  • Go to Builds of your repository.
  • Click on NEW
  • Click on Empty Proces
  • Click on Process and set a name for the Build Tasks and set the agent queue on “VS2017”
  • Click on Get sources and set the repository to the correct one
  • Click on the PLUS-sign – behind Phase 1
  • Search for Copy and select “Copy Files” and click ADD
  • Search for Publish and select “Publish Artefacts” and click ADD
  • Fill in the correct values at Copy and Publish tasks

  • Click SAVE and QUEUE

Create Release task in VSTS

  • Goto Releases in VSTS, Create a new release
  • Create and Azure Resource Group Deployment the same way as you did in step 05, but now for the ARM template of the Secure Azure Service Fabric Cluster.
  • In the “Override template parameters” I have uses this:
    -clusterName $(clusterName) -subnet0Name "Subnet-0" -subnet0Prefix "" -publicIPAddressType "Dynamic" -vmStorageAccountContainerName "vhds" -adminUserName $(adminUserName) -adminPassword $(adminPassword) -addressPrefix "" -overProvision "false" -vmImagePublisher "MicrosoftWindowsServer" -vmImageOffer "WindowsServer" -vmImageSku "2016-Datacenter" -vmImageVersion "latest" -loadBalancedAppPort1 49255 -loadBalancedAppPort2 49256 -clusterProtectionLevel "EncryptAndSign" -certificateStoreValue "My" -certificateThumbprint $(certificateThumbprint) -sourceVaultValue $(ResourceIdVaultValue) -certificateUrlValue $(certificateUrlValue) -certificateDataEncryptionUrlValue $(certificateDataEncryptionUrlValue) -datacertificateThumbprint $(datacertificateThumbprint) -storageAccountType "Standard_LRS" -supportLogStorageAccountType "Standard_LRS" -applicationDiagnosticsStorageAccountType "Standard_LRS" -nt0InstanceCount $(nt0InstanceCount) -vmNodeType0Name "standard" -vmNodeType0Size $(vmNodeType0Size) -applicationInsightsKey $(appInsightsKey) -aadClusterApplicationId $(aadClusterApplicationId) -aadClientApplicationId $(aadClientApplicationId)

Environment variables

 sourceVaultValue  see end of step 7
 certificateUrlValue  see step 7
 certificateDataEncryptionUrlValue  see step 7
 datacertificateThumbprint see step 3
 certificateThumbprint  see step 3
 aadClusterApplicatioId   see end of step 8
 aadClientApplicationid   see end of step 8
 appInsightsKey When you appInsights installed then fill in the iKey of the Application Insight instance. Leave empty if you don’t have one.
 adminUserName / adminPassword  Username / admin. With this combination you are able to RDP to the virtual machine on which Service Fabric is running. Password must meet some requirements, make sure there is a number and symbol (like !, %, ?)
 clusterName Name of the cluster. Must be the same as what you used in the previous step “Step 08: Register Service Fabric System Applications <clustername>_Cluster”
 nt0InstanceCount Don’t change if you don’t know what they mean. 😉
Default values are 5 & ‘Standard_A2_v2’

Set the Azure subscription and Resource Group for every ARM task

  • See paragraph “Set the Azure subscription and Resource Group for every ARM task” in step 5.

Next step – Step 10 – Install the SF Application(s) with ARM