Patching the OS in the cluster VMs has been a top ask from customers. Service Fabric (SF) clusters are built on top of VMSS and Azure does not presently support safe automatic OS patching/upgrade of these VMSS instances. We’ve been looking at how to address this top ask, and can now offer a (temporary) solution along with a road map on how we plan to tackle it in the months ahead.
- Available now: Provide a manually initiated script that the cluster administrator can run. Download the script and the instructions. This script has the functionality to download the applicable OS patches and deploy them safely to the VM instances. This out-of-band script makes the OS update process semi-automated and enables the cluster administrator to update all SF cluster nodes from one of the cluster VMs.
- Available Mar/2017 or so: A Patch Orchestration Service (POS) that the customer can opt into via the portal or ARM template. This service will be a new system service that will get deployed and run in the customer cluster, which will then monitor for patches on WU and deploy them to the VM instances safely. This service is planned in Q1CY2017. More details on this will be made available, when the service is available. Sixty days after POS is available, we will deprecate the preceding semi-automated script.
- Available July/2017 or so: VMSS provided, image based automatic patching capability. This allows a SF customer to modify the VMSS definition, such that the OS image automatically updated when azure publishes a new image for a given OS family and version. More details will be provided by late Q2CY2017. If you want to keep your SF cluster VMs patched to the latest, then you would end up using the POS service along with the image based patching.