OS patching for VMs running Service fabric

Refer to https://blogs.msdn.microsoft.com/azureservicefabric/2017/05/22/os-patching-of-service-fabric-cluster-nodes/ for the update to this blog.

Patching the OS in the cluster VMs has been a top ask from customers.  Service Fabric (SF) clusters are built on top of VMSS and Azure does not presently support safe automatic OS patching/upgrade of these VMSS instances.  We've been looking at how to address this top ask, and can now offer a (temporary) solution along with a road map on how we plan to tackle it in the months ahead.

  • Unsupported now: Provide a manually initiated script that the cluster administrator can run. Download the script and the instructions. This script has the functionality to download the applicable OS patches and deploy them safely to the VM instances. This out-of-band script makes the OS update process semi-automated and enables the cluster administrator to update all SF cluster nodes from one of the cluster VMs.
  • Available now: Patch Orchestration Application (POA) is now available to be deployed to your clusters. POA is a Service Fabric application that allows you to automate OS patching of the VMs/VM instances/nodes of a Service Fabric cluster on Azure or on-premise. The details on how to download and use this applications are at https://docs.microsoft.com/azure/service-fabric/service-fabric-patch-orchestration-application.

    The POA downloads OS patches and orchestrates their deployment to all nodes in the cluster without downtime. While applying updates, POA monitors the health of the cluster and if at any time the health policies for the cluster are not met, the patch rollout is stopped. . Sixty days after POS is available, we will deprecate the preceding semi-automated script.

  • Available Oct/2017 or so: VMSS provided, image based automatic patching capability. This allows a SF customer to modify the VMSS definition, such that the OS image automatically updated when azure publishes a new image for a given OS family and version. More details will be provided by late Q2CY2017. If you want to keep your SF cluster VMs patched to the latest, then you would end up using the POS service along with the image based patching.


Comments (8)
  1. Fredrik Lindström says:

    Any further news regarding this?

  2. Dear Team,

    Do we have any updates on the Patch Orchestration Service (POS), also I would like to understand the RACI Matrix of MS Azure and me as User of Service Fabric hosted in MS Azure, especially on the OS layer.

  3. Stephen says:

    I am new to service fabric, and I am trying to understand why this is an issue. If a node goes down for patching, shouldn’t service fabric automatically move the activity to another node?
    This seems like it would be a core part of Service Fabric… Or am I missing the point?

    1. Matt Snider says:

      Of course it would, however you don’t want something to come along and take all the machines down at the same time, nor would you want a random percentage of your cluster to drop out simultaneously (makes capacity planning difficult). So it’s better to have something orchestrating the change.

  4. Leandro Wajswajn says:

    Hello, any update in regards Patch Orchestration Service? I haven’t seen any further communication in regards this service.

Comments are closed.

Skip to main content