Refer to https://blogs.msdn.microsoft.com/azureservicefabric/2017/05/22/os-patching-of-service-fabric-cluster-nodes/ for the update to this blog.
Patching the OS in the cluster VMs has been a top ask from customers. Service Fabric (SF) clusters are built on top of VMSS and Azure does not presently support safe automatic OS patching/upgrade of these VMSS instances. We've been looking at how to address this top ask, and can now offer a (temporary) solution along with a road map on how we plan to tackle it in the months ahead.
- Unsupported now: Provide a manually initiated script that the cluster administrator can run. Download the script and the instructions. This script has the functionality to download the applicable OS patches and deploy them safely to the VM instances. This out-of-band script makes the OS update process semi-automated and enables the cluster administrator to update all SF cluster nodes from one of the cluster VMs.
- Available now: Patch Orchestration Application (POA) is now available to be deployed to your clusters. POA is a Service Fabric application that allows you to automate OS patching of the VMs/VM instances/nodes of a Service Fabric cluster on Azure or on-premise. The details on how to download and use this applications are at https://docs.microsoft.com/azure/service-fabric/service-fabric-patch-orchestration-application.
The POA downloads OS patches and orchestrates their deployment to all nodes in the cluster without downtime. While applying updates, POA monitors the health of the cluster and if at any time the health policies for the cluster are not met, the patch rollout is stopped. . Sixty days after POS is available, we will deprecate the preceding semi-automated script.
- Available Oct/2017 or so: VMSS provided, image based automatic patching capability. This allows a SF customer to modify the VMSS definition, such that the OS image automatically updated when azure publishes a new image for a given OS family and version. More details will be provided by late Q2CY2017. If you want to keep your SF cluster VMs patched to the latest, then you would end up using the POS service along with the image based patching.