How to create a Service Fabric standalone cluster with AWS EC2 instances


The Service Fabric for Windows Server deployment (standalone) offers you the option to choose your own environment and create a cluster as part of our “any OS, any cloud” approach with Service Fabric. Creating a cluster in Azure is the easier choice since this is available as a service and manages Service Fabric upgrades for you amongst other things. However you can use your own PCs on-premise and other cloud providers to create clusters. This post uses Amazon EC2 instances to create a Service Fabric standalone cluster for Windows. There are three steps involved:

1) Create EC2 instances
2) Configure EC2 instances
3) Deploy a Service Fabric cluster.

Let’s do them one by one!

1) Create EC2 instances

First log onto http://aws.amazon.com/. I assume you already have an Amazon account. You can click the Services icon, and choose EC,  then “Launch Instance”. Choose any Amazon Machine Image (AMI) type that you want. In this tutorial, I will be using Microsoft Windows Server 2016 Base. Next, you want to choose an instance type that fits your use case. I am using m4.4*large Type, 16vCUPS, 64 GiB Memory with high network performance. See the screen shot below.

screenshot_1

Let’s move on to “Next: Configure Instance Details”. There are many fields that are needed to be completed here (see screen shot below) and some of the fields require extra setup. I will go through each of them.

screenshot_8

I want to create a three node Service Fabric cluster so I need three instances. Set the number of instances to 3. Then In the network section, you need to create a new VPC. This is an example, below:

screenshot_3

Choose the fabric-VPC you just created in “Configure Instance Details”. Now the Subnet field is asking for “A Subnet is required when launching into a VPC”. I will be using Simple AD and it requires two subnets. I will create a two of them.

First Subnet:

screenshot_5

Second Subnet:

screenshot_6

 

Next go back to “Configure Instance Detail” page, set auto-assign public IP to “Enabled”. There is no need to set placement group. Domain join directory is not mandatory in Service Fabric. But in order to get Service Fabric cluster to come up, each VM in the cluster needs to share the same credentials. Since an Amazon EC2 Instance by default creates the password randomly, to make it easier I will use domain join here. Here is how I create a Simple AD:
screenshot_7

Go to this link to create a new IAM policy: https://console.aws.amazon.com/iam/home?region=us-west-2#/policies. You should choose “Create your own policy” and name it allow-all-ssm. Attach this JSON to the policy document area.

{
    "Version":"2012-10-17",
        "Statement": [
            {
                "Sid": "AllowaccesstoSSM",
                "Effect": "Allow",
                "Action": [
                    "ssm:DescribeAssociations",
                    "ssm:ListAssociations",
                    "ssm:GetDocument",
                    "ssm:UpdateAssociationStatus",
                    "ds:CreateComputer",
                    "ec2:DescribeInstancesStatus"
                ],
                "Resource": [
                    "*"
                ]
            }]
}

 

Next, go back to the “Configure Instance Details” page and create a new IAM role. Choose Amazon EC2. Attach AdministratorAccess and AmazonSSMFullAccess and the new policy that you just created allow-all-ssm.

Now “Configure Instance Details” is all set. You can feel free to skip Add Storage and Add Tags. Jump to Configure Security Group. You should create a new security group. Keep the existing RDP type. Add a new one with Custom ICMP type; set the protocol to Echo request. Set the source to Anywhere. Add another All traffic type and set the source to Custom. Once everything is done, you can “Review and Launch”.

 

2) Configure EC2 Instances 

Once the VMs are launched, there are a few more things that you need to change. Log in to each of them with your admin domain joined credentials. For each VM, go to Windows Firewall with Advanced Security. Choose inbound Rules, create a new rule to allow ICMPv4 for any IP address.

Inbound -> Custom -> All programs -> ICMPv4 Protocol -> Next -> Choose Any IP Address for both local and remote -> allow the connection -> apply to domain, private and public -> name it and finish.

Also for each VM, you need to enable file share and need to ensure that the RemoteRegistry Service is enabled. Once these are all set, try to ping the private IP from one instance to the other two. If it works, congratulations! The virtual machines are ready to deploy Service Fabric to create a cluster.

 

3) Deploy a Service Fabric Cluster

The most exciting step! Go to: http://go.microsoft.com/fwlink/?LinkId=730690 to download Service Fabric for Windows Server standalone package and copy this to one of the EC2 instances. Follow the instruction here: https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-creation-for-windows-server to create a cluster. Note when you modify the IP address in the clusterConfig.json, use the private IP of the instances instead of the public IP.

If you run into issues setting this up, go to our Github issue page  or StackOverflow and post an issue or question. Also try this out on Azure, where it is super easy to create 1 node clusters, through to 1000 node clusters that are fully managed and which can be scaled in and out with PowerShell commands.


Comments (0)

Skip to main content