azure service fabric #10

Supports: win2012r2 win2016

Add to new model


Azure Service Fabric is a distributed systems platform that makes it easy to
package, deploy, and manage scalable and reliable microservices.


Azure Service Fabric is a distributed systems platform that makes it easy to package, deploy, and manage scalable and reliable microservices. Service Fabric also addresses the significant challenges in developing and managing cloud applications.


Plan your cluster configuration before deploying the charm as the current release doesn't support dynamically changing the configuration options.

Supported deployment scenarios at the moment are:

  • Unsecured cluster node-to-node and client-to-node. This is the default behavior and the charm doesn't have any relation with other charms, but this is not recommended in the production due to security concerns.

  • Secured using Active Directory Windows credentials. This requires a relation with the active directory charm and it can be achieved by deploying the current charm with security-type config option set to Windows.

For both scenarios make sure you properly adjust the reliability-level config option as this dictates the minimum number of units necessary to form the cluster. By default the reliability level is set to Bronze and it requires at least three nodes to form the cluster. More info about reliability levels can be found at the following url.

Take care when using Juju OpenStack provider to always set the config option change-hostname to True. Due to the fact that Juju spawns nova instances with long names, all instances end up with the same prefix. After instances finish the initializing process, they all have the same hostname as cloudbase-init just gets the first 15 characters from the nova instance name. This is problematic when joining an Active Directory domain. Config option change-hostname will enable the charm to rename the computer name to a unique name formed from unit name and unit number.


The charm has two dependencies. Whenever someone deploys the charm, these needs to be passed as Juju resources (resources are available in Juju versions >= 2.0).

Make sure you download the dependencies before you deploy the charm:

  • Full version of .NET framework version 4.5.1 or higher. This can be obtained from the following download url;
  • Service Fabric standalone zip package. This can be downloaded from the Microsoft website at the following url, section Download the Service Fabric standalone package.

When you have your resources ready, you can deploy the charm.

NOTE: The default Juju resources from charm store are just some dummy files and they are the not real resources. If the user doesn't provide the real resources at deploy time, the charm will not work.

Deployment Steps

The following commands will deploy a cluster using AD Windows security type, Bronze reliability level and HAProxy load balancer in order to do a reverse proxy for the API and GUI endpoints.

juju deploy cs:~cloudbaseit/azure-service-fabric --num-units 3 --series win2012r2 \
    --resource dotnet-installer="<dot_net_framework_installer_path>" \
    --resource asf-zip-package="<service_fabric_zip_package_path>"

juju config azure-service-fabric security-type=Windows \

juju deploy cs:~cloudbaseit/active-directory --series win2012r2

juju config active-directory administrator-password="<secure_password>" \
                             safe-mode-password="<secure_password>" \
                             domain-user="jujuadmin" \
                             domain-user-password="<secure_password>" \
                             domain-name="<fully_qualified_domain_name>" \

juju deploy cs:haproxy --series xenial

juju add-relation azure-service-fabric active-directory
juju add-relation azure-service-fabric haproxy

juju expose haproxy

Once the deployment finishes, find the public address of HAProxy unit and you can access the web portal the the following url: http://<haproxy_public_address>:19080. Also if you'd like to query the API, this can be done at the following endpoint: <haproxy_public_address>:19000.

To access either the GUI or the API, you need the AD credentials. The charm requests two users from the Active Directory charm and both are granted with cluster access. One of the users named asf-admin has cluster administrative privileges and the other one named asf-user is just a normal user with read-only access to the cluster.

Passwords for these domain users are randomly generated by the AD charm. After the deployment is finished, you can find their passwords by running the get-ad-user-credentials Juju action:

ACTION_ID=$(juju run-action <any_deployed_service_fabric_unit> get-ad-user-credentials | awk '{print $5}')
juju show-action-output $ACTION_ID

Scale up/down

For scaling up your cluster, adding another node to your cluster is just as easy as typing the following command:

juju add-unit azure-service-fabric

Unfortunately, the current version of the charm doesn't support scaling down, but this will be added in the upcoming release of the charm.


(int) Ending port that will be used by the Service Fabric applications. Config option is used together with 'application-start-port'.
(int) Starting port that will be used by the Service Fabric applications. Config option is used together with 'application-end-port'. These should be a subset of the ephemeral ports, enough to cover the endpoint requirement of your applications. Service Fabric will use these whenever new ports are required, as well as take care of opening the firewall for these ports.
(boolean) The hostname set inside the newly spawned machine is usually the same as the name of the instance being spawned. In cases where the instance name is larger then 15 characters (maximum size for windows NetBios names), the instance name gets truncated to the first 15 characters. This creates a problem, as hostnames in active directory, for example, are very important. Having more then one machine with the same hostname try to join the same domain, will create trust issues. This option allows changing the hostname of the current running system to a combination of the first 14 (or less, depending on how many digits the unit number has) characters of the charm name and the unit number. While this is not infallible, It does have less of a chance of creating hostname conflicts.
(int) The port used by the client to connect to the cluster, when using the client APIs.
(int) The port at which the nodes communicate with each other.
(string) Friendly name of the Azure Service Fabric.
(int) This is used together with 'ephemeral-start-port'. They override the dynamic ports used by the OS.
(int) This is used together with 'ephemeral-end-port'. They override the dynamic ports used by the OS. Service Fabric will use a part of these as application ports and the remaining will be available for the OS. You need to make sure that the difference between the start and the end ports is at least 255. You may run into conflicts if this difference is too low, since this range is shared with the operating system.
(string) Represents the fault domain name used for these deployment units. A fault domain (FD) is a physical unit of failure and is directly related to the physical infrastructure in the data centers. A fault domain consists of hardware components (computers, switches, networks, and more) that share a single point of failure.
(int) The port used by the Service Fabric Explorer to connect to the cluster.
(int) The port used by the cluster lease driver to find out if the nodes are still active.
(string) The reliability level defines the number of copies of the system services that can run on the primary nodes of the cluster. This increases the reliability of these services and hence the cluster. You can set this variable to either Bronze, Silver, Gold or Platinum for 3, 5, 7 or 9 copies of these services respectively. Note that since a primary node runs a single copy of the system services, you would need a minimum of 3 primary nodes for Bronze, 5 for Silver, 7 for Gold and 9 for Platinum reliability levels.
(int) The port used by the built-in Service Fabric reverse proxy.
(string) The type of the cluster security. Supported types by the charm are: - 'Unsecure', the cluster is not secured at all; - 'Windows', for an Active Directory based security; - 'X509', for a certificate-based security.
(int) The port used by the applications and services deployed on a node, to communicate with the Service Fabric client on that particular node.
(string) An upgrade domain (UD) is a logical unit of nodes. During Service Fabric orchestrated upgrades (either an application upgrade or a cluster upgrade), all nodes in a UD are taken down to perform the upgrade while nodes in other UDs remain available to serve requests.