search

microsoft / service-fabric

Service Fabric is a distributed systems platform for packaging, deploying, and managing stateless and stateful distributed applications and containers at large scale.
https://docs.microsoft.com/en-us/azure/service-fabric/
MIT License
3.02k stars 399 forks source link

Service Fabric Deployment using Octopus #739

Open nareshkhatri81 opened 6 years ago

nareshkhatri81 commented 6 years ago

Hi Team,

we are using octopus for doing deployment to SF Cluster octopus has support for SF. In Octopus, we see only option of connecting to cluster using AAD, Client certificate.

https://octopus.com/docs/deployment-examples/azure-deployments/deploying-to-service-fabric/connecting-securely-with-azure-active-directory/ https://octopus.com/docs/deployment-examples/azure-deployments/deploying-to-service-fabric/connecting-securely-with-client-certificates/ https://octopus.com/docs/deployment-examples/azure-deployments/service-fabric/packaging

There is no option of connecting to cluster using machine account.

As per below link of Service Fabric its possible to connect to cluster using machine account/SPN.

https://docs.microsoft.com/en-us/powershell/module/servicefabric/connect-servicefabriccluster?view=azureservicefabricps

There are scripts which are created by octopus team for connecting to SF cluster.

https://github.com/OctopusDeploy/Calamari/blob/master/source/Calamari.Azure/Scripts/AzureServiceFabricContext.ps1

question is does Connect-ServiceFabricCluster works with machine account ? so we can modify/customize/raise feature request to octopus to use those feature of SF to do auth ?

Thanks, Naresh Khatri

masnider commented 6 years ago

Yes you can configure this. https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-security#client-to-node-security

nareshkhatri81 commented 6 years ago

@linggengmsft @dragav Team. is it possible to user service account for authentication ? Connect-ServiceFabricCluster can take service account as input parameter or runs under context of machine account. Thanks, naresh Khatri

belmaiastar commented 6 years ago

Does this help you? https://docs.microsoft.com/en-us/azure/service-fabric/service-fabric-windows-cluster-windows-security

nareshkhatri81 commented 6 years ago

We are looking for client to nodes security using machine account.

Our client will be octopus which would be running with some service account.

Octopus would be using service fabric powershell cmdlets to do deployment.

belmaiastar commented 5 years ago

@nareshkhatri81 The doc describes how to configure Windows security for client to node security. What Octopus is doing is out of scope. Is there anything in the doc that is not clear enough?