The Service
Fabric provisions applications as per the manifest. While applications can
range in purpose, there is no substitute for deployments with high availability
and without instances/replicas. ServiceFabric or SF for short makes this happen
seamlessly, with scaling and with great monitoring. The Service Fabric
framework enforces consistency and provides visibility across deployments of
components, instances and replicas as the application goes through its
lifecycle. While the SF hosting framework has been introduced with an article
referred to here,
this document describes the technical service guide used for troubleshooting SFs.
The tools for
diagnosability of SF hosting framework execution are the logs and Service
Fabric explorer which is a user interface for viewing the health of the
cluster, nodes, applications, instance, and replicas. The inputs to the system
are the manifests and executables which can be deployed successfully and result
in the applications being launched correctly. The Service Fabric framework
provides retries and configurations so that the ensemble and quorum are setup
correctly for the applications.
In addition,
there are several PowerShell cmdlets available from the Service Fabric module
that makes diagnosing and Service Fabric deployment easier.
Out of band
validation of manifests, executables and packages are possible via the
AzureDevOps (ADO) pipeline where the necessary validations are exercised at the
time of build, test and creation of package. Many of the artifacts are
parameterized and checked into a source code repository branch. So, the
infusion of values to parameters must ensure that the artifacts are unique per
deployment. The manifests file and parameter files contain different parameters
that can determine the hosting model, the service or application distribution
and the nodes. Specifying the configuration correctly greatly affects the
outcome and the time to go live.
The logs
displayed on Service Fabric Explorer have detailed entries for each operation
of the Service Fabric framework. A specific manifest used for provisioning will
have a unique Id made from its parts that can be used to track and correlate
the entries for a timeline of all actions taken on the manifest. The entries
will bear this ID so it can be used as a filter for the log entries.
The Service
Fabric is a framework that can allow the migration of an application type from
local environment, private cloud and to public cloud as long as it can work
correctly on one.
Application
passes through the credentials of the user via the AAD auth client. In select
cases, it may make a service-to-service call which works based on application
id and certificate. In these cases, the troubleshooting revolves around the following
cases. For the interactions between a deployment, a ServiceMap can come useful.
Application
user interfaces usually make an HTTP request which bears an authentication
header. This has a bearer token when the request needs to be authenticated and
authorized. The token is issued to an identity and Windows lists many forms of
identity including but not restricted to UserCredential,
ApplicationCertificateThumbprint, ApplicationClientId, ApplicationKey,
ApplicationNameForTracing, ApplicationToken, Authority,
EmbeddedManagedIdentity, ApplicationCertificateSubjectDistinguishedName,
ApplicationCertificateIssuerDistinguishedName, and
ApplicationCertificateSendPublicCertificate. In all of these cases, the
security token provider service provides a resolution of whether a token was
successfully issued. The remote server will accept this token or reject with an
Unauthorized error. In this case, the resolution is to check that the caller is
part of the security group and the certificates or applications used have not
expired.
Frequently, the
controllers for security such as the external service controller can reject
these if the role does not have sufficient permissions. For example, a platform
service administrator role might be required to execute privileged operations
as part of the Service Fabric application provisioning. These can be mitigated
as per the powershell commands to add role
In some cases, Service
Fabric application provisioning might require a claim to be added to the
principal. This can also be done with the help of an application.
Logs and
activity reports on the Service Fabric Explorer cover one or multiple manifests
that had been processed by the task. A "ServiceError" term can refer
to most of the errors. When fixing the issues, the caller must verify that the
application has all the things it needs.
Error message
"System.Net.WebException: Port already in use --->
System.Net.Sockets.SocketException: The port is already in use" errors are
usually transient and the system will launch additional replicas until the
minimum number is active.
Cause and fix: Ensure
that the configuration is set up correctly as per the last article on the
ServiceFabric cluster.
Error message An
application failed to start or exit the Inbuild stage
Cause and fix:
It is highly recommended to view the associated logs on the corresponding node
of the application so that it can describe the steps that need to be taken.
Error message Certificates
are missing.
Cause and fix: This
is usually a packaging error because the certificates on a cluster node must be
made available for the application to launch.
For issues that
have not been resolved by this document, please send mail to
support@acme.com or follow up on the support channel:
<link-to-support-channel>.
No comments:
Post a Comment