Template/Windows/template.json
{
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json", "contentVersion": "1.0.0.0", "parameters": { "clusterLocation": { "type": "string", "defaultValue": "southcentralus", "metadata": { "description": "Location of the Cluster" } }, "clusterName": { "type": "string", "metadata": { "description": "Name of your cluster - Between 3 and 23 characters. Letters and numbers only" } }, "adminUserName": { "type": "string", "metadata": { "description": "Remote desktop user Id" } }, "adminPassword": { "type": "securestring", "metadata": { "description": "Remote desktop user password. Must be a strong password" } }, "vmImagePublisher": { "type": "string", "defaultValue": "MicrosoftWindowsServer", "metadata": { "description": "VM image Publisher" } }, "vmImageOffer": { "type": "string", "defaultValue": "WindowsServer", "metadata": { "description": "VM image offer" } }, "vmImageSku": { "type": "string", "defaultValue": "2016-Datacenter-with-Containers", "metadata": { "description": "VM image SKU" } }, "vmImageVersion": { "type": "string", "defaultValue": "latest", "metadata": { "description": "VM image version" } }, "loadBalancedAppPort1": { "type": "int", "defaultValue": 80, "metadata": { "description": "Input endpoint1 for the application to use. Replace it with what your application uses" } }, "loadBalancedAppPort2": { "type": "int", "defaultValue": 8081, "metadata": { "description": "Input endpoint2 for the application to use. Replace it with what your application uses" } }, "clusterProtectionLevel": { "type": "string", "allowedValues": [ "None", "Sign", "EncryptAndSign" ], "defaultValue": "EncryptAndSign", "metadata": { "description": "Protection level.Three values are allowed - EncryptAndSign, Sign, None. It is best to keep the default of EncryptAndSign, unless you have a need not to" } }, "certificateStoreValue": { "type": "string", "allowedValues": [ "My" ], "defaultValue": "My", "metadata": { "description": "The store name where the cert will be deployed in the virtual machine" } }, "certificateThumbprint": { "type": "string", "metadata": { "description": "Certificate Thumbprint" } }, "sourceVaultValue": { "type": "string", "metadata": { "description": "Resource Id of the key vault, is should be in the format of /subscriptions/<Sub ID>/resourceGroups/<Resource group name>/providers/Microsoft.KeyVault/vaults/<vault name>" } }, "certificateUrlValue": { "type": "string", "metadata": { "description": "Refers to the location URL in your key vault where the certificate was uploaded, it is should be in the format of https://<name of the vault>.vault.azure.net:443/secrets/<exact location>" } }, "storageAccountType": { "type": "string", "allowedValues": [ "Standard_LRS", "Standard_GRS" ], "defaultValue": "Standard_LRS", "metadata": { "description": "Replication option for the VM image storage account" } }, "supportLogStorageAccountType": { "type": "string", "allowedValues": [ "Standard_LRS", "Standard_GRS" ], "defaultValue": "Standard_LRS", "metadata": { "description": "Replication option for the support log storage account" } }, "applicationDiagnosticsStorageAccountType": { "type": "string", "allowedValues": [ "Standard_LRS", "Standard_GRS" ], "defaultValue": "Standard_LRS", "metadata": { "description": "Replication option for the application diagnostics storage account" } }, "nt0InstanceCount": { "type": "int", "defaultValue": 5, "metadata": { "description": "Instance count for node type" } }, "vmNodeType0Size": { "type": "string", "defaultValue": "Standard_D2_V2" }, "durabilityLevel": { "type": "string", "defaultValue": "Bronze" }, "reliabilityLevel": { "type": "string", "defaultValue": "Silver" } }, "variables": { "computeLocation": "[parameters('clusterLocation')]", "dnsName": "[parameters('clusterName')]", "vmStorageAccountName": "[toLower(concat( 'sflogs', uniqueString(resourceGroup().id), '1' ))]", "vmName": "vm", "publicIPAddressName": "PublicIP-VM", "publicIPAddressType": "Dynamic", "vmStorageAccountContainerName": "vhds", "virtualNetworkName": "VNet", "addressPrefix": "10.0.0.0/16", "nicName": "NIC", "lbName": "LoadBalancer", "lbIPName": "PublicIP-LB-FE", "availSetName": "AvailabilitySet", "maxPercentUpgradeDomainDeltaUnhealthyNodes": "100", "vnetID": "[resourceId('Microsoft.Network/virtualNetworks',variables('virtualNetworkName'))]", "overProvision": "false", "vmssApiVersion": "2017-03-30", "sfrpApiVersion": "2019-03-01", "lbApiVersion": "2015-06-15", "vNetApiVersion": "2015-06-15", "storageApiVersion": "2016-01-01", "publicIPApiVersion": "2015-06-15", "nt0applicationStartPort": "20000", "nt0applicationEndPort": "30000", "nt0ephemeralStartPort": "49152", "nt0ephemeralEndPort": "65534", "nt0fabricTcpGatewayPort": "19000", "nt0fabricHttpGatewayPort": "19080", "subnet0Name": "Subnet-0", "subnet0Prefix": "10.0.0.0/24", "subnet0Ref": "[concat(variables('vnetID'),'/subnets/',variables('subnet0Name'))]", "supportLogStorageAccountName": "[toLower( concat( uniqueString(resourceGroup().id),'2'))]", "applicationDiagnosticsStorageAccountName": "[toLower(concat('wad',uniqueString(resourceGroup().id), '3' ))]", "lbID0": "[resourceId('Microsoft.Network/loadBalancers',concat('LB','-', parameters('clusterName'),'-',variables('vmNodeType0Name')))]", "lbIPConfig0": "[concat(variables('lbID0'),'/frontendIPConfigurations/LoadBalancerIPConfig')]", "lbPoolID0": "[concat(variables('lbID0'),'/backendAddressPools/LoadBalancerBEAddressPool')]", "lbProbeID0": "[concat(variables('lbID0'),'/probes/FabricGatewayProbe')]", "lbHttpProbeID0": "[concat(variables('lbID0'),'/probes/FabricHttpGatewayProbe')]", "lbNatPoolID0": "[concat(variables('lbID0'),'/inboundNatPools/LoadBalancerBEAddressNatPool')]", "vmNodeType0Name": "[toLower(concat('NT1', variables('vmName')))]", "vmStorageAccountName0": "[toLower(concat(uniqueString(resourceGroup().id), '1', '0' ))]" }, "resources": [ { "apiVersion": "[variables('storageApiVersion')]", "type": "Microsoft.Storage/storageAccounts", "name": "[variables('supportLogStorageAccountName')]", "location": "[variables('computeLocation')]", "dependsOn": [], "properties": {}, "kind": "Storage", "sku": { "name": "[parameters('supportLogStorageAccountType')]" }, "tags": { "resourceType": "Service Fabric", "clusterName": "[parameters('clusterName')]" } }, { "apiVersion": "[variables('storageApiVersion')]", "type": "Microsoft.Storage/storageAccounts", "name": "[variables('applicationDiagnosticsStorageAccountName')]", "location": "[variables('computeLocation')]", "dependsOn": [], "properties": {}, "kind": "Storage", "sku": { "name": "[parameters('applicationDiagnosticsStorageAccountType')]" }, "tags": { "resourceType": "Service Fabric", "clusterName": "[parameters('clusterName')]" } }, { "apiVersion": "[variables('vNetApiVersion')]", "type": "Microsoft.Network/virtualNetworks", "name": "[variables('virtualNetworkName')]", "location": "[variables('computeLocation')]", "dependsOn": [ "[concat('Microsoft.Network/networkSecurityGroups/', concat('nsg', variables('subnet0Name')))]" ], "properties": { "addressSpace": { "addressPrefixes": [ "[variables('addressPrefix')]" ] }, "subnets": [ { "name": "[variables('subnet0Name')]", "properties": { "addressPrefix": "[variables('subnet0Prefix')]", "networkSecurityGroup": { "id": "[resourceId('Microsoft.Network/networkSecurityGroups', concat('nsg', variables('subnet0Name')))]" } } } ] }, "tags": { "resourceType": "Service Fabric", "clusterName": "[parameters('clusterName')]" } }, { "apiVersion": "[variables('publicIPApiVersion')]", "type": "Microsoft.Network/publicIPAddresses", "name": "[concat(variables('lbIPName'),'-',variables('vmNodeType0Name'))]", "location": "[variables('computeLocation')]", "properties": { "dnsSettings": { "domainNameLabel": "[variables('dnsName')]" }, "publicIPAllocationMethod": "Dynamic" }, "tags": { "resourceType": "Service Fabric", "clusterName": "[parameters('clusterName')]" } }, { "apiVersion": "[variables('lbApiVersion')]", "type": "Microsoft.Network/loadBalancers", "name": "[concat('LB','-', parameters('clusterName'),'-',variables('vmNodeType0Name'))]", "location": "[variables('computeLocation')]", "dependsOn": [ "[concat('Microsoft.Network/publicIPAddresses/',concat(variables('lbIPName'),'-',variables('vmNodeType0Name')))]" ], "properties": { "frontendIPConfigurations": [ { "name": "LoadBalancerIPConfig", "properties": { "publicIPAddress": { "id": "[resourceId('Microsoft.Network/publicIPAddresses',concat(variables('lbIPName'),'-',variables('vmNodeType0Name')))]" } } } ], "backendAddressPools": [ { "name": "LoadBalancerBEAddressPool", "properties": {} } ], "loadBalancingRules": [ { "name": "LBRule", "properties": { "backendAddressPool": { "id": "[variables('lbPoolID0')]" }, "backendPort": "[variables('nt0fabricTcpGatewayPort')]", "enableFloatingIP": "false", "frontendIPConfiguration": { "id": "[variables('lbIPConfig0')]" }, "frontendPort": "[variables('nt0fabricTcpGatewayPort')]", "idleTimeoutInMinutes": "5", "probe": { "id": "[variables('lbProbeID0')]" }, "protocol": "tcp" } }, { "name": "LBHttpRule", "properties": { "backendAddressPool": { "id": "[variables('lbPoolID0')]" }, "backendPort": "[variables('nt0fabricHttpGatewayPort')]", "enableFloatingIP": "false", "frontendIPConfiguration": { "id": "[variables('lbIPConfig0')]" }, "frontendPort": "[variables('nt0fabricHttpGatewayPort')]", "idleTimeoutInMinutes": "5", "probe": { "id": "[variables('lbHttpProbeID0')]" }, "protocol": "tcp" } }, { "name": "AppPortLBRule1", "properties": { "backendAddressPool": { "id": "[variables('lbPoolID0')]" }, "backendPort": "[parameters('loadBalancedAppPort1')]", "enableFloatingIP": "false", "frontendIPConfiguration": { "id": "[variables('lbIPConfig0')]" }, "frontendPort": "[parameters('loadBalancedAppPort1')]", "idleTimeoutInMinutes": "5", "probe": { "id": "[concat(variables('lbID0'),'/probes/AppPortProbe1')]" }, "protocol": "tcp" } }, { "name": "AppPortLBRule2", "properties": { "backendAddressPool": { "id": "[variables('lbPoolID0')]" }, "backendPort": "[parameters('loadBalancedAppPort2')]", "enableFloatingIP": "false", "frontendIPConfiguration": { "id": "[variables('lbIPConfig0')]" }, "frontendPort": "[parameters('loadBalancedAppPort2')]", "idleTimeoutInMinutes": "5", "probe": { "id": "[concat(variables('lbID0'),'/probes/AppPortProbe2')]" }, "protocol": "tcp" } } ], "probes": [ { "name": "FabricGatewayProbe", "properties": { "intervalInSeconds": 5, "numberOfProbes": 2, "port": "[variables('nt0fabricTcpGatewayPort')]", "protocol": "tcp" } }, { "name": "FabricHttpGatewayProbe", "properties": { "intervalInSeconds": 5, "numberOfProbes": 2, "port": "[variables('nt0fabricHttpGatewayPort')]", "protocol": "tcp" } }, { "name": "AppPortProbe1", "properties": { "intervalInSeconds": 5, "numberOfProbes": 2, "port": "[parameters('loadBalancedAppPort1')]", "protocol": "tcp" } }, { "name": "AppPortProbe2", "properties": { "intervalInSeconds": 5, "numberOfProbes": 2, "port": "[parameters('loadBalancedAppPort2')]", "protocol": "tcp" } } ], "inboundNatPools": [ { "name": "LoadBalancerBEAddressNatPool", "properties": { "backendPort": "3389", "frontendIPConfiguration": { "id": "[variables('lbIPConfig0')]" }, "frontendPortRangeEnd": "4500", "frontendPortRangeStart": "3389", "protocol": "tcp" } } ] }, "tags": { "resourceType": "Service Fabric", "clusterName": "[parameters('clusterName')]" } }, { "apiVersion": "2015-06-15", "type": "Microsoft.Network/networkSecurityGroups", "name": "[concat('nsg', variables('subnet0Name'))]", "location": "[resourceGroup().location]", "properties": { "securityRules": [ { "name": "allowSvcFabSMB", "properties": { "access": "Allow", "destinationAddressPrefix": "*", "destinationPortRange": "445", "direction": "Inbound", "priority": 3950, "protocol": "*", "sourceAddressPrefix": "VirtualNetwork", "sourcePortRange": "*" }, "comments": "allow SMB traffic within the net, used by fabric to move packages around" }, { "name": "allowSvcFabCluser", "properties": { "access": "Allow", "destinationAddressPrefix": "*", "destinationPortRange": "1025-1027", "direction": "Inbound", "priority": 3920, "protocol": "*", "sourceAddressPrefix": "VirtualNetwork", "sourcePortRange": "*" }, "comments": "allow ports within vnet that are used by the fabric to talk between nodes" }, { "name": "allowSvcFabEphemeral", "properties": { "access": "Allow", "destinationAddressPrefix": "*", "destinationPortRange": "[concat(variables('nt0ephemeralStartPort'), '-', variables('nt0ephemeralEndPort'))]", "direction": "Inbound", "priority": 3930, "protocol": "*", "sourceAddressPrefix": "VirtualNetwork", "sourcePortRange": "*" }, "comments": "allow fabric ephemeral ports within the vnet" }, { "name": "allowSvcFabPortal", "properties": { "access": "Allow", "destinationAddressPrefix": "*", "destinationPortRange": "[variables('nt0fabricHttpGatewayPort')]", "direction": "Inbound", "priority": 3900, "protocol": "*", "sourceAddressPrefix": "*", "sourcePortRange": "*" }, "comments": "allow port used to access the fabric cluster web portal" }, { "name": "allowSvcFabClient", "properties": { "access": "Allow", "destinationAddressPrefix": "*", "destinationPortRange": "[variables('nt0fabricTcpGatewayPort')]", "direction": "Inbound", "priority": 3910, "protocol": "*", "sourceAddressPrefix": "*", "sourcePortRange": "*" }, "comments": "allow port used by the fabric client (includes powershell)" }, { "name": "allowSvcFabApplication", "properties": { "access": "Allow", "destinationAddressPrefix": "*", "destinationPortRange": "[concat(variables('nt0applicationStartPort'), '-', variables('nt0applicationEndPort'))]", "direction": "Inbound", "priority": 3940, "protocol": "*", "sourceAddressPrefix": "*", "sourcePortRange": "*" }, "comments": "allow fabric application ports within the vnet" }, { "name": "blockAll", "properties": { "access": "Deny", "destinationAddressPrefix": "*", "destinationPortRange": "*", "direction": "Inbound", "priority": 4095, "protocol": "*", "sourceAddressPrefix": "*", "sourcePortRange": "*" }, "comments": "block all traffic except what we've explicitly allowed" }, { "name": "allowVNetRDP", "properties": { "access": "Allow", "destinationAddressPrefix": "*", "destinationPortRange": "3389-4500", "direction": "Inbound", "priority": 3960, "protocol": "*", "sourceAddressPrefix": "*", "sourcePortRange": "*" }, "comments": "allow RDP within the net" }, { "name": "allowAppPort1", "properties": { "access": "Allow", "destinationAddressPrefix": "*", "destinationPortRange": "[parameters('loadBalancedAppPort1')]", "direction": "Inbound", "priority": 2001, "protocol": "*", "sourceAddressPrefix": "*", "sourcePortRange": "*" }, "comments": "allow public application port 1" }, { "name": "allowAppPort2", "properties": { "access": "Allow", "destinationAddressPrefix": "*", "destinationPortRange": "[parameters('loadBalancedAppPort2')]", "direction": "Inbound", "priority": 2002, "protocol": "*", "sourceAddressPrefix": "*", "sourcePortRange": "*" }, "comments": "allow public application port 2" } ] }, "tags": { "resourceType": "Service Fabric", "clusterName": "[parameters('clusterName')]" } }, { "apiVersion": "[variables('vmssApiVersion')]", "type": "Microsoft.Compute/virtualMachineScaleSets", "name": "[variables('vmNodeType0Name')]", "location": "[variables('computeLocation')]", "dependsOn": [ "[concat('Microsoft.Network/virtualNetworks/', variables('virtualNetworkName'))]", "[concat('Microsoft.Network/loadBalancers/', concat('LB','-', parameters('clusterName'),'-',variables('vmNodeType0Name')))]", "[concat('Microsoft.Storage/storageAccounts/', variables('supportLogStorageAccountName'))]", "[concat('Microsoft.Storage/storageAccounts/', variables('applicationDiagnosticsStorageAccountName'))]" ], "properties": { "overprovision": "[variables('overProvision')]", "upgradePolicy": { "mode": "Automatic" }, "virtualMachineProfile": { "extensionProfile": { "extensions": [ { "name": "[concat('ServiceFabricNodeVmExt','_vmNodeType0Name')]", "properties": { "type": "ServiceFabricNode", "autoUpgradeMinorVersion": true, "protectedSettings": { "StorageAccountKey1": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('supportLogStorageAccountName')),'2015-05-01-preview').key1]", "StorageAccountKey2": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('supportLogStorageAccountName')),'2015-05-01-preview').key2]" }, "publisher": "Microsoft.Azure.ServiceFabric", "settings": { "clusterEndpoint": "[reference(parameters('clusterName')).clusterEndpoint]", "nodeTypeRef": "[variables('vmNodeType0Name')]", "dataPath": "D:\\SvcFab", "durabilityLevel": "[parameters('durabilityLevel')]", "enableParallelJobs": true, "nicPrefixOverride": "[variables('subnet0Prefix')]", "certificate": { "thumbprint": "[parameters('certificateThumbprint')]", "x509StoreName": "[parameters('certificateStoreValue')]" } }, "typeHandlerVersion": "1.0" } }, { "name": "[concat('VMDiagnosticsVmExt','_vmNodeType0Name')]", "properties": { "type": "IaaSDiagnostics", "autoUpgradeMinorVersion": true, "protectedSettings": { "storageAccountName": "[variables('applicationDiagnosticsStorageAccountName')]", "storageAccountKey": "[listKeys(resourceId('Microsoft.Storage/storageAccounts', variables('applicationDiagnosticsStorageAccountName')),'2015-05-01-preview').key1]", "storageAccountEndPoint": "https://core.windows.net/" }, "publisher": "Microsoft.Azure.Diagnostics", "settings": { "WadCfg": { "DiagnosticMonitorConfiguration": { "overallQuotaInMB": "50000", "EtwProviders": { "EtwEventSourceProviderConfiguration": [ { "provider": "Microsoft-ServiceFabric-Actors", "scheduledTransferKeywordFilter": "1", "scheduledTransferPeriod": "PT5M", "DefaultEvents": { "eventDestination": "ServiceFabricReliableActorEventTable" } }, { "provider": "Microsoft-ServiceFabric-Services", "scheduledTransferPeriod": "PT5M", "DefaultEvents": { "eventDestination": "ServiceFabricReliableServiceEventTable" } } ], "EtwManifestProviderConfiguration": [ { "provider": "cbd93bc2-71e5-4566-b3a7-595d8eeca6e8", "scheduledTransferLogLevelFilter": "Information", "scheduledTransferKeywordFilter": "4611686018427387904", "scheduledTransferPeriod": "PT5M", "DefaultEvents": { "eventDestination": "ServiceFabricSystemEventTable" } } ] } } }, "StorageAccount": "[variables('applicationDiagnosticsStorageAccountName')]" }, "typeHandlerVersion": "1.5" } } ] }, "networkProfile": { "networkInterfaceConfigurations": [ { "name": "[concat(variables('nicName'), '-0')]", "properties": { "ipConfigurations": [ { "name": "[concat(variables('nicName'),'-',0)]", "properties": { "loadBalancerBackendAddressPools": [ { "id": "[variables('lbPoolID0')]" } ], "loadBalancerInboundNatPools": [ { "id": "[variables('lbNatPoolID0')]" } ], "subnet": { "id": "[variables('subnet0Ref')]" } } } ], "primary": true } } ] }, "osProfile": { "adminPassword": "[parameters('adminPassword')]", "adminUsername": "[parameters('adminUsername')]", "computernamePrefix": "[variables('vmNodeType0Name')]", "secrets": [ { "sourceVault": { "id": "[parameters('sourceVaultValue')]" }, "vaultCertificates": [ { "certificateStore": "[parameters('certificateStoreValue')]", "certificateUrl": "[parameters('certificateUrlValue')]" } ] } ] }, "storageProfile": { "imageReference": { "publisher": "[parameters('vmImagePublisher')]", "offer": "[parameters('vmImageOffer')]", "sku": "[parameters('vmImageSku')]", "version": "[parameters('vmImageVersion')]" }, "osDisk": { "caching": "ReadOnly", "createOption": "FromImage", "managedDisk": { "storageAccountType": "[parameters('storageAccountType')]" } } } } }, "sku": { "name": "[parameters('vmNodeType0Size')]", "capacity": "[parameters('nt0InstanceCount')]", "tier": "Standard" }, "tags": { "resourceType": "Service Fabric", "clusterName": "[parameters('clusterName')]" } }, { "apiVersion": "[variables('sfrpApiVersion')]", "type": "Microsoft.ServiceFabric/clusters", "name": "[parameters('clusterName')]", "location": "[parameters('clusterLocation')]", "dependsOn": [ "[concat('Microsoft.Storage/storageAccounts/', variables('supportLogStorageAccountName'))]" ], "properties": { "addonFeatures": [ "DnsService", "RepairManager" ], "certificate": { "thumbprint": "[parameters('certificateThumbprint')]", "x509StoreName": "[parameters('certificateStoreValue')]" }, "clusterState": "Default", "diagnosticsStorageAccountConfig": { "blobEndpoint": "[reference(concat('Microsoft.Storage/storageAccounts/', variables('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.blob]", "protectedAccountKeyName": "StorageAccountKey1", "queueEndpoint": "[reference(concat('Microsoft.Storage/storageAccounts/', variables('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.queue]", "storageAccountName": "[variables('supportLogStorageAccountName')]", "tableEndpoint": "[reference(concat('Microsoft.Storage/storageAccounts/', variables('supportLogStorageAccountName')), variables('storageApiVersion')).primaryEndpoints.table]" }, "fabricSettings": [ { "parameters": [ { "name": "ClusterProtectionLevel", "value": "[parameters('clusterProtectionLevel')]" } ], "name": "Security" } ], "managementEndpoint": "[concat('https://',reference(concat(variables('lbIPName'),'-',variables('vmNodeType0Name'))).dnsSettings.fqdn,':',variables('nt0fabricHttpGatewayPort'))]", "nodeTypes": [ { "name": "[variables('vmNodeType0Name')]", "applicationPorts": { "endPort": "[variables('nt0applicationEndPort')]", "startPort": "[variables('nt0applicationStartPort')]" }, "clientConnectionEndpointPort": "[variables('nt0fabricTcpGatewayPort')]", "durabilityLevel": "[parameters('durabilityLevel')]", "ephemeralPorts": { "endPort": "[variables('nt0ephemeralEndPort')]", "startPort": "[variables('nt0ephemeralStartPort')]" }, "httpGatewayEndpointPort": "[variables('nt0fabricHttpGatewayPort')]", "isPrimary": true, "vmInstanceCount": "[parameters('nt0InstanceCount')]" } ], "provisioningState": "Default", "reliabilityLevel": "[parameters('reliabilityLevel')]", "upgradeMode": "Automatic", "vmImage": "Windows" }, "tags": { "resourceType": "Service Fabric", "clusterName": "[parameters('clusterName')]" } } ], "outputs": { "clusterProperties": { "value": "[reference(parameters('clusterName'))]", "type": "object" } } } |