Search code examples
azurepowershellazure-service-fabricazure-automation

Connect to ServiceFabric using Azure Automation

I am trying to run the following test script using a hybrid runbook worker via Azure Automation:

Connect-ServiceFabricCluster -ConnectionEndpoint "the-service-fabric-azure-url" -FindType FindByThumbprint -FindValue "the-thumbprint" -X509Credential -ServerCertThumbprint "the-thumbprint" -StoreLocation CurrentUser -StoreName My -Verbose

$app = Get-ServiceFabricApplication -ApplicationName "fabric:/the-application-name"

Write-Output $app

When I run this script locally on my machine, it works. When I run this script using a Powershell session on the VM, it also works.

When I put this script in a runbook and then run the runbook via the hybrid work group (which points to the same VM, since there is only one worker registered to that group), I get an error:

Connect-ServiceFabricCluster : An error occurred during this operation. Please check the trace logs for more details. At line:1 char:1 +   
Connect-ServiceFabricCluster -ConnectionEndpoint "my-service-fabric-url... +  

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +   
CategoryInfo : InvalidOperation: (:) [Connect-ServiceFabricCluster], FabricException +   
FullyQualifiedErrorId : CreateClusterConnectionErrorId,Microsoft.ServiceFabric.Powershell.ConnectCluster

What do I need to configure so that the hybrid group can execute the same script that a local Powershell session can already execute correctly?

Some extra information:

  • The ServiceFabric SDK is installed on the VM. Since I can connect from the VM to ServiceFabric via a Powershell session, confirms that the SDK is available on the VM.
  • The hybrid group works correctly. If I run a small Powershell script that outputs the local machine name, it returns the name of my Azure VM, so I know it's being run on the machine I want it to run on. Any non-ServiceFabric-related script that I've run has worked without issue.
  • I have made sure to install the ServiceFabric certificate on the VM. On the VM, I can browse to the SF explorer website, and I can run the script via a powershell session, so I know the certificate is installed correctly because otherwise that wouldn't work either.
  • I have also installed the certificate into the Azure Automation account itself, but that didn't have any effect on the error I'm getting.
  • The error mentions to check the trace logs, but I have no idea where that is.
  • The Service Fabric nodes and the hybrid runbook worker VM are all on the same virtual network. Since I can connect from the VM to ServiceFabric via a Powershell session, this doesn't seem to be a network issue.
Solution

  • You're using a certificate location that's based on the user that runs the script (-StoreLocation CurrentUser -StoreName My).

    You should use a location that can be accessed by (the / any) account that runs the automation instead.

    Azure Automation has built-in support for this, using the Get-AzAutomationCertificate command.

    More info here.