Merge pull request Azure#4482 from aljo-microsoft/master

Update 5-VM Linux SF Cluster Quickstart with Azure-Samples service fabric cluster template

5-VM-Ubuntu-1-NodeTypes-Secure/New-ServiceFabricClusterCertificate.ps1

@@ -0,0 +1,47 @@
+#Requires -Module AzureRM.KeyVault
+
+# Use this script to create a certificate that you can use to secure a Service Fabric Cluster
+# This script requires an existing KeyVault that is EnabledForDeployment.  The vault must be in the same region as the cluster.
+# To create a new vault and set the EnabledForDeployment property run:
+#
+#$keyvaultRG="mykevaultrg"
+#$KeyVaultName="mykevaultname"
+#New-AzureRmResourceGroup -Name $KeyvaultRG -Location WestUS
+#New-AzureRmKeyVault -VaultName $KeyVaultName -ResourceGroupName $KeyvaultRG -Location WestUS -EnabledForDeployment
+#
+# Once the certificate is created and stored in the vault, the script will provide the parameter values needed for template deployment
+# 
+# You can download the cert from the key-vault portal, if you need it on your machine.
+
+param(
+    [string] [Parameter(Mandatory=$true)] $Password,
+    [string] [Parameter(Mandatory=$true)] $CertDNSName,
+    [string] [Parameter(Mandatory=$true)] $KeyVaultName,
+    [string] [Parameter(Mandatory=$true)] $KeyVaultSecretName
+)
+
+$SecurePassword = ConvertTo-SecureString -String $Password -AsPlainText -Force
+$CertFileFullPath = $(Join-Path (Split-Path -Parent $MyInvocation.MyCommand.Definition) "\$CertDNSName.pfx")
+
+$NewCert = New-SelfSignedCertificate -CertStoreLocation Cert:\CurrentUser\My -DnsName $CertDNSName 
+Export-PfxCertificate -FilePath $CertFileFullPath -Password $SecurePassword -Cert $NewCert
+
+$Bytes = [System.IO.File]::ReadAllBytes($CertFileFullPath)
+$Base64 = [System.Convert]::ToBase64String($Bytes)
+
+$JSONBlob = @{
+    data = $Base64
+    dataType = 'pfx'
+    password = $Password
+} | ConvertTo-Json
+
+$ContentBytes = [System.Text.Encoding]::UTF8.GetBytes($JSONBlob)
+$Content = [System.Convert]::ToBase64String($ContentBytes)
+
+$SecretValue = ConvertTo-SecureString -String $Content -AsPlainText -Force
+$NewSecret = Set-AzureKeyVaultSecret -VaultName $KeyVaultName -Name $KeyVaultSecretName -SecretValue $SecretValue -Verbose
+
+Write-Host
+Write-Host "Source Vault Resource Id: "$(Get-AzureRmKeyVault -VaultName $KeyVaultName).ResourceId
+Write-Host "Certificate URL : "$NewSecret.Id
+Write-Host "Certificate Thumbprint : "$NewCert.Thumbprint

5-VM-Ubuntu-1-NodeTypes-Secure/README.md

@@ -0,0 +1,40 @@
+# 5 Node secure ubuntu Service Fabric Cluster with Azure Diagnostics enabled
+
+<a href="https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2FAzure-Samples%2Fservice-fabric-cluster-templates%2Fmaster%2F5-VM-Ubuntu-1-NodeTypes-Secure%2FAzureDeploy.json" target="_blank">
+    <img src="http://azuredeploy.net/deploybutton.png"/>
+</a>
+<a href="http://armviz.io/#/?load=https%3A%2F%2Fraw.githubusercontent.com%2FAzure-Samples%2Fservice-fabric-cluster-templates%2Fmaster%2F5-VM-Ubuntu-1-NodeTypes-Secure%2FAzureDeploy.json" target="_blank">
+    <img src="http://armviz.io/visualizebutton.png"/>
+</a>
+
+This template allows you to deploy a secure 5 node, Single Node Type Service Fabric Cluster running Ubuntu Server on a Standard_D2_v2 Size Virtual Machine Scale set with Azure Diagnostics turned on. 
+
+This template assumes that you already have certificates uploaded to your keyvault.  If you want to create a new certificate run the **New-ServiceFabricClusterCertificate.ps1** file in this sample.  
+
+You can download the cert from the keyvault from the portal 
+- Got to the keyvalut resource
+- navigate to the secrets tab and download the cert
+
+![DownloadCert]
+
+
+## Creating a custom ARM template
+
+If you are wanting to create a custom ARM template for your cluster, then you have two choices.
+
+1. You can acquire this sample template make changes to it. 
+2. Log into the azure portal and use the service fabric portal pages to generate the template for you to customize.
+  1. Log on to the Azure Portal [http://aka.ms/servicefabricportal](http://aka.ms/servicefabricportal).
+
+  2. Go through the process of creating the cluster as described in [Creating Service Fabric Cluster via portal](https://docs.microsoft.com/azure/service-fabric/service-fabric-cluster-creation-via-portal) , but do not click on ***create**, instead go to Summary and download the template and parameters.
+
+
+ ![DownloadTemplate]
+
+
+Unzip the downloaded .zip on your local machine, make any changes to template or the parameter file as you need.
+
+
+<!--Image references-->
+[DownloadTemplate]: ./DownloadTemplate.png
+[DownloadCert]: ./DownloadCert.PNG

5-VM-Ubuntu-1-NodeTypes-Secure/azuredeploy.parameters.json

@@ -0,0 +1,24 @@
+{
+  "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentParameters.json",
+  "contentVersion": "1.0.0.0",
+  "parameters": {
+    "clusterName": {
+      "value": "GEN-UNIQUE"
+    },
+    "adminUserName": {
+      "value": "GEN-UNIQUE"
+    },
+    "adminPassword": {
+      "value": "GEN-PASSWORD"
+    },
+    "certificateThumbprint": {
+      "value": "GEN-SF-CERT-THUMBPRINT"
+    },
+    "sourceVaultValue": {
+      "value": "GEN-KEYVAULT-RESOURCE-ID"
+    },
+    "certificateUrlValue": {
+      "value": "GEN-SF-CERT-URL"
+    }
+  }
+}

5-VM-Ubuntu-1-NodeTypes-Secure/metadata.json

@@ -0,0 +1,7 @@
+{
+  "itemDisplayName": "Deploy a 5 Node Ubuntu Service Fabric Cluster",
+  "description": "This template allows you to deploy a secure 5 node Service Fabric Cluster running Ubuntu on a Standard_D2_V2 Size VMSS.",
+  "summary": "This template takes a minimum amount of parameters and deploys 5 Node Service Fabric Cluster running Ubuntu ",
+  "githubUsername": "aljo-microsoft",
+  "dateUpdated": "2018-04-04"
+}