Pulling type deploy service for IIS.
Azure VMSS is so attractive. However, Kubernetes and Service Fabric are too rich for the people who use simpley web server management that copy app directory to IIS Server and changing binded folder.
SaburaIIS is a solution for who need more simple way.
An orchestrator usualy consists of a few master nodes and many workder nodes.
Master nodes communicate each other to manage state all system.
Multi Paxos and Raft are famous algorithm for make masters.
However, as you know, managed Kubernetes is very popular. So, no one wants to manage the masters.
This project's concept "Are azure managed services able to make it simple?"
- Using CosmosDB insted of master nodes
- Using VMSS and Helth extension to ensure resiliency
Cosmos DB has a data what applicationHost.config should be. And saburaiis agents update IIS on each VM. This relationship like a relationship between VirtualDOM and DOM.
- Cosmos DB: Store data what IIS should be.
- Storage: Store applciation package(zip).
- Key Vault: Manage SSL certificate.
- App Configuration: Manage environment variables for Application Pool.
- Log Analytics: Monitoring saburaiis agent logs.
- Partition(VMSSs): Worker group. Partition has a few VMSS.
- SaburaIIS Agent: Update IIS when Cosmos DB change trigger fired.
- SaburaIIS CLI: Manage data stored in Cosmos DB and Storage.
- SaburaIIS AdminWeb: Manage data stored in Cosmos DB and Storage.
SaburaIIS can configure multi partitions and multi regions.
Create a new service principal and get its object ID(oooooooo-oooo-oooo-oooo-oooooooooooo).
$ az ad sp create-for-rbac --skip-assignment -n "SaburaIIS"
{
"appId": "nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn",
"displayName": "SaburaIIS",
"name": "nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn",
"password": "ppppppppppppppppppppppppppppppppp",
"tenant": "tttttttt-tttt-tttt-tttt-tttttttttttt"
}
$ az ad sp show --query objectId --id nnnnnnnn-nnnn-nnnn-nnnn-nnnnnnnnnnnn
"oooooooo-oooo-oooo-oooo-oooooooooooo"
Create core resources (CosmoDB, KeyVault, Storage), vnet and a partition (VMSS, PIP, LB, NSG)
Download SaburaIIS.WebAdmin.zip latest release
Extract zip and configure appsettings.json
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AllowedHosts": "*",
"SaburaIIS": {
"SubscriptionId": "<Your subscription id>",
"ResourceGroupName": "<Core resource group name(which has cosmosdb, keyvault and storage)>"
}
}
AdminWeb use managed identity to access resources. You need setup on visual studio (https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-connect-msi?tabs=windowsclient%2Cdotnet#set-up-visual-studio)
Also, You use service principal insted of managed identity if you want to.
{
...
"SaburaIIS": {
"SubscriptionId": "<Your subscription id>",
"ResourceGroupName": "<Core resource group name(which has cosmosdb, keyvault and storage)>",
"AADTenantId": "<Your tenant id>",
"AADClientId": "<Service Principal appId(name)>",
"AADClientSecret": "<Service Principal password>"
}
}
Execute SaburaIIS.WebAdmin.exe and access https://localhost:5001/ on your browser.
Click New Partition button and input new partition name, finaly click the Create button.
- Click
Manage Scale Setbutton - Click
Add Scale Setbutton - Input VMSS name which created in step 2
- Stage changes
Check current changes and apply it.
Navigate to Instances and wait active instances
Install CLI tool via dotnet tool command and set env values.
PS> dotnet tool install -g SaburaIIS.CLI
PS> $env:AZURE_SUBSCRIPTION_ID="<Your subscription id>"
PS> $env:SABURAIIS_RG_NAME="<Core resource group name(which has cosmosdb, keyvault and storage)>"
PS> $env:AZURE_TENANT_ID="<Your tenant id>"
PS> $env:AZURE_CLIENT_ID="<Service Principal appId(name)>"
PS> $env:AZURE_CLIENT_SECRET="<Service Principal password>"
Create simple applciation package(zip) and execute saburaiis release command.
PS> echo "SaburaIIS" > index.html
PS> Compress-Archive -Path .\index.html -DestinationPath index.zip
PS> saburaiis release EmptySite v0.0.1 --zip .\index.zip
Modify application physical path and update partition settings. saburaiis agent parse last two directories of physical path are package name and version. (%SystemDrive%\inetpub\site\{package name}\{version})
PS> saburaiis export partition01 --output ./partition01.json
PS> saburaiis modify-path "Default Web Site" "/" EmptySite v0.0.1 .\partition01.json
PS> cat .\partition01.json
...
"PhysicalPath": "%SystemDrive%\\inetpub\\sites\\EmptySite\\v0.0.1",
...
PS> saburaiis import partition01 ./partition01.json
After update partition settings, instances state will change on AdminWeb.
You can get the simple application at Public IP of VMSS.
Generate or import certificate to key vault which is created at Get Started - Step 2. If you don't have roles for edit, add IAM roles (ex. Key Vault Administrator) your account.
Add new binding to partition on AdminWeb. And select certificate store name and certificate hash.
After stage, apply changes and reload your site by https.
You can use Key Vault Acmebot with SaburaIIS if you want to use Let's Encrypt or other acme issuer.
Update application pool recycle request on AdminWeb.
After stage, apply changes and reload your site.
Create new subnet in portal.
And copy vnet resource group name, vnet name and subnet.
Create a new partition resource.
Assign IAM roles to vmss created in step 2.
Required parameters
- Core resource group name
- Principal ID of created new vmss
- CosmosDB name within core resource group
- Key Vault name within core resource group
- Pakcages container name within storage account within core resouce group.
The format is${storage account name}/defaults/${blob container name = 'packages'}like assaburaiis/defaults/packages
packages container name is the format ${storage name}/defaults/packages.
Create a new vnet in the new region.