1

I have a Service Fabric cluster hosted in Microsoft Azure, and I have configured its scale set to register all nodes with Azure Automation DSC (following the example from https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/dsc-template#template-example-for-windows-virtual-machine-scale-sets).

I now need to update the DSC script to also ensure that TLS 1.0 is disabled. This registry change requires a reboot of the affected machines. How can I get DSC to apply this change one update domain at a time so that all the VMs in my cluster aren't rebooted at the same time?

Super Jade
  • 5,609
  • 7
  • 39
  • 61
Colin Smith
  • 81
  • 1
  • 6

1 Answers1

1

This depends on the durability level that you have configured for your cluster:

  • Gold Restarts can be delayed until approved by the Service Fabric cluster. Updates can be paused for 2 hours per UD to allow additional time for replicas to recover from earlier failures

  • Silver Restarts can be delayed until approved by the Service Fabric cluster. Updates cannot be delayed for any significant period of time

  • Bronze Restarts will not be delayed by the Service Fabric cluster. Updates cannot be delayed for any significant period of time

So, you'll need your cluster to have either Silver or Gold level.

LoekD
  • 11,402
  • 17
  • 27
  • I don't believe this actually answers the question, and could be potentially "dangerous". DSC has no built-in concept of inter-VM dependencies. Configs will be applied and (depending on the remediation mode) any reboots will occur just as with any other node. It doesn't matter how many nodes or UD's you have, you could easily reboot your entire cluster at once. – Orangutech Sep 14 '21 at 15:09