SHIFT-WIKI

--- Sjoerd Hooft's InFormation Technology ---

User Tools

Site Tools


tfs2018

Getting Started With TFS Server 2018

The goal is to get everything in place so it is possible to have a full CI/CD street for infrastructure. The setup is like this:

  • Dedicated Build Network & Domain with (a.o):
    • TFS Build Server with the build agent installed
    • No internet connectivity
    • No connectivity outwards to other environments like production and acceptance, only inwards

Because we have the requirement to use TFS for infrastructure, we'll need another build agent in production on a server that already has all required powershell modules and other infra related software we need.

Note that we'll need a build agent in every environment we want to manage because we cannot go outside of the environment except when the coonnectivity is initiated from the outside which is the case if you have a build agent on a server.


After the setup is complete we'll create a CI/CD pipeline in which we create a website portal that will be hosted on the TFS server that will provide information regarding the various environments: Creating a Build and Release Pipeline in TFS 2018


And after that we'll take it further and create a build pipeline for creating a new Virtual Machine using SCVMM: Create a New VM Using SCVMM Through TFS


This article assumes a new project is already created in TFS.

Pool

Because we want to use a dedicated pool for our project we'll need to create one. Follow these steps top create a new pool:

  • Log into the TFS server (https://servername/tfs) and click on the gear icon and click on the Agent Pools tab (note that if you don't see the Agent Pools tab you are already in a project. Click on the TFS logo in the left top corner to exit the project)
  • Click on “New Pool…” in the left top corner, and in the popup enter a descriptive name.
  • Click OK when you're done to create the pool.

Build Agent

After creating the pool we want to install an build agent for the new pool. Follow these steps to install a new build agent:

  • Log into the server which will be running the new build agent
  • Start a browser to go to the TFS server (https://servername/tfs) and go to the pool you just created
  • The agent tab is opened by default, and as you've just created the pool, a message is shown that no agents are registered in the pool
  • Create a Personal Access Code (PAT):
    • Click on your user icon in the right top corner and go to security
    • Click on Add
    • Provide a description and change the expiration date if needed
    • Scroll down and click Create Token
    • Note the token provided immediately, once you leave the page it will never be shown again
  • Go back to the Agent Pools and click “Download Agent” so a new window opens, with a highover description on how to install the agent
  • Download the agent from: https://go.microsoft.com/fwlink/?linkid=867184 and save it to a location (for example D:\Install)
  • Create the directory C:\agent and enter it from a powershell commandprompt mkdir agent ; cd agent
  • Extract the downloaded agent to the agent directory you just created Add-Type -AssemblyName System.IO.Compression.FileSystem ; [System.IO.Compression.ZipFile]::ExtractToDirectory("D:\Install\vsts-agent-win7-x64-2.122.2.zip", "$PWD")
  • Configure the agent by running the config.cmd from an elevated prompt:
PS C:\agent> .\config.cmd

>> Connect:

Enter server URL > https://servername/tfs
Enter authentication type (press enter for Integrated) > PAT
Enter personal access token > ****************************************************
Connecting to server ...

>> Register Agent:

Enter agent pool (press enter for default) > SHIFT-DevOps
Enter agent name (press enter for W16-Infra-MGT) >
Scanning for tool capabilities.
Connecting to the server.
Successfully added the agent
Testing agent connection.
Enter work folder (press enter for _work) >
2019-04-19 11:48:31Z: Settings Saved.
Enter run agent as service? (Y/N) (press enter for N) > Y
Enter User account to use for the service (press enter for NT AUTHORITY\NETWORK SERVICE) >
Granting file permissions to 'NT AUTHORITY\NETWORK SERVICE'.
Service vstsagent.tfs.W16-Infra-MGT successfully installed
Service vstsagent.tfs.W16-Infra-MGT successfully set recovery option
Service vstsagent.tfs.W16-Infra-MGT successfully configured
Service vstsagent.tfs.W16-Infra-MGT started successfully
PS C:\agent>
Note: Even though the requirements don't mention it, to configure the agent it needs a FQDN for the server. I tried it with an IP address but it didn't work, after adding the TFS server hostname to the hosts file it worked.


Note: To configure the build agent to use the Windows Certificate store instead of GIT's built in store, use a build agent higher than version 2.129.0 and start the install using ./config.cmd --gituseschannel

Some PAT Notes

A few words on the PAT. The PAT is only used for registering the agent, and is not stored, so you'll need the PAT once you remove the agent. When the token is expired the agent will keep on working.

See here and here

Also see the log below that you need the PAT on removing the agent:

PS C:\agent> .\config.cmd remove
Removing agent from the server
Enter authentication type (press enter for Integrated) > PAT
Enter personal access token > ****************************************************
Connecting to server ...
Succeeded: Removing agent from the server
Removing .credentials
Succeeded: Removing .credentials
Removing .agent
Succeeded: Removing .agent

Install Extension

In the build we'll be crating later on we'll use an extension from the matketplace: Replace Token. Follow these steps to install a new extension:

  • Go to the tfs server (https://servername/tfs) and click on the gear icon to go to the extensions tab
  • You can see now the already installed extensions, and you can click on Browse Marketplace to see all the available extensions in the marketplace
  • Search for your required extension and click on it to see more information
  • Click on get it free, which will start a search for your Azure DevOps organizations. We don;t have one, but you can click the Download button for Azure DevOps Server
  • After downloading, return to the TFS server, and navigate to https://servername/tfs/_gallery/manage (or from the extensions page → browse local extensions → manage extensions)
  • Click Upload new extension
  • Select and upload the extension you downloaded from the marketplace
  • Click on the uploaded extension, and click install on the replace tokens page
  • Select the collection you want to install the token to: SHIFT

The extension is now available in your pipelines to use.

Deployment Group

Now all the software for the build process is in place we now need to make sure we can also release. Releasing in TFS is done by deploying software to a predefined deployment group. The deployment group consists of one or more entities to which software can be deployed. To be able to deploy to a server a Command Agent needs to be deployed on the target server.

First we create the deployment group:

  • Log into the TFS server (https://servername/tfs) and go to the project for which we'll be configuring the deployment group.
  • Click on the Build and Release tab and go to the Deployment Groups tab.
  • Click on +New to create a new deployment group
  • Provide a name and optionally a description and click Create
  • The deployment group is created and a PowerShell registration script is shown which can be used to install the Command agent and register it with the deployment group.

This process is pretty straightforward when you have internet…

Install Command Agent Without Internet

Follow these steps to install the agent on a server without internet access:

  • Download the agent from the location as provided in the script but on a different computer and copy it to the server on for example d:\install
  • Rename the file to agent.zip
  • Replace this sentence in the provided script:
    • (New-Object Net.WebClient).DownloadFile( 'https://go.microsoft.com/fwlink/?linkid=867184', $agentZip);
  • by
    • copy-item d:\install\agent.zip $PWD
  • This action allows you to keep as much as possible as provided in the original script, so you can run in a elevated prompt:
PS C:\Windows\system32> $ErrorActionPreference="Stop";If(-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent() ).IsInRole( [Security.Principal.WindowsBuiltInRole] “Administrator”)){ throw "Run commandin Administrator PowerShell Prompt"};If(-NOT (Test-Path $env:SystemDrive\'vstsagent')){mkdir $env:SystemDrive\'vstsagent'}; cd $env:SystemDrive\'vstsagent'; for($i=1; $i -lt 100; $i++){$destFolder="A"+$i.ToString();if(-NOT (Test-Path ($destFolder))){mkdir $destFolder;cd $destFolder;break;}}; $agentZip="$PWD\agent.zip";copy-item c:\install\agent.zip $PWD;Add-Type -AssemblyName System.IO.Compression.FileSystem;[System.IO.Compression.ZipFile]::ExtractToDirectory( $agentZip, "$PWD");.\config.cmd --deploymentgroup --agent $env:COMPUTERNAME --runasservice --work '_work' --url 'https://servername/tfs/' --collectionname 'SHIFT' --projectname 'SHIFT-DevOps' --deploymentgroupname "Build-DTAP Portal" ; Remove-Item $agentZip;    
 
Directory: C:\
Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----        4/19/2019   8:33 AM                vstsagent    
 
Directory: C:\vstsagent
Mode                LastWriteTime         Length Name
----                -------------         ------ ----
d-----        4/19/2019   8:33 AM                A1
 
>> Connect:Enter authentication type (press enter for Integrated) >
Connecting to server ...
 
>> Register Agent:
 
Scanning for tool capabilities.
Connecting to the server.
Enter deployment group tags for agent? (Y/N) (press enter for N) >
Successfully added the agent
Testing agent connection.
2019-04-19 06:34:30Z: Settings Saved.
Enter User account to use for the service (press enter for NT AUTHORITY\SYSTEM) >
Granting file permissions to 'NT AUTHORITY\SYSTEM'.
Service vstsagent.tfs.TFS successfully installed
Service vstsagent.tfs.TFS successfully set recovery option
Service vstsagent.tfs.TFS successfully configured
Service vstsagent.tfs.TFS started successfully

Next

Now all the software is installed and connectivity is in place we can create a CI/CD pipeline. See Creating a Build and Release Pipeline in TFS 2018
Or we create a new VM, see Create a New VM Using SCVMM Through TFS

Resources

If you're new to TFS and or Azure DevOps I'd highy recommend following these two courses:

These were really helpful for me for understanding builds and releases.
See these links for more information:

tfs2018.txt · Last modified: 2021/09/24 00:25 by 127.0.0.1