VSTS and External Vendors

I thought I would try my hand at creating demo videos or specific topics around VSTS. One topic I get asked a lot is how to give VSTS access to an external Vendor so we can assign work items to them, yet keep them from seeing everything else.

Here is my first shot at such a Demo Video.

Configure TFS Search in Multi-Application Tier Scenario

If your TFS environment has multiple load balanced application tiers, then it's recommended to configure TFS Search (aka. ElasticSearch) on a separate server. That way you have a dedicated machine to index your TFS content. See https://docs.microsoft.com/en-ca/vsts/project/search/administration?view=vsts#separate-server for more information.

But, in some cases, dedicating a separate server just for search might be an overkill or inefficient. If you want to configure TFS search to run on one of the existing TFS application tiers, do the following:

If you're starting fresh:

  1. Setup Search (ES) using the Configure-TFSSearch.ps1 ("%Program Files%\Microsoft Team Foundation Server 2018\Search\zip\Configure-TFSSearch.ps1") script in one of the application tier servers. For example, App1 server.
  2. Configure Search suing the remote search option (even though search was setup in the same machine as AT) and use the http://{App1}:9200 URL.
  3. Make sure http://{App1}:9200 is accessible from all application tier servers.

Give it some time for search to index the TFS content.

   

If you already have search configured:

  1. Cleanup the index data and remove/uninstall the ElasticSearch service.
  2. Backup TFS Configuration database then delete the '%SearchPlatformConnectionString\%' entries from TFS configuration database. Obviously, be careful when making changes directly to the database. In the TFS Configuration DB, run the following query:
    SELECT * FROM [Tfs_Configuration].[dbo].[tbl_RegistryItems] where ChildItem like '%SearchPlatformConnectionString\%'

    You should see the RegValue entries as http://localhost:9200. Modify these registry values to http://{App1}:9200
  3. Configure Elastic Search using the Configure-TFSSearch.ps1 ("%Program Files%\Microsoft Team Foundation Server 2018\Search\zip\Configure-TFSSearch.ps1") script in one of the application tier servers again
  4. Cleanup all collection DB tables as mentioned here.
  5. Re-configure Search using the remote search option (even though search was setup in the same machine as AT) and use the http://{App1}:9200 URL.
  6. Make sure http://{App1}:9200 is accessible from all application tier servers.

This approach will re-index the collections again.

Hope this helps.

Error During TFS Search Configuration

If you're experiencing "VS403185: An unknown error has occurred during Search configuration" error when configuring search using TFS configuration wizard, then most likely you have attempted to configure search to run using a domain account. At this point, when using TFS Configuration wizard, search can only be configured to run as to run as NT AUTHORITY\NETWORK SERVICE. So, change the search service account to NT AUTHORITY\NETWORK SERVICE and things should go back to normal.

Obviously, you can still configure search in TFS 2018 with custom credentials for Elastic Search. You just need to configure search separately from application tier configuration. So, uncheck the Search configuration checkbox option in the TFS Configuration wizard and proceed. Once the TFS is configured, go to the Search tab and proceed with its configuration using custom credentials.

How to secure an external Vendors Access to VSTS/TFS

A lot of customers I work with have external vendors. They would like those vendors to have their own backlog of work we can assign to them. However they don’t want them to be able to see all the other work items, and sometimes Builds or Releases.

You can use Stakeholder access level. But sometimes that is too restrictive.

If you want them to have Basic or better access but limit their view.

  • Create a Team for the vendor and add all vendor resources to the team. If they don’t need a backlog and will just run queries for their work. you can just create a Group instead of a Team.
  • Make sure someone at your company is the team administrator.
  • From the Team project navigate to Control Panel -> Work -> Areas
  • Select the Main node in the Areas that is named after the Team Project
  • From the ellipsis context menu select security
  • Add the Team to this dialog and select Deny for all the items in the list

image

  • Save changes
  • Navigate to the node you want this vendor to be able to access work items for and select security
  • Select the External Vendor Group

image

  • Change their permissions for Edit work items in this node and View work items in this node to Allow.
  • Now this group can only see work items under the Area External Vendor

To make sure they can’t see Builds and Releases.

  • Navigate to Builds and click on the Security button at the top of the build list.
  • Set View Build definition and View Builds to Deny
  • For releases navigate to Releases and click the ellipses next to All Release definitions
  • Set View release definition and View release to Deny

image

image

Redirecting TFS traffic from /tfs to / root site

A while back I wrote a blog post on how to get rid of /tfs in TFS URL. Now, I would like to expand on that blog post and write about how to redirect TFS traffic from /tfs to / root of the site once you got rid of /tfs from the URL. To do that you need to do the following:

  1. Install URLRewrite module from https://www.iis.net/downloads/microsoft/url-rewrite
  2. Add the following section to the web.config of the TFS server

    <rewrite>

      <rules>

                <clear />

                <rule name="Redirect HTTP to HTTPS" enabled="true" stopProcessing="true">

                    <match url="(.*)" ignoreCase="true" />

                    <conditions logicalGrouping="MatchAll" trackAllCaptures="true">

                        <add input="{HTTPS}" pattern="off" />

                        <add input="{HTTP_HOST}" pattern="([^/:]*?):[^/]*?" />

                    </conditions>

                    <action type="Redirect" url="https://TFSURL.FQDN/{R:1}" appendQueryString="false" />

                </rule>

                <rule name="Redirect TFS traffic" stopProcessing="true">

                    <match url="tfs\/(.*)" />

                    <action type="Redirect" url="https:// TFSURL.FQDN /{R:1}" appendQueryString="false" />

                </rule>

      </rules>

    </rewrite>

 

First rule is redirecting all traffic to HTTPS, and second rule redirects all /tfs traffic to / root site of the TFS. If you don't have HTTPS, then simply remove the first rule and replace HTTPS with HTTP in the second. Obviously, replace TFSRUL.FQDN with your TFS public URL.

Installing Git from source on RedHat Linux machine

When you do DevOps work, you deal with all kinds of tools and operating systems. Today, we'll talk about Linux and Git. With my Linux days behind me (or in front of me because you never know where technology will go), I was surprised that yum update git command did not update Git client on Linux box. After a bit of digging, I've found out what do you need to do to upgrade Git client on Linux.

Uninstall existing Git client:

sudo yum remove git

 

Install dependencies:

sudo yum install curl-devel expat-devel gettext-devel

sudo yum install gcc openssl-devel zlib-devel perl-ExtUtils-MakeMaker

 

Install Git:

cd /usr/src

wget https://www.kernel.org/pub/software/scm/git/git-2.16.2.tar.gz (feel free to substitute this link with the link to the other version of Git client)

tar xzf git-2.16.2.tar.gz

cd git-2.16.2

sudo make prefix=/usr/local/git all

sudo make prefix=/usr/local/git install

sudo –i

echo "export PATH=$PATH:/usr/local/git/bin" >> /etc/bashrc

exit

source /etc/bashrc

 

That's it. Check the version of Git client by running "git –version". You should get: git version 2.16.2

By the way, these steps should also on Linux CentOS and Fedora (and any other ReadHat Linux flavour out there)

Global DevOps Bootcamp 2018

Global DevOps Bootcamp is back in Toronto. It will take place on June 16, 2018 at ObjectSharp office in downtown Toronto. The Global DevOps Bootcamp takes place once a year on venues all over the world. I simply had way too much fun and learn way too many new things during the event, so I had to do it again this year. It will be bigger and better this time around. This event is all about DevOps on the Microsoft Stack. It shows the latest DevOps trends and insights in modern technologies. It is an amazing combination between getting your hands dirty and sharing experience and knowledge in VSTS, Azure, DevOps with other community members.

Before I get into the details of the event, I would like to emphasize that this is a very technically challenging event. If you expect a lecture on DevOps or a step by step instructions on how to do DevOps, this is NOT the event for you. But, if you don't mind getting your hands and learning new DevOps related tools and processes by doing (with some slight guidance from our expert proctors) then this event is the best place for you. Please register at https://www.eventbrite.com/e/global-devops-bootcamp-2018-objectsharp-tickets-41970018455. Please note that the spaces are limited, so please register if you plan to attend and learn. If you're unsure, please be nice and do not take a spot from someone else who really might benefit from attending this event. We put a LOT of work into this event, and we want everyone to get the most out of it.

The theme for DevOps Bootcamp this year is "From one release per month to multiple releases a day. Applied modern release patterns and practices." This time the event is all about DevOps and improving your release cadence. It will help you understand the latest DevOps trends and insights in modern technologies that enable you to release multiple times per day. It is an amazing combination between getting your hands dirty and sharing experience and knowledge around VSTS, Azure, DevOps with other community members.

Agenda (preliminary)

10:00:    Kickoff

10:15:     Keynote by Microsoft

10:30:     Keynote 2: Breaking down the Monolith

11:15:     Break

11:30:     Hackathon/HandsOn DevOps challenges. The hands-on part with be based on a common application where we try to solve as many challenges as possible, including ideas like

  • How to containerize an existing application
  • How to add telemetry (app insights) to the application and gather hypothesis information
  • How to use telemetry to monitor availability
  • How to use feature toggles to move application into production without disrupting end users
  • How to use release gates
  • How to make DB schema changes
  • Use Blue Green Deployments

13:00:     Lunch

13:30:     Hackathon/HandsOn DevOps challenges (cont.)

16:00:     Team presentations, prize draw

17:00:     Wrap-up

 

Hope to see you there.

Oh, almost forgot, please remember that this is also a competition. The participants will be broken down into teams which will compete against not only each other, but also against thousands of participants around the world. Nor pressure, but bring your "A" game

Toronto IT Pro Cloud and DevOps Summit

I'm helping organizing one of the first Azure and DevOps event that is centered around the IT Pro in Toronto area. We'll be delivering free training on an array of topics to help IT Professionals better understand technologies such as Azure Automation/ Desired State Configuration, Azure Site Recovery, Dev Test Labs, VSTS, Azure Security Center, and more. This will be a full day event to drive the following objectives:

  • Understand Azure technologies and learn how to use them in your workplace.
  • Understand the Culture, Automation, Measurement, and Sharing aspects of DevOps and how it pertains to your IT Organization.
  • Network with other members of the community and partners to share ideas and discuss challenges.

It should be fun. To register for the event go to: https://www.eventbrite.com/e/toronto-it-pro-cloud-and-devops-summit-tickets-44034859450

Azure DevOps Projects

I will be speaking at Global Azure Bootcamp Toronto (well, Mississauga to be exact) on April 21st, 2018. The topic will be DevOps Projects. Azure DevOps Projects. That thing that makes it a lot easier to deploy to Azure through VSTS. Should be fun. Go ahead and register at https://www.meetup.com/metrotorontoug/events/247597822/. See you there.

I thought I'd share the description:

IT world changes fast. Very fast. But Azure, and cloud in general, moves even faster. A lot faster. This requires learning latest technologies, using them in your product and deploying at a faster pace. With digital transformation efforts in full swing across enterprises in nearly every industry, developers are driven harder than ever to speed up application releases. In the process, they also want to ensure quality and security and to manage these apps more efficiently. This is where DevOps becomes critical and where a simplified way to get started with DevOps could be useful. Microsoft's new Azure DevOps Projects tool lets developers configure a DevOps pipeline and connect it to the cloud with no prior knowledge of how to do so.

The Azure DevOps Project presents a simplified experience which creates Azure resources and sets up a continuous integration (CI) and continuous delivery (CD) pipeline for when you are developing a .NET, Java, Node, PHP, or a Python app, or whether you are targeting app services, virtual machines, or containers in Azure using Visual Studio Team Services (VSTS) behind the scenes. DevOps Projects help you get up and running with a new app and a full DevOps pipeline in just a few minutes. Azure DevOps Project helps you launch an app on an Azure App Service of your choice in a few quick steps and set you up with everything you need for developing, deploying, and monitoring your app. Creating a DevOps Project provisions Azure resources and comes with a Git code repository, Application Insights integration and a continuous delivery pipeline setup to deploy to Azure. The DevOps Project dashboard lets you monitor code commits, builds and, deployments, from a single view in the Azure portal.

Create your application and release pipeline on any Azure service in just three steps—simply select an application language, a runtime, and an Azure service. Start small and scale up as needed using Azure DevOps Projects.

Deploy SSIS packages in VSTS/TFS

If you need to deploy SSIS packages using VSTS/TFS, try using the following build task: https://marketplace.visualstudio.com/items?itemName=automagically.SSISDeployPackage

The task allows you to deploy ISPAC file to SSIS instance. When deploying you need to specify:

  • path to .ispac file to be deployed
  • name of the catalog folder where the package will be deployed
  • name of SSIS server where the package will be deployed
  • name of the SSIS project
  • name of the SSIS environment
  • project and package parameters to ignore during the deployment

Also, the task allows you to deploy SSIS package using a remote machine. To deploy SSIS package using remote machine, make sure Authentication required checkbox checked and specify:

  • name of the remote server to use to deploy SSIS package
  • remote user account
  • and remote user password
  • Oh yes, and you have an option to connect to remote machine using SSL, if you want

 

Have fun.