I struggle to (dynamically) start the Jenkins slave agent from my dedicated slave machine (Windows 2012 R2 server).
The Jenkins master (ver. 1.617 - which I can upgrade if necessary, but not downgrade [before ver. 1.498 no credentials were required]) is on a Windows 2012 R2 server.
Security is enabled and configured via the Active Directory plugin and Project-based Matrix Authorization Strategy.
Because of the Active Directory involved, I cannot simply add a system user to authenticate with (via -jnlpCredentials username:password or -jnlpCredentials username:apitoken). As a workaround I am using my Jenkins service user for that, but I don't like it's API-Token lying around hard-coded in the script.
I am trying to use the alternative -secret secretKey, but that secretKey is randomly created when a slave node is registered on the master.
Since I am using the Azure Slave Plugin, the slave nodes and the associated virtual machines are created for me.
The virtual machines are created from a pre-defined image, that I can change in whatever way necessary.
In this pre-defined image I have a PowerShell script executed on start-up. It is derived from the sample given here. It doesn't have to be PowerShell, any other way would be okay as well.
Set-ExecutionPolicy Unrestricted
# base url to Jenkins master
$jenkinsserverurl = "https://jenkins.mycompany.com/"
# the azure-slave-plugin is creating VMs with names like 'Azure0807150842'
$vmname = (Get-Culture).TextInfo.ToTitleCase($env:computername.tolower())
# authenticate with Jenkins service user + API-token - since we don't know the '-secret'
$apiToken="jenkins_user:1234abcdefab56c7d890de1f2a345b67"
Write-Output "Downloading jenkins slave jar "
# in order to avoid updating it manually for Jenkins master updates
$slaveJarSource = $jenkinsserverurl + "jnlpJars/slave.jar"
$slaveJarLocal = "C:\jenkins_home\slave.jar"
$wc = New-Object System.Net.WebClient
$wc.DownloadFile($slaveJarSource, $slaveJarLocal)
Write-Output "Executing slave process "
$jnlpSource = $jenkinsserverurl+"computer/" + $vmname + "/slave-agent.jnlp"
# expect java.exe in the PATH, and use -noCertificateCheck to skip SSL validation
& java -jar $slaveJarLocal -jnlpCredentials $apiToken -jnlpUrl $jnlpSource -noCertificateCheck
Downloading the JNLP file and reading the contained secret is no option, since I need proper HTTP authentication at the Jenkins master for that as well.
Write-Output "Downloading jenkins slave jnlp "
$jnlpSource = $jenkinsserverurl+"computer/" + $vmname + "/slave-agent.jnlp"
$jnlpLocal = "C:\jenkins_home\slave-agent.jnlp"
$wc = New-Object System.Net.WebClient
$wc.DownloadFile($jnlpSource, $jnlpLocal)
Write-Output "Extracting secret from jenkins slave jnlp "
[xml]$jnlpFile = Get-Content $jnlpLocal
# the first argument in the generated JNLP contains the secret
$secret = Select-Xml "//jnlp/application-desc/argument[1]/text()" $jnlpFile
How can I get my hands on the generated secret (without disabling the security), or
What kind of credentials can I use instead (without using an actual user - such as my own or the Jenkins service user)?
In an ideal world, the plugin creating the slave node and its VM, would login to the created VM and execute a script similar to the one in my question - with the addition of the injected Jenkins server url, VM name, and generated secret. Since that is not the case for the current Azure Slave Plugin version, I am stuck with my workaround script - using my existing Jenkins service user.
I use this to let the plugin create a bigger/faster VM on the fly, which is only used for a daily test run and is shutdown automatically the rest of the time (and therefore causes no costs when unused).
If someone is interested, that is the setup I ended up with:
Generalized Azure VM Image (Windows 2012 R2, with JDK, Maven, Git
installed). Via NSSM, I installed the PowerShell script (which
starts the slave agent) as a Windows Service, to be executed
automatically at machine bootup (same as in the question):
Set-ExecutionPolicy Unrestricted
# base url to Jenkins master
$jenkinsserverurl = "https://jenkins.mycompany.com/"
# the azure-slave-plugin is creating VMs with names like 'Azure0807150842'
$vmname = (Get-Culture).TextInfo.ToTitleCase($env:computername.tolower())
# authenticate with Jenkins service user + API-token - since we don't know the '-secret'
$apiToken="jenkins_user:1234abcdefab56c7d890de1f2a345b67"
Write-Output "Downloading jenkins slave jar "
# in order to avoid updating it manually for Jenkins master updates
$slaveJarSource = $jenkinsserverurl + "jnlpJars/slave.jar"
$slaveJarLocal = "C:\jenkins_home\slave.jar"
$wc = New-Object System.Net.WebClient
$wc.DownloadFile($slaveJarSource, $slaveJarLocal)
Write-Output "Executing slave process "
$jnlpSource = $jenkinsserverurl+"computer/" + $vmname + "/slave-agent.jnlp"
# expect java.exe in the PATH, and use -noCertificateCheck to skip SSL validation
& java -jar $slaveJarLocal -jnlpCredentials $apiToken -jnlpUrl $jnlpSource -noCertificateCheck
Jenkins master with Azure Slave Plugin installed and configured to
use this VM image, with shutdown-on-idle after five minutes.
Jenkins Maven Project (Job) that is configured to only run on a
Azure slave node, checks out my test project from Git, and executes
the jUnit Selenium tests from there.
I've hit the same issue with the Jenkins Openstack plugin.
It seems that they will inject the secret directly in the machine's metadata.
https://github.com/jenkinsci/openstack-cloud-plugin/issues/104
In the meanwhile, I'll use instead the SSH slave, more secure since only the pub key needs to be deployed in the slave.
Related
I am trying to create a solution with Azure DevOps. I need to create a connection to an Azure SQL Database using an Azure Powershell Task in a Release/Pipeline.
On my machine I was able to achieve this using the following
function new-connection($ServerIsntance, $DatabaseName)
{
$obj = New-Object System.Data.SQLClient.SQLCommand
$obj.Connection = New-Object System.Data.SQLClient.SQLConnection
$obj.Connection.ConnectionString = "Server=tcp:$($ServerInstance),1433;Initial Catalog=$($DatabaseName);Persist Security Info=False;User Id=<username>;Password=<password>;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Authentication=Active Directory Password"
$obj.Connection.Open()
.....
}
However when I use this code in Azure DevOps I get the following exception: ##[error]Exception setting "ConnectionString": "Keyword not supported: 'authentication'."
The database that I am trying to use is an AzureSQL one, so I can not use Integrated Security = true as it is not supported. Do you have an idea of how should I face this issue?
Test with the same script, it seems that the cause of this issue is agent type.
When I use the Windows agent(e.g. vs2017-win2016), the script could work as expected.
But when I test with Linux agent (e.g. ubuntu 16.04), I could get the same issue.
So you could check the agent type (windows or linux).
You could try to use the Windows Microsoft-hosted agent (e.g. vs2017-win2016 , windows-2019) .
https://learn.microsoft.com/en-us/sql/connect/jdbc/connecting-using-azure-active-directory-authentication?view=sql-server-ver15
Does your code include spaces between Active Directory Password? If so try removing them since the doc does not have any spaces included.
When building a project with Petalinux (a type of Yocto), it needs Internet for fetching packages from server (git serve or others).
My working machine does not have permission for accessing Internet (just only have LAN), so I have a plan to set up a machine in this LAN that can access to Internet to become a mirror server for Yocto.
Does anyone have any idea for setting up a server like this? Please help.
You can check the following pages to setup a source mirror:
Source download mirror
Setting up mirrors
Replicating a build offline
Basically, you launch a build on source mirror machine with those options:
SOURCE_MIRROR_URL ?= "file:///source_mirror/sources/"
INHERIT += "own-mirrors"
BB_GENERATE_MIRROR_TARBALLS = "1"
You can only fetch source with following command:
bitbake -c target runall="fetch".
Then you launch an ftp server that serves ./source_mirror/sources/ folder on http://example.com/my-source-mirror.
Then on offline machine, you set
INHERIT += "own-mirrors"
SOURCE_MIRROR_URL = "http://example.com/my-source-mirror"
BB_NO_NETWORK = "1" # or BB_FETCH_PREMIRRORONLY = "1"
If you have access to a proxy you can check those:
sources behind proxy
working behind proxy
Copy'n'paste shortcut: Below’s a working configuration you can just copy’n’paste without investing the time to understand every little detail :)
Architecture: In this example there are two types of machine. The "build server" and several instances of "developer pc“.
Machine Preparation:
Install a shared folder on all machines (server and developer) giving access to any kind of file server (e.g. nfs) mapping its storage to /mnt/mirror.
Example for NFS in case this is new for you, skip if you have NFS already mounted: https://pelux.io/2017/06/19/How-to-create-a-shared-sstate-dir.html (Stop reading at the caption „Yocto“ and proceed as below)
Overall Configuration:
Add the code I pasted to the end of this ticket to the file conf/local.conf and remove all prior lines that conflict (i.e. mess with any of the variables we defined like DL_DIR)
Machine configuration:
For the developer machines use A (outcomment B) and for the build server use B (outcomment A).
Hit it:
When the server PC bitbakes for the first time it populates the mirror folders. After the first server build finished the clients will use the mirror. (source-mirror to bypass internet dependencies and sstate-cache to speed up build speed).
local.conf:
# +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Activate either A or B depending on it this is a developer pc or the build server
# +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
MIRROR_SERVER = "file:///mnt/mirror/"
# ########################################################
# A) Settings for developer PC operation
# ########################################################
BB_FETCH_PREMIRRORONLY = "1"
SOURCE_MIRROR_URL = "${MIRROR_SERVER}/source-mirror"
UNINATIVE_URL = "${SOURCE_MIRROR_URL}"
INHERIT += "own-mirrors"
SSTATE_MIRRORS = "\
file://.* ${MIRROR_SERVER}/sstate-cache/PATH;\
downloadfilename=PATH \n \
"
# ########################################################
# B) SETTINGS FOR BUILDSERVER OPERATION
# ########################################################
#SSTATE_DIR = "/mnt/remux/sstate-cache"
#BB_GENERATE_MIRROR_TARBALLS = "1"
##To populate the source mirror start a normal server build or run: bitbake --runall=fetch <image>
# ########################################################
# SETTINGS FOR BOTH, A and B
# ########################################################
DL_DIR = "/mnt/mirror/source-mirror“
I'm a new one just start to learn and install RabbitMQ on Windows System.
I install Erlang VM and RabbitMQ in custom folder, not default folder (Both of them).
Then I have restarted my computer.
By the way,My Computer name is "NULL"
I cd to the RabbitMQ/sbin folder and use command:
rabbitmqctl status
But the return message is:
Status of node rabbit#NULL ...
Error: unable to perform an operation on node 'rabbit#NULL'.
Please see diagnostics information and suggestions below.
Most common reasons for this are:
Target node is unreachable (e.g. due to hostname resolution, TCP connection or firewall issues)
CLI tool fails to authenticate with the server (e.g. due to CLI tool's Erlang cookie not matching that of the server)
Target node is not running
In addition to the diagnostics info below:
See the CLI, clustering and networking guides on http://rabbitmq.com/documentation.html to learn more
Consult server logs on node rabbit#NULL
DIAGNOSTICS
attempted to contact: [rabbit#NULL]
rabbit#NULL:
connected to epmd (port 4369) on NULL
epmd reports node 'rabbit' uses port 25672 for inter-node and CLI tool traffic
TCP connection succeeded but Erlang distribution failed
Authentication failed (rejected by the remote node), please check the Erlang cookie
Current node details:
node name: rabbitmqcli70#NULL
effective user's home directory: C:\Users\Jerry Song
Erlang cookie hash: 51gvGHZpn0gIK86cfiS7vp==
I have try to RESTART RabbitMQ, What I get is:
ERROR: node with name "rabbit" already running on "NULL"
By the way,My Computer name is "NULL"
And I have enable all ports in firewall.
https://groups.google.com/forum/#!topic/rabbitmq-users/a6sqrAUX_Fg
describes the problem where there is a cookie mismatch on a fresh installation of Rabbit MQ. The easy solution on windows is to synchronize the cookies
Also described here: http://www.rabbitmq.com/clustering.html#erlang-cookie
Ensure cookies are synchronized across 1, 2 and Optionally 3 below
%HOMEDRIVE%%HOMEPATH%\.erlang.cookie (usually C:\Users\%USERNAME%\.erlang.cookie for user %USERNAME%) if both the HOMEDRIVE and HOMEPATH environment variables are set
%USERPROFILE%\.erlang.cookie (usually C:\Users\%USERNAME%\.erlang.cookie) if HOMEDRIVE and HOMEPATH are not both set
For the RabbitMQ Windows service - %USERPROFILE%\.erlang.cookie (usually C:\WINDOWS\system32\config\systemprofile)
The cookie file used by the Windows service account and the user running CLI tools must be synchronized by copying the one from C:\WINDOWS\system32\config\systemprofile folder.
If you are using dedicated drive folder locations for your development tools/software in Windows10(Not the windows default location), one way you can synchronize the erlang cookie as described by https://www.rabbitmq.com/cli.html is by copying the cookie as explained below.
Please note in my case HOMEDRIVE and HOMEPATH environment variables both are not set.
After copying the "C:\Windows\system32\config\systemprofile\.erlang.cookie" to "C:\Users\%USERNAME%\.erlang.cookie" ,
the error "tcp connection succeeded but Erlang distribution failed" is resolved.
Now I am able to use "rabbitmqctl.bat status" command successfully. Hence there is no mandatory need to install in default location to resolve this error as synchronizing cookie will resolve that error.
In my case similar issue (Authentication failed because of Erlang cookies mismatch) solved by copying .erlang.cookie file from Windows system dir - C:\Windows\system32\config\systemprofile\.erlang.cookie to %HOMEDRIVE%%HOMEPATH%\.erlang.cookie (where %HOMEDRIVE% was set to H: and %HOMEPATH% to \ respectively)
Quick setup TODO for Windows, Erlang OTP 24 and RabbitMQ 3.8.19:
Download & Install Erlang [OTP 24] (needs Admin rights) from:
https://www.erlang.org/downloads
set ERLANG_HOME (should point to install dir)
Download & Install recent [3.8.19] RabbitMQ (needs Admin rights) from:
https://github.com/rabbitmq/rabbitmq-server/releases/
Follow: https://www.rabbitmq.com/install-windows.html and/or
https://www.rabbitmq.com/install-windows-manual.html
set RABBITMQ_SERVER (should point to install dir)
update %PATH% by adding: ;%RABBITMQ_SERVER%\sbin
Fix Erlang-cookie issue from above, follow: https://www.rabbitmq.com/cli.html#erlang-cookie
Enable Web UI by running command: %RABBITMQ_SERVER%/sbin/rabbitmq-plugins.bat enable rabbitmq_management
From item #8 (above) got error because of missing file: %USERPROFILEDIR%/AppData/Roaming/RabbitMQ/enabled_plugins -> had to create it and run %RABBITMQ_SERVER%/sbin/rabbitmq-plugins.bat enable rabbitmq_management again!
Run/restart on the way might be required
Finally, login to: http://localhost:15672/ (guest:guest)
, or check by cURL:
curl -i -u guest:guest http://localhost:15672/api/vhosts
should receive response like:
HTTP/1.1 200 OK
cache-control: no-cache
content-length: 186
content-security-policy: script-src 'self' 'unsafe-eval' 'unsafe-inline';
object-src 'self'
content-type: application/json
date: Tue, 13 Jul 2021 11:21:12 GMT
server: Cowboy
vary: accept, accept-encoding, origin
[{"cluster_state":{"rabbit#hostname":"running"},"description":"Default virtual host","metadata":{"description":"Default virtual host","tags":[]},"name":"/","tags":[],"tracing":false}]
P.S. Some useful RabbitMQ CLI commands (copy-paste):
%RABBITMQ_SERVER%/sbin/rabbitmqctl start_app
%RABBITMQ_SERVER%/sbin/rabbitmqctl stop_app
%RABBITMQ_SERVER%/sbin/rabbitmqctl status
P.P.S. UPDATE: great article for this subject: https://www.journaldev.com/11655/spring-rabbitmq
I have reinstalled the RabbitMQ in my computer by using default setup folder
Then checked with the command :
rabbitmqctl status
It works now, not the problem of Erlang VM .(Means Er can install at another folder)
It will cause some problem (like this one) that I couldn't find out now if we don't use the RabbitMQ default setup require folder (C:\Program Files\RabbitMQ Server)
If anyone finds it out, I hope you can tell me why and how to fix.
How I resolved mine
It's mostly caused by cookie mismatch on a fresh installation of Rabbit MQ
follow this 2 steps
1. copy the .erlang.cookie file from C:\Windows\System32\config\systemprofile paste it into
C:\Users\["your user nameusername"] folder
2. run rabbitmq-service.bat stop and rabbitmq-service.bat start
Done it should work now when you run 'rabbitmqctl start_app' good luck.
note if you have more than one user put it in the correct user folder
In Centos.
add ip nodename pair to /etc/hosts on each node.
restart rabbitmq-server service on each slave node.
works for me.
i got error like this, i just stop my rabbitMQ with close port 25672
here syntax for linux:
kill -9 $(lsof -t -i:25672)
Error Images:
Just adding my experience if it helps others down the line.
I wrote a Powershell .ps1 script to install and configure RabbitMQ which would be used as one of the stept to provision a server with Packer.
I wrote the code on a fresh AWS W2016 Server build. It worked fine when run on the box (as administrator, from an admin PS console) but when the same code was moved over to the Packer build server, it would fall over when doing the rabbitmqctl.bat configuration steps via packer, despite both using (as far as I can tell) Administrator to run the scripts.
So this worked on the coding box:
$pathvargs = {cmd.exe /c "rabbitmqctl.bat" add_user Username Password}
Invoke-Command -ScriptBlock $pathvargs
$pathvargs = {cmd.exe /c "rabbitmqctl.bat" set_user_tags User administrator}
Invoke-Command -ScriptBlock $pathvargs
$pathvargs = {cmd.exe /c "rabbitmqctl.bat" set_permissions -p "/" User "^User-.*" ".*" ".*"}
Invoke-Command -ScriptBlock $pathvargs
Write-Host "Did RabbitMQ"
But I had to prelude this with...
copy "C:\Windows\system32\config\systemprofile\.erlang.cookie" "C:\Program Files\RabbitMQ Server\rabbitmq_server-3.7.17\sbin\.erlang.cookie"
copy "C:\Windows\system32\config\systemprofile\.erlang.cookie" $env:userprofile\.erlang.cookie -force
... On the Packer box.
I am guessing there is some context issue going on but I'm using
"winrm_username": "Administrator",
in the Packer builders block, so I thought this would suffice.
TL;DR - Use the Cookie even though it works without it in some instances.
I have encountered the same error after installing Erlang VM and RabbitMQ using the default installation folders in Windows 10. Managed to start the management and access it via HTTP, but status failed with this error.
The cookie was fine in all folders (%HOMEDRIVE%%HOMEPATH%, %USERPROFILE%, C:\WINDOWS\system32\config\systemprofile).
I had to perform a restart the Windows to make it work. After restart it set up something to run at startup + asked permission to make an exception in the firewall.
In my case, the file was at c:\\Windows\.erlang.cookie, just copied it to C:\Users{USERNAME} and all works, thanks to everyone for the hits
Another thing to check after making sure the cookie file is in all the locations.. is to realize that you installed 32 bit Erlang.. not 64..
Happened to me. Removed 32 bit Erlang and Installed 64 and rabbitmqctl status returns expected results.
I have an Azure web app. This web app has a QA deployment slot for pre-production testing. When I check in my code from VS, I have it setup to build and deploy to the QA deployment slot. This works great. However, a few configurations need to be updated in the QA web app so the application points to the correct service endpoints (i.e. not dev). To do this, my initial approach was to add a PS task to the Release that unzips my deployment zip, updates the configuration files, rezips them and then allows the Release flow to deploy the updated zip. This works locally, but running into filename length issues on the server when unzipping, which I can't change.
Now I'm trying to just include my update PS scripts in my deployment package, and then run the scripts AFTER the deployment has occurred. So, I'm looking at this Powershell on Target Machines task to run a PS on the QA slot server to update configurations. However, it's asking for Machines, which would be the server name of the slot server. I don't have that. I also don't know where to get it. I also don't have the path to the PS scripts once I have the server name. I dumped out the server variables and none of them help me, unless there is a cmdlet to look up environments that I'm not aware of.
System.DefaultWorkingDirectory: 'C:\a\2ed23b64d'
System.TeamFoundationServerUri: 'https://REDACTED.vsrm.visualstudio.com/DefaultCollection/'
System.TeamFoundationCollectionUri: 'https://REDACTEDvisualstudio.com/DefaultCollection/'
System.TeamProject: 'REDACTED'
System.TeamProjectId: 'REDACTED'
Release.DefinitionName: 'REDACTED'
Release.EnvironmentUri: 'vstfs:///ReleaseManagement/Environment/46'
Release.EnvironmentName: 'QA'
Release.ReleaseDescription: 'Triggered by REDACTED Build Definition 20160425.4.'
Release.ReleaseId: '31'
Release.ReleaseName: 'Release-31'
Release.ReleaseUri: 'vstfs:///ReleaseManagement/Release/31'
Release.RequestedFor: 'Matthew Mulhearn'
Release.RequestedForId: ''
Agent.HomeDirectory: 'C:\LR\MMS\Services\Mms\TaskAgentProvisioner\Tools\agents\1.98.1'
Agent.JobName: 'Release'
Agent.MachineName: 'TASKAGENT5-0020'
Agent.Name: 'Hosted Agent'
Agent.RootDirectory: 'C:\a'
Agent.WorkingDirectory: 'C:\a\SourceRootMapping\REDACTED'
Agent.ReleaseDirectory: 'C:\a\2ed23b64d'
Anyone have any idea, or a better approach, to accomplish what I'm attempting?
We are running TFS and Release Management on premises, and i want to deploy my applications to a remote datacenter.
Access is over the internet, so there is no windows shares available.
I am using the vNext templates, and afaik RM seems to only support unc paths over windows shares.
How can i use Release Management to deploy software to this datacenter?
Im working on this solution:
Use WebDav on a IIS located inside the datacenter.
RM server and Target can use the WebDav client built into windows and access it by an unc path.
I haven't gotten this to work yet, as RM won't use the correct credentials to logon to the webdav server.
Updated with my solution
This is only a proof of concept, and is not production tested.
Setup a WebDav site accessible from both RM server and Target server
Install the feature "Desktop experience" on both servers
Make the following DLL
using System;
using System.ComponentModel.Composition;
using System.Diagnostics;
using System.IO;
using Microsoft.TeamFoundation.Release.Common.Helpers;
using Microsoft.TeamFoundation.Release.Composition.Definitions;
using Microsoft.TeamFoundation.Release.Composition.Services;
namespace DoTheNetUse
{
[PartCreationPolicy(CreationPolicy.Shared)]
[Export(typeof(IThreadSafeService))]
public class DoTheNetUse : BaseThreadSafeService
{
public DoTheNetUse() : base("DoTheNetUse")
{}
protected override void DoAction()
{
Logger.WriteInformation("DoAction: [DoTheNetUse]");
try
{
Logger.WriteInformation("# DoTheNetUse.Start #");
Logger.WriteInformation("{0}, {1}", Environment.UserDomainName, Environment.UserName);
{
Logger.WriteInformation("Net use std");
var si = new ProcessStartInfo("cmd.exe", #"/c ""net use \\sharedwebdavserver.somewhere\DavWWWRoot\ /user:webdavuser webdavuserpassword""");
si.UseShellExecute = false;
si.RedirectStandardOutput = true;
si.RedirectStandardError = true;
var p = Process.Start(si);
p.WaitForExit();
Logger.WriteInformation("Net use output std:" + p.StandardOutput.ReadToEnd());
Logger.WriteInformation("Net use output err:" + p.StandardError.ReadToEnd());
}
//##########################################################
Logger.WriteInformation("# Done #");
}
catch (Exception e)
{
Logger.WriteError(e);
}
}
}
}
Name it "ReleaseManagementMonitor2.dll"
Place it in the a subfolder to The service "ReleaseManagementMonitor"
Configure the shared path as the solution below states.
DO NOT OVERWITE THE EXISTING "ReleaseManagementMonitor2.dll"
The reason that this works is MEF.
The ReleaseManagementMonitor service tries to load the dll "ReleaseManagementMonitor2.dll" from all subfolders.
This dll implements a service interface that RM recognises.
It the runs "net use" to apply the credentials to the session that the service runs under, and thereby grants access to the otherwise inaccessible webdav server.
This solution is certified "Works on my machine"
RM does work only with UNC, you are right on that.
You can leverage that to make your scenario work -
In Theory
Create a boundary machine on the RM domain, where your drops can be copied.
The deploy action running on your datacenter can then copy bits from this boundary machine, using credentials that have access on that domain. (These credentials are provided by you in the WPF console)
How this works
1. Have a dedicated machine on the RM server domain (say D1) that will be used as a boundary machine.
2. Define this machine as a boundary machine in RM by specifying a shared path that will be used by your data centre. Go to settings tab in your WPF console, create a new variable - { Key = RMSharedUNCPath, Value = \\BoundaryMachine\DropsLocation }. RM now understands you want to use this machine as your boundary machine.
3. Make sure you take care of these permissions
RM Server should have write permissions on the \\BoundaryMachine\DropsLocation share.
Pass down credentials of domain D1 to the target machine in the data centre (Domain D2), that can be used to access the share.
4. Credentials can be passed down fron the WPF console, you will have to define the following two config variables in the settings tab again.
Key = RMSharedUNCPathUser ; Value = domain D1 user name
Key = RMSharedUNCPathPwd ; Value = password for the user defined above.
PS - Variable names are case sensitive.
Also, to let RM know that you want to use the SharedUNC mechanism, check the corresponding checkbox for the RM server and connect to it via IP and not DNS name as these must be in different domains, i.e.
Try to use Get-Content on local-server then Set-Content on the remote server passing the file contents over;
Could package everything into an archive of some kind.
The Release Management is copying VisualStudioRemoteDeployer.exe to C:\Windows\DtlDownloads\VisualStudioRemoteDeployer folder on the target server then is copying the scripts from the specified location to target server using robocopy.
So you have to give permissions from your target server to your scripts location.
Release Management update 4 supports "Build drops stored on TFS servers"
http://blogs.msdn.com/b/visualstudioalm/archive/2014/11/11/what-s-new-in-release-management-for-vs-2013-update-4.aspx