How To...
Choose OS/Platform for TeamCity Server
Once the server/OS fulfills the requirements, TeamCity can run on any system. Please also review the requirements for the integrations you plan to use, for example the following functionality requires or works better when TeamCity server is installed under Windows:
VCS integration with TFS
VCS integration with VSS
Windows domain logins (can also work under Linux, but may be less stable), especially NTLM HTTP authentication
NuGet feed on the server (can also work under Linux, but may be less stable)
Agent push to Windows machines
If you have no preference, Linux platforms may be more preferable due to more effective file system operations and the level of required general OS maintenance.
Final Operating System choice should probably depend more on the available resources and established practices in your organization.
If you choose to install 64 bit OS, TeamCity can run under 64 bit JDK (both server and agent). However, unless you need to provide more than 1Gb memory for TeamCity, the recommended approach is to use 32 bit JVM even under 64 bit OS. Our experience suggests that using 64 bit JVM does not increase performance a great deal. At the same time it does increase memory requirements to almost the scale of 2. See a note on memory configuration.
Estimate Hardware Requirements for TeamCity
The hardware requirements differ for the server and the agents.
The agent hardware requirements are basically determined by the builds that are run. Running TeamCity agent software introduces a requirement for additional CPU time (but it can usually be neglected comparing to the build process CPU requirements) and additional memory: about 500Mb. The disk space required corresponds to the disk usage by the builds running on the agent (sources checkouts, downloaded artifacts, the disk space consumed during the build; all that combined for the regularly occurring builds). Although you can run a build agent on the same machine as the TeamCity server, the recommended approach is to use a separate machine (it may be virtual) for each build agent. If you chose to install several agents on the same machine, please consider the possible CPU, disk, memory or network bottlenecks that might occur. The Performance Monitor build feature can help you in analyzing live data.
The server hardware requirements depend on the server load, which in its turn depends significantly on the type of the builds and server usage. Consider the following general guidelines.
Database Note : When using the server extensively, the database performance starts to play a greater role. For reliability and performance reasons you should use external database. Please see the notes on choosing external database. The database size requirements naturally vary based on the amount of data stored (number of builds, number of tests, etc.) |The active server database usage can be estimated at several gigabytes of data per year.
Overview of the TeamCity hardware resources usage :
CPU: TeamCity utilizes multiple cores of the CPU, so increasing number of cores makes sense. For non-trivial TeamCity usage at least 4 CPU cores are recommended.
Memory: See a note on memory usage. Consider also that required memory may depend on the JVM used (32 bit or 64 bit). Generally, you will probably not need to dedicate more than 4G of memory to TeamCity server if you do not plan to run more then 100 concurrent builds (agents) and more then 200 online users.
HDD/disk usage: This sums up mainly from the temp directory usage (< TeamCity Home>/temp and OS temp directory) and .BuildServer/system usage. Performance of the TeamCity server highly depends on the disk system performance. As TeamCity stores large amounts of data under .BuildServer/system (most notably, VCS caches and build results) it is important that the access to the disk is fast. (e.g. please pay attention to this if you plan to store the data directory on a network drive).
Network: This mainly sums up from the traffic from VCS servers, to clients (web browsers, IDE, etc.) and to/from build agents (send sources, receive build results, logs and artifacts).
The load on the server depends on :
number of build configurations;
number of builds in the history;
number of the builds running daily;
amount of data consumed and produced by the builds (size of the used sources and artifacts, size of the build log, number and output size of unit tests, number of inspections and duplicates hits, size and number of produced artifacts, etc.);
cleanup rules configured
number of agents and their utilization percentage;
number of users having TeamCity web pages open;
number of users logged in from IDE plugin;
number and type of VCS roots as well as checking for changes interval for the VCS roots. VCS checkout mode is relevant too: server checkout mode generates greater server load. Specific types of VCS also affect server load, but they can be roughly estimated based on native VCS client performance;
number of changes detected by TeamCity per day in all the VCS roots;
total size of the sources checked out by TeamCity daily.
A general example of hardware configuration capable to handle up to 100 concurrently running builds and running only TeamCity server can be: Server-suitable modern multicore CPU, 8Gb of memory, fast network connection, fast and reliable HDD, fast external database access
Based on our experience, a modest hardware like Intel 3.2 GHz dual core CPU, 3.2Gb memory under Windows, 1Gb network adapter, single HDD can provide acceptable performance for the following setup:
60 projects and 300 build configurations (with one forth being active and running regularly);
more than 300 builds a day;
about 2Mb log per build;
50 build agents;
50 web users and 30 IDE users;
100 VCS roots (mainly Perforce and Subversion using server checkout), average checking for changes interval is 120 seconds;
more than 150 changes per day;
the database (MySQL) is running on the same machine;
TeamCity server process has
-Xmx1100m -XX:MaxPermSize=120m
JVM settings.
The following configuration can provide acceptable performance for a more loaded TeamCity server: Intel Xeon E5520 2.2 GHz CPU (4 cores, 8 threads), 12Gb memory under Windows Server 2008 R2 x64, 1Gb network adapter, 3 HDD RAID1 disks (general, one for artifacts, logs and caches storage, and one for the database storage) Server load characteristics:
150 projects and 1500 build configurations (with one third being active and running regularly);
more than 1500 builds a day;
about 4Mb log per build;
100 build agents;
150 web users and 40 IDE users;
250 VCS roots (mainly Git, Hg, Perforce and Subversion using agent-side checkout), average checking for changes interval is 180 seconds;
more than 1000 changes per day;
the database (MySQL) is running on the same machine;
TeamCity server process has
-Xmx3700m -XX:MaxPermSize=300m
x64 JVM settings.
However, to ensure peak load can be handled well, more powerful hardware is recommended.
HDD free space requirements are mainly determined by the number of builds stored on the server and the artifacts size/build log size in each. Server disk storage is also used to store VCS-related caches and you can estimate that at double the checkout size of all the VCS roots configured on the server.
If the builds generate large number of data (artifacts/build log/test data), using fast hard disk for storing .BuildServer/system directory and fast network between agents and server are recommended.
The general recommendation for deploying large-scale TeamCity installation is to start with a reasonable hardware while considering hardware upgrade. Then increase the load on the server (e.g. add more projects) gradually, monitoring the performance characteristics and deciding on necessary hardware or software improvements. Anyway, best administration practices are recommended like keeping adequate disk defragmentation level, etc.
Starting with an adequately loaded system, if you then increase the number of concurrently running builds (agents) by some factor, be prepared to increase CPU, database and HDD access speeds, amount of memory by the same factor to achieve the same performance. If you increase the number of builds per day, be prepared to increase the disk size.
If you consider cloud deployment for TeamCity agents (e.g. on Amazon EC2), please also review Estimating EC2 Costs
A note on agents setup in JetBrains internal TeamCity installation: We use both separate machines each running a single agent and dedicated "servers" running several virtual machines each of them having a single agent installed. Experimenting with the hardware and software we settled on a configuration when each core7i physical machine runs 3 virtual agents, each using a separate hard disk. This stems form the fact that our (mostly Java) builds depend on HDD performance in the first place. But YMMV.
The latest TeamCity version is known to work well with up to 300 build agents (300 concurrently running builds actively logging build run-time data). In synthetic tests the server was functioning OK with as many as 500 concurrent builds (the server with 8 cores, 32Gb of total memory running under Linux, and MySQL server running on a separate comparable machine). The load on the server produced by each build depends on the amount of data the build logs (build log, tests number and failure details, inspections/duplicates issues number, etc.). Keeping the amount of data reasonably constrained (publishing large outputs as build artifacts, not printing those into standard output; tweaking inspection profiles to report limited set of the most important inspection hits, etc.) will help scale the server to handle more concurrent builds. If you need much more agents/parallel builds, it is recommended to setup several separate TeamCity instances and distribute the projects between them. We constantly work on TeamCity performance improvements and are willing to work closely with organizations running large TeamCity installations to study any performance issues and improve TeamCity to handle larger loads. See also a related post on the maximum number of agents which TeamCity can handle
See also a related post: description of a substantial TeamCity setup.
Retrieve Administrator Password
On the first start with empty database TeamCity displays the Administrator Setup page. A TeamCity installation should always have a user with the System Administrator role.
If there is no user account with the System Administrator role in the current authentication scheme, you can use the http://<your_TeamCity_server>/setupAdmin.html
URL to setup an administrator account. If there is an administrator account already, the page is not available. To regain the access to the system you need to either log in with existing administrator account credentials or log in as a super user and change the existing administrator account password or create a new account with System Administrator role.
Other options (less recommended): If you forgot the Administrator password and your TeamCity uses an internal database, you can reset the password using the instructions. Otherwise you can use REST API to add the System Administrator role to any existing user. There are also instructions to patch roles directly in the database provided by a user.
Estimate External Database Capacity
It is quite hard to provide the exact numbers when setting up or migrating to an external database, as the required capacity varies greatly depending on how TeamCity is used.
The database size and database performance are crucial aspects to consider.
Database Size
The size of the database will depend on:
how many builds are started every day
how many test are reported from builds
clean-up rules (retention policy)
cleanup schedule
We recommend the initial size of data spaces to be 4 GB. When migrating from the internal database, we suggest at least doubling the size of the current internal database. For example, the size of the external database (without the Redo Log files) of the internal TeamCity server in JetBrains is about 50 GB. Setting your database to grow automatically helps to increase file sizes to a pre-determined limit when necessary, which minimizes the effort to monitor disk space.
Allocating 1 GB for the redo log (see the table below) and undo files is sufficient in most cases.
Database Performance
The following factors are to be taken into account:
type of database (RDBMS)
number of agents (which actually means the number of builds running in parallel)
number of web pages opened by all users
clean-up rules (retention policy)
It is advised to place the TeamCity Data directory and database data files on physically different hard disks (even when both the TeamCity server and RDBMS share the same host).
Placing redo logs on a separate physical disk is also recommended especially in case of the high number of agents (50 and more).
The redo log (or a similar entity) naming for different RDBMS:
RDBMS | Log name |
---|---|
Oracle | Redo Log |
MS SQL Server | Transaction Log |
PostgreSQL | WAL (write ahead log) |
MySQL + InnoDB and Percona | Redo Log |
PostgreSQL: We recommend using version 9.2+, which has a lot of query optimization features. Also see the information on the write-ahead-log (WAL) in the PostgreSQL documentation
Oracle: it is recommended to keep statistics on: all automatically gathered statistics should be enabled (since Oracle 10.0, this is the default set-up). Also see the information on redo log files in the Oracle documentation.
MS SQL Server: it is NOT recommended to use the JTDS driver: it does not work with nchar/nvarchar
, and to preserve unicode streams it may cause queries to take a long time and consume a lot of IO. Also see the information on redo log in the Microsoft Knowledge base
MySQL: the query optimizer might be inefficient: some queries may get a wrong execution plan causing them to take a long time and consume huge IO.
Estimate the Number of Required Build Agents
There are no precise data and the number of required build agents depends a lot on the server usage pattern, type of builds, team size, commitment of the team to CI process, etc. The best way is to start with the default 3 agents and see how that plays with the projects configured, then estimate further based on that.
You might want to increase the number of agents when you see:
builds waiting for an idle agent in the build queue;
more changes included into each build than you find comfortable (e.g. for build failures analysis);
necessity for different environments.
We've seen patterns of having an agent per each 20 build configurations (types of builds). Or a build agent per 1-2 developers.
See also notes on maximum supported number of agents.
Setup TeamCity in Replication/Clustering Environment
TeamCity does not provide specific support for replication/redundancy/high availability or clustering solutions. However to address fast disaster recovery scenarios it supports active - failover (hot standby) approach: the data that TeamCity server uses can be replicated and a solution put in place to start a new server using the same data if the currently active server malfunctions.
As to data, TeamCity server uses both database and file storage (Data Directory). You can browse through TeamCity Data Backup and TeamCity Data Directory pages in to get more information on TeamCity data storing. Basically, both TeamCity data directory on disk and the database which TeamCity uses should remain in a consistent state and thus should be replicated together. Only single TeamCity server instance should use database and data directory at any time.
Ensure that the distribution of the failover/backup server is of exactly the same version as the main server. It is also important to ensure the same server environment/startup options like memory settings, etc.
TeamCity agents farm can be reused between the main and the failover servers. Agents will automatically connect to the new server if you make the failover server to be resolved via the old server DNS name and agents connect to the server using the DNS name. See also information on switching from one server to another. If appropriate, the agents can be replicated just as the server. However, there is no need to replicate any TeamCity-specific data on the agents except for the conf\buildAgent.properties file as all the rest of the data can typically be renewed from the server. In case of replicated agents farm, the replica agents just need to be connected to the failover server.
In case of two servers installations for redundancy purposes, they can use the same set of licenses as only one of them is running at any given moment.
TeamCity Security Notes
For a list of disclosed security-related issues see our public issue tracker and "Security" section in the release notes. It is recommended to upgrade to the newly released TeamCity versions as soon as they become available as they can contain security-related fixes.
Short checklist (see below for full notes)
You are running latest TeamCity version
Access to TeamCity web interface is secured using HTTPS (e.g. with the help of Nginx).
TeamCity server machine does not run agents (at least under user who can read TeamCity server's Data Directory)
TeamCity server and agents processes are run under limited users with necessary permissions
Guest user and user registration is disabled or roles are reviewed for guest and All Users group
If you have external authentication configured (such as LDAP), built-in authentication module is disabled
Passwords are not printed into the build log or stored in non-password parameters
The following notes are provided only for your reference and are not meant to be complete or accurate in their entirety.
TeamCity is developed with security concerns in mind, and reasonable efforts are made to make the system not vulnerable to different types of attacks. However, the general assumption and recommended setup is to deploy TeamCity in a trusted environment with no possibility to be accessed by malicious users. Here are some notes on different security-related aspects:
man-in-the middle concerns
between TeamCity server and user's web browser: It is advised to use HTTPS for the TeamCity server. During login, TeamCity transmits user login password in an encrypted form with moderate encryption level.
between TeamCity agent and TeamCity server: see the section.
between TeamCity server and other external servers (version control, issue tracker, etc.): the general rules apply as for a client (TeamCity server in the case) connecting to the external server, see guidelines for the server in question.
users that have access to TeamCity web UI: the specific information accessible to the user is defined via TeamCity user roles.
users who can change code that is used in the builds run by TeamCity: the users have the same permissions as the system user under whom the TeamCity agent is running. Have access to OS resources and other applications installed on the same machine. Can access and change source code of other projects built on the same agent, modify the TeamCity agent code, publish any files as artifacts for the builds built on the agent (which means the files can be then displayed in TeamCity web UI and expose web vulnerabilities or can be used in other builds), etc. It is advised to run TeamCity agents under users with only necessary set of permissions and use agent pools feature to insure that projects requiring different set of access are not built on the same agents. Also, the users can do everything which user with "View build configuration settings" permission can do.
users with "View build configuration settings" permission ("Project developer" TeamCity role by default) can view all the projects on the server, but since TeamCity 9.0 there is a way to restrict this, see details in the corresponding issue TW-24904.
users with "Edit project" permission ("Project Administrator" TeamCity role by default) in one project can retrieve artifacts and trigger builds from any build configuration they have only view permission for.
users with "Change server settings" permission ("System Administrator" TeamCity role by default): It is assumed that the users also have access to the computer on which TeamCity server is running under the user account used to run the server process. Thus, some operations like server file system browsing can be accessible by the users.
TeamCity server computer administrators: have full access to TeamCity stored data and can affect TeamCity executed processes. Passwords that are necessary to authenticate in external systems (like VCS, issue trackers, etc.) are stored scrambled under TeamCity Data Directory and can also be stored in the database. However, the values are only scrambled, which means they can be retrieved by the users who have access to the server file system or database.
TeamCity agent computer administrators: same as "users who can change code that is used in the builds run by TeamCity".
Other:
TeamCity web application vulnerabilities: TeamCity development team makes reasonable effort to fix any significant vulnerabilities (like cross-site scripting possibilities) once they are uncovered. Please note that any user that can affect build files ("users who can change code that is used in the builds run by TeamCity" or "TeamCity agent computer administrators") can make a malicious file available as build artifact that will then exploit cross-site scripting vulnerability. (TW-27206)
TeamCity agent is fully controlled by the TeamCity server: since TeamCity agents support automatic updates download from the server, agents should only connect to a trusted server. An administrator of the server computer can force execution of arbitrary code on a connected agent.
When storing settings in VCS is enabled, any user who can access the settings repository (including users with "View file content" permission for the build configurations using the same VCS root) can see the settings and retrieve the actual passwords based on their stored scrambled form. Since TeamCity 9.1, when option is enabled to allow per-build settings from personal builds, any user who can run a personal build, in fact gets permissions like a project administrator of a side project on the server.
Configure Newly Installed MySQL Server
If MySQL server is going to be used with TeamCity in addition to the basic setup, you should review and probably change some of the MySQL server settings. If MySQL is installed on Windows, the settings are located in my.ini
file which usually can be found under MySQL installation directory. For Unix-like systems the file is called my.cnf
and can be placed somewhere under /etc
directory. Read more about configuration file location in MySQL documentation. Note: you'll need to restart MySQL server after changing settings in my.ini|my.cnf
.
The following settings should be reviewed and/or changed:
InnoDB database engine
Make sure you're using InnoDB database engine for tables in TeamCity database. You can check what engine is used with help of this command:
or for all tables at once:
max_connections
You should ensure max_connections
parameter has bigger value than the one specified in TeamCity <TeamCity data directory>/config/database.properties
file.
innodb_buffer_pool_size and innodb_log_file_size
Too small value in innodb_buffer_pool_size
can affect performance significantly:
We recommend to start with 2Gb and increase it if you experience slowness and have enough memory. After increasing buffer pool size you should also change size of the http://dev.mysql.com/doc/refman/5.6/en/innodb-parameters.html#sysvar_innodb_log_file_size setting (it's value can be calculated as innodb_buffer_pool_size
/N, where N is the number of log files in group (2 by default)):
innodb_file_per_table
For better performance you can enable so called per-table tablespaces. Note that once you add innodb_file_per_table
option new tables will be created and placed in separate files, but tables created before enabling this option will still be in the shared tablespace. You'll need to re-import database for them to be placed in separate files.
innodb_flush_log_at_trx_commit
If TeamCity is the only application using MySQL database then you can improve performance by setting innodb_flush_log_at_trx_commit
variable to 2
or 0
:
Note: it is not important for TeamCity that database offers full ACID behavior, so you can safely change this variable.
log files on different disk
Placing the MySQL log files on different disk sometimes helps improving performance. You can read about it in MySQL documentation.
Setting The Binary Log Format
If the default MySQL binary logging format is not MIXED (it depends on the version of MySQL you are using), then it should be explicitly set to MIXED:
Enable additional diagnostics
To get additional diagnostics data in case of some database-specific errors, grant more permissions for a TeamCity database user via SQL command:
Configure Newly Installed PostgreSQL Server
For better TeamCity server performance it is recommended to change some of the parameters of the newly installed PostgreSQL server. You can read more about PostgreSQL performance optimizations in PostgreSQL Wiki.
Parameters below can be changed in postgresql.conf
file which can be found in PostgreSQL's data directory.
shared_buffers
Default value of http://www.postgresql.org/docs/current/static/runtime-config-resource.html#GUC-SHARED-BUFFERS parameter is too small and should be increased.
checkpoint settings
For write intensive applications such as TeamCity it makes sense to change some of the checkpoint related parameters.
synchronous_commit
If TeamCity is the only application using PostgreSQL database, we recommend disabling http://www.postgresql.org/docs/current/static/runtime-config-wal.html#GUC-SYNCHRONOUS-COMMIT parameter:
Set Up TeamCity behind a Proxy Server
This section covers the recommended setup of proxy servers installed before the TeamCity server web UI. These settings are in addition to the HTTPS configuration which is recommended.
Consider the example: TeamCity server is installed at URL: http://teamcity.local:8111/tcIt is visible to the outside world as URL: http://teamcity.public:400/tc
You need to set up a reverse proxy. The settings below ensure requests to http://teamcity.public:400/tc are redirected to http://teamcity.local:8111/tc and the redirect URLs sent back to the clients are correctly mapped by the proxy server. If you need to use different protocols (e.g. enable https on the proxy server but not in TeamCity), you should also follow instructions in the #Other servers section.
Note: An internal TeamCity server should work under the same context as it is visible from outside by an external address. See also context changing instructions.
Apache
Versions 2.4.5+ are recommended. Earlier versions do not support the WebSocket protocol, so use the settings noted in the previous documentation version.
Please note the order of ProxyPass rules, you should sort conflicting ProxyPass rules starting with the longest URLs first.
For example, on Unix you should switch to mpm_worker and configure the maximum number of simultaneous connections:
On Windows you may need to increase the ThreadsPerChild value as described in the Apache documentation.
Nginx
Versions 1.3+ are recommended. Earlier versions do not support the WebSocket protocol, so use the settings noted in the previous documentation version .
map $http_upgrade $connection_upgrade { default upgrade; '' ''; } server { listen 400; server_name teamcity.public; location /tc { proxy_pass http://teamcity.local:8111/tc; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $server_name:$server_port; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; } }
Some other Nginx settings must be changed as well:
Where client_max_body_size
controls the maximum size of an HTTP request. It is set to 0 to allow uploading big artifacts to TeamCity.
Other servers
Generic notes: Make sure to use a productive proxy with due (high) limits on request (upload) and response (download) size and timeouts. It is recommended to use proxy capable to work with WebSocket protocol.
If you need to use different protocols for the public and local address (e.g. make TeamCity visible to the outside world as https://teamcity.public:400) or your proxy server does not support redirect URL rewriting, in addition to proxy configuration use the following approach:
Set up a proxying server to redirect all requests to teamcity.public:400
to a dedicated port on the TeamCity server (8111
in the example below) and edit <
TeamCity Home
>\conf\server.xml
to change the existing or add a new Connector node:
For HTTPS, use the secure="true"
and scheme="https"
attributes. This is also described in the comment.
Tomcat settings
The TeamCity server must know the original remote address of the client. This is especially important for agents, because the server tries to establish a connection with an agent to check whether the agent is behind a firewall or not. For this you need to add the following into the Tomcat main <Host> node of the conf\server.xml
file (see also doc):
Where internalProxies
must be replaced with the IP address of the Nginx or Apache proxy server.
Configure TeamCity to Use Proxy Server for Outgoing Connections
This section describes configuring TeamCity to use proxy server for certain outgoing HTTP connections. To connect TeamCity behind a proxy to Amazon EC2 cloud agents, see this section.
TeamCity can use proxy server for certain outgoing HTTP connections made by the TeamCity server to other services like issues trackers, etc. To point TeamCity at your proxy server, you need to pass additional JVM options to the TeamCity server on the start up:
JVM arguments:
Install Multiple Agents on the Same Machine
See the corresponding section under agent installation documentation.
Change Server Port
See corresponding section in server installation instructions.
Test-drive Newer TeamCity Version before Upgrade
It's advised to try new TeamCity version before upgrading your production server. Usual procedure is to create a copy of your production TeamCity installation, then upgrade it, try the things out and when everything is checked, drop the test server and upgrade the main one. When you start the test server do not forget to change the Server URL, disable Email and Jabber notifiers as well as other features on the new server.
Create a Copy of TeamCity Server with All Data
One of the ways to create a copy of the server is to create a backup, then install a new TeamCity server of the same version that you already run, ensure you have appropriate environment configured (see notes below), ensure that the server uses own TeamCity Data Directory and own database and then restore the backup. This way the new server won't get build artifacts and some other less important data. If you need them, you will need to copy appropriate directories (e.g. entire "artifacts" directory) from .BuildServer/system from the original to the copied server. This copying should occur before you create a backup to make sure newer directories do not appear on the server copy.
If you do not want to use bundled backup functionality or need manual control over the process, here is a description of the general steps one would need to perform to manually create copy of the server:
create a backup so that you can restore it if anything goes wrong,
ensure the server is not running,
either perform clean installation or copy the TeamCity binaries (TeamCity Home Directory) into a new place (the
temp
andwork
subdirectories can be omitted during copying). Use exactly the same TeamCity version. If you plan to upgrade after copying, perform the upgrade only after you have the existing version up and running.transfer relevant environment if it was specially modified for existing TeamCity installation. This might include:
if you run TeamCity with OS startup (e.g. Windows service), make sure all the same configuration is performed on the new machine
use the same TeamCity process launching options, specifically check/copy environment variables starting with
TEAMCITY_
.use appropriate OS user account for running TeamCity server process with appropriately configured settings, global and file system permissions
transfer OS security settings if required
ensure any files/settings that were configured in TeamCity web UI are accessible; put necessary libraries/files inside TeamCity installation if they were put there earlier)
copy TeamCity Data Directory. If you do not need the full copy, refer to the items below for optional items.
.BuildServer/config
to preserve projects and build configurations settings.BuildServer/lib
and.BuildServer/plugins
if you have themfiles from the root of
.BuildServer/system
if you use internal database and you do not want to perform database move..BuildServer/system/artifacts
(optional) if you want build artifacts and build logs (including tests failure details) preserved on the new server.BuildServer/system/changes
(optional) if you want personal changes preserved on the new server.BuildServer/system/pluginData
(optional) if you want to preserve state of various plugins, build triggers and settings audit diff.BuildServer/system/caches
and.BuildServer/system/caches
(optional) are not necessary to copy to the new server, they will be recreated on startup, but can take some time to be rebuilt (expect some slow down).
create copy of the database that your TeamCity installation is using in new schema or new database server. This can be done with database-specific tools or with bundled maintainDB tool by backing up database data and then restoring it.
configure new TeamCity installation to use proper TeamCity Data Directory and database (
.BuildServer/config/database.properties
points to a copy of the database)
Note: if you want to do a quick check and do not want to preserve builds history on the new server you can skip step 6 (cloning database) and all items of the step 5 marked as optional.
ensure the new server is configured to use another data directory and the database then the original server
change server UUID by removing "uud" attribute from XML of <TeamCity Data Directory>\config\main-config.xml file At this point you should be ready to run the copy TeamCity server.
do not forget to update Server URL on Administration | Global Settings page and change other settings to prevent the copy server to clash with the original one.
check that VCS servers, issue tracker servers, email and Jabber server and other server-accessed systems are accessible from the new installation.
check that any systems configured to push events to TeamCity server (like VCS hooks, automated build triggering, monitors, etc.) are updated to know about the new server (if necessary)
install new agents (or select some from the existing ones) and configure them to connect to the new server (using the new server URL)
If you are creating a test server, you need to ensure that the users and production systems are not affected. Typically, this means you need to:
ensure the server has the correct (changed) Server URL;
disable Email, Jabber (in "Administration > "Notifier" sections) and possibly also custom notifiers or change their settings to prevent the new server from sending out notifications;
ensure the same license keys are not used on several servers (more on licensing);
be sure not to run any builds which change (e.g. deploy to) production environments. This also typically includes Maven builds deploying to non-local repositories. You can prevent any builds from starting by pausing the build queue;
disable any plugins which push data into other non-copied systems based on TeamCity events (like commit status publishing);
disable cloud integration (so that it does not interfere with the main server);
disable functionality to store project settings in VCS: set
teamcity.versionedSettings.enabled=false
internal property;consider significantly increasing VCS checking for changes interval (server-wide default and overridden in the VCS roots) or changing settings of the VCS roots to prevent them from contacting production servers.
See also the notes on moving the server from one machine to another.
Licensing issuesYou cannot use a single TeamCity license on two running servers at the same time, so to run a copy of TeamCity server you will need another license. Copies of the server created for redundancy/backup purposes can use the same licenses as they only should be running one at a time. If you are only going to run the server for testing purposes, you can get time-limited TeamCity evaluation license once from the official TeamCity download page. If you need an extension of the license or you have already evaluated the same TeamCity version, please contact our sales department. If you plan to run the second server at the same time as the main one regularly/for production purposes, you need to purchase separate licenses for the second server.
Move TeamCity Projects from One Server to Another
If you need to move data to a fresh server without existing data, it is recommended to move the server or copy it and then delete the data which is not necessary on the new server.
If you need to join the data with already existing set, there is a dedicated feature to move projects with most of the associated data from one server to another: Projects Import.
Since TeamCity 8.0 it is possible to move settings of a project or a build configuration to another server with simple file copying. For earlier TeamCity versions see the comment.
The two TeamCity servers (source and target) should be of exactly the same version (same build).
All the identifiers throughout all the projects, build configurations and VCS roots of both servers should be unique. If they are not, you can change them via web UI. If entities with the same id are present on different servers, the entities are assumed to be the same. For example this is useful for having global set of VCS roots on all the servers.
To move settings of the project and all its build configuration from one server to another:
From the TeamCity TeamCity Data Directory, copy the directories of corresponding projects (.BuildServer\config\projects\<id>
) and all it's parent projects to .BuildServer\config\projects
of the target server. This moves project settings, build configuration settings, VCS roots defined in the projects preserving the links between them. If there are same-named files on the target server as those copied, this can happen in case of a) id match: same entities already exist on the target server, in which case the clashing files can be excluded from copying, or b) id clash: different entities happen to have same ids. In this case it should be resolved either by changing entity id on the source or target server to fulfill the uniqueness requirement.
The set of parent projects is to be identified manually based on the web UI or the directory names on disk (which be default will have the same prefix).
Note: It might make sense to keep the settings of the root project synchronized between all the servers (by synchronizing content of .BuildServer\config\projects_Root
directory). For example, this will ensure same settings for the default cleanup policy on all the servers.
Further steps after projects copying might be:
delete unused data in the copied parent projects (if any) on the target server
use "server health" reports to identify duplicate VCS roots appeared in result of copying, if any
archive the projects on the source server and adjust cleanup rules (to be able to see build's history, if necessary)
What is not copied by the approach above:
pausing comment and user of the paused build configurations
archiving user of the archived projects
global server settings (e.g. Maven settings.xml profiles, tools (e.g. handle.exe), external change viewers, build queue priorities, issue trackers). These are stored under various files under .BuildServer\config directory and should be synchronized either on the file level or by configuring the same settings in the server administration UI.
project association with agent pools
templates from other projects which are not parents of the copied one. This configuration is actually deprecated in TeamCity 8.0 and is only supported as legacy. Templates used in several projects should be moved to the common parent project or root project.
no data configured for the agents (build configurations allowed to run on the agent).
no user-related or user group-related settings (like roles and notification rules)
no state-related data like mutes and investigations, etc.
Move TeamCity Installation to a New Machine
If you need to move existing TeamCity installation to a new hardware or clean OS, it is recommended to follow instructions on copying the server from one machine to another and then switch from the old server to a new one. If you are sure you do not need to preserve old server, you can perform move operations instead of copying in those instructions.
You can use existing license keys when you move the server from one machine to another (as long as there are no two servers running at the same time). As license keys are stored under <TeamCity Data Directory>, you transfer the license keys with all the other TeamCity settings data.
A usual advice is not to combine TeamCity update with any other actions like environment or hardware changes and perform the changes one at a time so that if something goes wrong the cause can be easily tracked.
Switching from one server to anotherPlease note that TeamCity Data Directory and database should be used by a single TeamCity instance at any given moment. If you configured a new TeamCity instance to use the same data, please ensure you shutdown and disable the old TeamCity instance before starting a new one.
Generally it is recommended to use a domain name to access the server (in the agent configuration and when users access the TeamCity web UI). This way you can update the DNS entry to make the address resolve to the IP address of the new server and after all cached DNS results expire, all clients will automatically use the new server. You might need to reduce the DNS server cache/lease time in advance before the change to make the clients "understand" the change fast.
However, if you need to use another server domain address, you will need to:
Switch agents to the new URL (requires updating the
serverUrl
property in buildAgent.properties on each agent).Upon the new server startup, remember to update the Server URL on Administration | Global Settings page.
Notify all TeamCity users on the new address
Move TeamCity Agent
Apart from the binaries, TeamCity agent stores it's configuration and data left from the builds it run. Usually the data from the previous builds makes preparation for the future builds a bit faster, but it can be deleted if necessary. The configuration is stored under conf
and launcher\conf
directories. The data collected by previous build is stored under work
and system
directories.
The most simple way to move agent installation into a new machine or new location is to:
stop existing agent
install a new agent
copy
conf/buildAgent.properties
from the old installation to a new onestart the new agent.
With these steps the agent will be recognized by TeamCity server as the same and will perform clean checkout for all the builds.
Please also review the section for a list of directories that can be deleted without affecting builds consistency.
Share the Build number for Builds in a Chain Build
A build number can be shared for builds connected by a snapshot dependency or an artifact dependency using a reference to the following dependency property: %dep.<btID>.system.build.number%
.
For example, you have build configurations A and B that you want to build in sync: use the same sources and take the same build number. Do the following:
Create build configuration C, then snapshot dependencies: A on C and B on C.
Set the Build number format in A and B to:
%dep.<btID>.system.build.number%Where <btID> is the ID of the build configuration C. The approach works best when builds reuse is turned off via the Snapshot Dependencies snapshot dependency option set to off.
Read more about dependency properties.
Please watch/comment the issue related to sharing a build number TW-7745.
Make Temporary Build Files Erased between the Builds
Update your build script to use path stored in ${teamcity.build.tempDir
} (Ant's style name) property as the temp directory. TeamCity agent creates the directory before the build and deletes it right after the build.
Clear Build Queue if It Has Too Many Builds due to a Configuration Error
Try pausing the build configuration that has the builds queued. On build configuration pausing all its builds are removed form the queue. Also there is an ability to delete many builds from the build queue in a single dialog.
Automatically create or change TeamCity build configuration settings
If you need a level of automation and web administration UI does not suite your needs, there several possibilities:
use REST API
change configuration files directly on disk (see more at TeamCity Data Directory)
write a TeamCity Java plugin that will perform the tasks using open API.
Attach Cucumber Reporter to Ant Build
If you use Cucumber for Java applications testing you should run cucumber with --expand and special --format options. More over you should specify RUBYLIB environment variable pointing on necessary TeamCity Rake Runner ruby scripts:
Please, check RUBYLIB path separator. (';' for Windows, ':' for Linux, or '${path.separator}' in ant for safety) If you are launching Cucumber tests using Rake build language TC will add all necessary cmdline parameters and env. variables automatically. P.S: This tip works in TeamCity version >= 5.0.
Get Last Successful Build Number
Use URL like this:
The build number will be returned as a plain-text response. For <ID of build configuration>
, see Identifier. This functionality is provided by REST API
Set up Deployment for My Application in TeamCity
TeamCity has enough features to handle orchestration part of the deployments with the actual deployment logic configured in the build script / build runner. TeamCity supports a variety of generic build tools, so any specific tool can be run from within TeamCity. To ease specific tool usage, it is possible to wrap it into a meta-runner or write a custom plugin for that.
In general, setup steps for configuring deployments are:
Write a build script that will perform the deployment task for the binary files available on the disk. (e.g. use Ant or MSBuild for this. For FTP/SSH tasks check the Deployer plugin). See also #Integrate with Build and Reporting Tools. You can use Meta-Runner to reuse a script with convenient UI.
Create a build configuration in TeamCity that will execute the build script and perform the actual deployment. If the deployment is to be visible or startable only by the limited set of users, place the build configuration in a separate TeamCity project and make sure the users have appropriate permissions in the project.
In this build configuration configure artifact dependency on a build configuration that produces binaries that need to be deployed.
Configure one of the available triggers in the deploying build configuration if you need the deployment to be triggered automatically (e.g. to deploy last successful of last pinned build), or use "Promote" action in the build that produced the binaries to be deployed.
Consider using snapshot dependencies in addition to artifact ones and check Build Chains tab to get the overview of the builds.
If you need to parametrize the deployment (e.g. specify different target machines in different runs), pass parameters to the build script using custom build run dialog. Consider using Typed Parameters to make the custom run dialog easier to use or handle passwords.
If the deploying build is triggered manually consider also adding commands in the build script to pin and tag the build being deployed (via sending a REST API request). You can also use a build number from the build that generated the artifact.
Further recommendations:
Setup a separate build configurations for each target environment
Use build's Dependencies tab for navigation between build producing the binaries and deploying builds/tasks
If necessary, use parameter with "prompt" display mode to ask for "confirmation" on running a build
Change title of the build configuration "Run" button
Related section on the official site: Continuous Deployment with TeamCity
Use an External Tool that My Build Relies on
If you need to use specific external tool to be installed on a build agent to run your builds, you have the following options:
Install and register the tool in TeamCity:
Install the tool on all the agents that will run the build. This can be done manually or via an automated script. For simple file distribution also see Installing Agent Tools
Add a property into
buildAgent.properties
file (or add environment variable to the system) with the tool home location as the value.Add agent requirement for the property in the build configuration.
Use the property in the build script.
Check in the tool into the version control and use relative paths.
Add environment preparation stage into the build script to get the tool form elsewhere.
Create a separate build configuration with a single "fake" build which would contain required files as artifacts, then use artifact dependencies to send files to the target build.
Integrate with Build and Reporting Tools
If you have a build tool or a tool that generates some report/provides code metrics which is not yet supported by TeamCity or any of the plugins, most probably you can use it in TeamCity even without dedicated integration.
The integration tasks involved are collecting the data in the scope of a build and then reporting the data to TeamCity so that they can be presented in the build results or in other ways.
Data collectionThe easiest way for a start is to modify your build scripts to make use of the selected tool and collect all the required data. If you can run the tool from a command line console, then you can run it in TeamCity with a command line runner. This will give you detection of the messages printed into standard error output. The build can be marked as failed is the exit code is not zero or there is output to standard error via build failure condition. If the tool has launchers for any of the supported build scripting engines like Ant, Maven or MSBuild, then you can use corresponding runner in TeamCity to start the tool. See also #Use an External Tool that My Build Relies on for the recommendations on how to run an external tool.
You can also consider creating a Meta Runner to let the tool have dedicated UI in TeamCity.
For an advanced integration a custom TeamCity plugin can be developed in Java to ease tool configuration and running.
Presenting data in TeamCityThe build progress can be reported to TeamCity via service messages and build status text can also be updated.
For testing tools, if they are not yet supported you can report tests progress to TeamCity from the build via test-related service messages or generate one of the supported XML reports in the build and let it be imported via a service message of configured XML Report Processing build feature.
To present the results for a generic report, the approach might be to generate HTML report in the build script, pack it into archive and publish as a build artifact. Then configure a report tab to display the HTML report as a tab on build's results.
A metrics value can be published as TeamCity statistics via service message and then displayed in a custom chart. You can also configure build failure condition based on the metric.
If the tool reports code-attributing information like Inspections or Duplicates, TeamCity-bundled report can be used to display the results. A custom plugin will be necessary to process the tool-specific report into TeamCity-specific data model. Example of this can be found in XML Test Reporting plugin and FXCop plugin (see a link on Open-source Bundled Plugins).
See also #Import coverage results in TeamCity.
For advanced integration, a custom plugin will be necessary to store and present the data as required. See Developing TeamCity Plugins for more information on plugin development.
Restore Just Deleted Project
TeamCity moves settings files of deleted projects under
/config/_trash
directory. To restore project you should find the directory on the server and move it into regular projects settings directory: <TeamCity Data Directory>/config/projects
. Also you should remove suffix \.projectN from the directory name. You can do this while server is running, it should pick up restored project automatically.
Please note that TeamCity preserves builds history and other data stored in the database for deleted projects/build configurations for 24 hours since the deletion time. All the associated data (builds and test history, changes, etc.) is removed during the next cleanup after 24 hours timeout elapses.
Theconfig/_trash
directory is not cleaned automatically and can be emptied manually if you are sure you do not need the deleted projects. No server restart is required.
Transfer 3 Default Agents to Another Server
This is not possible.
Each TeamCity server (Professional and Enterprise) allows using 3 or more agents bound to the server without any agent licenses. In case of the Professional server, by default 3 agents are bound to the server instance: users do not pay for these agents, there is no license key for them. In case of the Enterprise server, the number of agents depends on your package and the agents are bound to the server license key.
So, the agents bound to the server cannot be transferred to another server.
If you need more build agents that are included with your TeamCity server, you can purchase additional build agent licenses and connect more agents in addition to those that come bound with the server.
See more on licensing.
Import coverage results in TeamCity
TeamCity comes bundled with IntelliJ IDEA/Emma and, JaCoCo coverage engines for Java and dotCover/NCover/PartCover for .NET. However, there are plenty of other coverage tools out there, like Cobertura and others which are not directly supported by TeamCity.
In order to achieve similar experience with these tools you can:
publish coverage HTML report as TeamCity artifact: most of the tools produce coverage report in HTML format, you can publish it as artifact and configure report tab to show it in TeamCity. If artifact is published in the root artifact directory and its name is
coverage.zip
and there isindex.html
file in it, report tab will be shown automatically. As to running an external tool, check #Integrate with Build and Reporting Tools.extract coverage statistics from coverage report and publish statistics values to TeamCity with help of service message: if you do so, you'll see coverage chart on build configuration Statistics tab and also you'll be able to fail a build with the help of a build failure condition on a metric change (for example, you can fail build if the coverage drops).
Recover from "Data format of the data directory (NNN) and the database (MMM) do not match" error
If you get "Data format of the data directory (NNN) and the database (MMM) do not match." error on starting TeamCity, it means either the database or the TeamCity Data Directory were recently changed to an inconsistent state so they cannot be used together. Double-check the database and data directory locations and change them if they are not those where the server used to store the data. If they are right, most probably it means that the server was upgraded with another database or data directory and the consistent upgrade requirement was not met for your main data directory and the database.
To recover from the state you will need backup of the consistent state made prior to the upgrade. You will need to restore that backup, ensure the right locations are used for the data directory and the database and perform the TeamCity upgrade.
Debug a Build on a Specific Agent
In case a build fails on some agent, it is possible to debug it on this very agent to investigate agent-specific issues. Do the following:
Go to the Agents page in the TeamCity Web UI and select the agent.
Disable the agent to temporarily remove it from the build grid. Add a comment (optional). To enable the agent automatically after a certain time period, check the corresponding box and specify the time.
Select the build to debug.
Open the Custom Run dialog and specify the following options:
In the Agent drop-down, select the disabled agent.
It is recommended to select the run as Personal Build option to avoid intersection with regular builds.
When debugging is complete, enable the agent manually if automatic re-enabling has not been configured.
You can also perform remote debugging of tests on an agent via the IntelliJ IDEA plugin for TeamCity.
Debug a Part of the Build (a build step)
If a build containing several steps fails at a certain step, it is possible to debug the step that breaks. Do the following:
Go to the build configuration and disable the build steps up to the one you want to debug.
Select the build to debug.
Open the Custom Run dialog and select the put the build to the queue top to give you build the priority.
When debugging is complete, re-enable the build steps.
Vulnerabilities
This section describes effect and necessary protection steps related to recently announced security vulnerabilities.
Heartbleed, ShellShock
TeamCity distributions provided by JetBrains do not contain software/libraries and do not use technologies affected by Heart bleed and Shell shock vulnerabilities. What might still need assessment is the specific TeamCity installation implementation which might use the components behind those provided/recommended by JetBrains and which can be vulnerable to the mentioned exploits.
POODLE
If you configured HTTPS access to the TeamCity server, inspect the solution used for HTTPS as that might be affected (e.g. Tomcat seems to be affected). At this time none of TeamCity distributions include HTTPS access by default and investigating/eliminating HTTPS-related vulnerability is out of scope of TeamCity.
Depending on the settings used, TeamCity server (and agent) can establish HTTPS connections to other servers (e.g. Subversion). Depending on the server settings, those connections might fall back to using SSL 3.0 protocol. The recommended solution is not TeamCity specific and it is to disable SSLv3 on the target SSL-server side.
GHOST
CVE-2015-0235 vulnerability is found in glibc library which is not directly used by TeamCity code. It is used by the Java/JRE used by TeamCity under *nix platforms. As Java is not bundled with TeamCity distributions, you should apply the security measures recommended by the vendor of the Java you use. At this time there are no related Java-specific security advisories released, so updating the OS should be enough to eliminate the risk of the vulnerability exploitation.
FREAK
CVE-2015-0204 vulnerability is found in OpenSSL implementation and TeamCity does not bundle any parts of OpenSSL product and so is not vulnerable. You might still need to review the environment in which TeamCity server and agents are installed as well as tools installed in addition to TeamCity for possible vulnerability mitigation steps necessary.
Watch Several TeamCity Servers with Windows Tray Notifier
TeamCity Tray Notifier is used normally to watch builds and receive notifications from a single TeamCity server. However, if you have more than one TeamCity server and want to monitor them with Windows Tray Notifier simultaneously, you need to start a separate instance of Tray Notifier for each of the servers from the command line with the /allowMultiple
option:
From the TeamCity Tray Notifier installation folder (by default, it's
C:\Program Files\JetBrains\TeamCity
run the following command:JetBrains.TrayNotifier.exe /allowMultipleOptionally, for each of the Tray Notifier instances you can explicitly specify the URL of the server to connect using the
/server
option. Otherwise, for each further tray notifier instance you will need to log out and change server's URL via UI.JetBrains.TrayNotifier.exe /allowMultiple /server:http://myTeamCityServer
See also details in the issue tracker.
TeamCity Release Cycle
The information below can be used for reference purposes only.
"major" release below means any release with a change in first or second version number (e.g. X in X.X.Z) "bugfix" release means releases with a change in the third version number (e.g. Z in X.X.Z)
Release stages that we generally have are: Available under EAP (Early Access Program) - usually available only for major releases, starts several months after previous major release and usually months before the next major release. Typically new EAP releases are published on monthly or bi-monthly basis. General Availability - as a rule, there are two major releases each year. There are multiple bugfix releases following the major release. Bugfix releases and support patches for critical issues (if applicable) are provided until "End of Sale" of the release. End of Sale - occurs with the release of a new major version. After this time no bugfix updates or patches are usually provided (Exceptions are critical issues without workaround which allow for relatively simple fix and inability for the customer to upgrade for an important reason). Only limited support is provided for these versions. End of Support - occurs with the release of two newer major versions. At this point we stop providing email support for the release.
Dates for the previous releases can be seen at Previous Releases Downloads.
Integrate with Build and Reporting Tools