I already use my computer as a self-hosted agent connected to a azure pipeline workflow. I'm trying to now run a self-hosted agent in docker for later use on a company own windows 2019 server. But I'm having connectivity issues.
I'm doing exactly this: https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/docker?view=azure-devops But, when I run this :
docker build -t dockeragent:latest .
docker run -e AZP_URL="https://[CompanyUrl].com/[Collection]" -e AZP_TOKEN="[PAT]" -e AZP_AGENT_NAME="dockeragent" -e AZP_POOL="[Pool]" dockeragent:latest
I expect docker container agent to run start.ps1 script, go to power shell, configure the agent and see a big CLI drawing of Azure Pipelines.
But, what I get is this error.
ERROR:
1. Determining matching Azure Pipelines agent...
Invoke-RestMethod : The underlying connection was closed: Could not establish
trust relationship for the SSL/TLS secure channel.
At C:\azp\start.ps1:35 char:12
+ $package = Invoke-RestMethod -Headers @{Authorization=("Basic $base64 ...
I know that these specific lines fail. It's a failed REST API call.
SNIPPET:
Write-Host "1. Determining matching Azure Pipelines agent..." -ForegroundColor Cyan
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$(Get-Content ${Env:AZP_TOKEN_FILE})"))
$package = Invoke-RestMethod -Headers @{Authorization=("Basic $base64AuthInfo")} "$(${Env:AZP_URL})/_apis/distributedtask/packages/agent?platform=win-x64&`$top=1"
$packageUrl = $package[0].Value.downloadUrl
Write-Host $packageUrl
But the thing I don't understand, is if I just copy paste the URL in my web browser
https://[CompanyUrl].com/[Collection]/_apis/distributedtask/packages/agent?platform=win-x64&`$top=1
It works without a hitch and I see my JSON data from the Get operation. It just doesn't work from inside the container. I'm lost.
Any Hints?
What I tried:
- I tried a popular fix I saw online. I added this line in my start.ps1 script.But I saw no visible change, I got the same problem.
[Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls"
- I tried using a less secure http URL we have to go on our Azure Devops Platform. It's a legacy URL.
http://[TFS Extension].[Server].com/[Collection]/_apis/distributedtask/packages/agent?platform=win-x64&`$top=1
It actually worked, I didn't get the error above, so now I'm just confused. I would like it to work with the more secure https link.