作为服务运行时,TFS Build Agent无法连接到TFS 2017中的HTTPS git [英] TFS Build Agent failing to connect to HTTPS git in TFS 2017 when running as service
问题描述
我们正在服务器上使用内部证书,我已经按照
We are using an internal certificate on our server and I've followed the steps in
以及此处的步骤:
git version
git config --get remote.origin.url
git config gc.auto 0
git config --get-all http.https://ourtfsserver:8443/tfs/path/_git/project.extraheader
git config --get-all http.proxy
git -c http.extraheader="AUTHORIZATION: bearer ********" fetch --tags --prune --progress origin
fatal: unable to access 'https://ourtfsserver:8443/tfs/path/_git/project/': SSL certificate problem: unable to get local issuer certificate
##[error]Git fetch failed with exit code: 128
在使用相同的代理配置但使用.\ run.cmd而不是作为服务(相同凭据)运行时,它可以成功运行:
When running with the same agent config but using .\run.cmd instead of as a service (same credentials) it works successfully:
git version
git config --get remote.origin.url
git config gc.auto 0
git config --get-all http.https://ourtfsserver:8443/tfs/path/_git/project.extraheader
git config --get-all http.proxy
git -c http.extraheader="AUTHORIZATION: bearer ********" fetch --tags --prune --progress origin
git checkout --progress --force {hash here}
(and continues onto next steps)
但是,当我尝试使用构建代理帐户手动运行它时,它会给出与上述相同的Git fetch failed with exit code: 128.不过,我可以使用这些凭据手动git clone.
However, when I try to run it manually using our build agent account it gives the same Git fetch failed with exit code: 128 as above. I can manually git clone using these credentials though.
所以我尝试了:
git config –global http.sslVerify false
,以及手动设置配置文件以包含该变量.
as well as manually setting the config file to include that variable.
我还使用IE安装了证书,以根据第二篇博客文章获得该证书.
I've also installed the certificate using IE to get it per the 2nd blog post.
我也可以使用git clone https://ourtfsserver:8443/tfs/path/_git/project c:\somefolder
我正在使用2017年2月13日发布的TFS 2017 Update 1 RC2( https://www.visualstudio.com/zh-cn/news/releasenotes/tfs2017-update1 ),以前的版本根本无法让我们的构建代理完全连接到tfs https.我们旧的TFS 2015构建代理仍然可以使用,但是缺少v2代理的新功能.
I'm using the TFS 2017 Update 1 RC2 From Feb 13th 2017 (https://www.visualstudio.com/en-us/news/releasenotes/tfs2017-update1), the previous version wouldn't let our build agent connect at all to tfs https properly. Our old TFS 2015 build agent still works, but is missing the new features from the v2 agents.
使用set HTTP_PROXY=https://localhost:8888,我能够使VSTS使用小提琴手作为代理,并且发出了一个请求:
Using set HTTP_PROXY=https://localhost:8888 I was able to get VSTS to use fiddler as a proxy and it made one request:
CONNECT our.local.tfs.fqdn:8443 HTTP/1.1
Host: our.local.tfs.fqdn:8443
User-Agent: git/2.10.0 (vsts-agent-git/2.112.0)
A SSLv3-compatible ClientHello handshake was found. Fiddler extracted the parameters below.
Version: 3.3 (TLS/1.2)
(bunch of other stuff it decrypted here)
对于Auth,它具有:
for Auth it had:
No Proxy-Authorization Header is present.
No Authorization Header is present.
推荐答案
因此,我找到了比全局禁用https验证更好的命令,希望以后在对构建代理进行更新时可以更好地处理该问题.
So I found a better command than disabling https verification globally, hopefully though this will be better handled in future updates to the build agent.
git config --global http." https://YOURTFS.SERVER.HERE:PORT/.sslVerify false
git config --global http."https://YOURTFS.SERVER.HERE:PORT/".sslVerify false
那只会使它无法在(希望是内部的)git服务器上进行验证.
That will only disable it from verifying on your (hopefully internal) git server.
这篇关于作为服务运行时,TFS Build Agent无法连接到TFS 2017中的HTTPS git的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
