Open gauravcanon opened 2 years ago
Old but I just ran into the same problem. This is applicable on the jetbrains/teamcity-agent:2021.1.2-linux-sudo
image. I was able to fix it as follows:
Firstly, you need to grab agent.sh
from /opt/buildagent/bin/agent.sh
from the Dockerfile, as you will need to make two edits.
Changes to agent.sh
:
TEAMCITY_AGENT_OPTS_ACTUAL="$TEAMCITY_AGENT_OPTS -ea $TEAMCITY_AGENT_MEM_OPTS_ACTUAL -Dteamcity_logs=$LOG_DIR/ -Djavax.net.ssl.keyStore=/opt/java/openjdk/jre/lib/security/cacerts -Djavax.net.ssl.trustStore=/opt/java/openjdk/jre/lib/security/cacerts -Djavax.net.ssl.keyStorePassword=changeit -Djavax.net.ssl.trustStorePassword=changeit"
And within the start|run)
function of agent.sh
:
keytool -importcert -noprompt -alias mycert -file /data/teamcity_agent/conf/trustedCertificates/mycert.crt \
-keystore /opt/java/openjdk/jre/lib/security/cacerts -storepass changeit
Finally, copy the cert and updated agent.sh
file to the Dockerfile:
RUN mkdir -p /data/teamcity_agent/conf/trustedCertificates
COPY certs/mycert /data/teamcity_agent/conf/trustedCertificates/mycert.crt
COPY agent.sh /opt/buildagent/bin/agent.sh
You don't have to patch the Dockerfile or rebuild the image: a correct combination of environment variables ($TEAMCITY_AGENT_OPTS
) and mounted keystores (/data/teamcity_agent/conf/trustedCertificates
) would work just fine:
# First, import your certificate into a keystore file (mind the keystore type, the default/implicit one failed in my tests)
keytool -importcert -alias my_cert -file ~/my_cert.pem -deststoretype jks -keystore /etc/teamcity_agent/conf/trustedCertificates/my_keystore.jks -storepass changeit
# Now, run the agent
sudo docker run -e 'TEAMCITY_AGENT_OPTS=-Djavax.net.ssl.keyStore=/data/teamcity_agent/conf/trustedCertificates/my_keystore.jks -Djavax.net.ssl.trustStore=/data/teamcity_agent/conf/trustedCertificates/my_keystore.jks -Djavax.net.ssl.keyStorePassword=changeit -Djavax.net.ssl.trustStorePassword=changeit' -e SERVER_URL="https://teamcity.internal.your-org.com" -v /etc/teamcity_agent/conf/:/data/teamcity_agent/conf --name TeamcityAgent -u 0 --privileged -e DOCKER_IN_DOCKER=start jetbrains/teamcity-agent:2021.1.1-linux-sudo
(I had to run Docker-in-Docker, hence this specific image and addition options)
What I also tried but unsuccessfully:
/data/teamcity_agent/conf/trustedCertificates
without adding the $TEAMCITY_AGENT_OPTS
environment variable: the certificates and keystores seem to be ignored, the agent throws errors about failing the certificate validation;keytool
without specifying keystore format: Java thrown an error about wrong file format.Hope this helps.
We are evaluating Teamcity for an Enterprise solution.
What I am trying to achieve.
:white_check_mark: Create and host Teamcity Server :white_check_mark: It is working with SSL able to access outside the home network :white_check_mark: Install Agent 1 and check the connection with the Teamcity server ✗ Agent SSL handshake with Teamcity Server
41 This issue I tried to follow but didn't get working
My Docker Compose
Error from Agent Log :
What I am missing