Hi i am using chef to automate configuration of tentacle. inside chef i am using powershell scripts to configure Tentacle.
But when i am running my recipe OctopusTentacle Deploy Service is not started and when i manually try to start it it displays Error:1067 the process terminated unexpectedly . here is my script
Set-Location “C:\Program Files\Octopus Deploy\Tentacle” ; .\Tentacle.exe create-instance --instance “Tentacle” --config “C:\Octopus\Tentacle.config” --console
Set-Location “C:\Program Files\Octopus Deploy\Tentacle” ; .\Tentacle.exe new-certificate --instance “Tentacle” --if-blank --console
Set-Location “C:\Program Files\Octopus Deploy\Tentacle” ; .\Tentacle.exe configure --instance “Tentacle” --reset-trust --console
Set-Location “C:\Program Files\Octopus Deploy\Tentacle” ; .\Tentacle.exe configure --instance “Tentacle” --home “C:\Octopus” --app “C:\Octopus\Applications” --port “10933” --console
Set-Location “C:\Program Files\Octopus Deploy\Tentacle” ; .\Tentacle.exe configure --instance “Tentacle” --trust “#################” --console
Set-Location “C:\Program Files\Octopus Deploy\Tentacle” ; .\Tentacle.exe service --instance “Tentacle” --install --start --console
port 10933 is already opened in firewall and when i run this script on target server manually then tentacle is configured without any issues. and once tentacle is configured now if i uninstall and again run chef recipe now i am able to configure. I am attachng the log file over here and it is displaying Run new certificate command error.
please look into the issue as i do not wish to login into machine to configure tentacle and i am using administrator credentials to bootstrap chef recipes
OctopusTentacle.txt (56 KB)
Hi Kamal,
Your log indicates that the installer is unable to generate a new certificate for the tentacle. This is usually because the Windows account which is running the install process is unable to load a user profile. A user profile is required for the Windows Data Protection API to generate keys.
I’ve noticed this in particular when using AWS instances, as the EC2 boot/userdata process does not load a profile, but it also seems to be common with Chef, as mentioned in the comments at this link:
http://g.octopushq.com/CryptoRequiresUserProfile
The good news is: If you use OctopusDSC, rather than tentacle.exe, the DSC engine always loads a profile. The DSC code is also cleaner and more readable than trying to use the tentacle.exe method, making it much nicer to work with, and we offer a lot of configuration options, so even quite complex scenarios are supported
https://octopus.com/docs/installation/installing-tentacles/automating-tentacle-installation#AutomatingTentacleinstallation-DSCDesiredStateConfiguration
Alternatively, you may be able to use RUNAS, as suggested in the log, to change the user profile - but this may not help in a Chef context
2017-09-27 07:25:59.4576 2728 1 ERROR ===============================================================================
2017-09-27 07:25:59.4576 2728 1 ERROR Crypto functions require the Windows User Profile
2017-09-27 07:25:59.4576 2728 1 ERROR -------------------------------------------------------------------------------
2017-09-27 07:25:59.4576 2728 1 ERROR Various cryptographic functions used by Octopus Deploy require the Windows user profile to have been loaded. Some remote administration scenarios run commmands in processes without user profile information; to successfully run the problem command, invoke it from the command-line using RUNAS, e.g.: `runas /profile /user:<username> "C:\...\Tentacle.exe new-certificate"`.
2017-09-27 07:25:59.4576 2728 1 ERROR See: http://g.octopushq.com/CryptoRequiresUserProfile
2017-09-27 07:25:59.4576 2728 1 FATAL -------------------------------------------------------------------------------
Regards,
Jason