Automate Configuration of Tentacle service

(kamal.boolchandani) #1

Hi i am using chef to automate configuration of tentacle. inside chef i am using powershell scripts to configure Tentacle.
But when i am running my recipe OctopusTentacle Deploy Service is not started and when i manually try to start it it displays Error:1067 the process terminated unexpectedly . here is my script

Set-Location “C:\Program Files\Octopus Deploy\Tentacle” ; .\Tentacle.exe create-instance --instance “Tentacle” --config “C:\Octopus\Tentacle.config” --console
Set-Location “C:\Program Files\Octopus Deploy\Tentacle” ; .\Tentacle.exe new-certificate --instance “Tentacle” --if-blank --console
Set-Location “C:\Program Files\Octopus Deploy\Tentacle” ; .\Tentacle.exe configure --instance “Tentacle” --reset-trust --console
Set-Location “C:\Program Files\Octopus Deploy\Tentacle” ; .\Tentacle.exe configure --instance “Tentacle” --home “C:\Octopus” --app “C:\Octopus\Applications” --port “10933” --console
Set-Location “C:\Program Files\Octopus Deploy\Tentacle” ; .\Tentacle.exe configure --instance “Tentacle” --trust “#################” --console
Set-Location “C:\Program Files\Octopus Deploy\Tentacle” ; .\Tentacle.exe service --instance “Tentacle” --install --start --console

port 10933 is already opened in firewall and when i run this script on target server manually then tentacle is configured without any issues. and once tentacle is configured now if i uninstall and again run chef recipe now i am able to configure. I am attachng the log file over here and it is displaying Run new certificate command error.
please look into the issue as i do not wish to login into machine to configure tentacle and i am using administrator credentials to bootstrap chef recipes

OctopusTentacle.txt (56 KB)

(Jason Brown) #2

Hi Kamal,

Your log indicates that the installer is unable to generate a new certificate for the tentacle. This is usually because the Windows account which is running the install process is unable to load a user profile. A user profile is required for the Windows Data Protection API to generate keys.

I’ve noticed this in particular when using AWS instances, as the EC2 boot/userdata process does not load a profile, but it also seems to be common with Chef, as mentioned in the comments at this link:

http://g.octopushq.com/CryptoRequiresUserProfile

The good news is: If you use OctopusDSC, rather than tentacle.exe, the DSC engine always loads a profile. The DSC code is also cleaner and more readable than trying to use the tentacle.exe method, making it much nicer to work with, and we offer a lot of configuration options, so even quite complex scenarios are supported

Alternatively, you may be able to use RUNAS, as suggested in the log, to change the user profile - but this may not help in a Chef context

2017-09-27 07:25:59.4576   2728      1 ERROR  ===============================================================================
2017-09-27 07:25:59.4576   2728      1 ERROR  Crypto functions require the Windows User Profile
2017-09-27 07:25:59.4576   2728      1 ERROR  -------------------------------------------------------------------------------
2017-09-27 07:25:59.4576   2728      1 ERROR  Various cryptographic functions used by Octopus Deploy require the Windows user profile to have been loaded. Some remote administration scenarios run commmands in processes without user profile information; to successfully run the problem command, invoke it from the command-line using RUNAS, e.g.: `runas /profile /user:<username> "C:\...\Tentacle.exe new-certificate"`.
2017-09-27 07:25:59.4576   2728      1 ERROR  See: http://g.octopushq.com/CryptoRequiresUserProfile
2017-09-27 07:25:59.4576   2728      1 FATAL  -------------------------------------------------------------------------------

Regards,

Jason

(system) closed #4