Hi there, trying to automate the installation of tentacles on servers and on the following command am getting the errors:

.\Tentacle.exe register-with --instance “Tentacle” --server=http://*/ --apiKey="API-" --role “web-server” --environment “***** Test Environment” --comms-style TentaclePassive --console

Octopus.Client.Exceptions.OctopusServerException: 502 Bad Gateway

DNS error

This is because the server I am trying to install the tentacle on has no internal or external http access…it only has access to other servers directly…

I can install working tentacles manually on such a machine but trying to use one of the PowerShell scripts suggested here https://octopus.com/docs/installation/installing-tentacles/automating-tentacle-installation

they all seem to use a http address internal or external.

I was hoping you guys migh be able to suggest an option…possibly inserting a direct address or IP for the octopus server?

Let me know

Dave

Hi Dave,

Thanks for getting in touch!

Unfortunately there is no way to automate the install without using HTTP or HTTPS. Octopus is designed around a HTTP REST API so all API calls are via HTTP. Without access to this server on port 80 (or 443 if you enable HTTPS) then you won’t be able to utilise the API except for locally on the server itself.

Sorry that I can’t assist in this case, please let us know if there is anything else we can assist with,

Regards,

Alex

Alex,

What about the solution here:

http://help.octopusdeploy.com/discussions/questions/5421-remote-tentacle-registration

It seems I have basically the same issue … I have the ability to run whatever scripts I want remotely on all servers in question, I just can’t call over http….so I thought I could do something like the following run from the octopus server?..

#run from the octopus server
$remotetentacleserver = “server_I_want_to_install_the_tentacle_on”

Invoke-Command -ComputerName $remotetentacleserver -ScriptBlock {

#install msi
$msifile= “C:\Temp\Octopus.Tentacle.3.4.10-x64.msi”
$arguments= ’ /qn '
Start-Process -file $msifile -arg $arguments -passthru | wait-process

& “C:\Program Files\Octopus Deploy\Tentacle\Tentacle.exe” create-instance --instance “Dave” --config “C:\Octopus\Dave\Tentacle-Dave.config”
& “C:\Program Files\Octopus Deploy\Tentacle\Tentacle.exe” new-certificate --instance “Dave” --if-blank
& “C:\Program Files\Octopus Deploy\Tentacle\Tentacle.exe” configure --instance “Dave” --home “C:\Octopus” --app “C:\Octopus\Applications\Dave” --port “10933”
& “C:\Program Files\Octopus Deploy\Tentacle\Tentacle.exe” configure --instance “Tentacle” --trust “B0D392716E8FB8830494BB61F6F341C31EFC6505” --console
& “C:\Program Files\Octopus Deploy\Tentacle\Tentacle.exe” service --instance “Dave” --install --start

$TentacleThumb = & “C:\Program Files\Octopus Deploy\Tentacle\Tentacle.exe” Show-thumbprint

}

Step 2

Add-Type -Path ‘C:\Program Files\Octopus Deploy\Tentacle\Octopus.Client.dll’

$apikey = ‘API-XXXXXXXX’ # Get this from your profile
$octopusURI = ‘http://XXXXXXXX’ # Your Octopus Server address

$tentacleThumbprint = “$TentacleThumb”
$environmentId = “XXXX Environment” # Get this from /api/environments
$role = “web-server” # The role of the machine
$machineName = “Dave” # The name of the machine

$endpoint = New-Object Octopus.Client.OctopusServerEndpoint $octopusURI,$apikey
$repository = New-Object Octopus.Client.OctopusRepository $endpoint

$tentacleEndpoint = New-Object Octopus.Client.Model.Endpoints.PollingTentacleEndpointResource
$tentacleEndpoint.Thumbprint = $tentacleThumbprint
$tentacleEndpoint.Uri = “poll://” + ((char[] | sort {get-random})[0…20] -Join ‘’) + “/”

$tentacle = New-Object Octopus.Client.Model.MachineResource
$tentacle.Endpoint = $tentacleEndpoint
$tentacle.EnvironmentIds.Add($environmentId)
$tentacle.Roles.Add($role)
$tentacle.Name = $machineName

$repository.Machines.Create($tentacle)

Write-Host “Add this value to the ‘Tentacle.Communication.TrustedOctopusServers’ key in Tentacle-${machineName}.config”
$server = [ordered]@{
“Thumbprint” = “”; # Your Octopus Server Thumbprint
"CommunicationStyle" = 2;
“Address” = “http://tfsbuild:9999”; # Your Octopus Server URL and Communications port (10943 by default)
“Squid” = “”;
“SubscriptionId” = $tentacleEndpoint.Uri;
}
$server | ConvertTo-Json -Compress

#Step 3:- Open the Tentacle configuration file of your new Tentacle (specified when you registered the Tentacle in step 1) - Add the JSON output by step 2 above to the Tentacle.Communication.TrustedOctopusServers (within the []) - Save the config file - Restart the Tentacle service

I haven’t powershelled this out but I can do this no worries I think.

I just have one issue…with this line:

$tentacleEndpoint.Uri = “poll://” + ((char[] | sort {get-random})[0…20] -Join ‘’) + “/”

This comes back with an error….but what value is this trying to find? Possibly I could find it from within the server itself?

What do you think?

Dave

Hi Dave,

Apologies for the length of time from your last update, this took a lot longer to nut out than I thought.

I’ve attached a script that will install a listening Tentacle (so your Step 3 isn’t required - all it needs to do is be able to listen on port 10933) from your Octopus Server with a couple of caveats:

Caveat 1: You need to have a copy of the Tentacle installer on the remote server (c:\Temp in my script).
Caveat 2: I’m using CredSSP to enable the remote script to run as admin. This will need to be enabled on both the Octopus Server and the (soon to be) Tentacle. The commands are included in the script itself along with an explanation of which command is to be run on which box.

I’ll hopefully find some time to have a further look at it later this week to attempt to fully automate it (and hopefully remove the CredSSP requirement) however I thought I should pass through the current working example.

Please let me know if you have any questions or issues,

Regards,
Alex

Remote_Install_Listening.zip (1 KB)

Alex,

Thank you so much for this, I have not forgotten you but it has taken a bit of time to get back to this project. I will try this script out and let you know….

Cheers

Dave

Alex,

Have just run through and entered all of our specific details into this script and I get an output which I add to the tentacle.config on the target node and it not quite working….

Environment is showing on Octopus Server and the tentacle is deployed on the target node, but it will not connect….

I have tried replicating the tentacle.config from other servers that are working but it refuses to connect…

I was wondering if you might be able to do a quick webex to talk this through.

Let me know

Dave

Alex,

Additionally here is a sample of the logs from the octopus deploy server:

2017-09-01 00:55:25.2677 8476 64 INFO https://settchqscnd01:10933/ 64 Unexpected exception executing transaction.
Halibut.HalibutClientException: The client was unable to establish the initial connection within 00:01:00
at Halibut.Transport.TcpClientExtensions.ConnectWithTimeout(TcpClient client, String host, Int32 port, TimeSpan timeout)
at Halibut.Transport.TcpClientExtensions.ConnectWithTimeout(TcpClient client, Uri remoteUri, TimeSpan timeout)
at Halibut.Transport.SecureClient.CreateConnectedTcpClient(ServiceEndPoint endPoint)
at Halibut.Transport.SecureClient.EstablishNewConnection()
at Halibut.Transport.SecureClient.ExecuteTransaction(Action1 protocolHandler) 2017-09-01 00:55:26.2739 8476 64 INFO https://settchqscnd01:10933/ 64 Retry attempt 1 2017-09-01 00:55:26.2739 8476 64 INFO https://settchqscnd01:10933/ 64 Opening a new connection 2017-09-01 00:55:47.2841 8476 64 INFO https://settchqscnd01:10933/ 64 Unexpected exception executing transaction. Halibut.HalibutClientException: The client was unable to establish the initial connection within 00:01:00 at Halibut.Transport.TcpClientExtensions.ConnectWithTimeout(TcpClient client, String host, Int32 port, TimeSpan timeout) at Halibut.Transport.TcpClientExtensions.ConnectWithTimeout(TcpClient client, Uri remoteUri, TimeSpan timeout) at Halibut.Transport.SecureClient.CreateConnectedTcpClient(ServiceEndPoint endPoint) at Halibut.Transport.SecureClient.EstablishNewConnection() at Halibut.Transport.SecureClient.ExecuteTransaction(Action1 protocolHandler)

The target node logs just say that the service has started correctly

Cheers

Dave

Hi Dave,

Thanks for the extra information. While I investigate possible causes are you able to confirm that you enabled CredSSP on both the server and Tentacle using the commands provided in the script?

I look forward to hearing from you shortly,

Regards

Alex

Alex,

I didn’t actually use CredSSP in the end, instead I did the following:

$r = New-PSSession $remotetentacleserver -credential XXXXXX

And just entered the credentials manually when prompted, I assume if they had not been accepted I would have got a permissions error.

Cheers Dave

Hi Dave,

Thanks for that info, I believe that may be our problem. While the system is indeed accepting the credentials (as you presume) it unfortunately won’t allow the client to use those credentials to launch an admin powershell instance, even if the provided credentials have administrative rights. That is why I was forced into using CredSSP (as my original instinct was that same as yours, just pass the required credentials).

Are you able to advise if the script operates correctly if you enable CredSSP on your server and one test Tentacle?

Regards,

Alex

Alex,

Of course I will try that now….I should have used CredSSP sorry mate

Dave

Hi Dave,

No problems, I should have been a bit clearer on why I needed to use CredSSP. Looking forward to hearing how you go!

Regards,
Alex