Configuring Polling Tentacle on a VM inside a Private VPC

nicolas.spencer · 13 April 2022 14:06

Hello!

I am trying to configure a polling tentacle on a VM that lives inside a private VPC on AWS so that my Octopus Deploy Cloud instance can use it. I am following the documentation but I’m stuck because I am getting a communication issue:

Checking that server communications are open failed with message The operation has timed out.. Retrying (1/5) in 00:00:00.7500000.
System.Net.WebException: The operation has timed out.

What I am doing is the following:

1- Install the Tentacle on the VM inside de private VPC (Ubuntu Server)

apt-key adv --fetch-keys https://apt.octopus.com/public.key
add-apt-repository "deb https://apt.octopus.com/ stretch main"
apt-get update
apt-get install tentacle

2- Running the following commands:

sudo /opt/octopus/tentacle/Tentacle create-instance --instance "Tentacle" --config "/etc/octopus/Tentacle/tentacle-Tentacle.config"

sudo /opt/octopus/tentacle/Tentacle new-certificate --instance "Tentacle" --if-blank

sudo /opt/octopus/tentacle/Tentacle configure --instance "Tentacle" --app "/home/Octopus/Applications" --noListen "True" --reset-trust

sudo /opt/octopus/tentacle/Tentacle register-worker --instance "Tentacle" --server "https://bairesdev.octopus.app" --name "testing-tentacle" --comms-style "TentacleActive" --server-comms-port "10943" --apiKey "API-XXXXXXXXXXXXXXXXXXXXXXXXX" --space "testing" --workerpool "tentacle-pool"

Where https://bairesdev.octopus.app is my OD instance where I created the API-key used in the previous command.
At this point, I get the message:

Checking connectivity on the server communications port 10943...

And after a while and error message:

Checking that server communications are open failed with message The operation has timed out.. Retrying (1/5) in 00:00:00.7500000.
System.Net.WebException: The operation has timed out.

I read port 10943 is already open on the OD Cloud Instance. I’ve checked the firewall rules on the VM in the private VPC and they seem correct (Allow all outgoing traffic on all ports to all destinations).

Any lights of what I’m missing?

Thanks!

donny.bell · 13 April 2022 15:00

Hi @nicolas.spencer,

Thank you for contacting Octopus Support.

It looks like it is getting stuck when trying to register the tentacle with the Octopus Cloud instance. Is web traffic opened on this VM? Tentacles will register via web API and deployments are run over 10943 by default for Polling Tentacles.

If the VM has a browser, navigating to https://bairesdev.octopus.app/ is a quick way to confirm.

Let me know your thoughts at your earliest convenience.

Best Regards,

nicolas.spencer · 13 April 2022 16:26

Thank you @donny.bell for your response.

The network team helped me with this and there was an ACL at the network level that was preventing the traffic to go to port 10943 (I was just loking at the VMs Security Group).

They are asking me though, to provide an IP or a Range IP where the Octopus Cloud Instance will live as they cannot open port 10943 to the world.

Is there an IP range where Octopus Cloud Instances are deployed?
thanks!

donny.bell · 13 April 2022 16:45

Hi @nicolas.spencer,

Thank you for getting back to me. I’m glad to hear the network team got it worked out for you.

Regarding the IP Range for your Octopus Cloud instance, we have a guide that show you how to obtain the list for your instance here: Static IP address - Octopus Deploy

If you have any additional questions, please let me know.

Best Regards,
Donny

nicolas.spencer · 14 April 2022 13:27

Hi @donny.bell thank you for the information.

I was able to find the IP range where our OD instance will live, I have one last question though. When setting the rule to allow traffic to the instance, It works fine when I use a port range between 1024 - 65535 (restricted to the OD IP addresses):

When I narrow to only port 10943 , I not able to get a connection to the instance and I get the same message as before:

Checking that server communications are open failed with message The operation has timed out.. Retrying (1/5) in 00:00:00.7500000.
System.Net.WebException: The operation has timed out.

Is there any port besides port 10943 that we need to open?

Thanks!

donny.bell · 14 April 2022 14:35

Hi @nicolas.spencer,

Thank you for getting back to me.

You are correct, for the Tentacle to communicate to Octopus, it will need access to 443 and 10943. As for why a range works and not a specific port, I would recommend looping in your network team and getting them to have a look.

If you have any additional questions, please let us know.

Best Regards,
Donny

system · 15 May 2022 14:35

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.