I want to deploy to an Azure SQL database, and I would like to run the tentacle performing deployments to be in Azure. I prefer to run everything I can on PaaS, and currently I have a solution where I install the tentacle in a Cloud Service. Since it seems like Cloud Services will be deprecated eventually and Web Apps are the future, I am trying to run the tentacle inside a site extension.

Here is my strategy to figure out how to get this working:

1. Extract the tentacle installer to a folder
2. Use the Kudu extension to upload the files from the installer (https://*.scm.azurewebsites.net/DebugConsole/?shell=powershell)
3. Configure the tentacle using the debugging console with commands something like:
   .\Tentacle.exe create-instance --instance “Tentacle” --config “D:\home\SiteExtensions\OctopusTentacle\Tentacle.config” --console
   .\Tentacle.exe new-certificate --instance “Tentacle” --if-blank --console
   .\Tentacle.exe configure --instance “Tentacle” --home “D:\home\SiteExtensions\OctopusTentacle” --app “D:\home\SiteExtensions\OctopusTentacle\Applications” --port “10933” --console
   .\Tentacle.exe configure --instance “Tentacle” --trust “OCTOPUS_THUMBPRINT” --console
   "netsh" advfirewall firewall add rule “name=Octopus Deploy Tentacle” dir=in action=allow protocol=TCP localport=10933
   .\Tentacle.exe agent --instance “Tentacle” --console

I can’t get the first command to run without getting errors (see below). Is this something I can somehow work around? My goal here is really to figure out how create a site extension that runs a tentacle as an HttpPlatformHandler (so not a windows service) similar to this: https://github.com/wadewegner/azure-go-lang-site-extension/blob/master/golang/applicationHost.xdt

Thanks!

PS D:\home\SiteExtensions\OctopusTentacle> .\Tentacle.exe create-instance --instance “Tentacle” --config “D:\home\SiteExtensions\OctopusTentacle\Tentacle.config” --console
2015-10-24 14:34:31.7279 Error Error initializing target EventLog Target[eventlog] System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.
at System.Diagnostics.EventLog.FindSourceRegistration(String source, String machineName, Boolean readOnly, Boolean wantToCreate)
at System.Diagnostics.EventLog._InternalLogNameFromSourceName(String source, String machineName)
at System.Diagnostics.EventLog.LogNameFromSourceName(String source, String machineName)
at NLog.Targets.EventLogTarget.InitializeTarget()
at NLog.Targets.Target.Initialize(LoggingConfiguration configuration)
The Zone of the assembly that failed was:
MyComputer.
Octopus Deploy: Tentacle version 3.1.5 (3.1.5+Branch.master.Sha.a3fb854d900077b8b028687f3a4ca01c59e84f56)
Creating empty configuration file: D:\home\SiteExtensions\OctopusTentacle\Tentacle.config
Saving instance: Tentacle

Error: The specified registry key does not exist.

Full error details are available in the log files.
At: C:\DWASFiles\Sites#1octo-tentacle\LocalAppData\Octopus\Logs

The specified registry key does not exist.
System.IO.IOException: The specified registry key does not exist.
at Microsoft.Win32.RegistryKey.Win32Error(Int32 errorCode, String str)
at Microsoft.Win32.RegistryKey.CreateSubKeyInternal(String subkey, RegistryKeyPermissionCheck permissionCheck, Object registrySecurityObj, RegistryOptions registryOptions)
at Microsoft.Win32.RegistryKey.CreateSubKey(String subkey, RegistryKeyPermissionCheck permissionCheck)
at Octopus.Shared.Configuration.ApplicationInstanceStore.CreateOrOpenKeyForWrite(RegistryKey parent, String keyName) in Y:\work\refs\tags\3.1.5\source\Octopus.Shared\Configuration\ApplicationInstanceStore.cs:line 88
at Octopus.Shared.Configuration.ApplicationInstanceStore.SaveInstance(ApplicationInstanceRecord instanceRecord) in Y:\work\refs\tags\3.1.5\source\Octopus.Shared\Configuration\ApplicationInstanceStore.cs:line 61
at Octopus.Shared.Startup.AbstractCommand.Octopus.Shared.Startup.ICommand.Start(String[] commandLineArguments, ICommandRuntime commandRuntime, OptionSet commonOptions) in Y:\work\refs\tags\3.1.5\source\Octopus.Shared\Startup\AbstractCommand.cs:line 57
at Octopus.Shared.Startup.ConsoleHost.Run(Action`1 start, Action shutdown) in Y:\work\refs\tags\3.1.5\source\Octopus.Shared\Startup\ConsoleHost.cs:line 72
at Octopus.Shared.Startup.OctopusProgram.Run() in Y:\work\refs\tags\3.1.5\source\Octopus.Shared\Startup\OctopusProgram.cs:line 87

Hi Gregjhogan,
I think you are using the wrong Azure resource as an installation target for the Tentacle. If you want the Tentacle to also live in the cloud, I would suggest the most useful mechanism would be to install it on an Azure Virtual Machine. This way you have a single addressable endpoint to communicate with the server rather than on one of potentially many Web Apps that could be spun up or down at will. We have several clients who have their Tentacles up and running with this approach.

You can provision a new virtual machine in Azure, then RDP in and download/install a tentacle as you would on any other local machine, ensuring that you have the correct ports open.
Alternatively, by following our documentation you can use PowerShell DSC to script some of the configuration if required.
Take a look at these approaches and give them a go.
Let us know if you encounter any difficulty in setting up your Tentacle in Azure.
Robert

In this situation, the only difference I see between a web app with an instance count of 1 and a single VM is that one solution uses PaaS and the other uses IaaS. It seemed like the natural replacement for a cloud service, which currently works, but seems likely to be deprecated (no ARM support).

I can understand how it may seem strange to ask to be able to run a tentacle on a web app because you wouldn’t ever want to use the tentacle to deploy to a web app. However, I am trying to run the tentacle executable as a HttpPlatformHandler which means the tentacle process is the web app. This would be simple if the tentacle executable didn’t do anything that required elevated permissions.

For Azure SQL database deployments, I wonder if a better solution is to push the dacpac to an Azure blob/queue and use a WebJob to consume it. I could do this without a tentacle if a new deployment target was added for Azure blobs/queues. It would be nice if there was some sort of feedback mechanism for results, too.

Hi Gregjhogan,
What is the aversion to using a VM with the Tentacle install? This is the recommended mechanism and we have many users who follow this approach. Unfortunately we don’t support or expect to support running them as a WebApp due to various installation requirements.

Could you explain your full deployment process and maybe we can think of a better solution for what you are after.
If you are trying to deploy an Azure WebApp you can do that directly from the server without need for a full blown Tentacle. If you want to push resources to an Azure blob/queue then there may be some useful scripts in our template library that could allow you to do this, again without any Tentacle.
Cheers,
Robert

The goal is simple, deploy a dacpac to an Azure SQL database. Our octopus server is on-prem (moving it is not an option) and the database is obviously not on-prem. There are a lot of ways to accomplish this goal, but in the environment I am in a) direct connections to Azure SQL databases over the internet are not allowed and b) IaaS windows instances require controls that are labor intensive to manage. Our productivity is much higher if all egress traffic is over HTTPS and everything runs on top of PaaS offerings in Azure.

Based on your last response mentioning “various installation requirements” it seems like my original question is answered (is there a workaround to configure/run Tentacle.exe without elevated privileges?), meaning there currently is no way to run it as a site extension.

I still think a tentacle running on top of PaaS is valuable. If you had the option to run a tentacle on top of IaaS or PaaS, why would you ever choose IaaS? If you haven’t ever looked at a HttpPlatformHandler, maybe take a look. The tentacle windows service seems like it is largely an HTTPS web server, which is a natural fit. Now that I say that, I realize that even the Octopus server could be a site extension for an Azure Web App (making the web app an octopus server).

Thanks!