Octopus migration sense check

Jon_Vaughan2 · February 22, 2021, 5:16pm

We have an older instance of Octopus Deploy (3.15.7) which needs to move from one server instance to a new server instance; due to the hosts being decommissioned.

I have seen the migration document and everything looks straight forward:

My concerns come from the number of tentacles; Which numbers close to 2000 polling tentacles and making a change that causes irreversible impact on such a large number of machines.

Setup:
Octopus deploy instance
SQL Server instance
Octopus CNAME
OctopusDB CNAME
2000 Polling tentacles.

1.) For a dry-run I will install the new Octopus server and point it to the newly restore database and then start the service running, I will login and set this server into maintenance mode. However there will be a small window when it’s running as a live server. Are there any tasks, back dated schedule events (The database was baked up for dry-run purposes about a week ago) that could start running between switching the service on and disabling maintenance mode?

2.) Is there anything with the newly installed dry-run server that can impact the existing tentacles? These tentacles are all installed as polling and pointing to the existing server via a CNAME.

3.) As part of the go-live migration I will switch off the existing octopus server, backup the databases, restore the databases, move the artifacts/task logs etc, repoint the cnames. There will be a period of time when the tentacles will be polling a server that doesn’t exist. The current settings suggest the tentacles won’t be removed; Is there anything I need to check to make sure this is the case?

4.) When I install a new server will the thumb print change? Or will this be the same as it comes from the database or master key? Are there any scenarios I need to be aware of if the thumbprint changes?

Thanks in advance
Jon

Jon_Vaughan2 · February 23, 2021, 11:25am

To extend question 4.

I see this document:

Which discusses the self signed cert.
But there is nothing on this in the migration document, can I take it that the cert is in the database and when I backup and restore the database to the new infra that the cert (and thumbprint) will stay the same?

lianne.crocker · February 23, 2021, 4:46pm

Hi Jon,

Thanks for getting in touch!

1 - Maintenance mode

Ideally, you would set maintenance mode before backing up your current database. However, I realize this wasn’t possible in this instance; there is a way around this. This is somewhere a couple of database updates may be of use. We don’t normally recommend direct database updates; unlike changes via the API and UI, they are not audited.

Always backup your Octopus database before running SQL scripts. We do not advise updating your Octopus database directly if you can avoid it.

The first sets the server to maintenance mode:

update [dbo].[Configuration]
set [JSON] = JSON_MODIFY([JSON],'$.IsInMaintenanceMode','true')
where ID = 'maintenance'

2 - Existing tentacles

I’d also recommend, on your dry run instance, setting all of the machines to disabled. Nothing should try to deploy, but this will make sure of that.

update [dbo].[Machine]
set IsDisabled = 1

For the dry run, if I read it correctly, you aren’t switching the CNAMEs over? If this is the case, the polling tentacles will not know anything of the dry run Octopus instance, so they will take no action.

To be doubly sure, you could disable any project triggers.

3 - Go-live migration and tentacles

The current settings suggest the tentacles won’t be removed; Is there anything I need to check to make sure this is the case?

Do you mean removed from registration in Octopus? No, they won’t be removed from there.

We have a script for cloning Tentacles; it can be used to take a polling Tentacle that points to one Octopus instance and move it to another. However, because you’re switching the CNAME you won’t need to run this migration. I would, however, make sure that the CNAME changes have taken full effect before taking the new Octopus instance out of maintenance mode.

4 - Thumbprint

The Octopus Server thumbprint is stored in the database; because of this, it will remain the same as it is now. Thank you for pointing out that the certificate is not mentioned on that page in the documentation; I’ll put a card on the board to update it to show that!

If you have any further questions, please let me know!

Thanks,
Lianne

Jon_Vaughan2 · February 23, 2021, 5:07pm

Thanks Lianne, Those answers put my mind at rest.