OD nodes behind an AWS ELB

(Anthony) #1

Hi,

I’ve gone through the documentation in regards to setting up HA OD nodes.

An overview m particular environment in AWS:

  • Mirrored MSSQL RDS instance
  • DFS Namespace and replication setup between two nodes
  • 2x Octopus Deploy nodes in HA cluster with shared storage configured
  • AWS classic load balancer with port 80 and 443 listener, a TCP listener for 10943 along with a health check against: HTTPS:443/api/octopusservernodes/ping
  • Public IP’s on each of the Octopus Deploy nodes with 10943 open to the tentacles can poll them directly

Basically the workflow is upon boot of an instance that needs to talk with OD I run the following script as userdata to install the tentacle. It registers it against the HTTPS endpoint then adds the two OD servers as “poll servers” to the tentacle config

installtentacle.zip (1.7 KB)

The above works because I can see it in the config file

[{“Thumbprint”:“9544ADBBD6CC12734C348DCF6CCAA2D63B9EE5FC”,“CommunicationStyle”:2,“Address”:“https://octopus-uri-removed:10943”,“Squid”:null,“SubscriptionId”:“poll://72vbplvzmukl67plf2fq/”},{“Thumbprint”:“9544ADBBD6CC12734C348DCF6CCAA2D63B9EE5FC”,“CommunicationStyle”:2,“Address”:“https://od-server-1-uri:10943”,“Squid”:null,“SubscriptionId”:“poll://72vbplvzmukl67plf2fq/”},{“Thumbprint”:“9544ADBBD6CC12734C348DCF6CCAA2D63B9EE5FC”,“CommunicationStyle”:2,“Address”:“https://od-server-2-uri:10943”,“Squid”:null,“SubscriptionId”:“poll://72vbplvzmukl67plf2fq/”}]

What I’m finding at the moment is in the tentacle logs I’m getting the following:

tentacleoutput.txt (3.4 KB)

Now searching through the OD nodes logs I see logs where it successfully authenticates on one server but fails on the other

  • Working node

workingnode.txt (715 Bytes)

I can’t see anything obvious that would be causing this. There is certainly no connection issues as it can connect to both nodes but it would appear only one of the two nodes is trusting the certificate?

Any ideas?

0 Likes

(Anthony) #3

Looks like you need to register the tentacle against OD nodes regardless of which one it initially registers to? I would have thought that if one server trusts it the other should as well?

Either way looks like registering the tentacle to both nodes during bootstrapping eliminates those errors in the tentacle log.

0 Likes

#4

Hi @Theonlyway

Sorry for the delay in our response on this one!

You are correct that for Polling Tentacles you need to specify both nodes so it knows to attempt communications with both, as in this scenario the Tentacle is starting the connection, not your Octopus Server. Listening Tentacles don’t have this issue as the Octopus Server is the source of the connection.

Any other questions please let me know,

Regards
Alex

0 Likes

(system) closed #5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

0 Likes