We’re running OD v3.3.6 and I wonder what type of permission is needed to do an upgrade of Calamari on a newly installed node. The user has the following rights regarding environments:
My apologies, I missed an additional permissions check that requires that to update Calamari on a machine the user has to be an Octopus administrator (the AdministerSystem permission).
Again, my apologies for missing this in my initial investigations and reply.
But isn’t that kind of strange that you need to be an administrator to update a calamari version but not to create a new environment? I don’t like the idea to give all developers administrative rights just to be able to upgrade a tentacle they just installed.
Yes, I can understand it seems a bit strange, and I’m not sure why the decision was made to have it implemented that way and if it is something we’re going to change.
In the meantime, if the developer does a deployment Calamari will be updated on the machines that are running outdated Calamari version…
Thank you for allowing me to join this discussion.
I too encountered a similar problem, and I am also using OD 3.3.6. We went as far a creating a new user role based on System Administrator but with rights to specific environments and projects. It has the Task Create enabled, but we also find this user role is not sufficient to promote the Calamari update. Only “Octopus Administrators” seem to have this ability.
I understand that we can always just ‘deploy’ and the update will take place, but we’ve also seen this add several minutes to the deployment (which should have been about 30 seconds), causing stress and concern during a deployment. It would be better for us if we could do these updates when not doing a deployment, but it’s limited to a small subset of the staff.
Any chance anyone other than a system wide Octopus Administrator will have these rights in an upcoming release?