Ok so hear me out on this one.
I am using octo deploy in a multi-tenanted environment. In order for our release team to test sometimes they want to deploy something to their local laptops. This, in and of itself, is pretty simple. However the issue lies in how our network is configured.
This used to work just fine when Octo was installed on our local network because there were not issues with ports or firewall restrictions, however since we migrated our octo instance to AWS this issue popped up. Because the majority of our deployment targets are resources in AWS it has not been an issue there, only when deploying to someone’s local machine within our home network. This is because our network team blocks egress from our local machines to non-standard ports. So 10943 is blocked, and there is no way to unblock it. (they straight up refused).
SO… I created a loadbalancer proxy in aws and set port 443 and the passthrough works.
In theory all of this should work together, and I am confident I did get this to work at least one time, however when I attempt to register the tentacle, it still wants to use the original port and server url even though they have been updated in the Tentacle.config file. Here is the powershells cript I am using. Perhaps you can see where I am going wrong.
## Update these values
$apiKey = "API_KEY"
$tentacleName = "MACHINE_NAME" ## aka John Doe's Laptop
#requires -version 4.0
#requires -RunAsAdministrator
## no need to change below
$octoThumbprint = "THUMB_PRINT"
$octoServerUri = "https://octopus"
$octoPollingUri = "octo-polling"
$configFile = "C:\Octopus\Tentacle.config"
$tentacleInstanceName = "Tentacle"
function Remove-ListenerConfig {
## get the xml config info and extract the listener info
[XML]$config = Get-Content $configFile
$xPath = "/octopus-settings/set[@key='Tentacle.Communication.TrustedOctopusServers']"
$value = Select-Xml -Xml $config -XPath $xPath | Select-Object -ExpandProperty Node | Select-Object -ExpandProperty InnerXml
## the value is a json string so remove any servers with "CommunicationStyle":1
$jsonValue = $value | ConvertFrom-Json
$updatedValue = $jsonValue | Where-Object { $_.CommunicationStyle -ne 1 } | Select-Object $_
$newStringValue = $($updatedValue | ConvertTo-Json -Compress | Out-String).Trim()
## update content and write back to file
$config.'octopus-settings'.SelectSingleNode("set[@key=""Tentacle.Communication.TrustedOctopusServers""]").InnerXml = "[${newStringValue}]"
$config.Save($configFile)
}
cd "C:\Program Files\Octopus Deploy\Tentacle"
## create the tentacle instance
.\Tentacle.exe create-instance `
--instance $tentacleInstanceName `
--config $configFile
## create the tentacle certificate (if needed)
.\Tentacle.exe new-certificate `
--instance $tentacleInstanceName `
--if-blank
## resets the trust relationships (tentacles and servers require trust relationships)
.\Tentacle.exe configure `
--instance $tentacleInstanceName `
--reset-trust
## setups up polling instance
.\Tentacle.exe configure `
--instance $tentacleInstanceName `
--home "C:\Octopus" `
--app "C:\Octopus\Applications" `
--trust $octoThumbprint
.\Tentacle.exe server-comms `
--instance $tentacleInstanceName `
--config $configFile `
--style "TentacleActive" `
--host $octoPollingUri `
--thumbprint $octoThumbprint `
--port "443"
## at this point, the tentacle config is a little whack,
## it has settings for both polling and listening tentacles
## need to remove the listening tentacle
Remove-ListenerConfig
## registers tentacle with main octo server
## this breaks because it wants to still try to register and check the original server and port
## that will fail every time due to network issues.
.\Tentacle.exe register-with `
--instance $tentacleInstanceName `
--server $octoServerUri `
--name $tentacleName `
--apiKey $apiKey `
--comms-style "TentacleActive"`
--tenant "TENANT_NAME" `
--environment "local" `
--role "app-server" `
--role "db-server" `
--force
## installs and then starts the windows server
.\Tentacle.exe service `
--instance $tentacleInstanceName `
--install `
--start
And for the most part will run but will error out (eventually) with this error.
| Output Log | |
|---|---|
| Configuration file at C:\Octopus\Tentacle.config already exists. | |
| Setting home directory to: C:\Octopus | |
| Saving instance: Tentacle | |
| A certificate already exists, no changes will be applied. | |
| Removing all trusted Octopus Servers… | |
| These changes require a restart of the Tentacle. | |
| Adding 1 trusted Octopus Servers | |
| Home directory set to: C:\Octopus | |
| Application directory set to: C:\Octopus\Applications | |
| These changes require a restart of the Tentacle. | |
| Updated server communications configuration | |
| These changes require a restart of the Tentacle. | |
| Checking connectivity on the server communications port 10943… | |
| Checking that server communications are open failed with message Unable to connect to the remote server. Retrying (1/5) in 00:00:00.7500000. | |
| System.Net.WebException: Unable to connect to the remote server —> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of ti | |
| me, or established connection failed because connected host has failed to respond 10.x.x.x.x:10943 | |
| at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) | |
| at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception) | |
| — End of inner exception stack trace — | |
| at System.Net.HttpWebRequest.GetResponse() | |
| at Octopus.Tentacle.Communications.OctopusServerChecker.<>c__DisplayClass2_0.b__1() | |
| at Octopus.Tentacle.Communications.OctopusServerChecker.Retry(String actionDescription, Action action, Int32 retryCount, TimeSpan initialDelay, Double backOffFactor) |
Thanks in advance!
– Kenneth