Hi guys,
We have come across an issue with one of our production environments that has firewall restrictions on outbound connections. Outbound port 80 HTTP is allowed and working and we can connect to our Octopus Server through that port as we are hosting it on port 80 but Polling Tentacles seem to additionally want to connect to Octopus Server port 10934 which isn’t allowed in the firewall. Additionally we cannot find where to configure this port to change it another port that is allowed as outbound connection on the environment firewall on either the Server or Tentacle side of things.
Could someone please shed some light on what are the outbound networking requirements of a Polling tentacle to Octopus Server please and how we can configure these ports? Ideally we would like the polling tentacle to work through port 80 the same way the authentication does and not have to require two separate ports to function.
Thanks,
Jasmin
Hi Jasmin,
Currently the polling Tentacle expects to be able to communicate to Octopus on port 10943 and this cannot be changed. It wouldn’t be able to work on port 80 anyway, as the polling endpoint is secured (https) and the web server also listens on that port (http).
If you can’t use port 80 (nor 443) nor 10943, what else would you like to use?
Paul
If we could configure the Tentacle to try and connect to Octopus another port (not 10943) that could help. Is there a way to re-configure the outgoing Tentacle port 10943 into something else?
Regards,
Jasmin Sehic
Embed International Pty Ltd
2 Neil Street, Osborne Park WA 6017
Tel : +61 8 9340 0100 | Fax: +61 8 9340 0199
Website : www.embedcard.comhttp://www.embedcard.com/
E-mail : jasmins@embed.com.aumailto:jasmins@embed.com.au
To clarify, if the Polling tentacle could be configured so that its outgoing connection is attempted on port X we can then set it to one of the ports that are allowed outgoing connection on the production environment firewall. Then on our Octopus Server end we can port forward port X to port 10943.
This will only work if we can configure the outgoing port on the Octopus Tentacle itself.
Regards,
Jasmin
Hi Jasmin,
When you run through the Tentacle configuration wizard when setting up the Tentacle, on the last page of the wizard, there’s a big green “Install” button. Next to it is a “Show script” link. You can use this to export a command line version of the same configuration.
Here’s an example:
"C:\GitHub\OctopusDeploy\source\Octopus.Tentacle\bin\Tentacle.exe" create-instance --instance="Tentacle" --config="C:\Octopus\Tentacle\Tentacle.config"
"C:\GitHub\OctopusDeploy\source\Octopus.Tentacle\bin\Tentacle.exe" new-certificate --instance="Tentacle" --if-blank
"C:\GitHub\OctopusDeploy\source\Octopus.Tentacle\bin\Tentacle.exe" new-squid --instance="Tentacle"
"C:\GitHub\OctopusDeploy\source\Octopus.Tentacle\bin\Tentacle.exe" configure --instance="Tentacle" --reset-trust
"C:\GitHub\OctopusDeploy\source\Octopus.Tentacle\bin\Tentacle.exe" configure --instance="Tentacle" --home="C:\Octopus" --app="C:\Octopus\Applications" --port="10933"
"C:\GitHub\OctopusDeploy\source\Octopus.Tentacle\bin\Tentacle.exe" register-with --instance="Tentacle" --server="http://localhost" --environment="Automation Testing" --name="STOVELLMAC" --username="paul.stovell" --password="ABC123" --comms-style="TentacleActive" --force --role="web-server"
"C:\GitHub\OctopusDeploy\source\Octopus.Tentacle\bin\Tentacle.exe" service --instance="Tentacle" --install --start
On the second to last line, it calls register-with. At the end of this, you can add the following argument:
--server-comms-port 10943
And you can change 10943 to whatever you like.
I can’t guarantee that port forwarding will work (I haven’t tested it), but this tells Tentacle at least to use an alternative port number when trying to contact Octopus.
Hope that helps,
Paul
Thanks Paul,
I think this will work. We will give it a try tomorrow and let you know how it goes.
Regards,
Jasmin
Hi Jasmin,
Did it work? We’re in the same situation.
Rob
I will be out of the office until 28 April 2014.
If you require assistance during this period please contact support@embedcard.com
We haven’t tried this yet as we resorted to manual deployment in this particular situation, but next time this comes up we will be sure to try it. I don’t see a reason why this wouldn’t work.