Im trying to install Octopus Deploy into AKS, but hitting a few issues. I’m following the guide but getting the following errors
Specified key is not a valid size for this algorithm.
I’m using a trial license at the moment so not sure if that is an issue.
I’m also not sure what the format of the following fields needs to be:
- name: OCTOPUS_SERVER_BASE64_LICENSE
# Your license key goes here. When using more than one node, a HA license is required. Without a HA license, the stateful set can have a replica count of 1.
- name: MASTER_KEY
# Replace this, as this value protects secrets in Octopus
value: "what should the format be - do i just make this up"
Welcome to the Octopus community, thanks for reaching out!
This definitely caught me out the first time I configured the Octopus Container, however both of the
MASTER_KEY variables are expecting Base64 encoded values of a specific length.
However if you don’t supply any value for these variables then they should automatically be populated for you!
To generate a new master key, use the following command:
openssl rand 16 | base64
Otherwise to encode a licence to Base64 use a command similar to the following:
openssl base64 -in licence.txt
Looking forward to hearing how you get on or if you have any questions at all!
I got this working now.
Another question is how do i config octopus to use Active Directory for auth when running in a container?
Great to hear that you managed to resolve the issue you were experiencing.
When setting up AD auth, as long as your container is a member of the AD domain and the user running the Octopus Server Service has the correct permissions within AD, enabling AD auth in a container shouldn’t have any differences over enabling it in a regular server environment.
You can view more information about active directory auth in Octopus by heading over to our Active Directory Authentication docs.
The AD docs contain a lot of information about the different types authentication schemes as well as how to enable/disable them.
You should be able to enable active directory auth via command-line:
Octopus.Server.exe configure --activeDirectoryIsEnabled=true
I hope this helps! Please let us know if you run into any further issues and we’ll do our best to assist.
When you say the container is a member of the AD Domain - do you mean the container needs to be domain joined?
Yes, that’s correct, I believe that for AD auth to work the container needs to be domain joined.
I dont think that is possible with Linux Containers.
With a Linux container you will likely need to configure the LDAP authentication provider instead. This should then be able to communicate with your AD environment.
When i setup LDAP i get an error when searching.
String reference not set to an instance of a String. (Parameters ‘s’)
Can you help?
Sorry to hear you are still experiencing issues trying to set LDAP up for your Octopus Server. That error message seems to point to the fact that your LDAP settings are not returning the values that Octopus needs.
Are you able to send us a screenshot of your LDAP settings page please. What happens when you test your LDAP connection, does the string reference error appear there or does it appear when you save your LDAP settings in the UI?
Have you gone through the troubleshooting section of our LDAP page and if so what did you find? Does using ldapsearch for Linux show you a successful connection to your AD server?
If you are getting a successful connection on the Octopus Server using ldapsearch can you send us over your Octopus Server logs as suggested by the troubleshooting page and we can take a look at them to see if we can spot the issue.
I have created you a secure link here for you to send the LDAP screenshot and Octopus Server logs to, let us know if you do upload anything to that link as we are not informed when customers upload to our secure site.
Let me know the outcome of running ldapsearch on your Octopus Server though as that should indicate whether the Linux box can talk to your AD server using LDAP.
I look forward to hearing from you,
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.