Trust Multiple Octopus servers

Ermias_Tefera · 3 February 2015 07:02

Hi
Is it possible to trust multiple octopus servers in Octopus 2.6 and if yes how can i do that? I noticed that there is no UI for that.
Thanks

joakim_westin · 3 February 2015 11:44

You can do this but it has to be done via the command line:

Tentacle.exe configure --instance "Tentacle" --trust "YOUR_OCTOPUS_THUMBPRINT" --console
Tentacle.exe service --instance "Tentacle" --install --start --console

You will see the additional server thumbprint in the GUI. But it has to be configured via the commandline.

Ermias_Tefera · 3 February 2015 13:51

It works. Thank you so much!

joakim_westin · 3 February 2015 20:36

Good to hear that it is working!

Den 3 feb 2015 14:51 skrev Ermias Tefera tender2+d9158fc04e@tenderapp.com:

erik_gardner · 19 February 2015 13:38

I have two Octopus servers, OCTO_1 and OCTO_2 and one Tentacle, TENT_1.

TENT_1 was installed and configured with OCTO_1 in mind and that relationship is working as expected.

I now need to also create a relationship between OCTO_2 and TENT_1. I do this by running the following commands in the script console from OCTO_1:

.\Tentacle.exe configure --instance “Tentacle” --trust “OCTO_2 Thumbprint” --console
.\Tentacle.exe service --instance “Tentacle” --install --start --console

The Powershell script exits successfully:

Running PowerShell script: C:\Windows\system32\config\systemprofile\AppData\Local\Tentacle\Temp\7a0308b4-e10f-4abd-8c7b-fd1d92d50cb7.ps1
Info 14:12:17
Octopus Deploy: Tentacle version 2.5.8.447
Info 14:12:26
Adding 1 trusted Octopus servers
Info 14:12:26
Octopus Deploy: Tentacle version 2.5.8.447
Info 14:12:33
Service installed
Info 14:12:33
Service reconfigured
Info 14:12:33
Service started
Info 14:12:34

PowerShell exit code: 0

I then reset the connection in OCTO_2 for the TENT_1 server but then I still get the same error message:

Pipefish.PipefishException: The request failed: Unauthorized
The Octopus Server authenticated using a certificate with thumbprint “OCTO_2 Thumbprint”, which is not in the list of certificates trusted by this Tentacle.
at Pipefish.Transport.SecureTcp.MessageExchange.Client.ClientWorker.<>c__DisplayClassb.b__a(SecureTcpResponse response) in y:\work\3cbe05672d69a231\source\Pipefish.Transport.SecureTcp\MessageExchange\Client\ClientWorker.cs:line 347
at Pipefish.Transport.SecureTcp.Client.SecureTcpClient.Send(SecureTcpRequest request, Action`1 response) in y:\work\3cbe05672d69a231\source\Pipefish.Transport.SecureTcp\Client\SecureTcpClient.cs:line 97
at Pipefish.Transport.SecureTcp.MessageExchange.Client.ClientWorker.PerformExchange() in y:\work\3cbe05672d69a231\source\Pipefish.Transport.SecureTcp\MessageExchange\Client\ClientWorker.cs:line 355
at Pipefish.Transport.SecureTcp.MessageExchange.Client.ClientWorker.Run() in y:\work\3cbe05672d69a231\source\Pipefish.Transport.SecureTcp\MessageExchange\Client\ClientWorker.cs:line 186

BUT - If I do the same procedure manually on the server, i.e. log in to the TENT_1 server, open a CMD with admin privileges and run the above commands, it works!

How come? Anyone else?

joakim_westin · 19 February 2015 13:54

I can’t test this right now… but it looks as if the command you use are using the “—install” switch. I’m not sure why you re-install the service?

All you need is this:

Tentacle.exe configure --trust

And then restart the tentacle.
/j

erik_gardner · 19 February 2015 15:05

Thanks for the quick answer.

I tried this with no luck.

.\Tentacle.exe configure --instance “Tentacle” --trust “OCTO_2 Thumbprint” --console
.\Tentacle.exe service --instance “Tentacle” --reconfigure --console

When i open the Tentacle Manager on the server, TENT_1, the new thumbprint is still missing.

I tried this, which works:

.\Tentacle.exe configure --instance “Tentacle” --trust “OCTO_2 Thumbprint” --console
.\Tentacle.exe service --instance “Tentacle” --reconfigure --stop --start --console

BUT, then the powershell script fails:

Octopus Deploy: Tentacle version 2.5.8.447
Info 15:56:28
Adding 1 trusted Octopus servers
Info 15:56:28
Octopus Deploy: Tentacle version 2.5.8.447
Info 15:56:37
Stopping service…
Info 15:56:38
Waiting for service to stop. Current status: StopPending
Error 15:56:51
Re-started without observing the exit of the worker process
Fatal 15:56:51
The Tentacle was restarted while the script was executing.
Info 15:56:51
Terminating the worker process…
Fatal 15:56:51
Process with an Id of 34436 is not running.
System.ArgumentException: Process with an Id of 34436 is not running.
at System.Diagnostics.Process.GetProcessById(Int32 processId)
at Pipefish.Async.CaptiveProcess1.FindProcess() in y:\work\3cbe05672d69a231\source\Pipefish\Async\CaptiveProcess.cs:line 318 at Pipefish.Async.CaptiveProcess1.Terminate() in y:\work\3cbe05672d69a231\source\Pipefish\Async\CaptiveProcess.cs:line 293
at Octopus.Tentacle.Orchestration.Procedures.ProcedureCallOrchestrator.RecoverProcess() in y:\work\refs\heads\master\source\Octopus.Tentacle\Orchestration\Procedures\ProcedureCallOrchestrator.cs:line 133
at Pipefish.Async.CaptiveProcess`1.Recieving(CaptiveProcessRecoveryEvent message) in y:\work\3cbe05672d69a231\source\Pipefish\Async\CaptiveProcess.cs:line 274
Tentacle version 2.5.8.447

Is there any other command to restart the Tentacle without crashing the script?

joakim_westin · 19 February 2015 16:25

Erik,
I’m not sure why you restart the Tentacle while deploying? I’m no super expert on the inner workings of octopus Tentacles but I’m guessing that re-starting the Tentacle during a running deployment would be a prime candidate for messing things up.

Are you trying to do the re-configuration using a deployment script? If so that may not be so easy?

When I configure the tentacles in our environment I usually use PowerShell Remoting. Is that doable for you?

Try if you can list processes on the servers for example:

$servers=’SERVERA’,’SERVERB’,’SERVERC’
Invoke-Command -ComputerName $servers -ScriptBlock { Get-process }

If that works then you can use PowerShell remoting to configure the Tentacles.

$servers=’SERVERA’,’SERVERB’,’SERVERC’
Invoke-Command -ComputerName $servers -ScriptBlock { &<pathtotentacle>\tentacle.exe –instance “Tentacle” –trust “keytotrust” –console ; &<pathtotentacle>\tentacle.exe –instance “Tentacle”—stop –start –console ;  }

Could this help?

/Joakim

erik_gardner · 20 February 2015 12:02

Hi - I’m not trying to deploy. I’m trying to get a Tentacle to trust a untrusted Octopus server from the script console of a trusted Octopus server.

Of course I could by it in Powershell alone but I like the idea of doing it in Octopus to get the traceability through the audit function. That way I can also limit access to the actual servers.

In the Tentacle Manager UI there is a “Restart” option for the service. Is there something similar in the command line? Like “–restart” instead of “–stop --start”.

Anyway… Not a big problem.

joakim_westin · 11 March 2015 12:24

Erik,
Sorry for the late response… I’ve been busy doing deploys

To re-start the Tentacle, issue:

\tentacle.exe –instance “Tentacle”—stop –start –console ;

/j