Trust Multiple Octopus servers

Is it possible to trust multiple octopus servers in Octopus 2.6 and if yes how can i do that? I noticed that there is no UI for that.

You can do this but it has to be done via the command line:

Tentacle.exe configure --instance "Tentacle" --trust "YOUR_OCTOPUS_THUMBPRINT" --console
Tentacle.exe service --instance "Tentacle" --install --start --console

You will see the additional server thumbprint in the GUI. But it has to be configured via the commandline.

It works. Thank you so much!

Good to hear that it is working!

Den 3 feb 2015 14:51 skrev Ermias Tefera

I have two Octopus servers, OCTO_1 and OCTO_2 and one Tentacle, TENT_1.

TENT_1 was installed and configured with OCTO_1 in mind and that relationship is working as expected.

I now need to also create a relationship between OCTO_2 and TENT_1. I do this by running the following commands in the script console from OCTO_1:

.\Tentacle.exe configure --instance “Tentacle” --trust “OCTO_2 Thumbprint” --console
.\Tentacle.exe service --instance “Tentacle” --install --start --console

The Powershell script exits successfully:

Running PowerShell script: C:\Windows\system32\config\systemprofile\AppData\Local\Tentacle\Temp\7a0308b4-e10f-4abd-8c7b-fd1d92d50cb7.ps1
Info 14:12:17
Octopus Deploy: Tentacle version
Info 14:12:26
Adding 1 trusted Octopus servers
Info 14:12:26
Octopus Deploy: Tentacle version
Info 14:12:33
Service installed
Info 14:12:33
Service reconfigured
Info 14:12:33
Service started
Info 14:12:34

PowerShell exit code: 0

I then reset the connection in OCTO_2 for the TENT_1 server but then I still get the same error message:

Pipefish.PipefishException: The request failed: Unauthorized
The Octopus Server authenticated using a certificate with thumbprint “OCTO_2 Thumbprint”, which is not in the list of certificates trusted by this Tentacle.
at Pipefish.Transport.SecureTcp.MessageExchange.Client.ClientWorker.<>c__DisplayClassb.b__a(SecureTcpResponse response) in y:\work\3cbe05672d69a231\source\Pipefish.Transport.SecureTcp\MessageExchange\Client\ClientWorker.cs:line 347
at Pipefish.Transport.SecureTcp.Client.SecureTcpClient.Send(SecureTcpRequest request, Action`1 response) in y:\work\3cbe05672d69a231\source\Pipefish.Transport.SecureTcp\Client\SecureTcpClient.cs:line 97
at Pipefish.Transport.SecureTcp.MessageExchange.Client.ClientWorker.PerformExchange() in y:\work\3cbe05672d69a231\source\Pipefish.Transport.SecureTcp\MessageExchange\Client\ClientWorker.cs:line 355
at Pipefish.Transport.SecureTcp.MessageExchange.Client.ClientWorker.Run() in y:\work\3cbe05672d69a231\source\Pipefish.Transport.SecureTcp\MessageExchange\Client\ClientWorker.cs:line 186

BUT - If I do the same procedure manually on the server, i.e. log in to the TENT_1 server, open a CMD with admin privileges and run the above commands, it works!

How come? Anyone else?

I can’t test this right now… but it looks as if the command you use are using the “—install” switch. I’m not sure why you re-install the service?

All you need is this:

Tentacle.exe configure --trust

And then restart the tentacle.

Thanks for the quick answer.

I tried this with no luck.

.\Tentacle.exe configure --instance “Tentacle” --trust “OCTO_2 Thumbprint” --console
.\Tentacle.exe service --instance “Tentacle” --reconfigure --console

When i open the Tentacle Manager on the server, TENT_1, the new thumbprint is still missing.

I tried this, which works:

.\Tentacle.exe configure --instance “Tentacle” --trust “OCTO_2 Thumbprint” --console
.\Tentacle.exe service --instance “Tentacle” --reconfigure --stop --start --console

BUT, then the powershell script fails:

Octopus Deploy: Tentacle version
Info 15:56:28
Adding 1 trusted Octopus servers
Info 15:56:28
Octopus Deploy: Tentacle version
Info 15:56:37
Stopping service…
Info 15:56:38
Waiting for service to stop. Current status: StopPending
Error 15:56:51
Re-started without observing the exit of the worker process
Fatal 15:56:51
The Tentacle was restarted while the script was executing.
Info 15:56:51
Terminating the worker process…
Fatal 15:56:51
Process with an Id of 34436 is not running.
System.ArgumentException: Process with an Id of 34436 is not running.
at System.Diagnostics.Process.GetProcessById(Int32 processId)
at Pipefish.Async.CaptiveProcess1.FindProcess() in y:\work\3cbe05672d69a231\source\Pipefish\Async\CaptiveProcess.cs:line 318 at Pipefish.Async.CaptiveProcess1.Terminate() in y:\work\3cbe05672d69a231\source\Pipefish\Async\CaptiveProcess.cs:line 293
at Octopus.Tentacle.Orchestration.Procedures.ProcedureCallOrchestrator.RecoverProcess() in y:\work\refs\heads\master\source\Octopus.Tentacle\Orchestration\Procedures\ProcedureCallOrchestrator.cs:line 133
at Pipefish.Async.CaptiveProcess`1.Recieving(CaptiveProcessRecoveryEvent message) in y:\work\3cbe05672d69a231\source\Pipefish\Async\CaptiveProcess.cs:line 274
Tentacle version

Is there any other command to restart the Tentacle without crashing the script?

I’m not sure why you restart the Tentacle while deploying? I’m no super expert on the inner workings of octopus Tentacles but I’m guessing that re-starting the Tentacle during a running deployment would be a prime candidate for messing things up.

Are you trying to do the re-configuration using a deployment script? If so that may not be so easy?

When I configure the tentacles in our environment I usually use PowerShell Remoting. Is that doable for you?

Try if you can list processes on the servers for example:

Invoke-Command -ComputerName $servers -ScriptBlock { Get-process }

If that works then you can use PowerShell remoting to configure the Tentacles.

Invoke-Command -ComputerName $servers -ScriptBlock { &<pathtotentacle>\tentacle.exe –instance “Tentacle” –trust “keytotrust” –console ; &<pathtotentacle>\tentacle.exe –instance “Tentacle”—stop –start –console ;  }

Could this help?


Hi - I’m not trying to deploy. I’m trying to get a Tentacle to trust a untrusted Octopus server from the script console of a trusted Octopus server.

Of course I could by it in Powershell alone but I like the idea of doing it in Octopus to get the traceability through the audit function. That way I can also limit access to the actual servers.

In the Tentacle Manager UI there is a “Restart” option for the service. Is there something similar in the command line? Like “–restart” instead of “–stop --start”.

Anyway… Not a big problem.

Sorry for the late response… I’ve been busy doing deploys :slight_smile:

To re-start the Tentacle, issue:

\tentacle.exe –instance “Tentacle”—stop –start –console ;