Octopus Deploy

From Ever changing code
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Tentacle

Automate Tentacle installation within AWS user data script. Note tf_* variables are injected from Terraform template_file.

  • Part of your script should contain hostname change, then reboot for the next step to use meaning full hostname to register with Octopus Deploy server
  • Creates Schedule task to run on boot that disable itself


$Logfile = "C:\ProgramData\Amazon\EC2-Windows\Launch\Log\UserData.log"
Function LogWrite {
   Param ([string]$logstring)
   $Stamp = (Get-Date).toString("yyyy/MM/dd HH:mm:ss")
   Add-content $Logfile -value "$Stamp $logstring"
}
LogWrite "Start of user_data script **************"

$TentacleRegisterFileContent = @'
$TentaclePath="C:\Program Files\Octopus Deploy\Tentacle"
if (-Not (Test-Path $TentaclePath -pathType container)) { Write-Output "Octopus path not found"; exit 1 }
cd $TentaclePath
.\Tentacle.exe create-instance         --instance $env:computername --config "C:\Octopus\Tentacle.config" --console
.\Tentacle.exe new-certificate         --instance $env:computername --if-blank --console
.\Tentacle.exe configure               --instance $env:computername --reset-trust --console
.\Tentacle.exe configure               --instance $env:computername --home "C:\Octopus" --app "C:\Octopus\Applications" --port "10933" --console
$localthumb=(.\Tentacle.exe show-thumbprint --instance $env:computername --nologo)
.\Tentacle.exe configure               --instance $env:computername --trust $localthumb --console
.\Tentacle.exe configure               --instance $env:computername --trust ${tf_octopus_fingerprint} --console
netsh advfirewall firewall add rule "name=Octopus Deploy Tentacle" dir=in action=allow protocol=TCP localport=10933
$localIP=(Invoke-RestMethod http://169.254.169.254/latest/meta-data/local-ipv4)
.\Tentacle.exe register-with           --instance $env:computername `
   --server "https://octopus.acme.com" --apiKey="${tf_octopus_token}" `
   --role "api" --environment "${tf_octopus_environment}" `
   --comms-style TentaclePassive -h $localIP --force --console
.\Tentacle.exe service                 --instance $env:computername --install --stop --start --console

#Disable scheduled task
#Unregister-ScheduledTask -TaskName "RegisterTentacle" -Confirm:$false
Disable-ScheduledTask -TaskName "RegisterTentacle"
'@

$TentacleRegisterFilePath="C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts"
Set-Content -Path "$TentacleRegisterFilePath\TentacleRegister.ps1" -Value $TentacleRegisterFileContent

$tmpPath="C:\tmp"
If (-Not (Test-Path $tmpPath -pathType container)) { md $tmpPath }
$tentacle_url  = "https://octopus.com/downloads/latest/WindowsX64/OctopusTentacle"
$tentacle_file = "tentacle_install.msi"
(New-Object System.Net.WebClient).DownloadFile("$tentacle_url","$tmpPath\$tentacle_file")
Start-Process msiexec.exe -ArgumentList "/i $tmpPath\$tentacle_file", "/quiet" -Wait

$schAction = New-ScheduledTaskAction `
  -Execute "Powershell.exe" `
  -WorkingDirectory C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts `
  -Argument '-NoProfile -WindowStyle Hidden -NoLogo -NonInteractive -c "powershell .\TentacleRegister.ps1 -verbose >> .\TentacleRegisterScheduleTask.log 2>&1"'

$schTrigger   = New-ScheduledTaskTrigger   -AtStartup
$schPrincipal = New-ScheduledTaskPrincipal -UserId "NT AUTHORITY\SYSTEM" -LogonType ServiceAccount -RunLevel Highest

LogWrite "Octopus Tentacle - register a task"
Register-ScheduledTask -Action $schAction -Trigger $schTrigger -TaskName "RegisterTentacle" -Description "Register OctopusDeploy" -Principal $schPrincipal


Useful commands 

get-content -path C:\Octopus\Logs\OctopusTentacle.txt -Wait
.\Tentacle.exe show-configuration
.\Tentacle.exe service --instance $env:computername --stop --start --console #restart, use single action for just eg. stop

#Logs
get-content -path C:\Octopus\Logs\OctopusTentacle.txt -Wait


Register. This will work calling ALB or calling the server behind ALB directly. 

$localIP=(Invoke-RestMethod http://169.254.169.254/latest/meta-data/local-ipv4)
.\Tentacle.exe register-with --instance $env:computername `
   --server "https://octopus.acme.com" --apiKey "API-***********" `
   --role "app" --environment "APP-SERVERS-PROD" `
   --comms-style TentaclePassive -h $localIP --force --console


De-register 

.\Tentacle.exe deregister-from --instance $env:computername `
   --server "https://octopus.acme.com" `
   --apiKey="API-**********" --console
Detected automation environment: NoneOrUnknown
Deleting machine 'SERVER-1-PROD' from the Octopus Server...
The Octopus Server is still trusted. If you wish to remove trust for this Octopus Server, use 'Tentacle.exe configure --remove-trust=...'
Machine deregistered successfully


Certificate work around when running without a profile eg. Schedule Tasks. It was not needed in my case. 

Certificat ework around when running witout a profile eg. Schedule Tasks
.\tentacle.exe new-certificate -e tentacle.crt.base64
.\Tentacle.exe import-certificate --instance $env:computername  -f .\tentacle.crt.base64 --console
Importing the certificate stored in .\tentacle.crt.base64...
Certificate with thumbprint 26********76 imported successfully.

Resources

Retrieved from ‘http://wiki.ciscolinux.co.uk/index.php?title=Octopus_Deploy&oldid=4070