Octopus Tentacle installation & Registration at New certificate generation step using Ansible

Question

Octopus Tentacle installation & Registration at New certificate generation step using Ansible

Stuck with Tentacle installation & Registration on a windows machine at New certificate generation step using Ansible.

I’m trying to install the Octopus tentacle using the Ansible role. The following are the steps I have in the playbook.

name: Create Tentacle Instance
  win_command: Tentacle.exe create-instance --instance "{{InstanceName}}" --config "C:\Octopus\Tentacle.config" --console
  args:
    chdir:  C:\Program Files\Octopus Deploy\Tentacle\
- name: Create Tentacle Certificate
  become_method: administratorCreate tentacle
  win_command: Tentacle.exe new-certificate --instance "{{InstanceName}}" --if-blank --console
  args:
    chdir:  C:\Program Files\Octopus Deploy\Tentacle\
- name: Tentacle Configure
  win_command: Tentacle.exe configure --instance "{{InstanceName}}" --reset-trust --console
  args:
    chdir:  C:\Program Files\Octopus Deploy\Tentacle\
- name: Tentacle Configure For Port
  win_command: Tentacle.exe configure --instance "{{InstanceName}}" --home "C:\Octopus" --app "C:\Octopus\Applications" --port "{{Port}}" --console
  args:
    chdir:  C:\Program Files\Octopus Deploy\Tentacle\
- name: Tentacle Configure for Thumprint
  win_command: Tentacle.exe configure --instance "{{InstanceName}}" --trust "{{Thumprint}}" --console 
  args:
    chdir:  C:\Program Files\Octopus Deploy\Tentacle\
- name: Tentactale Register Octopus Server
  win_command: Tentacle.exe register-with --instance "{{InstanceName}}" --server "Server name" --apiKey="{{ApiKey}}" --role "{{Role}}"  --environment "{{EnvironmentName}}" --comms-style TentaclePassive --console
  args:
    chdir:  C:\Program Files\Octopus Deploy\Tentacle\
- name: Tentacle Service Start
  win_command: Tentacle.exe service --instance "{{InstanceName}}" --install --start --console
  args:
    chdir:  C:\Program Files\Octopus Deploy\Tentacle\

The above are the errors I’m getting at the ‘Create Tentacle Certificate‘ step.

Error:

TASK [server_register_to_octopus_deploy_server : Create Tentacle Certificate] *****************************************************************************
fatal: [Tentacle]: FAILED! => {"changed": true, "cmd": "Tentacle.exe new-certificate --instance \"Server name\" --if-blank --console", "delta": "0:00:00.828141", "end": "2020-02-11 07:11:07.023425", "msg": "non-zero return code", "rc": 100, "start": "2020-02-11 07:11:06.195283", "stderr": "===============================================================================\r\nAccess is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))\r\nSystem.UnauthorizedAccessException\r\n   at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)\r\n   at Octopus.Shared.Internals.CertificateGeneration.Win32ErrorHelper.ThrowExceptionIfGetLastErrorIsNotZero()\r\n   at Octopus.Shared.Internals.CertificateGeneration.CryptContext.Open()\r\n   at Octopus.Shared.Security.CertificateGenerator.Generate(String fullName, Boolean exportable, ILog log)\r\n   at Octopus.Tentacle.Configuration.TentacleConfiguration.GenerateNewCertificate()\r\n   at Octopus.Tentacle.Commands.NewCertificateCommand.Start()\r\n   at Octopus.Shared.Startup.AbstractCommand.Start(String[] commandLineArguments, ICommandRuntime commandRuntime, OptionSet commonOptions)\r\n   at Octopus.Shared.Startup.ConsoleHost.Run(Action`1 start, Action shutdown)\r\n   at Octopus.Shared.Startup.OctopusProgram.RunHost(ICommandHost host)\r\n   at Octopus.Shared.Startup.OctopusProgram.Run()\r\n===============================================================================\r\nCrypto functions require the Windows User Profile\r\n-------------------------------------------------------------------------------\r\nVarious cryptographic functions used by Octopus Deploy require the Windows user profile to have been loaded. Some remote administration scenarios run commmands in processes without user profile information; to successfully run the problem command, invoke it from the command-line using RUNAS, e.g.: `runas /profile /user:<username> \"C:\\...\\Tentacle.exe new-certificate\"`.\r\nSee: http://g.octopushq.com/CryptoRequiresUserProfile\r\n-------------------------------------------------------------------------------\r\nTerminating process with exit code 100\r\nFull error details are available in the log files at:\r\nC:\\Octopus\\Logs\r\nC:\\Users\\Administrator\\AppData\\Local\\Octopus\\Logs\r\nIf you need help, please send these log files to https://octopus.com/support\r\n-------------------------------------------------------------------------------\r\n\r\n", "stderr_lines": ["===============================================================================", "Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))", "System.UnauthorizedAccessException", "   at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32 errorCode, IntPtr errorInfo)", "   at Octopus.Shared.Internals.CertificateGeneration.Win32ErrorHelper.ThrowExceptionIfGetLastErrorIsNotZero()", "   at Octopus.Shared.Internals.CertificateGeneration.CryptContext.Open()", "   at Octopus.Shared.Security.CertificateGenerator.Generate(String fullName, Boolean exportable, ILog log)", "   at Octopus.Tentacle.Configuration.TentacleConfiguration.GenerateNewCertificate()", "   at Octopus.Tentacle.Commands.NewCertificateCommand.Start()", "   at Octopus.Shared.Startup.AbstractCommand.Start(String[] commandLineArguments, ICommandRuntime commandRuntime, OptionSet commonOptions)", "   at Octopus.Shared.Startup.ConsoleHost.Run(Action`1 start, Action shutdown)", "   at Octopus.Shared.Startup.OctopusProgram.RunHost(ICommandHost host)", "   at Octopus.Shared.Startup.OctopusProgram.Run()", "===============================================================================", "Crypto functions require the Windows User Profile", "-------------------------------------------------------------------------------", "Various cryptographic functions used by Octopus Deploy require the Windows user profile to have been loaded. Some remote administration scenarios run commmands in processes without user profile information; to successfully run the problem command, invoke it from the command-line using RUNAS, e.g.: `runas /profile /user:<username> \"C:\\...\\Tentacle.exe new-certificate\"`.", "See: http://g.octopushq.com/CryptoRequiresUserProfile", "-------------------------------------------------------------------------------", "Terminating process with exit code 100", "Full error details are available in the log files at:", "C:\\Octopus\\Logs", "C:\\Users\\Administrator\\AppData\\Local\\Octopus\\Logs", "If you need help, please send these log files to https://octopus.com/support", "-------------------------------------------------------------------------------", ""], "stdout": "", "stdout_lines": []}

Error after adding the runas /profile /user:Administration command to the win_command step :

TASK [server_register_to_octopus_deploy_server : Create Tentacle Certificate] *****************************************************************************
fatal: [Tentacle]: FAILED! => {"changed": true, "cmd": "runas /profile /user:Administrator \"Tentacle.exe new-certificate --instance \"Server name\" --if-blank --console\"", "delta": "0:00:00.062497", "end": "2020-02-11 02:49:57.156088", "msg": "non-zero return code", "rc": 1, "start": "2020-02-11 02:49:57.093590", "stderr": "", "stderr_lines": [], "stdout": "Enter the password for Administrator: \u0000\r\n", "stdout_lines": ["Enter the password for Administrator: \u0000"]}

Steps I tried:

I tried reiterating the create certificate step with runas /profile /user:Administrator too. Still, it is hitting the error with no password reason.
Tried the win_shell parameter since win_command runs out of the shell which leads to a failure in running the command as Administrator
Besides I have given the Administrator credentials in the inventory file for some reason it is not able to load the Administrator profile.
Few articles say the certificate needs to be created locally on a computer by installing a tentacle ( tentacle.exe new-certificate -e MyFile.txt) and it has to be imported on the target server ( Tentacle.exe import-certificate --instance "Tentacle" -f MyFile.txt –console). I have my Ansible on - - Linux Machine and tentacle on a windows machine. Is it possible to export a certificate created on Linux to Windows? Or Is there a way to fix this by generating a new certificate on the target machine, without import/exporting the certificate.

Any help would be appreciated

Thanks in Advance.

windows

ansible

octopus

asked on Stack Overflow Feb 11, 2020 by

Chris • edited Feb 13, 2020 by

kgangadhar

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0