I really need the new authentication implementation in Octopus. My customers are not accepting listening tentacles and my It department will not enable trust between an Octopus server in DMZ and our AD.
When will 3.5 be available? Is there any specification on what functionality that will be included regarding authentication?
Hi,
Thanks for getting in touch! 3.5 is due soon, but unfortunately I do not think it will help in your case. It does not have any impact on Server/Tentacle communication or management or connectivity.
It will not solve the problem that you have. We have a documentation page on how DMZ networks can be integrated with Octopus: http://docs.octopus.com/display/OD/Isolated+Octopus+Deploy+servers
Sorry if that was not the news you were expecting.
Vanessa
I was under the impression that the authentication work you were doing for 3.5 would solve our problem.
Has the authentication work been removed from 3.5?
Hi,
Authentication support has been released as part of 3.5. Here is the blog post about the authentication changes: https://octopus.com/blog/octopus-deploy-3.5
There are no parts of our authentication that touch Tentacle or deployment communication however.
Vanessa
For my setup the authentication work actually do affect our tentacles.
We have an Octopus (running 3.4) server set up with AD authentication. I have tentants that want to use a polling tentacle. A polling tentacle requires a valid Octopus login. Our IT department will not let me use an internal AD user for login on the polling tentacle (running on-site at our customers). Being able to use multiple authentication providers will let my tentants use a polling tentacle.
Hi,
Polling Tentacles only need the user to create the machine within Octopus. It is not required to keep the Tenatcle running or connected after this initial installation.
Maybe it will help but you can also use an API key which can be created temporarily and scripted for the installation. Once installed the API key could be deleted.
Vanessa
Is this documented somewhere? I’ve read everything I could find about polling tentacles and not seen this…
Hi,
It isn’t explicitly listed, however it comes down to the ability to script Tentacle installation. It is mentioned that you can use API keys on the following page:
But also if you look at the commands available the connection options are as follows:
C:\Program Files\Octopus Deploy\Tentacle>tentacle.exe help register-with
Octopus Deploy: Tentacle version 3.4.15 (3.4.15+Branch.master.Sha.338d6700fb9db1
ea111b3c9869d4dfec526068e3)
Usage: Tentacle register-with [<options>]
Where [<options>] is any of:
--instance=VALUE Name of the instance to use
--server=VALUE The Octopus server - e.g., 'http://octopus'
--apiKey=VALUE Your API key; you can get this from the Octopus web portal
-u, --username=VALUE If not using API keys, your username
-p, --password=VALUE In not using API keys, your password
Vanessa
Ok finding this earlier would have saved us a lot of hours. I didn’t imagine reading about automating tentacle installation would solve my problem with polling tentacles needing a user/password.
Hi,
We have a set of pages in review at the moment for the tentacle.exe commands and options. Do you think you would have found and read them?
The UI itself when you create a Tentacle instance gives the ability to ‘show script’ that is being run that also shows we use tentacle.exe and it is a command line exe.
I am mostly trying to understand what you did and would have searched for so I can make the information more available.
I am sorry that it caused so much lost time, concern and confusion.
Vanessa
I googled for “octopus polling tentacle”, I didn’t know about tentacle.exe before starting this thread so I wouldn’t have searched for that.
Also there’s no “show script” button on the “octopus server” wizard page where I must verify credentials for polling tentacle. I didn’t get through that since I had no working user to try.
If I’d seen a “show script” button I’m sure I would’ve clicked it at some point.
Hi,
Thanks for letting me know. We will update the installation wizard with a note that the account is not used after installation and an API key can be used instead.
Sorry this issue caused so many problems for you.
Vanessa
Well, we’ve got it sorted out now…