AWS provisioning Issue

Hi there,

having an issue running the attached script to install tentacles in my AWS environment. The download and installation of the tentacle.ex works fine, just when you get to the certificate configuration that things go wrong.

Services listen port: 10933
Octopus Deploy: Tentacle version 2.5.7.384

A new certificate has been generated and installed. Thumbprint:
E166EDF76718B8A0318CC2DFB241FFF20B99B748
Octopus Deploy: Tentacle version 2.5.7.384

Adding 1 trusted Octopus servers
Octopus Deploy: Tentacle version 2.5.7.384

Adding certificate to store

-------------------------------------------------------------------------------

Error: You do not have permission to perform this action. Please contact your Octopus administrator.

-------------------------------------------------------------------------------

Full error details are available in the log files.
See: http://g.octopushq.com/LogFiles
Installation failed on register-with
At C:\Program Files\Amazon\Ec2ConfigService\Scripts\UserScript.ps1:108 char:7

  •   throw "Installation failed on register-with"
    
  •   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    • CategoryInfo : OperationStopped: (Installation failed on register-with:String) [], RuntimeException
    • FullyQualifiedErrorId : Installation failed on register-with

and then this in the log file

2014-08-18 08:16:07.0126 INFO Home directory set to: C:\Octopus

2014-08-18 08:16:08.3251 INFO Application directory set to: C:\Octopus\Applications

2014-08-18 08:16:09.5126 INFO Services listen port: 10933

2014-08-18 08:16:10.7626 INFO A new certificate has been generated and installed. Thumbprint:

2014-08-18 08:16:10.8408 INFO E166EDF76718B8A0318CC2DFB241FFF20B99B748

2014-08-18 08:16:11.7157 INFO Adding 1 trusted Octopus servers

2014-08-18 08:16:13.2470 INFO Adding certificate to store

2014-08-18 08:16:14.0438 FATAL Octopus.Client.Exceptions.OctopusSecurityException: You do not have permission to perform this action. Please contact your Octopus administrator.
at Octopus.Client.OctopusClient.DispatchRequest[TResponseResource](OctopusRequest request, Boolean readResponse) in y:\work\refs\heads\master\source\Octopus.Client\OctopusClient.cs:line 428
at Octopus.Client.OctopusClient.Get[TResource](String path, Object pathParameters) in y:\work\refs\heads\master\source\Octopus.Client\OctopusClient.cs:line 83
at Octopus.Client.OctopusRepository.CertificateRepository.GetOctopusCertificate() in y:\work\refs\heads\master\source\Octopus.Client\OctopusRepository.cs:line 590
at Octopus.Tentacle.Commands.RegisterMachineCommand.Start() in y:\work\refs\heads\master\source\Octopus.Tentacle\Commands\RegisterMachineCommand.cs:line 73
at Octopus.Shared.Startup.AbstractCommand.Octopus.Shared.Startup.ICommand.Start(String[] commandLineArguments, ICommandRuntime commandRuntime, OptionSet commonOptions) in y:\work\refs\heads\master\source\Octopus.Shared\Startup\AbstractCommand.cs:line 55
at Octopus.Shared.Startup.ConsoleHost.Run(Action`1 start, Action shutdown) in y:\work\refs\heads\master\source\Octopus.Shared\Startup\ConsoleHost.cs:line 36

As far as I understand it, the PowerShell script should be running with elevated privelages. has anyone come accross this issue who might be able to share a solution?

Thanks,

Steve

aws-provision-post.ps1 (4 KB)

Hi Steve,

Thanks for getting in touch! The certificate creation is actually pretty strict and requires a specific user. But that’s okay you can change it from creating the certificate to importing one:

Please let me know if this helps!
Vanessa

I think I found the issue - helps if you assign the user I used to execute the call the correct roles/permissions on the server.

Thanks for the info though Vanessa!