Is Tentacle push or pull?

(I’m taking the lazy route here since I’m out of town and can’t test anything in a couple of days)

Trying to determine how to best install the Octopus server, but it’s rather dependant on how the Tentacle communicates with it.

Is the server responsible for contacting the tentacle or vice versa?
If I have a public server, can the Tentacle be behind a firewall?

Deployment is push based - the Octopus contacts each Tentacle.

Tentacle hosts a WCF service which the Octopus invokes. The communication is over HTTP, and encrypted using the certificate pair you create during setup. You can change the port number (10933 by default) that Tentacle listens on in the config file.

You’ll need to allow some traffic into the Tentacle - if you’re behind a firewall, that probably means opening port 10933, or reverse proxying the connection. Since all communications are encrypted using the certificates, there should be no problem having the port open to the internet.

That’s a pity, since most of our customers machines will have private ip’s. (Tunneling into their networks might not be an option, since they rarely have public ip’s from their isp).

Have you considered a pull based option? Setting up a public server is usually much easier.

Or is Octopus intended to be run at the customer site, in their LAN?

Hi Peter,

Thanks for the reply. I’m optimizing for the scenario of “Our dev and UAT environments are on a LAN, but our staging and production servers are hosted in a hosting facility”. In that scenario I’d assume it was always possible to get a connection going inwards, at least over VPN or through a reverse proxy. Octopus is designed for deploying web and server applications, which typically need the ability to host services - in fact outbound connections tend to be more scrutinized :slight_smile:

Could you describe a little more about the scenario with private IP’s? What kinds of machines are they, and what kind of software would you deploy to them?


Hi Paul.

I actually have a few different system in mind, but the one I’m testing Octopus for right now is a security system that will consist of a local server/database/“intranet” and a wpf application. So there will be no be public access to the servers, at least not without going trough a VPN of some sort. (and that will be managed by the customers themselves in that case, so it’s really not feasible to let Octopus communicate over it).

We’re going for high volume, low maintence, the system will probably be installed by lock smiths or similar in the future, so we can’t have a very complicated setup procedure. Slapping on a Tentacle and letting it pull be the software from our central, public server would be ideal!


Hi Peter,

I can see now how this would be useful - thanks very much. For now I’m going to add it to my backlog. Once I stabilize the “push” scenario and installation I’ll think more about how “pull” could work.


Great! Could you just give me a heads-up if you decide against it? In that case I’ll start tinkering with a solution of my own…

Hi Peter,

I don’t want to get your hopes up - this feature is probably a few months down the track. It might be more prudent to go with your own solution.


Ok, good to know. After some horriffic days with ClickOnce (wich will not work in production anyway), I’m thinking about connecting directly to a Nuget feed for now, so I can jump back to Octopus later on…