-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
generate cert fails the first time #32
Comments
The work around is to log into test kitchen and run
Once you run that, then next chef converge will work. |
@spuder this is because test kitchen is using winrm which does not have access to cert libraries so it can not generate a cert. We mock this out in the test cookbook by dropping a pre generated cert. We can actually also use the elevated mode built into test kitchen since https://github.com/chef/chef-dk/blob/master/CHANGELOG.md#v014-2016-05-17 |
@spuder This is actually fixed with the test cookbook / the default way we handle setting up tentacles. By default we actually generate a cert before we configure the tentacle and save that cert in the octopus deploy directory code here. The reason we do this is for two reasons, its easier to test in test-kitchen because we can pre generate the certificate. The other big reason is that if you uninstall the tentacle instance on a host and re run chef you will get the same certificate and the host can connect to the same instance. If you didn't do it this way you would get a new certificate each time and have to reconnect the host as well. In our infrastructure we have a wrapper cookbook for installing tentacles and in there we include a private test cookbook for mocking the tentacle install. (Its similar to the following below) |
So what is the approach to take? To use dummy certificatre for test kitchen and generate new one for real use? How okay is to use single pre-generated cert for all tentacles? |
I find that every time I try and use test kitchen to install a tentacle, I get this error
Questions:
http://docs.octopusdeploy.com/display/OD/Automating+Tentacle+installation
Why does the new cert generation not use
--if-blank
Tentacle.exe new-certificate --if-blank --console
The text was updated successfully, but these errors were encountered: