Skip to content

New Linux target thumbprint #248

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
markocto wants to merge 1 commit into
base: master
Choose a base branch
from
Open

New Linux target thumbprint #248

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions REST/bash/Targets/ListeningLinuxTentacleStopTrustingOldOctopusServerCert.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# Run on *each* Linux Listening Tentacle VM

# Stop trusting the old certificate
echo "Stop trusting the old Octopus Server certificate..."
sudo ./Tentacle configure --instance Tentacle --remove-trust <old-thumbprint>
Copy link
Contributor

@harrisonmeister harrisonmeister Oct 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should the instance name Tentacle be a variable? Not all tentacles use the default named instance. They may have another name for it, meaning this and subsequent commands would fail

Copy link
Contributor Author

@markocto markocto Oct 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good call, I'll update the script accordingly, thank you!

echo "Successfully completed removing the old Octopus Server certificate"

# Restart the Tentacle service
echo "Restarting the Tentacle service..."
sudo ./Tentacle service --instance Tentacle --restart
echo "Successfully completed restarting the Tentacle service"
8 changes: 8 additions & 0 deletions REST/bash/Targets/ListeningLinuxTentacleTrustNewCert.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# Run on *each* Linux Listening Tentacle VM

# Trust new Octopus Server thumbprint
echo "Trust the new Octopus Server certificate / thumbprint..."
sudo ./Tentacle configure --trust="<new-octopus-server-thumbprint>"
Copy link
Contributor

@harrisonmeister harrisonmeister Oct 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this command include the --instance parameter with a variable supplied with the name.

Copy link
Contributor Author

@markocto markocto Oct 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not according to the script on this docs page:

https://octopus.com/docs/security/octopus-tentacle-communication/regenerate-certificates-with-octopus-server-and-tentacle#ConfiguringOctopusServerToUseANewCertificate

Copy link
Contributor

@harrisonmeister harrisonmeister Oct 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This documentation appears to show support for --instance. I suspect that the doc you linked to was assuming the default instance (called Tentacle). It depends how complete you want this script to be I guess?

echo "Successfully completed trusting the Octopus Server certificate / thumbprint."

echo "Don't forget, you'll need to come back later and run the script to *stop* trusting the old Octopus Server certificate & thumbprint..."
8 changes: 8 additions & 0 deletions REST/bash/Targets/PollingLinuxTentacleTrustNewCert.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# Run on *each* Linux Polling Tentacle VM

# ** Note: There will be down time in comms with your Polling Tentacles until after you have completed running this script on *each* VM where a Polling Tentacle is installed. **

# Trust new Octopus Server thumbprint
echo "Trust the new Octopus Server certificate / thumbprint..."
sudo ./Tentacle update-trust --oldThumbprint "1111111111111111111111111111111111111111" --newThumbprint "1234567890123456789012345678901234567890"
Copy link
Contributor

@harrisonmeister harrisonmeister Oct 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this command include the --instance parameter with a variable supplied with the name.

Copy link
Contributor Author

@markocto markocto Oct 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not according to the script on this docs page:

https://octopus.com/docs/security/octopus-tentacle-communication/regenerate-certificates-with-octopus-server-and-tentacle#ConfiguringOctopusServerToUseANewCertificate

Copy link
Contributor

@harrisonmeister harrisonmeister Oct 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This documentation appears to show support for --instance. I suspect that the doc you linked to was assuming the default instance (called Tentacle). It depends how complete you want this script to be I guess?

echo "Successfully completed trusting the Octopus Server certificate / thumbprint."