firewall rules to support octopus in a PCI environment

aworrell's Avatar

aworrell

07 Dec, 2017 07:59 PM

To give a little background, I have two octopus servers test and prod. When a package has gone through QA, I log into prod and execute a process i created that extracts the package from test to prod. That script runs locally on the prod server. It contacts the API of test and begins looking for the package for a project that is ready to be deployed to production.

The tentacle runs on port 10933 by default an that has remained. When I run the script, I can see traffic coming on 10933; however, that traffic doesn't come back. Does the tentacle need another port open to communicate when traffic comes back?

  1. Support Staff 1 Posted by Daniel Fischer on 11 Dec, 2017 05:58 AM

    Daniel Fischer's Avatar

    Hi Allen,

    Thanks for getting in touch! We have a section in our Listening Tentacle documentation that covers changes needed for your firewall.

    The Tentacle needs to be able to accept TCP connections on port 10933 in order to work. If this is already configured and you are still having issues, would you be able to attach a full deployment log to your reply? This may provide some further information to help troubleshoot.

    Let me know what you think. :)

    Best regards,
    Daniel

  2. 2 Posted by aworrell on 11 Dec, 2017 03:39 PM

    aworrell's Avatar

    Hey Daniel,

    the listening tentacle is set up as a default tentacle so its listening on 10933. I have attached both the task log and a powershell script. The error that is appearing is a cannot connect to the server.

    The QA server is listening on port 8090. When the script executes, I'm assuming it executes on 10933 then tries to connect to 8090. I am seeing traffic go out on port 8090 but when its coming back, its coming back on a random port. I can also telnet into the production octopus server on 10933 so I know that the tentacle is listening on 10933. Does the tentacle use random ports to process traffic or does it connect back on the port that it connected out on?

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:

»

Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac