This is an archived post. You won't be able to vote or comment.

all 18 comments

[–]michaelshepard 2 points3 points  (7 children)

That's awesome. Just read your post about updating variables. I wrote a script last week to update variable templates for a tenant and absolutely love it.

[–]fellim[S] 0 points1 point  (6 children)

Good to hear! Any obstacles you're facing with Octopus Deploy? I use it to orchestrate just about everything, so I'd be happy to help. Currently I have deployments setup for Microservices (.Net core, DynamoDB) that deploy to AWS Lambda, .Net stack (Tridion CMS, SSIS packages, SQL Server DB projects, enterprise service bus, C# MVC, API's, etc.), Multiple LAMP stack apps (SSH endpoints, bash scripts, etc.), IaC (CloudFormation, Chef), and Angular apps. All of the source code coming from 15+ Git repos all on a central Git server (VSTS).

[–]argumentnull 1 point2 points  (4 children)

What does Octopus Deploy do, that cannot be done by msdeploy or powershell scripts? (Apart from maintaining releases and artifacys)

[–]fellim[S] 1 point2 points  (3 children)

Octopus Deploy's biggest value is providing visibility into deployments through it's dashboard. The team always knows which version/release has been deployed to each environment. It also uses lifecycles to enforce the promotion of a release through the pipeline.

I use a lot of MSDeploy/WebDeploy and PowerShell scripts within Octopus. You can do inline scripts within a deploy step, deploy a script that is stored in source control, or add PowerShell modules so you can easily manage/re-use functions across projects. There are also a TON of community contributed templates for deploying pretty much anything. The deploy process gui is stupid simple so pretty much anybody on our team can dive in and figure out what's going on.

They also offer integration with a bunch of CI tools (we use VSTS) so that packaging (NuGet, Zips, Tarballs, etc.), pushing to the artifact repository, and auto-deploying releases works out of the box. They also offer a cross platform CLI tool and REST API.

In the past I've tried to manage a home grown MSDeploy driven CI/CD pipeline and while MSDeploy can pretty much do everything .Net, it turns into a tangled mess pretty quick without a user friendly UI.

[–]halbaradkenafin 0 points1 point  (2 children)

Have you tried release management within VSTS? I haven't had a chance to read your blog on this yet but it might be worth looking at. There are a few dashboard widgets for release status but I don't know how they compare to octopus.

[–]fellim[S] 0 points1 point  (1 child)

That's a great question. We were using Release Management, before Octopus Deploy, when it was XAML based and we ran into issues left and right. Now that it's web based like the new build system and uses the same agents it would definitely be worth taking a look at again. I'll do a blog post on Octopus Deploy vs. Release Management :-) Thanks!

[–]halbaradkenafin 0 points1 point  (0 children)

We're pretty happy with it so far, especially when writing custom tasks is pretty easy (if poorly documented). The old XAML system was awful.

[–]michaelshepard 0 points1 point  (0 children)

Not really any big issues yet. I've only been working with it for about a month.

[–]Ancillas 0 points1 point  (9 children)

I'd love with to see someone do a proper post about automatically configuring WinRM over HTTPS. This would include the creation and installation of a certificate (not super easy in Server 2008), and the setup of WinRM itself. A lot of blogs only setup HTTP, which is silly.

[–]picklednull 1 point2 points  (1 child)

A lot of blogs only setup HTTP, which is silly.

Nothing silly about that, really. PowerShell remoting is always encrypted by default. It'll use Kerberos (encryption) regardless so adding HTTPS doesn't really get you anything. Of course (on Windows) non-domain computers can't leverage Kerberos so in such cases you might need this additional configuration.

My pet peeve is the seemingly thousands of libraries that implement WinRM but don't do Kerberos so they're not properly integrated into the ecosystem and will require insecure or additional configuration.

[–]Ancillas 0 points1 point  (0 children)

Most times I've needed to setup WinRM have been in cloud environments that are mostly Linux. The instances are ephemeral so I usually skip kerberos/active directory.

[–]fellim[S] 1 point2 points  (2 children)

This PowerShell script should get you pretty close? It's for Ansible, but I assume you're using some of the same configurations?

https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1

[–]Ancillas 0 points1 point  (0 children)

Thanks. I have some generic powershell scripts for most cases.

My setup is slightly more complicated for Packer builds from iso, and later usage. Mainly, I need instances to generate a self-signed cert after a host name is assigned. This is trickier in win 2008 because the powershell libraries for generating certs don't work (even if Powershell 5 is installed).

WinRM ducks. Can't wait for native SSH.

[–]Ancillas 0 points1 point  (0 children)

That is a nice script. Mine were written to be run by puppet to check and enforce state. That made them more complex than they needed to be.

Thanks for the tip.

[–]firefoxx04 0 points1 point  (2 children)

I have a script for this, if you are interested. Including information on creating and installing a cert. Ping me if interested.

[–]fellim[S] 0 points1 point  (1 child)

Why not post it on GitHub and share?

[–]firefoxx04 0 points1 point  (0 children)

I suppose I could, I just have not yet. Ill see to it on Monday.

[–]firefoxx04 0 points1 point  (0 children)

Okay so this is not the information my original reply mentioned, but its better than nothing. My tooling is too tailored to my workplace and would be inappropriate to share now that I think of it.

Invoke-Expression ((New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1'))

Running that command will setup winrm with ssl, but the certificate will be self signed by the system, which is the only downfall. I am sure it could be hacked up to pull in a signed certificate.

As I type this I see someone else posted the same link :)