This month's release includes a big improvement to multi-tenant deployments, Octopus Server Let's Encrypt integration, and some great smaller improvements!
In this post
Release Tour
Let's Encrypt Integration
We're a big fan of security here at Octopus, and we want to make it easy for you to be secure too. To that end, we've added support for automatically managing the SSL certificate used by the Octopus Portal, using Let's Encrypt. With a few simple steps, you can configure Octopus to register, request a certificate, and apply it to the Portal. Even better, it will automatically be renewed when the certificate approaches its expiry date, so you wont have to worry about manual renewals and re-configurating your Octopus Server. If you've currently got your server on the internet over HTTP, it couldn't be easier - move to HTTPS today.
Allow un-tenanted projects to be deployed to tenanted machines
During the development of multi-tenant deployments, we decided to make a clear distinction between tenanted and un-tenanted deployment targets. As such we prevented un-tenanted projects from being deployed to tenanted machines. Our reasoning was essentially safety-first; we didn't want to ever leak tenanted deployments or variables.
However this prevented a number of valid scenarios. For example, deploying a common component (e.g. a telemetry service) to tenanted machines, or simply sharing a development server between tenanted and un-tenanted projects.
Note: this also applies to accounts and certificates, as they can also be scoped to tenants.
You let us know that we got this decision wrong (or at least incomplete). You told us via our support, via UserVoice and via the GitHub issue.
So, as of Octopus 3.15, how machines, accounts, and certificates participate in tenanted-deployments is explicitly configurable.
Command-line interface improvements
In this release we have added some improvements to our command-line interface (CLI) for Octopus and Tentacle:
- we've reworked and cleaned up our logging so
stdoutcan be used more reliably - errors are now written to
stderrpaired with reliable exit codes --helpworks everywhere making it easier than ever to get command-specific help- we've added a version command so you can get detailed version information
- we've added support for
--format=jsonto make the Octopus CLI queryable, which is especially useful for automation- even the help is queryable so you can do feature detection
- we've started moving the database configuration from the overloaded
configurecommand to thedatabasecommand - we've deprecated a handful of options and switches that are no longer required, like
--noconsoleloggingand--thumbprintonly- these are still supported and will be removed in Octopus 4.0
- lots of other small, but helpful features
We think these improvements will be a welcome addition for teams who automate the installation of Octopus and Tentacle.
Breaking changes
As part of the command-line interface improvements we have cleaned up what is written to stdout, redirected errors to stderr, and deprecated a handful of switches that are no longer required. We have tried to maintain backwards compatibility wherever practical. If you automate the installation of Octopus or Tentacle we recommend testing your automation scripts when upgrading to make sure they still work as expected, and to see which commands and options will be removed in Octopus 4.0.
Upgrading
This release contains a post-install data fix that may take some time (depending on the size of your Events table), so please ensure you allow time for this to complete. If you are running the watchdog service, please ensure this is stopped during the upgrade.
All of the usual steps for upgrading Octopus Deploy apply. Please see the release notes for further information.
Wrap up
That’s it for this month. We hope you enjoy the latest features and our new release. Feel free to leave us a comment and let us know what you think! Happy deployments!
