1. Home
  2. Categories
  3. Support
  4. Docker Otter 3.0.10 Agentless don't work (Credentials)

Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.

If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!

Docker Otter 3.0.10 Agentless don't work (Credentials)

  • S

    What need setup (may be packets, powershell7 lib*.so) on container "otter", for work with agentless PowerShell and SSH.

    otter:latest (tried 3.0.8-3.0.10):

    1. PS (communcation type): Servers\server\edit, select credent, save. Open - return on "Integrated authentication":
    • save (to record in Servers) value CreditionalName as Credential_Id ("1")
    1. PS (with manual update record with correct CredentialName): Scripts\PowerShellDemo, execute. Error:

    Unhandled exception: System.Management.Automation.Remoting.PSRemotingTransportException: This parameter set requires WSMan, and no supported WSMan client library was found. WSMan is either not installed or unavailable for this system.
    ---> System.DllNotFoundException: Unable to load shared library 'libpsrpclient' or one of its dependencies. In order to help diagnose loading problems, consider setting the LD_DEBUG environment variable: liblibpsrpclient: cannot open shared object file: No such file or directory

    If (install powershell7 and) copy libssl.so.1.0.0 libcrypto.so.1.0.0 to /usr/local/otter/service, text error change.

    1. PS (with powershell): Scripts\PowerShellDemo, execute, error:

    Unhandled exception: System.NullReferenceException: Object reference not set to an instance of an object.
    at Inedo.Otter.Extensions.Agents.PowerShell.PowerShellAgent.GetCredentials() in C:\Users\builds\AppData\Local\Temp\InedoAgent\BuildMaster\192.168.44.60\Temp_E134041\Src\src\OtterCoreEx\Extensions\Agents\PowerShell\PowerShellAgent.cs:line 48

    1. SSH-agent: Scripts\sh(echo 123), execute. Error:

    Unhandled exception: System.ArgumentNullException: Value cannot be null. (Parameter 'credentials')
    at Inedo.Agents.Ssh.SshConnectionInfo..ctor(String hostName, String tempPath, SshCredentials credentials, Nullable`1 timeout, Int32 port)

    1. PS: How set "Integrated authentication"? (install gssntlm and restart)
    0
  • Dan_Woolf
    inedo-engineer

    Hi @shiv03_9800,

    Thanks for sending this over to us. Just to clarify, you are to setup a PowerShell and an SSH based agentless servers and you are getting the listed errors and you are looking for how to set these up. Is that correct?

    Thanks,
    Dan

    0
  • S

    Hi Dan

    Yes, that correct.

    0
  • Dan_Woolf
    inedo-engineer

    Hi @shiv03_9800,

    Thank you for confirming that for me.

    I was able to find a regression issue in the PowerShell Agentless Server configuration, OT-427. Our engineers were able to patch the issue and it will be released on Friday September 24 in Otter 3.0.11.

    The setup instructions are pretty straight forward for setting up these servers. I have included the basics below. The key thing is to make sure to set the Temp Path on the servers.

    For an SSH server:

    1. Create a Secured Credential for the SSH credential
    2. Create the server (make sure to set the temp path)
      • The temp path must exist on the remote server and the SSH user must have read/write/delete access to that folder

    For a PowerShell server (Otter 3.0.11+):

    1. Create a Username Password Secured Credential (Integrated Authentication will not work in Docker)
    2. Create the server (make sure to set the temp path)
      • The temp path must exist on the remote server and the user must have read/write/delete access to that folder

    Hope this helps!

    Thanks,
    Dan

    0
  • S

    @Dan_Woolf said in Docker Otter 3.0.10 Agentless don't work (Credentials):

    For an SSH server:

    Hi Dan,

    For an SSH server:

    Yes, this is worked - I manual doned all for connect without username and without password on terminal (docker exec -it otter bash)# ssh ipaddr_host_172.17.0.1 (with fulled /root/.ssh/*, "yes" on message "new footprint server"; And on server: set .ssh/authorized_keys; And set in Otter new CredentialsUserPassword with name "root.psw").

    Thank you!

    0
  • Dan_Woolf
    inedo-engineer

    Hi @shiv03_9800,

    No problem! Glad I can help!

    Please let me know after Otter 3.0.11 is released if that fixes the PowerShell agent for you.

    Thanks,
    Dan

    0
  • S

    Hello Dan

    For a PowerShell server (Otter 3.0.11+):

    tried on otter:3.0.11.1 (and 3.0.12-ci.1).

    I reproduce 2) "This parameter set requires WSMan, and no supported WSMan client library was found. WSMan is either not installed or unavailable for this system".

    1. I sended some details in ticker '[EDO-7972]':

      1. LogMessages.csv - sql-export table LogMessages;
      2. ld.log.16 - LD_DEBUG=all with start Otter.Service;
      3. lg.log.11 - with execute script "PowerShellDemo".

    2. If install powershell and gss-ntlmssp (checked correct connect with 'Enter-PSSession -Authentication Negotiate'), and copy .so - message changed to 'NO_ACCESS' (I don't remember the exact text. He is in LogMessages, But not in ld.log.*).

    Thanks,
    Igor

    0
  • rhessinger
    inedo-engineer

    Hi @shiv03_9800,

    I just wanted to let you know that we have received the logs and we are currently looking into the issue. I will let you know when we have more information.

    Thanks,
    Rich

    0
  • rhessinger
    inedo-engineer

    Hi @shiv03_9800,

    After a bit more research, this looks like a problem with the deprecated omi library that Microsoft was using for PowerShell WSMan on Mac and Linux. We are still working through the problem, but I wanted to give you a quick update. I will provide an update when I have more information.

    Thanks,
    Rich

    0
  • rhessinger
    inedo-engineer

    Hi @shiv03_9800,

    After further research on this issue, it looks like PowerShell remoting via WSMan on Linux is not currently a supported feature from Microsoft. Even looking at the latest PowerShell Core SDK, they still have not added support for it as of yet. There is a new feature in PowerShell Core 7 that adds support for PSRemoting over SSH, but it includes a limited subset of commands. It would actually be better to just connect directly to the server using SSH in these cases. Especially since you would have to configure Window's built-in SSH server anyways.

    The best option for connecting to Window's servers from Otter on Docker is to use the Inedo Agent. If you cannot use an Inedo Agent, then using SSH directly would be the fallback.

    We will be making some changes, OT-430, to better address this issue in the UI and to bring awareness to the lack of support for PowerShell agent-less servers when using Docker. We will also be updating the documentation to reflect this.

    Please let me know if you have any questions.

    Thanks,
    Rich

    0
  • S

    It is very sad, since it also:

    Don't work with Inedo Agent (49.0.0, tried with docker 'otter 3.0.12-ci.1' and 3 windows machines W10/2016/2019):

    1. Does not connect to the agent (always 'The connection was dropped'; aes / none, with [fw] open port: checked nc -v ip 46336);
    2. And it does not allow changing "aes -> none" ('EncryptionKey' remains in the record in table 'Servers') [workaround: clear field "Encryption key"].

    Bye.

    PS: Ansible with Powershell 7
    https://docs.ansible.com/ansible/latest/collections/ansible/windows/win_powershell_module.html

    0
  • rhessinger
    inedo-engineer

    Hi @shiv03_9800,

    Can you please clarify what is not working with Inedo Agent 49? Is the connection always dropped or just when running a PowerShell script through it? Is it a specific command that is failing? We have not heard of any limitations using the Inedo Agent from our Docker image as of yet and we have multiple customers that are currently using it without issue.

    As for the configuration change, that is currently a bug. I have scheduled this to be fixed in the next release of Otter. It is being tracked as ticket OT-431.

    Thanks,
    Rich

    0
  • S

    1. [EDO-7981]

    2. reinstall (with drop/create DB Otter) docker otter 3.0.12-ci.1, latest (3.0.11.1)

    • dont work, similarly ("drop").
    1. EventViewer (for agent on clear WS2019) on start "InedoAgentService":
      err app '.Net Runtime' 1023
      The required library not exist hostfxr.dll shoulds in C:\Windows\Temp...\bin.
    • That is, the Otter-installer does not check, does not install dependencies.
    1. with WS2019 was installed .Net FW Full 4.7.03190.
      hostfxr.dll - (most likely) from Powershell7
    0
  • S

    1. In C:\Windows\Temp\InedoAgent...\bin - somehow not enough files: 23 (on other machine - only 7 - Otter*).

    2. Deleting/Rename the folder C:\Windows\Temp\InedoAgent and restarting the service - no event error.
      But the error is reproducible (both: message "droped" and 3 events "hostfxr.dll"/23 files).

    3. Maybe there is a continuation of topic "Docker Otter 3.0.11 Segmentation fault (core dumped)"?

    0
  • rhessinger
    inedo-engineer

    Hi @shiv03_9800,

    We have just released a new version of Otter that includes a fix for the segmentation fault.

    You will need to make sure that .NET Framework 4.5.1 or greater is installed on the Windows server. But if you were able to run the Inedo Agent installer, then chances are you already have that installed.

    As for the Inedo Agent error, I talked with some colleagues and this is something we have seen on slower or congested networks when checking Inedo Agent has the components needed to communicate with Otter. Normally if you wait for the next server check to occur, the issue ends up resolving itself. There was another issue, however, that can affect PowerShell scripts when using the Docker version of Otter, OT-432. This was fixed in the latest release as well.

    Thanks,
    Rich

    0
Log in to reply
 
Inedo Website HomeSupport HomeCode of ConductForums GuideDocumentation