At 15below we are using a tool called Octopus for our product deployment. The tool works well, but it’s integration to install our web-based application products doesn’t suit our needs.
However, with Octopus we can write custom PowerShell for deploying our applications. This got us into a situation where we have 3 different versions of IIS across our servers, each of which has a different method of installation, but we want a nice and easy way we can trigger the creates. Cue a “clever” script.
Firstly, what are the differences between the versions:
IIS6 (Server 2K3 & XP) - WMI needed to interact between IIS and PowerShell.
IIS7 (Server 2K8 R1 & Vista) - PowerShell snap-in available for download (I would recommend using the Web Platform Installer)
IIS7.5 (Server 2K8 R2 & 7) - PowerShell module, installed when selecting “Scripts” from IIS role feature installer.
The solution we came up with is hosted in the 15below public source code repository and sits inside the Ensconce application (more on that in a latter blog post, or link to 15below post) on GitHub. To see more information, or get the PowerShell scripts, click here.
The 3 PowerShell scripts we are talking about are:
Both the create IIS app scripts have the same 3 callable functions, these are:
CreateAppPool (which takes a string for the name)
CreateWebSite (which takes name, local path, app pool name, application name, host header value & log location)
AddSSLCertification (which takes website name to add to & certificate name)
Breaking these down, how does it work…
This will try to do a WMI control with IIS6, hiding any errors, but should it get a success, it will include the script “createiis6app.ps1”. Should the operation be unsuccessful, the “createiis7app.ps1” is included.
From this, you will be able to call any of the 3 functions outlined above.
Therefore, your PowerShell deployment only needs to include this PowerShell, and you can install into IIS 6,7 & 7.5. - helpful right!
Using only WMI controls, the functions are all callable once included (either directly or through the create website script)
So, as I’ve already mentioned, IIS7 and IIS7.5 operate in different ways and both require something extra to be added to your PowerShell session.
When this script is included, it will check if the IIS module is present to be imported, if it is, it will import it, if the import fails, or it’s not there it will try to locate and install the Snap-In.
If neither of these things is present it will return you an error.
This means that you don’t have IIS6, and you don’t have the required components for an IIS 7 install.
I hope that you may find this useful should you need to do any operations like this on your application deployment.
Feel free to head over to GitHub and check out the Ensconce application, and the IIS scripts. - You may find that the Ensconce application has other benefits to your deployment :)
Details of the Ensconce application functions can be found on the read-me within GitHub.
15 June 2012 | Edit Post | View Comments LocalService, LocalSystem, NetworkService, Access is denied, TopShelf, WCF, Your process does not have access rights to this namespace
Recently I experienced a bit of confusion over the users you can run a TopShelf service as, in particular, one which started a WCF endpoint.
I would get an error, with a nice stack trace, but research on the Internet didn’t yield me an answer. - Once I had a solution, I thought I would share, so others don’t have to spend as long as I did try to resolve the issue.
So, the error I got was this:
System.ServiceModel.AddressAccessDeniedException: HTTP could not register URL http://+:8082/MyWCFService/. Your process does not have access rights to this namespace (see http://go.microsoft.com/fwlink/?LinkId=70353 for details). ---> System.Net.HttpListenerException: Access is denied
The first thing that confused me was the URL, which changed from “http://localhost:8082/MyWCFService” changed to “http://+:8082/MyWCFService/”. When looking at URLs, it would seem that the “+” symbol means “Generic host”, therefore it could be anything, as long as it is on this PC. The config could state “http://127.0.0.1:8082/MyWCFService/” whereby localhost and 127.0.0.1 are the same. The log file only shows the 1 value, a “+”.
A little scout around and I was able to understand that the user I was running my service under didn’t have sufficient permissions, and I should run as a more elevated “Administrator” user, sure enough, setting my windows service to run as the system admin did the trick, though, TopShelf doesn’t offer this as a default install address, you can just have:
I eventually decided to work my way through the users to find out which one had sufficient permission to start the service, and it turns out “LocalSystem” does. – Which at the time, I thought was least likely to work!
Sure enough, I could change my TopShelf setup to be:
The Local Service account is a special, built-in account that is similar to an authenticated user account. The Local Service account has the same level of access to resources and objects as members of the Users group. This limited access helps safeguard your system if individual services or processes are compromised. Services that run as the Local Service account access network resources as a null session with no credentials.
The Network Service account is a special, built-in account that is similar to an authenticated user account. The Network Service account has the same level of access to resources and objects as members of the Users group. This limited access helps safeguard your system if individual services or processes are compromised. Services that run as the Network Service account access network resources using the credentials of the computer account.
The Local System account is a powerful account that has full access to the system, including the directory service on domain controllers. If a service logs on to the Local System account on a domain controller, that service has access to the entire domain. Some services are configured by default to log on to the Local System account. Do not change the default service setting.
I hope that this post will help other to overcome the user problem I encountered faster than I did!
9 months ago I had never heard of, let alone use GIT for source code repository.
My main exposure to SCM systems was through Microsoft SourceSafe 6 at work and SubVersion at Uni.
Then the company I work for decided that SourceSafe was dated, and something new was needed. Introducing GIT.
Having various issues myself with SourceSafe, I welcomed the brave new world, though it would be a learning curve.
Now, having seen and used GIT for quite a few months using GIT extensions for Windows, I’ve found that this does everything I would have wanted source control to do.
With multiple release branches, and also multiple work in-progress branches in use, managing and merging my work between has turned out to be a doddle.
At first, the concept that I had my own local copy of a repository on my machine which I needed to keep in sync with a shared repository seemed a little odd, and often lead to some pretty nasty merge issues. Once I got the hang of using branches, and getting my pulls, commits and pushes in the right order, I truly was cooking on gas.
So, with thousands of changed lines of source code, and over 600 commits, I am happy to say that moving to GIT from SourceSafe 6 was a really good move!
Recently, I found a really nice feature using GIT and GIT extensions, the ability to retrieve a previously deleted branch, very helpful when stupid codist (that’s me!) Thought the branch was a dead stub branch, rather than something to merge in. Thankfully (with the advice of a co-worker) I was able to get back hours, if not days of work.
To round off, if you’re looking to change your source control, then it will be worth checking out GIT (http://git-scm.com/). Also, for a free (on something open source) repository hosting, GitHub is also worth a look (http://github.com).