search

voxpupuli / puppet-iis

Module to mange IIS with Puppet
https://forge.puppet.com/puppet/iis
MIT License
46 stars 76 forks source link

Add application pool process model identity #19

Closed cwb124 closed 5 years ago

cwb124 commented 10 years ago

It would be great if while creating an application pool, we could define the process model identity (account + password) in the module. Any chance of adding that?

Mharlin commented 10 years ago

+1

stack72 commented 10 years ago

FYI - we are looking at this right now. We needed to work on a fix for certificate names first (thanks to HeartBleed for pointing out that we cannot update a certificate to that of the same friendly name)

AbcamDevops commented 10 years ago

manage_app_pool.pp

  $processmodelusername = 'mydomain\username', 
  $processmodelpassword = 'mypassword', 
  $processmodelidentityType = '3',
  $managed_pipeline_mode = 'Integrated', 

 exec { "processmodelusername-${app_pool_name}" :
      command   => "${iis::param::powershell::command} -Command \"Import-Module WebAdministration; Set-ItemProperty \\\"IIS:\\AppPools\\${app_pool_name}\\\" processmodel.username ${processmodelusername}\"",
      path      => "${iis::param::powershell::path};${::path}",
      onlyif    => "${iis::param::powershell::command} -Command \"Import-Module WebAdministration; if((Get-ItemProperty \\\"IIS:\\AppPools\\${app_pool_name}\\\" processmodel.username).Value.CompareTo('${processmodelusername}') -eq 0) { exit 1 } else { exit 0 }\"",
      require   => Exec["processmodelidentityType-${app_pool_name}"],
      logoutput => true,
      notify => Exec ["processmodelpassword-${app_pool_name}"]
      }

  #custom code  
     exec { "processmodelpassword-${app_pool_name}" :
      command   => "${iis::param::powershell::command} -Command \"Import-Module WebAdministration; Set-ItemProperty \\\"IIS:\\AppPools\\${app_pool_name}\\\" processmodel.password ${processmodelpassword}\"",
      path      => "${iis::param::powershell::path};${::path}",
     # onlyif    => "${iis::param::powershell::command} -Command \"Import-Module WebAdministration; if((Get-ItemProperty \\\"IIS:\\AppPools\\${app_pool_name}\\\" processmodel.password).Value.CompareTo('${processmodelpassword}') -eq 0) { exit 1 } else { exit 0 }\"",
      require   => Exec["processmodelusername-${app_pool_name}"],
      refreshonly => true,
      logoutput => true,
    }
 #custom code    
     exec { "processmodelidentityType-${app_pool_name}" :
      command   => "${iis::param::powershell::command} -Command \"Import-Module WebAdministration; Set-ItemProperty \\\"IIS:\\AppPools\\${app_pool_name}\\\" processmodel.identityType ${processmodelidentityType}\"",
      path      => "${iis::param::powershell::path};${::path}",
      onlyif    => "${iis::param::powershell::command} -Command \"Import-Module WebAdministration; if((Get-ItemProperty \\\"IIS:\\AppPools\\${app_pool_name}\\\" processmodel.identityType.Value) -Match ${processmodelidentityType}) { exit 1 } else { exit 0 }\"",
      require   => Exec["Create-${app_pool_name}"],
      logoutput => true,
    }

init.pp

  iis::manage_app_pool {'www.internalapi.co.uk':    
   enable_32_bit           => true,   
    managed_runtime_version => 'v4.0',  }
    processmodelidentityType => '3', #3 =SpecificUser
    processmodelusername => 'domain\username',
    processmodelpassword => 'mypassword'
cstockton commented 10 years ago

Was curious if this was declined as a feature or just blocked by resource availability?

stack72 commented 10 years ago

@cstockton we were just speaking about putting some dev cycles into this module soon. We promise we will look at this issue first

cstockton commented 10 years ago

That is awesome to hear thanks a lot for the quick reply, you guys are doing great work here.

jwatson3d commented 10 years ago

+1

zenbiking commented 9 years ago

Any updates on this?

alyssenko-ssi commented 9 years ago

manage_app_pool.pp:

$processmodelusername = 'user'
$processmodelpassword = 'password'
$processmodelidentityType = '3'

        exec { "processmodelusername-${app_pool_name}" :
                command   => "Import-Module WebAdministration; \$Pool = Get-Item IIS:\\AppPools\\${app_pool_name}; \$Pool.processModel.userName = \"${processmodelusername}\"; \$Pool | Set-Item",
                provider => powershell,

                require => Exec["processmodelidentityType-${app_pool_name}"],
                logoutput => true,
                notify => Exec ["processmodelpassword-${app_pool_name}"]
        }

        exec { "processmodelpassword-${app_pool_name}" :
                command => "Import-Module WebAdministration; Set-ItemProperty \"IIS:\\AppPools\\${app_pool_name}\" processmodel.password ${processmodelpassword}",
                provider => powershell,                
                require => Exec["processmodelusername-${app_pool_name}"],
                refreshonly => true,
                logoutput => true,
        }

        exec { "processmodelidentityType-${app_pool_name}" :
                command => "Import-Module WebAdministration; Set-ItemProperty \"IIS:\\AppPools\\${app_pool_name}\" processmodel.identityType ${processmodelidentityType}",
                provider => powershell,                
                require => Exec["Create-${app_pool_name}"],
                logoutput => true,
        }
karmafeast commented 8 years ago 
 # set iis app pool identity to whatever
 # identitytype -
 # 0 - localsystem
 # 1 - localservice
 # 2 - networkservice
 # 3 - specificuser
 # 4 - applicationpoolidentity
define iis_setapppoolidentity::setapppoolidentity (
  $apppool      = $title,
  $identitytype = '4',
  $username     = '',
  $userpw       = '',
  $ensure       = 'present') {
  validate_re($identitytype, ['^(0|1|2|3|4)$'], 'identitytype must be one of \'0\', \'1\',\'2\',\'3\',\'4\'')
  validate_re($ensure, '^(present|set|default|absent)$', 'ensure must be one of \'present\', \'set\', \'absent\', \'default\'')

  case $identitytype {
    '0'     : { $identitystring = 'LocalSystem' }
    '1'     : { $identitystring = 'LocalService' }
    '2'     : { $identitystring = 'NetworkService' }
    '3'     : { $identitystring = 'SpecificUser' }
    '4'     : { $identitystring = 'ApplicationPoolIdentity' }
    default : { $identitystring = 'ApplicationPoolIdentity' }
  }

  if ($ensure in [
    'present',
    'set']) {
    if ($identitytype == '3') {
      exec { "set app pool identitytype -  ${apppool} - SPECIFICUSER - ${username}":
        command   => "[void] [System.Reflection.Assembly]::LoadWithPartialName(\"Microsoft.Web.Administration\");\$iis = New-Object Microsoft.Web.Administration.ServerManager;iis:;\$pool = get-item IIS:\\AppPools\\${apppool};\$pool.processModel.username = \"${username}\";\$pool.processModel.password = \"${userpw}\";\$pool.processModel.identityType = ${identitytype};\$pool | set-item;",
        provider  => powershell,
        unless    => "[void] [System.Reflection.Assembly]::LoadWithPartialName(\"Microsoft.Web.Administration\");\$iis = New-Object Microsoft.Web.Administration.ServerManager;iis:;\$pool = get-item IIS:\\AppPools\\${apppool};if(\$pool.processModel.identityType -ne \"${identitystring}\"){exit 1;}if(\$pool.processModel.userName -ne ${username}){exit 1;}if(\$pool.processModel.password -ne ${userpw}){exit 1;}exit 0;",
        logoutput => true,
      }
    } else {
      exec { "set app pool identitytype -  ${apppool}":
        command   => "[void] [System.Reflection.Assembly]::LoadWithPartialName(\"Microsoft.Web.Administration\");\$iis = New-Object Microsoft.Web.Administration.ServerManager;iis:;\$pool = get-item IIS:\\AppPools\\${apppool};\$pool.processModel.identityType = ${identitytype};\$pool | set-item;",
        provider  => powershell,
        unless    => "[void] [System.Reflection.Assembly]::LoadWithPartialName(\"Microsoft.Web.Administration\");\$iis = New-Object Microsoft.Web.Administration.ServerManager;iis:;\$pool = get-item IIS:\\AppPools\\${apppool};if(\$pool.processModel.identityType -eq \"${identitystring}\"){exit 0;}else{exit 1;}",
        logoutput => true,
      }
    }

  } else { # string validation on others is going to be in the 'absent' category - reset to defaults
    exec { "RESET TO DEFAULTS - ${apppool}":
      command   => "[void] [System.Reflection.Assembly]::LoadWithPartialName(\"Microsoft.Web.Administration\");\$iis = New-Object Microsoft.Web.Administration.ServerManager;iis:;\$pool = get-item IIS:\\AppPools\\${apppool};\$pool.processModel.identityType = ${identitytype};\$pool | set-item;",
      provider  => powershell,
      unless    => "[void] [System.Reflection.Assembly]::LoadWithPartialName(\"Microsoft.Web.Administration\");\$iis = New-Object Microsoft.Web.Administration.ServerManager;iis:;\$pool = get-item IIS:\\AppPools\\${apppool};if(\$pool.processModel.identityType -eq \"${identitystring}\"){exit 0;}else{exit 1;}",
      logoutput => true,
    }
  }
}
karmafeast commented 8 years ago

use ^:

  # e.g. set app pool to 'network service'
  iis_setapppoolidentity::setapppoolidentity { $apppoolname:
    identitytype => '2',
    require      => Iis::Manage_app_pool[$apppoolname],
  }
bastelfreak commented 5 years ago

Hi. I'm going to close this Issue. We deprecated the module and the new version is available here: https://forge.puppet.com/puppetlabs/iis