Installs and configures Microsoft Internet Information Services (IIS) 7.0/7.5/8.0
- Windows Vista
- Windows 7
- Windows 8
- Windows Server 2008 (R1, R2)
- Windows Server 2012
- Windows Server 2012R2
Windows 2003R2 is not supported because it lacks Add/Remove Features.
- windows
node['iis']['home']
- IIS main home directory. default is%WINDIR%\System32\inetsrv
node['iis']['conf_dir']
- location where main IIS configs lives. default is%WINDIR%\System32\inetsrv\config
node['iis']['pubroot']
- . default is%SYSTEMDRIVE%\inetpub
node['iis']['docroot']
- IIS web site home directory. default is%SYSTEMDRIVE%\inetpub\wwwroot
node['iis']['log_dir']
- location of IIS logs. default is%SYSTEMDRIVE%\inetpub\logs\LogFiles
node['iis']['cache_dir']
- location of cached data. default is%SYSTEMDRIVE%\inetpub\temp
Allows easy management of IIS virtual sites (ie vhosts).
:add
- add a new virtual site:config
- apply configuration to an existing virtual site:delete
- delete an existing virtual site:start
- start a virtual site:stop
- stop a virtual site:restart
- restart a virtual site
product_id
- name attribute. Specifies the ID of a product to install.site_name
- name attribute.site_id
- if not given IIS generates a unique ID for the sitepath
- IIS will create a root application and a root virtual directory mapped to this specified local pathprotocol
- http protocol type the site should respond to. valid values are :http, :https. default is :httpport
- port site will listen on. default is 80host_header
- host header (also known as domains or host names) the site should map to. default is all host headersoptions
- additional options to configure the sitebindings
- Advanced options to configure the information required for requests to communicate with a Web site. See http://www.iis.net/configreference/system.applicationhost/sites/site/bindings/binding for parameter format. When binding is used, port protocol and host_header should not be used.application_pool
- set the application pool of the siteoptions
- support for additional options -logDir, -limits, -ftpServer, etc...log_directory
- specifies the logging directory, where the log file and logging-related support files are stored.log_period
- specifies how often iis creates a new log filelog_truncsize
- specifies the maximum size of the log file (in bytes) after which to create a new log file.
# stop and delete the default site
iis_site 'Default Web Site' do
action [:stop, :delete]
end
# create and start a new site that maps to
# the physical location C:\inetpub\wwwroot\testfu
iis_site 'Testfu Site' do
protocol :http
port 80
path "#{node['iis']['docroot']}/testfu"
action [:add,:start]
end
# do the same but map to testfu.chef.io domain
iis_site 'Testfu Site' do
protocol :http
port 80
path "#{node['iis']['docroot']}/testfu"
host_header "testfu.chef.io"
action [:add,:start]
end
# create and start a new site that maps to
# the physical C:\inetpub\wwwroot\testfu
# also adds bindings to http and https
# binding http to the ip address 10.12.0.136,
# the port 80, and the host header www.domain.com
# also binding https to any ip address,
# the port 443, and the host header www.domain.com
iis_site 'FooBar Site' do
bindings "http/10.12.0.136:80:www.domain.com,https/*:443:www.domain.com
path "#{node['iis']['docroot']}/testfu"
action [:add,:start]
end
Runs a config command on your IIS instance.
:config
- Runs the configuration command
cfg_cmd
- name attribute. What ever command you would pass in after "appcmd.exe set config"
# Sets up logging
iis_config "/section:system.applicationHost/sites /siteDefaults.logfile.directory:\"D:\\logs\"" do
action :config
end
# Loads an array of commands from the node
cfg_cmds = node['iis']['cfg_cmd']
cfg_cmds.each do |cmd|
iis_config "#{cmd}" do
action :config
end
end
Creates an application pool in IIS.
:add
- add a new application pool:config
- apply configuration to an existing application pool:delete
- delete an existing application pool:start
- start a application pool:stop
- stop a application pool:restart
- restart a application pool:recycle
- recycle an application pool
pool_name
- name attribute. Specifies the name of the pool to create.runtime_version
- specifies what .NET version of the runtime to use.pipeline_mode
- specifies what pipeline mode to create the pool with, valid values are :Integrated or :Classic, the default is :Integratedno_managed_code
- allow Unmanaged Code in setting up IIS app pools is shutting down. - default is true - optional
start_mode
- Specifies the startup type for the application pool - default :OnDemand (:OnDemand, :AlwaysRunning) - optionalauto_start
- When true, indicates to the World Wide Web Publishing Service (W3SVC) that the application pool should be automatically started when it is created or when IIS is started. - boolean: default true - optionalqueue_length
- Indicates to HTTP.sys how many requests to queue for an application pool before rejecting future requests. - default is 1000 - optionalthirty_two_bit
- set the pool to run in 32 bit mode, valid values are true or false, default is false - optional
max_proc
- specifies the number of worker processes associated with the pool.load_user_profile
- This property is used only when a service starts in a named user account. - Default is false - optionalpool_identity
- the account identity that they app pool will run as, valid values are :SpecificUser, :NetworkService, :LocalService, :LocalSystem, :ApplicationPoolIdentitypool_username
- username for the identity for the application poolpool_password
password for the identity for the application pool is started. Default is true - optionallogon_type
- Specifies the logon type for the process identity. (For additional information about logon types, see the LogonUser Function topic on Microsoft's MSDN Web site.) - Available [:LogonBatch, :LogonService] - default is :LogonBatch - optionalmanual_group_membership
- Specifies whether the IIS_IUSRS group Security Identifier (SID) is added to the worker process token. When false, IIS automatically uses an application pool identity as though it were a member of the built-in IIS_IUSRS group, which has access to necessary file and system resources. When true, an application pool identity must be explicitly added to all resources that a worker process requires at runtime. - default is false - optionalidle_timeout
- Specifies how long (in minutes) a worker process should run idle if no new requests are received and the worker process is not processing requests. After the allocated time passes, the worker process should request that it be shut down by the WWW service. - default is '00:20:00' - optionalshutdown_time_limit
- Specifies the time that the W3SVC service waits after it initiated a recycle. If the worker process does not shut down within the shutdownTimeLimit, it will be terminated by the W3SVC service. - default is '00:01:30' - optionalstartup_time_limit
- Specifies the time that IIS waits for an application pool to start. If the application pool does not startup within the startupTimeLimit, the worker process is terminated and the rapid-fail protection count is incremented. - default is '00:01:30' - optionalpinging_enabled
- Specifies whether pinging is enabled for the worker process. - default is true - optionalping_interval
- Specifies the time between health-monitoring pings that the WWW service sends to a worker process - default is '00:00:30' - optionalping_response_time
- Specifies the time that a worker process is given to respond to a health-monitoring ping. After the time limit is exceeded, the WWW service terminates the worker process - default is '00:01:30' - optional
disallow_rotation_on_config_change
- The DisallowRotationOnConfigChange property specifies whether or not the World Wide Web Publishing Service (WWW Service) should rotate worker processes in an application pool when the configuration has changed. - Default is false - optionaldisallow_overlapping_rotation
- Specifies whether the WWW Service should start another worker process to replace the existing worker process while that processrecycle_after_time
- specifies a pool to recycle at regular time intervals, d.hh:mm:ss, d optionalrecycle_at_time
- schedule a pool to recycle at a specific time, d.hh:mm:ss, d optionalprivate_mem
- specifies the amount of private memory (in kilobytes) after which you want the pool to recycle
load_balancer_capabilities
- Specifies behavior when a worker process cannot be started, such as when the request queue is full or an application pool is in rapid-fail protection. - default is :HttpLevel - optionalorphan_worker_process
- Specifies whether to assign a worker process to an orphan state instead of terminating it when an application pool fails. - default is false - optionalorphan_action_exe
- Specifies an executable to run when the WWW service orphans a worker process (if the orphanWorkerProcess attribute is set to true). You can use the orphanActionParams attribute to send parameters to the executable. - optionalorphan_action_params
- Indicates command-line parameters for the executable named by the orphanActionExe attribute. To specify the process ID of the orphaned process, use %1%. - optionalrapid_fail_protection
- Setting to true instructs the WWW service to remove from service all applications that are in an application pool - default is true - optionalrapid_fail_protection_interval
- Specifies the number of minutes before the failure count for a process is reset. - default is '00:05:00' - optionalrapid_fail_protection_max_crashes
- Specifies the maximum number of failures that are allowed within the number of minutes specified by the rapidFailProtectionInterval attribute. - default is 5 - optionalauto_shutdown_exe
- Specifies an executable to run when the WWW service shuts down an application pool. - optionalauto_shutdown_params
- Specifies command-line parameters for the executable that is specified in the autoShutdownExe attribute. - optional
cpu_action
- Configures the action that IIS takes when a worker process exceeds its configured CPU limit. The action attribute is configured on a per-application pool basis. - Available options [:NoAction, :KillW3wp, :Throttle, :ThrottleUnderLoad] - default is :NoAction - optionalcpu_limit
- Configures the maximum percentage of CPU time (in 1/1000ths of one percent) that the worker processes in an application pool are allowed to consume over a period of time as indicated by the resetInterval attribute. If the limit set by the limit attribute is exceeded, an event is written to the event log and an optional set of events can be triggered. These optional events are determined by the action attribute. - default is 0 - optionalcpu_reset_interval
- Specifies the reset period (in minutes) for CPU monitoring and throttling limits on an application pool. When the number of minutes elapsed since the last process accounting reset equals the number specified by this property, IIS resets the CPU timers for both the logging and limit intervals. - default is '00:05:00' - optionalcpu_smp_affinitized
- Specifies whether a particular worker process assigned to an application pool should also be assigned to a given CPU. - default is false - optionalsmp_processor_affinity_mask
- Specifies the hexadecimal processor mask for multi-processor computers, which indicates to which CPU the worker processes in an application pool should be bound. Before this property takes effect, the smpAffinitized attribute must be set to true for the application pool. - default is 4294967295 - optionalsmp_processor_affinity_mask_2
- Specifies the high-order DWORD hexadecimal processor mask for 64-bit multi-processor computers, which indicates to which CPU the worker processes in an application pool should be bound. Before this property takes effect, the smpAffinitized attribute must be set to true for the application pool. - default is 4294967295 - optional
# creates a new app pool
iis_pool 'myAppPool_v1_1' do
runtime_version "2.0"
pipeline_mode :Classic
action :add
end
Creates an application in IIS.
:add
- add a new application pool:delete
- delete an existing application pool
site_name
- name attribute. The name of the site to add this app topath
-The virtual path for this applicationapplication_pool
- The pool this application belongs tophysical_path
- The physical path where this app resides.enabled_protocols
- The enabled protocols that this app provides (http, https, net.pipe, net.tcp, etc)
# creates a new app
iis_app "myApp" do
path "/v1_1"
application_pool "myAppPool_v1_1"
physical_path "#{node['iis']['docroot']}/testfu/v1_1"
enabled_protocols "http,net.pipe"
action :add
end
Allows easy management of IIS virtual directories (i.e. vdirs).
- :add: - add a new virtual directory
- :delete: - delete an existing virtual directory
- :config: - configure a virtual directory
application_name
: name attribute. Specifies the name of the application attribute. This is the name of the website or application you are adding it to.path
: The virtual directory path on the site.physical_path
: The physical path of the virtual directory on the disk.username
: (optional) The username required to logon to the physical_path. If set to "" will clear username and password.password
: (optional) The password required to logon to the physical_pathlogon_method
: (optional, default: :ClearText) The method used to logon (:Interactive, :Batch, :Network, :ClearText). For more information on these types, see "LogonUser Function", Read more at MSDNallow_sub_dir_config
: (optional, default: true) Boolean that specifies whether or not the Web server will look for configuration files located in the subdirectories of this virtual directory. Setting this to false can improve performance on servers with very large numbers of web.config files, but doing so prevents IIS configuration from being read in subdirectories.
# add a virtual directory to default application
iis_vdir 'Default Web Site/' do
action :add
path '/Content/Test'
physical_path 'C:\wwwroot\shared\test'
end
# add a virtual directory to an application under a site
iis_vdir 'Default Web Site/my application' do
action :add
path '/Content/Test'
physical_path 'C:\wwwroot\shared\test'
end
# adds a virtual directory to default application which points to a smb share. (Remember to escape the "\"'s)
iis_vdir 'Default Web Site/' do
action :add
path '/Content/Test'
physical_path '\\\\sharename\\sharefolder\\1'
end
# configure a virtual directory to have a username and password
iis_vdir 'Default Web Site/' do
action :config
path '/Content/Test'
username 'domain\myspecialuser'
password 'myspecialpassword'
end
# delete a virtual directory from the default application
iis_vdir 'Default Web Site/' do
action :delete
path '/Content/Test'
end
Allows for the locking/unlocking of sections (listed here or via the command appcmd list config \"\" /config:* /xml
)
This is valuable to allow the web.config
of an individual application/website control it's own settings.
:lock
: - locks thesection
passed:unlock
: - unlocks thesection
passed
section
: The name of the section to lock.returns
: The result of theshell_out
command.
# Sets the IIS global windows authentication to be locked globally
iis_section 'locks global configuration of windows auth' do
section 'system.webServer/security/authentication/windowsAuthentication'
action :lock
end
# Sets the IIS global Basic authentication to be locked globally
iis_section 'locks global configuration of Basic auth' do
section 'system.webServer/security/authentication/basicAuthentication'
action :lock
end
# Sets the IIS global windows authentication to be unlocked globally
iis_section 'unlocked web.config globally for windows auth' do
action :unlock
section 'system.webServer/security/authentication/windowsAuthentication'
end
# Sets the IIS global Basic authentication to be unlocked globally
iis_section 'unlocked web.config globally for Basic auth' do
action :unlock
section 'system.webServer/security/authentication/basicAuthentication'
end
Manages modules globally or on a per site basis.
:add
- add a new module:delete
- delete a module
module_name
- The name of the module to add or deletetype
- The type of moduleprecondition
- precondition for moduleapplication
- The application or site to add the module to
# Adds a module called "My 3rd Party Module" to mySite/
iis_module "My 3rd Party Module" do
application "mySite/"
precondition "bitness64"
action :add
end
# Adds a module called "MyModule" to all IIS sites on the server
iis_module "MyModule"
Installs and configures IIS 7.0/7.5/8.0 using the default configuration.
This cookbook also contains recipes for installing individual IIS modules (extensions). These recipes can be included in a node's run_list to build the minimal desired custom IIS installation.
mod_aspnet
- installs ASP.NET runtime componentsmod_aspnet45
- installs ASP.NET 4.5 runtime componentsmod_auth_basic
- installs Basic Authentication supportmod_auth_windows
- installs Windows Authentication (authenticate clients by using NTLM or Kerberos) supportmod_compress_dynamic
- installs dynamic content compression support. PLEASE NOTE - enabling dynamic compression always gives you more efficient use of bandwidth, but if your server's processor utilization is already very high, the CPU load imposed by dynamic compression might make your site perform more slowly.mod_compress_static
- installs static content compression supportmod_iis6_metabase_compat
- installs IIS 6 Metabase Compatibility component.mod_isapi
- installs ISAPI (Internet Server Application Programming Interface) extension and filter support.mod_logging
- installs and enables HTTP Logging (logging of Web site activity), Logging Tools (logging tools and scripts) and Custom Logging (log any of the HTTP request/response headers, IIS server variables, and client-side fields with simple configuration) supportmod_management
- installs Web server Management Console which supports management of local and remote Web serversmod_security
- installs URL Authorization (Authorizes client access to the URLs that comprise a Web application), Request Filtering (configures rules to block selected client requests) and IP Security (allows or denies content access based on IP address or domain name) support.mod_tracing
- installs support for tracing ASP.NET applications and failed requests.
Note: Not every possible IIS module has a corresponding recipe. The foregoing recipes are included for convenience, but users may also place additional IIS modules that are installable as Windows features into the node['iis']['components']
array.
- Author:: Seth Chisamore ([email protected])
- Author:: Julian Dunn ([email protected])
- Author:: Justin Schuhmann ([email protected])
Copyright:: 2011-2015, Chef Software, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.