codedeploy user profile - Windows - aws-code-deploy

Does AWS codedeploy run as any specific user profile on Windows servers?
I am trying to run a jfrog.exe cli to download from a remote Artifactory repository, using a prebuilt user ID and password which is dependent on ~/users/{user id}/.jfrog/jfrog-cli.conf
How would codedeploy be able to source a .jfrog/jfrog-cli.conf ?

The CodeDeploy agent is configured as service to use the SYSTEM account as logon identity. Because of that all processes execute as the SYSTEM user. As a word of caution, the process cmd and powershell processes launched by agent are in 32bit mode. This is important to understand because
Powershell 32bit and 64bit have differences, especially when there is a dependency to installed modules.
Some things are different with the SYSTEM user. For example the temp directory is not the same as with for every other user.
Knowing this helps a lot when trying to troubleshoot.

CodeDeploy now only support repo in S3 or Github. Where does your repo exists?

Related

How often are Azure WebApps automatically patched?

I am using an Azure WebApp with development slots running a netcore aspnet install. How often are these instances patched and how are they patched?
Is there any way for me to see a log of exactly when they are patched?
If you are referring to the app itself in Azure App Service when you deploy a Web App from the gallery you get an install of whatever item you selected. That item will not be automatically updated, if they try to update the container this will most likely break your application especially if you had customized that container in any way.
If you are referring to the OS, Microsoft will update the OS and IIS version from time to time and when they do, if there is any possibility of this affecting your app there will be an e-mail sent to the e-mail account registered under the subscription notifying him/her of the maintenance. Normally you shouldn't experience any downtime.
You may also check the Operating system functionality on Azure App Service and Kudu Console for more details.
Hope this helps.

Restarting applications using Amazon CodeDeploy

We occasionally have the need to restart services that are deployed with AWS CodeDeploy. Is it possible to have the CodeDeploy agent do this directly, without having to create a new deployment?
The AWS service you're looking for is AWS Systems Manager. You can run arbitrary commands or scripts on instances with this2. All recent Ubuntu and Amazon Linux instances have AWS SSM agent installed. But if you have an older instance, you'll have to install the SSM agent manually or through your configuration manager.
No, you need to have a deployment to restart. The agent does not take actions on its own. It receives commands from the CodeDeploy service.
Depending on your usecase you can have your application emit CloudWatch event and have that trigger a deployment in the deploymentGroup. Note that it will create a deployment that will deploy to the entire fleet.
To expand on eternaltyro's answer, you could leverage CodeDeploy's CLI tool via SSM to run the same CodeDeploy event hooks that were/are used to start and stop your application.

Install webdeploy on W2016 IIS 10

How to install web deploy on IIS 10 W2016?
So far I have tried
Using web platform v5 to installation of "web deploy 3.6"
After installation I have updated the web deploy service to run under local admin account.
I have manually turned off the firewall on the server
I have ensured that Management Service is running
Restarted server
I have verified using telnet that the port is open and then using netstat -an that the port is open and I can connect to it
I have to install new management tool called "Management Service" in Windows Features
In order to install this:
Open server roles / feature
Find Management Tools
Check Management service
Update from other people experience
you might need to restart the service
Reinstall/Repair the installation of web deploy if you used installer
There is a option to install this feature using power-shell command(check the comment below) by Bart Verkoeijen.
This command is useful in case you are using Desired State Configuration (DSC)
I just did this on four servers, had to install management service first, then web deploy (or reinstall webdeploy if already installed). The management service install was in a slightly different location under server roles than described in other answers.
Hope this helps someone.
[![enter image description here][1]][1]

Why would installation method affect .NET service?

I have built a WCF service that is hosted in a Windows Service following this article: http://msdn.microsoft.com/en-us/library/ms733069.aspx. Part of what the code in the service does is join a multicast group and listen for data that is broadcast to the group. Then it processes it. I have found that when I install the service manually using InstallUtil it works fine. To install it manually I do the following:
Build the MyService project in Visual Studio.
Right click on the Visual Studio Command Prompt and choose Run As Administrator
Navigate to the folder that has the MyService.exe file
Run the InstallUtil command as follows: installutil.exe MyService.exe
The service installs in Windows fine and then I start it. Then I run my ASP.NET application which is the client for the service and it runs fine. The service receives and processes the data just fine.
However I am trying to use Advanced Installer to build an MSI or EXE that will install the service and the ASP.NET application all at once so it doesn't have to be done manually. I am able to successfully create the Advanced Installer project that does this and it actually installs both the ASP.NET application and the Windows Service just fine and it starts my Windows Service too. However the really strange thing is that when I run the application I find that my service code can not receive any multicast data. It seems to block on that line of code and I never get any data. Does anyone know why this would happen? I have tried using an EXE and using "Run As Administrator" when I do the Advanced Installer installation. Here is the code from my service.
_groupAddress = IPAddress.Parse(_myIPAddress);
_listener = new UdpClient(_myPort);
_groupEP = new IPEndPoint(_groupAddress, _myPort);
_listener.JoinMulticastGroup(_groupAddress);
byte[] _bytes = _listener.Receive(ref _groupEP);
It seems to block on that last line of code and it never receives any data. This only happens when I install using Advanced Installer. When I install manually it works fine.
A service is configured to run under the identity of a user. Is this different when you install with the different methods?
Do you use the same port number in both cases, if not it could be the firewall.
99% sure that you have checked it, but check that the service is running after it is installed using advanced installer.
Check the event log for problems with the service.
It may be that your Windows Service is not running with sufficient credentials to perform this action. To test this, I'd recommend trying to change the user account being used for the service to see if that makes any difference.
To do this, go to the services applet (start, run, type services.msc). Find your service, right-click, properties, "Log On" tab, choose "This Account" and select an administrator user account that the service can run under.
I initially thought as the guys said this was a problem with the user credentials. But since you said in both cases the service is installed under the LocalSystem the problem seems to be elsewhere.
I recommend you first check the system "Events Viewer" for any messages regarding your message failing to start, maybe there you can find more information about the failure case.
If you can't find more detailed there I suggest a little bit of reverse engineering, to see what InstallUtil does and Advanced Installer doesn't, or the other way around. Advanced Installer comes along with the Repackager tool. You can use this tool to capture the system changes performed when running "InstallUtil" by providing a dummy executable to the Repackager when it is asking for the setup package, for example Notepad.
When the Repackager launches Notepad, leave it open and run your install command for the service, after the service finished installing, close Notepad and leave the repackager do its job. Then analyze the new project that it generates to see what resources has captured, like files, registry, services, etc...
You can also capture the install package create by Advanced Installer to see if the services installation from it creates less or more registration info for your service.

Permissions required to create/modify tasks in Windows Task Scheduler

I need to create and modify tasks in Windows Task Scheduler on Windows Server 2003 from an ASP.NET web application. The Network Service that the web app runs under is unable to make the changes. It errors with an System.UnauthorizedAccessException exception.
It works fine running from Visual Studio on my desktop.
What permissions do I need to grant an account so that the tasks can be modified from ASP.NET?
The account needs to have read/write permissions to the "Tasks" directory. Here's the path:
%SystemRoot%\system32\Tasks\
Jose's answer solved my problem partially. However, there was an additional problem where Windows Server 2003 didn't like me specifying Local System as the account that the task would run under. It seemed to not like me passing in a null password which is how you specify Local System. I worked around the problem by making a local account on the server for tasks to run under and specifying this new account.
Specifying Local System didn't cause any problem on Windows XP.
Additional info
CACLS TASKS /E /G builtin\administrators:F
According to: https://social.technet.microsoft.com/Forums/lync/en-US/67734412-bb17-42d5-80ff-0edf3147c169/cannot-create-scheduled-task-access-denied

Resources