Breaking MsBuild package & deploy into separate MsBuild and MsDeploy commands

12
votes

I'm having a few problems breaking out an MsBuild package+deploy command into two separate commands. (I need to do this to pass additional parameters to MsDeploy).

The command that works fine looks like this:

msbuild "src\Solution.sln" 
  /P:Configuration=Deploy-Staging 
  /P:DeployOnBuild=True
  /P:DeployTarget=MSDeployPublish
  /P:MsDeployServiceUrl=https://192.168.0.1:8172/MsDeploy.axd
  /P:DeployIISAppPath=staging.website.com 
  /P:AllowUntrustedCertificate=True 
  /P:MSDeployPublishMethod=WmSvc 
  /P:CreatePackageOnPublish=True 
  /P:UserName=staging-deploy 
  /P:Password=xyz

The separated packaging command looks like this:

msbuild "src\Solution.sln" 
  /P:Configuration=Deploy-Staging 
  /P:DeployOnBuild=True
  /P:DeployTarget=Package 
  /P:_PackageTempDir=C:\temp\web

which works fine. But then the MsDeploy portion:

msdeploy 
 -verb:sync 
 -allowUntrusted 
 -usechecksum
 -source:manifest=
  'src\WebProject\obj\Deploy-Staging\Package\WebProject.SourceManifest.xml'  
 -dest:auto,ComputerName=
  'https://192.168.0.1:8172/MsDeploy.axd?site=staging.website.com',
   username='staging-deploy',password='xyz',authType='basic',includeAcls='false'
 -enableRule:DoNotDeleteRule

fails, with the following error in WmSvc.log

wmsvc.exe Error: 0 : Attempted to perform an unauthorized operation.
setAcl/C:\temp\web (Read)
ProcessId=15784
ThreadId=31
DateTime=2011-03-30T14:57:02.4867689Z
Timestamp=3802908721815
wmsvc.exe Error: 0 : Not authorized.
Details: No rule was found that could authorize user 'staging-deploy', 
         provider 'setAcl', operation 'Read', path 'C:\temp\web'.

(and several more Read/Write operations)

Something is clearly going wrong with the paths it's trying to access (as it works fine with the other method) - I'm not sure it's even trying to use the iisApp targeting correctly, and at the moment I don't think the correct web.config's will be deployed either.

3
deploymentmsbuildteamcitymsdeploywebdeploy

3 Answers

15
votes

I've got this fixed now - I needed a different command to the one the automatically generated .cmd file was using, but comparing the two allowed me to fix it up (thanks @Vishal R. Joshi)

The differences I needed was:

  • basic authentication
  • allow untrusted certificates
  • ?site=staging.webserver on the end of the MsBuild.axd path, as with my original command
  • override the IIS Web App name that is set in the params file
  • enable the do not delete rule

The winning command is as follows:

msdeploy 
 -verb:sync 
 -allowUntrusted 
 -source:package='src\WebProject\obj\Deploy-Staging\Package\WebProject.zip'  
 -dest:auto,ComputerName=
  'https://192.168.0.1:8172/MsDeploy.axd?site=staging.website.com',
  username='staging-deploy',password='xyz',authType='basic',includeAcls='false'
  setParamFile:
    "src\WebProject\obj\Deploy-Staging\Package\WebProject.SetParameters.xml"
 -setParam:name='IIS Web Application Name',value='staging.website.com'
 -enableRule:DoNotDeleteRule
 -disableLink:AppPoolExtension -disableLink:ContentExtension 
 -disableLink:CertificateExtension

Hope this helps someone!

1
votes

Add a delegation rule on the server using inetmgr to allow staging-deploy to carry out set-Acl operations. Inetmgr -> Click on server node -> Management Service Delegation (in Management) -> Click Add rule to the right -> Choose the template labelled "Set Permissions for Applications" -> Accept defaults and click OK.

This should let you deploy any package or manifest with setAcl as long as the user you are deploying as, has permissions to the site you are deploying to.

0
votes

You are able to specify the -setParam:name='',value='' flag when calling the MyProject.deploy.cmd file that is created when you generate a Package from a web project. The cmd is a friendly wrapper around msdeploy.exe, so you have no need to specify all the rest of the defaults.

Here's the details: http://evolutionarydeveloper.blogspot.co.uk/2013/05/specifying-environment-variables-at.html