75 lines
3.0 KiB
PowerShell
75 lines
3.0 KiB
PowerShell
Function New-AppTierApplicationPool {
|
|
<#
|
|
.SYNOPSIS
|
|
Create a new application pool
|
|
TODO: This function should be deprecated as of April 2021
|
|
|
|
.DESCRIPTION
|
|
Install a Web Application Pool to the appropriate place.
|
|
Will ensure appropriate app pool exists
|
|
|
|
.PARAMETER AppPoolName
|
|
[string] The name of the web application.
|
|
|
|
.PARAMETER Credential
|
|
[PSCredential] The credentials to use for configuration here
|
|
|
|
.PARAMETER IsGMSAAccount
|
|
[Switch] Is the account credential a GMSAAccount
|
|
|
|
.INPUTS
|
|
AppPoolName and Credential are required.
|
|
|
|
.OUTPUTS
|
|
Various diagnostic information about the install process
|
|
|
|
.EXAMPLE
|
|
New-AppTierApplicationPool -AppPoolName BankService -SourcePath C:\Orb\BankService -IsLegacy
|
|
|
|
Various diagnostic information about the install process.
|
|
|
|
#>
|
|
[CmdletBinding()]
|
|
Param(
|
|
[Parameter(Mandatory=$true, Position=0)]
|
|
[string]$AppPoolName,
|
|
|
|
## TODO: cbrand - 2019-08-19 - Replace the -Credential parameter with a call to (Get-AppServiceAccountName $appPool.WebAppName) if we will only use gMSA accounts or just embed that lookup below.
|
|
## see also New-AppTierApplicationPools
|
|
## This is to support SDK where we can use the same value without passing anything in for $username. That function knows how to support SDK username lookups.
|
|
## We just need to do the right thing here when the username is blank (run as the default IISApplication user identity)
|
|
## This almost certainly means we should consider a downgrade strategy where we take away the assigned app pool identity too.
|
|
[Parameter(Mandatory=$true, Position=1)]
|
|
[PSCredential]$Credential,
|
|
|
|
[Parameter(Mandatory=$false, Position=2)]
|
|
[switch]$IsGMSAAccount
|
|
)
|
|
process {
|
|
$logLead = (Get-LogLeadName)
|
|
|
|
$appPoolPath = (Join-Path "IIS:\AppPools" $AppPoolName)
|
|
$appPool = (Get-Item $appPoolPath -ErrorAction SilentlyContinue)
|
|
|
|
if ($null -eq $appPool) {
|
|
Write-Verbose "$logLead : Application Pool Not Found - $AppPoolName"
|
|
(New-WebAppPool -Name $AppPoolName) | Out-Null
|
|
(Set-AlkamiWebAppPoolConfiguration $AppPoolName) | Out-Null
|
|
Write-Host "$logLead : Application Pool Created - $AppPoolName"
|
|
}
|
|
|
|
if ($Credential.Username -ne "REPLACEME") {
|
|
Write-Host "$logLead : Setting Application Pool Execution Account on $AppPoolName"
|
|
$value = @{userName=$Credential.UserName;identitytype=3}
|
|
|
|
# the default expectation is gMSA, this is the exceptional case, might as well just overwrite the value then
|
|
if (!$IsGMSAAccount) {
|
|
$value = @{userName=$Credential.UserName;Password=(Get-PasswordFromCredential $Credential);identitytype=3}
|
|
}
|
|
|
|
(Set-ItemProperty $appPoolPath -name processModel -value $value) | Out-Null
|
|
} else {
|
|
Write-Warning "$logLead : Value read as REPLACEME. AppPool $AppPoolName user will not be updated"
|
|
}
|
|
}
|
|
} |