I have a locally-hosted nuget server on IIS 7.5. It seems that, as more packages are added to the site's feed, performance gets progressively worse. IIS is frequently scanning the contents of the Package folder, which is causing publishing to the site and requests to retrieve packages to time out.
Is this an IIS thing, where IIS wants to scan the contents of the packages every time there's a change?
Thanks,
Joel
The simple NuGet.Server package was not designed for anything but a handful of packages. It uses an in-memory hashtable, and watches the file system for changes. If you have any other usage beyond trivial, you need to get a real private server. These private repositories also have the benefit of being easier to set-up and maintain.
Inedo's ProGet is by far the most popular choice for on-prem NuGet servers, but both JFrog and Sonatype have options as well.
MyGet is by far the most popular choice for a cloud-hosted NuGet servers, but there may be others.
You could also try to spin-up an instance of NuGet.org, but that was never designed for use as a private package repository... just the public NuGet.org for private packages.
Related
We have wsps in our project.But whenever wsp is deployed the "Service Unavailable" page comes at the site level.
Is there any way that few Dlls can be added in GAC without taking a downtime in production server?
No is the answer in reality. When you do a deployment with a WSP the reset is triggered so the latest dll's are reloaded and to clear down memory within the application pools.
So anything that is related to server side code will require a reset.
If you update anything in the hive you can get away with zero downtime deployment.
There is a more in depth answer here as to when do you need an IISReset
Cheers
Truez
It is technically possible to do a local deployment and stage this yourself. Install-SPSolution offers the local switch. You could in theory use this and control the rotation of the deployment (assuming more than one server). but as noted above to get IIS to reload the assemblies requires the application pool to be cycled. Assemblies are loaded from GAC, but are then memory resident.
https://blog.ithinksharepoint.com/2012/07/16/deploying-sharepoint-wsp-solutions-without-downtime/
I've tried it a few times and not been hugely successful so your mileage may vary.
If you are dependent on GACed Assemblies you can technically push them yourself outside of the WSP. However you may end up in a weird place as the following may occur:
1) You retract the web application from all servers (this will also retract the solution). You may end up with nothing or orphaned assemblies in GAC
2) You add a server later on and it takes the deployment package and you have a server with a different set of bits in your farm. This is painful to troubleshoot for anyone. Imagine if you left?
3) You deploy an assembly and it has a different version than what your web.config expects and it can't be used or found.
We're trying to figure out how to automate our website deployment. We've picked an existing project, and started playing around.
First, I used the Publish wizard from with VS2012 to create a Web Deploy Package. We then tried deploying the package as a website, through the IIS Manager, and that succeeded without a problem. We thought we were nearly there.
What was next was to learn how to run this from the command-line, so we could script it. And that's caused us no end of headaches.
We've been playing around with msdeploy.exe, and with the .cmd file that the publish wizard created, and while both methods seem to install the package as a virtual directory just fine, neither will install the package as a root website.
Browsing around on the web, I've run across this:
Web Deploy iisApp Provider
In a sync operation, the iisApp provider copies content to a folder under the destination site that you designate and marks the destination folder as an application. The iisApp provider cannot create a site. The iisApp provider will not create applications under sites that do not exist.
And
If you want to synchronize a Web site and its related configuration, use the appHostConfig provider.
At this point, we don't know beans about iisApp, or appHostConfig, or whatever. We didn't create a package that used one or the other, VS2012 did. We haven't a clue, at this point, how to convince VS2012's web publish to create an appHostConfig package, and for that matter, I don't know if we want to.
Here's the thing - whether a given website is installed as a root application or as a virtual directory is not something the developers control - it's a decision made by the implementation team. Or testing team usually installs any given website both ways, to ensure that both work.
And since IIS seems to be able to manage to install this package as a root site, there must be a way to get msdeploy to do it.
But how?
I come from C world to Java. In C most libraries are system from signed packages, from Open Source home page with .gpg signing or come from vendors through trusted sources.
In case of Java package distribution I investigate .m2 directory and file content. There are no signing!
with empty ~/.m2/settings.xml and minimal pom.xml I get:
$ mvn help:effective-settings
...
http://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-javadoc-plugin/2.8.1/maven-javadoc-plugin-2.8.1.pom
So ever packages loaded from HTTP, not HTTPS! But ever with HTTPS you can get certificate for 100$ at GoDaddy.
How your team manage security with Maven packages?
Do you restrict your team with own Nexus installation where placed trusted/reviewed packages or forbid any Open Source packages/any external packages due to security issues?
UPDATE I found that some from our team put this source:
http://oss.sonatype.org/content/repositories/snapshots/
instead of:
https://oss.sonatype.org/content/repositories/snapshots/
To decrease server load and maintenance cost for SSL/TLS handshake most free Maven services provide both HTTP and HTTPS connection. For security it will be nice to close HTTP port at all, but who paid for CPU time of hosting companies...
I read excellent blog posts:
http://softwaremavens.blogspot.com/2010/01/top-10-reasons-why-maven-sucksnot.html
and in comments I found link to:
http://docs.codehaus.org/display/MAVEN/Repository+Security
which lists incomplete plans to add security to repositories (page last touched at 2008!!).
My question is similar to this one, which remained unanswered, unfortunately.
We are rolling out a web application as a web deployment package (Web Deploy/MSdeploy) to different environments. The package is created from within Visual Studio 2012/Team Build. Several parameters are to be set at install time (connection strings, WCF endpoints, logging settings, etc.). We have these in a parameters.xml at the root of the project.
Most of our customers import the package through IIS UI. Each time we roll out an update, customer IIS administrators have to provide the parameter values again through the UI. Most of the time, parameters do not change across updates.
What is the best way to handle this? Advise customer IIS administrators to use the command-line instead, injecting a SetParameters.xml that they keep separately (the level of some of our customer administrators isn't particularly high, so having something UI-based which we can document with a couple of screenshots is an advantage)? Keep the settings file (web.config or appconfig) out of the package altogether? What is the neatest way to do this?
I had the same problem, but decided to go with the batch-script installer file that comes with the web deploy package. In my mind it is more secure, doing this installation by script, instead of having to install through GUI. It can be documented, and maybe they need to learn a little bit of command-line?
As you say, they can use the same SetParameters-file for all following releases, if nothing in it changed - which in my mind is a huge benifit - not having to manage web.configs manually.
Automated deploys minimizes manual errors.
I have a web application project in VS2012 which I'm publishing using a "Web Deploy Package". I want this package to include app-pool settings, specifically creating an IIS app-pool and assigning the newly created application to it.
I'm familiar with the option "Include application pool settings used by this Web project" available when the project is configured to use an IIS instance (not IIS Express), but IIS configuration is not part of the project file, and thus not source controlled. What happens when somebody builds a deployment package on a machine that hasn't had IIS meticulously configured? Not ideal.
How else then, can I go about getting AppPool settings into my web deploy package? I understand that the appPoolConfig provider is IIS7+ only, I'm fine with that limitation. I've banged my head against this issue in the past and never found a solution. 18 months later, we've got a new VisualStudio version, and a new web-publishing-pipeline, are there new options to address this? Or maybe something I missed when I first tackled this problem?
Edit
OK, I'm seeing the following as options:
Configure my project to sync settings from an IIS instance. As mentioned, I'm not a fan of this given that it puts settings outside of the project, meaning the environment has to be meticulously configured to build + publish. Plus it drags along other IIS settings I don't want included.
Inject something into the web-publishing-pipeline (WPP) to modify the archive.xml. I've toyed with this in the past and had limited success. One problem is the pipeline isn't exactly co-operative with working directly on the archive.xml file, another problem is some of the more cryptic attributes involved, like MSDeploy.MSDeployProviderOptions which appears to have some Base64 encoded binary? No idea what to put in there.
Find an existing "provider" that can do what I want. I might be out of luck here, the appPoolConfig provider only seems to want to read / write IIS, not, say, an XML file of settings. Does anybody know otherwise?
Write my own "provider" to produce manifest output entries. I'm not sure, is it possible to write a custom provider that writes to a manifest using the name of an existing provider? As in, MyCustomPoolProvider writes appPoolConfig sections into a manifest? This sounds like a potentially painful exercise that may or may not work. Would I still need to figure out the encoding of whatever is going into MSDeploy.MSDeployProviderOptions?
I get the feeling that the fundamental obstacle with Web Deploy for what I'm trying to accomplish, is how strictly it leans on "providers". The pre-existing providers are largely designed for IIS synchronisation, not primary development and publication. It so happens that some of these providers can be relatively easily hooked into via MSBuild, but the majority insist on pulling data from IIS, and that's that.
You are correct in your understanding of the appPoolConfig provider, in that it can only sync between App Pools and can't be provided with the configuration directly. What you could potentially do is keep a copy of the appPool in question in package form (ie. msdeploy -verb:sync -source:appPoolConfig=PoolName -dest:package=apppool.zip) and attempt to hijack the pipeline so that the MSDeploy call adds the application content into the package, leaving the existing content there.
Alternatively, you could always keep the packages separate and deploy them with different calls to MSDeploy.
FYI, MSDeploy.MSDeployProviderOptions is simply an encoded version of the parameters supplied to the provider when it was packaged. For example, -source:dirPath=c:\,ignoreErrors=0x10293847 -dest:package=package.zip would package the ignoreErrors value.