Skip to content

Publish Website Content to IIS Site

Go to Automation: (Add Job Template URL here)

View in GitLab

Description

Publishes web content to an existing IIS website by synchronizing a provided source directory to a versioned destination path using robocopy (via community.windows.win_robocopy).

The playbook retrieves a domain account from PasswordState to elevate (runas) file operations, checks the current IIS site, mirrors content to M:\Sites\<SiteName>\<Version>, removes the source folder after deployment, ensures the IIS Website exists and is started with its physical path set to the new versioned folder, and finally re-reads the website details.

Inputs

Variable Description
target Target Windows host or group where IIS site resides (inventory).
site_name IIS Website name.
site_version Version folder name to deploy under the site directory (e.g., v123, timestamp, or semantic version). Leave empty to update in-place (site will be stopped first).
source_path Base path containing the prepared web content (playbook expects a subfolder named after site_name). This subfolder will be removed after deployment.
pws_user PasswordState API username to retrieve the runas credential.
pws_password PasswordState API password for the above user.

Derived Facts

Fact Value Pattern
iis_appName {{ site_name }}
iis_dest_path M:\\Sites\\{{ iis_appName }}\\{{ site_version }}
iis_src_path {{ source_path }}\\{{ iis_appName }}

Operation Flow

  1. Retrieve AD credential from PasswordState (list 8444, entry sys_ansible_iis).
  2. Compute final IIS application/site name and versioned destination path.
  3. Query current IIS site details (microsoft.iis.website_info).
  4. Set destination path: M:\Sites\<SiteName>\<site_version> and source path: <source_path>\\<SiteName>.
  5. (Conditional) If site_version is empty/undefined, stop the Website & App Pool prior to content sync.
  6. Robocopy sync from computed source folder to destination with purge: true (authoritative deploy), running as the retrieved credential.
  7. Remove the source folder after successful sync (cleanup staging content).
  8. Start / update the Website ensuring physical_path points to the destination.
  9. Read back updated site details to confirm.
  10. The publish block runs only when the target site already exists (current_site_info.exists is true).

Outputs

  • iis_creds: Retrieved PasswordState credential (no_log protected) for runas operations.
  • iis_dest_path & iis_src_path: Derived final paths.
  • Robocopy statistics (files copied/removed) via module result.
  • website: Result of microsoft.iis.website ensuring the site and physical path.
  • current_site_info and new_site_info: Before/after snapshots of site metadata.

Dependencies / Modules

Component Purpose
d09.passwordstate.passwordstate_password_fact Retrieve runas credential from PasswordState.
microsoft.iis.website_info Inspect IIS website state and configuration.
community.windows.win_robocopy Efficient directory mirroring on Windows.
community.windows.win_file Remove the source directory after deployment.
microsoft.iis.website Create/start website and set physical_path.
ansible.builtin.set_fact Derive path & naming facts.

Idempotency & Safety

  • The publish block only runs when the site exists (current_site_info.exists is true). Consider extending the play to create the site when missing.
  • With purge: true, files not in source are deleted from the destination; ensure source path is authoritative.
  • The source folder is deleted after successful copy; ensure it points to a disposable staging path.
  • File operations run with elevated credentials from PasswordState using ansible_become_method: runas.
  • If site_version is omitted/blank, the site & app pool are stopped first (in-place refresh scenario). Provide a version to avoid downtime (blue/green style directory swap).
  • Ensure the destination directory exists or allow IIS to create it (robocopy will create intermediate folders). Creating pre-populated version folders enables rollback.

Example Invocation

target: srviisf6qa*
site_name: D09.Site
site_version: v123
source_path: \\\\stadgent\\appdata\\IIS_Deploy
pws_user: sys_ps_iis
pws_password: "{{ vault_pws_api_password }}"

Possible Enhancements

  • Add optional backup step before purge.
  • Include checksum or timestamp summary to Slack/Teams notification.
  • Parameterize drive letter or base path for flexibility.
  • Add optional keep-last-N versions and switch physical_path only after a health check.