Initial population

.gitignore

@@ -0,0 +1,5 @@
+files/third-party
+local/provisioning/files/third-party
+local/.vagrant
+.vault-passwd
+

README.md

@@ -0,0 +1,28 @@
+# Example Ansible Alfresco Setup
+
+This project is an example of one way to automate Alfresco installation and
+configuration management.
+
+## Setup
+
+TBD
+
+### SSH Keys
+
+TBD
+
+### Variables
+
+TBD
+
+### Managing Secrets Using Ansible Vault
+
+TBD
+
+## Installing Alfresco and Search
+
+TBD
+
+## Copying Configuration Files
+
+TBD

ansible.cfg

@@ -0,0 +1,4 @@
+[defaults]
+inventory = inventory
+vault_password_file = .vault-passwd
+remote_tmp = /tmp/.ansible-${USER}/tmp

copyAlfrescoConfig.yml

@@ -0,0 +1,5 @@
+---
+- hosts: '{{ hosts }}'
+  remote_user: alfresco
+  tasks:
+  - include_tasks: tasks/doCopyAlfrescoConfig.yml

copyAllAlfrescoConfig.yml

@@ -0,0 +1,8 @@
+---
+- hosts: '{{ hosts }}'
+  remote_user: alfresco
+  tasks:
+  - include_tasks: tasks/doCopyGlobalProperties.yml
+  - include_tasks: tasks/doCopyTomcatConfig.yml
+  - include_tasks: tasks/doCopyShareConfig.yml
+  - include_tasks: tasks/doCopyAlfrescoConfig.yml

copySolrConfig.yml

@@ -0,0 +1,5 @@
+---
+- hosts: '{{ hosts }}'
+  remote_user: alfresco
+  tasks:
+  - include_tasks: tasks/doCopySolrConfig.yml

copySolrCoreConfig.yml

@@ -0,0 +1,5 @@
+---
+- hosts: '{{ hosts }}'
+  remote_user: alfresco
+  tasks:
+  - include_tasks: tasks/doCopySolrCoreConfig.yml

files/alfresco-jmxrmi.access

@@ -0,0 +1,2 @@
+monitorRole readonly
+controlRole readwrite

files/web-scripts-config-custom.xml

@@ -0,0 +1,26 @@
+<alfresco-config>
+    <config evaluator="string-compare" condition="CSRFPolicy" replace="true">
+        <filter>
+            <rule>
+                <request>
+                    <method>GET</method>
+                    <path>/service/enterprise/admin/.*</path>
+                </request>
+                <action name="generateToken">
+                    <param name="session">{token}</param>
+                    <param name="cookie">{token}</param>
+                </action>
+            </rule>
+            <rule>
+                <request>
+                    <method>GET</method>
+                    <path>/s/enterprise/admin/.*</path>
+                </request>
+                <action name="generateToken">
+                    <param name="session">{token}</param>
+                    <param name="cookie">{token}</param>
+                </action>
+            </rule>
+        </filter>
+    </config>
+</alfresco-config>

group_vars/all/vars

@@ -0,0 +1,96 @@
+alf_home: "/opt/alfresco"
+alf_data: "{{ alf_home }}/alf_data"
+alf_dir_contentstore: contentstore
+alf_dir_contentstore_deleted: contentstore.deleted
+
+alf_initial_admin_password: "{{ vault_alf_initial_admin_password }}"
+alf_context: alfresco
+alf_host: 127.0.0.1
+alf_port: 8080
+alf_protocol: http
+
+share_context: share
+share_host: 127.0.0.1
+share_port: 8080
+share_protocol: http
+
+alf_index_subsystem: solr6
+alf_solr_host: localhost
+alf_solr_port: 8983
+
+alf_tomcat_protocol: http
+alf_tomcat_web_port: 8080
+alf_tomcat_ajp_port: 8009
+alf_tomcat_access_logs_dir: logs
+alf_tomcat_catalina_logs_dir: "{{ alf_home }}/tomcat/logs"
+
+proxy_enabled: false
+proxy_host: localhost
+proxy_port: 80
+proxy_secure: "false"
+proxy_scheme: http
+
+alf_user: "alfresco"
+alf_group: "alfresco"
+java_opts_xmx: 15250M
+
+alf_install_dir: /opt/alfresco-6.2.0
+alf_archive: "alfresco-content-services-community-distribution-6.2.0-ga.zip"
+alf_archive_root_dir: "alfresco-content-services-community-distribution-6.2.0-ga"
+tomcat_archive: "apache-tomcat-8.5.34.tar.gz"
+tomcat_dir: "apache-tomcat-8.5.34"
+search_archive: "alfresco-search-services-1.4.0.zip"
+search_install_dir: '{{ alf_install_dir }}/alfresco-search-services'
+
+alf_db_driver: org.postgresql.Driver
+alf_db_driver_file: postgresql-42.2.1.jar
+alf_db_username: alfresco
+alf_db_password: "{{ vault_alf_db_password }}"
+alf_db_name: alfresco
+alf_db_url: "jdbc:postgresql://localhost:5432/${db.name}"
+
+alf_java_home: "/usr/java/jdk-11.0.1"
+
+activemq_archive: "apache-activemq-5.15.6-bin.tar.gz"
+activemq_dir: "apache-activemq-5.15.6"
+activemq_opts_memory: "-Xms64M -Xmx1G"
+activemq_user: "{{ alf_user }}"
+
+alf_clustering_enabled: false
+
+alf_notification_email: "false"
+
+alf_smart_folders_enabled: "false"
+
+alf_aos_base_url: http://localhost/alfresco/aos
+
+alf_ftp_port: 2121
+
+alf_jmx_monitor_password: "{{ vault_alf_jmx_monitor_password }}"
+alf_jmx_control_password: "{{ vault_alf_jmx_control_password }}"
+
+solr_java_mem: -Xms512m -Xmx512m
+solr_port: 8983
+solr_content_dir: "{{ alf_home }}/alfresco-search-services"
+solr_home: "{{ alf_home }}/alfresco-search-services/solrhome"
+solr_java_home: "/usr/java/jdk-11.0.1"
+solr_is_primary: true
+solr_is_replica: false
+solr_primary_host: localhost
+solr_primary_port: 8080
+solr_alfresco_host: localhost
+solr_alfresco_ssl_port: 8443
+solr_alfresco_port: 8080
+solr_alfresco_secure_comms: none
+
+audit_enabled: false
+trashcan_cleaner_enabled: false
+
+mail_host: localhost
+mail_from: [email protected]
+
+thumbnails_enabled: true
+
+transformations_enabled: true
+
+ssl_enabled: false

group_vars/all/vault

@@ -0,0 +1,15 @@
+$ANSIBLE_VAULT;1.1;AES256
+32613334373739616138383265313430396331343033643935303932303131643365386539313631
+6365376638343662666164313737393563323734326530360a616131356466306133386239316432
+63323963626233626463386361636266646230383962383238386462356164376561616264323235
+3836323161346131330a663961393932356535623766343031613337666639386264666266353865
+62393637336165306432343039636434333734353930333963313161656338316366653732306666
+37636230313838306166323763626162653862626337313565346137326638616331633765613232
+30656639313933383232383530633765613139393131623139663033613666656661663639393064
+61643936306463393630313036643035636530313835383865663530356231313933326130633139
+62656465373965346565343130323834636339353866653931363938343239643836663436373362
+33623264666564346563333233386639393164633665663965616137623062316637626463323262
+31616236333362646537366230326266643261323632326131343163313966653437643465646530
+64343565303732353532383339396238393034383731396362316237393536623530396166313635
+61363236356131646135613538336230616665663739653861633764366566313935376666653133
+3139376135383136663864656565326663663137343564303739

installActivemq.yml

@@ -0,0 +1,6 @@
+---
+- hosts: '{{ hosts }}'
+  remote_user: alfresco
+  tasks:
+    - include_tasks: tasks/doInstallActivemq.yml
+    - include_tasks: tasks/doCopyActivemqConfig.yml

installAlfresco.yml

@@ -0,0 +1,20 @@
+#
+# Installs Alfresco to the specified hosts.
+#
+# Requires Alfresco distribution archive, Tomcat archive, and AOS archive to
+# reside in files/third-party.
+#
+# Custom AMPs should be placed in files/amps and files/amps_share.
+#
+# Install location depends on alf_home, alf_install_dir, and tomcat_dir.
+#
+---
+- hosts: '{{ hosts }}'
+  remote_user: alfresco
+  tasks:
+    - include_tasks: tasks/doInstallTomcat.yml
+    - include_tasks: tasks/doInstallActivemq.yml
+    - include_tasks: tasks/doInstallAlfresco.yml
+    - include_tasks: tasks/doInstallPDFRenderer.yml
+    - include_tasks: tasks/doCopyAmps.yml
+    - include_tasks: tasks/doApplyAmps.yml

installSearch.yml

@@ -0,0 +1,13 @@
+#
+# Installs Alfresco Search services to the specified hosts.
+#
+# Requires alfresco-search-services*.zip to be placed in files/third-party. the
+# exact file name is specified in search_archive.
+#
+# Install location depends on alf_home, alf_install_dir, and search_install_dir.
+#
+---
+- hosts: '{{ hosts }}'
+  remote_user: alfresco
+  tasks:
+    - include_tasks: tasks/doInstallSearch.yml

inventory

@@ -0,0 +1,18 @@
+[alfresco_local]
+192.168.33.10
+
+[solr_local]
+192.168.33.10
+
+[alfresco_dev]
+
+[solr_dev]
+
+[alfresco_test]
+
+[solr_test]
+
+[alfresco_prod]
+
+[solr_prod]
+

local/README.md

@@ -0,0 +1,35 @@
+# Local virtual machine test server setup
+
+This directory is used to configure and run a local virtual machine as a test
+server. This is handy for testing out various Ansible playbooks. The goal is for
+the virtual machine to be set up similar to how a barebones server is set up
+by the infrastructure team.
+
+## Pre-requisites
+
+In addition to Ansible, this setup expects you to have [Vagrant](https://www.vagrantup.com/)
+and [VirtualBox](https://www.virtualbox.org/) installed.
+
+The first time you create the virtual machine, Vagrant will use Ansible to do
+some additional configuration. The playbook that does this resides in the
+provisioning directory.
+
+The provisioning playbook will also set up an SSH key for the alfresco user so
+that you can ssh without providing a password. The path to the SSH key is
+specified as a var in the playbook.
+
+## Running
+
+Before running vagrant, if you are using a Python virtual environment for
+Ansible, activate the environment. Vagrant will use Ansible to set up the box.
+
+To start up the virtual machine, run `vagrant up`.
+
+If you need to connect you can either use `vagrant ssh` or you can SSH as you
+normally would using the virtual machine's IP address (see the Vagrantfile).
+
+To check on the status of the machine, run `vagrant status`.
+
+To stop the virtual machine, run `vagrant halt`.
+
+To completely remove the virtual machine, run `vagrant destroy`.

local/Vagrantfile

@@ -0,0 +1,72 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure(2) do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://vagrantcloud.com/search.
+  config.vm.box = "centos/7"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  config.vm.network "forwarded_port", guest: 8080, host: 8080
+  config.vm.network "forwarded_port", guest: 8443, host: 8443
+  config.vm.network "forwarded_port", guest: 8983, host: 8983
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  # config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  # config.vm.synced_folder "../data", "/vagrant_data"
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  config.vm.provider "virtualbox" do |vb|
+     # Display the VirtualBox GUI when booting the machine
+     #vb.gui = true
+
+     # Customize the amount of memory on the VM:
+     vb.memory = "4096"
+  end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+  #config.vm.provision "shell", inline: <<-SHELL
+  # sudo apt-get update
+  # sudo apt-get install -y apache2
+  # SHELL
+  config.vm.provision "ansible" do |ansible|
+    ansible.playbook = "provisioning/playbook.yml"
+    ansible.extra_vars = { ansible_ssh_user: 'vagrant' }
+    ansible.sudo = true
+  end
+
+end