Installing and Configuring Alfresco Community Edition: A Comprehensive Guide — Parto 02
Alfresco Content Services Deployment Guide
This document details the steps to deploy Alfresco Content Services (ACS) using the Ansible playbook available in the provided project repository.
Getting Started
To deploy ACS on a pristine host running a supported Linux distribution, follow this guide for a localhost deployment.
Initial Setup
Clone the Repository
Fetch the latest source or a specific release from the repository:
git clone https://github.com/Alfresco/alfresco-ansible-deployment.git cd alfresco-ansible-deployment
Set Up Runtime Environment
Ensure Python 3.9 or higher is installed:
python3 --version
Install pipenv
to manage Python dependencies consistently:
pip install --user pipenv
Install Ansible and other required dependencies using pipenv
:
pipenv install --deploy pipenv run ansible-galaxy install -r requirements.yml
Minimal Configuration
Before running the playbook, you must configure the domain name for Alfresco services.
- Configure Known URLs
- Edit the
group_vars/repository.yml
file to include the domain name where Alfresco applications will be accessed:
known_urls:
- https://ecm.acme.com/share
- http://ecm.acme.com/sharey
Understanding the Inventory File
Use inventory_local.yml
to deploy all components on the local machine.
Launching the Installation
Execute the playbook with the following command:
pipenv run ansible-playbook playbooks/acs.yml -i inventory_local.yml -e ecm_host=192.168.100.158 -e "@community-extra-vars.yml"
Post-Installation Configuration
Once the installation is complete, configure the Alfresco Global Properties and other services.
Alfresco Global Properties
Edit the alfresco-global.properties
file located at /etc/opt/alfresco/content-services/classpath
:
For alfresco
alfresco.host=local_domain_name # for ex alfresco.domain.xyz
alfresco.port=80
alfresco.protocol=http
alfresco.cluster.enabled=false
dir.root=/mnt/data/alfresco/content-services/content
For share service
share.host=alfresco.domain.xyz #the same as alfresco host
share.port=80
share.protocol=http
Configure the database settings:
db.url=jdbc:postgresql://db-host-ip:db-port/db-name
db.driver=org.postgresql.Driver
db.username=alfresco
db.password=alfresco
Cors configuration
# CORS filter overrides
cors.enabled=true
cors.allowed.origins=https://{loadbalancer_host},https?://localhost # the load balancer host will configured later with haproxy
cors.allowed.methods=DELETE,GET,HEAD,OPTIONS,POST,PUT
cors.allowed.headers=Accept,Access-Control-Request-Headers,Access-Control-Request-Method,Authorization,Cache-Control,Content-Type,Origin,X-CSRF-Token,X-Requested-With
cors.exposed.headers=Access-Control-Allow-Origin,Access-Control-Allow-Credentials
cors.support.credentials=true
cors.preflight.maxage=10
Set up Keycloak integration:
identity-service.credentials.secret="client-secret"
identity-service.auth-server-url="keycloak-host-address"
identity-service.realm="keycloak-realm"
identity-service.resource="keycloak-realm-client"
Authenticate with Keycloak Server: update share-config-custom.xml
Update the share-config-custom.xml
file to configure authentication with the Keycloak server:
vim /etc/opt/alfresco/content-services/classpath/alfresco/web-extension/share-config-custom.xml
Add the following configuration at the end of the file:
<config evaluator="string-compare" condition="AIMS">
<enabled>true</enabled>
<realm>your-realm</realm>
<resource>your-ressource</resource>
<secret>ressource secret</secret>
<authServerUrl>keycloak-host-url</authServerUrl>
<publicClient>false</publicClient>
</config>
Uncomment this configuration for poduction environment:
<!-- Security warning -->
<!-- For production environment set verify-hostname to true.-->
<config evaluator="string-compare" condition="Remote">
<remote>
<ssl-config>
<keystore-path>alfresco/web-extension/alfresco-system.p12</keystore-path>
<keystore-type>pkcs12</keystore-type>
<keystore-password>alfresco-system</keystore-password>
<truststore-path>alfresco/web-extension/ssl-truststore</truststore-path>
<truststore-type>JCEKS</truststore-type>
<truststore-password>password</truststore-password>
<verify-hostname>true</verify-hostname>
</ssl-config>
<connector>
<id>alfrescoCookie</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
</connector>
<connector>
<id>alfrescoHeader</id>
<name>Alfresco Connector</name>
<description>Connects to an Alfresco instance using header and cookie-based authentication</description>
<class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
<userHeader>SsoUserHeader</userHeader>
</connector>
<endpoint>
<id>alfresco</id>
<name>Alfresco - user access</name>
<description>Access to Alfresco Repository WebScripts that require user authentication</description>
<connector-id>alfrescoCookie</connector-id>
<endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
<endpoint>
<id>alfresco-feed</id>
<parent-id>alfresco</parent-id>
<name>Alfresco Feed</name>
<description>Alfresco Feed - supports basic HTTP authentication via the EndPointProxyServlet</description>
<connector-id>alfrescoHeader</connector-id>
<endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
<endpoint>
<id>alfresco-api</id>
<parent-id>alfresco</parent-id>
<name>Alfresco Public API - user access</name>
<description>Access to Alfresco Repository Public API that require user authentication.
This makes use of the authentication that is provided by parent 'alfresco' endpoint.</description>
<connector-id>alfrescoHeader</connector-id>
<endpoint-url>http://localhost:8080/alfresco/api</endpoint-url>
<identity>user</identity>
<external-auth>true</external-auth>
</endpoint>
</remote>
</config>
Solr and CORS Settings
Configure Solr and CORS filter overrides:
solr.host=local_hostname_or_ip_addr
cors.allowed.origins=http://your-local-host-addr
Restart Alfresco Service
Restart the Alfresco content service to apply the new configurations:
systemctl restart alfresco-content.service
Import CA Certificate
Add your CA certificate to the Java keystore:
keytool -importcert -keystore /opt/openjdk-17.0.9/lib/security/cacerts -storepass changeit -file certificate.crt -alias "keycloak"
This guide provides a structured approach to deploy ACS using Ansible, ensuring a consistent setup across different environments.
Part 01 : https://medium.com/p/6ddd06416711
Part 03 : https://medium.com/p/bcde44232f59