Open in app

Sign in

Write

Sign in

Installing and Configuring Alfresco Community Edition: A Comprehensive Guide — Parto 02

Dergham Lahcene
3 min readMay 31, 2024

--

Alfresco Content Services Deployment Guide

This document details the steps to deploy Alfresco Content Services (ACS) using the Ansible playbook available in the provided project repository.

Getting Started

To deploy ACS on a pristine host running a supported Linux distribution, follow this guide for a localhost deployment.

Initial Setup

Clone the Repository

Fetch the latest source or a specific release from the repository:

git clone https://github.com/Alfresco/alfresco-ansible-deployment.git cd alfresco-ansible-deployment

Set Up Runtime Environment

Ensure Python 3.9 or higher is installed:

python3 --version

Install pipenv to manage Python dependencies consistently:

pip install --user pipenv

Install Ansible and other required dependencies using pipenv:

pipenv install --deploy pipenv run ansible-galaxy install -r requirements.yml

Minimal Configuration

Before running the playbook, you must configure the domain name for Alfresco services.

  1. Configure Known URLs
  2. Edit the group_vars/repository.yml file to include the domain name where Alfresco applications will be accessed:
known_urls:   
  - https://ecm.acme.com/share   
  - http://ecm.acme.com/sharey

Understanding the Inventory File

Use inventory_local.yml to deploy all components on the local machine.

Launching the Installation

Execute the playbook with the following command:

pipenv run ansible-playbook playbooks/acs.yml -i inventory_local.yml -e ecm_host=192.168.100.158 -e "@community-extra-vars.yml"

Post-Installation Configuration

Once the installation is complete, configure the Alfresco Global Properties and other services.

Alfresco Global Properties

Edit the alfresco-global.properties file located at /etc/opt/alfresco/content-services/classpath:

For alfresco

alfresco.host=local_domain_name # for ex alfresco.domain.xyz
alfresco.port=80
alfresco.protocol=http
alfresco.cluster.enabled=false
dir.root=/mnt/data/alfresco/content-services/content

For share service

share.host=alfresco.domain.xyz #the same as alfresco host
share.port=80
share.protocol=http

Configure the database settings:

db.url=jdbc:postgresql://db-host-ip:db-port/db-name
db.driver=org.postgresql.Driver
db.username=alfresco
db.password=alfresco

Cors configuration

# CORS filter overrides
cors.enabled=true
cors.allowed.origins=https://{loadbalancer_host},https?://localhost # the load balancer host will configured later with haproxy
cors.allowed.methods=DELETE,GET,HEAD,OPTIONS,POST,PUT
cors.allowed.headers=Accept,Access-Control-Request-Headers,Access-Control-Request-Method,Authorization,Cache-Control,Content-Type,Origin,X-CSRF-Token,X-Requested-With
cors.exposed.headers=Access-Control-Allow-Origin,Access-Control-Allow-Credentials
cors.support.credentials=true
cors.preflight.maxage=10

Set up Keycloak integration:

identity-service.credentials.secret="client-secret"
identity-service.auth-server-url="keycloak-host-address"
identity-service.realm="keycloak-realm"
identity-service.resource="keycloak-realm-client"

Authenticate with Keycloak Server: update share-config-custom.xml

Update the share-config-custom.xml file to configure authentication with the Keycloak server:

vim /etc/opt/alfresco/content-services/classpath/alfresco/web-extension/share-config-custom.xml

Add the following configuration at the end of the file:

<config evaluator="string-compare" condition="AIMS">
    <enabled>true</enabled>
    <realm>your-realm</realm>
    <resource>your-ressource</resource>
    <secret>ressource secret</secret>
    <authServerUrl>keycloak-host-url</authServerUrl>
    <publicClient>false</publicClient>
</config>

Uncomment this configuration for poduction environment:

<!-- Security warning -->
   <!-- For production environment set verify-hostname to true.-->
   <config evaluator="string-compare" condition="Remote">
           <remote>
         <ssl-config>
            <keystore-path>alfresco/web-extension/alfresco-system.p12</keystore-path>
            <keystore-type>pkcs12</keystore-type>
            <keystore-password>alfresco-system</keystore-password>
            <truststore-path>alfresco/web-extension/ssl-truststore</truststore-path>
            <truststore-type>JCEKS</truststore-type>
            <truststore-password>password</truststore-password>
            <verify-hostname>true</verify-hostname>
         </ssl-config>
         <connector>
            <id>alfrescoCookie</id>
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using cookie-based authentication</description>
            <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
         </connector>
         <connector>
            <id>alfrescoHeader</id>
            <name>Alfresco Connector</name>
            <description>Connects to an Alfresco instance using header and cookie-based authentication</description>
            <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
            <userHeader>SsoUserHeader</userHeader>
         </connector>
         <endpoint>
            <id>alfresco</id>
            <name>Alfresco - user access</name>
            <description>Access to Alfresco Repository WebScripts that require user authentication</description>
            <connector-id>alfrescoCookie</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
            <identity>user</identity>
            <external-auth>true</external-auth>
         </endpoint>
         <endpoint>
            <id>alfresco-feed</id>
            <parent-id>alfresco</parent-id>
            <name>Alfresco Feed</name>
            <description>Alfresco Feed - supports basic HTTP authentication via the EndPointProxyServlet</description>
            <connector-id>alfrescoHeader</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
            <identity>user</identity>
            <external-auth>true</external-auth>
         </endpoint>
         <endpoint>
            <id>alfresco-api</id>
            <parent-id>alfresco</parent-id>
            <name>Alfresco Public API - user access</name>
            <description>Access to Alfresco Repository Public API that require user authentication.
                         This makes use of the authentication that is provided by parent 'alfresco' endpoint.</description>
            <connector-id>alfrescoHeader</connector-id>
            <endpoint-url>http://localhost:8080/alfresco/api</endpoint-url>
            <identity>user</identity>
            <external-auth>true</external-auth>
         </endpoint>
      </remote>
   </config>

Solr and CORS Settings

Configure Solr and CORS filter overrides:

solr.host=local_hostname_or_ip_addr
cors.allowed.origins=http://your-local-host-addr

Restart Alfresco Service

Restart the Alfresco content service to apply the new configurations:

systemctl restart alfresco-content.service

Import CA Certificate

Add your CA certificate to the Java keystore:

keytool -importcert -keystore /opt/openjdk-17.0.9/lib/security/cacerts -storepass changeit -file certificate.crt -alias "keycloak"

This guide provides a structured approach to deploy ACS using Ansible, ensuring a consistent setup across different environments.

Part 01 : https://medium.com/p/6ddd06416711

Part 03 : https://medium.com/p/bcde44232f59

Linux
DevOps
System Administration
Information Technology
Alfresco

--

--

Dergham Lahcene

Written by Dergham Lahcene

44 Followers

DevOps | Cloud Engineer

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams