alfresco / alfresco-ansible-deployment Goto Github PK
View Code? Open in Web Editor NEWAnsible playbooks for deploying ACS
Home Page: https://alfresco.github.io/alfresco-ansible-deployment/
License: Apache License 2.0
Ansible playbooks for deploying ACS
Home Page: https://alfresco.github.io/alfresco-ansible-deployment/
License: Apache License 2.0
I make new install of Alfresco 7.3 with the last github alfresco-ansible-deployment on multiple platforms like CentOS 7, CenOS 8 and Ubuntu 22.04. On all installations, I always encounter the same problem: Failure, We couldn't create user.
There are also other functions that do not work. I don't seem to have permission to use Alfresco 7.3 Community. I don't see any errors during installation and no errors in the logs. Any clues?
Ubuntu 22.04
No error
Installation on VMware Ubuntu 22.04 Desktop.
git clone https://github.com/Alfresco/alfresco-ansible-deployment.git
cd alfresco-ansible-deployment/
pip install --user pipenv
sudo apt install pipenv -y
cd playbooks/
pipenv install --deploy
cd ..
pipenv run ansible-galaxy install -r requirements.yml
pipenv run ansible-playbook --ask-vault-pass playbooks/acs.yml
openssl rand -base64 21 > ~/.vault_pass.txt
export ANSIBLE_VAULT_PASSWORD_FILE=~/.vault_pass.txt
pipenv run ansible-playbook -e vault_init=encrypted_variables playbooks/secrets-init.yml
pipenv run ansible-playbook playbooks/acs.yml -i inventory_local.yml -e "@community-extra-vars.yml"
(I access with my web brower to /share, login with admin,admin, go to Admin Tools and try to create New User
Failure, We couldn't create user. When I submit form)
PLAY RECAP *********************************************************************************************************************************************
localhost : ok=207 changed=112 unreachable=0 failed=0 skipped=206 rescued=0 ignored=0
Hello everyone,
I am discovering Ansible, I need your expertise for this error message:
TASK [../roles/postgres : Configure postgresql client auth] *********************************************************************************************************************************************************************************
task path: /opt/ansiblealfresco/alfresco-ansible-deployment-2.0.0/roles/postgres/tasks/main.yml:41
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: root
<localhost> EXEC /bin/sh -c 'echo ~root && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /root/.ansible/tmp `"&& mkdir "` echo /root/.ansible/tmp/ansible-tmp-1657639107.27-13718-160893885570647 `" && echo ansible-tmp-1657639107.27-13718-160893885570647="` echo /root/.ansible/tmp/ansible-tmp-1657639107.27-13718-160893885570647 `" ) && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /root/.ansible/tmp/ansible-tmp-1657639107.27-13718-160893885570647/ > /dev/null 2>&1 && sleep 0'
fatal: [localhost]: FAILED! => {
"changed": false,
"msg": "AnsibleUndefinedVariable: 'unicode object' has no attribute 'local_addr'"
}
PLAY RECAP **********************************************************************************************************************************************************************************************************************************
localhost : ok=17 changed=0 unreachable=0 failed=1 skipped=9 rescued=0 ignored=0
I am playing this command:
# ansible-playbook playbooks/acs.yml -i inventory_local.yml -e "@community-extra-vars.yml" -vvv
I found out the 'local_addr' is in the pg_hba.conf.j2 but i have no clue how to resolve it.
Need a little help please :D
Regards, Alexandre
Ubuntu 20.04 doesn't have curl
utility installed by default, it is causing that /opt/alfresco/alfresco-content-monitored-startup.sh
is failing and will stop Alfresco in a few mins after successful startup.
I used the latest code in master branch from 29May2022.
Ubuntu 20.04
NA
Users and groups are created witha static uid/gid.
If that uid/gid already exist on the target server the playbook fails ans installation stops at a very early stage.
The fact uid & gid used are 1001 makes this issue very likely to happen as 1001 would be the first uid/gid allocated to user or groups created on a newly installed system (considering most distribution will create an admin user in addtion to root during installtion). So if any additional user is added the installation will fail.
Ansible Deployment Release: (Latest) v2.1.0 (ACS 7.2.1)
OS: Ubuntu 20.04.5
vars/secret.yml :
repo_db_password: 'name1'
sync_db_password: 'name1'
reposearch_shared_secret: 'name1'
activemq_password: 'name1'
Ran the installation using pipenv without error.
Error message: Failure / We couldn't create user .
Cannot find relevant Error message in logs.
Hello!I installed alfresco using ansble method of installation from this site
https://docs.alfresco.com/content-services/community/install/ansible/
When i open it in browser-there is no alfresco content application.
There is a blank window.But there should be identification window to alfresco content application.
I can enter alfresco using this link 192.168.1.161/share.But i also need alfresco content application.
How can i switch on or install alfresco content application ?This is sharing files in alfresco.
You can see on the first picture where i have no window with alfresco content application.
And on the second picture i have window with alfresco content application .I installed alfresco with docker.
But i need this application with ansible method of installation.
I'm not sure how this situation occurred, but after updating my system to RHEL 8.6, I was unable to start nginx due to incorrect SELinux labels on /var/log/alfresco/nginx.alfresco.access.log
and /var/log/alfresco/nginx.alfresco.error.log
.
My solution was to add an fcontext mapping to change the type to http_log_t
:
sudo semanage fcontext --add --type 'httpd_log_t' '/var/log/alfresco/nginx.*'
sudo restorecon -v /var/log/alfresco/nginx.alfresco.{access,error}.log
RHEL 8.6
N/A
Include a task to add an fcontext mapping, e.g.
- name: Allow nginx to write log files to /var/log/alfresco
community.general.sefcontext:
target: '/var/log/alfresco/nginx.*'
setype: httpd_log_t
state: present
- name: Apply new SELinux file context to filesystem
ansible.builtin.command: restorecon -iv /var/log/alfresco/nginx.*
Hey, after installing Alfresco via Ansible I've got a strange situation with OnlyOffice integration.
It's all done by the book, but I'm getting
ERROR [web.context.ContextLoader] [main] Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'patch.updateAdminUserWhenDefault' defined in URL [jar:file:/var/opt/alfresco/tomcat/webapps/alfresco/WEB-INF/lib/alfresco-repository-8.423.jar!/alfresco/patch/patch-services-context.xml]: Invocation of init method failed; nested exception is org.springframework.beans.factory.BeanDefinitionStoreException: Invalid bean definition with name 'transformer.onlyoffice' defined in URL [jar:file:/var/opt/alfresco/tomcat/webapps/alfresco/WEB-INF/lib/onlyoffice-integration-repo.jar!/alfresco/extension/onlyoffice-context.xml]: Could not resolve parent bean definition 'baseContentTransformer'; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'baseContentTransformer' available
I'm not sure where to look at
Hi,
It is detected that the following "sh" boot files have the path of the "setenv.sh" hard coded without using the ansible configuration path {{ config_folder }}.
The following change is proposed
## original
. /etc/opt/alfresco/setenv.sh
## change
. {{ config_folder }}/setenv.sh
Affected files
Hi,
I tried alfresco-ansible-deployment v2.0 but got the following error (I tried it on two different machines; CentOS 7.9 and Oracle Linux 8.5). I hope someone can give me hint to solve this problem.
Thank you,
Matthias
PS.: Version v1.2.0 works flawless
ERROR! 'notify' is not a valid attribute for a Block
The error appears to be in '/opt/alfresco-ansible-deployment-2.0.0/roles/nginx/tasks/vhosts.yml': line 37, column 3, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: Vhosts config
^ here
In the community-extra-vars.yml extra var definition, a repository is referring to an 'enterprise' one?
RHEL 8 (Actually Almalinux 8)
iirc couldn't open "{{ nexus_repository.enterprise_releases }}/integrations/alfresco-googledrive-repo-community"
(sorry I lost the accurate message but not be able to rerun right now :()
Paste the output of the following commands:
└─$ pipenv run ansible --version
ansible [core 2.12.10]
config file = /home/jlst/Ansible/alfresco-ansible-deployment-2.2.0/ansible.cfg
configured module search path = ['/home/jlst/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/jlst/.local/share/virtualenvs/alfresco-ansible-deployment-2.2.0-uRpBk9AW/lib/python3.9/site-packages/ansible
ansible collection location = /home/jlst/.ansible/collections:/usr/share/ansible/collections
executable location = /home/jlst/.local/share/virtualenvs/alfresco-ansible-deployment-2.2.0-uRpBk9AW/bin/ansible
python version = 3.9.13 (main, Nov 27 2022, 12:32:52) [GCC 12.2.0]
jinja version = 3.1.2
libyaml = True
└─$ pipenv run ansible-config dump --only-changed
ANSIBLE_PIPELINING(/home/jlst/Ansible/alfresco-ansible-deployment-2.2.0/ansible.cfg) = True
└─$ pipenv run ansible-inventory -i my_inventory_ssh.yml --graph
@all:
|--@activemq:
| |--activemq_1
|--@adw:
| |--adw_1
|--@database:
| |--database_1
|--@elasticsearch:
|--@external:
| |--@external_activemq:
| |--@external_elasticsearch:
| |--@other_repo_clients:
|--@external_activemq:
|--@external_elasticsearch:
|--@nginx:
| |--nginx_1
|--@other_repo_clients:
|--@repository:
| |--repository_1
|--@search:
| |--search_1
|--@search_enterprise:
|--@syncservice:
| |--syncservice_1
|--@transformers:
| |--transformers_1
|--@trusted_resource_consumers:
| |--@adw:
| | |--adw_1
| |--@nginx:
| | |--nginx_1
| |--@other_repo_clients:
| |--@repository:
| | |--repository_1
|--@ungrouped:
This task can only be picked up after the issues bellow have been fixed:
The file setenv.sh
is deployed by the java role using template and amended using its dependent roles. such as tomcat, search, sync, etc…
This is problematic generally speaking (in particular for idempotence) as we want to avoid cases where one part of the playbook may interfere with what another part needs to do.
all
molecule idempotence test failures (currently skipped using molecule-idempotence-notest
)
java
do not provide a setenv.sh
fileThe file setenv.sh
is deployed by the java role using template and amended using its dependent roles. such as tomcat, search, sync, etc…
This is problematic generally speaking (in particular for idempotence) as we want to avoid cases where one part of the playbook may interfere with what another part needs to do.
all
molecule idempotence test failures (currently skipped using molecule-idempotence-notest
)
A possible way around that would be to take common env variable population out of the java role and let each role do it by directly using the systemd unit file Environment=
or EnvironmentFile=
. As a result:
activemq
role provides its own set of vars in a systemd unit environment filelineinfile
or blockinfile
task is used to amend the setenv.sh
filesetenv.sh
fileIt could be useful to add a configuration to enable the GC logs on a file.
It can be activated on Repository Role (
-Xlog:gc*:file={{ logs_folder }}/alfresco_gc-%t.log:time,uptime,level,tags
On Search Role the GC logs are already activated with the default configuration, but we can have the same Repo role configuration
adding to this (
GC_LOG_OPTS: "-Xlog:gc*:file={{ logs_folder }}/solr_gc-%t.log:time,uptime,level,tags"
Hi,
I try to edit project files to install all Alfresco components (without systemd services) in a not-OS folder (like /home/alfresco/test).
It is a very hard edit. For every commit/release of this repo it is too hard to retry. I think that this "local mode" could be very useful and an important improvement for this project.
For example, for development environment, I can have multiple alfresco instance on my machine.
I hope you consider this improvement as a future milestone.
Federico
Hi, I'm trying to install alfresco through the standard package that is available on the website for installations via ansible, but when I get to download alfresco-transform-core-aio-boot-2.3.10.jar I get a huge error.
I checked the nexus repository and I can manually download the file, do you have any idea what might be going on?
error:
fatal: [transformers_1]: FAILED! => {"msg": "An unhandled exception occurred while templating '{'acs_zip_url': '{{ nexus_repository.enterprise_releases }}org/alfresco/alfresco-content-services-distribution/{{ acs.version }}/alfresco-content-services-distribution-{{ acs.version }}.zip', 'acs_zip_sha1_checksum': "{{ lookup('url', '{{ nexus_repository.enterprise_releases }}org/alfresco/alfresco-content-services-distribution/{{ acs.version }}/alfresco-content-services-distribution-{{ acs.version }}.zip.sha1', username=lookup('env', 'NEXUS_USERNAME'), password=lookup('env', 'NEXUS_PASSWORD')) }}", 'adw_zip_url': '{{ nexus_repository.enterprise_releases }}/org/alfresco/alfresco-digital-workspace/{{ adw.version }}/alfresco-digital-workspace-{{ adw.version }}.zip', 'adw_zip_sha1_checksum': "{{ lookup('url', '{{ nexus_repository.enterprise_releases }}/org/alfresco/alfresco-digital-workspace/{{ adw.version }}/alfresco-digital-workspace-{{ adw.version }}.zip.sha1', username=lookup('env', 'NEXUS_USERNAME'), password=lookup('env', 'NEXUS_PASSWORD')) }}", 'search_zip_url': '{{ nexus_repository.releases }}/org/alfresco/alfresco-search-services/{{ search.version }}/alfresco-search-services-{{ search.version }}.zip', 'search_zip_sha1_checksum': "{{ lookup('url', '{{ nexus_repository.releases }}/org/alfresco/alfresco-search-services/{{ search.version }}/alfresco-search-services-{{ search.version }}.zip.sha1', username=lookup('env', 'NEXUS_USERNAME'), password=lookup('env', 'NEXUS_PASSWORD')) }}", 'sfs_jar_url': '{{ nexus_repository.enterprise_releases }}/org/alfresco/alfresco-shared-file-store-controller/{{ sfs.version }}/alfresco-shared-file-store-controller-{{ sfs.version }}.jar', 'sfs_jar_sha1_checksum': "{{ lookup('url', '{{ nexus_repository.enterprise_releases }}/org/alfresco/alfresco-shared-file-store-controller/{{ sfs.version }}/alfresco-shared-file-store-controller-{{ sfs.version }}.jar.sha1', username=lookup('env', 'NEXUS_USERNAME'), password=lookup('env', 'NEXUS_PASSWORD')) }}", 'trouter_jar_url': '{{ nexus_repository.enterprise_releases }}/org/alfresco/alfresco-transform-router/{{ trouter.version }}/alfresco-transform-router-{{ trouter.version }}.jar', 'trouter_jar_sha1_checksum': "{{ lookup('url', '{{ nexus_repository.enterprise_releases }}/org/alfresco/alfresco-transform-router/{{ trouter.version }}/alfresco-transform-router-{{ trouter.version }}.jar.sha1', username=lookup('env', 'NEXUS_USERNAME'), password=lookup('env', 'NEXUS_PASSWORD')) }}", 'transform_jar_url': '{{ nexus_repository.releases }}/org/alfresco/alfresco-transform-core-aio-boot/{{ transform.version }}/alfresco-transform-core-aio-boot-{{ transform.version }}.jar', 'transform_jar_sha1_checksum': "{{ lookup('url', '{{ nexus_repository.releases }}/org/alfresco/alfresco-transform-core-aio-boot/{{ transform.version }}/alfresco-transform-core-aio-boot-{{ transform.version }}.jar.sha1', username=lookup('env', 'NEXUS_USERNAME'), password=lookup('env', 'NEXUS_PASSWORD')) }}", 'sync_zip_url': 'https://artifacts.alfresco.com/nexus/content/groups/private/org/alfresco/services/sync/sync-dist-6.x/{{ sync.version }}/sync-dist-6.x-{{ sync.version }}.zip', 'sync_zip_sha1_checksum': "{{ lookup('url', 'https://artifacts.alfresco.com/nexus/content/groups/private/org/alfresco/services/sync/sync-dist-6.x/{{ sync.version }}/sync-dist-6.x-{{ sync.version }}.zip.sha1', username=lookup('env', 'NEXUS_USERNAME'), password=lookup('env', 'NEXUS_PASSWORD')) }}"}'. Error was a <class 'ansible.errors.AnsibleError'>, original message: An unhandled exception occurred while running the lookup plugin 'url'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Received HTTP error for https://artifacts.alfresco.com/nexus/service/local/repositories/enterprise-releases/content/org/alfresco/alfresco-content-services-distribution/7.0.0/alfresco-content-services-distribution-7.0.0.zip.sha1 : HTTP Error 401: Unauthorized"}
On Oracle Cloud Infrastructure, when I try to deploy the ACS inside an Ubuntu 22.04 OS, I get error when the playbook tries to download Nexus binaries. There are no problems for Apache ones.
Ubuntu 22.04
operating_system: Canonical-Ubuntu-22.04-2023.07.20-0
image_id:
ocid1.image.oc1.eu-zurich-1.aaaaaaaarxcjh5ac763nuruhtigyuyyaeqpe6oop7mgimcuumauhcjwf6rsa
Here is the error:
Tuesday 22 August 2023 08:09:53 +0000 (0:00:02.139) 0:03:34.543 ********
[started TASK: ../roles/transformers : Download ImageMagick distribution on oci/mop-alf-ce-tools]
TASK [../roles/transformers : Download ImageMagick distribution] *************************************************************************************************
failed: [oci/mop-alf-ce-tools] (item=imagemagick-distribution-ubuntu-22.04) => {"ansible_loop_var": "item", "changed": false, "dest": "/tmp/ansible_artefacts/imagemagick-distribution-7.1.0-16-ci-2-ubuntu-22.04.deb", "elapsed": 0, "item": "imagemagick-distribution-ubuntu-22.04", "msg": "Request failed: <urlopen error [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997)>", "url": "https://artifacts.alfresco.com/nexus/content/groups/public/org/alfresco/../imagemagick/imagemagick-distribution/7.1.0-16-ci-2/imagemagick-distribution-7.1.0-16-ci-2-ubuntu-22.04.deb"}
The transformers
group contains the host oci/mop-alf-ce-tools
. When I try to run the playbook, it fails on the above error. Before that point, the playbook is able to download Apache-related binaries:
alfresco@mop-alf-ce-tools:/tmp/ansible_artefacts$ ls -l
total 249964
drwxrwxrwx 2 alfresco alfresco 4096 Aug 22 12:38 ./
drwxrwxrwt 15 root root 4096 Aug 22 12:48 ../
-rw------- 1 ubuntu ubuntu 1949 Aug 22 10:09 9c817fd05fc0d4ec5699b37650a2a3cdfcefb6ef.pem
-rw-rw-r-- 1 ubuntu ubuntu 191514138 Aug 22 10:08 OpenJDK11U-jdk_x64_linux_17.0.3_7.tar.gz
-rw-r--r-- 1 ubuntu ubuntu 64418725 Aug 22 10:09 apache-activemq-5.16.6-bin.tar.gz
-r-------- 1 ubuntu ubuntu 5857 Aug 22 10:09 fc87cf56fbd9dabb8063a767b49646c68856106b.p12
alfresco@mop-alf-ce-tools:/tmp/ansible_artefacts$
I created a small playbook with only 1 task which is this download and I got the following:
TASK [Download ImageMagick distribution] *************************************************************************************************************************
task path: /workspace/yak/component_types/alfresco_ecm/playbooks/transform.yml:6
failed: [oci/mop-alf-ce-tools] (item=imagemagick-distribution-ubuntu-22.04) => {
"ansible_loop_var": "item",
"changed": false,
"dest": "/tmp/ansible_artefacts/imagemagick-distribution-7.1.0-16-ci-2-ubuntu-22.04.deb",
"elapsed": 0,
"invocation": {
"module_args": {
"attributes": null,
"backup": false,
"checksum": "sha1:71abb87a836e3defa474551352084bf475e23373",
"ciphers": null,
"client_cert": null,
"client_key": null,
"decompress": true,
"dest": "/tmp/ansible_artefacts/imagemagick-distribution-7.1.0-16-ci-2-ubuntu-22.04.deb",
"force": false,
"force_basic_auth": false,
"group": null,
"headers": null,
"http_agent": "ansible-httpget",
"mode": "0644",
"owner": null,
"selevel": null,
"serole": null,
"setype": null,
"seuser": null,
"timeout": 10,
"tmp_dest": null,
"unredirected_headers": [],
"unsafe_writes": false,
"url": "https://artifacts.alfresco.com/nexus/content/groups/public/org/alfresco/../imagemagick/imagemagick-distribution/7.1.0-16-ci-2/imagemagick-distribution-7.1.0-16-ci-2-ubuntu-22.04.deb",
"url_password": null,
"url_username": null,
"use_gssapi": false,
"use_netrc": true,
"use_proxy": true,
"validate_certs": true
}
},
"item": "imagemagick-distribution-ubuntu-22.04",
"msg": "Request failed: <urlopen error [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997)>",
"url": "https://artifacts.alfresco.com/nexus/content/groups/public/org/alfresco/../imagemagick/imagemagick-distribution/7.1.0-16-ci-2/imagemagick-distribution-7.1.0-16-ci-2-ubuntu-22.04.deb"
}
hosts: transformers
gather_facts: true
tasks:
PLAY RECAP *******************************************************************************************************************************************************
oci/mop-alf-ce-tools : ok=1 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
Since it appears to be SSL related, I checked the protocol/cipher available on the Alfresco Nexus:
root@mop-alf-ce-tools:~# openssl s_client -connect artifacts.alfresco.com:443
CONNECTED(00000003)
...
---
SSL handshake has read 4858 bytes and written 474 bytes
Verification: OK
---
New, TLSv1.0, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-SHA
....
So it appears that from the target OS, I can connect to the Alfresco Nexus using TLS1.2 and "ECDHE-RSA-AES256-SHA" as cipher. Therefore I tried adding this cipher into the get_url
module:
get_url:
url: "{{ pkg_url }}"
checksum: "sha1:{{ lookup('url', pkg_url + '.sha1') }}"
dest: "{{ download_location }}/{{ pkg_name }}"
mode: "0644"
ciphers:
- ECDHE-RSA-AES256-SHA
loop: "{{ imagemagick_packages }}"
After adding this list of 1 cipher, it's working correctly:
Tuesday 22 August 2023 11:17:47 +0000 (0:00:01.520) 0:00:01.547 ********
[started TASK: Download ImageMagick distribution on oci/mop-alf-ce-tools]
TASK [Download ImageMagick distribution] *************************************************************************************************************************
changed: [oci/mop-alf-ce-tools] => (item=imagemagick-distribution-ubuntu-22.04)
PLAY RECAP *******************************************************************************************************************************************************
oci/mop-alf-ce-tools : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
And the file is indeed there:
root@mop-alf-ce-tools:/tmp/ansible_artefacts# ls -ltr
total 253320
-rw-rw-r-- 1 ubuntu ubuntu 191514138 Aug 22 10:08 OpenJDK11U-jdk_x64_linux_17.0.3_7.tar.gz
-rw-r--r-- 1 ubuntu ubuntu 64418725 Aug 22 10:09 apache-activemq-5.16.6-bin.tar.gz
-r-------- 1 ubuntu ubuntu 5857 Aug 22 10:09 fc87cf56fbd9dabb8063a767b49646c68856106b.p12
-rw------- 1 ubuntu ubuntu 1949 Aug 22 10:09 9c817fd05fc0d4ec5699b37650a2a3cdfcefb6ef.pem
-rw-r--r-- 1 ubuntu ubuntu 3443106 Aug 22 13:17 imagemagick-distribution-7.1.0-16-ci-2-ubuntu-22.04.deb
root@mop-alf-ce-tools:/tmp/ansible_artefacts#
I don't know why exactly, but it seems that the default ciphers used by Ansible on Ubuntu 22.04 on OCI might not be compatible with the Alfresco Nexus and causing this to fail... Any idea on what to do to fix the issue permanently? We could of course add the list of ciphers from the Nexus into the Playbook, but that would be harcoding some list that might change in the future...
I'm installing alfresco community edition 7.2 on CentOS 7 with Python 3.8 and Ansible 2.13. It fails with the following error:
TASK [../roles/repository : Ensure a list of packages installed] ***************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "It appears that a space separated string of packages was passed in as an argument. To operate on several packages, pass a comma separated string of packages or a list of packages."}
The task in roles/repository/tasks/main.yml looks like:
CentOS 7
TASK [../roles/repository : Ensure a list of packages installed] ***************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "It appears that a space separated string of packages was passed in as an argument. To operate on several packages, pass a comma separated string of packages or a list of packages."}
Paste the output of the following commands:
ansible [core 2.13.3]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /root/.local/lib/python3.8/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /root/.local/bin/ansible
python version = 3.8.10 (default, Aug 24 2022, 18:42:19) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
jinja version = 3.0.3
libyaml = True
@all:
|--@activemq:
| |--@repository:
| | |--localhost
|--@adw:
| |--@repository:
| | |--localhost
|--@database:
| |--@repository:
| | |--localhost
|--@external:
| |--@external_activemq:
|--@external_activemq:
|--@nginx:
| |--@repository:
| | |--localhost
|--@repository:
| |--localhost
|--@search:
| |--@repository:
| | |--localhost
|--@syncservice:
| |--@repository:
| | |--localhost
|--@transformers:
| |--@repository:
| | |--localhost
|--@ungrouped:
ℹ️ This task requires to be familiar with Alfresco and understand the architecture of its platform.
Currently playbook deploys a very basic PostgreSQL instance for the sole sake of convenience. There are other (and probably better) playbooks on galaxy to deploy PostgreSQL. We would like to rely on using 3rd party roles for deploying 3rd party components (as it's been done lately for the elasticsearch role)
Ideally all supported OS (as in supported by the playbook)
In port_cfg variable there are references to a ports
variable that is not defined anywhere and it's fine for users to just override values in ports_cfg when needed.
Remove any reference to ports.*
and replace with plain default port value.
We have introduced a while ago a playbook which can be run before running the deployment playbook, in order to check required TCP ports are available from and to the appropriate machines.
This has been implemented within a role. Which does the following:
While the logic is fine we think it doesn't make sense to use a role for that. The purpose of this ticket is to achieve:
listen_port
module to the main playbookprerequisite-checks.yml
playbookThe file setenv.sh
is deployed by the java role using template and amended using its dependent roles. such as tomcat, search, sync, etc…
This is problematic generally speaking (in particular for idempotence) as we want to avoid cases where one part of the playbook may interfere with what another part needs to do.
all
molecule idempotence test failures (currently skipped using molecule-idempotence-notest
)
A possible way around that would be to take common env variable population out of the java role and let each role do it by directly using the systemd unit file Environment=
or EnvironmentFile=
. As a result:
transformers
role provides its own set of vars in a systemd unit environment filelineinfile
or blockinfile
task is used to amend the setenv.sh
filesetenv.sh
filemolecule-idempotence-notest
tag from all possible tasks in the transformers
roleI need a production installation of alfresco community addition and do not get very good performance out of the docker builds (im also just not a very big fan of docker). I wanted to try the Ansible scripts but there is no playbook for Ubuntu 20.04 When i try and follow the installation notes i get this error (see attached).
The associated Ubuntu variables for the "Include OS specific variables" tasks do not exist. As such it deployment to Ubuntu environments will fail. Per the docs (https://github.com/Alfresco/alfresco-ansible-deployment/tree/master/docs) it should be supported.
Example Task from roles/common/tasks/main.yml:
# tasks file for central
- name: Include OS specific variables
include_vars: "{{ ansible_distribution }}{{ ansible_distribution_major_version }}.yml"
Files for RHEL and CentOS exist (e.g., RedHat7.yml and CentOS7.yml). For Ubuntu 20.04, it looks for a Ubuntu20.yml files that do not exist in the deployment repo.
Installation of ACS 7.2 using Ansible deployment v2 has several issues. One of them is related to jinja2 once following command is executed: $ ansible-playbook playbooks/acs.yml -i inventory_ssh.yml
. Error is mentioned below.
FYI, I am using WSL2 with Ubuntu 20
Expected behavior: No error and smooth installation.
RHEL 8.3
TASK [../roles/nginx : Add managed vhost config files.] ********
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: jinja2.exceptions.TemplateRuntimeError: no test named 'true'
failed: [nginx_1] (item={'listen': '80', 'root': '/usr/share/nginx/html', 'index': 'index.html index.htm', 'filename': 'alfresco.conf'}) => {"ansible_loop_var": "item", "changed": false, "item": {"filename": "alfresco.conf", "index": "index.html index.htm", "listen": "80", "root": "/usr/share/nginx/html"}, "msg": "TemplateRuntimeError: no test named 'true'"}
ansible [core 2.12.4]
config file = /home/alfresco/git/alfresco-ansible-deployment/ansible.cfg
configured module search path = ['/home/alfresco/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
ansible collection location = /home/alfresco/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible
python version = 3.8.10 (default, Mar 15 2022, 12:22:08) [GCC 9.4.0]
jinja version = 2.10.1
libyaml = True
ANSIBLE_PIPELINING(/home/alfresco/git/alfresco-ansible-deployment/ansible.cfg) = True
@all:
|--@activemq:
| |--activemq_1
|--@adw:
| |--adw_1
|--@database:
| |--database_1
|--@external:
| |--@external_activemq:
|--@external_activemq:
|--@nginx:
| |--nginx_1
|--@repository:
| |--repository_1
|--@search:
| |--search_1
|--@syncservice:
| |--syncservice_1
|--@transformers:
| |--transformers_1
|--@ungrouped:
After resolving issues in #328 and not handling errors reported in #329, I can see that Alfresco cannot startup because of missing environment variables.
If I start Alfresco repository by sudo systemctl start alfresco-content.service
, I get error message visible using journalctl -xe
:
Apr 23 11:46:40 tomcat.sh[31057]: /bin/bash: /bin/catalina.sh: No such file or directory
Apr 23 11:46:40 systemd[1]: alfresco-content.service: Control process exited, code=exited status=127
Apr 23 11:46:40 systemd[1]: alfresco-content.service: Failed with result 'exit-code'.
The same error message can be seen if I run startup command directly by alfresco user:
$ /opt/alfresco/tomcat.sh start
/bin/bash: /bin/catalina.sh: No such file or directory
The problem is caused by missing environment variables. If I run part of tomcat.sh manually, I can see that value for "CATALINA_HOME" is empty:
$ . /etc/opt/alfresco/setenv.sh
$ export CATALINA_HOME=${TOMCAT_HOME}
$ env | grep CATA
CATALINA_HOME=
The problem here is caused already by missing "TOMCAT_HOME"
RHEL 8.3
The error is not visible during Ansible deploy but after that once Alfresco repository is started.
Same as #328
The file setenv.sh
is deployed by the java role using template and amended using its dependent roles. such as tomcat, search, sync, etc…
This is problematic generally speaking (in particular for idempotence) as we want to avoid cases where one part of the playbook may interfere with what another part needs to do.
all
molecule idempotence test failures (currently skipped using molecule-idempotence-notest
)
A possible way around that would be to take common env variable population out of the java role and let each role do it by directly using the systemd unit file Environment=
or EnvironmentFile=
. As a result:
repository
role provides its own set of vars in a systemd unit environment filelineinfile
or blockinfile
task is used to amend the setenv.sh
filesetenv.sh
filemolecule-idempotence-notest
tag from all possible tasks in the repository
roleThe file setenv.sh
is deployed by the java role using template and amended using its dependent roles. such as tomcat, search, sync, etc…
This is problematic generally speaking (in particular for idempotence) as we want to avoid cases where one part of the playbook may interfere with what another part needs to do.
all
molecule idempotence test failures (currently skipped using molecule-idempotence-notest
)
A possible way around that would be to take common env variable population out of the java role and let each role do it by directly using the systemd unit file Environment=
or EnvironmentFile=
. As a result:
tomcat
role provides its own set of vars in a systemd unit environment filelineinfile
or blockinfile
task is used to amend the setenv.sh
filesetenv.sh
filemolecule-idempotence-notest
tag from all possible tasks in the tomcat
roleℹ️ This task requires to be familiar with Alfresco and understand the architecture of its platform.
Currently playbook deploys a very basic Nginx instance for the sole sake of convenience. There are other (and probably better) playbooks on galaxy to deploy Nginx. We would like to rely on using 3rd party roles for deploying 3rd party components (as it's been done lately for the elasticsearch role)
Ideally all supported OS (as in supported by the playbook)
Hello, could you please help to check the accuracy of deployment-guide.md line 267 as well as deployment-guide.md line 271?
line 267: it's written port 80 for the ADW, shouldn't this be 8880 instead? (or maybe it should be removed completely since ADW needs to be on the Nginx host at the moment (unless this was fixed/changed?) and therefore communications would only happen locally from Nginx to 8880 port of ADW).
line 271: the playbook prerequisite-checks.yml
is currently trying to connect from the repository host to the SFS / TRouter ports but according to the doc, these 2 ports are only used locally. Do you know what would be the correct statement? I assume that the 3 ports should be accessible from the Repository since we configure these details on the alfresco-global.properties
but I'm not certain.
I'm currently writing some code to handle the firewall configuration and would appreciate some help with these details, to finish the checks and possibly fix the missing elements in the doc/existing playbooks as well.
All
No specific errors, just some documentation and potentially some playbook adaptation needed depending on the correct statement.
Thanks for the check and the feedback!
The tagged scripts for the 2.1 release do not include the 7.2.x 'extra vars' script. The 7.1.x script as the name suggests is only configured to download 7.1.1.
The hyland documentation links to version 2.0 (https://docs.alfresco.com/content-services/latest/install/ansible/ -> https://nexus.alfresco.com/nexus/service/local/repositories/releases/content/org/alfresco/alfresco-ansible-deployment/2.0.0/alfresco-ansible-deployment-2.0.0.zip), so this is what most users will use, but it does not download 7.2.x components.
It was found that modifying the 7.1.x to download 7.2 components, more changes were necessary to support the new solr 'secret' functionality. I made my own changes to fix the solr config issue so I could create a PR, but I wonder if this is just down to a problem with tagging in git hub. I notice that the branch labeled next/7.3 contains files for 7.2.x. which I have yet to review.
The install seems to work fine, however SOLR is not able to access ACS. Errors are:
2022-05-12 14:14:00.011 WARN (org.alfresco.solr.AlfrescoCoreAdminHandler@72ba28ee_Worker-21) [ ] o.a.s.t.CommitTracker Rollback performed due to ACL Tracker error
java.net.ConnectException: Connection refused (Connection refused)
at java.base/java.net.PlainSocketImpl.socketConnect(Native Method)
Ubuntu 20.04
No error. SOLR just is unable to communicate to ACS. It could be user of secret but documentation is not very descriptive. What do you have to set and where, in which yml file must you change to use secret?
Paste the output of the following commands:
ansible [core 2.12.5]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible
python version = 3.8.10 (default, Mar 15 2022, 12:22:08) [GCC 9.4.0]
jinja version = 2.10.1
libyaml = True
ANSIBLE_PIPELINING(/home/ubuntu/Installs/alfresco-ansible-deployment-master/ansible.cfg) = True
@all:
|--@activemq:
| |--@repository:
| | |--localhost
|--@adw:
| |--@repository:
| | |--localhost
|--@database:
| |--@repository:
| | |--localhost
|--@external:
| |--@external_activemq:
|--@external_activemq:
|--@nginx:
| |--@repository:
| | |--localhost
|--@repository:
| |--localhost
|--@search:
| |--@repository:
| | |--localhost
|--@syncservice:
| |--@repository:
| | |--localhost
|--@transformers:
| |--@repository:
| | |--localhost
|--@ungrouped:
ACS 7.2 installation started using $ ansible-playbook playbooks/acs.yml -i inventory_ssh.yml
Some files are owned by root and therefore cannot be used by alfresco user. Here are examples:
FYI, control node running on WSL2 with Ubuntu 20.
$ sudo chown alfresco:alfresco /opt/alfresco/content-services-7.2.0/web-server/webapps/*.war
$ sudo chown -R alfresco:alfresco /opt/apache-activemq-5.16.4/
$ sudo chown -R alfresco:alfresco /opt/apache-tomcat-9.0.59/
$ sudo chmod 666 /opt/alfresco/.ansible_alfresco_components.status
RHEL 8.3
ActiveMQ:
RUNNING HANDLER [../roles/activemq : restart-activemq] ******
fatal: [activemq_1]: FAILED! => {"changed": false, "msg": "Unable to start service activemq: Job for activemq.service failed because the control process exited with error code.\nSee \"systemctl status activemq.service\" and \"journalctl -xe\" for details.\n"}
Repository:
RUNNING HANDLER [../roles/repository : restart-alfresco-content] *****
fatal: [repository_1]: FAILED! => {"changed": false, "msg": "Unable to start service alfresco-content: Job for alfresco-content.service failed because the control process exited with error code.\nSee \"systemctl status alfresco-content.service\" and \"journalctl -xe\" for details.\n"}
(alfresco-ansible) alfresco@XXX:~/git/alfresco-ansible-deployment$ ansible --version
ansible [core 2.12.4]
config file = /home/alfresco/git/alfresco-ansible-deployment/ansible.cfg
configured module search path = ['/home/alfresco/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/alfresco/git/alfresco-ansible-deployment/alfresco-ansible/lib/python3.8/site-packages/ansible
ansible collection location = /home/alfresco/.ansible/collections:/usr/share/ansible/collections
executable location = /home/alfresco/git/alfresco-ansible-deployment/alfresco-ansible/bin/ansible
python version = 3.8.10 (default, Mar 15 2022, 12:22:08) [GCC 9.4.0]
jinja version = 3.1.1
libyaml = True
(alfresco-ansible) alfresco@XXX:~/git/alfresco-ansible-deployment$ ansible-config dump --only-changed
ANSIBLE_PIPELINING(/home/alfresco/git/alfresco-ansible-deployment/ansible.cfg) = True
(alfresco-ansible) alfresco@XXX:~/git/alfresco-ansible-deployment$ ansible-inventory -i inventory_ssh.yml --graph
@all:
|--@activemq:
| |--activemq_1
|--@adw:
| |--adw_1
|--@database:
| |--database_1
|--@external:
| |--@external_activemq:
|--@external_activemq:
|--@nginx:
| |--nginx_1
|--@repository:
| |--repository_1
|--@search:
| |--search_1
|--@syncservice:
| |--syncservice_1
|--@transformers:
| |--transformers_1
|--@ungrouped:
ACS 7.3 installation started using pipenv run ansible-playbook playbooks/acs.yml -i inventory_local.yml
Workaroud/Solution: in file transformers/tasks/dependencies-deb.yml I removed the "warn" line
Ubuntu 22.04 LTS
TASK [../roles/transformers : Install LibreOffice] ********************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (ansible.legacy.command) module: warn. Supported parameters include: _uses_shell, stdin_add_newline, creates, executable, chdir, argv, removes, _raw_params, stdin, strip_empty_ends."}
Paste the output of the following commands:
$ pipenv run ansible --version
ansible [core 2.14.1]
config file = /home/lmattioli/alfresco/alfresco-ansible-deployment/ansible.cfg
configured module search path = ['/home/lmattioli/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/lmattioli/.local/share/virtualenvs/alfresco-ansible-deployment-IsHyMbMU/lib/python3.10/site-packages/ansible
ansible collection location = /home/lmattioli/.ansible/collections:/usr/share/ansible/collections
executable location = /home/lmattioli/.local/share/virtualenvs/alfresco-ansible-deployment-IsHyMbMU/bin/ansible
python version = 3.10.6 (main, Nov 14 2022, 16:10:14) [GCC 11.3.0] (/home/lmattioli/.local/share/virtualenvs/alfresco-ansible-deployment-IsHyMbMU/bin/python)
jinja version = 3.1.2
libyaml = True
$ pipenv run ansible-config dump --only-changed
ANSIBLE_PIPELINING(/home/lmattioli/alfresco/alfresco-ansible-deployment/ansible.cfg) = True
CONFIG_FILE() = /home/lmattioli/alfresco/alfresco-ansible-deployment/ansible.cfg
DEFAULT_VAULT_PASSWORD_FILE(env: ANSIBLE_VAULT_PASSWORD_FILE) = /home/lmattioli/.vault_pass.txt
$ pipenv run ansible-inventory -i inventory_local.yml --graph
@all:
|--@activemq:
| |--@repository:
| | |--localhost
|--@adw:
| |--@repository:
| | |--localhost
|--@database:
| |--@repository:
| | |--localhost
|--@elasticsearch:
|--@external:
| |--@external_activemq:
| |--@external_elasticsearch:
| |--@other_repo_clients:
|--@external_activemq:
|--@external_elasticsearch:
|--@nginx:
| |--@repository:
| | |--localhost
|--@other_repo_clients:
|--@repository:
| |--localhost
|--@search:
| |--@repository:
| | |--localhost
|--@search_enterprise:
|--@syncservice:
| |--@repository:
| | |--localhost
|--@transformers:
| |--@repository:
| | |--localhost
|--@trusted_resource_consumers:
| |--@adw:
| | |--@repository:
| | | |--localhost
| |--@nginx:
| | |--@repository:
| | | |--localhost
| |--@other_repo_clients:
| |--@repository:
| | |--localhost
|--@ungrouped:
Following line in roles/transformers/vars/Redhat8.yml
imagemagick_home: "/usr/lib64/ImageMagick-{{ imagemagick_pkg.version.split('-')[0] }}"
results in
imagemagick_home: "/usr/lib64/ImageMagick-[7.1.0-7]"
as opposed to imagemagick_home: "/usr/lib64/ImageMagick-7.1.0" as intended.
My ansible version is as follows:
ansible [core 2.11.6]
config file = None
configured module search path = ['/home/ec2-user/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/ec2-user/.local/lib/python3.6/site-packages/ansible
ansible collection location = /home/ec2-user/.ansible/collections:/usr/share/ansible/collections
executable location = /home/ec2-user/.local/bin/ansible
python version = 3.6.8 (default, Aug 12 2021, 07:06:15) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1)]
jinja version = 2.10.1
libyaml = True
Using regex_replace I was able to fix this.
imagemagick_home: "/usr/lib64/ImageMagick-{{ imagemagick_pkg.version | regex_replace('-.+')}}
Thanks,
Shankar
Quick fix. I commented the warn: false line out of dependencies-rpm.yml and the play ran just fine after that.
Centos 7
ansible [core 2.14.2]
Python 3.9.9
TASK [../roles/transformers : Install LibreOffice RPMs] *****************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Unsupported parameters for (ansible.legacy.command) module: warn. Supported parameters include: _raw_params, _uses_shell, argv, chdir, creates, executable, removes, stdin, stdin_add_newline, strip_empty_ends."}
PLAY RECAP **************************************************************************************************************************************************************************************
localhost : ok=86 changed=46 unreachable=0 failed=1 skipped=49 rescued=0 ignored=0
Paste the output of the following commands:
ansible [core 2.14.2]
config file = /opt/alfresco-ansible-deployment/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /root/.local/lib/python3.9/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /bin/ansible
python version = 3.9.9 (main, Feb 3 2023, 10:11:30) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)] (/usr/local/bin/python3)
jinja version = 3.1.2
libyaml = True
ANSIBLE_PIPELINING(/opt/alfresco-ansible-deployment/ansible.cfg) = True
CONFIG_FILE() = /opt/alfresco-ansible-deployment/ansible.cfg
I'm trying to install Alfresco Community Edition on CentOS 7. I am using Python3.10, Ansible 2.12.4, and OpenSSL1.1.1. I get this error when it tries to download ImageMagick.
TASK [../roles/transformers : Download ImageMagick distribution] *************************
fatal: [localhost]: FAILED! => {"msg": "An unhandled exception occurred while running the lookup plugin 'url'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Failed lookup url for https://artifacts.alfresco.com/nexus/content/groups/public/org/alfresco/../imagemagick/imagemagick-distribution/7.0.10-11/imagemagick-distribution-7.0.10-11-libs-linux.rpm.sha1 : <urlopen error [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997)>. Failed lookup url for https://artifacts.alfresco.com/nexus/content/groups/public/org/alfresco/../imagemagick/imagemagick-distribution/7.0.10-11/imagemagick-distribution-7.0.10-11-libs-linux.rpm.sha1 : <urlopen error [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997)>"}
Cent OS 7
TASK [../roles/transformers : Download ImageMagick distribution] ***************
task path: /home/qoppa/Downloads/alfresco-ansible-deployment-2.0.0/roles/transformers/tasks/main.yml:24
exception during Jinja2 execution: Traceback (most recent call last):
File "/usr/local/lib/python3.10/urllib/request.py", line 1348, in do_open
h.request(req.get_method(), req.selector, req.data, headers,
File "/usr/local/lib/python3.10/http/client.py", line 1282, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/local/lib/python3.10/http/client.py", line 1328, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/local/lib/python3.10/http/client.py", line 1277, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/local/lib/python3.10/http/client.py", line 1037, in _send_output
self.send(msg)
File "/usr/local/lib/python3.10/http/client.py", line 975, in send
self.connect()
File "/usr/local/lib/python3.10/site-packages/ansible/module_utils/urls.py", line 545, in connect
self.sock = self.context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/local/lib/python3.10/ssl.py", line 512, in wrap_socket
return self.sslsocket_class._create(
File "/usr/local/lib/python3.10/ssl.py", line 1070, in _create
self.do_handshake()
File "/usr/local/lib/python3.10/ssl.py", line 1341, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.10/site-packages/ansible/plugins/lookup/url.py", line 196, in run
response = open_url(term, validate_certs=self.get_option('validate_certs'),
File "/usr/local/lib/python3.10/site-packages/ansible/module_utils/urls.py", line 1535, in open_url
return Request().open(method, url, data=data, headers=headers, use_proxy=use_proxy,
File "/usr/local/lib/python3.10/site-packages/ansible/module_utils/urls.py", line 1446, in open
return urllib_request.urlopen(request, None, timeout)
File "/usr/local/lib/python3.10/urllib/request.py", line 216, in urlopen
return opener.open(url, data, timeout)
File "/usr/local/lib/python3.10/urllib/request.py", line 519, in open
response = self._open(req, data)
File "/usr/local/lib/python3.10/urllib/request.py", line 536, in _open
result = self._call_chain(self.handle_open, protocol, protocol +
File "/usr/local/lib/python3.10/urllib/request.py", line 496, in _call_chain
result = func(*args)
File "/usr/local/lib/python3.10/site-packages/ansible/module_utils/urls.py", line 558, in https_open
return self.do_open(
File "/usr/local/lib/python3.10/urllib/request.py", line 1351, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997)>
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.10/site-packages/ansible/template/__init__.py", line 1032, in _lookup
ran = instance.run(loop_terms, variables=self._available_variables, **kwargs)
File "/usr/local/lib/python3.10/site-packages/ansible/plugins/lookup/url.py", line 213, in run
raise AnsibleError("Failed lookup url for %s : %s" % (term, to_native(e)))
ansible.errors.AnsibleError: Failed lookup url for https://artifacts.alfresco.com/nexus/content/groups/public/org/alfresco/../imagemagick/imagemagick-distribution/7.0.10-11/imagemagick-distribution-7.0.10-11-libs-linux.rpm.sha1 : <urlopen error [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997)>
fatal: [localhost]: FAILED! => {
"msg": "An unhandled exception occurred while running the lookup plugin 'url'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Failed lookup url for https://artifacts.alfresco.com/nexus/content/groups/public/org/alfresco/../imagemagick/imagemagick-distribution/7.0.10-11/imagemagick-distribution-7.0.10-11-libs-linux.rpm.sha1 : <urlopen error [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997)>. Failed lookup url for https://artifacts.alfresco.com/nexus/content/groups/public/org/alfresco/../imagemagick/imagemagick-distribution/7.0.10-11/imagemagick-distribution-7.0.10-11-libs-linux.rpm.sha1 : <urlopen error [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:997)>"
}
Paste the output of the following commands:
ansible [core 2.12.4]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.10/site-packages/ansible
ansible collection location = /root/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.10.2 (main, Aug 23 2022, 16:27:21) [GCC 4.8.5 20150623 (Red Hat 4.8.5-44)]
jinja version = 3.0.3
libyaml = True
@all:
|--@activemq:
| |--@repository:
| | |--localhost
|--@adw:
| |--@repository:
| | |--localhost
|--@database:
| |--@repository:
| | |--localhost
|--@external:
| |--@external_activemq:
|--@external_activemq:
|--@nginx:
| |--@repository:
| | |--localhost
|--@repository:
| |--localhost
|--@search:
| |--@repository:
| | |--localhost
|--@syncservice:
| |--@repository:
| | |--localhost
|--@transformers:
| |--@repository:
| | |--localhost
|--@ungrouped:
Ansible 2.9.6 in the Ansible deployment fails in Ubuntu 20.04
Indication is it might self resolve with a newer version.
$ ansible -m service_facts localhost
fatal: [activemq_1]: FAILED! => {"changed": false, "msg": "Malformed output discovered from systemd list-unit-files: accounts-daemon.service enabled enabled "}
$ ansible --version
ansible 2.9.6
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/fgjohnson/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/lib/python3/dist-packages/ansible
executable location = /usr/bin/ansible
python version = 3.8.10 (default, Jun 2 2021, 10:49:15) [GCC 9.4.0]
The file setenv.sh
is deployed by the java role using template and amended using its dependent roles. such as tomcat, search, sync, etc…
This is problematic generally speaking (in particular for idempotence) as we want to avoid cases where one part of the playbook may interfere with what another part needs to do.
all
molecule idempotence test failures (currently skipped using molecule-idempotence-notest
)
A possible way around that would be to take common env variable population out of the java role and let each role do it by directly using the systemd unit file Environment=
or EnvironmentFile=
. As a result:
trouter
role provides its own set of vars in a systemd unit environment filelineinfile
or blockinfile
task is used to amend the setenv.sh
filesetenv.sh
filemolecule-idempotence-notest
tag from all possible tasks in the trouter
roleThe file setenv.sh
is deployed by the java role using template and amended using its dependent roles. such as tomcat, search, sync, etc…
This is problematic generally speaking (in particular for idempotence) as we want to avoid cases where one part of the playbook may interfere with what another part needs to do.
all
molecule idempotence test failures (currently skipped using molecule-idempotence-notest
)
A possible way around that would be to take common env variable population out of the java role and let each role do it by directly using the systemd unit file Environment=
or EnvironmentFile=
. As a result:
sfs
role provides its own set of vars in a systemd unit environment filelineinfile
or blockinfile
task is used to amend the setenv.sh
filesetenv.sh
filemolecule-idempotence-notest
tag from all possible tasks in the sfs
roleIn case application user (default name is alfresco) is changed in roles/common/vars/main.yml
for T-Router service then it is not able to start.
This fix is provided in #369
In my test case, I changed user from alfresco to alfresco_new but service still points to hardcoded alfresco user:
$ cat /etc/systemd/system/alfresco-transform-router.service | grep User
User=alfresco
Tested on RHEL 8.5 and Ubuntu 20.04.4 LTS
RUNNING HANDLER [../roles/trouter : wait-for-aio] ************************************************
fatal: [localhost]: FAILED! => {"changed": false, "elapsed": 300, "msg": "Timeout when waiting for XXX:8090"}
The file setenv.sh
is deployed by the java role using template and amended using its dependent roles. such as tomcat, search, sync, etc…
This is problematic generally speaking (in particular for idempotence) as we want to avoid cases where one part of the playbook may interfere with what another part needs to do.
all
molecule idempotence test failures (currently skipped using molecule-idempotence-notest
)
A possible way around that would be to take common env variable population out of the java role and let each role do it by directly using the systemd unit file Environment=
or EnvironmentFile=
. As a result:
search
role provides its own set of vars in a systemd unit environment filelineinfile
or blockinfile
task is used to amend the setenv.sh
filesetenv.sh
filemolecule-idempotence-notest
tag from all possible tasks in the search
roleI installed Community Edition 7.2 yesterday with Ansible yesterday on Cent 0S 7. Services seemed to be up and running. I was able to create users, log in to share services, etc. But after restarting the machine I'm getting a 502 bad gateway when I visit localhost or localhost/share (the same URLs that were ok yesterday).
Is there a trick to restarting these services properly? Is there something I need to do manually? Would be nice if this was documented in the installation instructions I followed here: https://docs.alfresco.com/content-services/community/install/ansible/
When I list all services with "sudo systemctl list-unit-files" I get:
alfresco-content-monitored-startup.service static
alfresco-content.service disabled
alfresco-search.service enabled
alfresco-tengine-aio.service enabled
After starting the alfresco-content service manually I can get to myserver/share from the server only, but I can't see it on the rest of my network like I could before restarting the machine. I had to manually stop firewalld to fix this.
Would be nice if it was documented if I do need to start services manually. Also I noticed the docs (from the link above) list 6 services that start with "alfresco" whereas I only have 4. Are the docs out of date or is my installation incomplete?
Cent OS 7
What are the needed changes in the ansible playbooks to make alfresco community runs on 443 port ?
I tried to change only the configuration of nginx, but it looks like there are some other changes to be made to the tomcat config on server.xml and alfresco-global.properties.
ℹ️ This task requires to be familiar with Alfresco and understand the architecture of its platform.
Currently playbook deploys a very basic ActiveMQ instance for the sole sake of convenience. There are other (and probably better) playbooks on galaxy to deploy ActiveMQ. We would like to rely on using 3rd party roles for deploying 3rd party components (as it's been done lately for the elasticsearch role)
Ideally all supported OS (as in supported by the playbook)
The file setenv.sh
is deployed by the java role using template and amended using its dependent roles. such as tomcat, search, sync, etc…
This is problematic generally speaking (in particular for idempotence) as we want to avoid cases where one part of the playbook may interfere with what another part needs to do.
all
molecule idempotence test failures (currently skipped using molecule-idempotence-notest
)
A possible way around that would be to take common env variable population out of the java role and let each role do it by directly using the systemd unit file Environment=
or EnvironmentFile=
. As a result:
sync
role provides its own set of vars in a systemd unit environment filelineinfile
or blockinfile
task is used to amend the setenv.sh
filesetenv.sh
filemolecule-idempotence-notest
tag from all possible tasks in the sync
roleACS 7.2 installation started using $ ansible-playbook playbooks/acs.yml -i inventory_ssh.yml
Error message mentioned below occurred in task "Copy data & config files to Unix FHS dirs". I am not sure if that is something critical because the installation continued and following tasks were executed properly.
RHEL 8.3
TASK [../roles/activemq : Copy data & config files to Unix FHS dirs] ***************************************************************************
failed: [activemq_1] (item={'src': '/opt/apache-activemq-5.16.4/conf', 'dest': '/etc/opt/alfresco/activemq'}) => {"ansible_loop_var": "item", "changed": false, "item": {"dest": "/etc/opt/alfresco/activemq", "src": "/opt/apache-activemq-5.16.4/conf"}, "msg": "Source /opt/apache-activemq-5.16.4/conf not found"}
failed: [activemq_1] (item={'src': '/opt/apache-activemq-5.16.4/data', 'dest': '/var/opt/alfresco/activemq'}) => {"ansible_loop_var": "item", "changed": false, "item": {"dest": "/var/opt/alfresco/activemq", "src": "/opt/apache-activemq-5.16.4/data"}, "msg": "Source /opt/apache-activemq-5.16.4/data not found"}
Same output as in #328
inventory_hostname
might not be the real hostname of the target host and might contain characters that aren't supported by hostnames or that can cause issues with path.
As you know, inventory_hostname
comes from the inventory and therefore, I believe it's a kind of free-text name, which can contain characters such as /
. Recently, a lot of addition was done on the Java/PKI side and this variable is being used a lot more. In cases where such characters are being used in the inventory_hostname, then some of the commands added recently would fail.
For example:
- name: Create private key for new certificate
no_log: true
become: true
community.crypto.openssl_privatekey:
path: /etc/pki/{{ inventory_hostname }}_{{ cert_key_type | default('') }}.key
mode: 0600
size: "{{ cert_key_size | default(omit) }}"
type: "{{ cert_key_type | default(omit) }}"
return_content: true
register: srvkey
Because inventory_hostname
is being used inside the value of a path, if this variable starts with infra/myhost
, then this task would fail because the folder /etc/pki
exists but not /etc/pki/infra/
.
Hostname are following the regex [a-zA-Z0-9.-]*
and therefore inventory_hostname might not be the real value.
For all the Search Replication role, you are also using inventory_hostname
to define if the current host is a master or a slave with things such as {{ 'slave' if inventory_hostname == search_master else 'master' }}
or {% if search_topology == 'replication' and inventory_hostname == search_master %}
. I find these conditions to be quite strange, since that would mean that you are forcing the inventory_hostname to be exactly "search_master" no? Maybe I'm missing some things for the replication part.
Is it possible to change such occurrences of inventory_hostname
so that it uses the real hostname which I believe would be more secure in terms of allowed characters? It could mean replacing most occurrences with ansible_hostname
or ansible_facts['hostname']
for example (these two requires gather_facts: true
). If the real hostname changes (not the inventory one), the SSL Certificate should be regenerated I assume, so using the inventory one might be a problem as well no?
Alternatively, what about using a simple hardcoded name for the PKI file instead of generating a name based on the host? Something like alf_server_cert
for all the .p12, .keystore, etc... So that all hosts would have the same name for the PKI files. Maybe the customers could have their own files already present with the hostname, so the playbook could also have some issues with that. Using a dedicated name for this playbook could help with avoiding issues and making sure which files are playbook related and which ones aren't (created before/after by someone/something else).
--> If you agree to perform some changes related to this issue, I can help getting some work done & submit the associated PR.
The missing newline causes ActiveMQ to fail to start as the PATH set up gets corrupted when ansible customizes the setenv.sh template and it is deployed. The corrupted PATH causes basic linux commands to be missing and the service to fail on startup.
Environment:
Ansible Host: RHEL 7.9
Ansible Controller: Ansible 2.10.3
File: roles/java/templates/setenv.sh
Newline removed:
11fd028
Causes the customization to corrupt the setenv.sh PATH setup
The deployed setenv.sh used by the ActiveMQ Service can end up like:
#!/bin/sh
export JAVA_HOME="/opt/openjdk-11.0.7"
export PATH="${JAVA_HOME}/bin:${PATH}"# BEGIN ACTIVEMQ ENV VARS
...
The ansible playbooks only support Redhat(/CentOS) at the moment. Are there any plans to also support Ubuntu (the versions from your support matrix) for the ansible deployment?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.