inteligr8/SearchServices
1
0
Fork 0
mirror of https://github.com/Alfresco/SearchServices.git synced 2025-09-10 14:11:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

SEARCH-2802: Search Services to support for Shared Secret communication.

Browse Source
This commit is contained in:
Angel Borroy
2021-04-26 16:56:14 +02:00
parent ae00b1d286
commit 057a3b86fd
18 changed files with 6106 additions and 2961 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
e2e-test/generator-alfresco-docker-compose/README.md
View File

@@ -17,10 +17,10 @@ $ tree generators/app/templates/
│   ├── .env
│   ├── docker-compose-ce.yml
│   └── docker-compose-ee.yml
├── latest
├── 7.0
│   ├── .env
│   ├── docker-compose-ce.yml
│   └── docker-compose-ee.yml├── empty
│   └── docker-compose-ee.yml
├── images
│   ├── alfresco
│   │   ├── Dockerfile
@@ -82,7 +82,7 @@ $ yo alfresco-docker-compose
## ACS Version
Currently supported ACS Versions are `latest`, `6.2` and `6.1`
Currently supported ACS Versions are `7.0`, `6.2` and `6.1`
This is the first choice to be selected when the generator is executed.
@@ -90,7 +90,7 @@ This is the first choice to be selected when the generator is executed.
? Which ACS version do you want to use?
6.1
6.2
latest
7.0
```
## AGS Version
@@ -107,14 +107,15 @@ If you chose ACS 6.1, a prompt will allow you to use AGS.
When using Community, some different options can be combined:
* Plain HTTP (http) or TLS/SSL Mutual Authentication (https) for communication between Alfresco and SOLR
* Plain HTTP (http) or HTTPs (https) for Http Web Proxy for HTTP access to services
* Protect the access to SOLR REST API in the Http WebProxy to forbid direct access to Alfresco Web Proxy port
* Use SOLR Replication in Master/Slave mode (only when using http)
* Plain HTTP (http), Shared Secret HTTP (secret) or TLS/SSL Mutual Authentication (https) for communication between Alfresco and SOLR
>> Shared Secret is only available from ACS 7.0.1
```
? Would you like to use Alfresco enterprise or community? community
? Would you like to use HTTP or mTLS for Alfresco-SOLR communication? http
? Would you like to use HTTP, Shared Secret or mTLS for Alfresco-SOLR communication? http
? Would you like to use HTTP or HTTPs for Web Proxy? http
? Would you like to protect the access to SOLR REST API? Yes
? Would you like to use a SOLR Replication? No

20
e2e-test/generator-alfresco-docker-compose/generators/app/index.js
View File

@@ -21,8 +21,8 @@ module.exports = class extends Generator {
type: 'list',
name: 'acsVersion',
message: 'Which ACS version do you want to use?',
choices: [ '6.1', '6.2', 'latest' ],
default: 'latest'
choices: [ '6.1', '6.2', '7.0' ],
default: '7.0'
},
{
whenFunction: response => response.acsVersion == '6.1',
@@ -41,8 +41,8 @@ module.exports = class extends Generator {
{
type: 'list',
name: 'httpMode',
message: 'Would you like to use HTTP or mTLS for Alfresco-SOLR communication?',
choices: [ "http", "https" ],
message: 'Would you like to use HTTP, Shared Secret or mTLS for Alfresco-SOLR communication?',
choices: [ "http", "https", "secret" ],
default: 'http'
},
{
@@ -156,7 +156,7 @@ module.exports = class extends Generator {
// Generate boilerplate from "templates" folder
writing() {
// Set base template directory: 6.1, 6.2, latest
// Set base template directory: 6.1, 6.2, 7.0
var dockerComposeTemplateDirectory = this.props.acsVersion;
// Docker Compose environment variables values
@@ -183,7 +183,7 @@ module.exports = class extends Generator {
'alfresco/alfresco-content-repository-community') :
(this.props.ags ?
'quay.io/alfresco/alfresco-governance-repository-enterprise':
'alfresco/alfresco-content-repository'
'quay.io/alfresco/alfresco-content-repository'
)
);
@@ -192,7 +192,7 @@ module.exports = class extends Generator {
(this.props.alfrescoVersion == 'community' ?
(this.props.ags ?
'alfresco/alfresco-governance-share-community' :
'quay.io/alfresco/alfresco-share') :
'alfresco/alfresco-share') :
(this.props.ags ?
'quay.io/alfresco/alfresco-governance-share-enterprise':
'quay.io/alfresco/alfresco-share'
@@ -219,8 +219,8 @@ module.exports = class extends Generator {
httpMode: this.props.httpMode,
httpWebMode: this.props.httpWebMode,
port: (this.props.httpWebMode == 'http' ? '8080' : '443'),
secureComms: (this.props.httpMode == 'http' ? 'none' : 'https'),
alfrescoPort: (this.props.httpMode == 'http' ? '8080' : '8443'),
secureComms: (this.props.httpMode == 'http' ? 'none' : this.props.httpMode),
alfrescoPort: (this.props.httpMode == 'https' ? '8443' : '8080'),
replication: this.props.replication,
searchSolrHost: (this.props.replication ? "solr6secondary" : "solr6"),
searchPath: searchBasePath,
@@ -279,7 +279,7 @@ module.exports = class extends Generator {
)
}
// Empty addons directories.
// Empty addons directories
['alfresco', 'share'].forEach(container => {
['jars', 'amps'].forEach(addonType => {
this.fs.copy(

13
e2e-test/generator-alfresco-docker-compose/generators/app/templates/7.0/.env Executable file
View File

@@ -0,0 +1,13 @@
ALFRESCO_TAG=7.0.0
ALFRESCO_CE_TAG=7.0.0
SHARE_TAG=7.0.0
POSTGRES_TAG=13.1
TRANSFORM_CORE_AIO_TAG=2.3.10
TRANSFORM_ROUTER_TAG=1.3.2
SHARED_FILE_STORE_TAG=0.13.0
ACTIVE_MQ_TAG=5.16.1
DIGITAL_WORKSPACE_TAG=2.1.0-adw
ACS_NGINX_TAG=3.1.1
SEARCH_TAG=latest
ZEPPELIN_TAG=latest
ACA_TAG=2.3.0

31
e2e-test/generator-alfresco-docker-compose/generators/app/templates/latest/docker-compose-ce.yml → e2e-test/generator-alfresco-docker-compose/generators/app/templates/7.0/docker-compose-ce.yml
View File

@@ -14,8 +14,21 @@ services:
KEYSTORE_TYPE: JCEKS
KEYSTORE_PASS: kT9X6oe68t <% } %>
COMPRESS_CONTENT: "<%=gzip%>"
SHARE_SERVICES_TAG: ${SHARE_TAG}
mem_limit: 1800m
depends_on:
- postgres
environment:
JAVA_TOOL_OPTIONS: "
-Dencryption.keystore.type=JCEKS
-Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding
-Dencryption.keyAlgorithm=DESede
-Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore
-Dmetadata-keystore.password=mp6yc0UD9e
-Dmetadata-keystore.aliases=metadata
-Dmetadata-keystore.metadata.password=oKIWzVdEdA
-Dmetadata-keystore.metadata.algorithm=DESede
"
JAVA_OPTS : "
-Ddb.driver=org.postgresql.Driver
-Ddb.username=alfresco
@@ -25,20 +38,19 @@ services:
-Dsolr.port.ssl=8983
-Dsolr.secureComms=<%=secureComms%>
-Dsolr.baseUrl=/solr
-Dindex.subsystem.name=solr6
-Dindex.subsystem.name=solr6<% if (httpMode == 'secret') { %>
-Dsolr.sharedSecret=secret<% } %>
-Dshare.host=localhost
-Dalfresco.port=8080
-Daos.baseUrlOverwrite=http://localhost:8080/alfresco/aos
-Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\"
-Ddeployment.method=DOCKER_COMPOSE
-DlocalTransform.core-aio.url=http://transform-core-aio:8090/
-Dalfresco-pdf-renderer.url=http://transform-core-aio:8090/
-Djodconverter.url=http://transform-core-aio:8090/
-Dimg.url=http://transform-core-aio:8090/
-Dtika.url=http://transform-core-aio:8090/
-Dtransform.misc.url=http://transform-core-aio:8090/
-Dcsrf.filter.enabled=false
-Dalfresco.restApi.basicAuthScheme=true
-Xms1500m -Xmx1500m
@@ -63,6 +75,8 @@ services:
COMPRESS_CONTENT: "<%=gzip%>"
SEARCH_LOG_LEVEL: <%=searchLogLevel%>
mem_limit: 1200m
depends_on:
- alfresco
environment:
#Solr needs to know how to register itself with Alfresco
SOLR_ALFRESCO_HOST: "alfresco"
@@ -84,6 +98,9 @@ services:
SOLR_OPTS: "
-Dsolr.ssl.checkPeerName=false
-Dsolr.allow.unsafe.resourceloading=true
" <% } %> <% if (httpMode == 'secret') { %>
SOLR_OPTS: "
-Dalfresco.secureComms.secret=secret
" <% } %>
ports:
- 8083:8983 <% if (httpMode == 'https') { %>
@@ -106,6 +123,8 @@ services:
MASTER_HOST: solr6 <% } %>
COMPRESS_CONTENT: "<%=gzip%>"
mem_limit: 1200m
depends_on:
- alfresco
environment:
#Solr needs to know how to register itself with Alfresco
SOLR_ALFRESCO_HOST: "alfresco"
@@ -127,6 +146,9 @@ services:
SOLR_OPTS: "
-Dsolr.ssl.checkPeerName=false
-Dsolr.allow.unsafe.resourceloading=true
" <% } %> <% if (httpMode == 'secret') { %>
SOLR_OPTS: "
-Dalfresco.secureComms.secret=secret
" <% } %>
ports:
- 8084:8983 <% if (httpMode == 'https') { %>
@@ -193,6 +215,9 @@ services:
mem_limit: 128m
depends_on:
- alfresco
- share
- solr6
- content-app
volumes:
- ./config/nginx.conf:/etc/nginx/nginx.conf
- ./config/nginx.htpasswd:/etc/nginx/conf.d/nginx.htpasswd <% if (httpWebMode == 'https') { %>

82
e2e-test/generator-alfresco-docker-compose/generators/app/templates/latest/docker-compose-ee.yml → e2e-test/generator-alfresco-docker-compose/generators/app/templates/7.0/docker-compose-ee.yml
View File

@@ -13,17 +13,19 @@ services:
KEYSTORE_TYPE: JCEKS
KEYSTORE_PASS: kT9X6oe68t <% } %>
COMPRESS_CONTENT: "<%=gzip%>"
SHARE_SERVICES_TAG: ${SHARE_TAG}
mem_limit: 1800m
environment:
JAVA_TOOL_OPTIONS: "
-Dencryption.keystore.type=JCEKS
-Dencryption.cipherAlgorithm=DESede/CBC/PKCS5Padding
-Dencryption.keyAlgorithm=DESede
-Dencryption.keystore.location=/usr/local/tomcat/shared/classes/alfresco/extension/keystore/keystore
-Dmetadata-keystore.password=mp6yc0UD9e
-Dmetadata-keystore.aliases=metadata
-Dmetadata-keystore.metadata.password=mp6yc0UD9e
-Dmetadata-keystore.metadata.algorithm=AES
-Dmetadata-keystore.metadata.password=oKIWzVdEdA
-Dmetadata-keystore.metadata.algorithm=DESede
<% if (httpMode == 'https') { %>
-Dencryption.keystore.type=pkcs12
-Dencryption.cipherAlgorithm=AES/CBC/PKCS5Padding
-Dencryption.keyAlgorithm=AES
-Dssl-keystore.password=kT9X6oe68t
-Dssl-keystore.aliases=ssl-alfresco-ca,ssl-repo
-Dssl-keystore.ssl-alfresco-ca.password=kT9X6oe68t
@@ -43,12 +45,11 @@ services:
-Dsolr.secureComms=<%=secureComms%>
-Dsolr.baseUrl=/solr <% if (sharding == 'true') { %>
-Dsolr.useDynamicShardRegistration=true <% } %>
-Dindex.subsystem.name=solr6
-Dindex.subsystem.name=solr6<% if (httpMode == 'secret') { %>
-Dsolr.sharedSecret=secret<% } %>
-Daos.baseUrlOverwrite=http://localhost:8080/alfresco/aos
-Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\"
-Ddeployment.method=DOCKER_COMPOSE
-Dtransform.service.enabled=true
-Dtransform.service.url=http://transform-router:8095
-Dsfs.url=http://shared-file-store:8099/
@@ -58,7 +59,6 @@ services:
-Dimg.url=http://transform-core-aio:8090/
-Dtika.url=http://transform-core-aio:8090/
-Dtransform.misc.url=http://transform-core-aio:8090/
-Dcsrf.filter.enabled=false
-Dalfresco.restApi.basicAuthScheme=true
-Xms1500m -Xmx1500m
@@ -104,33 +104,19 @@ services:
#Create the default alfresco and archive cores
SOLR_CREATE_ALFRESCO_DEFAULTS: "alfresco,archive"
SOLR_JAVA_MEM: "-Xms1g -Xmx1g" <% if (httpMode == 'https') { %>
SOLR_SSL_TRUST_STORE: "/opt/<%=searchPath%>/keystore/ssl-repo-client.truststore"
SOLR_SSL_TRUST_STORE: "/opt/<%=searchPath%>/keystore/ssl.repo.client.truststore"
SOLR_SSL_TRUST_STORE_PASSWORD: "kT9X6oe68t"
SOLR_SSL_TRUST_STORE_TYPE: "JCEKS"
SOLR_SSL_KEY_STORE: "/opt/<%=searchPath%>/keystore/ssl-repo-client.keystore"
SOLR_SSL_KEY_STORE: "/opt/<%=searchPath%>/keystore/ssl.repo.client.keystore"
SOLR_SSL_KEY_STORE_PASSWORD: "kT9X6oe68t"
SOLR_SSL_KEY_STORE_TYPE: "JCEKS"
SOLR_SSL_NEED_CLIENT_AUTH: "true" <% if (sharding == 'true') { %>
SOLR_SSL_CLIENT_KEY_STORE: "/opt/<%=searchPath%>/keystore/ssl-repo-client.keystore"
SOLR_SSL_CLIENT_KEY_STORE_TYPE: "JCEKS"
SOLR_SSL_CLIENT_TRUST_STORE: "/opt/<%=searchPath%>/keystore/ssl-repo-client.keystore"
SOLR_SSL_CLIENT_TRUST_STORE_TYPE: "JCEKS" <% } %>
JAVA_TOOL_OPTIONS: "
-Dsolr.jetty.truststore.password=kT9X6oe68t
-Dsolr.jetty.keystore.password=kT9X6oe68t <% if (sharding == 'true') { %>
-Djavax.net.ssl.keyStorePassword=kT9X6oe68t
-Djavax.net.ssl.trustStorePassword=kT9X6oe68t <% } %>
-Dssl-keystore.password=kT9X6oe68t
-Dssl-keystore.aliases=ssl-alfresco-ca,ssl-repo-client
-Dssl-keystore.ssl-alfresco-ca.password=kT9X6oe68t
-Dssl-keystore.ssl-repo-client.password=kT9X6oe68t
-Dssl-truststore.password=kT9X6oe68t
-Dssl-truststore.aliases=ssl-alfresco-ca,ssl-repo,ssl-repo-client
-Dssl-truststore.ssl-alfresco-ca.password=kT9X6oe68t
-Dssl-truststore.ssl-repo.password=kT9X6oe68t
-Dssl-truststore.ssl-repo-client.password=kT9X6oe68t
"
SOLR_SSL_NEED_CLIENT_AUTH: "true"
SOLR_OPTS: "
-Dsolr.ssl.checkPeerName=false
-Dsolr.allow.unsafe.resourceloading=true
" <% } %> <% if (httpMode == 'secret') { %>
SOLR_OPTS: "
-Dalfresco.secureComms.secret=secret
" <% } %>
ports:
- 8083:8983 <% if (httpMode == 'https') { %>
@@ -169,41 +155,27 @@ services:
SOLR_ALFRESCO_PORT: "<%=alfrescoPort%>"
ALFRESCO_SECURE_COMMS: <%=secureComms%>
#Alfresco needs to know how to call solr
SOLR_SOLR_HOST: "solr6secondary"
SOLR_SOLR_HOST: "solr6"
SOLR_SOLR_PORT: "8983"
#Create the default alfresco and archive cores
SOLR_CREATE_ALFRESCO_DEFAULTS: "alfresco,archive"
SOLR_JAVA_MEM: "-Xms1g -Xmx1g" <% if (httpMode == 'https') { %>
SOLR_SSL_TRUST_STORE: "/opt/<%=searchPath%>/keystore/ssl-repo-client.truststore"
SOLR_SSL_TRUST_STORE: "/opt/<%=searchPath%>/keystore/ssl.repo.client.truststore"
SOLR_SSL_TRUST_STORE_PASSWORD: "kT9X6oe68t"
SOLR_SSL_TRUST_STORE_TYPE: "JCEKS"
SOLR_SSL_KEY_STORE: "/opt/<%=searchPath%>/keystore/ssl-repo-client.keystore"
SOLR_SSL_KEY_STORE: "/opt/<%=searchPath%>/keystore/ssl.repo.client.keystore"
SOLR_SSL_KEY_STORE_PASSWORD: "kT9X6oe68t"
SOLR_SSL_KEY_STORE_TYPE: "JCEKS"
SOLR_SSL_NEED_CLIENT_AUTH: "true" <% if (sharding == 'true') { %>
SOLR_SSL_CLIENT_KEY_STORE: "/opt/<%=searchPath%>/keystore/ssl-repo-client.keystore"
SOLR_SSL_CLIENT_KEY_STORE_TYPE: "JCEKS"
SOLR_SSL_CLIENT_TRUST_STORE: "/opt/<%=searchPath%>/keystore/ssl-repo-client.keystore"
SOLR_SSL_CLIENT_TRUST_STORE_TYPE: "JCEKS" <% } %>
JAVA_TOOL_OPTIONS: "
-Dsolr.jetty.truststore.password=kT9X6oe68t
-Dsolr.jetty.keystore.password=kT9X6oe68t <% if (sharding == 'true') { %>
-Djavax.net.ssl.keyStorePassword=kT9X6oe68t
-Djavax.net.ssl.trustStorePassword=kT9X6oe68t <% } %>
-Dssl-keystore.password=kT9X6oe68t
-Dssl-keystore.aliases=ssl-alfresco-ca,ssl-repo-client
-Dssl-keystore.ssl-alfresco-ca.password=kT9X6oe68t
-Dssl-keystore.ssl-repo-client.password=kT9X6oe68t
-Dssl-truststore.password=kT9X6oe68t
-Dssl-truststore.aliases=ssl-alfresco-ca,ssl-repo,ssl-repo-client
-Dssl-truststore.ssl-alfresco-ca.password=kT9X6oe68t
-Dssl-truststore.ssl-repo.password=kT9X6oe68t
-Dssl-truststore.ssl-repo-client.password=kT9X6oe68t
"
SOLR_SSL_NEED_CLIENT_AUTH: "true"
SOLR_OPTS: "
-Dsolr.ssl.checkPeerName=false
-Dsolr.allow.unsafe.resourceloading=true
" <% } %> <% if (httpMode == 'secret') { %>
SOLR_OPTS: "
-Dalfresco.secureComms.secret=secret
" <% } %>
ports:
- 8084:8983 <% if (httpMode == 'https') { %>
- 8083:8983 <% if (httpMode == 'https') { %>
volumes:
- ./keystores/solr:/opt/<%=searchPath%>/keystore <% } %>
<% } %>

13
e2e-test/generator-alfresco-docker-compose/generators/app/templates/images/alfresco/Dockerfile
View File

@@ -25,6 +25,19 @@ VOLUME ["${ALF_DATA_DIR}/keystore"]
USER root
ARG SHARE_SERVICES_TAG
ENV SHARE_SERVICES_TAG $SHARE_SERVICES_TAG
# From Alfresco Repository 7.0.0 Share Services AMP is not provided with default Docker Image
RUN if [ ! -z "$SHARE_SERVICES_TAG" ] ; then \
yum -y update && \
yum -y install wget && \
yum clean all && \
mkdir -p $TOMCAT_DIR/amps && \
wget https://nexus.alfresco.com/nexus/service/local/repo_groups/public/content/org/alfresco/alfresco-share-services/${SHARE_SERVICES_TAG}/alfresco-share-services-${SHARE_SERVICES_TAG}.amp \
-O $TOMCAT_DIR/amps/alfresco-share-services-${SHARE_SERVICES_TAG}.amp; \
fi
# Install modules and addons
RUN mkdir -p $TOMCAT_DIR/amps
COPY modules/amps/* $TOMCAT_DIR/amps/

3
e2e-test/generator-alfresco-docker-compose/generators/app/templates/images/search/Dockerfile
View File

@@ -21,6 +21,9 @@ ENV ALFRESCO_COMMS $ALFRESCO_COMMS
RUN if [ "$ALFRESCO_COMMS" == "https" ] ; then \
sed -i '/^bash.*/i sed -i "'"s/alfresco.secureComms=none/alfresco.secureComms=https/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties\n' \
${DIST_DIR}/solr/bin/search_config_setup.sh; \
elif [ "$ALFRESCO_COMMS" == "secret" ] ; then \
sed -i '/^bash.*/i sed -i "'"s/alfresco.secureComms=https/alfresco.secureComms=secret/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties\n' \
${DIST_DIR}/solr/bin/search_config_setup.sh; \
else \
sed -i '/^bash.*/i sed -i "'"s/alfresco.secureComms=https/alfresco.secureComms=none/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties\n' \
${DIST_DIR}/solr/bin/search_config_setup.sh; \

14
e2e-test/generator-alfresco-docker-compose/generators/app/templates/latest/.env
View File

@@ -1,14 +0,0 @@
ALFRESCO_TAG=6.3.0-A10
ALFRESCO_CE_TAG=latest
SHARE_TAG=latest
POSTGRES_TAG=11.4
TRANSFORM_ROUTER_TAG=1.2.0
TRANSFORM_CORE_AIO_TAG=2.2.1
SHARED_FILE_STORE_TAG=0.7.0
ACTIVE_MQ_TAG=5.15.8
DIGITAL_WORKSPACE_TAG=1.5.0
ACS_NGINX_TAG=3.0.1
ACS_COMMUNITY_NGINX_TAG=1.0.0
SEARCH_TAG=latest
ZEPPELIN_TAG=latest
ACA_TAG=master-latest

8322
e2e-test/generator-alfresco-docker-compose/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

7
e2e-test/generator-alfresco-docker-compose/package.json
View File

@@ -21,10 +21,9 @@
"npm": ">= 4.0.0"
},
"dependencies": {
"chalk": "^2.1.0",
"yeoman-generator": "^2.0.1",
"yo": "^3.1.1",
"yosay": "^2.0.1"
"chalk": "^2.4.2",
"yeoman-generator": "^4.12.0",
"yosay": "^2.0.2"
},
"jest": {
"testEnvironment": "node"