diff --git a/search-services/packaging/src/docker/6.x/.env b/search-services/packaging/src/docker/6.x/.env index 30363483d..72bef3e16 100644 --- a/search-services/packaging/src/docker/6.x/.env +++ b/search-services/packaging/src/docker/6.x/.env @@ -1,5 +1,6 @@ -ALFRESCO_TAG=6.1.2-ga -SHARE_TAG=6.1.0 +# In order to start the community edition set the value of ALFRESCO_EDITION to -community +ALFRESCO_EDITION= +ALFRESCO_TAG=6.1.0-EA3 +SHARE_TAG=6.0 POSTGRES_TAG=10.1 -SEARCH_TAG=latest -ACTIVE_MQ_TAG=5.15.8 +SEARCH_TAG=latest \ No newline at end of file diff --git a/search-services/packaging/src/docker/6.x/README.md b/search-services/packaging/src/docker/6.x/README.md deleted file mode 100644 index cf00a8f6a..000000000 --- a/search-services/packaging/src/docker/6.x/README.md +++ /dev/null @@ -1,26 +0,0 @@ -# Docker Compose Reference for ACS 6.x - -This project includes default configuration for ACS Community 6.1 and Search Services 1.2 using Plain HTTP communication between Repository and SOLR - -## Running Docker Compose - -Docker can be started using default command. - -```bash -$ docker-compose up --build -``` - -Alfresco will be available at: - -http://localhost:8081/alfresco - -http://localhost:8082/share - -http://localhost:8083/solr - -Plain HTTP Communication from SOLR is targeted inside Docker Network to http://alfresco:8080/alfresco - - -**Mutual TLS/SSL Communication** - -Folder `ssl` includes default TLS/SSL Communication between SOLR and Repository. diff --git a/search-services/packaging/src/docker/6.x/docker-compose.yml b/search-services/packaging/src/docker/6.x/docker-compose.yml index 82adbec74..a200a0136 100644 --- a/search-services/packaging/src/docker/6.x/docker-compose.yml +++ b/search-services/packaging/src/docker/6.x/docker-compose.yml @@ -1,85 +1,56 @@ -# This docker-compose file will spin up an ACS cluster on a local host or on a server and it requires a minimum of 12GB Memory to distribute among containers. -# Limit container memory and assign X percentage to JVM. There are couple of ways to allocate JVM Memory for ACS Containers -# For example: 'JAVA_OPTS: "$JAVA_OPTS -XX:+PrintFlagsFinal -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap"' -# But, as per Oracle docs (https://docs.oracle.com/javase/9/gctuning/parallel-collector1.htm#JSGCT-GUID-CAB83393-3438-44ED-98F0-D15641B43C7D) -# If container memory is not explicitly set, then the above flags will default max heap to 1/4th of container's memory which may not be ideal. -# Hence, setting up explicit Container memory and then assigning a percentage of it to the JVM for performance tuning. - -# Using version 2 as 3 does not support resource constraint options (cpu_*, mem_* limits) for non swarm mode in Compose -version: "2" - +version: '3' services: - alfresco: - image: alfresco/alfresco-content-repository-community:${ALFRESCO_TAG} - mem_limit: 1500m - environment: - JAVA_OPTS : " - -Ddb.driver=org.postgresql.Driver - -Ddb.username=alfresco - -Ddb.password=alfresco - -Ddb.url=jdbc:postgresql://postgres:5432/alfresco - -Dsolr.host=search - -Dsolr.port=8983 - -Dsolr.secureComms=none - -Dsolr.base.url=/solr - -Dindex.subsystem.name=solr6 - -Dshare.host=localhost - -Dalfresco.port=8082 - -Daos.baseUrlOverwrite=http://localhost:8082/alfresco/aos - -Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\" - -Ddeployment.method=DOCKER_COMPOSE - -Dcsrf.filter.enabled=false - -Xms1g -Xmx1g - -Dalfresco.restApi.basicAuthScheme=true - " - ports: - - 7203:7203 # JMX - - 5005:5005 # Java debugging - - 8081:8080 # Browser port - - share: - image: alfresco/alfresco-share:${SHARE_TAG} - mem_limit: 1g - environment: - - REPO_HOST=alfresco - - REPO_PORT=8080 - - "CATALINA_OPTS= -Xms500m -Xmx500m" - ports: - - 8082:8080 # Browser port - - postgres: - image: postgres:${POSTGRES_TAG} - mem_limit: 1500m - environment: - - POSTGRES_PASSWORD=alfresco - - POSTGRES_USER=alfresco - - POSTGRES_DB=alfresco - command: postgres -c max_connections=300 -c log_min_messages=LOG - ports: - - 5432:5432 - - search: - # Also alfresco/alfresco-search-services:${SEARCH_TAG} can be used for external developers - image: quay.io/alfresco/search-services:${SEARCH_TAG} - mem_limit: 2500m - environment: - #Solr needs to know how to register itself with Alfresco - SOLR_ALFRESCO_HOST: "alfresco" - SOLR_ALFRESCO_PORT: "8080" - #Alfresco needs to know how to call solr - SOLR_SOLR_HOST: "search" - SOLR_SOLR_PORT: "8983" - #Create the default alfresco and archive cores - SOLR_CREATE_ALFRESCO_DEFAULTS: "alfresco,archive" - SOLR_JAVA_MEM: "-Xms2g -Xmx2g" - ports: - - 8083:8983 # Browser port - - activemq: - image: alfresco/alfresco-activemq:${ACTIVE_MQ_TAG} - mem_limit: 2048m - ports: - - 8161:8161 # Web Console - - 5672:5672 # AMQP - - 61616:61616 # OpenWire - - 61613:61613 # STOMP + alfresco: + image: alfresco/alfresco-content-repository${ALFRESCO_EDITION}:${ALFRESCO_TAG} + environment: + JAVA_OPTS : " + -Ddb.driver=org.postgresql.Driver + -Ddb.username=alfresco + -Ddb.password=alfresco + -Ddb.url=jdbc:postgresql://postgres:5432/alfresco + -Dsolr.host=search + -Dsolr.port=8983 + -Dsolr.secureComms=none + -Dsolr.base.url=/solr + -Dindex.subsystem.name=solr6 + -Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\" + " + ports: + - "7203:7203" #JMX connect via service:jmx:rmi:///jndi/rmi://localhost:7203/jmxrmi + - "5005:5005" #Java debugging + - "8081:8080" #Browser port for Alfresco + share: + image: alfresco/alfresco-share:${SHARE_TAG} + environment: + - REPO_HOST=alfresco + - REPO_PORT=8080 + ports: + - 8082:8080 #Browser port for Share + postgres: + image: postgres:${POSTGRES_TAG} + environment: + - POSTGRES_PASSWORD=alfresco + - POSTGRES_USER=alfresco + - POSTGRES_DB=alfresco + ports: + - 5432:5432 + search: + image: quay.io/alfresco/search-services:${SEARCH_TAG} + environment: + #Solr needs to know how to register itself with Alfresco + - SOLR_ALFRESCO_HOST=alfresco + - SOLR_ALFRESCO_PORT=8080 + #Alfresco needs to know how to call solr + - SOLR_SOLR_HOST=search + - SOLR_SOLR_PORT=8983 + #Create the default alfresco and archive cores + - SOLR_CREATE_ALFRESCO_DEFAULTS=alfresco,archive + ports: + - 8083:8983 #Browser port + activemq: + image: alfresco/alfresco-activemq:5.15.6 + ports: + - 8161:8161 # Web Console + - 5672:5672 # AMQP + - 61616:61616 # OpenWire + - 61613:61613 # STOMP \ No newline at end of file diff --git a/search-services/packaging/src/docker/6.x/ssl/.env b/search-services/packaging/src/docker/6.x/ssl/.env deleted file mode 100644 index c2548ccd7..000000000 --- a/search-services/packaging/src/docker/6.x/ssl/.env +++ /dev/null @@ -1,5 +0,0 @@ -ALFRESCO_TAG=6.1.2-ga -SHARE_TAG=6.1.0 -POSTGRES_TAG=10.1 -SEARCH_TAG=1.3.0.1 -ACTIVE_MQ_TAG=5.15.8 diff --git a/search-services/packaging/src/docker/6.x/ssl/README.md b/search-services/packaging/src/docker/6.x/ssl/README.md deleted file mode 100644 index 481619f2b..000000000 --- a/search-services/packaging/src/docker/6.x/ssl/README.md +++ /dev/null @@ -1,56 +0,0 @@ -# Docker Templates for Community Edition - -This project includes default configuration to use Mutual TLS communication between ACS Community 6.1 and Search Services 1.3. - -Every *truststores*, *keystores* and *certificates* are copied from sources. - -## Components - -* **alfresco** includes a `Dockerfile` with *Tomcat Connector* configuration and *Keystore* folder mapping as it's required for Connector. Default stores and certificates from source code (`alfresco-repository`) have been copied in keystore folder. - -* **docker-compose.yml** includes a Docker Composition for ACS 6.1 and Search Services 1.3 using Mutual TLS - -* **solr6** includes a `Dockerfile` to set *https* communications and to provide a volume for the keystore. The keystore folder includes default certificates for SOLR server copied from source code (`alfresco-search`) - -``` -├── alfresco -│   ├── Dockerfile -│   └── keystore -│   ├── keystore -│   ├── keystore-passwords.properties -│   ├── ssl-keystore-passwords.properties -│   ├── ssl-truststore-passwords.properties -│   ├── ssl.keystore -│   └── ssl.truststore -├── docker-compose.yml -└── solr6 - ├── Dockerfile - └── keystore - ├── ssl-keystore-passwords.properties - ├── ssl-truststore-passwords.properties - ├── ssl.repo.client.keystore - └── ssl.repo.client.truststore -``` - - -## Running Docker Compose - -This project includes resources to start the platform in Mutual TLS (SSL). - -Docker can be started selecting SSL Docker Compose file. - -```bash -$ docker-compose up --build -``` - -Alfresco will be available at: - -http://localhost:8082/alfresco - -https://localhost:8443/alfresco - -http://localhost:8080/share - -https://localhost:8083/solr - -SSL Communication from SOLR is targeted inside Docker Network to https://alfresco:8443/alfresco diff --git a/search-services/packaging/src/docker/6.x/ssl/alfresco/Dockerfile b/search-services/packaging/src/docker/6.x/ssl/alfresco/Dockerfile deleted file mode 100644 index 172d30f58..000000000 --- a/search-services/packaging/src/docker/6.x/ssl/alfresco/Dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -ARG ALFRESCO_TAG -FROM alfresco/alfresco-content-repository-community:${ALFRESCO_TAG} - -USER root - -ARG TOMCAT_DIR=/usr/local/tomcat -ARG ALF_DATA_DIR=${TOMCAT_DIR}/alf_data - -# Copy generated keystore to Image -COPY keystore ${ALF_DATA_DIR}/keystore - -# Default value in "repository.properties" is "dir.keystore=classpath:alfresco/keystore" -RUN echo "dir.keystore=${ALF_DATA_DIR}/keystore" >> ${TOMCAT_DIR}/shared/classes/alfresco-global.properties - -### Enable SSL by adding the proper Connector to server.xml -RUN sed -i "s/\ - <\/Engine>/\n\ - <\/Engine>\n\ - \n\ - <\/Connector>/g" ${TOMCAT_DIR}/conf/server.xml diff --git a/search-services/packaging/src/docker/6.x/ssl/alfresco/keystore/keystore b/search-services/packaging/src/docker/6.x/ssl/alfresco/keystore/keystore deleted file mode 100644 index 22d2b69a4..000000000 Binary files a/search-services/packaging/src/docker/6.x/ssl/alfresco/keystore/keystore and /dev/null differ diff --git a/search-services/packaging/src/docker/6.x/ssl/alfresco/keystore/keystore-passwords.properties b/search-services/packaging/src/docker/6.x/ssl/alfresco/keystore/keystore-passwords.properties deleted file mode 100644 index cbdb6fb66..000000000 --- a/search-services/packaging/src/docker/6.x/ssl/alfresco/keystore/keystore-passwords.properties +++ /dev/null @@ -1,7 +0,0 @@ -aliases=metadata -# The password protecting the keystore entries -keystore.password=mp6yc0UD9e -# The password protecting the alias: metadata -metadata.keyData= -metadata.algorithm=DESede -metadata.password=oKIWzVdEdA \ No newline at end of file diff --git a/search-services/packaging/src/docker/6.x/ssl/alfresco/keystore/ssl-keystore-passwords.properties b/search-services/packaging/src/docker/6.x/ssl/alfresco/keystore/ssl-keystore-passwords.properties deleted file mode 100644 index 3a32c534d..000000000 --- a/search-services/packaging/src/docker/6.x/ssl/alfresco/keystore/ssl-keystore-passwords.properties +++ /dev/null @@ -1,7 +0,0 @@ -aliases=ssl.alfresco.ca,ssl.repo -# The ssl keystore password -keystore.password=kT9X6oe68t -# The password protecting the ssl repository key -ssl.repo.password=kT9X6oe68t -# The password protecting the ssl Alfresco CA key -ssl.alfresco.ca.password=kT9X6oe68t \ No newline at end of file diff --git a/search-services/packaging/src/docker/6.x/ssl/alfresco/keystore/ssl-truststore-passwords.properties b/search-services/packaging/src/docker/6.x/ssl/alfresco/keystore/ssl-truststore-passwords.properties deleted file mode 100644 index e5510fb03..000000000 --- a/search-services/packaging/src/docker/6.x/ssl/alfresco/keystore/ssl-truststore-passwords.properties +++ /dev/null @@ -1,5 +0,0 @@ -aliases=alfresco.ca -# The ssl truststore password -keystore.password=kT9X6oe68t -# The password protecting the ssl Alfresco CA strust certificate -alfresco.ca.password=kT9X6oe68t \ No newline at end of file diff --git a/search-services/packaging/src/docker/6.x/ssl/alfresco/keystore/ssl.keystore b/search-services/packaging/src/docker/6.x/ssl/alfresco/keystore/ssl.keystore deleted file mode 100644 index 3491f92e3..000000000 Binary files a/search-services/packaging/src/docker/6.x/ssl/alfresco/keystore/ssl.keystore and /dev/null differ diff --git a/search-services/packaging/src/docker/6.x/ssl/alfresco/keystore/ssl.truststore b/search-services/packaging/src/docker/6.x/ssl/alfresco/keystore/ssl.truststore deleted file mode 100644 index 67273aff4..000000000 Binary files a/search-services/packaging/src/docker/6.x/ssl/alfresco/keystore/ssl.truststore and /dev/null differ diff --git a/search-services/packaging/src/docker/6.x/ssl/docker-compose.yml b/search-services/packaging/src/docker/6.x/ssl/docker-compose.yml deleted file mode 100644 index ddc724ffc..000000000 --- a/search-services/packaging/src/docker/6.x/ssl/docker-compose.yml +++ /dev/null @@ -1,109 +0,0 @@ -# This docker-compose file will spin up an ACS cluster on a local host or on a server and it requires a minimum of 12GB Memory to distribute among containers. -# Limit container memory and assign X percentage to JVM. There are couple of ways to allocate JVM Memory for ACS Containers -# For example: 'JAVA_OPTS: "$JAVA_OPTS -XX:+PrintFlagsFinal -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap"' -# But, as per Oracle docs (https://docs.oracle.com/javase/9/gctuning/parallel-collector1.htm#JSGCT-GUID-CAB83393-3438-44ED-98F0-D15641B43C7D) -# If container memory is not explicitly set, then the above flags will default max heap to 1/4th of container's memory which may not be ideal. -# Hence, setting up explicit Container memory and then assigning a percentage of it to the JVM for performance tuning. - -# Using version 2 as 3 does not support resource constraint options (cpu_*, mem_* limits) for non swarm mode in Compose -version: "2" - -services: - alfresco: - build: - context: ./alfresco - args: - ALFRESCO_TAG: ${ALFRESCO_TAG} - mem_limit: 1500m - environment: - JAVA_OPTS : " - -Ddb.driver=org.postgresql.Driver - -Ddb.username=alfresco - -Ddb.password=alfresco - -Ddb.url=jdbc:postgresql://postgres:5432/alfresco - -Dsolr.host=solr6 - -Dsolr.port.ssl=8983 - -Dsolr.secureComms=https - -Dsolr.base.url=/solr - -Dindex.subsystem.name=solr6 - -Dshare.host=localhost - -Dalfresco.port=8082 - -Daos.baseUrlOverwrite=http://localhost:8082/alfresco/aos - -Dmessaging.broker.url=\"failover:(nio://activemq:61616)?timeout=3000&jms.useCompression=true\" - -Ddeployment.method=DOCKER_COMPOSE - -Dcsrf.filter.enabled=false - -Xms1g -Xmx1g - " - ports: - - 8082:8080 #Browser port - - 8443:8443 - - share: - image: alfresco/alfresco-share:${SHARE_TAG} - mem_limit: 1g - environment: - - REPO_HOST=alfresco - - REPO_PORT=8080 - - "CATALINA_OPTS= -Xms500m -Xmx500m" - ports: - - 8080:8080 - - postgres: - image: postgres:${POSTGRES_TAG} - mem_limit: 1500m - environment: - - POSTGRES_PASSWORD=alfresco - - POSTGRES_USER=alfresco - - POSTGRES_DB=alfresco - command: postgres -c max_connections=300 -c log_min_messages=LOG - ports: - - 5432:5432 - - solr6: - build: - context: ./solr6 - args: - - SEARCH_TAG=${SEARCH_TAG} - mem_limit: 2500m - environment: - #Solr needs to know how to register itself with Alfresco - SOLR_ALFRESCO_HOST: "alfresco" - SOLR_ALFRESCO_PORT: "8443" - #Alfresco needs to know how to call solr - SOLR_SOLR_HOST: "solr6" - SOLR_SOLR_PORT: "8983" - SOLR_SSL_TRUST_STORE: "/opt/alfresco-search-services/keystore/ssl.repo.client.truststore" - SOLR_SSL_TRUST_STORE_PASSWORD: "kT9X6oe68t" - SOLR_SSL_TRUST_STORE_TYPE: "JCEKS" - SOLR_SSL_KEY_STORE: "/opt/alfresco-search-services/keystore/ssl.repo.client.keystore" - SOLR_SSL_KEY_STORE_PASSWORD: "kT9X6oe68t" - SOLR_SSL_KEY_STORE_TYPE: "JCEKS" - SOLR_SSL_NEED_CLIENT_AUTH: "true" - #Create the default alfresco and archive cores - SOLR_CREATE_ALFRESCO_DEFAULTS: "alfresco,archive" - SOLR_JAVA_MEM: "-Xms2g -Xmx2g" - SOLR_OPTS: " - -Djavax.net.ssl.keyStoreType=JCEKS - -Djavax.net.ssl.trustStoreType=JCEKS - -Dsolr.ssl.checkPeerName=false - -Dsolr.allow.unsafe.resourceloading=true - -Dalfresco.encryption.ssl.keystore.location=/opt/alfresco-search-services/keystore/ssl.repo.client.keystore - -Dalfresco.encryption.ssl.keystore.passwordFileLocation=/opt/alfresco-search-services/keystore/ssl-keystore-passwords.properties - -Dalfresco.encryption.ssl.keystore.type=JCEKS - -Dalfresco.encryption.ssl.truststore.location=/opt/alfresco-search-services/keystore/ssl.repo.client.truststore - -Dalfresco.encryption.ssl.truststore.passwordFileLocation=/opt/alfresco-search-services/keystore/ssl-truststore-passwords.properties - -Dalfresco.encryption.ssl.truststore.type=JCEKS - " - ports: - - 8083:8983 #Browser port - volumes: - - ./solr6/keystore:/opt/alfresco-search-services/keystore - - activemq: - image: alfresco/alfresco-activemq:${ACTIVE_MQ_TAG} - mem_limit: 2048m - ports: - - 8161:8161 # Web Console - - 5672:5672 # AMQP - - 61616:61616 # OpenWire - - 61613:61613 # STOMP diff --git a/search-services/packaging/src/docker/6.x/ssl/solr6/Dockerfile b/search-services/packaging/src/docker/6.x/ssl/solr6/Dockerfile deleted file mode 100644 index 3c93212ce..000000000 --- a/search-services/packaging/src/docker/6.x/ssl/solr6/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -ARG SEARCH_TAG -FROM alfresco/alfresco-search-services:${SEARCH_TAG} - -# Configure SOLR cores to run in HTTPs mode from template -RUN sed -i '/^bash.*/i sed -i "'"s/alfresco.secureComms=none/alfresco.secureComms=https/g"'" ${DIST_DIR}/solrhome/templates/rerank/conf/solrcore.properties\n' \ - ${DIST_DIR}/solr/bin/search_config_setup.sh - -RUN mkdir ${DIST_DIR}/keystore \ - && chown -R solr:solr ${DIST_DIR}/keystore - -VOLUME ["${DIST_DIR}/keystore"] diff --git a/search-services/packaging/src/docker/6.x/ssl/solr6/keystore/ssl-keystore-passwords.properties b/search-services/packaging/src/docker/6.x/ssl/solr6/keystore/ssl-keystore-passwords.properties deleted file mode 100644 index 3a32c534d..000000000 --- a/search-services/packaging/src/docker/6.x/ssl/solr6/keystore/ssl-keystore-passwords.properties +++ /dev/null @@ -1,7 +0,0 @@ -aliases=ssl.alfresco.ca,ssl.repo -# The ssl keystore password -keystore.password=kT9X6oe68t -# The password protecting the ssl repository key -ssl.repo.password=kT9X6oe68t -# The password protecting the ssl Alfresco CA key -ssl.alfresco.ca.password=kT9X6oe68t \ No newline at end of file diff --git a/search-services/packaging/src/docker/6.x/ssl/solr6/keystore/ssl-truststore-passwords.properties b/search-services/packaging/src/docker/6.x/ssl/solr6/keystore/ssl-truststore-passwords.properties deleted file mode 100644 index e5510fb03..000000000 --- a/search-services/packaging/src/docker/6.x/ssl/solr6/keystore/ssl-truststore-passwords.properties +++ /dev/null @@ -1,5 +0,0 @@ -aliases=alfresco.ca -# The ssl truststore password -keystore.password=kT9X6oe68t -# The password protecting the ssl Alfresco CA strust certificate -alfresco.ca.password=kT9X6oe68t \ No newline at end of file diff --git a/search-services/packaging/src/docker/6.x/ssl/solr6/keystore/ssl.repo.client.keystore b/search-services/packaging/src/docker/6.x/ssl/solr6/keystore/ssl.repo.client.keystore deleted file mode 100644 index a2faa8cc8..000000000 Binary files a/search-services/packaging/src/docker/6.x/ssl/solr6/keystore/ssl.repo.client.keystore and /dev/null differ diff --git a/search-services/packaging/src/docker/6.x/ssl/solr6/keystore/ssl.repo.client.truststore b/search-services/packaging/src/docker/6.x/ssl/solr6/keystore/ssl.repo.client.truststore deleted file mode 100644 index 8b438d58c..000000000 Binary files a/search-services/packaging/src/docker/6.x/ssl/solr6/keystore/ssl.repo.client.truststore and /dev/null differ