pflaeging-net-public/alfresco-docker-deploy
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
Deploy alfresco, keycloak, httpd-saml based on docker via ansible
28 commits 3 branches 1 tag 258 KiB
  • HTML 68.1%
  • Jinja 24.9%
  • Shell 7%
Find a file
Exact
Peter Pfläging cd972a07c9 Delete bogus configs
2023-04-28 11:49:32 +00:00
roles Merge branch 'master' of ssh://gitlab.pflaeging.net:1822/pflaeging-net/alfresco-docker-deploy 2019-03-09 13:37:18 +01:00
all.yml Cleanup for ansible 2.7; own hostname idpname for keycloak (defined in group httpd) 2019-02-08 17:52:05 +01:00
inventory make it running fpr 6.1.2-ga 2019-03-09 13:35:33 +01:00
LICENSE Add LICENSE 2018-11-05 17:06:10 +00:00
README.md fixup 2019-03-09 13:45:08 +01:00

README.md

Ansible deploy for alfresco on docker with keycloak

UPDATE: runs now on acs-community 6.1.2-ga

Begin with minimal CentOS Server

Disk config:

  • /
  • /var
  • /opt
  • swap

/, /var and / opt as xfs on lvm

Install ansible & git

yum install ansible git

clone this repo

git clone ....
cd alfresco-docker-deploy

login to my docker registry

https://reg.pflaeging.net

You need access rights to /alfresco

docker login reg.pflaeging.net

edit inventory

start deployment

ansible-playbook -i inventory all.yml

KeyCloak config

Log in to Keycloak:

https://[keycloak-host]/auth (keycloak-host in the example is cidran.pflaeging.net)

  • User Realm Alfresco
  • Never work in Realm Master. It's only for super user!
  • Change Admin Password (upper left!)
  • Add e-Mail Config

User Federation

  • Add User Federation
    • Add Role Mapper in User Federation
    • Add Group Mapper in User Federation
  • Sync User, Groups and Roles manually

You can check back LDAP config with an LDAP Editor like Apache Directory Studio:

LDAP URL: ldap://myservername:10389

Login data provided by config above ;-)

Add Apache Mellon Client

This is for Alfresco Share!

Copy the files /opt/docker/httpd-saml/apache-conf/[my-virtual-alfs]/mellon_metadata.xml from your Appserver to your local machine. This file is generated on first startup of the httpd-saml container and contains the setup for the keycloak client.

  • Go to Clients in KeyCloak
  • Create
  • Import the downloaded mellon_metadata.xml
  • Save
  • Give it a name like: "Alfresco Share" (Don't change anything else, until you know what you're doing)
  • In the Mappers section:
    • Add Builtin
    • Check all on the right
    • Add selected
    • Then create username mapper:
      • Create
      • Name: username
      • Mapper Type: User Property
      • Property: username
      • Friendly Name: username
      • SAML Attribute Name: username
      • SAML Attribbute NameFormat: Basic

Add your first user

This should be admin!

  • KeyCloak -> Users
  • Add user
    • Username: admin
    • Email: webmaster@home.local
    • First Name: Admin
    • Last Name: My Instance
    • User Enabled: On
    • Email Cerified: On
    • Save
    • Then go to Credentials:
      • New Password: ;-)
      • ...
      • Temporary: Off
      • Reset Password

Peter Pfläging peter@pflaeging.net