diff --git a/.github/actions/setup-workspace/action.yml b/.github/actions/setup-workspace/action.yml index 1dc0898ff..73d04cc51 100644 --- a/.github/actions/setup-workspace/action.yml +++ b/.github/actions/setup-workspace/action.yml @@ -3,8 +3,8 @@ description: 'Do some clever stuff on the workspace before running tests' runs: using: "composite" steps: - - name: Use internal nexus repository when branch is a future release - if: startsWith(github.ref_name, 'next/') || startsWith(github.head_ref, 'next/') || contains(github.event.pull_request.labels.*.name, 'ci-prerelease') + - name: Switch to internal repository when current or base branch is a next release branch + if: startsWith(github.ref_name, 'next/') || startsWith(github.head_ref, 'next/') || startsWith(github.base_ref, 'next/') || contains(github.event.pull_request.labels.*.name, 'ci-prerelease') run: | yq -i '.artifacts_repositories.enterprise.repository = "groups/internal"' playbooks/group_vars/all.yml echo "::warning title=pre-release branch::Nexus enterprise repository override enabled, using groups/internal as main repository" diff --git a/.github/updatecli/updatecli_maven_roles_values.yml b/.github/updatecli/updatecli_maven_roles_values.yml index 32e082857..0ef63f161 100644 --- a/.github/updatecli/updatecli_maven_roles_values.yml +++ b/.github/updatecli/updatecli_maven_roles_values.yml @@ -38,10 +38,10 @@ artifacts: ansible_version_file: roles/transformers/defaults/main.yml updatecli_matrix_component_key: tengine-aio alfresco-transform-router: - artifact_name_file: roles/transformers/defaults/main.yml - artifact_name_key: $.transformers_aio_artifact_name - artifact_version_key: $.transformers_aio_version - ansible_version_file: roles/transformers/defaults/main.yml + artifact_name_file: roles/trouter/defaults/main.yml + artifact_name_key: $.trouter_artifact_name + artifact_version_key: $.trouter_version + ansible_version_file: roles/trouter/defaults/main.yml updatecli_matrix_component_key: trouter alfresco-shared-file-store-controller: artifact_name_file: roles/sfs/defaults/main.yml diff --git a/.github/updatecli/updatecli_maven_v23_values.yml b/.github/updatecli/updatecli_maven_v23_values.yml index 349224e25..e7a3a9fbc 100644 --- a/.github/updatecli/updatecli_maven_v23_values.yml +++ b/.github/updatecli/updatecli_maven_v23_values.yml @@ -1,8 +1,3 @@ -updatecli_matrix_version: current +updatecli_matrix_version: 23.N updatecli_amps_release_branch: "release/23.N" ansible_version_file: vars/acs23.yml -artifacts: - alfresco-googledrive-repo-community: - updatecli_scm_id: acsComRepo - updatecli_xml_target: "/project/properties/alfresco.googledrive.version" - artifact_version_key: "$.acs_play_community_repository_amp_googledrive_repo_version" diff --git a/.github/updatecli/updatecli_maven_v25_values.yml b/.github/updatecli/updatecli_maven_v25_values.yml new file mode 100644 index 000000000..943ac5aa0 --- /dev/null +++ b/.github/updatecli/updatecli_maven_v25_values.yml @@ -0,0 +1,8 @@ +updatecli_matrix_version: current +updatecli_amps_release_branch: "release/25.1" +ansible_version_file: vars/acs25.yml +artifacts: + alfresco-googledrive-repo-community: + updatecli_scm_id: acsComRepo + updatecli_xml_target: "/project/properties/alfresco.googledrive.version" + artifact_version_key: "$.acs_play_community_repository_amp_googledrive_repo_version" diff --git a/.github/updatecli/updatecli_maven_values.yml b/.github/updatecli/updatecli_maven_values.yml index 36b13d969..b9594c461 100644 --- a/.github/updatecli/updatecli_maven_values.yml +++ b/.github/updatecli/updatecli_maven_values.yml @@ -27,6 +27,11 @@ artifacts: artifact_name_key: $.acs_play_repository_acs_artifact_name artifact_version_key: $.acs_play_repository_acs_version updatecli_matrix_component_key: acs + alfresco-api-explorer: + artifact_name_file: playbooks/group_vars/repository.yml + artifact_name_key: $.acs_play_repository_api_explorer_artifact_name + artifact_version_key: $.acs_play_repository_api_explorer_version + updatecli_matrix_component_key: acs alfresco-search-enterprise: artifact_name_file: playbooks/group_vars/search_enterprise.yml artifact_name_key: $.acs_play_search_enterprise_artifact_name diff --git a/.github/workflows/community.yml b/.github/workflows/community.yml index a0779bb24..8a7816151 100644 --- a/.github/workflows/community.yml +++ b/.github/workflows/community.yml @@ -2,7 +2,9 @@ name: "community" on: pull_request: - branches: [master] + branches: + - master + - 'next/**' paths-ignore: - "docs/**" - "*.md" @@ -54,7 +56,7 @@ jobs: molecule_distro: - image: ubuntu:24.04 - image: ubuntu:22.04 - - image: rockylinux/rockylinux:9.4 + - image: rockylinux/rockylinux:9.5 role: - name: activemq - name: common @@ -114,7 +116,7 @@ jobs: matrix: molecule_distro: - image: ubuntu:22.04 - - image: rockylinux/rockylinux:9.4 + - image: rockylinux/rockylinux:9.5 scenario: - name: docker_community uses: ./.github/workflows/docker.yml diff --git a/.github/workflows/enteprise.yml b/.github/workflows/enteprise.yml index 8458b125b..342a88e5d 100644 --- a/.github/workflows/enteprise.yml +++ b/.github/workflows/enteprise.yml @@ -2,7 +2,9 @@ name: "enterprise" on: pull_request: - branches: [master] + branches: + - master + - 'next/**' types: [labeled, opened, synchronize, reopened] paths-ignore: - "docs/**" @@ -72,8 +74,8 @@ jobs: fail-fast: false matrix: molecule_distro: - - image: ubuntu:22.04 - - image: rockylinux/rockylinux:9.4 + - image: ubuntu:24.04 + - image: rockylinux/rockylinux:9.5 role: - name: adf_app - name: search_enterprise @@ -132,8 +134,8 @@ jobs: fail-fast: false matrix: molecule_distro: - - image: ubuntu:22.04 - - image: rockylinux/rockylinux:9.4 + - image: ubuntu:24.04 + - image: rockylinux/rockylinux:9.5 scenario: - name: pki - name: elasticsearch @@ -145,12 +147,7 @@ jobs: - scenario: name: docker_enterprise molecule_distro: - image: rockylinux/rockylinux:9.4 - runner: ubuntu-24.04-arm - - scenario: - name: docker_enterprise - molecule_distro: - image: ubuntu:22.04 + image: rockylinux/rockylinux:9.5 runner: ubuntu-24.04-arm - scenario: name: docker_enterprise @@ -188,22 +185,22 @@ jobs: desc: EC2 ACS 7.3 (Ubuntu 22.04) - name: default vars: vars-rocky8.yml - desc: EC2 ACS 7.4 (Rocky Linux 8.9) + desc: EC2 ACS 7.4 (Rocky Linux 8.10) - name: default vars: vars-rhel8.yml - desc: EC2 ACS 7.4 (RHEL 8.9) + desc: EC2 ACS 7.4 (RHEL 8.10) - name: default vars: vars-ubuntu-community.yml - desc: EC2 ACS 23.x Community (Ubuntu 24.04) + desc: EC2 ACS 25.x Community (Ubuntu 24.04) - name: default vars: vars-rocky9.yml - desc: EC2 ACS 23.x (Rocky Linux 9.4) + desc: EC2 ACS 23.x (Rocky Linux 9.5) - name: multimachine vars: vars.yml - desc: EC2 ACS 23.x clustered (RHEL 9.4) + desc: EC2 ACS 25.x clustered (RHEL 9.5) - name: opensearch vars: vars.yml - desc: EC2 ACS 23.x opensearch (RHEL 9.4) + desc: EC2 ACS 25.x opensearch (RHEL 9.5) env: AWS_REGION: eu-west-1 MOLECULE_IT_AWS_VPC_SUBNET_ID: subnet-6bdd4223 diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml index e16d2ef8e..031cb7d20 100644 --- a/.github/workflows/kics.yml +++ b/.github/workflows/kics.yml @@ -2,7 +2,9 @@ name: kics on: pull_request: - branches: [master] + branches: + - master + - 'next/**' paths: - 'playbooks/**' - 'roles/**' diff --git a/.secrets.baseline b/.secrets.baseline index 3286cf3fa..ec2129072 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -144,7 +144,7 @@ "filename": "playbooks/acs.yml", "hashed_secret": "0ca8f28152882e5edb182fc3f7d4ae10a5b10dc5", "is_verified": false, - "line_number": 608 + "line_number": 612 } ], "roles/activemq/molecule/default/tests/test_activemq.py": [ @@ -188,5 +188,5 @@ } ] }, - "generated_at": "2025-03-13T09:39:39Z" + "generated_at": "2025-03-17T11:58:32Z" } diff --git a/molecule/default/vars-rocky9.yml b/molecule/default/vars-rocky9.yml index 081d0d018..af581b0bb 100644 --- a/molecule/default/vars-rocky9.yml +++ b/molecule/default/vars-rocky9.yml @@ -1,4 +1,4 @@ -MOLECULE_IT_IMAGE_ID: ami-0230bf6b41b114fef # Rocky-9-EC2-Base-9.4-20240523.0.x86_64 +MOLECULE_IT_IMAGE_ID: ami-0272534a8a639b9f1 # Rocky-9-EC2-Base-9.5-20241118.0.x86_64 MOLECULE_IT_EXTRA_VARS: acs_play_major_version=23 -MOLECULE_IT_TEST_CONFIG: tests/test-config.json +MOLECULE_IT_TEST_CONFIG: tests/test-config-23.json MOLECULE_IT_PLATFORM: rocky9 diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index b2acd958d..a0e9378d1 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -49,6 +49,9 @@ - name: Print multiline pytest stdout as best as we can debug: msg: "{{ ansible_failed_result.stdout_lines }}" + - name: Exit with failure + ansible.builtin.fail: + msg: "pytest failed" - name: Verify adw plugins state hosts: adw diff --git a/molecule/multimachine/vars.yml b/molecule/multimachine/vars.yml index 0ead8aefa..f4fd52b0a 100644 --- a/molecule/multimachine/vars.yml +++ b/molecule/multimachine/vars.yml @@ -1,4 +1,4 @@ MOLECULE_IT_IMAGE_ID: ami-02e145cba2d8ae80e # RHEL-9.4.0_HVM-20250218-x86_64-0-Hourly2-GP3 -MOLECULE_IT_EXTRA_VARS: acs_play_major_version=23 +MOLECULE_IT_EXTRA_VARS: acs_play_major_version=25 MOLECULE_IT_TEST_CONFIG: tests/test-config.json MOLECULE_IT_PLATFORM: multimachine diff --git a/molecule/pki/verify.yml b/molecule/pki/verify.yml index 23abb21ee..348a653b8 100644 --- a/molecule/pki/verify.yml +++ b/molecule/pki/verify.yml @@ -44,27 +44,33 @@ - name: Populate services facts ansible.builtin.service_facts: - - name: Check in logs a client did connect - ansible.builtin.slurp: - src: /var/log/alfresco/{{ item.file }}.log - register: ats_log + - name: Check ATS Router logs for client access signal become: true - until: - - item.pattern in ats_log.content | b64decode + ansible.builtin.slurp: + src: /var/log/alfresco/ats-atr.log + register: ats_router_log + until: >- + "GET Transform Config version" in ats_router_log.content | b64decode retries: 10 delay: 3 - loop: - - file: ats-atr - pattern: GET Transform Config version - edition: Enterprise - - file: ats-shared-fs - pattern: TLS virtual host - edition: Enterprise + no_log: true + + - name: Check Shared File Store logs for client access signal + become: true + ansible.builtin.slurp: + src: /var/log/alfresco/ats-shared-fs.log + register: ats_fs_log + until: >- + "TLS virtual host" in ats_fs_log.content | b64decode + retries: 3 + delay: 1 + no_log: true - name: Copy cert as PEM ansible.builtin.copy: src: /tmp/{{ inventory_hostname }}.crt dest: /tmp + - name: Check certificates requires auth ansible.builtin.uri: url: https://localhost:8090 diff --git a/playbooks/acs.yml b/playbooks/acs.yml index 2613174b6..28dd7b786 100644 --- a/playbooks/acs.yml +++ b/playbooks/acs.yml @@ -209,6 +209,7 @@ transformers_aio_version: "{{ acs_play_transformers_aio_version }}" transformers_aio_archive_url: "{{ acs_play_transformers_aio_archive_url }}" transformers_aio_archive_checksum: "{{ acs_play_transformers_aio_archive_checksum }}" + transformers_truststore_type: "{{ acs_play_default_truststore_type }}" post_tasks: - name: Update installation status file with Transformers become: true @@ -350,6 +351,7 @@ repository_amp_downloads: "{{ acs_play_repository_amp_downloads }}" repository_extra_war_downloads: "{{ acs_play_repository_extra_war_downloads }}" repository_extra_amp_downloads: "{{ acs_play_repository_extra_amp_downloads }}" + repository_truststore_type: "{{ acs_play_default_truststore_type }}" post_tasks: - name: Initialize evaluation of currently installed amps ansible.builtin.set_fact: @@ -437,6 +439,7 @@ trouter_archive_checksum: "{{ acs_play_trouter_archive_checksum }}" trouter_archive_username: "{{ nexus_user }}" trouter_archive_password: "{{ nexus_password }}" + trouter_ats_truststore_type: "{{ acs_play_default_truststore_type }}" when: acs_is_enterprise post_tasks: - name: Update installation status file with Trouter @@ -487,6 +490,7 @@ sfs_archive_username: "{{ nexus_user }}" sfs_archive_password: "{{ nexus_password }}" sfs_ats_keystore: "{{ acs_play_sfs_keystore | default({}) }}" + sfs_ats_truststore_type: "{{ acs_play_default_truststore_type }}" when: acs_is_enterprise post_tasks: - name: Update installation status file with SFS diff --git a/playbooks/group_vars/all.yml b/playbooks/group_vars/all.yml index ab9d4f4ab..546d760e5 100644 --- a/playbooks/group_vars/all.yml +++ b/playbooks/group_vars/all.yml @@ -3,7 +3,7 @@ # For more information please have a look at the # [security_doc](https://github.com/Alfresco/alfresco-ansible-deployment/blob/master/docs/SECURITY.md#specify-trustworthy-applications) acs_play_known_urls: [] -acs_play_major_version: 23 +acs_play_major_version: 25 artifacts_repositories: enterprise: @@ -24,8 +24,10 @@ nexus_repository: development_releases: >- {{ artifacts_repositories.enterprise.base_url }}/{{ artifacts_repositories.development.repository }}/{{ artifacts_repositories.enterprise.group_id }} -default_java_version: 17.0.14+7 -acs_play_java_core: "{{ default_java_version.split('+')[0] }}" +acs_play_java_core: "{{ acs_play_java_version.split('+')[0] }}" +acs_play_java_major: "{{ acs_play_java_core.split('.')[0] }}" +acs_play_default_truststore_type: "{% if acs_play_java_major | int >= 21 %}pkcs12{% else %}JCEKS{% endif %}" + acs_play_repository_acs_edition: Enterprise acs_play_skip_upgrade_checks: false diff --git a/roles/audit_storage/defaults/main.yml b/roles/audit_storage/defaults/main.yml index e717bb4c7..df6376d04 100644 --- a/roles/audit_storage/defaults/main.yml +++ b/roles/audit_storage/defaults/main.yml @@ -1,6 +1,6 @@ --- # defaults file for audit_storage -audit_storage_version: "1.0.0" +audit_storage_version: 1.1.0 audit_storage_zip_url: https://nexus.alfresco.com/nexus/repository/enterprise-releases/org/alfresco/alfresco-audit-storage-distribution/{{ audit_storage_version }}/alfresco-audit-storage-distribution-{{ audit_storage_version }}.zip audit_storage_zip_checksum: sha1:{{ audit_storage_zip_url }}.sha1 diff --git a/roles/java/tasks/main.yml b/roles/java/tasks/main.yml index 49cc0a6a7..11cc787e3 100644 --- a/roles/java/tasks/main.yml +++ b/roles/java/tasks/main.yml @@ -1,6 +1,6 @@ --- # tasks file for roles/java -- name: Download openjdk archive +- name: Download openjdk archive for version {{ java_version }} ansible.builtin.get_url: url: "{{ java_url }}" dest: "{{ download_location }}/{{ java_tar_file }}" @@ -11,7 +11,7 @@ - name: Install OpenJDK become: true block: - - name: Extract OpenJDK archive + - name: Extract OpenJDK archive {{ java_tar_file }} ansible.builtin.unarchive: src: "{{ download_location }}/{{ java_tar_file }}" dest: "{{ java_home | dirname }}" diff --git a/roles/repository/defaults/main.yml b/roles/repository/defaults/main.yml index 8fbc890bd..021745297 100644 --- a/roles/repository/defaults/main.yml +++ b/roles/repository/defaults/main.yml @@ -22,7 +22,7 @@ repository_acs_is_enterprise: true repository_acs_artifact_name: alfresco-content-services-distribution repository_acs_repository: https://artifacts.alfresco.com/nexus/content/groups/private/org/alfresco -repository_acs_version: 23.4.1 +repository_acs_version: 25.1.0 repository_acs_archive_url: "{{ repository_acs_repository }}/{{ repository_acs_artifact_name }}/{{ repository_acs_version }}/{{ repository_acs_artifact_name }}-{{ repository_acs_version }}.zip" repository_acs_archive_checksum: "sha1:{{ repository_acs_archive_url }}.sha1" repository_acs_nexus_username: "{{ repository_nexus_username }}" @@ -35,7 +35,7 @@ repository_api_explorer_enabled: true repository_api_explorer_artifact_name: api-explorer repository_api_explorer_repository: https://artifacts.alfresco.com/nexus/content/groups/public/org/alfresco -repository_api_explorer_version: 23.4.0 +repository_api_explorer_version: 25.1.0 repository_api_explorer_archive_url: "{{ repository_api_explorer_repository }}/{{ repository_api_explorer_artifact_name }}/{{ repository_api_explorer_version }}/{{ repository_api_explorer_artifact_name }}-{{ repository_api_explorer_version }}.war" repository_api_explorer_archive_checksum: "sha1:{{ repository_api_explorer_archive_url }}.sha1" repository_api_explorer_nexus_username: "{{ repository_nexus_username }}" @@ -139,3 +139,5 @@ repository_amp_downloads: [] # Additional list of amp downloads. Same structure as repository_amp_downloads repository_extra_amp_downloads: [] + +repository_truststore_type: JCEKS diff --git a/roles/repository/templates/alfresco-global.properties.j2 b/roles/repository/templates/alfresco-global.properties.j2 index 6422a8ea0..aec73e228 100644 --- a/roles/repository/templates/alfresco-global.properties.j2 +++ b/roles/repository/templates/alfresco-global.properties.j2 @@ -33,6 +33,8 @@ encryption.keystore.backup.type=JCEKS {% endif %} encryption.ssl.truststore.location={{ java_truststore | default(java_home + '/lib/security/cacerts') }} +encryption.ssl.truststore.type={{ repository_truststore_type }} + {% if repository_default_keystore %} encryption.ssl.keystore.location={{ repository_default_keystore.path }} httpclient.config.transform.mTLSEnabled=true diff --git a/roles/search/defaults/main.yml b/roles/search/defaults/main.yml index 87e72913a..a126b566d 100644 --- a/roles/search/defaults/main.yml +++ b/roles/search/defaults/main.yml @@ -5,12 +5,12 @@ search_repository: port: 80 port_ssl: 443 -search_flavor: alfresco-search-services # set to alfresco-insight-engine for IE -search_version: 2.0.14 +search_flavor: alfresco-search-services # set to alfresco-insight-engine for IE +search_version: 2.0.15 search_artifact_repository: https://artifacts.alfresco.com/nexus/content/groups/public/org/alfresco search_zip_url: "{{ search_artifact_repository }}/{{ search_flavor }}/{{ search_version }}/{{ search_flavor }}-{{ search_version }}.zip" search_zip_checksum: "sha1:{{ search_zip_url }}.sha1" -search_environment: # This will add extra vars at the end of the solr.in.sh file +search_environment: # This will add extra vars at the end of the solr.in.sh file SOLR_JAVA_MEM: "-Xms1g -Xmx1g" search_cores: - alfresco diff --git a/roles/search_enterprise/defaults/main.yml b/roles/search_enterprise/defaults/main.yml index db3435c13..7d5f4d133 100644 --- a/roles/search_enterprise/defaults/main.yml +++ b/roles/search_enterprise/defaults/main.yml @@ -7,7 +7,7 @@ search_enterprise_reindex_options: '' search_enterprise_artifact_name: alfresco-elasticsearch-connector-distribution search_enterprise_repository: https://artifacts.alfresco.com/nexus/content/groups/private/org/alfresco -search_enterprise_version: 4.2.0 +search_enterprise_version: 5.0.0 search_enterprise_zip_url: "{{ search_enterprise_repository }}/{{ search_enterprise_artifact_name }}/{{ search_enterprise_version }}/{{ search_enterprise_artifact_name }}-{{ search_enterprise_version }}.zip" search_enterprise_zip_checksum: "sha1:{{ search_enterprise_zip_url }}.sha1" diff --git a/roles/search_enterprise/molecule/default/converge.yml b/roles/search_enterprise/molecule/default/converge.yml index 41f679b2d..5b58a2ade 100644 --- a/roles/search_enterprise/molecule/default/converge.yml +++ b/roles/search_enterprise/molecule/default/converge.yml @@ -8,24 +8,33 @@ - name: "Include activemq" ansible.builtin.include_role: name: "activemq" + + - name: "Include elasticsearch" + ansible.builtin.include_role: + name: "elasticsearch" + - name: "Include sfs" ansible.builtin.include_role: name: "sfs" vars: sfs_archive_username: "{{ molecule_nexus_username }}" sfs_archive_password: "{{ molecule_nexus_password }}" + - name: "Include transformers" ansible.builtin.include_role: name: "transformers" + - name: "Include t-router" ansible.builtin.include_role: name: "trouter" vars: trouter_archive_username: "{{ molecule_nexus_username }}" trouter_archive_password: "{{ molecule_nexus_password }}" + - name: "Include search_enterprise" ansible.builtin.include_role: name: "search_enterprise" vars: + elasticsearch_host: "{{ ansible_hostname }}" search_enterprise_zip_username: "{{ molecule_nexus_username }}" search_enterprise_zip_password: "{{ molecule_nexus_password }}" diff --git a/roles/sfs/defaults/main.yml b/roles/sfs/defaults/main.yml index 11d58faf5..45ad3ef68 100644 --- a/roles/sfs/defaults/main.yml +++ b/roles/sfs/defaults/main.yml @@ -9,11 +9,12 @@ sfs_utils: [] sfs_ats_keystore: {} sfs_ats_truststore: "{{ java_home }}/lib/security/cacerts" sfs_ats_truststore_pass: changeit +sfs_ats_truststore_type: "JCEKS" sfs_artifact_name: alfresco-shared-file-store-controller sfs_repository: https://artifacts.alfresco.com/nexus/content/groups/private/org/alfresco -sfs_version: 4.1.6 +sfs_version: 4.1.7 sfs_archive_url: "{{ sfs_repository }}/{{ sfs_artifact_name }}/{{ sfs_version }}/{{ sfs_artifact_name }}-{{ sfs_version }}.jar" sfs_archive_checksum: "sha1:{{ sfs_archive_url }}.sha1" diff --git a/roles/sfs/templates/mtls.properties.j2 b/roles/sfs/templates/mtls.properties.j2 index 50413972b..444da78a5 100644 --- a/roles/sfs/templates/mtls.properties.j2 +++ b/roles/sfs/templates/mtls.properties.j2 @@ -5,5 +5,5 @@ server.ssl.key-store-password={{ sfs_ats_keystore.pass | default('') }} server.ssl.key-store-type={{ sfs_ats_keystore.type | default('JCEKS') }} server.ssl.trust-store={{ sfs_ats_truststore }} server.ssl.trust-store-password={{ sfs_ats_truststore_pass }} -server.ssl.trust-store-type=JCEKS +server.ssl.trust-store-type={{ sfs_ats_truststore_type }} server.ssl.client-auth=need diff --git a/roles/sync/defaults/main.yml b/roles/sync/defaults/main.yml index 5f9b59245..0f7c685ef 100644 --- a/roles/sync/defaults/main.yml +++ b/roles/sync/defaults/main.yml @@ -1,5 +1,5 @@ --- -sync_version: 5.1.0 +sync_version: 5.2.0 sync_artifact_name: sync-dist-6.x sync_zip_url: >- https://artifacts.alfresco.com/nexus/content/groups/private/org/alfresco/services/sync/{{ sync_artifact_name }}/{{ sync_version }}/{{ sync_artifact_name }}-{{ sync_version }}.zip diff --git a/roles/sync/molecule/default/converge.yml b/roles/sync/molecule/default/converge.yml index 7ae7de819..87fa5f90a 100644 --- a/roles/sync/molecule/default/converge.yml +++ b/roles/sync/molecule/default/converge.yml @@ -4,7 +4,7 @@ vars: molecule_nexus_username: "{{ lookup('env', 'NEXUS_USERNAME') }}" molecule_nexus_password: "{{ lookup('env', 'NEXUS_PASSWORD') }}" - sync_amp_device_sync_version: 5.1.0 + sync_amp_device_sync_version: 5.2.0 sync_amp_device_sync_artifact_name: alfresco-device-sync-repo sync_amp_device_sync_repository: https://artifacts.alfresco.com/nexus/content/groups/private/org/alfresco/services/sync sync_amp_device_sync_archive_url: "{{ sync_amp_device_sync_repository }}/{{ sync_amp_device_sync_artifact_name }}/{{ sync_amp_device_sync_version }}/{{ sync_amp_device_sync_artifact_name }}-{{ sync_amp_device_sync_version }}.amp" diff --git a/roles/sync/molecule/default/molecule.yml b/roles/sync/molecule/default/molecule.yml index 3ebcc62a8..ccb466a9c 100644 --- a/roles/sync/molecule/default/molecule.yml +++ b/roles/sync/molecule/default/molecule.yml @@ -31,8 +31,4 @@ provisioner: links: host_vars: host_vars verifier: - name: testinfra - env: - TEST_HOST: "localhost" - options: - verbose: true + name: ansible diff --git a/roles/sync/molecule/default/tests/test_sync.py b/roles/sync/molecule/default/tests/test_sync.py deleted file mode 100644 index bb49d10d0..000000000 --- a/roles/sync/molecule/default/tests/test_sync.py +++ /dev/null @@ -1,49 +0,0 @@ -"""SyncService Tests""" -import os -import pytest -from hamcrest import contains_string, assert_that, has_length - -test_host = os.environ.get('TEST_HOST') - - -# pylint: disable=redefined-outer-name -@pytest.fixture(scope="module") -def get_ansible_vars(host): - """Define get_ansible_vars""" - java_role = "file=../java/vars/main.yml name=java_role" - common_vars = "file=../../../common/vars/main.yml name=common_vars" - common_defaults = "file=../../../common/defaults/main.yml name=common_defaults" - syncservices = "file=../../vars/main.yml name=syncservices" - ansible_vars = host.ansible("include_vars", java_role)["ansible_facts"]["java_role"] - ansible_vars.update(host.ansible("include_vars", java_role)["ansible_facts"]["java_role"]) - ansible_vars.update(host.ansible("include_vars", common_vars)["ansible_facts"]["common_vars"]) - ansible_vars.update(host.ansible("include_vars", common_defaults)["ansible_facts"]["common_defaults"]) - ansible_vars.update(host.ansible("include_vars", syncservices)["ansible_facts"]["syncservices"]) - return ansible_vars - -def test_sync_log_exists(host, get_ansible_vars): - """Check that Sync Service log exists""" - with host.sudo(): - assert_that(host.file("{}/sync-service.log".format(get_ansible_vars["logs_folder"])).exists, get_ansible_vars["logs_folder"]) - -def test_sync_service(host): - """Check that Sync Service is enabled and running""" - assert_that(host.service("alfresco-sync").is_running) - assert_that(host.service("alfresco-sync").is_enabled) - -def test_sync_health(host): - """Check Sync Service health""" - cmd = host.run("curl -iL http://{}:9090/alfresco/healthcheck".format(test_host)) - assert_that(cmd.stdout, contains_string("ActiveMQ connection Ok")) - assert_that(cmd.stdout, contains_string("Database connection Ok")) - assert_that(cmd.stdout, contains_string("Repository connection Ok")) - assert_that(cmd.stdout, contains_string("HTTP/1.1 200")) - -def test_environment_jvm_opts(host): - "Check that overwritten JVM_OPTS are taken into consideration" - java_processes = host.process.filter(user="alfresco", comm="java") - assert_that(java_processes, has_length(3)) - for java_process in java_processes: - if 'SyncService server' in java_process.args: - assert_that(java_process.args, contains_string('-Xmx900m')) - assert_that(java_process.args, contains_string('-Xms512m')) diff --git a/roles/sync/molecule/default/verify.yml b/roles/sync/molecule/default/verify.yml new file mode 100644 index 000000000..361f377fe --- /dev/null +++ b/roles/sync/molecule/default/verify.yml @@ -0,0 +1,62 @@ +--- +- name: Verify + hosts: all + handlers: + - name: Fail if changed + ansible.builtin.fail: + msg: "Service state not as expected" + tasks: + - name: Assert service is running + ansible.builtin.systemd: + name: "alfresco-sync" + state: started + notify: Fail if changed + + - name: Assert service is enabled + ansible.builtin.systemd: + name: "alfresco-sync" + enabled: yes + notify: Fail if changed + + - name: Assert log file doesn't contain errors + become: true + ansible.builtin.command: + cmd: | + grep -i 'error' /var/log/alfresco/sync-service.log + changed_when: false + register: log_errors + failed_when: log_errors.stdout_lines | length > 0 + + - name: Assert service is stable on port 9090 + ansible.builtin.uri: + url: "http://localhost:9090/alfresco/healthcheck" + status_code: 200 + loop: "{{ range(0, 10) }}" + loop_control: + pause: 1 + + - name: Check application-specific healthchecks + ansible.builtin.uri: + url: "http://localhost:9090/alfresco/healthcheck" + method: GET + return_content: yes + status_code: 200 + register: health_check + failed_when: >- + 'ActiveMQ connection Ok' not in health_check.content or + 'Database connection Ok' not in health_check.content or + 'Repository connection Ok' not in health_check.content + + - name: Get Java processes for Sync Service # noqa risky-shell-pipe + ansible.builtin.shell: | + ps aux | grep '[S]yncService server' | grep 'java' + register: java_processes + changed_when: false + + - name: Verify JVM options for Sync Service + ansible.builtin.assert: + that: + - "'-Xmx900m' in java_processes.stdout" + - "'-Xms512m' in java_processes.stdout" + fail_msg: "Expected JVM options not found in Sync Service process" + success_msg: "Sync Service is running with correct JVM options" diff --git a/roles/transformers/defaults/main.yml b/roles/transformers/defaults/main.yml index eebda5911..9afff9011 100644 --- a/roles/transformers/defaults/main.yml +++ b/roles/transformers/defaults/main.yml @@ -5,6 +5,11 @@ transformers_tengine_environment: JAVA_OPTS: - -Xms512m - -Xmx1536m + +transformers_truststore_path: "{{ java_home + '/lib/security/cacerts' }}" +transformers_truststore_pass: "changeit" +transformers_truststore_type: "JCEKS" + transformers_ats_keystore: {} transformers_include_ghostscript: false @@ -32,6 +37,6 @@ transformers_imagemagick_repository: https://artifacts.alfresco.com/nexus/conten transformers_aio_artifact_name: alfresco-transform-core-aio transformers_aio_repository: https://artifacts.alfresco.com/nexus/content/groups/public/org/alfresco -transformers_aio_version: 5.1.6 +transformers_aio_version: 5.1.7 transformers_aio_archive_url: "{{ transformers_aio_repository }}/{{ transformers_aio_artifact_name }}/{{ transformers_aio_version }}/{{ transformers_aio_artifact_name }}-{{ transformers_aio_version }}.jar" transformers_aio_archive_checksum: "sha1:{{ transformers_aio_archive_url }}.sha1" diff --git a/roles/transformers/templates/mtls.properties.j2 b/roles/transformers/templates/mtls.properties.j2 index e2cba8d63..5f3f2219d 100644 --- a/roles/transformers/templates/mtls.properties.j2 +++ b/roles/transformers/templates/mtls.properties.j2 @@ -3,15 +3,15 @@ server.ssl.key-password={{ transformers_ats_keystore.pass | default('') }} server.ssl.key-store=file:{{ transformers_ats_keystore.path | quote }} server.ssl.key-store-password={{ transformers_ats_keystore.pass | default('') }} server.ssl.key-store-type={{ transformers_ats_keystore.type | default('JCEKS') }} -server.ssl.trust-store=file:{{ tengines_truststore | default(java_home + '/lib/security/cacerts') }} -server.ssl.trust-store-password={{ tengines_truststore_pass | default('changeit') }} -server.ssl.trust-store-type=JCEKS +server.ssl.trust-store=file:{{ transformers_truststore_path }} +server.ssl.trust-store-password={{ transformers_truststore_pass }} +server.ssl.trust-store-type={{ transformers_truststore_type }} server.ssl.client-auth=need client.ssl.key-store=file:{{ transformers_ats_keystore.path | quote }} client.ssl.key-store-password={{ transformers_ats_keystore.pass | default('') }} client.ssl.key-store-type={{ transformers_ats_keystore.type | default('JCEKS') }} -client.ssl.trust-store=file:{{ tengines_truststore | default(java_home + '/lib/security/cacerts') }} -client.ssl.trust-store-password={{ tengines_truststore_pass | default('changeit') }} -client.ssl.trust-store-type=JCEKS +client.ssl.trust-store=file:{{ transformers_truststore_path }} +client.ssl.trust-store-password={{ transformers_truststore_pass }} +client.ssl.trust-store-type={{ transformers_truststore_type }} client.ssl.hostname-verification-disabled=true diff --git a/roles/trouter/defaults/main.yml b/roles/trouter/defaults/main.yml index 33820fa85..82645248f 100644 --- a/roles/trouter/defaults/main.yml +++ b/roles/trouter/defaults/main.yml @@ -8,11 +8,12 @@ trouter_utils: [] trouter_ats_keystore: {} trouter_ats_truststore: "{{ java_home }}/lib/security/cacerts" trouter_ats_truststore_pass: changeit +trouter_ats_truststore_type: "JCEKS" trouter_artifact_name: alfresco-transform-router trouter_repository: https://artifacts.alfresco.com/nexus/content/groups/private/org/alfresco -trouter_version: 4.1.6 +trouter_version: 4.1.7 trouter_archive_url: "{{ trouter_repository }}/{{ trouter_artifact_name }}/{{ trouter_version }}/{{ trouter_artifact_name }}-{{ trouter_version }}.jar" trouter_archive_checksum: "sha1:{{ trouter_archive_url }}.sha1" diff --git a/roles/trouter/templates/mtls.properties.j2 b/roles/trouter/templates/mtls.properties.j2 index d94a51374..d350d20c7 100644 --- a/roles/trouter/templates/mtls.properties.j2 +++ b/roles/trouter/templates/mtls.properties.j2 @@ -5,7 +5,7 @@ server.ssl.key-store-password={{ trouter_ats_keystore.pass | default('') }} server.ssl.key-store-type={{ trouter_ats_keystore.type | default('JCEKS') }} server.ssl.trust-store=file:{{ trouter_ats_truststore }} server.ssl.trust-store-password={{ trouter_ats_truststore_pass | default('changeit') }} -server.ssl.trust-store-type=JCEKS +server.ssl.trust-store-type={{ trouter_ats_truststore_type }} server.ssl.client-auth=need client.ssl.key-store=file:{{ trouter_ats_keystore.path | quote }} @@ -13,5 +13,5 @@ client.ssl.key-store-password={{ trouter_ats_keystore.pass | default('') }} client.ssl.key-store-type={{ trouter_ats_keystore.type | default('JCEKS') }} client.ssl.trust-store=file:{{ trouter_ats_truststore }} client.ssl.trust-store-password={{ trouter_ats_truststore_pass | default('changeit') }} -client.ssl.trust-store-type=JCEKS +client.ssl.trust-store-type={{ trouter_ats_truststore_type }} client.ssl.hostname-verification-disabled=true diff --git a/tests/test-config-23.json b/tests/test-config-23.json new file mode 100644 index 000000000..7876ee13d --- /dev/null +++ b/tests/test-config-23.json @@ -0,0 +1,38 @@ +{ + "config": { + "host": "TEST_URL", + "username": "admin", + "password": "admin", + "search_retry_interval_seconds": "30" + }, + "assertions": { + "acs": { + "edition": "Enterprise", + "version": "23.4.1", + "identity": false, + "modules": [ + { + "id": "org.alfresco.integrations.google.docs", + "version": "4.1.0", + "installed": true + }, + { + "id": "alfresco-aos-module", + "version": "3.2.0", + "installed": true + }, + { + "id": "org_alfresco_device_sync_repo", + "version": "5.1.0", + "installed": true + } + ] + }, + "acc": { + "version": "9.3.0" + }, + "adw": { + "version": "5.3.0" + } + } + } diff --git a/tests/test-config-7.4.json b/tests/test-config-7.4.json index 0ae5957c3..d4c980a1c 100644 --- a/tests/test-config-7.4.json +++ b/tests/test-config-7.4.json @@ -18,7 +18,7 @@ }, { "id": "alfresco-aos-module", - "version": "1.6.3", + "version": "1.6.2", "installed": true }, { diff --git a/tests/test-config-aas.json b/tests/test-config-aas.json index 82cc6de57..019656988 100644 --- a/tests/test-config-aas.json +++ b/tests/test-config-aas.json @@ -8,7 +8,7 @@ "assertions": { "acs": { "edition": "Enterprise", - "version": "23.4.1", + "version": "25.1.0", "identity": false, "modules": [ { @@ -23,7 +23,7 @@ }, { "id": "org_alfresco_device_sync_repo", - "version": "5.1.0", + "version": "5.2.0", "installed": true } ] diff --git a/tests/test-config-community.json b/tests/test-config-community.json index 151eb5993..aee1606a0 100644 --- a/tests/test-config-community.json +++ b/tests/test-config-community.json @@ -8,7 +8,7 @@ "assertions": { "acs": { "edition": "Community", - "version": "23.4.1", + "version": "25.1.0", "identity": false, "modules": [ { diff --git a/tests/test-config-latest-nosync.json b/tests/test-config-latest-nosync.json index 5a794367a..c7b56aa7e 100644 --- a/tests/test-config-latest-nosync.json +++ b/tests/test-config-latest-nosync.json @@ -8,7 +8,7 @@ "assertions": { "acs": { "edition": "Enterprise", - "version": "23.4.1", + "version": "25.1.0", "identity": false, "modules": [ { diff --git a/tests/test-config.json b/tests/test-config.json index 7876ee13d..d615e60ef 100644 --- a/tests/test-config.json +++ b/tests/test-config.json @@ -8,7 +8,7 @@ "assertions": { "acs": { "edition": "Enterprise", - "version": "23.4.1", + "version": "25.1.0", "identity": false, "modules": [ { @@ -23,16 +23,16 @@ }, { "id": "org_alfresco_device_sync_repo", - "version": "5.1.0", + "version": "5.2.0", "installed": true } ] }, "acc": { - "version": "9.3.0" + "version": "9.4.0" }, "adw": { - "version": "5.3.0" + "version": "6.0.0" } } } diff --git a/vars/acs23.yml b/vars/acs23.yml index 91739f21c..d7cd91ac5 100644 --- a/vars/acs23.yml +++ b/vars/acs23.yml @@ -16,23 +16,22 @@ supported_os: Ubuntu: versions: - 22.04 - - 24.04 # Testing for the upcoming 25.x acs version ats_mtls_capable: true acs_play_activemq_version: 5.18.6 -acs_play_audit_storage_version: 1.0.0 +acs_play_audit_storage_version: 1.1.0 acs_play_acc_version: 9.3.0 acs_play_adw_version: 5.3.0 -acs_play_search_version: 2.0.14 -acs_play_java_version: "{{ default_java_version }}" +acs_play_search_version: 2.0.15 +acs_play_java_version: 17.0.14+7 acs_play_search_enterprise_version: 4.2.0 -acs_play_sfs_version: 4.1.6 +acs_play_sfs_version: 4.1.7 acs_play_sync_version: 5.1.0 acs_play_tomcat_version: 10.1.34 -acs_play_trouter_version: 4.1.6 +acs_play_trouter_version: 4.1.7 acs_play_transformers_libreoffice_version: 7.2.5.1 acs_play_transformers_pdf_version: 1.1 acs_play_transformers_imagemagick_version: 7.1.0-16-ci-11 -acs_play_transformers_aio_version: 5.1.6 +acs_play_transformers_aio_version: 5.1.7 acs_play_jdbc_pg_driver_version: "{{ default_jdbc_pg_driver_version }}" acs_play_postgres_major_version: 15 acs_play_repository_acs_version: 23.4.1 @@ -41,6 +40,3 @@ acs_play_repository_amp_googledrive_repo_version: 4.1.0 acs_play_repository_amp_googledrive_share_version: 4.1.0 acs_play_repository_amp_device_sync_version: 5.1.0 acs_play_repository_amp_aos_module_version: 3.2.0 - -acs_play_community_repository_amp_googledrive_repo_version: 4.1.0 -acs_play_community_repository_acs_version: 23.4.1 diff --git a/vars/acs25.yml b/vars/acs25.yml new file mode 100644 index 000000000..25c407016 --- /dev/null +++ b/vars/acs25.yml @@ -0,0 +1,46 @@ +supported_os: + RedHat: + versions: + - 9.5 + - 9.4 + - 9.3 + - 8.10 + - 8.9 + Rocky: + versions: + - 9.5 + - 9.4 + - 9.3 + - 8.10 + - 8.9 + Ubuntu: + versions: + - 22.04 + - 24.04 +ats_mtls_capable: true +acs_play_activemq_version: 5.18.6 +acs_play_audit_storage_version: 1.1.0 +acs_play_acc_version: 9.4.0 +acs_play_adw_version: 6.0.0 +acs_play_search_version: 2.0.15 +acs_play_java_version: 17.0.14+7 +acs_play_search_enterprise_version: 5.0.0 +acs_play_sfs_version: 4.1.7 +acs_play_sync_version: 5.2.0 +acs_play_tomcat_version: 10.1.34 +acs_play_trouter_version: 4.1.7 +acs_play_transformers_libreoffice_version: 7.2.5.1 +acs_play_transformers_pdf_version: 1.1 +acs_play_transformers_imagemagick_version: 7.1.0-16-ci-11 +acs_play_transformers_aio_version: 5.1.7 +acs_play_jdbc_pg_driver_version: "{{ default_jdbc_pg_driver_version }}" +acs_play_postgres_major_version: 16 +acs_play_repository_acs_version: 25.1.0 +acs_play_repository_api_explorer_version: 25.1.0 +acs_play_repository_amp_googledrive_repo_version: 4.1.0 +acs_play_repository_amp_googledrive_share_version: 4.1.0 +acs_play_repository_amp_device_sync_version: 5.2.0 +acs_play_repository_amp_aos_module_version: 3.2.0 + +acs_play_community_repository_amp_googledrive_repo_version: 4.1.0 +acs_play_community_repository_acs_version: 25.1.0 diff --git a/vars/acs73.yml b/vars/acs73.yml index 03aa49180..7910d57f5 100644 --- a/vars/acs73.yml +++ b/vars/acs73.yml @@ -11,17 +11,17 @@ supported_os: ats_mtls_capable: false acs_play_activemq_version: 5.17.6 acs_play_adw_version: 4.4.1 -acs_play_search_version: 2.0.14 -acs_play_java_version: "{{ default_java_version }}" +acs_play_search_version: 2.0.15 +acs_play_java_version: 17.0.14+7 acs_play_search_enterprise_version: 3.2.1 -acs_play_sfs_version: 4.1.6 +acs_play_sfs_version: 4.1.7 acs_play_sync_version: 3.11.3 acs_play_tomcat_version: 9.0.98 -acs_play_trouter_version: 4.1.6 +acs_play_trouter_version: 4.1.7 acs_play_transformers_libreoffice_version: 7.2.5.1 acs_play_transformers_pdf_version: 1.1 acs_play_transformers_imagemagick_version: 7.1.0-16-ci-11 -acs_play_transformers_aio_version: 5.1.6 +acs_play_transformers_aio_version: 5.1.7 acs_play_jdbc_pg_driver_version: "{{ default_jdbc_pg_driver_version }}" acs_play_postgres_major_version: 14 acs_play_repository_acs_version: 7.3.2.3 diff --git a/vars/acs74.yml b/vars/acs74.yml index c68543498..711d19560 100644 --- a/vars/acs74.yml +++ b/vars/acs74.yml @@ -20,17 +20,17 @@ ats_mtls_capable: true acs_play_activemq_version: 5.17.6 acs_play_acc_version: 8.0.0 acs_play_adw_version: 5.0.0 -acs_play_search_version: 2.0.14 -acs_play_java_version: "{{ default_java_version }}" +acs_play_search_version: 2.0.15 +acs_play_java_version: 17.0.14+7 acs_play_search_enterprise_version: 3.3.3 -acs_play_sfs_version: 4.1.6 +acs_play_sfs_version: 4.1.7 acs_play_sync_version: 3.11.3 acs_play_tomcat_version: 9.0.98 -acs_play_trouter_version: 4.1.6 +acs_play_trouter_version: 4.1.7 acs_play_transformers_libreoffice_version: 7.2.5.1 acs_play_transformers_pdf_version: 1.1 acs_play_transformers_imagemagick_version: 7.1.0-16-ci-11 -acs_play_transformers_aio_version: 5.1.6 +acs_play_transformers_aio_version: 5.1.7 acs_play_jdbc_pg_driver_version: "{{ default_jdbc_pg_driver_version }}" acs_play_postgres_major_version: 14 acs_play_repository_acs_version: 7.4.2.4 @@ -38,4 +38,4 @@ acs_play_repository_api_explorer_version: 7.4.0 acs_play_repository_amp_googledrive_repo_version: 3.4.2 acs_play_repository_amp_googledrive_share_version: 3.4.2 acs_play_repository_amp_device_sync_version: 3.11.3 -acs_play_repository_amp_aos_module_version: 1.6.3 +acs_play_repository_amp_aos_module_version: 1.6.2