OPSEXP-3057 Refactor repository role to use default vars

.secrets.baseline

@@ -144,7 +144,7 @@
         "filename": "playbooks/acs.yml",
         "hashed_secret": "0ca8f28152882e5edb182fc3f7d4ae10a5b10dc5",
         "is_verified": false,
-        "line_number": 578
+        "line_number": 595
       }
     ],
     "roles/activemq/molecule/default/tests/test_activemq.py": [
@@ -167,16 +167,6 @@
         "is_secret": false
       }
     ],
-    "roles/repository/tasks/main.yml": [
-      {
-        "type": "Secret Keyword",
-        "filename": "roles/repository/tasks/main.yml",
-        "hashed_secret": "0eeb6b7bb932e8594b4ffe039dc15332f670cbd9",
-        "is_verified": false,
-        "line_number": 121,
-        "is_secret": false
-      }
-    ],
     "roles/sync/tasks/configure.yml": [
       {
         "type": "Secret Keyword",
@@ -198,5 +188,5 @@
       }
     ]
   },
-  "generated_at": "2025-02-26T20:42:34Z"
+  "generated_at": "2025-03-04T18:08:34Z"
 }

7.3.N-extra-vars.yml

@@ -1,8 +1,3 @@
 acs_play_major_version: 73
-acs:
-  artifact_name: alfresco-content-services-distribution
-  edition: Enterprise
-  repository: "{{ nexus_repository.enterprise_releases }}"
-  version: 7.3.2.3
 dependencies_version:
   postgres_major_version: 14

7.4.N-extra-vars.yml

@@ -1,8 +1,3 @@
 acs_play_major_version: 74
-acs:
-  artifact_name: alfresco-content-services-distribution
-  edition: Enterprise
-  repository: "{{ nexus_repository.enterprise_releases }}"
-  version: 7.4.2.4
 dependencies_version:
   postgres_major_version: 14

community-extra-vars.yml

@@ -1,9 +1,10 @@
 acs_play_major_version: 23
-acs:
-  artifact_name: alfresco-content-services-community-distribution
-  repository: "{{ nexus_repository.releases }}"
-  version: 23.4.1
-  edition: Community
+
+# Section for community vars
+acs_play_repository_acs_version: 23.4.1
+acs_play_repository_acs_edition: Community
+acs_play_repository_acs_artifact_name: alfresco-content-services-community-distribution
+acs_play_repository_acs_repository: "{{ nexus_repository.releases }}"
 
 acs_play_repository_amp_googledrive_repo_version: 4.1.0
 acs_play_repository_amp_googledrive_repo_artifact_name: alfresco-googledrive-repo-community

docs/components-upgrade.md

@@ -73,7 +73,7 @@ ansible-playbook playbooks/acs.yml -i inventory_ssh.yml -e "@7.0.N-extra-vars.ym
 > Note: Use whatever inventory and config file that matches your use case
 > If you're applying a hotfix to the latest major release (7.1 as of writing) you don't need to specify an extra config file with "-e @file"
 
-After the playbook ran successfully your environment delivers the upgraded version of repo but the previous installation is still on the target machine. It is the admin responsibility to make sure the new system works as expected and no rollback is needed. If all is OK, the old installation previous installation can be cleaned by removing the folder: `{{ binaries_folder }}/content-services-{{ acs.version }}` (by default points to: `/opt/alfresco/content-services-7.0.1`).
+After the playbook ran successfully your environment delivers the upgraded version of repo but the previous installation is still on the target machine. It is the admin responsibility to make sure the new system works as expected and no rollback is needed. If all is OK, the old installation previous installation can be cleaned by removing the folder: `{{ binaries_folder }}/content-services-{{ acs_play_repository_acs_version }}` (by default points to: `/opt/alfresco/content-services-7.0.1`).
 
 #### Rolling back a hotfix "in-place" upgrade
 

docs/deployment-guide.md

@@ -1246,7 +1246,7 @@ pipenv run ansible-playbook playbooks/platform-uninstall.yml -i inventory_ssh.ym
 If you see an error similar to the one below (in particular the mention of `HTTP Error 401: Unauthorized` or `HTTP Error 401: basic auth failed`) you've most likely forgotten to setup your Nexus credentials or mis-configured them.
 
 ```bash
-fatal: [transformers_1]: FAILED! => {"msg": "An unhandled exception occurred while templating '{u'acs_zip_sha1_checksum': u\"{{ lookup('url', '{{ nexus_repository.enterprise_releases }}org/alfresco/alfresco-content-services-distribution/{{ acs.version }}/alfresco-content-services-distribution-{{ acs.version }}.zip.sha1', username=lookup('env', 'NEXUS_USERNAME'), password=lookup('env', 'NEXUS_PASSWORD')) }}\", u'adw_zip_sha1_checksum': u\"{{ lookup('url', '{{ nexus_repository.enterprise_releases }}/org/alfresco/alfresco-digital-workspace/{{ adw.version }}/alfresco-digital-workspace-{{ adw.version }}.zip.sha1', username=lookup('env', 'NEXUS_USERNAME'), password=lookup('env', 'NEXUS_PASSWORD')) }}\", u'acs_zip_url': u'{{ nexus_repository.enterprise_releases }}org/alfresco/alfresco-content-services-distribution/{{ acs.version }}/alfresco-content-services-distribution-{{ acs.version }}.zip'
+fatal: [transformers_1]: FAILED! => {"msg": "An unhandled exception occurred while templating '{u'acs_zip_sha1_checksum': u\"{{ lookup('url', '{{ nexus_repository.enterprise_releases }}org/alfresco/alfresco-content-services-distribution/{{ acs_play_repository_acs_version }}/alfresco-content-services-distribution-{{ acs_play_repository_acs_version }}.zip.sha1', username=lookup('env', 'NEXUS_USERNAME'), password=lookup('env', 'NEXUS_PASSWORD')) }}\", u'adw_zip_sha1_checksum': u\"{{ lookup('url', '{{ nexus_repository.enterprise_releases }}/org/alfresco/alfresco-digital-workspace/{{ adw.version }}/alfresco-digital-workspace-{{ adw.version }}.zip.sha1', username=lookup('env', 'NEXUS_USERNAME'), password=lookup('env', 'NEXUS_PASSWORD')) }}\", u'acs_zip_url': u'{{ nexus_repository.enterprise_releases }}org/alfresco/alfresco-content-services-distribution/{{ acs_play_repository_acs_version }}/alfresco-content-services-distribution-{{ acs_play_repository_acs_version }}.zip'
 ...
 ...
 Error was a <class 'ansible.errors.AnsibleError'>, original message: An unhandled exception occurred while running the lookup plugin 'url'. Error was a <class 'ansible.errors.AnsibleError'>, original message: Received HTTP error for https://artifacts.alfresco.com/nexus/service/local/repositories/enterprise-releases/content/org/alfresco/alfresco-content-services-distribution/7.0.0/alfresco-content-services-distribution-7.0.0.zip.sha1 : HTTP Error 401: Unauthorized"}

group_vars/all.yml

@@ -22,16 +22,6 @@ nexus_repository:
   development_releases: >-
     {{ artifacts_repositories.enterprise.base_url }}/{{ artifacts_repositories.development.repository }}/{{ artifacts_repositories.enterprise.group_id }}
 acs_play_major_version: 23
-acs:
-  artifact_name: alfresco-content-services-distribution
-  edition: Enterprise
-  repository: "{{ nexus_repository.enterprise_releases }}"
-  version: 23.4.1
-downloads:
-  acs_zip_url: >-
-    {{ acs.repository }}/{{ acs.artifact_name }}/{{ acs.version }}/{{ acs.artifact_name }}-{{ acs.version }}.zip
-  acs_zip_sha1_checksum_url: >-
-    {{ acs.repository }}/{{ acs.artifact_name }}/{{ acs.version }}/{{ acs.artifact_name }}-{{ acs.version }}.zip.sha1
 # A default keystore is stored in /var/opt/alfresco/content-services/keystore,
 # to replace this with a custom keystore place the keystore file in the "configuration_files/keystores" folder
 # and change this flag to true. See the deployment guide for more details.

molecule/default/verify.yml

@@ -1,4 +1,12 @@
 ---
+- name: Set edition
+  hosts: all:localhost
+  gather_facts: false
+  tasks:
+    - name: Set edition
+      ansible.builtin.set_fact:
+        acs_play_repository_acs_edition: "{{ acs_play_repository_acs_edition | default('Enterprise') }}"
+
 - name: Verify
   hosts: localhost
   gather_facts: false
@@ -55,7 +63,7 @@
       ansible.builtin.slurp:
         src: "{{ nginx_html_path_redhat if ansible_os_family == 'RedHat' else nginx_html_path_ubuntu }}"
       register: slurp_app_config_json
-      when: acs.edition == "Enterprise"
+      when: acs_play_repository_acs_edition == "Enterprise"
 
     - name: Assert that app.config.json contains expected values
       vars:
@@ -66,4 +74,4 @@
           - app_config_json.plugins.processService == false
           - app_config_json.plugins.microsoftOnline == false
         fail_msg: "not expected {{ app_config_json }}"
-      when: acs.edition == "Enterprise"
+      when: acs_play_repository_acs_edition == "Enterprise"

molecule/pki/verify.yml

@@ -45,7 +45,6 @@
       ansible.builtin.service_facts:
 
     - name: Check in logs a client did connect
-      when: item.edition == acs.edition
       ansible.builtin.slurp:
         src: /var/log/alfresco/{{ item.file }}.log
       register: ats_log
@@ -55,9 +54,6 @@
       retries: 10
       delay: 3
       loop:
-        - file: ats-ate-aio
-          pattern: GET Transform Config version
-          edition: Community
         - file: ats-atr
           pattern: GET Transform Config version
           edition: Enterprise
@@ -93,4 +89,3 @@
         that:
           - ansible_facts.services['alfresco-shared-fs.service'].state == "running"
           - ansible_facts.services['alfresco-transform-router.service'].state == "running"
-      when: acs.edition == 'Enterprise'

playbooks/acs.yml

@@ -29,6 +29,14 @@
 - name: Handle secrets
   ansible.builtin.import_playbook: secrets.yml
 
+- name: Check acs edition
+  hosts: all
+  gather_facts: false
+  tasks:
+    - name: Set acs edition
+      ansible.builtin.set_fact:
+        acs_is_enterprise: "{{ acs_play_repository_acs_edition == 'Enterprise' }}"
+
 - name: Generate hosts certificates
   vars:
     p12_passphrase: "{{ hostvars.localhost.certs_p12_passphrase }}"
@@ -120,8 +128,8 @@
   gather_facts: false
   roles:
     - role: "../roles/elasticsearch"
-      elasticsearch_major_version: "{{ '8.x' if acs.version is version('25.0', 'ge') else '7.x' }}"
-      when: acs.edition == "Enterprise" and not groups.external_elasticsearch | default([])
+      elasticsearch_major_version: "{{ '8.x' if acs_play_repository_acs_version is version('25.0', 'ge') else '7.x' }}"
+      when: acs_is_enterprise and not groups.external_elasticsearch | default([])
   tags:
     - elasticsearch
 
@@ -187,6 +195,7 @@
       vars:
         transformers_ats_keystore: "{{ transformers_keystore | default({}) }}"
         java_version: "{{ acs_play_java_version }}"
+        transformers_repository_acs_edition: "{{ acs_play_repository_acs_edition }}"
         transformers_libreoffice_version: "{{ acs_play_transformers_libreoffice_version }}"
         transformers_libreoffice_archive_url: "{{ acs_play_transformers_libreoffice_archive_url }}"
         transformers_libreoffice_archive_checksum_url: "{{ acs_play_transformers_libreoffice_archive_checksum_url }}"
@@ -298,7 +307,7 @@
           dest: "{{ content_folder }}/amps_repo/{{ acs_play_repository_amp_device_sync_artifact_name }}.amp"
           url_username: "{{ nexus_user }}"
           url_password: "{{ nexus_password }}"
-          enabled: "{{ acs.edition == 'Enterprise' and (groups.syncservice | default([]) | length > 0) }}"
+          enabled: "{{ acs_is_enterprise and (groups.syncservice | default([]) | length > 0) }}"
         - url: "{{ acs_play_repository_amp_aos_module_archive_url }}"
           checksum: "sha1:{{ acs_play_repository_amp_aos_module_archive_url }}.sha1"
           dest: "{{ content_folder }}/amps_repo/{{ acs_play_repository_amp_aos_module_artifact_name }}.amp"
@@ -317,6 +326,10 @@
         tomcat_version: "{{ acs_play_tomcat_version }}"
         repository_nexus_username: "{{ nexus_user }}"
         repository_nexus_password: "{{ nexus_password }}"
+        repository_acs_edition: "{{ acs_play_repository_acs_edition }}"
+        repository_acs_artifact_name: "{{ acs_play_repository_acs_artifact_name }}"
+        repository_acs_archive_url: "{{ acs_play_repository_acs_archive_url }}"
+        repository_acs_archive_checksum_url: "{{ acs_play_repository_acs_archive_checksum_url }}"
         repository_jdbc_driver_version: "{{ acs_play_repository_jdbc_driver_version }}"
         repository_jdbc_driver_url: "{{ acs_play_repository_jdbc_driver_url }}"
         repository_jdbc_driver_checksum: "{{ acs_play_repository_jdbc_driver_checksum }}"
@@ -359,13 +372,17 @@
               'version': acs_play_repository_amp_device_sync_version
             }
           }) }}
-      when: acs.edition == "Enterprise"
+      when: acs_is_enterprise
 
     - name: Update installation status file with ACS
       become: true
       vars:
         acs_components:
-          acs: "{{ acs }}"
+          acs:
+            artifact_name: "{{ acs_play_repository_acs_artifact_name }}"
+            repository: "{{ acs_play_repository_acs_repository }}"
+            version: "{{ acs_play_repository_acs_version }}"
+            edition: "{{ acs_play_repository_acs_edition }}"
           amps: "{{ amps }}"
           api_explorer:
             artifact_name: "{{ acs_play_repository_api_explorer_artifact_name }}"
@@ -410,10 +427,10 @@
         trouter_zip_checksum_url: "{{ acs_play_trouter_download_zip_sha1_checksum_url }}"
         trouter_zip_username: "{{ nexus_user }}"
         trouter_zip_password: "{{ nexus_password }}"
-      when: acs.edition == "Enterprise"
+      when: acs_is_enterprise
   post_tasks:
     - name: Update installation status file with Trouter
-      when: acs.edition == "Enterprise"
+      when: acs_is_enterprise
       become: true
       vars:
         trouter_components:
@@ -460,10 +477,10 @@
         sfs_zip_username: "{{ nexus_user }}"
         sfs_zip_password: "{{ nexus_password }}"
         ats_keystore: "{{ sfs_keystore | default({}) }}"
-      when: acs.edition == "Enterprise"
+      when: acs_is_enterprise
   post_tasks:
     - name: Update installation status file with SFS
-      when: acs.edition == "Enterprise"
+      when: acs_is_enterprise
       become: true
       vars:
         sfs_components:
@@ -495,10 +512,10 @@
         search_enterprise_zip_checksum_url: "{{ acs_play_search_enterprise_download_zip_sha1_checksum_url }}"
         search_enterprise_zip_username: "{{ nexus_user }}"
         search_enterprise_zip_password: "{{ nexus_password }}"
-      when: acs.edition == "Enterprise"
+      when: acs_is_enterprise
   post_tasks:
     - name: Update installation status file with Enterprise Search
-      when: acs.edition == "Enterprise"
+      when: acs_is_enterprise
       become: true
       vars:
         search_enterprise_components:
@@ -536,7 +553,7 @@
   hosts: acc
   gather_facts: false
   vars:
-    acs_version_requirement: "{{ acs.version is version('7.4', 'ge') }}"
+    acs_version_requirement: "{{ acs_play_repository_acs_version is version('7.4', 'ge') }}"
   roles:
     - role: "../roles/adf_app"
       when: acs_version_requirement
@@ -584,7 +601,7 @@
       {%- endif %}
   roles:
     - role: "../roles/adf_app"
-      when: acs.edition == "Enterprise"
+      when: acs_is_enterprise
       adf_app_name: alfresco-digital-workspace
       adf_app_context: /workspace/
       adf_app_port: 8880
@@ -600,7 +617,7 @@
         }}
   post_tasks:
     - name: Update installation status file with ADW
-      when: acs.edition == "Enterprise"
+      when: acs_is_enterprise
       become: true
       vars:
         adw_components:
@@ -635,10 +652,10 @@
         sync_jdbc_driver_version: "{{ acs_play_sync_jdbc_driver_version }}"
         sync_jdbc_driver_url: "{{ acs_play_sync_jdbc_driver_url }}"
         sync_jdbc_driver_checksum: "{{ acs_play_sync_jdbc_driver_checksum }}"
-      when: acs.edition == "Enterprise"
+      when: acs_is_enterprise
   post_tasks:
     - name: Update installation status file with Sync
-      when: acs.edition == "Enterprise"
+      when: acs_is_enterprise
       become: true
       vars:
         sync_components:
@@ -660,15 +677,15 @@
   hosts: audit_storage
   gather_facts: false
   vars:
-    acs_version_requirement: "{{ acs.version is version('23.4', 'ge') }}"
+    acs_version_requirement: "{{ acs_play_repository_acs_version is version('23.4', 'ge') }}"
   pre_tasks:
     - name: Assert that the required version is met
       ansible.builtin.fail:
         msg: "Audit Storage requires ACS 23.4 or later"
       when: not acs_version_requirement
   tasks:
     - name: Audit Storage Role import
-      when: acs.edition == "Enterprise" and acs_version_requirement
+      when: acs_is_enterprise and acs_version_requirement
       ansible.builtin.import_role:
         name: "../roles/audit_storage"
       vars:
@@ -686,7 +703,7 @@
         audit_storage_opensearch_password: "{{ elasticsearch_password }}"
   post_tasks:
     - name: Update installation status file with Audit Storage
-      when: acs.edition == "Enterprise" and acs_version_requirement
+      when: acs_is_enterprise and acs_version_requirement
       become: true
       vars:
         audit_storage_components:

playbooks/group_vars/all.yml

@@ -1,5 +1,6 @@
 default_java_version: 17.0.14+7
 acs_play_java_core: "{{ default_java_version.split('+')[0] }}"
+acs_play_repository_acs_edition: Enterprise
 default_jdbc_pg_driver_version: 42.7.3
 default_jdbc_pg_driver_base_url: https://repo.maven.apache.org/maven2/org/postgresql/postgresql
 default_jdbc_pg_driver_url: >-

playbooks/group_vars/repository.yml

@@ -1,3 +1,8 @@
+acs_play_repository_acs_artifact_name: alfresco-content-services-distribution
+acs_play_repository_acs_repository: "{{ nexus_repository.enterprise_releases }}"
+acs_play_repository_acs_archive_url: "{{ acs_play_repository_acs_repository }}/{{ acs_play_repository_acs_artifact_name }}/{{ acs_play_repository_acs_version }}/{{ acs_play_repository_acs_artifact_name }}-{{ acs_play_repository_acs_version }}.zip"
+acs_play_repository_acs_archive_checksum_url: "sha1:{{ acs_play_repository_acs_archive_url }}.sha1"
+
 acs_play_repository_jdbc_driver_class: "{{ default_jdbc_pg_driver_class }}"
 acs_play_repository_jdbc_driver_version: "{{ acs_play_jdbc_pg_driver_version }}"
 acs_play_repository_jdbc_driver_url: >-

playbooks/prerun-checks.yml

@@ -42,7 +42,7 @@
           which is not a supported configuration for the community edition.
           Please remove the hosts from the search-enterprise group and ensure that
           the search group contains at least one host.
-      when: acs.edition == 'Community'
+      when: acs_play_repository_acs_edition == 'Community'
 
 - name: Repository pre-requisites
   hosts: repository

playbooks/prerun-network-checks.yml

@@ -54,15 +54,15 @@
         checked_host: "{{ sfs_host }}"
         checked_port: "{{ ports_cfg.sfs.http }}"
         delegate_target: "{{ groups.transformers | first }}"
-      when: acs.edition == "Enterprise" and groups.transformers | default([]) | length > 0
+      when: acs_play_repository_acs_edition == "Enterprise" and groups.transformers | default([]) | length > 0
 
     - name: Check trouter connection
       ansible.builtin.include_tasks: "tasks/check_port.yml"
       vars:
         checked_host: "{{ trouter_host }}"
         checked_port: "{{ ports_cfg.transformers.trouter }}"
         delegate_target: "{{ groups.transformers | first }}"
-      when: acs.edition == "Enterprise" and groups.transformers | default([]) | length > 0
+      when: acs_play_repository_acs_edition == "Enterprise" and groups.transformers | default([]) | length > 0
 
     - name: Check tengine connection
       ansible.builtin.include_tasks: "tasks/check_port.yml"

playbooks/prerun-upgrade-checks.yml

@@ -36,9 +36,9 @@
             - installed_components.acs is defined
             - installed_components.api_explorer is defined
             - |
-              acs.edition != installed_components.acs.edition or
-              acs.version.split('.')[:3] | join('.') != installed_components.acs.version.split('.')[:3] | join('.') or
-              acs.version is version(installed_components.acs.version, 'lt') or
+              acs_play_repository_acs_edition != installed_components.acs.edition or
+              acs_play_repository_acs_version.split('.')[:3] | join('.') != installed_components.acs.version.split('.')[:3] | join('.') or
+              acs_play_repository_acs_version is version(installed_components.acs.version, 'lt') or
               acs_play_repository_api_explorer_version != installed_components.api_explorer.version
 
         - name: Initialize evaluation of currently installed amps
@@ -68,7 +68,7 @@
                   'version': acs_play_repository_amp_device_sync_version
                 }
               }) }}
-          when: acs.edition == 'Enterprise'
+          when: acs_play_repository_acs_edition == 'Enterprise'
 
         - name: Fail on unsupported AMPS upgrades
           ansible.builtin.fail: