OPSEXP-3057 Add missing prefix for repository role vars

docs/SECRETS.md

@@ -53,11 +53,11 @@ default `admin` user.
 
 ## Secrets not yet handled
 
-The `acs_environment` ansible variable holds environment variables for the JVM
+The `repository_acs_environment` ansible variable holds environment variables for the JVM
 that must be handled as secrets:
 
 ```yml
-acs_environment:
+repository_acs_environment:
   JAVA_TOOL_OPTIONS:
     - -Dmetadata-keystore.password=<your-keystore-password>
     - -Dmetadata-keystore.metadata.password=<your-keystore-password>

docs/SECURITY.md

@@ -42,7 +42,7 @@ provide necessary headers in all circumstances. If so, you can override the
 default `csrf` configuration node.
 
 ```yaml
-csrf:
+repository_csrf:
   enabled: true
   force_headers:
     - referer
@@ -53,7 +53,7 @@ csrf:
 Similarly in order to disable CSRF completely use:
 
 ```yaml
-csrf:
+repository_csrf:
   enabled: false
 ```
 
@@ -67,10 +67,10 @@ mentioned in this variable will be automatically to the list of relaxed origins
 for CORS queries. By default they will be allowed tu use any following methods:
 DELETE, GET, HEAD, OPTIONS, POST, PUT. If you want to restrict methods or
 further tweak the CORS configuration, you can do so by overriding the whole
-`cors` variable as shown below:
+`repository_cors` variable as shown below:
 
 ```yaml
-cors:
+repository_cors:
   enabled: true
   urls: "{{ trusted_urls }}"
   allowed_methods:
@@ -98,7 +98,7 @@ cors:
 To completely disable CORS simply use:
 
 ```yaml
-cors:
+repository_cors:
   enabled: false
 ```
 

docs/deployment-guide.md

@@ -600,7 +600,7 @@ the `configuration_files/alfresco-global.properties` file.
 > `global_properties` as much as possible otherwise reference you own snippets
 > of properties file using either the new `repository` group var
 > `properties_snippets` or directly the `repository` role argument
-> `raw_properties`.
+> `repository_raw_properties`.
 
 `alfresco-global.properties` will be located in
 `/etc/opt/alfresco/content-services/classpath`.
@@ -753,7 +753,7 @@ There are three steps required to use a custom keystore:
 
 1. Place your generated keystore file in the `configuration_files/keystores` folder (these get copied to /var/opt/alfresco/content-services/keystore)
 2. Override the `use_custom_keystores` variable defined in your inventory as a `repository` group variable.
-3. Override the `acs_environment` variable and define your custom JAVA_TOOL_OPTIONS configuration
+3. Override the `repository_acs_environment` variable and define your custom JAVA_TOOL_OPTIONS configuration
 4. Add `repo_custom_keystore_password` and `repo_custom_keystore_metadata_password` in `vars/secrets.yml`
 
 An example snippet of inventory file is shown below:
@@ -762,7 +762,7 @@ An example snippet of inventory file is shown below:
 repository:
   vars:
     use_custom_keystores: true
-    acs_environment:
+    repository_acs_environment:
       JAVA_OPTS:
         - -Xms512m
         - -Xmx3g
@@ -822,7 +822,7 @@ Or:
 war_downloads:
   - url: "https://your.repo.com/path/to/your/artifacts/your-api-explorer.war"
     checksum: "sha1:https://your.repo.com/path/to/your/artifacts/your-api-explorer.war.sha1"
-    dest: "{{ content_folder }}/web-server/webapps/api-explorer.war"
+    dest: "{{ repository_content_folder }}/web-server/webapps/api-explorer.war"
 ```
 
 Or:
@@ -831,7 +831,7 @@ Or:
 amp_downloads:
   - url: "https://your.repo.com/path/to/your/artifacts/your-alfresco-aos-module.amp"
     sha1_checksum_url: "https://your.repo.com/path/to/your/artifacts/your-alfresco-aos-module.amp.sha1"
-    dest: "{{ content_folder }}/amps_repo/alfresco-aos-module.amp"
+    dest: "{{ repository_content_folder }}/amps_repo/alfresco-aos-module.amp"
 ```
 
 > Be careful not to override the value for `dest` key
@@ -1147,7 +1147,7 @@ For example in the inventory file:
         ecm1.infra.local:
         ecm2.infra.local:
         ingester.infra.local:
-          cluster_keepoff: true
+          repository_cluster_keepoff: true
 ...
 ```
 
@@ -1163,7 +1163,7 @@ cs_storage:
 ```
 
 In some circumstances, you may want to have a repo node that's dedicated to a scheduled task (such as ingesting massive amount of documents). Depending on the nature of the task and the requirements of your organisation, it may be preferable to not make this node part of the ACS cluster.
-In that case, you can add the `cluster_keepoff` variable to one of the `repository` group nodes'. It will provision the node with the repository and share services but make sure it not taking part in neither the share, nor the repository cluster realm.
+In that case, you can add the `repository_cluster_keepoff` variable to one of the `repository` group nodes'. It will provision the node with the repository and share services but make sure it not taking part in neither the share, nor the repository cluster realm.
 
 > A typical use case is to have a dedicated Solr tracking node. The playbook will then prefer to use that dedicated node - if it finds one - for solr tracking and only use the other as backup server (no load balancing)
 

group_vars/repository.yml

@@ -26,7 +26,7 @@ global_properties:
     port: "{{ acs_play_port }}"
     protocol: "{{ acs_play_proto }}"
     cluster:
-      enabled: "{{ (groups['repository'] | length > 1 and not (cluster_keepoff | bool)) | lower }}"
+      enabled: "{{ (groups['repository'] | length > 1 and not (repository_cluster_keepoff | bool)) | lower }}"
   share:
     host: "{{ fqdn_alfresco | default(known_urls[0] | urlsplit('hostname')) | default(nginx_host) }}"
     port: "{{ acs_play_port }}"

inventory_ha.yml

@@ -23,7 +23,7 @@ all:
         ecm1.infra.local:
         ecm2.infra.local:
         ingester.infra.local:
-          cluster_keepoff: true
+          repository_cluster_keepoff: true
 
     activemq:
       hosts:

molecule/multimachine/host_vars/repository_neutron.yml

@@ -1,2 +1,2 @@
 # variables for molecule tests - inventory_hostname: repository_neutron
-cluster_keepoff: false  # workaround while investigating transformation issues (tracked in OPSEXP-2330)
+repository_cluster_keepoff: false  # workaround while investigating transformation issues (tracked in OPSEXP-2330)

playbooks/acs.yml

@@ -289,23 +289,23 @@
         acs_play_repository_amp_downloads:
         - url: "{{ acs_play_repository_amp_googledrive_repo_archive_url }}"
           checksum: "sha1:{{ acs_play_repository_amp_googledrive_repo_archive_url }}.sha1"
-          dest: "{{ content_folder }}/amps_repo/{{ acs_play_repository_amp_googledrive_repo_artifact_name }}.amp"
+          dest: "{{ repository_content_folder }}/amps_repo/{{ acs_play_repository_amp_googledrive_repo_artifact_name }}.amp"
           url_username: "{{ nexus_user }}"
           url_password: "{{ nexus_password }}"
         - url: "{{ acs_play_repository_amp_googledrive_share_archive_url }}"
           checksum: "sha1:{{ acs_play_repository_amp_googledrive_share_archive_url }}.sha1"
-          dest: "{{ content_folder }}/amps_share/{{ acs_play_repository_amp_googledrive_share_artifact_name }}.amp"
+          dest: "{{ repository_content_folder }}/amps_share/{{ acs_play_repository_amp_googledrive_share_artifact_name }}.amp"
           url_username: "{{ nexus_user }}"
           url_password: "{{ nexus_password }}"
         - url: "{{ acs_play_repository_amp_device_sync_archive_url }}"
           checksum: "sha1:{{ acs_play_repository_amp_device_sync_archive_url }}.sha1"
-          dest: "{{ content_folder }}/amps_repo/{{ acs_play_repository_amp_device_sync_artifact_name }}.amp"
+          dest: "{{ repository_content_folder }}/amps_repo/{{ acs_play_repository_amp_device_sync_artifact_name }}.amp"
           url_username: "{{ nexus_user }}"
           url_password: "{{ nexus_password }}"
           enabled: "{{ acs_is_enterprise and (groups.syncservice | default([]) | length > 0) }}"
         - url: "{{ acs_play_repository_amp_aos_module_archive_url }}"
           checksum: "sha1:{{ acs_play_repository_amp_aos_module_archive_url }}.sha1"
-          dest: "{{ content_folder }}/amps_repo/{{ acs_play_repository_amp_aos_module_artifact_name }}.amp"
+          dest: "{{ repository_content_folder }}/amps_repo/{{ acs_play_repository_amp_aos_module_artifact_name }}.amp"
           url_username: "{{ nexus_user }}"
           url_password: "{{ nexus_password }}"
   tasks:
@@ -314,9 +314,9 @@
         name: "../roles/repository"
       vars:
         java_version: "{{ acs_play_java_version }}"
-        repo_keystore: "{{ repository_keystore | default({}) }}"
+        repository_default_keystore: "{{ repository_keystore | default({}) }}"
         repository_properties: "{{ global_properties }}"
-        raw_properties: "{{ properties_snippets }}"
+        repository_raw_properties: "{{ properties_snippets }}"
         repository_identity_url: "{{ identity_url | default('') }}"
         tomcat_version: "{{ acs_play_tomcat_version }}"
         repository_nexus_username: "{{ nexus_user }}"

playbooks/group_vars/repository.yml

@@ -18,7 +18,7 @@ acs_play_repository_api_explorer_archive_checksum_url: "sha1:{{ acs_play_reposit
 acs_play_repository_extra_war_downloads: []
   # - url: "https://your.repo.com/path/to/your/artifacts/your-war.war"
   #   checksum: "sha1:https://your.repo.com/path/to/your/artifacts/your-war.war.sha1"
-  #   dest: "{{ content_folder }}/web-server/webapps/your-war.war"
+  #   dest: "{{ repository_content_folder }}/web-server/webapps/your-war.war"
   #   url_username: your_username_to_repo
   #   url_password: your_password_to_repo
 
@@ -42,6 +42,6 @@ acs_play_repository_amp_aos_module_archive_url: "{{ acs_play_repository_amp_aos_
 acs_play_repository_extra_amp_downloads: []
   # - url: "https://your.repo.com/path/to/your/artifacts/your-amp.amp"
   #   checksum: "sha1:2aae6c35c94fcfb415dbe95f408b9ce91ee846ed"
-  #   dest: "{{ content_folder }}/<amps_repo|amps_share>/your-amp.amp"
+  #   dest: "{{ repository_content_folder }}/<amps_repo|amps_share>/your-amp.amp"
   #   url_username: your_username_to_repo
   #   url_password: your_password_to_repo

playbooks/prerun-checks.yml

@@ -57,4 +57,4 @@
           https://github.com/Alfresco/alfresco-ansible-deployment/blob/master/docs/SECURITY.md
       when:
         - known_urls | default([]) | length == 0
-        - cors.enabled | default(True)
+        - repository_cors.enabled | default(True)

roles/common/defaults/main.yml

@@ -23,7 +23,7 @@ repo_hosts: |
     {
       inventory_name: inventory_hostname ,
       local_addr: ansible_default_ipv4.address,
-      cluster_keepoff: cluster_keepoff
+      repository_cluster_keepoff: repository_cluster_keepoff
     }')
   }}
 repo_host: >-

roles/nginx/templates/alfresco.conf.j2

@@ -8,22 +8,22 @@ map $remote_addr $solr_trackers {
 upstream repo_lb {
         ip_hash;
 {% for repo in repo_hosts | unique %}
-{% if not repo.cluster_keepoff | default(false) %}
+{% if not repo.repository_cluster_keepoff | default(false) %}
         server {{ repo.local_addr | default(repo.inventory_name) }}:{{ ports_cfg.repository.http | default(8080) }} max_fails=3 fail_timeout=120s;
 {% endif %}
 {% endfor %}
     }
 
 upstream tracker_lb {
 {% for repo in repo_hosts | unique %}
-        server {{ repo.local_addr | default(repo.inventory_name) }}:{{ ports_cfg.repository.http | default(8080) }} max_fails=2 fail_timeout=8s {% if not repo.cluster_keepoff | default(false) and repo_hosts | selectattr('cluster_keepoff', 'true') %}backup{% endif %};
+        server {{ repo.local_addr | default(repo.inventory_name) }}:{{ ports_cfg.repository.http | default(8080) }} max_fails=2 fail_timeout=8s {% if not repo.repository_cluster_keepoff | default(false) and repo_hosts | selectattr('repository_cluster_keepoff', 'true') %}backup{% endif %};
 {% endfor %}
     }
 
 upstream share_lb {
         ip_hash;
 {% for repo in repo_hosts | unique %}
-{% if not repo.cluster_keepoff | default(false) %}
+{% if not repo.repository_cluster_keepoff | default(false) %}
         server {{ repo.local_addr | default(repo.inventory_name) }}:{{ ports_cfg.repository.http | default(8080) }} max_fails=3 fail_timeout=120s;
 {% endif %}
 {% endfor %}

roles/repository/defaults/main.yml

@@ -1,7 +1,7 @@
 ---
 # defaults file for roles/repository
 #
-acs_environment:
+repository_acs_environment:
   JAVA_OPTS:
     - -Xms512m
     - -Xmx3g
@@ -39,13 +39,13 @@ repository_api_explorer_nexus_password: "{{ repository_nexus_password }}"
 repository_extra_war_downloads: []
 
 # CSRF config
-csrf:
+repository_csrf:
   enabled: true
   force_headers: []
   urls: "{{ trusted_urls }}"
 
 # CORS config
-cors:
+repository_cors:
   enabled: true
   urls: "{{ trusted_urls }}"
   allowed_methods:
@@ -71,12 +71,12 @@ cors:
   support.credentials: true
   preflight_maxage: 10
 
-# default_repository_properties: properties to be added to the
+# repository_default_properties: properties to be added to the
 # alfresco-global.properties file, e.g: alfresco.authentication.allowGuestLogin
 # is disabled by default.
 # To add more properties or override existing defaults, use the date structure
 # named repository_properties data structure instead of this one.
-default_repository_properties:
+repository_default_properties:
   deployment:
     method: ANSIBLE
   authentication:
@@ -88,24 +88,22 @@ default_repository_properties:
     authentication:
       allowGuestLogin: "false"
   dir:
-    root: "{{ content_data_folder }}/content"
+    root: "{{ repository_content_data_folder }}/content"
     license:
-      external: "{{ settings_folder }}/licenses"
-raw_properties: []
+      external: "{{ repository_settings_folder }}/licenses"
+repository_raw_properties: []
 
-default_share_properties: {}
-
-utils_repo: []
-utils_storage:
+repository_utils_repo: []
+repository_utils_storage:
   tmpfs: []
-cluster_keepoff: false
+repository_cluster_keepoff: false
 
 # Tomcat resource cache size (mainly for Share)
-tomcat_resource_cache_size: 20480
+repository_tomcat_resource_cache_size: 20480
 
 # make sure to only ever copy contents not dir
-keystore_src: "{{ content_folder }}/keystore/metadata-keystore/"
-repo_keystore: {}
+repository_keystore_src: "{{ repository_content_folder }}/keystore/metadata-keystore/"
+repository_default_keystore: {}
 repository_monitored_startup_timeout_seconds: 300
 
 # Identity service arguments
@@ -125,7 +123,7 @@ repository_jdbc_driver_checksum: "sha1:{{ repository_jdbc_driver_url }}.sha1"
 repository_amp_downloads: []
   # - url: "https://your.repo.com/path/to/your/artifacts/your-amp.amp"
   #   checksum: "sha1:2aae6c35c94fcfb415dbe95f408b9ce91ee846ed"
-  #   dest: "{{ content_folder }}/<amps_repo|amps_share>/your-amp.amp"
+  #   dest: "{{ repository_content_folder }}/<amps_repo|amps_share>/your-amp.amp"
   #   url_username: your_username_to_repo
   #   url_password: your_password_to_repo
 

roles/repository/meta/argument_specs.yml

@@ -3,7 +3,7 @@ argument_specs:
   main:
     short_description: Main entrypoint for the repository role
     options:
-      raw_properties:
+      repository_raw_properties:
         type: list
         required: false
         default: []
@@ -18,7 +18,7 @@ argument_specs:
           A YAML data structure containing all the properties you want to set
           in the alfresco-global.properties file. YAML of each leaf node is
           expanded as a path separated by '.' (e.g. alfresco.cluster.enabled)
-      repo_keystore:
+      repository_default_keystore:
         type: dict
         required: false
         no_log: true

roles/repository/molecule/default/converge.yml

@@ -21,7 +21,7 @@
         name: repository
       vars:
         repository_properties: "{{ global_properties }}"
-        raw_properties:
+        repository_raw_properties:
           - ../../configuration_files/alfresco-global.properties
         repository_nexus_username: "{{ lookup('env', 'NEXUS_USERNAME') }}"
         repository_nexus_password: "{{ lookup('env', 'NEXUS_PASSWORD') }}"

roles/repository/molecule/default/host_vars/repository-instance.yml

@@ -9,7 +9,7 @@ cs_storage:
   device: none
   options: size=100m,mode=777
 use_custom_keystores: true
-acs_environment:
+repository_acs_environment:
   JAVA_OPTS:
     - -Xms350m
     - -Xmx900m