Commit fc0220a4 authored by peter's avatar peter

Include Activiti formula

parent 0904f874
......@@ -489,3 +489,86 @@ If you want to use a seperate server for Alfresco's solr, you will need to:
```
* Run `state.highstate` on both servers
## Alfresco Activiti
You can install alfresco activiti by adding it as a role, and providing the activiti license in the pillar.
A minimum default example is:
```
roles:
- activiti
activiti:
license: |
-----BEGIN PGP MESSAGE-----
<Insert License Here>
-----END PGP MESSAGE-----
```
### LDAP Configuration
The LDAP configuration is mostly the same as Alfrescos but does not support chained LDAP configuration. Also userNameFormat is replaced with dnPattern:
Minimal Example:
```
ldap:
dnPattern: cn={0},ou=people,dc=PARASHIFT,dc=local
url: ldap://192.0.2.1:389
principal: ldapuser@parashift.local
credentials: Password1234
groupSearchBase: ou=Security Groups,ou=Alfresco,DC=Parashift,DC=local
userSearchBase: cn=Users,dc=parashift,dc=local
```
#### Alfresco, Alfresco Activiti & OpenLDAP Example
This example is for Alfresco Share with the Activiti Share connector using a shared OpenLDAP server.
##### OpenLDAP LDIF File
Please use [this file](example.ldif) to provision openldap
##### Pillar Example
This file will include both the pillar for alfresco and activiti with common ldap settings:
```
roles:
- activiti
- alfresco
activiti:
license: |
-----BEGIN PGP MESSAGE-----
<Insert License Here>
-----END PGP MESSAGE-----
alfresco:
version: 5.1.1
solr: True
extra_properties:
- activiti.secret=activiti-share-connector-secret
alfresco_modules:
- alfresco:activiti-share-connector:1.5.0
ldap:
dnPattern: cn={0},ou=people,dc=PARASHIFT,dc=local
userNameFormat: "cn=%s,ou=people,dc=PARASHIFT,dc=local"
url: ldap://127.0.0.1:389
principal: cn=admin,dc=PARASHIFT,dc=local
credentials: setup
groupSearchBase: ou=groups,dc=PARASHIFT,dc=local
userSearchBase: ou=people,dc=PARASHIFT,dc=local
groupType: posixGroup
personType: inetOrgPerson
groupQuery: (objectclass=posixGroup)
personQuery: (objectclass=inetOrgPerson)
userIdAttributeName: uid
```
# security configuration (this key should be unique for your application, and kept secret)
security.rememberme.key=activitis3cr3tk3y
datasource.username=activitiadmin
datasource.password=activitiadmin
# H2 example (default)
#datasource.driver=org.h2.Driver
#datasource.url=jdbc:h2:tcp://localhost/activitiadmin
# MySQL example
#datasource.driver=com.mysql.jdbc.Driver
#datasource.url=jdbc:mysql://127.0.0.1:3306/activitiadmin?characterEncoding=UTF-8
datasource.driver=org.postgresql.Driver
datasource.url=jdbc:postgresql://localhost:5432/activitiadmin
#datasource.driver=com.microsoft.sqlserver.jdbc.SQLServerDriver
#datasource.url=jdbc:sqlserver://localhost:1433;databaseName=activitiadmin
#datasource.driver=oracle.jdbc.driver.OracleDriver
#datasource.url=jdbc:oracle:thin:@localhost:1521:ACTIVITIADMIN
#datasource.driver=com.ibm.db2.jcc.DB2Driver
#datasource.url=jdbc:db2://localhost:50000/activitiadmin
#datasource.username=activiti
#datasource.password=
# JNDI CONFIG
# If uncommented, the datasource will be looked up using the configured JNDI name.
# This will have preference over any datasource configuration done below that doesn't use JNDI
#
# Eg for JBoss: java:jboss/datasources/activitiDS
#
#datasource.jndi.name=jdbc/activitiDS
# Set whether the lookup occurs in a J2EE container, i.e. if the prefix "java:comp/env/" needs to be added if the JNDI
# name doesn't already contain it. Default is "true".
#datasource.jndi.resourceRef=true
#hibernate.dialect=org.hibernate.dialect.H2Dialect
#hibernate.dialect=org.hibernate.dialect.MySQLDialect
#hibernate.dialect=org.hibernate.dialect.Oracle10gDialect
#hibernate.dialect=org.hibernate.dialect.SQLServerDialect
#hibernate.dialect=org.hibernate.dialect.DB2Dialect
hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
#hibernate.show_sql=false
#hibernate.generate_statistics=false
#
# Connection pool (see http://www.mchange.com/projects/c3p0/#configuration)
#
#datasource.min-pool-size=5
#datasource.max-pool-size=100
#datasource.acquire-increment=5
# test query for H2, MySQL, PostgreSQL and Microsoft SQL Server
#datasource.preferred-test-query=select 1
# test query for Oracle
#datasource.preferred-test-query=SELECT 1 FROM DUAL
# test query for DB2
#datasource.preferred-test-query=SELECT current date FROM sysibm.sysdummy1
#datasource.test-connection-on-checkin=true
#datasource.test-connection-on-checkout=true
#datasource.max-idle-time=1800
#datasource.max-idle-time-excess-connections=1800
#
# Cluster settings
#
# This a period of time, expressed in milliseconds, that indicates
# when a node is deemed to be inactive and is removed from the list
# of nodes of a cluster (nor will it appear in the 'monitoring' section of the application).
#
# When a node is properly shut down, it will send out an event indicating
# it is shut down. From that point on, the data will be kept in memory for the amount
# of time indicated here.
# When a node is not properly shut down (eg hardware failure), this is the period of time
# before removal, since the time the last event is received.
#
# Make sure the value here is higher than the sending interval of the nodes, to avoid
# that nodes incorrectly removed.
#
# By default 10 minutes
cluster.monitoring.max.inactive.time=600000
# A cron expression that configures when the check for inactive nodes is made.
# When executed, this will mark any node that hasn't been active for 'cluster.monitoring.max.inactive.time'
# seconds, as an inactive node. Default: every 5 minutes.
cluster.monitoring.inactive.check.cronexpression=0 0/5 * * * ?
# REST endpoint config
rest.app.name=Activiti app
rest.app.description=Activiti app Rest config
rest.app.host=http://localhost
rest.app.port=8080
rest.app.contextroot=activiti-app
rest.app.restroot=api
rest.app.user=admin@app.activiti.com
rest.app.password=admin
# Passwords for rest endpoints and master configs are stored encrypted in the database using AES/CBC/PKCS5PADDING
# It needs a 128-bit initialization vector (http://en.wikipedia.org/wiki/Initialization_vector)
# and a 128-bit secret key represented as 16 ascii characters below
#
# Do note that if these properties are changed after passwords have been saved, all existing passwords
# will not be able to be decrypted and the password would need to be reset in the UI.
security.encryption.credentialsIVSpec=j8kdO2hejA9lKmm6
security.encryption.credentialsSecretSpec=9FGl73ngxcOoJvmL
# BPMN 2.0 Modeler config
modeler.url=https://activiti.alfresco.com/activiti-app/api/
<Context docBase="/opt/activiti/activiti-admin.war">
<Loader className="org.apache.catalina.loader.VirtualWebappLoader"
virtualClasspath="/opt/activiti/classes" searchVirtualFirst="true" />
</Context>
This diff is collapsed.
<Context docBase="/opt/activiti/activiti-app.war">
<Loader className="org.apache.catalina.loader.VirtualWebappLoader"
virtualClasspath="/opt/activiti/classes" searchVirtualFirst="true" />
</Context>
ldap.authentication.enabled=true
ldap.authentication.casesensitive=true
ldap.allow.database.authenticaion.fallback=true
ldap.synchronization.full.enabled=true
ldap.synchronization.full.cronExpression=0 0 0 * * ?
ldap.synchronization.differential.enabled=false
ldap.synchronization.differential.cronExpression=0 0 */4 * * ?
ldap.synchronization.paging.enabled=false
ldap.synchronization.paging.size=500
ldap.synchronization.db.insert.batch.size=100
ldap.synchronization.db.query.batch.size=100
ldap.authentication.dnPattern={{pillar['ldap']['dnPattern']}}
ldap.authentication.java.naming.provider.url={{pillar['ldap']['url']}}
ldap.synchronization.java.naming.security.principal={{pillar['ldap']['principal']}}
ldap.synchronization.java.naming.security.credentials={{pillar['ldap']['credentials']}}
ldap.synchronization.groupSearchBase={{pillar['ldap']['groupSearchBase']}}
ldap.synchronization.userSearchBase={{pillar['ldap']['userSearchBase']}}
{% for ldapOption in ['personQuery', 'personDifferentialQuery', 'groupQuery', 'groupDifferentialQuery', 'modifyTimestampAttributeName', 'timestampFormat', 'groupType', 'userType', 'personType', 'userIdAttributeName', 'tenantAdminDn', 'userFirstNameAttributeName', 'userLastNameAttributeName', 'userEmailAttributeName', 'tenantAdminDn', 'tenantManagerDn', 'groupIdAttributeName', 'groupMemberAttributeName', 'distinguishedNameAttributeName', 'modifyTimestampAttributeName', 'createTimestampAttributeName'] %}
{%- if pillar['ldap'][ldapOption] is defined %}
ldap.synchronization.{{ldapOption}}={{pillar['ldap'][ldapOption]}}
{%- endif %}
{% endfor %}
# The timestamp format locale language. 'en' by default. Follows the java.util.Locale semantics.
ldap.synchronization.timestampFormat.locale.language=en
# The timestamp format locale country. 'GB' by default. Follows the java.util.Locale semantics.
ldap.synchronization.timestampFormat.locale.country=GB
# The timestamp format timezone. 'GMT' by default. Folloez the java.text.SimpleDateFormat semantics.
ldap.synchronization.timestampFormat.timezone=GMT
{% set download_url = salt['pillar.get']('paramp:url', 'https://repo.parashift.com.au') %}
{% set activiti_version = salt['pillar.get']('activiti:version', '1.5.0') %}
include:
- tomcat
- postgres
/opt/activiti/classes/activiti.lic:
file.managed:
- contents_pillar: activiti:license
{% for webapp in [{'app': 'activiti-app', 'user': 'activiti'} , {'app':'activiti-admin', 'user': 'activitiadmin'}] %}
{{webapp.user}}_postgres:
postgres_user.present:
- name: {{webapp.user}}
- password: {{webapp.user}}
- require:
- sls: postgres
postgres_database.present:
- name: {{webapp.user}}
- owner: {{webapp.user}}
- require:
- postgres_user: {{webapp.user}}_postgres
/var/lib/tomcat7/conf/Catalina/localhost/{{webapp.app}}.xml:
file.managed:
- user: tomcat7
- group: tomcat7
- makedirs: true
- source:
- salt://activiti/files/{{webapp.app}}.xml
- template: jinja
- require:
- file: /opt/activiti/classes/activiti.lic
- file: /opt/activiti/{{webapp.app}}.war
- postgres_database: {{webapp.user}}_postgres
- watch_in:
- service: tomcat7_service
/opt/activiti/classes/{{webapp.app}}.properties:
file.managed:
- user: tomcat7
- group: tomcat7
- makedirs: true
- source:
- salt://activiti/files/{{webapp.app}}.properties
- template: jinja
- watch_in:
- service: tomcat7_service
/opt/activiti/{{webapp.app}}.war:
file.managed:
- source: {{download_url}}/module/alfresco/{{webapp.app}}/{{activiti_version}}/repo.war?token={{salt['pillar.get']('paramp:token', 'CHANGEME')}}
- source_hash: {{download_url}}/module/alfresco/{{webapp.app}}/{{activiti_version}}/repo.md5
- watch_in:
- service: tomcat7_service
{% endfor %}
{% if pillar['ldap'] is defined %}
/opt/activiti/classes/activiti-ldap.properties:
file.managed:
- user: tomcat7
- group: tomcat7
- makedirs: true
- source:
- salt://activiti/files/activiti-ldap.properties
- template: jinja
- watch_in:
- service: tomcat7_service
{% endif %}
# Entry 1: dc=PARASHIFT,dc=local
dn: dc=PARASHIFT,dc=local
dc: PARASHIFT
o: PARASHIFT.local
objectclass: top
objectclass: dcObject
objectclass: organization
# Entry 2: cn=admin,dc=PARASHIFT,dc=local
dn: cn=admin,dc=PARASHIFT,dc=local
cn: admin
description: LDAP administrator
objectclass: simpleSecurityObject
objectclass: organizationalRole
userpassword: {SSHA}B1iLU7JwYcRA+D/nqPnNaawF94ZGA+Fm
# Entry 3: ou=groups,dc=PARASHIFT,dc=local
dn: ou=groups,dc=PARASHIFT,dc=local
objectclass: organizationalUnit
objectclass: top
ou: groups
# Entry 4: cn=everyone,ou=groups,dc=PARASHIFT,dc=local
dn: cn=everyone,ou=groups,dc=PARASHIFT,dc=local
cn: everyone
gidnumber: 500
objectclass: posixGroup
objectclass: top
# Entry 5: ou=people,dc=PARASHIFT,dc=local
dn: ou=people,dc=PARASHIFT,dc=local
objectclass: organizationalUnit
objectclass: top
ou: people
# Entry 6: cn=peter,ou=people,dc=PARASHIFT,dc=local
dn: cn=peter,ou=people,dc=PARASHIFT,dc=local
cn: peter
gidnumber: 500
givenname: Peter
homedirectory: /home/users/peter
mail: peter@parashift.com.au
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: Lesty
uid: peter
uidnumber: 1000
userpassword: {MD5}oPhIlCzoY89TwPpsxoQAfQ==
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment