OPSEXP-3042: set ADF download vars as adf_app role's arguments

.github/workflows/community.yml

@@ -116,7 +116,6 @@ jobs:
           - image: ubuntu:22.04
           - image: rockylinux/rockylinux:9.4
         scenario:
-          - name: pki
           - name: docker_community
     uses: ./.github/workflows/docker.yml
     with:

.gitignore

@@ -14,6 +14,7 @@ molecule/multimachine/hosts.yml
 __pycache__/
 *.py[cod]
 *$py.class
+.jython_cache/
 
 # C extensions
 *.so

.secrets.baseline

@@ -142,9 +142,9 @@
       {
         "type": "Secret Keyword",
         "filename": "playbooks/acs.yml",
-        "hashed_secret": "3a0b8a438a9efa61267357269709a946d797b9bd",
+        "hashed_secret": "0ca8f28152882e5edb182fc3f7d4ae10a5b10dc5",
         "is_verified": false,
-        "line_number": 439,
+        "line_number": 436,
         "is_secret": false
       }
     ],
@@ -259,5 +259,5 @@
       }
     ]
   },
-  "generated_at": "2025-02-14T16:33:49Z"
+  "generated_at": "2025-02-17T10:12:53Z"
 }

7.3.N-extra-vars.yml

@@ -41,10 +41,6 @@ sfs:
   artifact_name: alfresco-shared-file-store-controller
   repository: "{{ nexus_repository.enterprise_releases }}"
   version: 4.1.6
-adw:
-  artifact_name: alfresco-digital-workspace
-  repository: "{{ nexus_repository.enterprise_releases }}"
-  version: 4.4.1
 sync:
   repository: "{{ nexus_repository.enterprise_releases }}/services/sync/sync-dist-6.x"
   version: 3.11.3

7.4.N-extra-vars.yml

@@ -44,18 +44,10 @@ sfs:
   artifact_name: alfresco-shared-file-store-controller
   repository: "{{ nexus_repository.enterprise_releases }}"
   version: 4.1.6
-adw:
-  artifact_name: alfresco-digital-workspace
-  repository: "{{ nexus_repository.enterprise_releases }}"
-  version: 5.0.0
 sync:
   repository: >-
     {{ nexus_repository.enterprise_releases }}/services/sync/sync-dist-6.x
   version: 3.11.3
-acc:
-  artifact_name: alfresco-control-center
-  repository: "{{ nexus_repository.releases }}"
-  version: 8.0.0
 dependencies_version:
   postgresql_connector: 42.6.1
   postgres_major_version: 14

community-extra-vars.yml

@@ -12,10 +12,6 @@ transform:
   artifact_name: alfresco-transform-core-aio
   repository: "{{ nexus_repository.releases }}"
   version: 5.1.6
-acc:
-  artifact_name: alfresco-control-center
-  repository: "{{ nexus_repository.releases }}"
-  version: 9.3.0
 search:
   artifact_name: alfresco-search-services
   repository: "{{ nexus_repository.releases }}"

group_vars/all.yml

@@ -67,31 +67,15 @@ sfs:
   artifact_name: alfresco-shared-file-store-controller
   repository: "{{ nexus_repository.enterprise_releases }}"
   version: 4.1.6
-adw:
-  artifact_name: alfresco-digital-workspace
-  repository: "{{ nexus_repository.enterprise_releases }}"
-  version: 5.3.0
 sync:
   repository: >-
     {{ nexus_repository.enterprise_releases }}/services/sync/sync-dist-6.x
   version: 5.1.0
-acc:
-  artifact_name: alfresco-control-center
-  repository: "{{ nexus_repository.releases }}"
-  version: 9.3.0
 downloads:
   acs_zip_url: >-
     {{ acs.repository }}/{{ acs.artifact_name }}/{{ acs.version }}/{{ acs.artifact_name }}-{{ acs.version }}.zip
   acs_zip_sha1_checksum_url: >-
     {{ acs.repository }}/{{ acs.artifact_name }}/{{ acs.version }}/{{ acs.artifact_name }}-{{ acs.version }}.zip.sha1
-  acc_zip_url: >-
-    {{ acc.repository }}/{{ acc.artifact_name }}/{{ acc.version }}/{{ acc.artifact_name }}-{{ acc.version }}.zip
-  acc_zip_sha1_checksum_url: >-
-    {{ acc.repository }}/{{ acc.artifact_name }}/{{ acc.version }}/{{ acc.artifact_name }}-{{ acc.version }}.zip.sha1
-  adw_zip_url: >-
-    {{ adw.repository }}/{{ adw.artifact_name }}/{{ adw.version }}/{{ adw.artifact_name }}-{{ adw.version }}.zip
-  adw_zip_sha1_checksum_url: >-
-    {{ adw.repository }}/{{ adw.artifact_name }}/{{ adw.version }}/{{ adw.artifact_name }}-{{ adw.version }}.zip.sha1
   search_enterprise_zip_url: >-
     {{ search_enterprise.repository }}/{{ search_enterprise.artifact_name }}/{{ search_enterprise.version }}/{{ search_enterprise.artifact_name }}-{{ search_enterprise.version }}.zip
   search_enterprise_zip_sha1_url: >-

molecule/pki/molecule.yml

@@ -35,9 +35,6 @@ platforms:
       - transformers
 provisioner:
   name: ansible
-  ansible_args:
-    - -e
-    - "@../../community-extra-vars.yml"
   playbooks:
     converge: ../../playbooks/acs.yml
   inventory:

playbooks/acs.yml

@@ -56,7 +56,7 @@
       when: identity_enabled
       ansible.builtin.set_fact:
         identity_url: "{{ alfresco_url }}/auth"
-        code_flow_pkce_supported: "{{ adw.version is version('4.5.0', 'ge') }}"
+        code_flow_pkce_supported: "{{ acs_play_adw_version is version('4.5.0', 'ge') }}"
 
 - name: Database Role
   hosts: database[0]
@@ -401,9 +401,9 @@
       adf_app_name: alfresco-control-center
       adf_app_context: /control-center/
       adf_app_port: 8881
-      adf_app_src_archive: "{{ downloads.acc_zip_url }}"
-      adf_app_src_checksum: "{{ downloads.acc_zip_sha1_checksum_url }}"
-      adf_app_version: "{{ acc.version }}"
+      adf_app_src_archive: "{{ acs_play_acc_url }}"
+      adf_app_src_checksum: "{{ acs_play_acc_checksum }}"
+      adf_app_version: "{{ acs_play_acc_version }}"
       adf_app_configuration: >-
         {{
           adf_app_oauth_configuration | default({}) |
@@ -415,7 +415,10 @@
       become: true
       vars:
         acc_components:
-          acc: "{{ acc }}"
+          acc:
+            artifact_name: "{{ acc_artifact_id }}"
+            repository: "{{ acc_repository }}"
+            version: "{{ acs_play_acc_version }}"
       ansible.builtin.blockinfile:
         block: "{{ acc_components | to_nice_yaml(indent=2) }}"
         create: true
@@ -429,20 +432,25 @@
 - name: Alfresco Digital Workspace Role
   hosts: adw
   gather_facts: false
+  vars:
+    adw_sum: >-
+      {% if acs_play_adw_version is version('4.1.0','ge') -%}
+        {{ acs_play_adw_checksum }}
+      {% else -%}
+        {{ acs_play_adw_checksum.split(':')[0] }}:
+        {{- lookup('url', acs_play_adw_checksum.split(':')[1:], username=nexus_user, password=nexus_password) }}
+      {%- endif %}
   roles:
     - role: "../roles/adf_app"
       when: acs.edition == "Enterprise"
       adf_app_name: alfresco-digital-workspace
       adf_app_context: /workspace/
       adf_app_port: 8880
-      adf_app_src_archive: "{{ downloads.adw_zip_url }}"
-      adf_app_src_checksum: >-
-        {% if adw.version is version('4.1.0','ge') -%}
-        {{ downloads.adw_zip_sha1_checksum_url }}
-        {% else -%}
-        {{ lookup('url', downloads.adw_zip_sha1_checksum_url, username=nexus_user, password=nexus_password) }}
-        {%- endif %}
-      adf_app_version: "{{ adw.version }}"
+      adf_app_src_archive: "{{ acs_play_adw_url }}"
+      adf_app_src_checksum: "{{ adw_sum }}"
+      adf_app_src_username: "{{ nexus_user }}"
+      adf_app_src_password: "{{ nexus_password }}"
+      adf_app_version: "{{ acs_play_adw_version }}"
       adf_app_configuration: >-
         {{
           adf_app_oauth_configuration | default({}) |
@@ -454,7 +462,10 @@
       become: true
       vars:
         adw_components:
-          adw: "{{ adw }}"
+          adw:
+            artifact_name: "{{ adw_artifact_id }}"
+            repository: "{{ adw_repository }}"
+            version: "{{ acs_play_adw_version }}"
       ansible.builtin.blockinfile:
         block: "{{ adw_components | to_nice_yaml(indent=2) }}"
         create: true

playbooks/group_vars/acc.yml

@@ -0,0 +1,6 @@
+acc_artifact_id: alfresco-control-center
+acc_repository: "{{ nexus_repository.releases }}"
+acs_play_acc_url: >-
+  {{ acc_repository }}/{{ acc_artifact_id }}/{{ acs_play_acc_version }}/{{ acc_artifact_id }}-{{ acs_play_acc_version }}.zip
+acs_play_acc_checksum: sha1:{{ acs_play_acc_url }}.sha1
+acc_app_configuration: {}

playbooks/group_vars/adw.yml

@@ -0,0 +1,9 @@
+adw_artifact_id: alfresco-digital-workspace
+adw_repository: "{{ nexus_repository.enterprise_releases }}"
+acs_play_adw_url: >-
+  {{ adw_repository }}/{{ adw_artifact_id }}/{{ acs_play_adw_version }}/{{ adw_artifact_id }}-{{ acs_play_adw_version }}.zip
+acs_play_adw_checksum: sha1:{{ acs_play_adw_url }}.sha1
+adw_app_configuration:
+  plugins:
+    processService: false
+    microsoftOnline: false

roles/adf_app/defaults/main.yml

@@ -7,8 +7,11 @@ adf_app_context: /
 adf_app_port: 8080
 adf_app_src_archive: null
 adf_app_src_checksum: null
+adf_app_src_username: null
+adf_app_src_password: null
 adf_app_version: null
 adf_app_configuration: {}
+adf_app_download_timeout: 90
 
 # Other defaults
 adf_app_config_json_path: "{{ nginx_default_vhost_docroot }}/{{ adf_app_name }}/app.config.json"

roles/adf_app/meta/argument_specs.yml

@@ -27,6 +27,16 @@ argument_specs:
         required: true
         description: |
           URL of the archive that contains the adf app.
+      adf_app_src_username:
+        type: str
+        description: |
+          Username to use when downloading the ADF archive
+        default: null
+      adf_app_src_password:
+        type: str
+        description: |
+          Password to use when downloading the ADF archive
+        default: null
       adf_app_src_checksum:
         type: str
         required: true
@@ -38,6 +48,11 @@ argument_specs:
         description: |
           The version of the adf app, mainly to detect when we need to redeploy
           it.
+      adf_app_download_timeout:
+        type: int
+        default: 90
+        description: |
+          Timeout in seconds to download the ADF app distribution
       adf_app_configuration:
         type: dict
         required: false

roles/adf_app/meta/main.yml

@@ -23,4 +23,4 @@ galaxy_info:
 
 dependencies:
   - role: nginx
-    setup_vhosts: false
+    nginx_setup_vhosts: false

roles/adf_app/molecule/default/converge.yml

@@ -1,14 +1,25 @@
 ---
 - name: Converge
   hosts: all
+  vars:
+    acc_v: 9.3.0
+    acc_id: alfresco-control-center
+    acc_repo: https://artifacts.alfresco.com/nexus/content/groups/public/org/alfresco
+    adw_v: 5.3.0
+    adw_id: alfresco-digital-workspace
+    adw_repo: https://artifacts.alfresco.com/nexus/content/groups/private/org/alfresco
   tasks:
     - name: "Install alfresco-digital-workspace"
       vars:
         adf_app_name: alfresco-digital-workspace
         adf_app_port: 8881
-        adf_app_src_archive: "{{ downloads.adw_zip_url }}"
-        adf_app_src_checksum: "{{ downloads.adw_zip_sha1_checksum_url }}"
-        adf_app_version: "{{ adw.version }}"
+        adf_app_src_archive: >-
+          {{ '{0}/{1}/{2}/{1}-{2}.zip'.format(adw_repo, adw_id, adw_v) }}
+        adf_app_src_checksum: >-
+          {{ 'sha1:{0}/{1}/{2}/{1}-{2}.zip.sha1'.format(adw_repo, adw_id, adw_v) }}
+        adf_app_src_username: "{{ nexus_user }}"
+        adf_app_src_password: "{{ nexus_password }}"
+        adf_app_version: "{{ adw_v }}"
         adf_app_configuration:
           authType: OAUTH
       ansible.builtin.include_role:
@@ -18,9 +29,11 @@
       vars:
         adf_app_name: alfresco-control-center
         adf_app_port: 8882
-        adf_app_src_archive: "{{ downloads.acc_zip_url }}"
-        adf_app_src_checksum: "{{ downloads.acc_zip_sha1_checksum_url }}"
-        adf_app_version: "{{ acc.version }}"
+        adf_app_src_archive: >-
+          {{ '{0}/{1}/{2}/{1}-{2}.zip'.format(acc_repo, acc_id, acc_v) }}
+        adf_app_src_checksum: >-
+          {{ 'sha1:{0}/{1}/{2}/{1}-{2}.zip.sha1'.format(acc_repo, acc_id, acc_v) }}
+        adf_app_version: "{{ acc_v }}"
         adf_app_configuration:
           authType: OAUTH
       ansible.builtin.include_role:

roles/adf_app/tasks/main.yml

@@ -7,7 +7,6 @@
       - adf_app_port | int >= 1024
       - adf_app_port | int < 65536
       - adf_app_src_archive is url
-      - adf_app_src_checksum is url or adf_app_src_checksum is match("^[a-fA-F0-9]{40}$")
 
 - name: Create "{{ nginx_default_vhost_docroot }}/{{ adf_app_name }}/" dir
   become: true
@@ -20,11 +19,11 @@
   ansible.builtin.get_url:
     url: "{{ adf_app_src_archive }}"
     dest: "{{ download_location }}/{{ adf_app_name }}-{{ adf_app_version }}.zip"
-    checksum: sha1:{{ adf_app_src_checksum }}
-    mode: 'u=r,g=r,o=r'
-    url_username: "{{ nexus_user }}"
-    url_password: "{{ nexus_password }}"
-    timeout: 570
+    checksum: "{{ adf_app_src_checksum }}"
+    mode: "0644"
+    url_username: "{{ adf_app_src_username | default(omit) }}"
+    url_password: "{{ adf_app_src_password | default(omit) }}"
+    timeout: "{{ adf_app_download_timeout }}"
   notify:
     - Unpack {{ adf_app_name }}
 

roles/nginx/defaults/main.yml

@@ -6,8 +6,8 @@ nginx_vhosts:
     filename: "alfresco.conf"
 
 # role arguments defaults
-setup_service: true
-setup_vhosts: true
+nginx_setup_service: true
+nginx_setup_vhosts: true
 
 # Disable when nginx node is behind another reverse proxy (e.g. AWS ELB)
 nginx_set_proxy_headers: true

roles/nginx/meta/argument_specs.yml

@@ -2,11 +2,11 @@ argument_specs:
   main:
     short_description: Main entrypoint for the nginx role
     options:
-      setup_service:
+      nginx_setup_service:
         description: If the nginx base service should be installed
         type: bool
         default: true
-      setup_vhosts:
+      nginx_setup_vhosts:
         description: If the nginx reverse proxy vhosts should be enabled
         type: bool
         default: true

roles/nginx/tasks/main.yml

@@ -30,4 +30,4 @@
 
 - name: Vhosts configuration
   ansible.builtin.include_tasks: vhosts.yml
-  when: setup_vhosts
+  when: nginx_setup_vhosts

vars/acs23.yml

@@ -19,3 +19,5 @@ supported_os:
       - 24.04 # Testing for the upcoming 25.x acs version
 acs_play_activemq_version: 5.18.6
 acs_play_audit_storage_version: 1.0.0
+acs_play_acc_version: 9.3.0
+acs_play_adw_version: 5.3.0

vars/acs73.yml

@@ -9,3 +9,4 @@ supported_os:
     versions:
       - 22.04
 acs_play_activemq_version: 5.17.6
+acs_play_adw_version: 4.4.1

vars/acs74.yml

@@ -17,3 +17,5 @@ supported_os:
     versions:
       - 22.04
 acs_play_activemq_version: 5.17.6
+acs_play_acc_version: 8.0.0
+acs_play_adw_version: 5.0.0