In this blog we cover the deployment of ACS (Alfresco Content Services) 6.1 Enterprise on AWS. The deployment consists of two mayor steps:
Building AWS AMIs (Amazon Machine Images) containing a base installation of ACS 6.1 Enterprise.
Building AWS infrastructure (VPC, ELB, RDS, etc) and deploying ACS 6.1 Enterprise to it.
Please make sure your Alfresco license subscription entitles you to install and run ACS 6.1 Enterprise and Alfresco Search Services with Insight Engine.
The final ACS architecture looks like this:
The tools and code used in this blog to deploy ACS 6.1Enterprise are not officially supported by Alfresco. They are used as a POC to show you how you can use OpenSource tools to deploy and configure resources and applications to AWS in an automated way.
The software used to build and deploy ACS 6.1 Enterprise is available in a public repository in GitHub.
The following software is required to create and deploy resources in AWS:
Terraform - used to create and update infrastructure resources.
Ansible - Ansible is an IT automation tool used to deploy and configure systems.
AWS CLI - The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services.
Make sure these tools have been installed on the computer you are using to build and deploy ACS 6.1Enterprise.
Authenticating to AWS
Both Packer and Terraform need to authenticate to AWS in order to create resources. Since we are creating a large number of infrastructure resources, the user we authenticate with to AWS, needs to have administrator access.
There are multiple ways to configure AWS credentials for Packer and Terraform, the following links will show you how to do it:
Note: Whatever method you use make sure you keep your AWS credentials private and secure at all times.
Authenticating to Nexus
Nexus is a repository manager used by Alfresco to publish software artifacts. Packer will connect to Nexus repository to download the necessary software to install ACS 6.1 Enterprise.
Alfresco Enterprise customers have Nexus credentials as part of their license subscription. Please refer to your CRM if you don't know or have your Nexus credentials.
Building AWS AMIs
The first step to deploy ACS 6.1 Enterprise is to build two types of AMIs:
Repository AMI - containing Alfresco Repository, Share and ADW (Alfresco Digital Workspace)
Search Services AMI - containing Alfresco Repository and Search Services with Insight Engine.
For this process we use Packer and Ansible. We first export the "nexus_user" and "nexus_password" environment variables containing credentials to access the Nexus repository. These are stored in the ~/.nexus-cfg file contains the following.
Note that the .nexus-cfg file is in the user home folder, keep this file and its contents private and secured at all times.
If you want to include custom amps add them to the amps and amps_share folder and they will be deployed to the AMI.
For custom jar files add them to the modules/platform and modules/share folders.
If you want to deploy ADW (Alfresco Digital Workspace) place thedigital-workspace.warfile in theacs-61-files/downloadedfolder.
We can now execute packer by calling the build_61_AMI.sh script.
cd acs-61-repo-aws-packer ./build_61_AMI.sh
This shell script will load the nexus environment variables and call packer build using a template file for the provisioning of the AMI and a variables file containing deployment specific information such as your default VPC Id, the AWS region, etc.
Make sure you change the value of the vpc_id variable to use your default VPC Id.
Search Services AMI
As on the previous section, we use Packer and Ansible to create a Search Services AMI.
Make sure you change the value of thevpc_idvariable to your default VPC Id before running the build_61_AMI.sh script.
cd acs-61-repo-aws-packer ./build_61_AMI.sh
As the script runs you can see what is is doing during its execution...
▶ ./build_61_AMI.sh amazon-ebs output will be in this color.
==> amazon-ebs: Prevalidating AMI Name: acs-61-repo-1557828971 amazon-ebs: Found Image ID: ami-00846a67 ==> amazon-ebs: Creating temporary keypair: packer_5cda956b-bd62-1d09-cef2-639152741025 ==> amazon-ebs: Creating temporary security group for this instance: packer_5cda956b-345b-2321-afd5-40b1b06a6bc1 ==> amazon-ebs: Authorizing access to port 22 from 0.0.0.0/0 in the temporary security group... ==> amazon-ebs: Launching a source AWS instance... ==> amazon-ebs: Adding tags to source instance amazon-ebs: Adding tag: "Name": "Packer Builder" amazon-ebs: Instance ID: i-0f80505eb56dccbb7 ==> amazon-ebs: Waiting for instance (i-0f80505eb56dccbb7) to become ready...
On completion the script will output the AMI id of the newly created AMI. Keep track of both AMI Ids, as we will need to use them in the Terraform script next.
Build 'amazon-ebs' finished.
==> Builds finished. The artifacts of successful builds are: --> amazon-ebs: AMIs were created: eu-west-2: ami-08fd6196500dbcb01
Building the AWS Infrastructure and Deploying ACS 6.1 Enterprise
Now that we have created both the Repository and the Search Services AMIs we can start building the AWS infrastructure and deploy ACS 6.1 Enterprise.
In the acs-61-aws-terraform folder we have the terraform.tfvars containing configuration specific for the AWS and ACS deployments.
Some of the variables that will need to be updated are:
resource-prefix - this is used to name all resources created with some initials to identify the resources belonging to this deployment.
and of course we need to set the auto scaling image id with the newly generated AMIs
Once the configuration has been set we are ready to start building the solution. We first need initialize terraform with the "terraform init" command:
The following providers do not have any version constraints in configuration, so the latest version was installed.
To prevent automatic upgrades to new major versions that may contain breaking changes, it is recommended to add version = "..." constraints to the corresponding provider blocks in configuration, with the constraint strings suggested below.
* provider.aws: version = "~> 2.10"
Terraform has been successfully initialized!
You may now begin working with Terraform. Try running "terraform plan" to see any changes that are required for your infrastructure. All Terraform commands should now work.
If you ever set or change modules or backend configuration for Terraform, rerun this command to reinitialize your working directory. If you forget, other commands will detect it and remind you to do so if necessary.
We can now issue the apply command to start the build. Upon completion (it will take around 15 minutes) we will get notification of the URLs available to connect to Alfresco.