Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/shinesolutions/puppet-aem-resources
Puppet module for provisioning Adobe Experience Manager (AEM) resources
https://github.com/shinesolutions/puppet-aem-resources
aem aem-opencloud puppet
Last synced: about 2 months ago
JSON representation
Puppet module for provisioning Adobe Experience Manager (AEM) resources
- Host: GitHub
- URL: https://github.com/shinesolutions/puppet-aem-resources
- Owner: shinesolutions
- License: apache-2.0
- Created: 2016-12-19T02:53:50.000Z (about 8 years ago)
- Default Branch: main
- Last Pushed: 2024-08-02T00:20:09.000Z (5 months ago)
- Last Synced: 2024-10-30T17:10:00.930Z (2 months ago)
- Topics: aem, aem-opencloud, puppet
- Language: Ruby
- Size: 685 KB
- Stars: 7
- Watchers: 13
- Forks: 12
- Open Issues: 12
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
[![Build Status](https://github.com/shinesolutions/puppet-aem-resources/workflows/CI/badge.svg)](https://github.com/shinesolutions/puppet-aem-resources/actions?query=workflow%3ACI)
[![Published Version](https://img.shields.io/puppetforge/v/shinesolutions/aem_resources.svg)](http://forge.puppet.com/shinesolutions/aem_resources)
[![Downloads Count](https://img.shields.io/puppetforge/dt/shinesolutions/aem_resources.svg)](http://forge.puppet.com/shinesolutions/aem_resources)
[![Known Vulnerabilities](https://snyk.io/test/github/shinesolutions/puppet-aem-resources/badge.svg)](https://snyk.io/test/github/shinesolutions/puppet-aem-resources)Puppet AEM Resources
--------------------A Puppet module for provisioning [Adobe Experience Manager (AEM)](http://www.adobe.com/au/marketing-cloud/enterprise-content-management.html) resources.
Learn more about Puppet AEM Resources:
* [Installation](https://github.com/shinesolutions/puppet-aem-resources#installation)
* [Usage](https://github.com/shinesolutions/puppet-aem-resources#usage)
* [Multi AEM Instances](https://github.com/shinesolutions/puppet-aem-resources#multi-aem-instances)
* [Multi AEM Versions](https://github.com/shinesolutions/puppet-aem-resources#multi-aem-versions)
* [Alias](https://github.com/shinesolutions/puppet-aem-resources#alias)
* [Upgrade](https://github.com/shinesolutions/puppet-aem-resources#upgrade)
* [Testing](https://github.com/shinesolutions/puppet-aem-resources#testing)Puppet AEM Resources is part of [AEM OpenCloud](https://aemopencloud.io) platform but it can be used as a stand-alone.
Installation
------------puppet module install shinesolutions-aem_resources
Or via a Puppetfile:
mod 'shinesolutions/aem_resources'
If you want to use the `main` version:
mod 'shinesolutions/aem_resources', :git => 'https://github.com/shinesolutions/puppet-aem-resources'
And because [PUP-3386](https://tickets.puppetlabs.com/browse/PUP-3386) hasn't been implemented, you have to install [ruby_aem](https://github.com/shinesolutions/ruby_aem) prior to using aem_resource Puppet module.
package { 'ruby_aem':
ensure => '3.8.0',
provider => 'puppet_gem',
}Configuration
-------------AEM username, password, protocol, host, port, and debug can be set via environment variables or a configuration file.
Environment variables have `aem_` prefix, e.g. `aem_username`, `aem_password`, `aem_protocol`, `aem_host`, `aem_port`, `aem_timeout`, and `aem_debug`.
Configuration file should be named `aem.yaml` and be placed under [Puppet config directory](https://docs.puppet.com/puppet/latest/dirs_confdir.html). Example config file:
---
:username: 'admin'
:password: 'admin'
:protocol: 'http'
:host: 'localhost'
:port: 4502
:timeout: 300
:debug: FalseIf a configuration property is not set, then it will use the default value set in [ruby_aem](https://github.com/shinesolutions/ruby_aem).
However, if the invocation specifies an `aem_id` attribute, then the value of that attribute will be used to identify the environment variables and configuration file. For example:
aem_bundle {
...
aem_id => 'myaem',
...
}The invocation above will use environment variables with `myaem_` prefix, e.g. `myaem_username`, and it will use a configuration file named `myaem.yaml` under Puppet config directory.
It is also possible to specify username and password at invocation level by specifying `aem_username` and `aem_password` attributes. For example:
aem_bundle {
...
aem_username => 'myusername',
aem_password => 'mypassword',
...
}Usage
-----AEM
aem_aem { 'Wait until login page is ready':
ensure => login_page_is_ready,
retries_max_tries => 60,
retries_base_sleep_seconds => 5,
retries_max_sleep_seconds => 5,
}aem_aem { 'Wait until CRX Package Manager is ready':
ensure => aem_package_manager_is_ready,
retries_max_tries => 60,
retries_base_sleep_seconds => 5,
retries_max_sleep_seconds => 5,
}# this requires aem-healthcheck package to be installed
# https://github.com/shinesolutions/aem-healthcheck
aem_aem { 'Wait until health is ok':
ensure => aem_health_check_is_ok,
tags => 'deep',
combine_tags_or => false,
retries_max_tries => 60,
retries_base_sleep_seconds => 5,
retries_max_sleep_seconds => 5,
}aem_aem { 'Wait until install status is finished':
ensure => install_status_is_finished,
retries_max_tries => 60,
retries_base_sleep_seconds => 5,
retries_max_sleep_seconds => 5,
}aem_aem { 'Remove all agents':
ensure => all_agents_removed,
run_mode => 'author',
}Authorizable Keystore
aem_authorizable_keystore { "Create new keystore for user authentication-service":
ensure => present,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
authorizable_id => 'authentication-service',
intermediate_path => '/home/users/system',
password => 'password1'
}aem_authorizable_keystore { "Archive keystore for user authentication-service to a specific path":
ensure => archived,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
authorizable_id => 'authentication-service',
intermediate_path => '/home/users/system',
path => '/tmp'
}aem_authorizable_keystore { "Archive keystore for user authentication-service to a specific path":
ensure => archived,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
authorizable_id => 'authentication-service',
intermediate_path => '/home/users/system',
file => '/tmp/store.p12'
}aem_authorizable_keystore { "Remove keystore for user authentication-service":
ensure => absent,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
authorizable_id => 'authentication-service',
intermediate_path => '/home/users/system',
}Authorizable Keystore Certificate
aem_certificate_chain { "Add certificate to user authentication-service keystore with certificate provided as file":
ensure => present,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
authorizable_id => 'authentication-service',
intermediate_path => '/home/users/system',
private_key_alias => 'alias_123'
private_key_file_path => '/tmp/private_key_pkcs8.der'
certificate_chain_file_path => '/tmp/cert_pem.crt'
}aem_certificate_chain { "Remove a certificate from User1 keystore":
ensure => present,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
authorizable_id => 'authentication-service',
intermediate_path => '/home/users/system',
private_key_alias => 'alias_123'
}Bundle
aem_bundle { 'Stop webdav bundle':
ensure => stopped,
name => 'org.apache.sling.jcr.webdav',
}aem_bundle { 'Start webdav bundle':
ensure => started,
name => 'org.apache.sling.jcr.webdav',
}Certificate
aem_certificate { "Add certificate by file name":
ensure => present,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
file => '/tmp/cert.crt'
}aem_certificate { "Force adding certificate by file name":
ensure => present,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
file => '/tmp/cert.crt',
force => true
}aem_certificate { "Archive certificate via serial number to a specified file path":
ensure => archived,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
truststore_password => 'admin'
serial => '1234567890'
file => '/tmp/cert.crt',
}aem_certificate { "Remove certificate by file name":
ensure => absent,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
file => '/tmp/cert.crt'
}aem_certificate { "Remove certificate by serial number":
ensure => absent,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
serial => '1234567890'
}Config property
aem_config_property { 'Create https.enable property':
ensure => present,
name => 'org.apache.felix.https.enable',
type => 'Boolean',
value => true,
run_mode => 'author',
node_name => 'org.apache.felix.http',
}Flush agent
aem_flush_agent { 'Create flush agent':
ensure => present,
name => 'some-flush-agent',
run_mode => 'author',
title => 'Some Flush Agent Title',
description => 'Some flush agent description',
dest_base_url => 'http://somehost:8080',
log_level => 'info',
retry_delay => 60000,
force => true,
}aem_flush_agent { 'Delete flush agent':
ensure => absent,
name => 'some-flush-agent',
run_mode => 'author',
}Group
aem_group { 'Create staff group':
ensure => present,
name => 'staff',
path => '/home/groups/s',
}aem_group { 'Create contractor group':
ensure => present,
name => 'contractor',
path => '/home/groups/c',
}aem_group { 'Create contractor group as a member of staff group':
ensure => present,
name => 'contractor',
path => '/home/groups/c',
parent_group_name => 'staff',
parent_group_path => '/home/groups/s',
}aem_group { 'Create staff group and add contractor group as a member':
ensure => present,
name => 'staff',
path => '/home/groups/s',
member_group_name => 'contractor',
member_group_path => '/home/groups/c',
}aem_group { 'Delete staff group':
ensure => absent,
name => 'staff',
path => '/home/groups/s',
}Node
aem_node { 'Create http OSGI config node':
ensure => present,
name => 'org.apache.felix.http',
path => '/apps/system/config',
type => 'sling:OsgiConfig',
}aem_node { 'Delete http OSGI config node':
ensure => absent,
name => 'org.apache.felix.http',
path => '/apps/system/config',
}Package
aem_package { 'Install AEM6.2 hotfix 12785':
ensure => present,
name => 'cq-6.2.0-hotfix-12785',
group => 'adobe/cq620/hotfix',
version => '7.0',
path => '/tmp/',
replicate => false,
activate => true,
force => true,
}aem_package { 'Archive Geometrixx apps':
ensure => archived,
name => 'somearchivedpackage',
group => 'somepackagegroup',
version => '1.2.3',
path => '/tmp/',
filter => '[{"root":"/apps/geometrixx","rules":[]},{"root":"/apps/geometrixx-common","rules":[]}]',
}Path
aem_path { 'Activate /etc/designs/cloudservices/':
ensure => is_activated,
name => '/etc/designs/cloudservices/',
}aem_path { 'Delete /etc/designs/somepath/':
ensure => absent,
name => '/etc/designs/somepath/',
}Replication agent
aem_replication_agent { 'Create replication agent':
ensure => present,
name => 'some-replication-agent',
run_mode => 'author',
title => 'Some Replication Agent Title',
description => 'Some replication agent description',
dest_base_url => 'http://somehost:8080',
transport_user => 'someuser',
transport_password => 'somepass',
log_level => 'info',
retry_delay => 60000,
force => true,
}aem_replication_agent { 'Delete replication agent':
ensure => absent,
name => 'some-replication-agent',
run_mode => 'author',
}Outbox replication agent
aem_outbox_replication_agent { 'Create outbox replication agent':
ensure => present,
name => 'some-outbox-replication-agent',
run_mode => 'publish',
title => 'Some Outbox Replication Agent Title',
description => 'Some outbox replication agent description',
user_id => 'admin',
log_level => 'info',
force => true,
}aem_outbox_replication_agent { 'Delete outbox replication agent':
ensure => absent,
name => 'some-outbox-replication-agent',
run_mode => 'publish',
}Repository
aem_repository { 'Block repository writes':
ensure => writes_blocked,
}aem_repository { 'Unblock repository writes':
ensure => writes_unblocked,
}Saml
aem_saml { 'Create SAML configuration for AEM 6.2 with certificate provided via idp_cert_alias parameter':
ensure => present,
aem_username => 'admin',
aem_password => 'admin',
aem_id => 'author',
key_store_password => 'admin',
service_ranking => 5002,
idp_http_redirect => true,
create_user => true,
default_redirect_url => '/sites.html',
user_id_attribute => 'NameID',
default_groups => ['def-groups'],
idp_cert_alias => 'certalias___1542770831396',
add_group_memberships => true,
path => ['/'],
synchronize_attributes => [
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\=profile/givenName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\=profile/familyName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\=profile/email'
],
group_membership_attribute => 'http://temp/variable/aem-groups',
idp_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx?RequestBinding\=HTTPPost&loginToRp\=https://prod-aemauthor.com/saml_login',
logout_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx',
service_provider_entity_id => 'https://prod-aemauthor.com/saml_login',
handle_logout => true,
sp_private_key_alias => '',
use_encryption => false,
name_id_format => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
}aem_saml { 'Create SAML configuration for AEM 6.3 with certificate provided via idp_cert_alias parameter':
ensure => present,
aem_username => 'admin',
aem_password => 'admin',
aem_id => 'author',
key_store_password => 'admin',
service_ranking => 5002,
idp_http_redirect => true,
create_user => true,
default_redirect_url => '/sites.html',
user_id_attribute => 'NameID',
default_groups => ['def-groups'],
idp_cert_alias => 'certalias___1542770831396',
add_group_memberships => true,
path => ['/'],
synchronize_attributes => [
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\=profile/givenName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\=profile/familyName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\=profile/email'
],
clock_tolerance => 60,
group_membership_attribute => 'http://temp/variable/aem-groups',
idp_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx?RequestBinding\=HTTPPost&loginToRp\=https://prod-aemauthor.com/saml_login',
logout_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx',
service_provider_entity_id => 'https://prod-aemauthor.com/saml_login',
handle_logout => true,
sp_private_key_alias => '',
use_encryption => false,
name_id_format => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
digest_method => 'http://www.w3.org/2001/04/xmlenc#sha256',
signature_method => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
}aem_saml { 'Create SAML configuration for AEM 6.4 with certificate provided via idp_cert_alias parameter':
ensure => present,
aem_username => 'admin',
aem_password => 'admin',
aem_id => 'author',
key_store_password => 'admin',
service_ranking => 5002,
idp_http_redirect => true,
create_user => true,
default_redirect_url => '/sites.html',
user_id_attribute => 'NameID',
default_groups => ['def-groups'],
idp_cert_alias => 'certalias___1542770831396',
add_group_memberships => true,
path => ['/'],
synchronize_attributes => [
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\=profile/givenName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\=profile/familyName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\=profile/email'
],
clock_tolerance => 60,
group_membership_attribute => 'http://temp/variable/aem-groups',
idp_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx?RequestBinding\=HTTPPost&loginToRp\=https://prod-aemauthor.com/saml_login',
logout_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx',
service_provider_entity_id => 'https://prod-aemauthor.com/saml_login',
handle_logout => true,
sp_private_key_alias => '',
use_encryption => false,
name_id_format => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
digest_method => 'http://www.w3.org/2001/04/xmlenc#sha256',
signature_method => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
user_intermediate_path => '',
assertion_consumer_service_url => ''
}aem_saml { 'Create SAML configuration for AEM 6.2 with certificate provided via serial number':
ensure => present,
aem_username => 'admin',
aem_password => 'admin',
aem_id => 'author',
key_store_password => 'admin',
service_ranking => 5002,
idp_http_redirect => true,
create_user => true,
default_redirect_url => '/sites.html',
user_id_attribute => 'NameID',
default_groups => ['def-groups'],
serial => '1234567890',
add_group_memberships => true,
path => ['/'],
synchronize_attributes => [
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\=profile/givenName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\=profile/familyName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\=profile/email'
],
group_membership_attribute => 'http://temp/variable/aem-groups',
idp_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx?RequestBinding\=HTTPPost&loginToRp\=https://prod-aemauthor.com/saml_login',
logout_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx',
service_provider_entity_id => 'https://prod-aemauthor.com/saml_login',
handle_logout => true,
sp_private_key_alias => '',
use_encryption => false,
name_id_format => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
}aem_saml { 'Create SAML configuration for AEM 6.3 with certificate provided via serial number':
ensure => present,
aem_username => 'admin',
aem_password => 'admin',
aem_id => 'author',
key_store_password => 'admin',
service_ranking => 5002,
idp_http_redirect => true,
create_user => true,
default_redirect_url => '/sites.html',
user_id_attribute => 'NameID',
default_groups => ['def-groups'],
serial => '1234567890',
add_group_memberships => true,
path => ['/'],
synchronize_attributes => [
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\=profile/givenName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\=profile/familyName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\=profile/email'
],
clock_tolerance => 60,
group_membership_attribute => 'http://temp/variable/aem-groups',
idp_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx?RequestBinding\=HTTPPost&loginToRp\=https://prod-aemauthor.com/saml_login',
logout_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx',
service_provider_entity_id => 'https://prod-aemauthor.com/saml_login',
handle_logout => true,
sp_private_key_alias => '',
use_encryption => false,
name_id_format => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
digest_method => 'http://www.w3.org/2001/04/xmlenc#sha256',
signature_method => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
}aem_saml { 'Create SAML configuration for AEM 6.4 with certificate provided via serial number':
ensure => present,
aem_username => 'admin',
aem_password => 'admin',
aem_id => 'author',
key_store_password => 'admin',
service_ranking => 5002,
idp_http_redirect => true,
create_user => true,
default_redirect_url => '/sites.html',
user_id_attribute => 'NameID',
default_groups => ['def-groups'],
serial => '1234567890',
add_group_memberships => true,
path => ['/'],
synchronize_attributes => [
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\=profile/givenName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\=profile/familyName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\=profile/email'
],
clock_tolerance => 60,
group_membership_attribute => 'http://temp/variable/aem-groups',
idp_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx?RequestBinding\=HTTPPost&loginToRp\=https://prod-aemauthor.com/saml_login',
logout_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx',
service_provider_entity_id => 'https://prod-aemauthor.com/saml_login',
handle_logout => true,
sp_private_key_alias => '',
use_encryption => false,
name_id_format => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
digest_method => 'http://www.w3.org/2001/04/xmlenc#sha256',
signature_method => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
user_intermediate_path => '',
assertion_consumer_service_url => ''
}aem_saml { 'Create SAML configuration for AEM 6.2 with certificate provided as a file':
ensure => present,
aem_username => 'admin',
aem_password => 'admin',
aem_id => 'author',
key_store_password => 'admin',
service_ranking => 5002,
idp_http_redirect => true,
create_user => true,
default_redirect_url => '/sites.html',
user_id_attribute => 'NameID',
default_groups => ['def-groups'],
file => '/tmp/cert.crt',
add_group_memberships => true,
path => ['/'],
synchronize_attributes => [
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\=profile/givenName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\=profile/familyName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\=profile/email'
],
group_membership_attribute => 'http://temp/variable/aem-groups',
idp_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx?RequestBinding\=HTTPPost&loginToRp\=https://prod-aemauthor.com/saml_login',
logout_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx',
service_provider_entity_id => 'https://prod-aemauthor.com/saml_login',
handle_logout => true,
sp_private_key_alias => '',
use_encryption => false,
name_id_format => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
}aem_saml { 'Create SAML configuration for AEM 6.3 with certificate provided as a file':
ensure => present,
aem_username => 'admin',
aem_password => 'admin',
aem_id => 'author',
key_store_password => 'admin',
service_ranking => 5002,
idp_http_redirect => true,
create_user => true,
default_redirect_url => '/sites.html',
user_id_attribute => 'NameID',
default_groups => ['def-groups'],
file => '/tmp/cert.crt',
add_group_memberships => true,
path => ['/'],
synchronize_attributes => [
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\=profile/givenName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\=profile/familyName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\=profile/email'
],
clock_tolerance => 60,
group_membership_attribute => 'http://temp/variable/aem-groups',
idp_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx?RequestBinding\=HTTPPost&loginToRp\=https://prod-aemauthor.com/saml_login',
logout_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx',
service_provider_entity_id => 'https://prod-aemauthor.com/saml_login',
handle_logout => true,
sp_private_key_alias => '',
use_encryption => false,
name_id_format => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
digest_method => 'http://www.w3.org/2001/04/xmlenc#sha256',
signature_method => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
}aem_saml { 'Create SAML configuration for AEM 6.4 with certificate provided as a file':
ensure => present,
aem_username => 'admin',
aem_password => 'admin',
aem_id => 'author',
key_store_password => 'admin',
service_ranking => 5002,
idp_http_redirect => true,
create_user => true,
default_redirect_url => '/sites.html',
user_id_attribute => 'NameID',
default_groups => ['def-groups'],
file => '/tmp/cert.crt',
add_group_memberships => true,
path => ['/'],
synchronize_attributes => [
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\=profile/givenName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\=profile/familyName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\=profile/email'
],
clock_tolerance => 60,
group_membership_attribute => 'http://temp/variable/aem-groups',
idp_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx?RequestBinding\=HTTPPost&loginToRp\=https://prod-aemauthor.com/saml_login',
logout_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx',
service_provider_entity_id => 'https://prod-aemauthor.com/saml_login',
handle_logout => true,
sp_private_key_alias => '',
use_encryption => false,
name_id_format => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
digest_method => 'http://www.w3.org/2001/04/xmlenc#sha256',
signature_method => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
user_intermediate_path => '',
assertion_consumer_service_url => ''
}aem_saml { 'Remove SAML configuration':
ensure => absent,
aem_username => 'admin',
aem_password => 'admin',
aem_id => 'author',
}SSL
aem_ssl { 'Enable Granite SSL Config':
ensure => present,
https_hostname => 'localhost',
https_port => 5432,
keystore_password => 'somekeystorepassword',
truststore_password => 'sometruststorepassword',
privatekey_file_path => '/tmp/shinesolutions/puppet-aem-resources/cert_ssl.der',
certificate_file_path => '/tmp/shinesolutions/puppet-aem-resources/cert_ssl.crt',
}aem_ssl { 'Remove Granite SSL Config':
ensure => absent
}Truststore
aem_truststore { "Create Truststore":
ensure => present,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
password => 'admin'
}aem_truststore { "Import Truststore from file provided via file":
ensure => present,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
password => 'admin'
file => '/root/truststore.p12'
}aem_truststore { "Archive Truststore to /root":
ensure => archived,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
path => '/root'
}aem_truststore { "Archive Truststore to /root/truststore.p12":
ensure => archived,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
file => '/root/truststore.p12'
}aem_truststore { "Delete Truststore":
ensure => absent,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin'
}User
aem_user { 'Create user charlie without any group':
ensure => present,
name => 'charlie',
path => '/home/users/c',
password => 'somepassword',
permission => {
'/libs' => ['read:false', 'modify:false', 'create:false', 'delete:false', 'acl_read:false', 'acl_edit:false', 'replicate:false'],
'/var' => ['read:false', 'modify:false', 'create:false', 'delete:false', 'acl_read:false', 'acl_edit:false', 'replicate:false'],
'/tmp' => ['read:false', 'modify:false', 'create:false', 'delete:false', 'acl_read:false', 'acl_edit:false', 'replicate:false'],
},
}aem_user { 'Create user bob and add to administrators group':
ensure => present,
name => 'bob',
path => '/home/users/b',
password => 'somepassword',
group_name => 'administrators',
group_path => '/home/groups/a',
}aem_user { 'Add user charlie to administrators group':
ensure => added_to_group,
name => 'charlie',
path => '/home/users/c',
group_name => 'administrators',
group_path => '/home/groups/a'
}aem_user { 'Change user bob password':
ensure => password_changed,
name => 'bob',
path => '/home/users/b',
old_password => 'somepassword',
new_password => 'somenewpassword'
}aem_user { 'Delete user':
ensure => absent,
name => 'bob',
path => '/home/users/b',
}aem_user { 'Update replication-service user permission':
ensure => has_permission,
name => 'replication-service',
path => '/home/users/system/',
permission => {
'/etc/replication/agents.author' => ['replicate:false'],
'/etc/replication/agents.publish' => ['replicate:false']
}
}Other than single AEM resource, this module also provides predefined classes for common AEM provisioning tasks.
Remove default agents on AEM Author:
aem_resources::author_remove_default_agents { 'Remove default author agents':
}Remove default agents on AEM Publish:
aem_resources::publish_remove_default_agents { 'Remove default publish agents':
}Set AEM Author Primary configuration:
aem_resources::author_primary_set_config { 'Set author primary config':
aem_home_dir => '/opt/aem/author'
}Set AEM Author Standby configuration:
aem_resources::author_standby_set_config { 'Set author standby config':
aem_home_dir => '/opt/aem/author',
primary_host => 'somehost',
}Set AEM Publish configuration:
aem_resources::publish_set_config { 'Set Publish config':
aem_home_dir => '/opt/aem/publish'
}Create system users (orchestrator, replicator, deployer, exporter, importer):
aem_resources::create_system_users { 'Create system users':
}Create system users with predefined path and password:
aem_resources::create_system_users { 'Create system users with custom passwords':
aem_system_users => {
deployer => {
name => 'deployer',
path => '/home/users/q',
password => 'customdeployerpassword',
},
exporter => {
name => 'exporter',
path => '/home/users/e',
password => 'customexporterpassword',
},
importer => {
name => 'importer',
path => '/home/users/i',
password => 'customimporterpassword',
},
orchestrator => {
name => 'orchestrator',
path => '/home/users/o',
password => 'customorchestratorpassword',
},
replicator => {
name => 'replicator',
path => '/home/users/r',
password => 'customreplicatorpassword',
}
}
}Change system users password:
aem_resources::change_system_users_password { 'Change system users password':
aem_system_users => {
deployer => {
name => 'deployer',
path => '/home/users/q',
old_password => 'deployer',
new_password => 'newdeployerpassword',
},
exporter => {
name => 'exporter',
path => '/home/users/e',
old_password => 'exporter',
new_password => 'newexporterpassword',
},
importer => {
name => 'importer',
path => '/home/users/i',
old_password => 'importer',
new_password => 'newimporterpassword',
},
orchestrator => {
name => 'orchestrator',
path => '/home/users/o',
old_password => 'orchestrator',
new_password => 'neworchestratorpassword',
},
replicator => {
name => 'replicator',
path => '/home/users/r',
old_password => 'replicator',
new_password => 'newreplicatorpassword',
}
}
}Create Puppet AEM Resources' configuration file:
aem_resources::puppet_aem_resources_set_config { 'Set puppet-aem-resources config file for author':
conf_dir => '/tmp/puppet-aem-resources/',
username => 'admin',
password => 'admin',
protocol => 'http',
host => 'localhost',
port => 4502,
timeout => 300,
debug => false,
}Enable CRXDE:
aem_resources::enable_crxde { 'Enable CRXDE':
run_mode => 'author',
}Create OSGI Configuration:
Setting the OSGI configuration in the manifest `set_osgi_config` is done by using the class `aem::osgi::config` from the puppet-module `bstopp/aem`.aem_resources::set_osgi_config {"Author-Primary set OSGI configuration":
aem_home_dir => '/opt/aem/author',
aem_user => 'aem-author',
aem_user_group => 'aem-author',
aem_id => 'author',
osgi_configs => {
'org.apache.jackrabbit.oak.plugins.segment' => {
'org.apache.sling.installer.configuration.persist' => false,
'name' => 'Oak-Tar',
'service.ranking' => 100,
'standby' => false,
'customBlobstore' => true
},
'org.apache.jackrabbit.oak.plugins.segment.standby.store.StandbyStoreService' => {
'org.apache.sling.installer.configuration.persist' => false,
'mode' => 'primary',
'port' => 8023,
'secure' => true,
'interval' => 5
}
}
}Enable Development bundles:
aem_resources::enable_development_bundles { 'Enable Development bundles':
run_mode => 'author',
}Disable Development bundles:
aem_resources::disable_development_bundles { 'Disable Development bundles':
run_mode => 'author',
}Multi AEM Instances
-------------------Starting from version 2.0.0, it is possible to use Puppet AEM Resources to provision multiple AEM instances on the same machine.
Let's say you have an AEM author instance at http://localhost:4502 and an AEM publish instance at https://localhost:5433 . Set up the following configuration files:
`/myaemauthor.yaml`
---
:username: 'admin'
:password: 'admin'
:protocol: 'http'
:host: 'localhost'
:port: 4502
:timeout: 300
:debug: False`/myaempublish.yaml`
---
:username: 'admin'
:password: 'admin'
:protocol: 'https'
:host: 'localhost'
:port: 5433
:timeout: 300
:debug: FalseThen specify `aem_id` attribute on resource invocation in Puppet manifest:
aem_bundle { 'Stop webdav bundle':
ensure => stopped,
name => 'org.apache.sling.jcr.webdav',
aem_id => 'myaemauthor',
}aem_bundle { 'Stop webdav bundle':
ensure => stopped,
name => 'org.apache.sling.jcr.webdav',
aem_id => 'myaempublish',
}The above example will stop webdav bundle on both your AEM author instance and AEM publish instance.
Multi AEM Versions
------------------Some types support multiple AEM versions due to differences how particular features are implemented between those AEM versions.
For example, AEM Author Standby configuration package was `org.apache.jackrabbit.oak.plugins.segment` in AEM <= 6.2, and it was changed to `org.apache.jackrabbit.oak.segment` in AEM >= 6.3 .
Starting version 2.1.1, `aem_version` attribute was added to the corresponding types:
aem_resources::author_standby_set_config { 'Set author standby config':
install_dir => '/opt/aem/crx-quickstart/install',
primary_host => 'somehost',
aem_version => '6.3',
}Alias
-----Due to the need to change the state of some resources from within the same manifest, both `aem_bundle` and `aem_user` have alias resources named `aem_bundle_alias` and `aem_user_alias` .
For example, this allows you to stop and start a bundle from within the same manifest:
aem_bundle { 'Stop webdav bundle':
ensure => stopped,
name => 'org.apache.sling.jcr.webdav',
}# Do other things here
...aem_bundle_alias { 'Start webdav bundle':
ensure => started,
name => 'org.apache.sling.jcr.webdav',
}Upgrade
-------Upgrading to 2.x.x:
* Replace all class calls to definitions.
From:
class { 'aem_resources::enable_crxde':
run_mode => 'author',
}To:
aem_resources::enable_crxde { 'Enable CRXDE':
run_mode => 'author',
}Testing
-------If you run AEM on a non default port `4502`, then you need to specify the port number as environment variable:
aem_port=45622 author_port=45622 make test-integration
The `aem_port` environment variable is used by provisioning steps that use default `aem_id`. `author_port` is used by the ones that specify `author` `aem_id`.