A Puppet module for provisioning Adobe Experience Manager (AEM) resources.
Learn more about Puppet AEM Resources:
Puppet AEM Resources is part of AEM OpenCloud platform but it can be used as a stand-alone.
puppet module install shinesolutions-aem_resources
Or via a Puppetfile:
mod 'shinesolutions/aem_resources'
If you want to use the main
version:
mod 'shinesolutions/aem_resources', :git => 'https://github.com/shinesolutions/puppet-aem-resources'
And because PUP-3386 hasn't been implemented, you have to install ruby_aem prior to using aem_resource Puppet module.
package { 'ruby_aem':
ensure => '3.8.0',
provider => 'puppet_gem',
}
AEM username, password, protocol, host, port, and debug can be set via environment variables or a configuration file.
Environment variables have aem_
prefix, e.g. aem_username
, aem_password
, aem_protocol
, aem_host
, aem_port
, aem_timeout
, and aem_debug
.
Configuration file should be named aem.yaml
and be placed under Puppet config directory. Example config file:
---
:username: 'admin'
:password: 'admin'
:protocol: 'http'
:host: 'localhost'
:port: 4502
:timeout: 300
:debug: False
If a configuration property is not set, then it will use the default value set in ruby_aem.
However, if the invocation specifies an aem_id
attribute, then the value of that attribute will be used to identify the environment variables and configuration file. For example:
aem_bundle {
...
aem_id => 'myaem',
...
}
The invocation above will use environment variables with myaem_
prefix, e.g. myaem_username
, and it will use a configuration file named myaem.yaml
under Puppet config directory.
It is also possible to specify username and password at invocation level by specifying aem_username
and aem_password
attributes. For example:
aem_bundle {
...
aem_username => 'myusername',
aem_password => 'mypassword',
...
}
AEM
aem_aem { 'Wait until login page is ready':
ensure => login_page_is_ready,
retries_max_tries => 60,
retries_base_sleep_seconds => 5,
retries_max_sleep_seconds => 5,
}
aem_aem { 'Wait until CRX Package Manager is ready':
ensure => aem_package_manager_is_ready,
retries_max_tries => 60,
retries_base_sleep_seconds => 5,
retries_max_sleep_seconds => 5,
}
# this requires aem-healthcheck package to be installed
# https://github.com/shinesolutions/aem-healthcheck
aem_aem { 'Wait until health is ok':
ensure => aem_health_check_is_ok,
tags => 'deep',
combine_tags_or => false,
retries_max_tries => 60,
retries_base_sleep_seconds => 5,
retries_max_sleep_seconds => 5,
}
aem_aem { 'Wait until install status is finished':
ensure => install_status_is_finished,
retries_max_tries => 60,
retries_base_sleep_seconds => 5,
retries_max_sleep_seconds => 5,
}
aem_aem { 'Remove all agents':
ensure => all_agents_removed,
run_mode => 'author',
}
Authorizable Keystore
aem_authorizable_keystore { "Create new keystore for user authentication-service":
ensure => present,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
authorizable_id => 'authentication-service',
intermediate_path => '/home/users/system',
password => 'password1'
}
aem_authorizable_keystore { "Archive keystore for user authentication-service to a specific path":
ensure => archived,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
authorizable_id => 'authentication-service',
intermediate_path => '/home/users/system',
path => '/tmp'
}
aem_authorizable_keystore { "Archive keystore for user authentication-service to a specific path":
ensure => archived,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
authorizable_id => 'authentication-service',
intermediate_path => '/home/users/system',
file => '/tmp/store.p12'
}
aem_authorizable_keystore { "Remove keystore for user authentication-service":
ensure => absent,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
authorizable_id => 'authentication-service',
intermediate_path => '/home/users/system',
}
Authorizable Keystore Certificate
aem_certificate_chain { "Add certificate to user authentication-service keystore with certificate provided as file":
ensure => present,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
authorizable_id => 'authentication-service',
intermediate_path => '/home/users/system',
private_key_alias => 'alias_123'
private_key_file_path => '/tmp/private_key_pkcs8.der'
certificate_chain_file_path => '/tmp/cert_pem.crt'
}
aem_certificate_chain { "Remove a certificate from User1 keystore":
ensure => present,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
authorizable_id => 'authentication-service',
intermediate_path => '/home/users/system',
private_key_alias => 'alias_123'
}
Bundle
aem_bundle { 'Stop webdav bundle':
ensure => stopped,
name => 'org.apache.sling.jcr.webdav',
}
aem_bundle { 'Start webdav bundle':
ensure => started,
name => 'org.apache.sling.jcr.webdav',
}
Certificate
aem_certificate { "Add certificate by file name":
ensure => present,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
file => '/tmp/cert.crt'
}
aem_certificate { "Force adding certificate by file name":
ensure => present,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
file => '/tmp/cert.crt',
force => true
}
aem_certificate { "Archive certificate via serial number to a specified file path":
ensure => archived,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
truststore_password => 'admin'
serial => '1234567890'
file => '/tmp/cert.crt',
}
aem_certificate { "Remove certificate by file name":
ensure => absent,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
file => '/tmp/cert.crt'
}
aem_certificate { "Remove certificate by serial number":
ensure => absent,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
serial => '1234567890'
}
Config property
aem_config_property { 'Create https.enable property':
ensure => present,
name => 'org.apache.felix.https.enable',
type => 'Boolean',
value => true,
run_mode => 'author',
node_name => 'org.apache.felix.http',
}
Flush agent
aem_flush_agent { 'Create flush agent':
ensure => present,
name => 'some-flush-agent',
run_mode => 'author',
title => 'Some Flush Agent Title',
description => 'Some flush agent description',
dest_base_url => 'http://somehost:8080',
log_level => 'info',
retry_delay => 60000,
force => true,
}
aem_flush_agent { 'Delete flush agent':
ensure => absent,
name => 'some-flush-agent',
run_mode => 'author',
}
Group
aem_group { 'Create staff group':
ensure => present,
name => 'staff',
path => '/home/groups/s',
}
aem_group { 'Create contractor group':
ensure => present,
name => 'contractor',
path => '/home/groups/c',
}
aem_group { 'Create contractor group as a member of staff group':
ensure => present,
name => 'contractor',
path => '/home/groups/c',
parent_group_name => 'staff',
parent_group_path => '/home/groups/s',
}
aem_group { 'Create staff group and add contractor group as a member':
ensure => present,
name => 'staff',
path => '/home/groups/s',
member_group_name => 'contractor',
member_group_path => '/home/groups/c',
}
aem_group { 'Delete staff group':
ensure => absent,
name => 'staff',
path => '/home/groups/s',
}
Node
aem_node { 'Create http OSGI config node':
ensure => present,
name => 'org.apache.felix.http',
path => '/apps/system/config',
type => 'sling:OsgiConfig',
}
aem_node { 'Delete http OSGI config node':
ensure => absent,
name => 'org.apache.felix.http',
path => '/apps/system/config',
}
Package
aem_package { 'Install AEM6.2 hotfix 12785':
ensure => present,
name => 'cq-6.2.0-hotfix-12785',
group => 'adobe/cq620/hotfix',
version => '7.0',
path => '/tmp/',
replicate => false,
activate => true,
force => true,
}
aem_package { 'Archive Geometrixx apps':
ensure => archived,
name => 'somearchivedpackage',
group => 'somepackagegroup',
version => '1.2.3',
path => '/tmp/',
filter => '[{"root":"/apps/geometrixx","rules":[]},{"root":"/apps/geometrixx-common","rules":[]}]',
}
Path
aem_path { 'Activate /etc/designs/cloudservices/':
ensure => is_activated,
name => '/etc/designs/cloudservices/',
}
aem_path { 'Delete /etc/designs/somepath/':
ensure => absent,
name => '/etc/designs/somepath/',
}
Replication agent
aem_replication_agent { 'Create replication agent':
ensure => present,
name => 'some-replication-agent',
run_mode => 'author',
title => 'Some Replication Agent Title',
description => 'Some replication agent description',
dest_base_url => 'http://somehost:8080',
transport_user => 'someuser',
transport_password => 'somepass',
log_level => 'info',
retry_delay => 60000,
force => true,
}
aem_replication_agent { 'Delete replication agent':
ensure => absent,
name => 'some-replication-agent',
run_mode => 'author',
}
Outbox replication agent
aem_outbox_replication_agent { 'Create outbox replication agent':
ensure => present,
name => 'some-outbox-replication-agent',
run_mode => 'publish',
title => 'Some Outbox Replication Agent Title',
description => 'Some outbox replication agent description',
user_id => 'admin',
log_level => 'info',
force => true,
}
aem_outbox_replication_agent { 'Delete outbox replication agent':
ensure => absent,
name => 'some-outbox-replication-agent',
run_mode => 'publish',
}
Repository
aem_repository { 'Block repository writes':
ensure => writes_blocked,
}
aem_repository { 'Unblock repository writes':
ensure => writes_unblocked,
}
Saml
aem_saml { 'Create SAML configuration for AEM 6.2 with certificate provided via idp_cert_alias parameter':
ensure => present,
aem_username => 'admin',
aem_password => 'admin',
aem_id => 'author',
key_store_password => 'admin',
service_ranking => 5002,
idp_http_redirect => true,
create_user => true,
default_redirect_url => '/sites.html',
user_id_attribute => 'NameID',
default_groups => ['def-groups'],
idp_cert_alias => 'certalias___1542770831396',
add_group_memberships => true,
path => ['/'],
synchronize_attributes => [
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\=profile/givenName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\=profile/familyName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\=profile/email'
],
group_membership_attribute => 'http://temp/variable/aem-groups',
idp_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx?RequestBinding\=HTTPPost&loginToRp\=https://prod-aemauthor.com/saml_login',
logout_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx',
service_provider_entity_id => 'https://prod-aemauthor.com/saml_login',
handle_logout => true,
sp_private_key_alias => '',
use_encryption => false,
name_id_format => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
}
aem_saml { 'Create SAML configuration for AEM 6.3 with certificate provided via idp_cert_alias parameter':
ensure => present,
aem_username => 'admin',
aem_password => 'admin',
aem_id => 'author',
key_store_password => 'admin',
service_ranking => 5002,
idp_http_redirect => true,
create_user => true,
default_redirect_url => '/sites.html',
user_id_attribute => 'NameID',
default_groups => ['def-groups'],
idp_cert_alias => 'certalias___1542770831396',
add_group_memberships => true,
path => ['/'],
synchronize_attributes => [
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\=profile/givenName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\=profile/familyName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\=profile/email'
],
clock_tolerance => 60,
group_membership_attribute => 'http://temp/variable/aem-groups',
idp_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx?RequestBinding\=HTTPPost&loginToRp\=https://prod-aemauthor.com/saml_login',
logout_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx',
service_provider_entity_id => 'https://prod-aemauthor.com/saml_login',
handle_logout => true,
sp_private_key_alias => '',
use_encryption => false,
name_id_format => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
digest_method => 'http://www.w3.org/2001/04/xmlenc#sha256',
signature_method => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
}
aem_saml { 'Create SAML configuration for AEM 6.4 with certificate provided via idp_cert_alias parameter':
ensure => present,
aem_username => 'admin',
aem_password => 'admin',
aem_id => 'author',
key_store_password => 'admin',
service_ranking => 5002,
idp_http_redirect => true,
create_user => true,
default_redirect_url => '/sites.html',
user_id_attribute => 'NameID',
default_groups => ['def-groups'],
idp_cert_alias => 'certalias___1542770831396',
add_group_memberships => true,
path => ['/'],
synchronize_attributes => [
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\=profile/givenName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\=profile/familyName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\=profile/email'
],
clock_tolerance => 60,
group_membership_attribute => 'http://temp/variable/aem-groups',
idp_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx?RequestBinding\=HTTPPost&loginToRp\=https://prod-aemauthor.com/saml_login',
logout_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx',
service_provider_entity_id => 'https://prod-aemauthor.com/saml_login',
handle_logout => true,
sp_private_key_alias => '',
use_encryption => false,
name_id_format => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
digest_method => 'http://www.w3.org/2001/04/xmlenc#sha256',
signature_method => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
user_intermediate_path => '',
assertion_consumer_service_url => ''
}
aem_saml { 'Create SAML configuration for AEM 6.2 with certificate provided via serial number':
ensure => present,
aem_username => 'admin',
aem_password => 'admin',
aem_id => 'author',
key_store_password => 'admin',
service_ranking => 5002,
idp_http_redirect => true,
create_user => true,
default_redirect_url => '/sites.html',
user_id_attribute => 'NameID',
default_groups => ['def-groups'],
serial => '1234567890',
add_group_memberships => true,
path => ['/'],
synchronize_attributes => [
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\=profile/givenName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\=profile/familyName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\=profile/email'
],
group_membership_attribute => 'http://temp/variable/aem-groups',
idp_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx?RequestBinding\=HTTPPost&loginToRp\=https://prod-aemauthor.com/saml_login',
logout_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx',
service_provider_entity_id => 'https://prod-aemauthor.com/saml_login',
handle_logout => true,
sp_private_key_alias => '',
use_encryption => false,
name_id_format => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
}
aem_saml { 'Create SAML configuration for AEM 6.3 with certificate provided via serial number':
ensure => present,
aem_username => 'admin',
aem_password => 'admin',
aem_id => 'author',
key_store_password => 'admin',
service_ranking => 5002,
idp_http_redirect => true,
create_user => true,
default_redirect_url => '/sites.html',
user_id_attribute => 'NameID',
default_groups => ['def-groups'],
serial => '1234567890',
add_group_memberships => true,
path => ['/'],
synchronize_attributes => [
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\=profile/givenName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\=profile/familyName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\=profile/email'
],
clock_tolerance => 60,
group_membership_attribute => 'http://temp/variable/aem-groups',
idp_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx?RequestBinding\=HTTPPost&loginToRp\=https://prod-aemauthor.com/saml_login',
logout_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx',
service_provider_entity_id => 'https://prod-aemauthor.com/saml_login',
handle_logout => true,
sp_private_key_alias => '',
use_encryption => false,
name_id_format => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
digest_method => 'http://www.w3.org/2001/04/xmlenc#sha256',
signature_method => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
}
aem_saml { 'Create SAML configuration for AEM 6.4 with certificate provided via serial number':
ensure => present,
aem_username => 'admin',
aem_password => 'admin',
aem_id => 'author',
key_store_password => 'admin',
service_ranking => 5002,
idp_http_redirect => true,
create_user => true,
default_redirect_url => '/sites.html',
user_id_attribute => 'NameID',
default_groups => ['def-groups'],
serial => '1234567890',
add_group_memberships => true,
path => ['/'],
synchronize_attributes => [
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\=profile/givenName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\=profile/familyName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\=profile/email'
],
clock_tolerance => 60,
group_membership_attribute => 'http://temp/variable/aem-groups',
idp_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx?RequestBinding\=HTTPPost&loginToRp\=https://prod-aemauthor.com/saml_login',
logout_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx',
service_provider_entity_id => 'https://prod-aemauthor.com/saml_login',
handle_logout => true,
sp_private_key_alias => '',
use_encryption => false,
name_id_format => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
digest_method => 'http://www.w3.org/2001/04/xmlenc#sha256',
signature_method => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
user_intermediate_path => '',
assertion_consumer_service_url => ''
}
aem_saml { 'Create SAML configuration for AEM 6.2 with certificate provided as a file':
ensure => present,
aem_username => 'admin',
aem_password => 'admin',
aem_id => 'author',
key_store_password => 'admin',
service_ranking => 5002,
idp_http_redirect => true,
create_user => true,
default_redirect_url => '/sites.html',
user_id_attribute => 'NameID',
default_groups => ['def-groups'],
file => '/tmp/cert.crt',
add_group_memberships => true,
path => ['/'],
synchronize_attributes => [
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\=profile/givenName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\=profile/familyName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\=profile/email'
],
group_membership_attribute => 'http://temp/variable/aem-groups',
idp_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx?RequestBinding\=HTTPPost&loginToRp\=https://prod-aemauthor.com/saml_login',
logout_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx',
service_provider_entity_id => 'https://prod-aemauthor.com/saml_login',
handle_logout => true,
sp_private_key_alias => '',
use_encryption => false,
name_id_format => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient'
}
aem_saml { 'Create SAML configuration for AEM 6.3 with certificate provided as a file':
ensure => present,
aem_username => 'admin',
aem_password => 'admin',
aem_id => 'author',
key_store_password => 'admin',
service_ranking => 5002,
idp_http_redirect => true,
create_user => true,
default_redirect_url => '/sites.html',
user_id_attribute => 'NameID',
default_groups => ['def-groups'],
file => '/tmp/cert.crt',
add_group_memberships => true,
path => ['/'],
synchronize_attributes => [
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\=profile/givenName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\=profile/familyName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\=profile/email'
],
clock_tolerance => 60,
group_membership_attribute => 'http://temp/variable/aem-groups',
idp_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx?RequestBinding\=HTTPPost&loginToRp\=https://prod-aemauthor.com/saml_login',
logout_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx',
service_provider_entity_id => 'https://prod-aemauthor.com/saml_login',
handle_logout => true,
sp_private_key_alias => '',
use_encryption => false,
name_id_format => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
digest_method => 'http://www.w3.org/2001/04/xmlenc#sha256',
signature_method => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
}
aem_saml { 'Create SAML configuration for AEM 6.4 with certificate provided as a file':
ensure => present,
aem_username => 'admin',
aem_password => 'admin',
aem_id => 'author',
key_store_password => 'admin',
service_ranking => 5002,
idp_http_redirect => true,
create_user => true,
default_redirect_url => '/sites.html',
user_id_attribute => 'NameID',
default_groups => ['def-groups'],
file => '/tmp/cert.crt',
add_group_memberships => true,
path => ['/'],
synchronize_attributes => [
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname\=profile/givenName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\=profile/familyName',
'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress\=profile/email'
],
clock_tolerance => 60,
group_membership_attribute => 'http://temp/variable/aem-groups',
idp_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx?RequestBinding\=HTTPPost&loginToRp\=https://prod-aemauthor.com/saml_login',
logout_url => 'https://federation.prod.com/adfs/ls/IdpInitiatedSignOn.aspx',
service_provider_entity_id => 'https://prod-aemauthor.com/saml_login',
handle_logout => true,
sp_private_key_alias => '',
use_encryption => false,
name_id_format => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
digest_method => 'http://www.w3.org/2001/04/xmlenc#sha256',
signature_method => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
user_intermediate_path => '',
assertion_consumer_service_url => ''
}
aem_saml { 'Remove SAML configuration':
ensure => absent,
aem_username => 'admin',
aem_password => 'admin',
aem_id => 'author',
}
SSL
aem_ssl { 'Enable Granite SSL Config':
ensure => present,
https_hostname => 'localhost',
https_port => 5432,
keystore_password => 'somekeystorepassword',
truststore_password => 'sometruststorepassword',
privatekey_file_path => '/tmp/shinesolutions/puppet-aem-resources/cert_ssl.der',
certificate_file_path => '/tmp/shinesolutions/puppet-aem-resources/cert_ssl.crt',
}
aem_ssl { 'Remove Granite SSL Config':
ensure => absent
}
Truststore
aem_truststore { "Create Truststore":
ensure => present,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
password => 'admin'
}
aem_truststore { "Import Truststore from file provided via file":
ensure => present,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
password => 'admin'
file => '/root/truststore.p12'
}
aem_truststore { "Archive Truststore to /root":
ensure => archived,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
path => '/root'
}
aem_truststore { "Archive Truststore to /root/truststore.p12":
ensure => archived,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin',
file => '/root/truststore.p12'
}
aem_truststore { "Delete Truststore":
ensure => absent,
aem_id => 'author',
aem_username => 'admin',
aem_password => 'admin'
}
User
aem_user { 'Create user charlie without any group':
ensure => present,
name => 'charlie',
path => '/home/users/c',
password => 'somepassword',
permission => {
'/libs' => ['read:false', 'modify:false', 'create:false', 'delete:false', 'acl_read:false', 'acl_edit:false', 'replicate:false'],
'/var' => ['read:false', 'modify:false', 'create:false', 'delete:false', 'acl_read:false', 'acl_edit:false', 'replicate:false'],
'/tmp' => ['read:false', 'modify:false', 'create:false', 'delete:false', 'acl_read:false', 'acl_edit:false', 'replicate:false'],
},
}
aem_user { 'Create user bob and add to administrators group':
ensure => present,
name => 'bob',
path => '/home/users/b',
password => 'somepassword',
group_name => 'administrators',
group_path => '/home/groups/a',
}
aem_user { 'Add user charlie to administrators group':
ensure => added_to_group,
name => 'charlie',
path => '/home/users/c',
group_name => 'administrators',
group_path => '/home/groups/a'
}
aem_user { 'Change user bob password':
ensure => password_changed,
name => 'bob',
path => '/home/users/b',
old_password => 'somepassword',
new_password => 'somenewpassword'
}
aem_user { 'Delete user':
ensure => absent,
name => 'bob',
path => '/home/users/b',
}
aem_user { 'Update replication-service user permission':
ensure => has_permission,
name => 'replication-service',
path => '/home/users/system/',
permission => {
'/etc/replication/agents.author' => ['replicate:false'],
'/etc/replication/agents.publish' => ['replicate:false']
}
}
Other than single AEM resource, this module also provides predefined classes for common AEM provisioning tasks.
Remove default agents on AEM Author:
aem_resources::author_remove_default_agents { 'Remove default author agents':
}
Remove default agents on AEM Publish:
aem_resources::publish_remove_default_agents { 'Remove default publish agents':
}
Set AEM Author Primary configuration:
aem_resources::author_primary_set_config { 'Set author primary config':
aem_home_dir => '/opt/aem/author'
}
Set AEM Author Standby configuration:
aem_resources::author_standby_set_config { 'Set author standby config':
aem_home_dir => '/opt/aem/author',
primary_host => 'somehost',
}
Set AEM Publish configuration:
aem_resources::publish_set_config { 'Set Publish config':
aem_home_dir => '/opt/aem/publish'
}
Create system users (orchestrator, replicator, deployer, exporter, importer):
aem_resources::create_system_users { 'Create system users':
}
Create system users with predefined path and password:
aem_resources::create_system_users { 'Create system users with custom passwords':
aem_system_users => {
deployer => {
name => 'deployer',
path => '/home/users/q',
password => 'customdeployerpassword',
},
exporter => {
name => 'exporter',
path => '/home/users/e',
password => 'customexporterpassword',
},
importer => {
name => 'importer',
path => '/home/users/i',
password => 'customimporterpassword',
},
orchestrator => {
name => 'orchestrator',
path => '/home/users/o',
password => 'customorchestratorpassword',
},
replicator => {
name => 'replicator',
path => '/home/users/r',
password => 'customreplicatorpassword',
}
}
}
Change system users password:
aem_resources::change_system_users_password { 'Change system users password':
aem_system_users => {
deployer => {
name => 'deployer',
path => '/home/users/q',
old_password => 'deployer',
new_password => 'newdeployerpassword',
},
exporter => {
name => 'exporter',
path => '/home/users/e',
old_password => 'exporter',
new_password => 'newexporterpassword',
},
importer => {
name => 'importer',
path => '/home/users/i',
old_password => 'importer',
new_password => 'newimporterpassword',
},
orchestrator => {
name => 'orchestrator',
path => '/home/users/o',
old_password => 'orchestrator',
new_password => 'neworchestratorpassword',
},
replicator => {
name => 'replicator',
path => '/home/users/r',
old_password => 'replicator',
new_password => 'newreplicatorpassword',
}
}
}
Create Puppet AEM Resources' configuration file:
aem_resources::puppet_aem_resources_set_config { 'Set puppet-aem-resources config file for author':
conf_dir => '/tmp/puppet-aem-resources/',
username => 'admin',
password => 'admin',
protocol => 'http',
host => 'localhost',
port => 4502,
timeout => 300,
debug => false,
}
Enable CRXDE:
aem_resources::enable_crxde { 'Enable CRXDE':
run_mode => 'author',
}
Create OSGI Configuration:
Setting the OSGI configuration in the manifest set_osgi_config
is done by using the class aem::osgi::config
from the puppet-module bstopp/aem
.
aem_resources::set_osgi_config {"Author-Primary set OSGI configuration":
aem_home_dir => '/opt/aem/author',
aem_user => 'aem-author',
aem_user_group => 'aem-author',
aem_id => 'author',
osgi_configs => {
'org.apache.jackrabbit.oak.plugins.segment' => {
'org.apache.sling.installer.configuration.persist' => false,
'name' => 'Oak-Tar',
'service.ranking' => 100,
'standby' => false,
'customBlobstore' => true
},
'org.apache.jackrabbit.oak.plugins.segment.standby.store.StandbyStoreService' => {
'org.apache.sling.installer.configuration.persist' => false,
'mode' => 'primary',
'port' => 8023,
'secure' => true,
'interval' => 5
}
}
}
Enable Development bundles:
aem_resources::enable_development_bundles { 'Enable Development bundles':
run_mode => 'author',
}
Disable Development bundles:
aem_resources::disable_development_bundles { 'Disable Development bundles':
run_mode => 'author',
}
Starting from version 2.0.0, it is possible to use Puppet AEM Resources to provision multiple AEM instances on the same machine.
Let's say you have an AEM author instance at http://localhost:4502 and an AEM publish instance at https://localhost:5433 . Set up the following configuration files:
<puppet-config-dir>/myaemauthor.yaml
---
:username: 'admin'
:password: 'admin'
:protocol: 'http'
:host: 'localhost'
:port: 4502
:timeout: 300
:debug: False
<puppet-config-dir>/myaempublish.yaml
---
:username: 'admin'
:password: 'admin'
:protocol: 'https'
:host: 'localhost'
:port: 5433
:timeout: 300
:debug: False
Then specify aem_id
attribute on resource invocation in Puppet manifest:
aem_bundle { 'Stop webdav bundle':
ensure => stopped,
name => 'org.apache.sling.jcr.webdav',
aem_id => 'myaemauthor',
}
aem_bundle { 'Stop webdav bundle':
ensure => stopped,
name => 'org.apache.sling.jcr.webdav',
aem_id => 'myaempublish',
}
The above example will stop webdav bundle on both your AEM author instance and AEM publish instance.
Some types support multiple AEM versions due to differences how particular features are implemented between those AEM versions.
For example, AEM Author Standby configuration package was org.apache.jackrabbit.oak.plugins.segment
in AEM <= 6.2, and it was changed to org.apache.jackrabbit.oak.segment
in AEM >= 6.3 .
Starting version 2.1.1, aem_version
attribute was added to the corresponding types:
aem_resources::author_standby_set_config { 'Set author standby config':
install_dir => '/opt/aem/crx-quickstart/install',
primary_host => 'somehost',
aem_version => '6.3',
}
Due to the need to change the state of some resources from within the same manifest, both aem_bundle
and aem_user
have alias resources named aem_bundle_alias
and aem_user_alias
.
For example, this allows you to stop and start a bundle from within the same manifest:
aem_bundle { 'Stop webdav bundle': ensure => stopped, name => 'org.apache.sling.jcr.webdav', }
...
aem_bundle_alias { 'Start webdav bundle': ensure => started, name => 'org.apache.sling.jcr.webdav', }
Upgrading to 2.x.x:
-
Replace all class calls to definitions.
From:
class { 'aem_resources::enable_crxde': run_mode => 'author', }
To:
aem_resources::enable_crxde { 'Enable CRXDE': run_mode => 'author', }
If you run AEM on a non default port 4502
, then you need to specify the port number as environment variable:
aem_port=45622 author_port=45622 make test-integration
The aem_port
environment variable is used by provisioning steps that use default aem_id
. author_port
is used by the ones that specify author
aem_id
.