OPSEXP-1199 Adds and documents a license installation mechanism (#674)

* Adds and document a license installation mechanism

.travis.yml

@@ -49,7 +49,7 @@ branches:
     - download-trial
     - /feature.*/
     - /fix.*/
-    - /OPSEXP-.*/
+    - /(?i:OPSEXP)-.*/
     - /ACS-.*/
     - /ATS-.*/
 

docs/helm/README.md

@@ -34,6 +34,7 @@ There are also several [examples](./examples) showing how to deploy with various
 * [Enable access to Search Services](./examples/search-external-access.md)
 * [Enable Email Services](./examples/email-enabled.md)
 * [Use a custom metadata keystore](./examples/custom-metadata-keystore.md)
+* [Install ACS license as part of the deployment](./examples/alf_license.md)
 
 ## Configure
 

docs/helm/examples/alf_license.md

@@ -0,0 +1,44 @@
+# Deploy Alfresco Content Services with the ability to manage licenses
+
+Alfresco content repository Docker images come with an embedded license which last only 2 days. If you've built a custom image, it may have a one year license but in order to change it you would need to build a new image.
+You can configure the ACS Helm chart so the license is instead read from a kubernetes secret so that when it's time to renew the license the only thing you need to do is to update that secret as needed.
+
+This rely on 2 steps:
+
+## Create a kubernetes secret to store the license.
+
+Make sure your license available is readable and you have appropriate kubernetes access in order to create a secret in the ACS namespace where you want to deploy the helm release.
+
+```bash
+ACS_NAMESPACE=acs
+LIC64=$(base64 < ~/Downloads/Alfresco-ent72-foobar.lic)
+cat <<EOF | kubectl -n $ACS_NAMESPACE apply -f -
+apiVersion: v1
+kind: Secret
+metadata:
+  name: acslicense
+type: Opaque
+data:
+  alfresco.lic: $LIC64
+EOF
+```
+
+## Configure the chart to leverage that secret.
+
+In the chart value file add the following:
+
+```yaml
+repository:
+  licenseSecret: acslicense
+```
+
+> You can obtain a license file for your Alfresco enterprise subscription from the [Hyland Community portal](https://community.hyland.com/)
+
+## Applying a new license.
+
+Before your license expires you will want to apply a new one. It's actually very easy do to so. All you need to do is overwrite the secret you created on previous deployment.
+You can use the exact same command just replacing the license file with the new one.
+
+> Secret update will trigger pods update. The default update strategy with repository pods is set to `Recreate`.
+> As a consequence updating the license will trigger a downtime. You might want to switch the repository deployment to a smoother update strategy by removing `Recreate` setting.
+> See [our main chart doc](/helm/alfresco-content-services/README.md) for details on `RollingUpdate` strategy.

helm/alfresco-content-services/README.md

@@ -223,6 +223,7 @@ Hence, setting up explicit Container memory and then assigning a percentage of i
 | repository.initContainers.fs.image.tag | string | `"1.34.1"` |  |
 | repository.initContainers.fs.resources.limits.memory | string | `"10Mi"` |  |
 | repository.initContainers.fs.resources.requests.memory | string | `"5Mi"` |  |
+| repository.licenseSecret | string | `nil` |  |
 | repository.livenessProbe.initialDelaySeconds | int | `130` |  |
 | repository.livenessProbe.periodSeconds | int | `20` |  |
 | repository.livenessProbe.timeoutSeconds | int | `10` |  |

helm/alfresco-content-services/templates/config-repository.yaml

@@ -17,7 +17,11 @@ data:
   {{ $alfhost := tpl (.Values.externalHost | default (printf "%s-repository" (include "content-services.shortname" .))) $ }}
   {{ $alfprotocol := tpl (.Values.externalProtocol | default "http") $ }}
   {{ $alfport := tpl ((.Values.externalPort | default .Values.repository.service.externalPort) | toString) $ }}
-  ALFRESCO_OPTS: " -Dalfresco.host={{ $alfhost }}
+  ALFRESCO_OPTS: "
+      {{ if .Values.repository.licenseSecret -}}
+        -Ddir.license.external=/usr/local/tomcat/shared/classes/alfresco/extension/license/
+      {{- end }}
+      -Dalfresco.host={{ $alfhost }}
       -Dalfresco.protocol={{ $alfprotocol }}
       -Dalfresco.port={{ $alfport }}
       {{- if or (eq $alfport "80") (eq $alfport "443") }}

helm/alfresco-content-services/templates/deployment-repository.yaml

@@ -81,6 +81,10 @@ spec:
 {{ toYaml .Values.repository.resources | indent 12 }}
           {{- if .Values.persistence.repository.enabled }}
           volumeMounts:
+          {{- if .Values.repository.licenseSecret }}
+          - mountPath: /usr/local/tomcat/shared/classes/alfresco/extension/license/
+            name: acs-license
+          {{- end }}
           {{- if .Values.repository.extraLogStatements }}
           - name: dev-log4j-properties-volume
             mountPath: /usr/local/tomcat/shared/classes/alfresco/extension/dev-log4j.properties
@@ -206,6 +210,11 @@ spec:
               mountPath: /var/run/secrets/java.io/keystores
         {{- end }}
       volumes:
+      {{- if .Values.repository.licenseSecret }}
+      - name: acs-license
+        secret:
+          secretName: {{ .Values.repository.licenseSecret }}
+      {{- end }}
       {{- if .Values.repository.extraLogStatements }}
       - name : dev-log4j-properties-volume
         configMap:

helm/alfresco-content-services/values.yaml

@@ -12,6 +12,10 @@
 repository:
   # -- Administrator password for ACS in md5 hash format
   adminPassword: "209c6174da490caeb422f3fa5a7ae634"
+  # -- The name of the secret holding the ACS repository license if any (otherwise the image embeded license is used).
+  # it must be contained within a `data['*.lic']` property
+  # See https://github.com/Alfresco/acs-deployment/blob/master/docs/helm/examples/alf_license.md for details on how to manage license
+  licenseSecret: null
   edition: Enterprise
   replicaCount: 2
   strategy:
@@ -87,8 +91,8 @@ repository:
     initialDelaySeconds: 130
     periodSeconds: 20
     timeoutSeconds: 10
-  extraVolumeMounts: []
   extraVolumes: []
+  extraVolumeMounts: []
   extraSideContainers: []
   extraInitContainers: []
   command: []