OPSEXP-1940: add solr/repo tracking secret

docs/helm/docker-desktop-deployment.md

@@ -140,30 +140,31 @@ Fortunately this can all be achieved with one, albeit large, command as shown be
 
 ```bash
 helm install acs alfresco/alfresco-content-services \
---set externalPort="80" \
---set externalProtocol="http" \
---set externalHost="localhost" \
---set global.alfrescoRegistryPullSecrets=quay-registry-secret \
---set repository.replicaCount=1 \
---set transformrouter.replicaCount=1 \
---set pdfrenderer.replicaCount=1 \
---set imagemagick.replicaCount=1 \
---set libreoffice.replicaCount=1 \
---set tika.replicaCount=1 \
---set transformmisc.replicaCount=1 \
---set postgresql-syncservice.resources.requests.memory="500Mi" \
---set postgresql-syncservice.resources.limits.memory="500Mi" \
---set postgresql.resources.requests.memory="500Mi" \
---set postgresql.resources.limits.memory="500Mi" \
---set alfresco-search.resources.requests.memory="1000Mi" \
---set alfresco-search.resources.limits.memory="1000Mi" \
---set share.resources.limits.memory="1500Mi" \
---set share.resources.requests.memory="1500Mi" \
---set repository.resources.limits.memory="2500Mi" \
---set repository.resources.requests.memory="2500Mi" \
---atomic \
---timeout 10m0s \
---namespace alfresco
+  --set externalPort="80" \
+  --set externalProtocol="http" \
+  --set externalHost="localhost" \
+  --set global.tracking.sharedsecret=$(openssl rand -hex 24) \
+  --set global.alfrescoRegistryPullSecrets=quay-registry-secret \
+  --set repository.replicaCount=1 \
+  --set transformrouter.replicaCount=1 \
+  --set pdfrenderer.replicaCount=1 \
+  --set imagemagick.replicaCount=1 \
+  --set libreoffice.replicaCount=1 \
+  --set tika.replicaCount=1 \
+  --set transformmisc.replicaCount=1 \
+  --set postgresql-syncservice.resources.requests.memory="500Mi" \
+  --set postgresql-syncservice.resources.limits.memory="500Mi" \
+  --set postgresql.resources.requests.memory="500Mi" \
+  --set postgresql.resources.limits.memory="500Mi" \
+  --set alfresco-search.resources.requests.memory="1000Mi" \
+  --set alfresco-search.resources.limits.memory="1000Mi" \
+  --set share.resources.limits.memory="1500Mi" \
+  --set share.resources.requests.memory="1500Mi" \
+  --set repository.resources.limits.memory="2500Mi" \
+  --set repository.resources.requests.memory="2500Mi" \
+  --atomic \
+  --timeout 10m0s \
+  --namespace alfresco
 ```
 
 > NOTE: The command will wait until the deployment is ready so please be patient. See below for [troubleshooting](./docker-desktop-deployment.md#troubleshooting) tips.

docs/helm/eks-deployment.md

@@ -309,17 +309,18 @@ Deploy the latest version of ACS by running the following command (replacing `YO
 
 ```bash
 helm install acs alfresco/alfresco-content-services \
---set externalPort="443" \
---set externalProtocol="https" \
---set externalHost="acs.YOUR-DOMAIN-NAME" \
---set repository.persistence.enabled=true \
---set repository.persistence.storageClass="nfs-client" \
---set filestore.persistence.enabled=true \
---set filestore.persistence.storageClass="nfs-client" \
---set global.alfrescoRegistryPullSecrets=quay-registry-secret \
---atomic \
---timeout 10m0s \
---namespace=alfresco
+  --set externalPort="443" \
+  --set externalProtocol="https" \
+  --set externalHost="acs.YOUR-DOMAIN-NAME" \
+  --set repository.persistence.enabled=true \
+  --set repository.persistence.storageClass="nfs-client" \
+  --set filestore.persistence.enabled=true \
+  --set filestore.persistence.storageClass="nfs-client" \
+  --set global.alfrescoRegistryPullSecrets=quay-registry-secret \
+  --set global.tracking.sharedsecret=$(openssl rand -hex 24) \
+  --atomic \
+  --timeout 10m0s \
+  --namespace=alfresco
 ```
 
 > NOTE: The command will wait until the deployment is ready so please be patient.
@@ -362,6 +363,7 @@ helm install acs alfresco/alfresco-content-services \
     --set filestore.persistence.enabled=true \
     --set filestore.persistence.storageClass="nfs-client" \
     --set global.alfrescoRegistryPullSecrets=quay-registry-secret \
+    --set global.tracking.sharedsecret=$(openssl rand -hex 24) \
     --atomic \
     --timeout 10m0s \
     --namespace=alfresco

docs/helm/examples/email-enabled.md

@@ -27,33 +27,34 @@ Deploy the latest version of ACS Enterprise by running the command below (replac
 
 ```bash
 helm install acs alfresco/alfresco-content-services \
---set externalPort="443" \
---set externalProtocol="https" \
---set externalHost="acs.YOUR-DOMAIN-NAME" \
---set repository.persistence.enabled=true \
---set repository.persistence.storageClass="nfs-client" \
---set filestore.persistence.enabled=true \
---set filestore.persistence.storageClass="nfs-client" \
---set global.alfrescoRegistryPullSecrets=quay-registry-secret \
---set mail.host="smtp.gmail.com" \
---set mail.from.default="some.user@gmail.com" \
---set mail.username="some.user@gmail.com" \
---set mail.password="somepassword" \
---set mail.protocol=smtps \
---set mail.smtp.auth=true \
---set mail.smtps.auth=true \
---set email.server.enabled=true \
---set email.server.auth.enabled=true \
---set email.server.enableTLS=true \
---set email.server.domain=smtps-myacs.example.com \
---set email.inbound.unknownUser="some.user@gmail.com" \
---set email.ssl.secretName=your-cert-secret \
---set imap.server.enabled=true \
---set imap.server.imap.enabled=true \
---set imap.server.imaps.enabled=true \
---atomic \
---timeout 10m0s \
---namespace=alfresco
+  --set externalPort="443" \
+  --set externalProtocol="https" \
+  --set externalHost="acs.YOUR-DOMAIN-NAME" \
+  --set repository.persistence.enabled=true \
+  --set repository.persistence.storageClass="nfs-client" \
+  --set filestore.persistence.enabled=true \
+  --set filestore.persistence.storageClass="nfs-client" \
+  --set global.alfrescoRegistryPullSecrets=quay-registry-secret \
+  --set global.tracking.sharedsecret=$(openssl rand -hex 24) \
+  --set mail.host="smtp.gmail.com" \
+  --set mail.from.default="some.user@gmail.com" \
+  --set mail.username="some.user@gmail.com" \
+  --set mail.password="somepassword" \
+  --set mail.protocol=smtps \
+  --set mail.smtp.auth=true \
+  --set mail.smtps.auth=true \
+  --set email.server.enabled=true \
+  --set email.server.auth.enabled=true \
+  --set email.server.enableTLS=true \
+  --set email.server.domain=smtps-myacs.example.com \
+  --set email.inbound.unknownUser="some.user@gmail.com" \
+  --set email.ssl.secretName=your-cert-secret \
+  --set imap.server.enabled=true \
+  --set imap.server.imap.enabled=true \
+  --set imap.server.imaps.enabled=true \
+  --atomic \
+  --timeout 10m0s \
+  --namespace=alfresco
 ```
 
 > NOTE: If you are using GMail or Yahoo as the outbound email server, your application's attempts to send outgoing emails may be blocked by the email providers due to their security policies as if it considers the authentication attempts to be suspicious. When this happens, you will receive a security alert at the corresponding email address. To proceed, you will need to manually confirm the validity of the authentication attempt before the email provider will permit the application to send outbound emails. For more information on [Less secure apps & your Google Account](https://support.google.com/accounts/answer/6010255).

docs/helm/examples/search-services.md

@@ -83,19 +83,20 @@ previous section).
 
 ```bash
 helm install acs alfresco/alfresco-content-services \
---set externalPort="443" \
---set externalProtocol="https" \
---set externalHost="acs.YOUR-DOMAIN-NAME" \
---set persistence.enabled=true \
---set persistence.storageClass.enabled=true \
---set persistence.storageClass.name="nfs-client" \
---set global.alfrescoRegistryPullSecrets=quay-registry-secret \
---set alfresco-search.ingress.enabled=true \
---set alfresco-search.ingress.basicAuth="YOUR-BASIC-AUTH" \
---set alfresco-search.ingress.whitelist_ips="YOUR_IPS" \
---atomic \
---timeout 10m0s \
---namespace=alfresco
+  --set externalPort="443" \
+  --set externalProtocol="https" \
+  --set externalHost="acs.YOUR-DOMAIN-NAME" \
+  --set persistence.enabled=true \
+  --set persistence.storageClass.enabled=true \
+  --set persistence.storageClass.name="nfs-client" \
+  --set global.tracking.sharedsecret=dummy \
+  --set global.alfrescoRegistryPullSecrets=quay-registry-secret \
+  --set alfresco-search.ingress.enabled=true \
+  --set alfresco-search.ingress.basicAuth="YOUR-BASIC-AUTH" \
+  --set alfresco-search.ingress.whitelist_ips="YOUR_IPS" \
+  --atomic \
+  --timeout 10m0s \
+  --namespace=alfresco
 ```
 
 ### Upgrade ACS Helm Chart With Search External Access

docs/helm/examples/with-ai.md

@@ -20,35 +20,36 @@ When we bring all this together we can deploy ACS using the command below (repla
 
 ```bash
 helm install acs alfresco/alfresco-content-services \
---set externalPort="443" \
---set externalProtocol="https" \
---set externalHost="acs.YOUR-DOMAIN-NAME" \
---set repository.persistence.enabled=false \
---set filestore.persistence.enabled=true \
---set filestore.persistence.storageClass="nfs-client" \
---set global.alfrescoRegistryPullSecrets=quay-registry-secret \
---set repository.image.repository="quay.io/alfresco/alfresco-content-repository-aws" \
---set share.image.repository="quay.io/alfresco/alfresco-share-aws" \
---set s3connector.enabled=true \
---set s3connector.config.bucketName="YOUR-BUCKET-NAME" \
---set s3connector.config.bucketLocation="YOUR-AWS-REGION" \
---set postgresql.enabled=false \
---set database.external=true \
---set database.driver="org.postgresql.Driver" \
---set database.url="jdbc:postgresql://YOUR-DATABASE-ENDPOINT:5432/" \
---set database.user="alfresco" \
---set database.password="YOUR-DATABASE-PASSWORD" \
---set activemq.enabled=false \
---set messageBroker.url="YOUR-MQ-ENDPOINT" \
---set messageBroker.user="alfresco" \
---set messageBroker.password="YOUR-MQ-PASSWORD" \
---set global.ai.enabled=true \
---set ai.aws.accessKey="YOUR-AI-AWS-ACCESS-KEY-ID" \
---set ai.aws.secretAccessKey="YOUR-AI-AWS-SECRET-KEY" \
---set ai.aws.region="YOUR-AWS-REGION" \
---set ai.aws.s3Bucket="YOUR-AI-BUCKET-NAME" \
---set ai.aws.comprehendRoleARN="YOUR-AI-AWS-COMPREHEND-ROLE-ARN" \
---atomic \
---timeout 10m0s \
---namespace=alfresco
+  --set externalPort="443" \
+  --set externalProtocol="https" \
+  --set externalHost="acs.YOUR-DOMAIN-NAME" \
+  --set repository.persistence.enabled=false \
+  --set filestore.persistence.enabled=true \
+  --set filestore.persistence.storageClass="nfs-client" \
+  --set global.tracking.sharedsecret=$(openssl rand -hex 24) \
+  --set global.alfrescoRegistryPullSecrets=quay-registry-secret \
+  --set repository.image.repository="quay.io/alfresco/alfresco-content-repository-aws" \
+  --set share.image.repository="quay.io/alfresco/alfresco-share-aws" \
+  --set s3connector.enabled=true \
+  --set s3connector.config.bucketName="YOUR-BUCKET-NAME" \
+  --set s3connector.config.bucketLocation="YOUR-AWS-REGION" \
+  --set postgresql.enabled=false \
+  --set database.external=true \
+  --set database.driver="org.postgresql.Driver" \
+  --set database.url="jdbc:postgresql://YOUR-DATABASE-ENDPOINT:5432/" \
+  --set database.user="alfresco" \
+  --set database.password="YOUR-DATABASE-PASSWORD" \
+  --set activemq.enabled=false \
+  --set messageBroker.url="YOUR-MQ-ENDPOINT" \
+  --set messageBroker.user="alfresco" \
+  --set messageBroker.password="YOUR-MQ-PASSWORD" \
+  --set global.ai.enabled=true \
+  --set ai.aws.accessKey="YOUR-AI-AWS-ACCESS-KEY-ID" \
+  --set ai.aws.secretAccessKey="YOUR-AI-AWS-SECRET-KEY" \
+  --set ai.aws.region="YOUR-AWS-REGION" \
+  --set ai.aws.s3Bucket="YOUR-AI-BUCKET-NAME" \
+  --set ai.aws.comprehendRoleARN="YOUR-AI-AWS-COMPREHEND-ROLE-ARN" \
+  --atomic \
+  --timeout 10m0s \
+  --namespace=alfresco
 ```

docs/helm/examples/with-aws-services.md

@@ -223,6 +223,8 @@ externalPort: 443
 externalProtocol: https
 externalHost: acs.YOUR-DOMAIN-NAME
 global:
+  tracking:
+    sharedsecret: dummy
   alfrescoRegistryPullSecrets: quay-registry-secret
   elasticsearch:
     host: YOUR-DOMAIN-HOSTNAME
@@ -296,6 +298,7 @@ helm -n alfresco install acs \
   --set externalProtocol="https" \
   --set externalHost="acs.YOUR-DOMAIN-NAME" \
   --set global.alfrescoRegistryPullSecrets=quay-registry-secret \
+  --set global.tracking.secret=dummy \
   --set global.elasticsearch.host=YOUR-DOMAIN-HOSTNAME \
   --set global.elasticsearch.port=443 \
   --set global.elasticsearch.protocol=https \

docs/helm/examples/with-ms-teams.md

@@ -19,36 +19,37 @@ When we bring all this together we can deploy ACS using the command below (repla
 
 ```bash
 helm install acs alfresco/alfresco-content-services \
---set externalPort="443" \
---set externalProtocol="https" \
---set externalHost="acs.YOUR-DOMAIN-NAME" \
---set repository.persistence.enabled=true \
---set filestore.persistence.enabled=true \
---set filestore.persistence.storageClass="nfs-client" \
---set global.alfrescoRegistryPullSecrets=quay-registry-secret \
---set s3connector.enabled=true \
---set s3connector.config.bucketName="YOUR-BUCKET-NAME" \
---set s3connector.config.bucketLocation="YOUR-AWS-REGION" \
---set postgresql.enabled=false \
---set database.external=true \
---set database.driver="org.postgresql.Driver" \
---set database.url="jdbc:postgresql://YOUR-DATABASE-ENDPOINT:5432/" \
---set database.user="alfresco" \
---set database.password="YOUR-DATABASE-PASSWORD" \
---set activemq.enabled=false \
---set messageBroker.url="YOUR-MQ-ENDPOINT" \
---set messageBroker.user="alfresco" \
---set messageBroker.password="YOUR-MQ-PASSWORD" \
---set msTeams.enabled=true \
---set msTeamsService.alfresco.baseUrl="https://acs.YOUR-DOMAIN-NAME:443"
---set msTeamsService.alfresco.digitalWorkspace.contextPath="/workspace/" \
---set msTeamsService.microsoft.app.id="YOUR-MS-APP-ID" \
---set msTeamsService.microsoft.app.password="YOUR-MS-APP-PWD" \
---set msTeamsService.microsoft.app.oauth.connectionName="alfresco" \
---set msTeamsService.teams.chat.filenameEnabled=true \
---set msTeamsService.teams.chat.metadataEnabled=true \
---set msTeamsService.teams.chat.imageEnabled=true \
---atomic \
---timeout 10m0s \
---namespace=alfresco
+  --set externalPort="443" \
+  --set externalProtocol="https" \
+  --set externalHost="acs.YOUR-DOMAIN-NAME" \
+  --set repository.persistence.enabled=true \
+  --set filestore.persistence.enabled=true \
+  --set filestore.persistence.storageClass="nfs-client" \
+  --set global.tracking.sharedsecret=$(openssl rand -hex 24) \
+  --set global.alfrescoRegistryPullSecrets=quay-registry-secret \
+  --set s3connector.enabled=true \
+  --set s3connector.config.bucketName="YOUR-BUCKET-NAME" \
+  --set s3connector.config.bucketLocation="YOUR-AWS-REGION" \
+  --set postgresql.enabled=false \
+  --set database.external=true \
+  --set database.driver="org.postgresql.Driver" \
+  --set database.url="jdbc:postgresql://YOUR-DATABASE-ENDPOINT:5432/" \
+  --set database.user="alfresco" \
+  --set database.password="YOUR-DATABASE-PASSWORD" \
+  --set activemq.enabled=false \
+  --set messageBroker.url="YOUR-MQ-ENDPOINT" \
+  --set messageBroker.user="alfresco" \
+  --set messageBroker.password="YOUR-MQ-PASSWORD" \
+  --set msTeams.enabled=true \
+  --set msTeamsService.alfresco.baseUrl="https://acs.YOUR-DOMAIN-NAME:443"
+  --set msTeamsService.alfresco.digitalWorkspace.contextPath="/workspace/" \
+  --set msTeamsService.microsoft.app.id="YOUR-MS-APP-ID" \
+  --set msTeamsService.microsoft.app.password="YOUR-MS-APP-PWD" \
+  --set msTeamsService.microsoft.app.oauth.connectionName="alfresco" \
+  --set msTeamsService.teams.chat.filenameEnabled=true \
+  --set msTeamsService.teams.chat.metadataEnabled=true \
+  --set msTeamsService.teams.chat.imageEnabled=true \
+  --atomic \
+  --timeout 10m0s \
+  --namespace=alfresco
 ```