The playbook installs a default keystore to ease the installation process, however, we recommend you generate your own keystore (see the Secure Keys section in the Alfresco Search Services documentation).
There are three steps required to use a custom keystore:
- Place your generated keystore file in the configuration_files/keystores folder. These are copied to /var/opt/alfresco/content-services/keystore.
- Override the use_custom_keystores variable defined in your inventory as a repository group variable.
- Override the acs_environment variable and define your custom JAVA_TOOL_OPTIONS configuration.
- Add repo_custom_keystore_password and repo_custom_keystore_metadata_password in vars/secrets.yml
An example custom extra-vars file is shown below:
repository: vars: use_custom_keystores: true acs_environment: JAVA_OPTS: - -Xms512m - -Xmx3g - -XX:+DisableExplicitGC - -Djava.awt.headless=true - -XX:ReservedCodeCacheSize=128m - $JAVA_OPTS" JAVA_TOOL_OPTIONS: - -Dencryption.keystore.type=pkcs12 - -Dencryption.cipherAlgorithm=AES/CBC/PKCS5Padding - -Dencryption.keyAlgorithm=AES - -Dencryption.keystore.location=/var/opt/alfresco/content-services/keystore/<your-keystore-file> - -Dmetadata-keystore.metadata.algorithm=AES"