pkdavidson
commented
6 years ago If I recall correctly, all you need to do is put the files into a location that is accessible to Chef and with proper permissions so that Chef can read them and then the recipes will deal with putting them where they belong in the installation folders as it progresses with the installation. I have not done a Linux install of an ArcGIS Enterprise setup but I don't know why it would be any different in regards to the your provisioning and SSL files. It does occur to me though, that you might need to install your SSL cert as you normally would for any server prior to running the cookbook. Similarly, you need to manually open any ports in your firewalls prior to cooking things up.
I would suggest that you look at the provided Json examples and try to emulate the file structure you see in there as much as you can. The reason for this is that as upgrades come out, the less you have to tweak the Json files, the quicker and easier it is to get upgrades up and running. Ditto really for the initial install also. Obviously, it's pretty easy to use a good text editor and make all the changes you need regarding folder/file paths. But I have found over time, that the more I can emulate the setups as published by Pavel, the easier my life is in terms of running Chef and especially down the road as upgrades of both the cookbooks and the Esri AGS Enterprise packages. Hope this made sense and helps.
I would have to dig into some installations and wade through the cobwebs to find details about the SLL certs and their installation. But of course it can't hurt to have already installed them on the server anyway.
BTW - I just found this note from Pavel from 2015 regarding certificates: Things might have changed since 2015 and if so I imagine you'll hear tomorrow.
The arcgis cookbook works with SSL certificates like this: 1.If HTTPS is already configured in IIS - it does not touch it. 2.If SSL certificate file (.pfx) and password are provided in the json attributes - it uses the certificate to configure HTTPS. 3.Otherwise, it generates a self-signed SSL certificate and configures HTTPS in IIS using that certificate (WARNING the certificate expires next day).
I will say this, do everything you can do to avoid using self-signed certs. I recall being anxious to get going and doing an initial install with the self signed until our domain cert came in. That was a mistake. I've found that the self-signed certs give me nothing but trouble over time. It's like they weasel their way into places they don't really belong and then can be difficult to find them all and get rid of them, or rather replace them with the proper certs. FWIW - we use a domain cert here rather than individual certs per server. (*.ourdomain.org) This allows me to use one cert file for all the servers in the setup. I believe some argue that this is not the most secure (probably not) but given our setup, it's probably plenty adequate and sure makes administration of the certs easier.
In thinking this over, I do believe I typically have applied the cert to IIS prior to cooking things up but not always. I have taken advantage of item #2 above to let Chef configure the web adapters and IIS for me. But it also occurs to me that there have been times when I have had to tweak the setup after the fact to get things just right.
My experience is that the cleaner the setup I can start with, the closer to scratch that I can have the server setup before running Chef, the more consistent and successful the install will be. Typically I will clone the VM and if I have to tweak things as I install, depending on the tweak, I'll often go back to the clean VM or modified VM and repeat the install from scratch until I get it to run start to finish without any hiccups. This gives me a rather pure server provisioned as expected by chef without any hacks of my own to get past a hiccup. My experience is that doing this makes my life to support and upgrade the server down the road a lot easier. And makes my servers and server environments much more consistent and hence easier to support and work on.
Best of luck.
yeonkim
cameronkroeker
Hello,
I'm new to setting up arcGIS via Chef and have only some experience with chef. I'm trying to understand how to put the license file and SSL files in place. In other cookbooks I've worked with, I put files onto the servers with cookbook_file or template_file but I'm not seeing either option in the cookbooks. I've been trying to find where to store the license and SSL files so everything is licensed appropriately.
I've also been following the guide at: https://github.com/Esri/arcgis-cookbook/wiki/Automate-a-multi-machine-ArcGIS-Enterprise-deployment-on-Linux-using-Chef-Server
Unfortunately, the link for arcgis-enterprise-linux-roles.zip does not exist and I'm not able to locate them anywhere. It seems like it may be part of webgis-ubuntu.json role but I wanted to confirm.
To recap: 1) Where do I store the license file in Chef to ensure appropriately licensed products. 2) Where do I put the SSL files in Chef to ensure a properly secure site. 3) Where are the roles for the demo environment (arcgis-enterprise-linux-roles.zip) or is there an updated wiki page for the installation.