Instantly share code, notes, and snippets.

@ieb /README.md
Created Sep 29, 2017

Embed
What would you like to do?
Configuring OAK-6575

This Gist contains information on how to Configure OAK-6575 to serve binary content direct from Oak via CloudFront, where the content is hosted in S3.

The provisioning model oak.txt in this Gist shows configuration.

Pre-requsites.

  • The deployment will be TarMK or MongoMK with a S3 DataStore.
  • Whoever is configuring needs root access to the AWS subscription to manage the keys in AWS.

Steps

#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# This is the OAK feature.
[feature name=oak]
#
# This is a standard oak.txt Provisioning model from Sling Trunk (launchpad/builder/src/main/provisioning/oak.txt) configured
# for OAK-6575. Search for OAK-6575 to see changes.
#
#
# Must have a version of Oak with the OAK-6575 patch
[variables]
oak.version=1.6.555-SNAPSHOT
# The segment node store is used via a configuration
[artifacts startLevel=10]
org.apache.felix/org.apache.felix.jaas/1.0.2
# OAK-6575: Required for the S3 DataStore to work.
[artifacts startLevel=1]
com.adobe.granite/com.adobe.granite.framework-fragment.sun-apache-xml/1.0.0
# OAK-6575: Required for the S3 DataStore to work.
[artifacts startLevel=5]
joda-time/joda-time/2.8.1
[artifacts startLevel=15]
org.apache.jackrabbit/oak-core/${oak.version}
org.apache.jackrabbit/oak-commons/${oak.version}
org.apache.jackrabbit/oak-lucene/${oak.version}
org.apache.jackrabbit/oak-blob/${oak.version}
# OAK-6575: Required for the S3 DataStore to work.
org.apache.jackrabbit/oak-blob-cloud/${oak.version}
org.apache.jackrabbit/oak-jcr/${oak.version}
# OAK-6575: Required for the S3 DataStore to work.
com.amazonaws/aws-java-sdk-osgi/1.11.24
# OAK-6575: Required for the S3 DataStore to work.
com.fasterxml.jackson.dataformat/jackson-dataformat-cbor/2.6.0
[artifacts startLevel=15 runModes=oak_tar]
org.apache.jackrabbit/oak-segment-tar/${oak.version}
[artifacts startLevel=15 runModes=oak_mongo]
org.mongodb/mongo-java-driver/3.4.1
com.h2database/h2-mvstore/1.4.194
# start the Oak server instance after all components have been configured
# and started to avoid restarting that component ( see SLING-4556 )
[artifacts startLevel=16]
org.apache.sling/org.apache.sling.jcr.oak.server/1.1.4
[configurations]
org.apache.felix.jaas.Configuration.factory-GuestLoginModule
jaas.controlFlag="optional"
jaas.classname="org.apache.jackrabbit.oak.spi.security.authentication.GuestLoginModule"
jaas.ranking=I"300"
org.apache.felix.jaas.Configuration.factory-LoginModuleImpl
jaas.controlFlag="required"
jaas.classname="org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImpl"
org.apache.felix.jaas.Configuration.factory-TokenLoginModule
jaas.controlFlag="sufficient"
jaas.classname="org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModule"
jaas.ranking=I"200"
org.apache.felix.jaas.ConfigurationSpi
jaas.defaultRealmName="jackrabbit.oak"
jaas.configProviderName="FelixJaasProvider"
org.apache.jackrabbit.oak.security.authentication.AuthenticationConfigurationImpl
org.apache.jackrabbit.oak.authentication.configSpiName="FelixJaasProvider"
org.apache.jackrabbit.oak.security.user.UserConfigurationImpl
groupsPath="/home/groups"
usersPath="/home/users"
defaultDepth="1"
importBehavior="besteffort"
org.apache.jackrabbit.oak.security.user.RandomAuthorizableNodeName
length=I"21"
org.apache.jackrabbit.oak.spi.security.user.action.DefaultAuthorizableActionProvider
enabledActions=["org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction"]
userPrivilegeNames=["jcr:all"]
groupPrivilegeNames=["jcr:read"]
# OAK-6575: Required for the S3 DataStore to work, replace ***s with your deepest secrets ;).
org.apache.jackrabbit.oak.plugins.blob.datastore.S3DataStore
accessKey="AJ**********MM"
connectionTimeout="120000"
maxConnections="40"
maxErrorRetry="10"
s3Bucket="ieb-oak6575-test"
s3Region="eu-west-1"
secretKey="2**********************5"
socketTimeout="120000"
writeThreads="30"
# OAK-6575: CloudFront confiuration
org.apache.jackrabbit.oak.blob.cloud.aws.s3.CloudFrontS3SignedUrlProvider
# cloudFrontUl from AWS must have a trainling /, the S3Object Key and signed url will be appended, replace with your value.
cloudFrontUrl="http://ieb-oak657*********.cloudfront.net/"
# The time singed urls are valid for in seconds. Default 60s
ttl=I"60"
# the minumum size of a binary that will be served via CloudFront in KB. Default 100KB.
minSize=I"100"
# location of the pkcs8 private key file, reative or absolute, replace with your value.
privateKeyFile="/apachesrc/sling/launchpad/builder/private_key.pkcs8"
# the key ID from AWS after uploading the public key, replace with your value.
keyPairId="dummykey"
[configurations runModes=oak_tar]
org.apache.jackrabbit.oak.segment.SegmentNodeStoreService
# OAK-6575: Activates th S3 DataStore
customBlobStore=B"true"
name="Default\ NodeStore"
[configurations runModes=oak_mongo]
org.apache.jackrabbit.oak.plugins.document.DocumentNodeStoreService
# OAK-6575: Activates th S3 DataStore
customBlobStore=B"true"
mongouri="mongodb://localhost:27017"
db="sling"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment