ArcGIS Enterprise 基礎部署基本流程

• 安裝ArcGIS Server，對其進行授權，創建站點并在Server Admin中啟用HTTPS。
• 如果未安裝，則在Linux上安裝Tomcat和Java。
• 導入CA證書，或為Web服務器生成自簽名證書。
• 安裝和配置WA for ArcGIS Server。
• 安裝Portal for ArcGIS并對其進行授權。創建初始管理帳戶。
• 為Portal for ArcGIS安裝和配置WA。
• 安裝ArcGIS Data Store并將其注冊到ArcGIS Server。
• 聯合帶有門戶的ArcGIS Server。將其設置為托管服務器。

目標

• 修改腳本配置文件，執行腳本，完成上述一系列工作。（聯網很豐滿，離線很骨感）

準備工作

• 測試環境：CentOS 7、ArcGIS_Enterprise_Linux_107_166579
• 下載 arcgis-cookbooks.tar.gz
• 下載 chef-client for RedHat

注意：cookbook和chef-client版本要對應，當前最新版的arcgis-cookbook為3.4.0，已支持到最新版本的ArcGIS 10.7和10.7.1，僅支持 chef-client的13或14版本

• 管理員身份 運行 Microsoft PowerShell 啟用Open-SSH客戶端

PS C:\WINDOWS\system32> Add-WindowsCapability -Online -Name OpenSSH-Client

Path          :
Online        : True
RestartNeeded : False

PS C:\WINDOWS\system32>

ssh連接Linux，配置域名，新建軟件目錄

• 曾經連接過相同IP的機器，需要重新生成key

PS C:\WINDOWS\system32> ssh-keygen -R 192.168.137.2
# Host 192.168.137.2 found: line 3
C:\Users\XH/.ssh/known_hosts updated.
Original contents retained as C:\Users\XH/.ssh/known_hosts.old
PS C:\WINDOWS\system32> 

• ssh連接

PS C:\WINDOWS\system32> ssh root@192.168.137.2
The authenticity of host '192.168.137.2 (192.168.137.2)' can't be established.
ECDSA key fingerprint is SHA256:8sUNfxqJc4ny+TbwtC5ELa//Lr3x1CLQxnL76nwtaAo.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.137.2' (ECDSA) to the list of known hosts.
root@192.168.137.2's password:
[root@lbd107 ~]#
[root@lbd107 ~]# hostnamectl set-hostname lbd107.esrichina.org.cn
[root@lbd107 ~]# hostname
lbd107.esrichina.org.cn
[root@lbd107 ~]# 
[root@lbd107 /]# cd /var
[root@lbd107 var]# mkdir software
[root@lbd107 var]

PowerShell 上傳安裝文件

• 復制文件 chef-client 和 cookbook 到軟件目錄/var/software

PS C:\WINDOWS\system32> scp d:/software/chef-14.14.25-1.el7.x86_64.rpm root@192.168.137.2:/../var/software
root@192.168.137.2's password:
chef-14.14.25-1.el7.x86_64.rpm                                                        100%   29MB  96.5MB/s   00:00
PS C:\WINDOWS\system32> scp d:/software/arcgis-3.4.0-cookbooks.tar.gz root@192.168.137.2:/../var/software
root@192.168.137.2's password:
arcgis-3.4.0-cookbooks.tar.gz                                                         100%  414KB  25.5MB/s   00:00
PS C:\WINDOWS\system32> 

• 復制文件夾 ArcGIS Enterprise 和 Lic 到軟件目錄/var/software

PS C:\WINDOWS\system32> scp -r d:/software/lic root@192.168.137.2:/../var/software
root@192.168.137.2's password:
ArcGISGeoAnalyticsServer_ArcGISServer_722285.ecp                                      100% 1078   263.3KB/s   00:00
ArcGISGISServerAdvanced_ArcGISServer_722288.ecp                                       100% 1802   881.2KB/s   00:00
ArcGIS_Enterprise_Portal_107.json                                                     100% 2067     1.0MB/s   00:00
PS C:\WINDOWS\system32> scp -r d:/software/arcgis root@192.168.137.2:/../var/software
root@192.168.137.2's password:
ArcGIS_DataStore_Linux_107_167719.tar.gz                                              100% 1082MB 102.7MB/s   00:10
ArcGIS_Server_Linux_107_167707.tar.gz                                                 100% 3084MB 102.8MB/s   00:30
Portal_for_ArcGIS_Linux_107_167718.tar.gz                                             100% 3811MB 106.1MB/s   00:35
Web_Adaptor_Java_Linux_107_167720.tar.gz                                              100%   73MB  98.5MB/s   00:00
PS C:\WINDOWS\system32>

安裝 Linux chef-client 并配置 cookbook

• ssh連接并切換到軟件目錄/var/software

[root@lbd107 /]# cd /var/software
[root@lbd107 software]# ls
arcgis  arcgis-3.4.0-cookbooks.tar.gz  chef-14.14.25-1.el7.x86_64.rpm  lic

• 解壓縮ArcGIS Enterprise 安裝文件到/arcgis/10.7目錄下

[root@lbd107 software]# cd /
[root@lbd107 /]# mkdir arcgis
[root@lbd107 /]# cd arcgis
[root@lbd107 arcgis]# mkdir 10.7
[root@lbd107 arcgis]# ls
10.7
[root@lbd107 10.7]# cd /var/software/arcgis
[root@lbd107 arcgis]# ls
ArcGIS_DataStore_Linux_107_167719.tar.gz  Portal_for_ArcGIS_Linux_107_167718.tar.gz
ArcGIS_Server_Linux_107_167707.tar.gz     Web_Adaptor_Java_Linux_107_167720.tar.gz
[root@lbd107 arcgis]# tar -zxvf ArcGIS_DataStore_Linux_107_167719.tar.gz -C /arcgis/10.7/
[root@lbd107 arcgis]# tar -zxvf ArcGIS_Server_Linux_107_167707.tar.gz -C /arcgis/10.7/
[root@lbd107 arcgis]# tar -zxvf Portal_for_ArcGIS_Linux_107_167718.tar.gz -C /arcgis/10.7/
[root@lbd107 arcgis]# tar -zxvf Web_Adaptor_Java_Linux_107_167720.tar.gz -C /arcgis/10.7/
[root@lbd107 arcgis]# cd /arcgis/10.7/
[root@lbd107 10.7]# ls
ArcGISDataStore_Linux  ArcGISServer  PortalForArcGIS  WebAdaptor
[root@lbd107 10.7]#
[root@lbd107 10.7]# cp -r /var/software/lic /arcgis/10.7/
[root@lbd107 10.7]# ls
ArcGISDataStore_Linux  ArcGISServer lic  PortalForArcGIS  WebAdaptor

• 執行安裝 chef-client

[root@lbd107 10.7]# cd /var/software
[root@lbd107 software]# rpm -ivh chef-14.14.25-1.el7.x86_64.rpm
warning: chef-14.14.25-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 83ef826a: NOKEY
Verifying...                          ################################# [100%]
Preparing...                          ################################# [100%]
Updating / installing...
   1:chef-14.14.25-1.el7              ################################# [100%]
Thank you for installing Chef Infra Client! For help getting started visit https://learn.chef.io
[root@lbd107 software]#

• 解壓縮 cookbook 到 /var/chef 目錄

[root@lbd107 software]# cd ..
[root@lbd107 var]# mkdir chef
[root@lbd107 var]# tar zxvf /var/software/arcgis-3.4.0-cookbooks.tar.gz -C /var/chef

• 確保層級和目錄正確，即 /var/chef/cookbooks/arcgis-enterprise

[root@lbd107 var]# cd chef
[root@lbd107 chef]# ls
cookbooks  misc_scripts  roles  solo.rb
[root@lbd107 chef]# cd cookbooks
[root@lbd107 cookbooks]# ls
apt                arcgis-geoevent    authbind     hostsfile        limits     openssl  windows_firewall
arcgis-desktop     arcgis-insights    esri-iis     iptables         line       s3_file
arcgis-egdb        arcgis-pro         esri-tomcat  java             ms_dotnet  tomcat
arcgis-enterprise  arcgis-repository  homebrew     java_properties  nfs        windows
[root@lbd107 cookbooks]#

• cookbook自帶的食譜

[root@lbd107 cookbooks]# cd /var/chef/roles/
[root@lbd107 roles]# ls
arcgis-desktop.json                                 arcgis-enterprise-windows-with-datasources.json
arcgis-enterprise-centos-local-repository-107.json  arcgis-geoanalytics-windows.json
arcgis-enterprise-rhel.json                         arcgis-geoevent-windows.json
arcgis-enterprise-s3-download-linux-setups.json     arcgis-licensemanager.json
arcgis-enterprise-ubuntu.json                       arcgis-portal-windows-security.json
arcgis-enterprise-windows-ha-primary.json           arcgis-pro.json
arcgis-enterprise-windows-ha-secondary.json         arcgis-rasteranalytics-windows.json
arcgis-enterprise-windows.json                      arcgis-server-windows-security.json
arcgis-enterprise-windows-uninstall.json            arcgis-server-windows-services.json
[root@lbd107 roles]#

修改腳本文件

/var/chef/roles/arcgis-enterprise-rhel.json

[root@lbd107 roles]# cp arcgis-enterprise-rhel.json arcgis-enterprise-rhel-backup.json
[root@lbd107 roles]# vim arcgis-enterprise-rhel.json

{
  "java":{
    "install_flavor":"oracle",
    "jdk_version":"8",
    "oracle":{
      "accept_oracle_download_terms":true
    },
    "setup_archives":"/var/software"    
  },
  "tomcat":{
      "instance_name":"arcgis"
  },
  "arcgis":{
    "run_as_user":"arcgis",
    "version":"10.7",
    "web_server":{
      "webapp_dir":"/opt/tomcat_arcgis/webapps"
    },
    "web_adaptor":{
      "setup":"/arcgis/10.7/WebAdaptor/Setup"
    },
    "data_store":{
      "setup":"/arcgis/10.7/ArcGISDataStore_Linux/Setup"
    },
    "server":{
      "admin_username":"siteadmin",
      "admin_password":"Esri2019",
      "setup":"/arcgis/10.7/ArcGISServer/Setup",
      "authorization_file":"/arcgis/10.7/lic/ArcGISGISServerAdvanced_ArcGISServer_722288.ecp"
    },
    "portal":{
      "admin_username":"portaladmin",
      "admin_password":"Esri2019",
      "admin_email":"xx@esrichina.org.cn",
      "security_question":"Your favorite ice cream flavor?",
      "security_question_answer":"vanilla",
      "setup":"/arcgis/10.7/PortalForArcGIS/Setup",
      "authorization_file":"/arcgis/10.7/lic/ArcGIS_Enterprise_Portal_107.json",
      "user_license_type_id":"creatorUT"
    }
  },
  "run_list":[
    "recipe[arcgis-enterprise::system]",
    "recipe[esri-tomcat]",
    "recipe[iptables]",
    "recipe[arcgis-enterprise::iptables]",
    "recipe[arcgis-enterprise::portal]",
    "recipe[arcgis-enterprise::portal_wa]",
    "recipe[arcgis-enterprise::server]",
    "recipe[arcgis-enterprise::server_wa]",
    "recipe[arcgis-enterprise::datastore]",
    "recipe[arcgis-enterprise::federation]"
  ]
}

• 自動化的工作流，實現的主要步驟如下：
  —— [arcgis-enterprise::system]：創建 arcgis 用戶
  —— [esri-tomcat]：在Linux上安裝tomcat，生成自簽名證書并導入。
  —— [iptables]"：防火墻設置
  —— [arcgis-enterprise::iptables]"：防火墻設置
  —— [arcgis-enterprise::portal]：安裝Portal for ArcGIS并對其進行授權，創建初始管理帳戶
  —— [arcgis-enterprise::portal_wa]：為Portal for ArcGIS安裝和配置WA。
  —— [arcgis-enterprise::server]：安裝ArcGIS Server并對其進行授權，創建站點并在Server Admin中啟用HTTPS。
  —— [arcgis-enterprise::server_wa]：安裝和配置WA for ArcGIS Server。
  —— [arcgis-enterprise::datastore]：安裝ArcGIS Data Store并將其注冊到ArcGIS Server。
  —— [arcgis-enterprise::federation]：聯合帶有門戶的ArcGIS Server。將其設置為托管服務器。

以超級用戶身份執行腳本

[root@lbd107 roles]# chef-solo -j /var/chef/roles/arcgis-enterprise-rhel.json

理論上到這里就該結束了，事實上并沒有。跟蹤cookbooks發現，當前提供的默認的Recipe，里面的部分插件是需要在聯網環境下安裝，包括但不限于以下幾個方面：

• jdk-8u202-linux-x64.tar.gz
  
• apache-tomcat-8.0.53.tar.gz
• 通過 yum 安裝 iptables
• ……

離線解決方案

妥妥的能直接聯網就聯網安裝吧！否則相當折騰。 折騰方法往下：

JDK

Java的recipe位于/var/chef/cookbooks/java/recipes，指定執行的是oracle.rb，默認的jdk版本和checksum屬性在./java/attributes/default.rb中設置，調用資源./java/resources/oracle_install.rb執行安裝

• 查看JDK版本號

[root@lbd107 ~]# cd /var/chef/cookbooks/java/attributes/
[root@lbd107 attributes]# cat default.rb

# x86_64
default['java']['jdk']['8']['x86_64']['url'] = 'https://download.oracle.com/otn-pub/java/jdk/8u202-b08/1961070e4c9b4e26a04e7f5a083f551e/jdk-8u202-linux-x64.tar.gz'
default['java']['jdk']['8']['x86_64']['checksum'] = '9a5c32411a6a06e22b69c495b7975034409fa1652d03aeb8eb5b6f59fd4594e0'

• 自行下載離線包jdk-8u202-linux-x64.tar.gz，并上傳到 chef 讀取的緩存目錄/etc/chef/local-mode-cache/cache/

PS C:\WINDOWS\system32> scp d:/software/jdk-8u202-linux-x64.tar.gz root@192.168.137.2:/../var/software
root@192.168.137.2's password:
jdk-8u202-linux-x64.tar.gz                                                            100%  185MB  69.3MB/s   00:02
PS C:\WINDOWS\system32>

[root@lbd107 software]# cp jdk-8u202-linux-x64.tar.gz  /etc/chef/local-mode-cache/cache/jdk-8u202-linux-x64.tar.gz

• 再次執行chef-solo腳本可以順利完成安裝。

tomcat

esri-tomcat執行的是/var/chef/cookbooks/esri-tomcat/recipes/install.rb，會調用/var/chef/cookbooks/tomcat/resources/install.rb執行action :install操作。

• 查看tomcat的默認版本號

[root@lbd107 ~]# cd /var/chef/cookbooks/esri-tomcat/attributes
[root@lbd107 attributes]# cat default.rb
default['tomcat']['version'] = '8.0.53'

default['tomcat']['instance_name'] = 'arcgis'
default['tomcat']['install_path'] = '/opt/tomcat_' + node['tomcat']['instance_name'] + '_' + node['tomcat']['version']
default['tomcat']['user'] = 'tomcat_' + node['tomcat']['instance_name']
default['tomcat']['group'] = 'tomcat_' + node['tomcat']['instance_name']

default['tomcat']['ssl_enabled_protocols']='TLSv1.2,TLSv1.1,TLSv1'
default['tomcat']['keystore_file']  = ''
if ENV['TOMCAT_KEYSTORE_PASSWORD'].nil?
  default['tomcat']['keystore_password']  = ''
else
  default['tomcat']['keystore_password']  = ENV['TOMCAT_KEYSTORE_PASSWORD']
end
default['tomcat']['keystore_type']  = 'PKCS12'
default['tomcat']['domain_name']  = node['fqdn']
[root@lbd107 attributes]#

• 自行下載離線包apache-tomcat-8.0.53.tar.gz，并上傳到 chef 能夠讀取的目錄，如/tmp/。

PS C:\WINDOWS\system32> scp d:/software/apache-tomcat-8.0.53.tar.gz root@192.168.137.2:/../var/software
root@192.168.137.2's password:
apache-tomcat-8.0.53.tar.gz                                                           100% 9234KB  87.6MB/s   00:00
PS C:\WINDOWS\system32>

[root@lbd107 ~]# cd /var/software
[root@lbd107 software]# cp apache-tomcat-8.0.53.tar.gz /tmp/apache-tomcat-8.0.53.tar.gz

• 修改esri-tomcat的recipes文件，找到tomcat_install段，指定本地目錄。同時設置對安裝包的合法性校驗checksum屬性為false。

[root@lbd107 software] cd /var/chef/cookbooks/esri-tomcat/recipes
[root@lbd107 software] cp install.rb install-backup.rb
[root@lbd107 software] vim install.rb

tomcat_install instance_name do
  version node['tomcat']['version']
  verify_checksum false
  tarball_uri 'file:///tmp/apache-tomcat-8.0.53.tar.gz'
  install_path node['tomcat']['install_path']
  tomcat_user node['tomcat']['user']
  tomcat_group node['tomcat']['group']
  not if { ::File.exist?(::File.join(node['tomcat']['install_path'], 'LICENSE')) }
end

• 再次執行chef-solo腳本可以順利完成安裝

iptables

• 查看iptables 狀態

[root@lbd107 ~]# rpm -qa|grep iptables
iptables-1.4.21-28.el7.x86_64
[root@lbd107 ~]# iptables
iptables v1.4.21: no command specified
Try `iptables -h' or 'iptables --help' for more information.
[root@lbd107 ~]# yum info iptables
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Installed Packages
Name        : iptables
Arch        : x86_64
Version     : 1.4.21
Release     : 28.el7
Size        : 1.5 M
Repo        : installed
From repo   : anaconda
Summary     : Tools for managing Linux kernel packet filtering capabilities
URL         : http://www.netfilter.org/
License     : GPLv2
Description : The iptables utility controls the network packet filtering code in the
            : Linux kernel. If you need to set up firewalls and/or IP masquerading,
            : you should install this package.

[root@lbd107 ~]#

• 當前版本為 iptables-1.4.21-33.el7.x86_64.rpm
  安裝iptables-services-1.4.21-33.el7.x86_64.rpm

結論

總體來說，在聯網環境下部署還是比較方便，但是在離線環境下，雖然簡化了ArcGIS相關的配置工作，卻需要掌握chef-cookbook的配置文件修改技能，自行取舍吧。

參考

https://github.com/chef-cookbooks/tomcat
Deploy-a-base-ArcGIS-Enterprise-deployment-on-a-single-machine