Chef Cookbooks for ArcGIS

Overview Overview Get Started About Chef Cookbooks About Deployment Templates Cookbooks Version Compatibility Changelog Chef Cookbooks arcgis-desktop cookbook arcgis-egdb cookbook arcgis-enterprise cookbook arcgis-geoevent cookbook arcgis-insights cookbook arcgis-mission cookbook arcgis-notebooks cookbook arcgis-pro cookbook arcgis-repository cookbook arcgis-workflow-manager cookbook esri-iis cookbook esri-tomcat cookbook Deployment Templates arcgis-datastore template arcgis-desktop template arcgis-egdb template arcgis-enterprise-base template arcgis-geoevent-server template arcgis-mission-server template arcgis-notebook-server template arcgis-portal template arcgis-pro template arcgis-server template arcgis-webadaptor template arcgis-workflow-manager template Tutorials Deploy Base ArcGIS Enterprise on Single Machine Deploy Highly Available ArcGIS Enterprise Patch base ArcGIS Enterprise on single machine Upgrade base ArcGIS Enterprise on single machine Video: Automate ArcGIS Enterprise deployments with Chef Support FAQs Reference Troubleshooting Tips
Versions:

Deploy Base ArcGIS Enterprise on Single Machine #

This workflow demonstrates how to deploy base ArcGIS Enterprise 11.0 on a single machine using the arcgis-enterprise-base deployment template.

The workflow will:

  • Install Portal for ArcGIS and authorize it. Create the initial administrator account.
  • Install Portal for ArcGIS Web Styles.
  • Install and configure ArcGIS Web Adaptor for Portal for ArcGIS.
  • Install ArcGIS Server, authorize it, create a site, and enable HTTPS in Server Admin.
  • Install/configure web server (IIS on Windows or Tomcat on Linux).
  • Import the CA-issued certificate if it’s defined, or generate a self-signed certificate for the web server.
  • Install and configure ArcGIS Web Adaptor for ArcGIS Server.
  • Install ArcGIS Data Store and register it as a relational and tile cache store with ArcGIS Server.
  • Federate the ArcGIS Server site with the portal and configure the site as the hosting server.

Supported Platforms:

  • Windows
    • Windows Server 2016
    • Windows Server 2019
    • Windows Server 2022
  • Linux
    • Ubuntu Server 18.04 LTS
    • Ubuntu Server 20.04 LTS
    • Red Hat Enterprise Linux Server 7
    • Red Hat Enterprise Linux Server 8

Before setting up the deployment, you’ll need to have obtained:

  • ArcGIS Online account (public or organizational) to download ArcGIS Enterprise setups.
  • ArcGIS Enterprise 11.0 authorization files. Make sure to use the correct authorization file for different products.
  • A domain name for your web site.
  • SSL certificate in PKCS12 (a.k.a. pfx) format issued by certification authority for the domain (Note: If you don’t define a CA-cert, this tool will generate and use a self-signed certificate for testing purposes. Self-signed certificates are not supported by Portal for ArcGIS.)

Step 1. Install Cinc Client #

Install Cinc Client version 17 recommended for Chef Cookbooks for ArcGIS 4.0.0.

On Windows #

Start Windows PowerShell terminal as administrator and run:

> . { iwr -useb https://omnitruck.cinc.sh/install.ps1 } | iex; install -version 17

On Linux #

Run the following command as super user:

$ curl -L https://omnitruck.cinc.sh/install.sh | sudo bash -s -- -v 17

Step 2. Download Chef Cookbooks for ArcGIS #

Chef Cookbooks for ArcGIS is a collection of cookbooks for configuration, deployment, and management of ArcGIS Enterprise, ArcGIS Pro, and ArcGIS Desktop.

Download Chef Cookbooks for ArcGIS distribution archive and extract it into the Cinc Client workspace directory.

On Windows #

Download the arcgis-4.0.0-cookbooks.zip archive to the machine.

Extract the contents of arcgis-4.0.0-cookbooks.zip archive to C:\cinc.

On Linux #

Download the arcgis-4.0.0-cookbooks.tar.gz archive to the machine.

Delete /opt/cinc/cookbooks and /opt/cinc/templates directories and extract the contents of arcgis-4.0.0-cookbooks.tar.gz archive to /opt/cinc.

Step 3. Download ArcGIS Enterprise 11.0 Setups #

This step downloads ArcGIS Enterprise setup archives from https://downloads.arcgis.com to the local ArcGIS software repository.

Note: If you don’t have an ArcGIS Online user account or already have all the setup archives required by arcgis-enterprise-base 11.0 deployment template in a local or shared directory, then you can skip Step 3 and specify the directory path using arcgis.repository.archives attribute in arcgis-enterprise-primary.json file used in Step 4.

On Windows #

Copy file C:\cinc\templates\arcgis-enterprise-base\11.0\windows\arcgis-enterprise-files.json to C:\cinc.

Edit the arcgis-enterprise-files.json file in a text editor:

  • arcgis.repository.server.username - Change to the ArcGIS Online user name.
  • arcgis.repository.server.password - Change to the ArcGIS Online password.

Note: The attribute values must be JSON-escaped.

To download the setup archives run the following commands as administrator:

> cd C:\cinc
> cinc-client -z -j arcgis-enterprise-files.json

The setup archives are downloaded to C:\Software\Archives directory set by arcgis.repository.local_archives attribute in arcgis-enterprise-files.json.

Create directory C:\Software\AuthorizationFiles\11.0 and copy the software authorization files for 11.0 ArcGIS Server and Portal for ArcGIS to that directory.

Create directory C:\Software\Certificates and copy the SSL certificate to that directory.

On Linux #

Copy file /opt/cinc/templates/arcgis-enterprise-base/11.0/linux/arcgis-enterprise-files.json to /opt/cinc.

Edit the arcgis-enterprise-files.json file in a text editor:

  • arcgis.repository.server.username - Change to the ArcGIS Online user name.
  • arcgis.repository.server.password - Change to the ArcGIS Online password.

Note: The attribute values must be JSON-escaped.

To download the setup archives run the following commands as super user:

$ cd /opt/cinc
$ cinc-client -z -j arcgis-enterprise-files.json

Note: Your machine needs to allow running sudo to execute commands without a password. On some Linux distributions, sudo is configured to require a tty as a default configuration. This is usually set in /etc/sudoers with the entry of Defaults requiretty. You can either change the entry to Defaults !requiretty in the /etc/sudoers file or change this configuration for certain users, groups, or commands. RedHat will remove this default setting, as mentioned in https://bugzilla.redhat.com/show_bug.cgi?id=1020147.

The setup archives are downloaded to /opt/software/archives directory set by arcgis.repository.local_archives attribute in arcgis-enterprise-files.json.

Create directory /opt/software/authorization_files/11.0 and copy the software authorization files for 11.0 ArcGIS Server and Portal for ArcGIS to that directory.

Create directory /tomcat_arcgis and copy the SSL certificate to that location.

Step 4. Edit JSON File for the Machine Role and Run Chef #

Deployment template arcgis-enterprise-base contains Chef Zero JSON files with sample recipes and attributes for single-machine and multi-machine base ArcGIS Enterprise deployments.

To install base ArcGIS Enterprise on singe machine, edit arcgis-enterprise-primary.json and use it to run Cinc Client in local mode on the machine.

On Windows #

Change the current directory to C:\cinc.

Copy file C:\cinc\templates\arcgis-enterprise-base\11.0\windows\arcgis-enterprise-primary.json to C:\cinc.

Edit the arcgis-enterprise-primary.json file in a text editor (the attribute values must be JSON-escaped):

  • arcgis.run_as_password - Change to the password of the ‘arcgis’ Windows user account.
  • arcgis.server.private_url - Change to the ArcGIS Server URL that will be used as the hosting server’s admin URL.
  • arcgis.server.web_context_url - Change to the ArcGIS Server web context URL that will be used for the hosting server’s services URL. If you are using a reverse proxy, set this property to reverse proxy URL.
  • arcgis.server.admin_username - Change to the primary site administrator account user name.
  • arcgis.server.admin_password - Change to the primary site administrator account password.
  • arcgis.server.authorization_file - Change to the path to the ArcGIS Server software authorization file.
  • arcgis.server.directories_root - Change to C:\\arcgisserver.
  • arcgis.server.config_store_connection_string - Change to C:\\arcgisserver\\config-store.
  • arcgis.server.system_properties.WebContextURL - Change to the ArcGIS Server web context URL that will be used for the hosting server’s services URL. If you are using a reverse proxy, set this property to reverse proxy URL.
  • arcgis.portal.admin_username - Change to the Portal for ArcGIS administrator account user name.
  • arcgis.portal.admin_password - Change to the Portal for ArcGIS administrator account password.
  • arcgis.portal.admin_email - Change to the Portal for ArcGIS administrator account’s e-mail address.
  • arcgis.portal.admin_full_name - Change to the full name associated with the Portal for ArcGIS administrator account.
  • arcgis.portal.security_question - Change to the Portal for ArcGIS administrator account security question (See Create Site - ArcGIS REST API for the list of allowed security questions.)
  • arcgis.portal.security_question_answer - Change to the answer to the Portal for ArcGIS administrator account security question.
  • arcgis.portal.content_store_connection_string - Change to C:\\arcgisportal\\content.
  • arcgis.portal.authorization_file - Change to the path to the Portal for ArcGIS software authorization file.
  • arcgis.portal.user_license_type_id - Specify the user type to assign to the Portal for ArcGIS administrator account. If left blank, a temporary user type will be assigned to the administrator and will have to be changed on the first log in. The allowed user type IDs are: creatorUT, GISProfessionalBasicUT, GISProfessionalStdUT, and GISProfessionalAdvUT.
  • arcgis.portal.system_properties.privatePortalURL - Change to the Portal for ArcGIS URL that ArcGIS Server should use to communicate with the Enterprise portal.
  • arcgis.portal.system_properties.WebContextURL - Change to the Portal for ArcGIS web context URL. If you are using a reverse proxy, set this property to reverse proxy URL.
  • arcgis.iis.keystore_file - Change to the path to the SSL certificate file that will be used to configure the HTTPS listener in the IIS web server.
  • arcgis.iis.keystore_password - Change to the password for the SSL certificate file

Start a command prompt window as administrator and run:

> cinc-client -z -j arcgis-enterprise-primary.json

On Linux #

Copy the file /opt/cinc/templates/arcgis-enterprise-base/11.0/linux/arcgis-enterprise-primary.json to /opt/cinc.

Edit the arcgis-enterprise-primary.json file in a text editor (the attribute values must be JSON-escaped):

  • arcgis.server.private_url - Change to the ArcGIS Server URL that will be used as the hosting server’s admin URL.
  • arcgis.server.web_context_url - Change to the ArcGIS Server web context URL that will be used for the hosting server’s services URL. If you are using a reverse proxy, set this property to reverse proxy URL.
  • arcgis.server.admin_username - Change to the primary site administrator account user name.
  • arcgis.server.admin_password - Change to the primary site administrator account password.
  • arcgis.server.authorization_file - Change to the path to the ArcGIS Server role software authorization file.
  • arcgis.server.directories_root - Change to /gisdata/arcgisserver.
  • arcgis.server.config_store_connection_string - Change to /gisdata/arcgisserver/config-store.
  • arcgis.server.system_properties.WebContextURL - Change to the ArcGIS Server web context URL that will be used for the hosting server’s services URL. If you are using a reverse proxy, set this property to reverse proxy URL.
  • arcgis.portal.admin_username - Change to the Portal for ArcGIS administrator account user name.
  • arcgis.portal.admin_password - Change to the Portal for ArcGIS administrator account password.
  • arcgis.portal.admin_email - Change to the Portal for ArcGIS administrator account e-mail address.
  • arcgis.portal.admin_full_name - Change to the full name associated with the Portal for ArcGIS administrator account.
  • arcgis.portal.security_question - Change to the Portal for ArcGIS administrator account security question. (See Create Site - ArcGIS REST API for the list of allowed security questions.)
  • arcgis.portal.security_question_answer - Change to the answer to the Portal for ArcGIS administrator account security question.
  • arcgis.portal.content_store_connection_string - Change to /gisdata/arcgisportal/content.
  • arcgis.portal.authorization_file - Change to the path to the Portal for ArcGIS software authorization file.
  • arcgis.portal.user_license_type_id - Specify the user type to assign to the Portal for ArcGIS administrator account. If left blank, a temporary user type will be assigned to the administrator and will have to be changed on the first log in. The allowed user type IDs are: creatorUT, GISProfessionalBasicUT, GISProfessionalStdUT, and GISProfessionalAdvUT.
  • arcgis.portal.system_properties.privatePortalURL - Change to the Portal for ArcGIS URL that ArcGIS Server should use to communicate with the Enterprise portal.
  • arcgis.portal.system_properties.WebContextURL - Change to the Portal for ArcGIS web context URL. If you are using a reverse proxy, set this property to reverse proxy URL.
  • tomcat.keystore_file - Change to the path to the SSL certificate file in PKCS12 format that will be used to configure the HTTPS listener in Apache Tomcat.
  • tomcat.keystore_password - Change to the password of the SSL certificate file.

As a superuser, run the following command:

$ cinc-client -z -j arcgis-enterprise-primary.json

Step 5. Clean Up #

Once the Chef run successfully completed, save the JSON file in a safe and secure place to use in the future for upgrades or disaster recovery.

The cinc-client reads attributes from the JSON files and caches the attributes inside a ‘nodes’ folder that resides in the Chef workspace directory. Because some of the attributes in the JSON file may contain sensitive information, such as passwords, it is recommended that you delete the ‘nodes’ folder in the Chef workspace directory after you complete the last Chef run on the machine.

Chef Cookbooks for ArcGIS extract the setup archives into local directory specified by arcgis.repository.setups attribute. To save disk space, the archives and setups can be deleted after the machine configuration is completed.

After the cinc-client run completes, Portal for ArcGIS and ArcGIS Server will be available at https://<domain name>/portal and https://<domain name>/server URLs respectively.

Note: See ArcGIS Chef Deployment Templates for more information about deployment templates.