Deploy Base ArcGIS Enterprise on Single Machine #
This workflow demonstrates how to deploy base ArcGIS Enterprise 10.9.1 on a single machine using the arcgis-enterprise-base deployment template.
The workflow will:
- Install Portal for ArcGIS and authorize it. Create the initial administrator account.
- Install Portal for ArcGIS Web Styles.
- Install and configure ArcGIS Web Adaptor for Portal for ArcGIS.
- Install ArcGIS Server, authorize it, create a site, and enable HTTPS in Server Admin.
- Install/configure web server (IIS on Windows or Tomcat on Linux).
- Import the CA-issued certificate if it’s defined, or generate a self-signed certificate for the web server.
- Install and configure ArcGIS Web Adaptor for ArcGIS Server.
- Install ArcGIS Data Store and register it as a relational and tile cache store with ArcGIS Server.
- Federate the ArcGIS Server site with the portal and configure the site as the hosting server.
Supported Platforms:
- Windows
- Windows Server 2016 Standard and Datacenter
- Windows Server 2019 Standard and Datacenter
- Linux
- Ubuntu Server 18.04 LTS
- Ubuntu Server 20.04 LTS
- Red Hat Enterprise Linux Server 7
- Red Hat Enterprise Linux Server 8
- CentOS Linux 7
Before setting up the deployment, you’ll need to have obtained:
- ArcGIS Enterprise 10.9.1 setups from My Esri.
- ArcGIS Enterprise 10.9 authorization files. Make sure to use the correct authorization file for different products.
- A domain name for your web site
- SSL certificate in PKCS12 (a.k.a. pfx) format issued by certification authority for the domain (Note: If you don’t define a CA-cert, this tool will generate and use a self-signed certificate for testing purposes. Self-signed certificates are not supported by Portal for ArcGIS.)
Step 1. Install Cinc Client #
Install Cinc Client version 15 recommended for Chef Cookbooks for ArcGIS 3.8.0.
On Windows #
Start a Windows PowerShell terminal as administrator and run:
> . { iwr -useb https://omnitruck.cinc.sh/install.ps1 } | iex; install -version 15
On Linux #
Run the following command as superuser:
$ curl -L https://omnitruck.cinc.sh/install.sh | sudo bash -s -- -v 15
Step 2. Download Chef Cookbooks for ArcGIS #
Chef Cookbooks for ArcGIS is a collection of cookbooks for configuration, deployment, and management of ArcGIS Enterprise, ArcGIS Pro, and ArcGIS Desktop.
Download Chef Cookbooks for ArcGIS distribution archive and extract it into the Cinc Client workspace directory.
On Windows #
Download the arcgis-3.8.0-cookbooks.zip archive to the machine.
Extract the contents of arcgis-3.8.0-cookbooks.zip archive to C:\cinc
.
On Linux #
Download the arcgis-3.8.0-cookbooks.tar.gz archive to the machine.
Delete /opt/cinc/cookbooks
and /opt/cinc/templates
directories and extract the contents of the arcgis-3.8.0-cookbooks.tar.gz archive to /opt/cinc
.
Step 3. Set up Local ArcGIS Software Repository #
The deployment templates require ArcGIS setup archives to install ArcGIS applications. The setup archives must be located in a local or shared ArcGIS Software Repository directory specified by the arcgis.repository.archives attribute. Before running the setups, the setup archives are extracted into a local directory specified using the arcgis.repository.setups attribute.
On Windows #
Create directory C:\Software\Archives
and copy the ArcGIS Enterprise 10.9.1 setup archives to that directory:
- ArcGIS_DataStore_Windows_1091_180054.exe
- ArcGIS_Server_Windows_1091_180041.exe
- ArcGIS_Web_Adaptor_for_Microsoft_IIS_1091_180055.exe
- Portal_for_ArcGIS_Windows_1091_180052.exe
- Portal_for_ArcGIS_Web_Styles_Windows_1091_180053.exe
Create directory C:\Software\AuthorizationFiles\10.9
and copy the software authorization files for 10.9.1 ArcGIS Server and Portal for ArcGIS to that directory.
Create directory C:\Software\Certificates
and copy the SSL certificate to that directory.
On Linux #
Create directory /opt/software/archives
and copy the following ArcGIS Enterprise 10.9.1 setup archives to that directory:
- ArcGIS_DataStore_Linux_1091_180204.tar.gz
- ArcGIS_Server_Linux_1091_180182.tar.gz
- ArcGIS_Web_Adaptor_Java_Linux_1091_180206.tar.gz
- Portal_for_ArcGIS_Linux_1091_180199.tar.gz
- Portal_for_ArcGIS_Web_Styles_Linux_1091_180201.tar.gz
- apache-tomcat-9.0.48.tar.gz (will be downloaded from the internet if not present in the local ArcGIS software repository)
- openjdk-11_linux-x64_bin.tar.gz (will be downloaded from the internet if not present in the local ArcGIS software repository)
Create directory /opt/software/authorization_files/10.9
and copy the software authorization files for 10.9.1 ArcGIS Server and Portal for ArcGIS to that directory.
Create directory /tomcat_arcgis
and copy the SSL certificate to that directory.
Step 4. Edit JSON File for the Machine Role and Run Chef #
Deployment template arcgis-enterprise-base contains Chef Zero JSON files with sample recipes and attributes for single-machine and multi-machine base ArcGIS Enterprise deployments.
To install a base ArcGIS Enterprise on a single machine, edit arcgis-enterprise-primary.json and use it to run Cinc Client in local mode on the machine.
On Windows #
Change the current directory to C:\cinc
.
Copy file C:\cinc\templates\arcgis-enterprise-base\10.9.1\windows\arcgis-enterprise-primary.json
to C:\cinc
.
Edit the arcgis-enterprise-primary.json
file in a text editor (the attribute values must be JSON-escaped):
- arcgis.run_as_password - Change to the password of the ‘arcgis’ Windows user account.
- arcgis.server.private_url - Change to the ArcGIS Server URL that will be used as the hosting server’s admin URL.
- arcgis.server.web_context_url - Change to the ArcGIS Server web context URL that will be used for the hosting server’s services URL. If you are using a reverse proxy, set this property to the reverse proxy URL.
- arcgis.server.admin_username - Change to the primary site administrator account user name.
- arcgis.server.admin_password - Change to the primary site administrator account password.
- arcgis.server.authorization_file - Change to the path to the ArcGIS Server software authorization file.
- arcgis.server.directories_root - Change to
C:\\arcgisserver
. - arcgis.server.config_store_connection_string - Change to
C:\\arcgisserver\\config-store
. - arcgis.server.system_properties.WebContextURL - Change to the ArcGIS Server web context URL that will be used for the hosting server’s services URL. If you are using a reverse proxy, set this property to the reverse proxy URL.
- arcgis.portal.admin_username - Change to the Portal for ArcGIS administrator account user name.
- arcgis.portal.admin_password - Change to the Portal for ArcGIS administrator account password.
- arcgis.portal.admin_email - Change to the Portal for ArcGIS administrator account’s e-mail address.
- arcgis.portal.admin_full_name - Change to the full name associated with the Portal for ArcGIS administrator account.
- arcgis.portal.security_question - Change to the Portal for ArcGIS administrator account security question (See Create Site - ArcGIS REST API for the list of allowed security questions.)
- arcgis.portal.security_question_answer - Change to the answer to the Portal for ArcGIS administrator account security question.
- arcgis.portal.content_store_connection_string - Change to
C:\\arcgisportal\\content
. - arcgis.portal.authorization_file - Change to the path to the Portal for ArcGIS software authorization file.
- arcgis.portal.user_license_type_id - Specify the user type to assign to the Portal for ArcGIS administrator account. If left blank, a temporary user type will be assigned to the administrator and will have to be changed on the first log in. The allowed user type IDs are: creatorUT, GISProfessionalBasicUT, GISProfessionalStdUT, and GISProfessionalAdvUT.
- arcgis.portal.system_properties.privatePortalURL - Change to the Portal for ArcGIS URL that ArcGIS Server should use to communicate with the Enterprise portal.
- arcgis.portal.system_properties.WebContextURL - Change to the Portal for ArcGIS web context URL. If you are using a reverse proxy, set this property to the reverse proxy URL.
- arcgis.iis.keystore_file - Change to the path to the SSL certificate file that will be used to configure the HTTPS listener in the IIS web server.
- arcgis.iis.keystore_password - Change to the password for the SSL certificate file.
Start a command prompt window as a Windows administrator and run:
> cinc-client -z -j arcgis-enterprise-primary.json
On Linux #
Copy the file /opt/cinc/templates/arcgis-enterprise-base/10.9.1/linux/arcgis-enterprise-primary.json
to /opt/cinc
.
Edit the arcgis-enterprise-primary.json
file in a text editor (the attribute values must be JSON-escaped):
- arcgis.server.private_url - Change to the ArcGIS Server URL that will be used as the hosting server’s admin URL.
- arcgis.server.web_context_url - Change to the ArcGIS Server web context URL that will be used for the hosting server’s services URL. If you are using a reverse proxy, set this property to the reverse proxy URL.
- arcgis.server.admin_username - Change to the primary site administrator account user name.
- arcgis.server.admin_password - Change to the primary site administrator account password.
- arcgis.server.authorization_file - Change to the path to the ArcGIS Server role software authorization file.
- arcgis.server.directories_root - Change to
/gisdata/arcgisserver
. - arcgis.server.config_store_connection_string - Change to
/gisdata/arcgisserver/config-store
. - arcgis.server.system_properties.WebContextURL - Change to the ArcGIS Server web context URL that will be used for the hosting server’s services URL. If you are using a reverse proxy, set this property to the reverse proxy URL.
- arcgis.portal.admin_username - Change to the Portal for ArcGIS administrator account user name.
- arcgis.portal.admin_password - Change to the Portal for ArcGIS administrator account password.
- arcgis.portal.admin_email - Change to the Portal for ArcGIS administrator account e-mail address.
- arcgis.portal.admin_full_name - Change to the full name associated with the Portal for ArcGIS administrator account.
- arcgis.portal.security_question - Change to the Portal for ArcGIS administrator account security question. (See Create Site - ArcGIS REST API for the list of allowed security questions.)
- arcgis.portal.security_question_answer - Change to the answer to the Portal for ArcGIS administrator account security question.
- arcgis.portal.content_store_connection_string - Change to
/gisdata/arcgisportal/content
. - arcgis.portal.authorization_file - Change to the path to the Portal for ArcGIS software authorization file.
- arcgis.portal.user_license_type_id - Specify the user type to assign to the Portal for ArcGIS administrator account. If left blank, a temporary user type will be assigned to the administrator and will have to be changed on the first log in. The allowed user type IDs are: creatorUT, GISProfessionalBasicUT, GISProfessionalStdUT, and GISProfessionalAdvUT.
- arcgis.portal.system_properties.privatePortalURL - Change to the Portal for ArcGIS URL that ArcGIS Server should use to communicate with the Enterprise portal.
- arcgis.portal.system_properties.WebContextURL - Change to the Portal for ArcGIS web context URL. If you are using a reverse proxy, set this property to the reverse proxy URL.
- tomcat.keystore_file - Change to the path to the SSL certificate file in PKCS12 format that will be used to configure the HTTPS listener in Apache Tomcat.
- tomcat.keystore_password - Change to the password of the SSL certificate file.
As a superuser, run the following command:
$ cinc-client -z -j arcgis-enterprise-primary.json
Note: Your machine needs to allow running sudo to execute commands without a password. On some Linux distributions, sudo is configured to require a tty as a default configuration. This is usually set in
/etc/sudoers
with the entry ofDefaults requiretty
. You can either change the entry toDefaults !requiretty
in the/etc/sudoers
file or change this configuration for certain users, groups, or commands. RedHat will remove this default setting, as mentioned in https://bugzilla.redhat.com/show_bug.cgi?id=1020147.
Step 5. Clean Up #
Once the Chef run successfully completes, save the JSON file in a safe and secure place to use in the future for upgrades or disaster recovery.
The cinc-client reads attributes from the JSON files and caches the attributes inside a ‘nodes’ folder that resides in the Chef workspace directory. Because some of the attributes in the JSON file may contain sensitive information, such as passwords, it is recommended that you delete the ‘nodes’ folder in the Chef workspace directory after you complete the last Chef run on the machine.
Chef Cookbooks for ArcGIS extract the setup archives into local directory specified by arcgis.repository.setups
attribute. To save disk space, the archives and setups can be deleted after the machine configuration is completed.
After the cinc-client run completes, Portal for ArcGIS and ArcGIS Server will be available at https://<domain name>/portal
and https://<domain name>/server
URLs respectively.