Skip to content

wttech/aemc

Repository files navigation

AEM Compose Logo WTT Logo

GitHub All Releases Last Release Version Go Version Apache License, Version 2.0, January 2004

AEM Compose

AEMC is a versatile tool for managing Adobe Experience Manager (AEM) instances. With a comprehensive set of commands, it simplifies tasks such as working CRX packages, OSGi configurations, JCR repository nodes, and more. Its seamless integration with Terraform, Pulumi, and Ansible enhances automation capabilities.

  • Reusable core designed to handle advanced dev-ops operations needed to manage AEM instances
  • Various distributions based on core for context-specific use cases:
  • Fast & lightweight
  • Usable on all operating systems and architectures without pre-installing any dependencies

References

AdaptTo 2023 Video

Table of Contents

Distributions

CLI - Overview

Provides complete set of commands to comfortably work with CRX packages, OSGi configurations, repository nodes and more.

Key assumptions:

  • Idempotent and fast
  • Rich configuration options
  • Self-describing, both machine & human-readable
  • Multiple input & output formats (text/yaml/json)

Main features:

  • easy & declarative setup of:
    • JDK (isolated, version tied to project)
    • AEM instances (run modes, JVM & start opts, env & secret vars, Sling props, custom admin password)
    • OSGi (configurations, bundles, components)
    • Crypto Support, Trust Store, SSL by Default
    • replication agents
    • any repository nodes
  • deploying AEM packages with:
    • efficiently upload with optimized memory usage (constant and independent of package size)
    • automatic workflow toggling - avoiding DAM asset renditions regeneration
    • advanced snapshot handling - avoiding redeploying the same package by checksum verification
    • customizable instance health checking
  • building AEM packages with:
    • source code change detection - avoiding rebuilding application when it is not needed (handled by Taskfile)
  • making AEM instance backups (with restoring)
    • advanced archive format to speed up performance and storage efficiency (ZSTD used by default)
    • instance state aware - stopping, archiving then starting again AEM instances automatically (if needed)
  • content synchronization between running instance and local file system

Worth knowing:

CLI - Screenshots

Help command:

CLI Help Home

Instance commands:

CLI Help Instance

Package commands:

CLI Help Package

Setup task:

  • AEM instances are provisioned only when the configuration is changed
  • AEM dispatcher set up using container engine, redeployed only when there are configuration changes as well
  • Health checks executed to confirm the stability of the environment as a whole

CLI Demo

CLI - AEM Project Quickstart

Supported project types:

  • with structure based on Adobe AEM Project Archetype, compatibility:

    AEM Compose AEM Project Archetype
    >= 1.2.0 41, 42, 43, 47, 48, 51
  • with any type of structure, however afterwards only a little customizations in Taskfile.yml need to be done to reflect configuration related to built AEM application artifact path and AEM dispatcher files location,

  • empty folder; the project kind will be needed to be specified explicitly during scaffolding.


Run command below to install the AEM Compose tool in your project:

curl https://raw.githubusercontent.com/wttech/aemc/main/project-install.sh | sh

After successful installation, remember to always use the tool via wrapper script in the following way:

sh aemw [command]

Next scaffold the AEM Compose files in the project:

sh aemw project scaffold

Project scaffolding:

  • sets up ready-to-use tasks powered by Task tool, which aggregate one or many AEM Compose CLI commands into useful procedures.
  • provides configuration for provisioning AEM instances (installing service pack, setting replication agents, etc.).
  • provides configuration for running AEM Dispatcher on Podman (by default) or Docker (remember to install one of these tools before running the setup task).

To list all available tasks, run:

sh taskw --list

Usually, the first steps to take are:

sh taskw init
sh taskw setup

IaaC Providers

The tool is designed to be used in Infrastructure as a Code (IaaC) solutions such as Terraform or Pulumi.

See separate projects based on AEM Compose:

Ansible Collection

The tool is designed to be used in Ansible playbooks and roles.

See a separate project based on AEM Compose: https://github.com/wttech/aemc-ansible

Go Scripting

Consider implementing any application on top of AEM Compose API like using snippet below:

File: aem.go

package main

import "fmt"
import "os"
import aemc "github.com/wttech/aemc/pkg"

func main() {
    aem := aemc.DefaultAEM()
    instance, _ := aem.InstanceManager().NewByIDAndURL("remote_author", "http://admin:admin@192.168.1.2:4502")
    changed, err := instance.PackageManager().DeployWithChanged("/tmp/my-package.zip")
    if err != nil {
        fmt.Printf("cannot deploy package: %s\n", err)
        os.Exit(1)
    }
    if changed {
      if err := aem.InstanceManager().AwaitStartedOne(*instance); err != nil {
		  fmt.Printf("instance not stable after deploying package: %s\n", err)
		  os.Exit(1)
      }
    }
    fmt.Println("package deployed properly")
    os.Exit(0)
}

Then to run application use command:

go run aem.go

Dependencies

This tool is written in Go. Go applications are very often self-sufficient which means that they are not relying on platform-specific libraries/dependencies. The only requirement is to use proper tool binary distribution for each operating system and architecture. Check out releases page to review available binary distributions.

Configuration

Defaults

The tool tries to make configuration as much explicit as it could be to allow customization in an easy way.

Below are listed all available configuration options (source):

# AEM instances to work with
instance:

  # Full details of local or remote instances
  config:
    local_author:
      active: [[.Env.AEM_AUTHOR_ACTIVE | default true ]]
      http_url: [[.Env.AEM_AUTHOR_HTTP_URL | default "http://127.0.0.1:4502" ]]
      user: [[.Env.AEM_AUTHOR_USER | default "admin" ]]
      password: [[.Env.AEM_AUTHOR_PASSWORD | default "admin" ]]
      run_modes: [ local ]
      jvm_opts:
        - -server
        - -Djava.awt.headless=true
        - -Djava.io.tmpdir=[[canonicalPath .Path "aem/home/tmp"]]
        - -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=[[.Env.AEM_AUTHOR_DEBUG_ADDR | default "0.0.0.0:14502" ]]
        - -Duser.language=en
        - -Duser.country=US
        - -Duser.timezone=UTC
      start_opts: []
      secret_vars:
        - ACME_SECRET=value
      env_vars:
        - ACME_VAR=value
      sling_props: []
    local_publish:
      active: [[.Env.AEM_PUBLISH_ACTIVE | default true ]]
      http_url: [[.Env.AEM_PUBLISH_HTTP_URL | default "http://127.0.0.1:4503" ]]
      user: [[.Env.AEM_PUBLISH_USER | default "admin" ]]
      password: [[.Env.AEM_PUBLISH_PASSWORD | default "admin" ]]
      run_modes: [ local ]
      jvm_opts:
        - -server
        - -Djava.awt.headless=true
        - -Djava.io.tmpdir=[[canonicalPath .Path "aem/home/tmp"]]
        - -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=[[.Env.AEM_PUBLISH_DEBUG_ADDR | default "0.0.0.0:14503" ]]
        - -Duser.language=en
        - -Duser.country=US
        - -Duser.timezone=UTC
      start_opts: []
      secret_vars:
        - ACME_SECRET=value
      env_vars:
        - ACME_VAR=value
      sling_props: []

  # Tuning performance & reliability
  # 'auto'     - for more than 1 local instances - 'serial', otherwise 'parallel'
  # 'parallel' - for working with remote instances
  # 'serial'   - for working with local instances
  processing_mode: auto

  # HTTP client settings
  http:
    timeout: 10m
    debug: false
    disable_warn: true

  # State checking
  check:
    # Time to wait before first state checking (to avoid false-positives)
    warmup: 1s
    # Time to wait for next state checking
    interval: 6s
    # Number of successful check attempts that indicates end of checking
    done_threshold: 4
    # Max time to wait for the instance to be healthy after executing the start script or e.g deploying a package
    await_started:
      timeout: 30m
    # Max time to wait for the instance to be stopped after executing the stop script
    await_stopped:
      timeout: 10m
    # Max time in which socket connection to instance should be established
    reachable:
      timeout: 3s
    # Bundle state tracking
    bundle_stable:
      symbolic_names_ignored: []
    # OSGi events tracking
    event_stable:
      # Topics indicating that instance is not stable
      topics_unstable:
        - "org/osgi/framework/ServiceEvent/*"
        - "org/osgi/framework/FrameworkEvent/*"
        - "org/osgi/framework/BundleEvent/*"
      # Ignored service names to handle known issues
      details_ignored:
        - "*.*MBean"
        - "org.osgi.service.component.runtime.ServiceComponentRuntime"
        - "java.util.ResourceBundle"
      received_max_age: 5s
    # OSGi components state tracking
    component_stable:
      skip: false
      pids:
        include: ['com.day.crx.packaging.*', 'org.apache.sling.installer.*']
        exclude: ['org.apache.sling.installer.hc.*', 'org.apache.sling.installer.core.impl.console.*']
        match:
          "disabled": []
          "no config": []
          "unsatisfied (reference)": []
          "satisfied": []
    # Sling Installer tracking
    installer:
      # JMX state checking
      state: true
      # Pause Installation nodes checking
      pause: true

  # Managed locally (set up automatically)
  local:
    # Wait only for those instances whose state has been changed internally (unaware of external changes)
    await_strict: true

    # Current runtime dir (Sling launchpad, JCR repository)
    unpack_dir: "aem/home/var/instance"
    # Archived runtime dir (AEM backup files '*.aemb.zst')
    backup_dir: "aem/home/var/backup"

  # Status discovery (timezone, AEM version, etc)
  status:
    timeout: 500ms

  # JCR Repository
  repo:
    property_change_ignored:
      # AEM assigns them automatically
      - "jcr:created"
      - "cq:lastModified"
      # AEM encrypts it right after changing by replication agent setup command
      - "transportPassword"

  # CRX Package Manager
  package:
    # Force re-uploading/installing of snapshot AEM packages (just built / unreleased)
    snapshot_patterns: [ "**/*-SNAPSHOT.zip" ]
    # Use checksums to avoid re-deployments when snapshot AEM packages are unchanged
    snapshot_deploy_skipping: true
    # Disable following workflow launchers for a package deployment time only
    toggled_workflows: [/libs/settings/workflow/launcher/config/asset_processing_on_sdk_*,/libs/settings/workflow/launcher/config/update_asset_*,/libs/settings/workflow/launcher/config/dam_*]
    # Also sub-packages
    install_recursive: true
    # Use slower HTML endpoint for deployments but with better troubleshooting
    install_html:
      enabled: false
      # Print HTML directly to console instead of writing to file
      console: false
      # Fail on case 'installed with errors'
      strict: true
    # Number of changes after which the commit to the repository is performed
    install_save_threshold: 1024
    # Allows to relax dependency handling if needed
    install_dependency_handling: required
    # Controls how 'rep:policy' nodes are handled during import
    install_ac_handling: ''

  # OSGi Framework
  osgi:
    bundle:
      install:
        start: true
        start_level: 20
        refresh_packages: true

  # Crypto Support
  crypto:
    key_bundle_symbolic_name: com.adobe.granite.crypto.file

  # Workflow Manager
  workflow:
    launcher:
      lib_root: /libs/settings/workflow/launcher
      config_root: /conf/global/settings/workflow/launcher
      toggle_retry:
        timeout: 10m
        delay: 10s

java:
  # Require following versions before e.g running AEM instances
  version_constraints: ">= 11, < 12"

  # Pre-installed local JDK dir
  # a) keep it empty to download open source Java automatically for current OS and architecture
  # b) set it to absolute path or to env var '[[.Env.JAVA_HOME]]' to indicate where closed source Java like Oracle is installed
  home_dir: ""

  # Auto-installed JDK options
  download:
    # Source URL with template vars support
    url: "https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jdk_[[.Arch]]_[[.Os]]_hotspot_11.0.25_9.[[.ArchiveExt]]"
    # Map source URL template vars to be compatible with Adoptium Java
    replacements:
      # Var 'Os' (GOOS)
      "darwin": "mac"
      # Var 'Arch' (GOARCH)
      "x86_64": "x64"
      "amd64": "x64"
      "386": "x86-32"
      # enforce non-ARM Java as some AEM features are not working on ARM (e.g Scene7)
      "arm64": "x64"
      "aarch64": "x64"

base:
  # Location of temporary files (downloaded AEM packages, etc)
  tmp_dir: aem/home/tmp
  # Location of supportive tools (downloaded Java, OakRun, unpacked AEM SDK)
  tool_dir: aem/home/opt

log:
  level: info
  timestamp_format: "2006-01-02 15:04:05"
  full_timestamp: true

input:
  format: yml
  file: STDIN

output:
  format: text
  log:
    # File path of logs written especially when output format is different than 'text'
    file: aem/home/var/log/aem.log
    # Controls where outputs and logs should be written to when format is 'text' (console|file|both)
    mode: console

vendor:
  # AEM instance source files
  quickstart:
    # AEM SDK ZIP or JAR
    dist_file: 'aem/home/lib/{aem-sdk,cq-quickstart}-*.{zip,jar}'
    # AEM License properties file
    license_file: "aem/home/lib/license.properties"

  # JDK used to: run AEM instances, build OSGi bundles, assemble AEM packages
  java:
    # Require following versions before e.g running AEM instances
    version_constraints: ">= 11, < 12"

    # Pre-installed local JDK dir
    # a) keep it empty to download open source Java automatically for current OS and architecture
    # b) set it to absolute path or to env var '[[.Env.JAVA_HOME]]' to indicate where closed source Java like Oracle is installed
    home_dir: ""

    # Auto-installed JDK options
    download:
      # Source URL with template vars support
      url: "https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.25%2B9/OpenJDK11U-jdk_[[.Arch]]_[[.Os]]_hotspot_11.0.25_9.[[.ArchiveExt]]"
      # Map source URL template vars to be compatible with Adoptium Java
      replacements:
        # Var 'Os' (GOOS)
        "darwin": "mac"
        # Var 'Arch' (GOARCH)
        "x86_64": "x64"
        "amd64": "x64"
        "386": "x86-32"
        # enforce non-ARM Java as some AEM features are not working on ARM (e.g Scene7)
        "arm64": "x64"
        "aarch64": "x64"

  # Oak Run tool options (offline instance management)
  oak_run:
    download_url: "https://repo1.maven.org/maven2/org/apache/jackrabbit/oak-run/1.72.0/oak-run-1.72.0.jar"
    store_path: "crx-quickstart/repository/segmentstore"

# Source files
quickstart:
  # AEM SDK ZIP or JAR
  dist_file: "aem/home/lib/{aem-sdk,cq-quickstart}-*.{zip,jar}"
  # AEM License properties file
  license_file: "aem/home/lib/license.properties"

# Content clean options
content:
  clean:
    # File patterns to be deleted
    files_deleted:
      - patterns:
          - "**/.vlt"
          - "**/.vlt*.tmp"
          - "**/install/*.jar"
    # File patterns to be flattened
    files_flattened:
      - "**/_cq_design_dialog/.content.xml"
      - "**/_cq_dialog/.content.xml"
      - "**/_cq_htmlTag/.content.xml"
      - "**/_cq_template/.content.xml"
    # Property patterns to be skipped, removed from cleaned file
    properties_skipped:
      - patterns: "jcr:uuid"
        excluded_paths: [ "**/home/users/*", "**/home/groups/*" ]
      - patterns: "cq:lastModified*"
        excluded_paths: [ "**/content/experience-fragments/*" ]
      - patterns: [ "dam:sha1", "dam:size" ]
        included_paths: [ "**/content/dam/*.svg/*" ]
      - patterns:
          - "jcr:lastModified*"
          - "jcr:created*"
          - "jcr:isCheckedOut"
          - "cq:lastReplicat*"
          - "cq:lastRolledout*"
          - "dam:extracted"
          - "dam:assetState"
          - "dc:modified"
          - "*_x0040_*"
          - "cq:name"
          - "cq:parentPath"
          - "dam:copiedAt"
          - "dam:parentAssetID"
          - "dam:relativePath"
    # Mixin type patterns to be skipped, removed from cleaned file
    mixin_types_skipped:
      - patterns:
          - "cq:ReplicationStatus"
          - "mix:versionable"
    # Unused namespaces to be skipped, removed from cleaned file
    namespaces_skipped: true

Note that environment variables may be injected in any part of config file. Environment variables could be defined in one or many dotenv files.

Overriding default configuration

By default, the VCS-tracked file is loaded (aem/default/etc). However, occasionally developers might want to override the default config file and load a VCS-ignored file instead (aem/home/etc/aem.yml).

To do so, run the command:

sh aemw config init

Configuration precedence

All configuration options specified in file aem.yml could be overridden by environment variables. Simply add prefix AEM_ then each level of nested YAML object join with _ and lowercase the name of each object.

For example: instance.local.quickstart.dist_file could be overridden by environment variable AEM_INSTANCE_LOCAL_QUICKSTART_DIST_FILE

Also note that some configuration options may be ultimately overridden by CLI flags, like --output-format.

Context-specific customization

By default, fail-safe options are in use. However, consider using the configuration options listed below to achieve a more desired tool experience.

Improving performance

export AEM_INSTANCE_PROCESSING_MODE=parallel

This setting will significantly reduce command execution time. Although be aware that when deploying heavy AEM packages like Service Packs on the same machine in parallel, a heavy load could be observed, which could lead to unpredicted AEM CMS and AEM Compose tool behavior.

Increasing verbosity

export AEM_OUTPUT_VALUE=ALL

Setting this environment variable will instruct the tool to request from the AEM instance descriptive information about the recently executed command subject. For example, if a recently executed command was sh aemw package deploy my-package.zip -A the AEM Compose tool after doing the actual package deployment will request from CRX Package Manager the exact information about just deployed package. This feature is beneficial for clarity and debugging purposes.

Installing content packages

To install larger AEM packages that may include content pages, assets, and more, you can adjust the HTTP timeout setting. By default, the timeout is set to 10m, but you have the option to increase it (e.g., to 3h) or disable it completely (by using 0).

To set the timeout for a single AEMC command, use the following syntax:

AEM_INSTANCE_HTTP_TIMEOUT=0 sh aemw package deploy --file my-package.zip

It's important to be aware that AEMaaCS also has its own timeout for requests made to the Package Manager UI. For detailed information, please refer to the documentation.

To skip the instance health check after running a command that would normally trigger it, AEM_INSTANCE_CHECK_SKIP environment variable can be used. This can save a lot of time when deploying a lot of packages sequentially.

To skip the instance health check for a single AEMC command, use the following syntax:

AEM_INSTANCE_CHECK_SKIP=true sh aemw package deploy --file my-package.zip

Installing packages with troubleshooting

Starting from version 1.4.0 (see #177), AEMC now supports AEM package installations using an HTML report serving endpoint, similar to CRX Package Manager's. While this method may result in slightly extended installation times, it provides a comprehensive HTML report detailing the package installation process.

This new feature offers two distinct modes for leveraging its benefits:

  1. Saving HTML report to file:

    AEM_INSTANCE_PACKAGE_INSTALL_HTML_ENABLED=true sh aemw package deploy --file my-package.zip
  2. Direct console output of HTML report:

    AEM_INSTANCE_PACKAGE_INSTALL_HTML_ENABLED=true AEM_INSTANCE_PACKAGE_INSTALL_HTML_CONSOLE=true sh aemw package deploy --file my-package.zip

Examples

Replication agents

  1. Configuring publish agent on AEM author:

    PROPS="
    enabled: true
    transportUri: http://localhost:4503/bin/receive?sling:authRequestLogin=1
    transportUser: admin
    transportPassword: admin
    userId: admin
    "
    echo "$PROPS" | sh aemw repl agent setup -A --location "author" --name "publish"
  2. Configuring flush agent on AEM publish:

    PROPS="
    enabled: true
    transportUri: http://localhost/dispatcher/invalidate.cache
    protocolHTTPHeaders:
    - 'CQ-Action: {action}'
    - 'CQ-Handle: {path}'
    - 'CQ-Path: {path}'
    - 'Host: flush'
    "
    echo "$PROPS" | sh aemw repl agent setup -P --location "publish" --name "flush"

    If needed, update localhost to the value on which AEM dispatcher is available, e.g.localhost:8080.

SSL by Default

AEM Compose supports SSL by Default feature of AEM.

This feature requires:

  • certificate file in PEM format
  • private key file in DER or PEM format
  • password for keystore (has to be the same for each invocation of the tool)
  • password for truststore (can be different for each invocation of the tool)
  • hostname for HTTPS connector (used by AEM to check if the setup was successful; has to be reachable by AEM)
  • port for HTTPS connector

To set up SSL by Default, run:

sh aemw ssl setup \
   --instance-author
   --keystore-password password \
   --truststore-password password1 \
   --certificate-file localhost.crt \
   --private-key-file localhostprivate.key \
   --https-hostname localhost \
   --https-port 8443

sh aemw ssl setup \
   --instance-publish
   --keystore-password password \
   --truststore-password password1 \
   --certificate-file localhost.crt \
   --private-key-file localhostprivate.key \
   --https-hostname localhost \
   --https-port 9443

Above example uses the self-signed certificate created as per the AEM docs.

See the reference documentation: AEM 6.5 > Administering Guide > SSL by Default

For local environment remember to set different port numbers for author and publish instances.

Global Trust Store

AEM Compose supports managing the trust store of AEM instances.

This feature supports:

  • creation of the general trust store if it does not exist

    sh aemw gts create --password PASSWORD_HERE -A
  • getting the general trust store status

    sh aemw gts status -A
  • adding a certificate to the general trust store

    sh aemw gts certificate add --path <path> -A

This command will add a certificate to the general trust store only if not exists in trust store and will return the alias of the certificate. Command certificate add supports certificates in PEM and DER formats.

  • reading a certificate from the general trust store (by alias)

    sh aemw gts certificate read --alias <alias> -A
  • removing a certificate from the general trust store (by alias)

    sh aemw gts certificate remove --alias <alias> -A

Troubleshooting

Migration from Gradle plugins

If you're migrating from Gradle AEM Plugin you may run into issue with setting up dispatcher. In case of error when running task dispatcher:start or dispatcher:setup:

2024-01-22 16:37:23 dispatcher  | 2024/01/22 15:37:23 Dispatcher configuration validation failed:
2024-01-22 16:37:23 dispatcher  | 2024/01/22 15:37:23   /mnt/dev/src/conf.d/variables/default.vars: lstat /etc/httpd.extra: no such file or directory
2024-01-22 16:37:23 dispatcher  |
2024-01-22 16:37:23 dispatcher  | ERROR Mon Jan 22 15:37:23 UTC 2024 Configuration invalid, please fix and retry,
2024-01-22 16:37:23 dispatcher  |               Line numbers reported are correct for your configuration files.

Check if there is a broken symlink/file in dispatcher/src/variables/default.vars. If the file exists, delete it and run the task again.

Contributing

Issues reported or pull requests created will be very appreciated.

  1. Fork plugin source code using a dedicated GitHub button.
  2. See development guide
  3. Do code changes on a feature branch created from main branch.
  4. Create a pull request with a base of main branch.

Authors

License

AEM Compose is licensed under the Apache License, Version 2.0 (the "License")