全文分為八個組成部分
一、安裝部署
二、參數優化
三、運維監控
四、備份恢復
五、故障處理
六、常用命令
七、相關資料
八、原理總結
####開始閱讀############
一、安裝部署
需要用到的組件,按安裝先后順序排序
centos7.6
jdk1.8.0_211
mysql-connector-java-5.1.47
mysql5.6.44
jira8.2.2
confluence6.15.4
crowd3.6.6
nginx1.16.0
選擇centos7.6,至少8核16GB,掛載一塊500GB到/var,主要用來存儲jira和confluence的備份和日志;掛載1塊50GB/opt,/opt/soft主要用來存放安裝軟件。
1.1、下載安裝jdk和mysql-connector-java
下載最新的jdk,放到/opt/soft
tar xf jdk-8u211-linux-x64.tar.gz -C /usr/local/
ln -s /usr/local/jdk1.8.0_211/ /usr/local/java
vim /etc/profile.d/jdk.sh
export JAVA_HOME=/usr/local/java
export JRE_HOME=$JAVA_HOME/jre
export CLASS_PATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib
export PATH=$PATH:$JAVA_HOME/bin:$JRE_HOME/bin
source /etc/profile.d/jdk.sh
[root@localhost local]# java -version
java version "1.8.0_211"
Java(TM) SE Runtime Environment (build 1.8.0_211-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.211-b12, mixed mode)
1.2
官網下載mysql驅動程序https://dev.mysql.com/downloads/connector/j/5.1.html,放到/opt/soft,
解壓之后會得到一個文件mysql-connector-java-5.1.47-bin.jar,后續講這個文件放到哪里。
1.3、下載安裝mysql5.6.44
重點在my.cnf
Set the default storage engine to InnoDB:
[mysqld]
...
default-storage-engine=INNODB
...
Specify the value of max_allowed_packet to be at least 256M:
[mysqld]
...
max_allowed_packet=256M
...
Specify the value of innodb_log_file_size to be at least 2G:
[mysqld]
...
innodb_log_file_size=256M
...
Ensure the sql_mode parameter does not specify NO_AUTO_VALUE_ON_ZERO
// remove this if it exists
sql_mode = NO_AUTO_VALUE_ON_ZERO
創建數據庫賦權限
create database confluence character set utf8 collate utf8_bin;
create database jira character set utf8 collate utf8_bin;
create database crowd character set utf8 collate utf8_bin;
grant all privileges on confluence.* to 'confluence'@'localhost' identified by 'xxxxxxx';
grant all privileges on confluence.* to 'confluence'@'%' identified by 'xxxxxxx';
grant all privileges on jira.* to 'jira'@'localhost' identified by 'xxxxxxx';
grant all privileges on jira.* to 'jira'@'%' identified by 'xxxxxxx';
grant all privileges on crowd.* to 'crowd'@'localhost' identified by 'xxxxxxx';
grant all privileges on crowd.* to 'crowd'@'%' identified by 'xxxxxxx';
flush privileges;
1.4、安裝jira
Atlassian官網下載jira
https://www.atlassian.com/software/jira/download
chmod a+x atlassian-jira-software-X.X.X-x64.bin
./atlassian-jira-software-X.X.X-x64.bin
安裝完成之后,將前面提到的mysql驅動程序,放到jira的安裝目錄。
cp mysql-connector-java-5.1.47-bin.jar /opt/atlassian/jira/atlassian-jira/WEB-INF/lib/
訪問http://localhost:8080
Choose I'll set it up myself
Choose My own database
...
1.5、安裝confluence
Atlassian官網下載confluence
https://www.atlassian.com/software/confluence/download
chmod a+x atlassian-confluence-X.X.X-x64.bin
./atlassian-confluence-X.X.X-x64.bin
安裝完成之后,將前面提到的mysql驅動程序,放到jira的安裝目錄。
cp mysql-connector-java-5.1.47-bin.jar /opt/atlassian/confluence/confluence/WEB-INF/lib
訪問http://localhost:8090
Choose Production installation
Choose any apps you'd also like to install
...
1.6、安裝Crowd
Atlassian官方下載crowd
https://www.atlassian.com/software/crowd/download-archive
解壓后
mv atlassian-crowd-3.3.6.zip crowd
mv crowd /opt/atlassian/
cp mysql-connector-java-5.1.47-bin.jar /opt/atlassian/crowd/crowd-webapp/WEB-INF/lib
編輯crowd的數據文件目錄
vi /opt/atlassian/crowd/crowd-webapp/WEB-INF/classes/crowd-init.properties
在末尾添加一行
crowd.home=/var/atlassian/application-data/crowd
啟動Crowd
/opt/atlassian/crowd/start_crowd.sh
訪問http://localhost:8095
1.7、安裝nginx
wget http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
rpm -ivh nginx-release-centos-7-0.el7.ngx.noarch.rpm
yum install nginx
systemctl start nginx
touch /etc/nginx/conf.d/jira.redirect.conf
#######
server {
listen 80;
server_name jira.xxxx.com confluence.oasgames.com;
if ($host = 'jira.oasgames.com'){
rewrite ^/(.*)$ http://jira.xxxx.com:8080/$1 permanent;
}
if ($host = 'confluence.oasgames.com'){
rewrite ^/(.*)$ http://jira.oasgames.com:8090/$1 permanent;
}
access_log /var/log/nginx/jira.log main;
}
server {
listen 80;
server_name jira.xxxx.cn confluence.xxxx.cn;
if ($host = 'jira.xxxx.cn'){
rewrite ^/(.*)$ http://jira.xxxx.cn:8080/$1 permanent;
}
if ($host = 'confluence.xxxx.cn'){
rewrite ^/(.*)$ http://jira.xxxx.cn:8090/$1 permanent;
}
access_log /var/log/nginx/jira.log main;
}
########
service nginx start #啟動 nginx 服務
service nginx stop #停止 nginx 服務
service nginx restart #重啟 nginx 服務
1.7、集成SSO
首選在Crowd創建3個應用,創建組,創建用戶。
Username:jira-app
Password:xxxxxxxxxx
Username:confluence-app
Password:xxxxxxxxxx
Username:crowdid-app
Password:xxxxxxxxxx
接下來修改配置文件seraph-config.xml,在jira和confluence路徑
vim /opt/atlassian/jira/atlassian-jira/WEB-INF/classes/seraph-config.xml
# 找到這一行並注釋掉
<!--<authenticator class="com.atlassian.jira.security.login.JiraSeraphAuthenticator"/>-->
# 找到這一行,並解開注釋
<authenticator class="com.atlassian.jira.security.login.SSOSeraphAuthenticator"/>
vim /opt/atlassian/confluence/confluence/WEB-INF/classes/seraph-config.xml
# 找到這一行並注釋掉
<!--<authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>-->
# 找到這一行,並解開注釋
<authenticator class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/>
vim /opt/atlassian/jira/atlassian-jira/WEB-INF/classes/crowd.properties
application.name jira-app
application.password xxxxxx
application.login.url http://localhost:8080/
crowd.server.url http://localhost:8095/crowd/services/
crowd.base.url http://localhost:8095/crowd/
session.isauthenticated session.isauthenticated
session.tokenkey session.tokenkey
session.validationinterval 2
session.lastvalidation session.lastvalidation
cookie.tokenkey crowd.token_key
vim /opt/atlassian/confluence/confluence/WEB-INF/classes/crowd.properties
修改成下面這樣
application.name confluence-app
application.password xxxxxx
application.login.url http://localhost:8090/
crowd.server.url http://localhost:8095/crowd/services/
crowd.base.url http://localhost:8095/crowd/
session.isauthenticated session.isauthenticated
session.tokenkey session.tokenkey
session.validationinterval 2
session.lastvalidation session.lastvalidation
cookie.tokenkey crowd.token_key
重啟jira和confluence
二、參數優化
[jira JAVA虛擬機內存修改]
JVM_MINIMUM_MEMORY="1024m"
JVM_MAXIMUM_MEMORY="4096m"
[confluence JAVA虛擬機內存修改]
CATALINA_OPTS="-Xms1024m -Xmx4096m -XX:+UseG1GC ${CATALINA_OPTS}"
三、運維監控
接入zabbix監控硬件,7x24.
接入clamav殺毒系統,每周二、四、六更新病毒庫,查殺。
將xxx辦公網絡出口、跳板機、zabbix,加入防火牆IP白名單,其余drop。
四、備份恢復
[自動備份每天凌晨2點]
Confluece數據備份目錄:/var/atlassian/application-data/confluence/backups
Confluece附件所在目錄:/var/atlassian/application-data/confluence/attachments
JIRA備份數據目錄: /var/atlassian/application-data/jira/export
JIRA附件數據目錄: /var/atlassian/application-data/jira/data/attachments
[寫腳本每全備每天凌晨3點]
數據庫異地備份到S3
五、故障處理
略
六、常用命令
top 看進程占用的資源
netstat -antup 查看進程端口存活
/opt/atlassian/confluence/logs/catalina.out 看jira日志
/application-data/jira/log/atlassian-jira.log 看jira日志
/opt/atlassian/confluence/logs/catalina.out 看confluence日志
/application-data/confluence/log/atlassian-confluence.log 看confluence日志
JIRA Service:
/opt/atlassian/jira/bin/start-jira.sh
/opt/atlassian/jira/bin/stop-jira.sh
Confluence Service:
/opt/atlassian/confluence/bin/start-confluence.sh
/opt/atlassian/confluence/bin/stop-confluence.sh
Crowd:
/opt/atlassian/crowd/start_crowd.sh
/opt/atlassian/crowd/stop_crowd.sh
七、相關資料
[mysql setup]
https://confluence.atlassian.com/adminjiraserver/connecting-jira-applications-to-mysql-5-6-938846854.html
[jira setup]
https://confluence.atlassian.com/adminjiraserver/installing-jira-applications-on-linux-938846841.html
[confluence setup]
https://confluence.atlassian.com/doc/installing-confluence-on-linux-143556824.html
[crowd setup]
https://confluence.atlassian.com/crowd/installing-crowd-24248834.html
[nginx setup]
https://blog.csdn.net/j080624/article/details/78087813
[SSO setup]
https://community.atlassian.com/t5/Jira-questions/SSO-Crowd-Jira-Confluence/qaq-p/446129
https://confluence.atlassian.com/crowd/overview-of-sso-179445277.html
https://confluence.atlassian.com/crowd/integrating-crowd-with-atlassian-jira-192625.html
https://confluence.atlassian.com/crowd/integrating-crowd-with-atlassian-bamboo-198785.html
https://www.cnblogs.com/xxsl/p/6876941.html
[migration]
https://blog.csdn.net/BDCHome/article/details/89601844
八、原理總結
主講認證部分
部署的架構,jira和confluence的用戶認證,使用crowd,實現了SSO。
結合圖,方便理解。
####結束閱讀####謝謝########