全文分为八个组成部分
一、安装部署
二、参数优化
三、运维监控
四、备份恢复
五、故障处理
六、常用命令
七、相关资料
八、原理总结
####开始阅读############
一、安装部署
需要用到的组件,按安装先后顺序排序
centos7.6
jdk1.8.0_211
mysql-connector-java-5.1.47
mysql5.6.44
jira8.2.2
confluence6.15.4
crowd3.6.6
nginx1.16.0
选择centos7.6,至少8核16GB,挂载一块500GB到/var,主要用来存储jira和confluence的备份和日志;挂载1块50GB/opt,/opt/soft主要用来存放安装软件。
1.1、下载安装jdk和mysql-connector-java
下载最新的jdk,放到/opt/soft
tar xf jdk-8u211-linux-x64.tar.gz -C /usr/local/
ln -s /usr/local/jdk1.8.0_211/ /usr/local/java
vim /etc/profile.d/jdk.sh
export JAVA_HOME=/usr/local/java
export JRE_HOME=$JAVA_HOME/jre
export CLASS_PATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib
export PATH=$PATH:$JAVA_HOME/bin:$JRE_HOME/bin
source /etc/profile.d/jdk.sh
[root@localhost local]# java -version
java version "1.8.0_211"
Java(TM) SE Runtime Environment (build 1.8.0_211-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.211-b12, mixed mode)
1.2
官网下载mysql驱动程序https://dev.mysql.com/downloads/connector/j/5.1.html,放到/opt/soft,
解压之后会得到一个文件mysql-connector-java-5.1.47-bin.jar,后续讲这个文件放到哪里。
1.3、下载安装mysql5.6.44
重点在my.cnf
Set the default storage engine to InnoDB:
[mysqld]
...
default-storage-engine=INNODB
...
Specify the value of max_allowed_packet to be at least 256M:
[mysqld]
...
max_allowed_packet=256M
...
Specify the value of innodb_log_file_size to be at least 2G:
[mysqld]
...
innodb_log_file_size=256M
...
Ensure the sql_mode parameter does not specify NO_AUTO_VALUE_ON_ZERO
// remove this if it exists
sql_mode = NO_AUTO_VALUE_ON_ZERO
创建数据库赋权限
create database confluence character set utf8 collate utf8_bin;
create database jira character set utf8 collate utf8_bin;
create database crowd character set utf8 collate utf8_bin;
grant all privileges on confluence.* to 'confluence'@'localhost' identified by 'xxxxxxx';
grant all privileges on confluence.* to 'confluence'@'%' identified by 'xxxxxxx';
grant all privileges on jira.* to 'jira'@'localhost' identified by 'xxxxxxx';
grant all privileges on jira.* to 'jira'@'%' identified by 'xxxxxxx';
grant all privileges on crowd.* to 'crowd'@'localhost' identified by 'xxxxxxx';
grant all privileges on crowd.* to 'crowd'@'%' identified by 'xxxxxxx';
flush privileges;
1.4、安装jira
Atlassian官网下载jira
https://www.atlassian.com/software/jira/download
chmod a+x atlassian-jira-software-X.X.X-x64.bin
./atlassian-jira-software-X.X.X-x64.bin
安装完成之后,将前面提到的mysql驱动程序,放到jira的安装目录。
cp mysql-connector-java-5.1.47-bin.jar /opt/atlassian/jira/atlassian-jira/WEB-INF/lib/
访问http://localhost:8080
Choose I'll set it up myself
Choose My own database
...
1.5、安装confluence
Atlassian官网下载confluence
https://www.atlassian.com/software/confluence/download
chmod a+x atlassian-confluence-X.X.X-x64.bin
./atlassian-confluence-X.X.X-x64.bin
安装完成之后,将前面提到的mysql驱动程序,放到jira的安装目录。
cp mysql-connector-java-5.1.47-bin.jar /opt/atlassian/confluence/confluence/WEB-INF/lib
访问http://localhost:8090
Choose Production installation
Choose any apps you'd also like to install
...
1.6、安装Crowd
Atlassian官方下载crowd
https://www.atlassian.com/software/crowd/download-archive
解压后
mv atlassian-crowd-3.3.6.zip crowd
mv crowd /opt/atlassian/
cp mysql-connector-java-5.1.47-bin.jar /opt/atlassian/crowd/crowd-webapp/WEB-INF/lib
编辑crowd的数据文件目录
vi /opt/atlassian/crowd/crowd-webapp/WEB-INF/classes/crowd-init.properties
在末尾添加一行
crowd.home=/var/atlassian/application-data/crowd
启动Crowd
/opt/atlassian/crowd/start_crowd.sh
访问http://localhost:8095
1.7、安装nginx
wget http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
rpm -ivh nginx-release-centos-7-0.el7.ngx.noarch.rpm
yum install nginx
systemctl start nginx
touch /etc/nginx/conf.d/jira.redirect.conf
#######
server {
listen 80;
server_name jira.xxxx.com confluence.oasgames.com;
if ($host = 'jira.oasgames.com'){
rewrite ^/(.*)$ http://jira.xxxx.com:8080/$1 permanent;
}
if ($host = 'confluence.oasgames.com'){
rewrite ^/(.*)$ http://jira.oasgames.com:8090/$1 permanent;
}
access_log /var/log/nginx/jira.log main;
}
server {
listen 80;
server_name jira.xxxx.cn confluence.xxxx.cn;
if ($host = 'jira.xxxx.cn'){
rewrite ^/(.*)$ http://jira.xxxx.cn:8080/$1 permanent;
}
if ($host = 'confluence.xxxx.cn'){
rewrite ^/(.*)$ http://jira.xxxx.cn:8090/$1 permanent;
}
access_log /var/log/nginx/jira.log main;
}
########
service nginx start #启动 nginx 服务
service nginx stop #停止 nginx 服务
service nginx restart #重启 nginx 服务
1.7、集成SSO
首选在Crowd创建3个应用,创建组,创建用户。
Username:jira-app
Password:xxxxxxxxxx
Username:confluence-app
Password:xxxxxxxxxx
Username:crowdid-app
Password:xxxxxxxxxx
接下来修改配置文件seraph-config.xml,在jira和confluence路径
vim /opt/atlassian/jira/atlassian-jira/WEB-INF/classes/seraph-config.xml
# 找到这一行并注释掉
<!--<authenticator class="com.atlassian.jira.security.login.JiraSeraphAuthenticator"/>-->
# 找到这一行,并解开注释
<authenticator class="com.atlassian.jira.security.login.SSOSeraphAuthenticator"/>
vim /opt/atlassian/confluence/confluence/WEB-INF/classes/seraph-config.xml
# 找到这一行并注释掉
<!--<authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>-->
# 找到这一行,并解开注释
<authenticator class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/>
vim /opt/atlassian/jira/atlassian-jira/WEB-INF/classes/crowd.properties
application.name jira-app
application.password xxxxxx
application.login.url http://localhost:8080/
crowd.server.url http://localhost:8095/crowd/services/
crowd.base.url http://localhost:8095/crowd/
session.isauthenticated session.isauthenticated
session.tokenkey session.tokenkey
session.validationinterval 2
session.lastvalidation session.lastvalidation
cookie.tokenkey crowd.token_key
vim /opt/atlassian/confluence/confluence/WEB-INF/classes/crowd.properties
修改成下面这样
application.name confluence-app
application.password xxxxxx
application.login.url http://localhost:8090/
crowd.server.url http://localhost:8095/crowd/services/
crowd.base.url http://localhost:8095/crowd/
session.isauthenticated session.isauthenticated
session.tokenkey session.tokenkey
session.validationinterval 2
session.lastvalidation session.lastvalidation
cookie.tokenkey crowd.token_key
重启jira和confluence
二、参数优化
[jira JAVA虚拟机内存修改]
JVM_MINIMUM_MEMORY="1024m"
JVM_MAXIMUM_MEMORY="4096m"
[confluence JAVA虚拟机内存修改]
CATALINA_OPTS="-Xms1024m -Xmx4096m -XX:+UseG1GC ${CATALINA_OPTS}"
三、运维监控
接入zabbix监控硬件,7x24.
接入clamav杀毒系统,每周二、四、六更新病毒库,查杀。
将xxx办公网络出口、跳板机、zabbix,加入防火墙IP白名单,其余drop。
四、备份恢复
[自动备份每天凌晨2点]
Confluece数据备份目录:/var/atlassian/application-data/confluence/backups
Confluece附件所在目录:/var/atlassian/application-data/confluence/attachments
JIRA备份数据目录: /var/atlassian/application-data/jira/export
JIRA附件数据目录: /var/atlassian/application-data/jira/data/attachments
[写脚本每全备每天凌晨3点]
数据库异地备份到S3
五、故障处理
略
六、常用命令
top 看进程占用的资源
netstat -antup 查看进程端口存活
/opt/atlassian/confluence/logs/catalina.out 看jira日志
/application-data/jira/log/atlassian-jira.log 看jira日志
/opt/atlassian/confluence/logs/catalina.out 看confluence日志
/application-data/confluence/log/atlassian-confluence.log 看confluence日志
JIRA Service:
/opt/atlassian/jira/bin/start-jira.sh
/opt/atlassian/jira/bin/stop-jira.sh
Confluence Service:
/opt/atlassian/confluence/bin/start-confluence.sh
/opt/atlassian/confluence/bin/stop-confluence.sh
Crowd:
/opt/atlassian/crowd/start_crowd.sh
/opt/atlassian/crowd/stop_crowd.sh
七、相关资料
[mysql setup]
https://confluence.atlassian.com/adminjiraserver/connecting-jira-applications-to-mysql-5-6-938846854.html
[jira setup]
https://confluence.atlassian.com/adminjiraserver/installing-jira-applications-on-linux-938846841.html
[confluence setup]
https://confluence.atlassian.com/doc/installing-confluence-on-linux-143556824.html
[crowd setup]
https://confluence.atlassian.com/crowd/installing-crowd-24248834.html
[nginx setup]
https://blog.csdn.net/j080624/article/details/78087813
[SSO setup]
https://community.atlassian.com/t5/Jira-questions/SSO-Crowd-Jira-Confluence/qaq-p/446129
https://confluence.atlassian.com/crowd/overview-of-sso-179445277.html
https://confluence.atlassian.com/crowd/integrating-crowd-with-atlassian-jira-192625.html
https://confluence.atlassian.com/crowd/integrating-crowd-with-atlassian-bamboo-198785.html
https://www.cnblogs.com/xxsl/p/6876941.html
[migration]
https://blog.csdn.net/BDCHome/article/details/89601844
八、原理总结
主讲认证部分
部署的架构,jira和confluence的用户认证,使用crowd,实现了SSO。
结合图,方便理解。
####结束阅读####谢谢########