• Atlassian产品实践[JIRA+Confluence+Crowd]


    全文分为八个组成部分

    一、安装部署
    二、参数优化
    三、运维监控
    四、备份恢复
    五、故障处理
    六、常用命令
    七、相关资料
    八、原理总结

    ####开始阅读############
    一、安装部署
    需要用到的组件,按安装先后顺序排序
    centos7.6
    jdk1.8.0_211
    mysql-connector-java-5.1.47
    mysql5.6.44
    jira8.2.2
    confluence6.15.4
    crowd3.6.6
    nginx1.16.0
    选择centos7.6,至少8核16GB,挂载一块500GB到/var,主要用来存储jira和confluence的备份和日志;挂载1块50GB/opt,/opt/soft主要用来存放安装软件。
    1.1、下载安装jdk和mysql-connector-java
    下载最新的jdk,放到/opt/soft
    tar xf jdk-8u211-linux-x64.tar.gz -C /usr/local/
    ln -s /usr/local/jdk1.8.0_211/ /usr/local/java

    vim /etc/profile.d/jdk.sh
    export JAVA_HOME=/usr/local/java
    export JRE_HOME=$JAVA_HOME/jre
    export CLASS_PATH=.:$JAVA_HOME/lib/dt.jar:$JAVA_HOME/lib/tools.jar:$JRE_HOME/lib
    export PATH=$PATH:$JAVA_HOME/bin:$JRE_HOME/bin

    source /etc/profile.d/jdk.sh

    [root@localhost local]# java -version
    java version "1.8.0_211"
    Java(TM) SE Runtime Environment (build 1.8.0_211-b12)
    Java HotSpot(TM) 64-Bit Server VM (build 25.211-b12, mixed mode)

    1.2
    官网下载mysql驱动程序https://dev.mysql.com/downloads/connector/j/5.1.html,放到/opt/soft,
    解压之后会得到一个文件mysql-connector-java-5.1.47-bin.jar,后续讲这个文件放到哪里。

    1.3、下载安装mysql5.6.44
    重点在my.cnf
    Set the default storage engine to InnoDB:
    [mysqld]
    ...
    default-storage-engine=INNODB
    ...
    Specify the value of max_allowed_packet to be at least 256M:

    [mysqld]
    ...
    max_allowed_packet=256M
    ...
    Specify the value of innodb_log_file_size to be at least 2G:

    [mysqld]
    ...
    innodb_log_file_size=256M
    ...
    Ensure the sql_mode parameter does not specify NO_AUTO_VALUE_ON_ZERO

    // remove this if it exists
    sql_mode = NO_AUTO_VALUE_ON_ZERO

    创建数据库赋权限
    create database confluence character set utf8 collate utf8_bin;
    create database jira character set utf8 collate utf8_bin;
    create database crowd character set utf8 collate utf8_bin;

    grant all privileges on confluence.* to 'confluence'@'localhost' identified by 'xxxxxxx';
    grant all privileges on confluence.* to 'confluence'@'%' identified by 'xxxxxxx';

    grant all privileges on jira.* to 'jira'@'localhost' identified by 'xxxxxxx';
    grant all privileges on jira.* to 'jira'@'%' identified by 'xxxxxxx';

    grant all privileges on crowd.* to 'crowd'@'localhost' identified by 'xxxxxxx';
    grant all privileges on crowd.* to 'crowd'@'%' identified by 'xxxxxxx';

    flush privileges;

    1.4、安装jira
    Atlassian官网下载jira
    https://www.atlassian.com/software/jira/download
    chmod a+x atlassian-jira-software-X.X.X-x64.bin
    ./atlassian-jira-software-X.X.X-x64.bin
    安装完成之后,将前面提到的mysql驱动程序,放到jira的安装目录。

    cp mysql-connector-java-5.1.47-bin.jar /opt/atlassian/jira/atlassian-jira/WEB-INF/lib/

    访问http://localhost:8080
    Choose I'll set it up myself
    Choose My own database
    ...

    1.5、安装confluence
    Atlassian官网下载confluence
    https://www.atlassian.com/software/confluence/download
    chmod a+x atlassian-confluence-X.X.X-x64.bin
    ./atlassian-confluence-X.X.X-x64.bin
    安装完成之后,将前面提到的mysql驱动程序,放到jira的安装目录。
    cp mysql-connector-java-5.1.47-bin.jar /opt/atlassian/confluence/confluence/WEB-INF/lib

    访问http://localhost:8090
    Choose Production installation
    Choose any apps you'd also like to install
    ...

    1.6、安装Crowd
    Atlassian官方下载crowd
    https://www.atlassian.com/software/crowd/download-archive
    解压后
    mv atlassian-crowd-3.3.6.zip crowd
    mv crowd /opt/atlassian/
    cp mysql-connector-java-5.1.47-bin.jar /opt/atlassian/crowd/crowd-webapp/WEB-INF/lib
    编辑crowd的数据文件目录
    vi /opt/atlassian/crowd/crowd-webapp/WEB-INF/classes/crowd-init.properties
    在末尾添加一行
    crowd.home=/var/atlassian/application-data/crowd
    启动Crowd
    /opt/atlassian/crowd/start_crowd.sh
    访问http://localhost:8095

    1.7、安装nginx
    wget http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
    rpm -ivh nginx-release-centos-7-0.el7.ngx.noarch.rpm
    yum install nginx
    systemctl start nginx
    touch /etc/nginx/conf.d/jira.redirect.conf
    #######
    server {
    listen 80;
    server_name jira.xxxx.com confluence.oasgames.com;
    if ($host = 'jira.oasgames.com'){
    rewrite ^/(.*)$ http://jira.xxxx.com:8080/$1 permanent;
    }

    if ($host = 'confluence.oasgames.com'){
    rewrite ^/(.*)$ http://jira.oasgames.com:8090/$1 permanent;
    }

    access_log /var/log/nginx/jira.log main;
    }
    server {
    listen 80;
    server_name jira.xxxx.cn confluence.xxxx.cn;
    if ($host = 'jira.xxxx.cn'){
    rewrite ^/(.*)$ http://jira.xxxx.cn:8080/$1 permanent;
    }

    if ($host = 'confluence.xxxx.cn'){
    rewrite ^/(.*)$ http://jira.xxxx.cn:8090/$1 permanent;
    }

    access_log /var/log/nginx/jira.log main;
    }
    ########

    service nginx start #启动 nginx 服务
    service nginx stop #停止 nginx 服务
    service nginx restart #重启 nginx 服务

    1.7、集成SSO
    首选在Crowd创建3个应用,创建组,创建用户。
    Username:jira-app
    Password:xxxxxxxxxx

    Username:confluence-app
    Password:xxxxxxxxxx

    Username:crowdid-app
    Password:xxxxxxxxxx

    接下来修改配置文件seraph-config.xml,在jira和confluence路径
    vim /opt/atlassian/jira/atlassian-jira/WEB-INF/classes/seraph-config.xml
    # 找到这一行并注释掉
    <!--<authenticator class="com.atlassian.jira.security.login.JiraSeraphAuthenticator"/>-->
    # 找到这一行,并解开注释
    <authenticator class="com.atlassian.jira.security.login.SSOSeraphAuthenticator"/>

    vim /opt/atlassian/confluence/confluence/WEB-INF/classes/seraph-config.xml
    # 找到这一行并注释掉
    <!--<authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>-->
    # 找到这一行,并解开注释
    <authenticator class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/>

    vim /opt/atlassian/jira/atlassian-jira/WEB-INF/classes/crowd.properties
    application.name jira-app
    application.password xxxxxx
    application.login.url http://localhost:8080/

    crowd.server.url http://localhost:8095/crowd/services/
    crowd.base.url http://localhost:8095/crowd/

    session.isauthenticated session.isauthenticated
    session.tokenkey session.tokenkey
    session.validationinterval 2
    session.lastvalidation session.lastvalidation
    cookie.tokenkey crowd.token_key

    vim /opt/atlassian/confluence/confluence/WEB-INF/classes/crowd.properties
    修改成下面这样
    application.name confluence-app
    application.password xxxxxx
    application.login.url http://localhost:8090/

    crowd.server.url http://localhost:8095/crowd/services/
    crowd.base.url http://localhost:8095/crowd/

    session.isauthenticated session.isauthenticated
    session.tokenkey session.tokenkey
    session.validationinterval 2
    session.lastvalidation session.lastvalidation
    cookie.tokenkey crowd.token_key

    重启jira和confluence

    二、参数优化
    [jira JAVA虚拟机内存修改]
    JVM_MINIMUM_MEMORY="1024m"
    JVM_MAXIMUM_MEMORY="4096m"

    [confluence JAVA虚拟机内存修改]
    CATALINA_OPTS="-Xms1024m -Xmx4096m -XX:+UseG1GC ${CATALINA_OPTS}"

    三、运维监控
    接入zabbix监控硬件,7x24.
    接入clamav杀毒系统,每周二、四、六更新病毒库,查杀。
    将xxx办公网络出口、跳板机、zabbix,加入防火墙IP白名单,其余drop。

    四、备份恢复
    [自动备份每天凌晨2点]
    Confluece数据备份目录:/var/atlassian/application-data/confluence/backups
    Confluece附件所在目录:/var/atlassian/application-data/confluence/attachments
    JIRA备份数据目录: /var/atlassian/application-data/jira/export
    JIRA附件数据目录: /var/atlassian/application-data/jira/data/attachments

    [写脚本每全备每天凌晨3点]
    数据库异地备份到S3

    五、故障处理

    六、常用命令
    top 看进程占用的资源
    netstat -antup 查看进程端口存活
    /opt/atlassian/confluence/logs/catalina.out 看jira日志
    /application-data/jira/log/atlassian-jira.log 看jira日志
    /opt/atlassian/confluence/logs/catalina.out 看confluence日志
    /application-data/confluence/log/atlassian-confluence.log 看confluence日志

    JIRA Service:
    /opt/atlassian/jira/bin/start-jira.sh
    /opt/atlassian/jira/bin/stop-jira.sh

    Confluence Service:
    /opt/atlassian/confluence/bin/start-confluence.sh
    /opt/atlassian/confluence/bin/stop-confluence.sh

    Crowd:
    /opt/atlassian/crowd/start_crowd.sh
    /opt/atlassian/crowd/stop_crowd.sh

    七、相关资料
    [mysql setup]

    https://confluence.atlassian.com/adminjiraserver/connecting-jira-applications-to-mysql-5-6-938846854.html

    [jira setup]
    https://confluence.atlassian.com/adminjiraserver/installing-jira-applications-on-linux-938846841.html

    [confluence setup]
    https://confluence.atlassian.com/doc/installing-confluence-on-linux-143556824.html

    [crowd setup]
    https://confluence.atlassian.com/crowd/installing-crowd-24248834.html

    [nginx setup]
    https://blog.csdn.net/j080624/article/details/78087813

    [SSO setup]
    https://community.atlassian.com/t5/Jira-questions/SSO-Crowd-Jira-Confluence/qaq-p/446129
    https://confluence.atlassian.com/crowd/overview-of-sso-179445277.html
    https://confluence.atlassian.com/crowd/integrating-crowd-with-atlassian-jira-192625.html
    https://confluence.atlassian.com/crowd/integrating-crowd-with-atlassian-bamboo-198785.html
    https://www.cnblogs.com/xxsl/p/6876941.html

    [migration]
    https://blog.csdn.net/BDCHome/article/details/89601844

    八、原理总结
    主讲认证部分
    部署的架构,jira和confluence的用户认证,使用crowd,实现了SSO。
    结合图,方便理解。


    ####结束阅读####谢谢########

  • 相关阅读:
    $_SERVER
    下面介绍mysql中模糊查询的四种用法:
    qq第三方登录
    远程连接数据库出错
    lnmp中的tp的pathinfo模式
    TP5配置所谓的url_moudel
    tp3.2.3中的xss攻击基本防护
    tp中的Csv文件读取(原创)
    mysql语句整理
    SVN的详细使用
  • 原文地址:https://www.cnblogs.com/ccielife/p/11101571.html
Copyright © 2020-2023  润新知