docker部署jira(8.0.0)和confluence(6.14.1)

資料庫 JIRA Docker · 發表 2019-02-20 22:39:54

摘要：記錄下這幾天搭建的過程 jira和confluence是分別兩臺，資料庫也是分開的,資料庫是用mysql的rpm的repo新增後安裝的,jira和confluence是docker跑的,把破解的jar加到映象裡然後改了下別人的Dockerfile 本次安裝的版本： jira...

記錄下這幾天搭建的過程

jira和confluence是分別兩臺，資料庫也是分開的,資料庫是用mysql的rpm的repo新增後安裝的,jira和confluence是docker跑的,把破解的jar加到映象裡然後改了下別人的Dockerfile

本次安裝的版本：

jira-software 8.0.0
confluence 6.14.1
Docker CE 18.06.02
OS CentOS 7.5.1804

系統基本設定

所有防火牆與SELinux 已關閉：

systemctl disable --now firewalld NetworkManager
setenforce 0
sed -ri '/^[^#]*SELINUX=/s#=.+$#=disabled#' /etc/selinux/config

安裝wget,epel源和基礎的一些軟體：

yum install -y wget net-tools git psmisc epel-release vim
yum install -y jq bash-completion

建議升級下核心

yum update -y
reboot

mysql資料庫安裝

新增repo源

本次資料庫採用mysql 5.7.2x

wget https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm
rpm -Uvh mysql57-community-release-el7-11.noarch.rpm

檢視源裡的版本

[root@jt-jira ~]# yum list mysql-community-server --showduplicates | sort -r
 * updates: mirrors.aliyun.com
mysql-community-server.x86_645.7.9-1.el7mysql57-community
mysql-community-server.x86_645.7.25-1.el7mysql57-community
mysql-community-server.x86_645.7.24-1.el7mysql57-community
mysql-community-server.x86_645.7.23-1.el7mysql57-community
mysql-community-server.x86_645.7.22-1.el7mysql57-community
mysql-community-server.x86_645.7.21-1.el7mysql57-community
mysql-community-server.x86_645.7.20-1.el7mysql57-community
mysql-community-server.x86_645.7.19-1.el7mysql57-community
mysql-community-server.x86_645.7.18-1.el7mysql57-community
mysql-community-server.x86_645.7.17-1.el7mysql57-community
mysql-community-server.x86_645.7.16-1.el7mysql57-community
mysql-community-server.x86_645.7.15-1.el7mysql57-community
mysql-community-server.x86_645.7.14-1.el7mysql57-community
mysql-community-server.x86_645.7.13-1.el7mysql57-community
mysql-community-server.x86_645.7.12-1.el7mysql57-community
mysql-community-server.x86_645.7.11-1.el7mysql57-community
mysql-community-server.x86_645.7.10-1.el7mysql57-community

安裝

yum list mysql-community-server

安裝完暫時不要啟動

配置mysql的客戶端連線選項和其餘的客戶端選項

cat>/etc/my.cnf.d/client.cnf<<EOF
[client]
default-character-set=utf8
EOF

cat>/etc/my.cnf.d/mysql-clients.cnf<<EOF
[mysql]
default-character-set=utf8
EOF

jira資料庫配置

mysql的my.cnf配置

官方的建議mysql的配置檔案

https://confluence.atlassian.com/adminjiraserver/connecting-jira-applications-to-mysql-5-7-966063305.html

偷懶可以直接執行下面的,自帶配置檔案下是被新增到 [mysqld] 區域下

cat>>/etc/my.cnf<<EOF
default-storage-engine=INNODB# 將預設儲存引擎設定為InnoDB
character_set_server=utf8mb4# 指定資料庫伺服器使用的字符集
innodb_default_row_format=DYNAMIC # 將預設行格式設定為DYNAMIC
innodb_large_prefix=ON# 啟用大字首
innodb_file_format=Barracuda# 將InnoDB檔案格式設定為Barracuda
innodb_log_file_size=2G# innodb_log_file_size至少為2G
EOF

確保sql_mode引數未指定NO_AUTO_VALUE_ON_ZERO,有的話刪掉下面這行
```
sql_mode = NO_AUTO_VALUE_ON_ZERO#有的話刪掉這行
```

mysql初始化和設定

啟動mysql完成初始化

systemctl enable --now mysqld

初始化後可以通過看log來查詢預設的root密碼

[root@jt-jira ~]# grep 'temporary password' /var/log/mysqld.log 
2019-02-18T09:07:42.064502Z 1 [Note] A temporary password is generated for root@localhost: E#xxxxxxx9Od

執行 mysql_secure_installation 完成基本設定和配置

[root@jt-jira ~]# mysql_secure_installation

Securing the MySQL server deployment.

Enter password for user root: <–初次執行輸入log裡的root密碼

The existing password for the user account root has expired. Please set a new password.

New password: <– 設定root使用者的密碼,複雜度不夠可能會被再次要求輸入

Re-enter new password: <– 再輸入一次你設定的密碼
The 'validate_password' plugin is installed on the server.
The subsequent steps will run with the existing configuration
of the plugin.
Using existing password for root.

Estimated strength of the password: 100
Change the password for root ? ((Press y|Y for Yes, any other key for No) : No <– 輸入No,前面設定過root密碼了

... skipping.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y <– 是否刪除匿名使用者，輸入y回車
Success.

Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y <–是否禁止root遠端登入,看需求,如果開發用得多就不禁止,這裡動得少我是直接禁止掉的
Success.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.

Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y<– 是否刪除test資料庫，輸入y回車
- Dropping test database...
Success.

- Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y 是否重新載入許可權表，輸入y回車
Success.

All done!

刪除log裡的密碼

sed -ri '/temporary password/d' /var/log/mysqld.log

建立jira的庫和使用者名稱和密碼以及許可權

mysql -uroot -p

mysql> create database jira default character set utf8 collate utf8_bin;
mysql> grant all on jira.* to 'jira'@'%' identified by 'v8xxxxxxx1';

安裝docker

所有機器 需要設定 /etc/sysctl.d/docker.conf 的系統引數。

cat <<EOF > /etc/sysctl.d/docker.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
fs.may_detach_mounts = 1
EOF
sysctl --system

這裡利用docker的官方安裝指令碼來安裝一次來新增repo,然後安裝docker版本,選擇你要安裝的docker版本即可

curl -fsSL "https://get.docker.com/" | bash -s -- --mirror Aliyun && yum autoremove docker-ce -y
yum list docker-ce --showduplicates | sort -r
yum install -y docker-ce-<VERSION STRING>

配置加速源：

mkdir -p /etc/docker/
cat>/etc/docker/daemon.json<<EOF
{
"registry-mirrors": ["https://fz5yth0r.mirror.aliyuncs.com"],
"storage-driver": "overlay2",
"storage-opts": [
"overlay2.override_kernel_check=true"
],
"log-driver": "json-file",
"log-opts": {
"max-size": "100m",
"max-file": "3"
}
}
EOF

執行的話推薦使用docker-compose方便交接而不是命令列去docker run

sudo curl -L "https://github.com/docker/compose/releases/download/1.23.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

設定docker開機啟動,CentOS安裝完成後docker需要手動設定docker命令補全：

cp /usr/share/bash-completion/completions/docker /etc/bash_completion.d/
systemctl enable --now docker

jira部署

先說說jira的docker映象這塊

jira映象改造過程說明

https://hub.docker.com/r/cptactionhank/atlassian-jira-software

映象的Dockerfile參照上面dockerhub上的

構建的話預設是software版本,把破解的jar包COPY進去,改了下mysql的jdbc驅動使用最新的,entrypoint指令碼增加環境變數方便啟動過程執行的bash來debug。jira本質上有個tomcat,時區會不對顯示的+0000,需要給java執行選項加上 -Duser.timezone=GMT+08 ,分析了下啟動過程發現如下步驟:

+ '[' -r /opt/atlassian/jira/bin/setenv.sh ']'
+ . /opt/atlassian/jira/bin/setenv.sh


$ cat /opt/atlassian/jira/bin/setenv.sh
...
JAVA_OPTS="-Xms${JVM_MINIMUM_MEMORY} -Xmx${JVM_MAXIMUM_MEMORY} ${JVM_CODE_CACHE_ARGS} ${JAVA_OPTS} ${JVM_REQUIRED_ARGS} ${DISABLE_NOTIFICATIONS} ${JVM_SUPPORT_RECOMMENDED_ARGS} ${JVM_EXTRA_ARGS} ${JIRA_HOME_MINUSD} ${START_JIRA_JAVA_OPTS}"
...
export JAVA_OPTS

所以我在Dockerfile裡通過ENV設定了JAVA_OPTS=’-Duser.timezone=GMT+08’給最終執行的java主程序增加了選項和引數調整到正確的時區。而通過執行容器看到LANG已經被設定為C.UTF-8即可完美的支援中文不需要我們宣告環境變數

[root@jt-jira jira]# docker exec jira sh -c 'echo $LANG'
C.UTF-8

compose的yml為如下,因為主程序是java,所以用了init來執行tini,使用docker volume去儲存資料和log

version: '3.7'
services:
jira:
image: zhangguanzhang/atlassian-jira-software:8.0.0
container_name: jira
hostname: jira
init: true
volumes:
- JIRA_HOME_data:/var/atlassian/jira
- JIRA_log_data:/opt/atlassian/jira/logs
- /etc/localtime:/etc/localtime:ro
ports:
- '8080:8080'
logging:
driver: json-file
options:
max-file: '3'
max-size: 100m
volumes:
JIRA_HOME_data: {}
JIRA_log_data: {}

啟動會要一段時間,啟動後設置都一樣,到了輸入許可證的介面的時候

點選下面的藍色超連結會跳轉到使用許可證申請介面,如果內網的話右擊藍色複製連結地址在公網開啟(需要梯子才能訪問許可證申請頁面)

複製了回來貼上下一步即可,設定完成後可以看到是無限的

confluence

資料庫方面大致一樣,不同在於my.cnf配置

https://confluence.atlassian.com/doc/database-setup-for-mysql-128747.html

cat>>/etc/my.cnf<<EOF
character-set-server=utf8
collation-server=utf8_bin# 將預設字符集指定為UTF-8
default-storage-engine=INNODB# 將預設儲存引擎設定為InnoDB
max_allowed_packet=256M# max_allowed_packet至少為256M
innodb_log_file_size=2GB# innodb_log_file_size 至少為2GB
transaction-isolation=READ-COMMITTED# 確保資料庫的全域性事務隔離級別已設定為READ-COMMITTED
binlog_format=row# 檢查二進位制日誌記錄格式是否配置為使用“基於行”的二進位制日誌記錄
EOF

確保sql_mode引數未指定NO_AUTO_VALUE_ON_ZERO,有的話刪掉下面這行
```
sql_mode = NO_AUTO_VALUE_ON_ZERO#有的話刪掉這行
```

啟動資料庫,然後和上面jira一樣初始化

建立一個空的Confluence資料庫模式（例如confluence）：

CREATE DATABASE <database-name> CHARACTER SET utf8 COLLATE utf8_bin;

建立Confluence資料庫使用者（例如confluenceuser）：

GRANT ALL PRIVILEGES ON <database-name>.* TO '<confluenceuser>'@'localhost' IDENTIFIED BY '<password>';

confluence映象方面

https://hub.docker.com/r/cptactionhank/atlassian-confluence/dockerfile

改的上面這個映象,相關問就在我github上 https://github.com/zhangguanzhang/Dockerfile/blob/master/atlassian-confluence

大致和jira一樣,破解在網上搜到了兩種方式

是市面上替換decoder那個jar的流程,路徑為 /opt/atlassian/confluence/confluence/WEB-INF/lib/atlassian-extras-decoder-api-3.4.1.jar 。市面上是把安裝完路徑的jar拿出來用註冊機打pathc後換回去
我在市面上下載的破解包裡有個類似jira的破解jar檔案 atlassian-extras-3.2.jar ,網上搜到了另一種破解思路是這個檔案扔進去前刪掉 atlassian-extras*.jar ,這裡找 https://mritd.me/ 漠然大佬幫我把decoder的jar反編譯改了內容後替換原decoder那個jar後用註冊機生成許可證即,官網申請的使用許可證不行,因為反編譯的時候改了簽名
confluence的compose.yml如下
```
version: '3.7'
services:
confluence:
image: zhangguanzhang/atlassian-confluence:6.14.1
container_name: confluence
hostname: confluence
init: true
volumes:
- CONF_HOME_data:/var/atlassian/confluence
- CONF_log_data:/opt/atlassian/confluence/logs
- /etc/localtime:/etc/localtime:ro
ports:
- '8090:8090'
logging:
driver: json-file
options:
max-file: '3'
max-size: 100m
volumes:
CONF_HOME_data: {}
CONF_log_data: {}
```

起來後頁面設定,然後用註冊機生成註冊碼填進去即可,在有圖形介面的機器有java環境下執行keygen那個jar,可以從我github上下載

在右上角的齒輪小圖示裡一般設定左側欄裡往下翻到授權細節檢視如下圖所示: