Atlassian提供了许多用于项目管理和软件开发的产品,本文介绍用于Git代码管理的Bitbucket和用于文档协作的Confluence这两个产品的安装配置。
Atlassian的Java服务都极其占内存,我选用了8GB的云服务器,安装这两个服务刚好内存够用。系统选择了Ubuntu 20.04 x64 Server版,其它Linux系统也大致相同。
安装完Ubuntu系统后,更新系统并安装必须的软件:
$ sudo apt update
$ sudo apt upgrade
$ sudo apt autoremove
$ sudo apt install mysql-server git
$ sudo apt update
$ sudo apt upgrade
$ sudo apt autoremove
$ sudo apt install mysql-server git
接下来分别安装Bitbucket和Confluence软件:
$ chmod +x atlassian-bitbucket-7.7.1-x64.bin atlassian-confluence-7.4.6-x64.bin
$ sudo ./atlassian-bitbucket-7.7.1-x64.bin
$ sudo ./atlassian-confluence-7.4.6-x64.bin
$ chmod +x atlassian-bitbucket-7.7.1-x64.bin atlassian-confluence-7.4.6-x64.bin
$ sudo ./atlassian-bitbucket-7.7.1-x64.bin
$ sudo ./atlassian-confluence-7.4.6-x64.bin
Bitbucket和Confluence安装时,大多数选项直接回车即可,同时可以修改默认储存数据的路径:
[/var/atlassian/application-data/bitbucket] -> /opt/atlassian/application-data/bitbucket
[/var/atlassian/application-data/confluence] -> /opt/atlassian/application-data/confluence
[/var/atlassian/application-data/bitbucket] -> /opt/atlassian/application-data/bitbucket
[/var/atlassian/application-data/confluence] -> /opt/atlassian/application-data/confluence
Bitbucket和Confluence默认没有包含连接MySQL的JDBC驱动,根据此文档页面的指引,我们到对应的MySQL官网下载mysql-connector-java-5.1.XX-bin.jar版本的文件即可。然后拷贝到安装目录中,并修改Confluence存储数据库配置的文件的权限:
$ sudo cp mysql-connector-java-5.1.46-bin.jar /opt/atlassian/bitbucket/7.7.1/app/WEB-INF/lib/
$ sudo cp mysql-connector-java-5.1.46-bin.jar /opt/atlassian/confluence/confluence/WEB-INF/lib/
$ sudo chmod 666 /opt/atlassian/application-data/confluence/confluence.cfg.xml
$ sudo cp mysql-connector-java-5.1.46-bin.jar /opt/atlassian/bitbucket/7.7.1/app/WEB-INF/lib/
$ sudo cp mysql-connector-java-5.1.46-bin.jar /opt/atlassian/confluence/confluence/WEB-INF/lib/
$ sudo chmod 666 /opt/atlassian/application-data/confluence/confluence.cfg.xml
为了增强安全性,建议在/opt/atlassian/bitbucket/7.7.1/bin/_start-webapp.sh文件中找到并取消以下行的注释:
# umask 0027
# umask 0027
然后重启Bitbucket和Confluence:
$ sudo service atlbitbucket restart
$ sudo /etc/init.d/confluence restart
$ sudo service atlbitbucket restart
$ sudo /etc/init.d/confluence restart
启动时,在Ubuntu 20.04上若出现如下错误,则可参考此页面进行修改:
pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory
pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory
Bitbucket和Confluence都需要用到数据库,所以我们先配置MySQL。首先向mysqld的配置文件/etc/mysql/my.cnf中增加以下内容:
[mysqld]
transaction-isolation=READ-COMMITTED
innodb_log_file_size=512M
[mysqld]
transaction-isolation=READ-COMMITTED
innodb_log_file_size=512M
然后重启mysqld:
sudo service mysql restart
sudo service mysql restart
较新的Ubuntu上,要登录MySQL需要首先获取管理员用户名和密码:
$ sudo cat /etc/mysql/debian.cnf
# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host = localhost
user = debian-sys-maint
password = WPAhowIN3uvVHtVI
socket = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
host = localhost
user = debian-sys-maint
password = WPAhowIN3uvVHtVI
socket = /var/run/mysqld/mysqld.sock
$ sudo cat /etc/mysql/debian.cnf
# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host = localhost
user = debian-sys-maint
password = WPAhowIN3uvVHtVI
socket = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
host = localhost
user = debian-sys-maint
password = WPAhowIN3uvVHtVI
socket = /var/run/mysqld/mysqld.sock
使用这组用户名和密码连接MySQL并新增Bitbucket和Confluence的数据库和用户:
$ mysql -u debian-sys-maint -p
mysql> CREATE DATABASE bitbucket CHARACTER SET utf8 COLLATE utf8_bin;
mysql> CREATE USER 'bitbucketuser'@'127.0.0.1' IDENTIFIED BY 'password';
mysql> SHOW GRANTS FOR 'bitbucketuser'@'127.0.0.1';
mysql> GRANT ALL PRIVILEGES ON bitbucket.* TO 'bitbucketuser'@'127.0.0.1';
mysql> CREATE DATABASE confluence CHARACTER SET utf8 COLLATE utf8_bin;
mysql> CREATE USER 'confluenceuser'@'127.0.0.1' IDENTIFIED BY 'password';
mysql> SHOW GRANTS FOR 'confluenceuser'@'127.0.0.1';
mysql> GRANT ALL PRIVILEGES ON confluence.* TO 'confluenceuser'@'127.0.0.1';
mysql> quit;
$ mysql -u debian-sys-maint -p
mysql> CREATE DATABASE bitbucket CHARACTER SET utf8 COLLATE utf8_bin;
mysql> CREATE USER 'bitbucketuser'@'127.0.0.1' IDENTIFIED BY 'password';
mysql> SHOW GRANTS FOR 'bitbucketuser'@'127.0.0.1';
mysql> GRANT ALL PRIVILEGES ON bitbucket.* TO 'bitbucketuser'@'127.0.0.1';
mysql> CREATE DATABASE confluence CHARACTER SET utf8 COLLATE utf8_bin;
mysql> CREATE USER 'confluenceuser'@'127.0.0.1' IDENTIFIED BY 'password';
mysql> SHOW GRANTS FOR 'confluenceuser'@'127.0.0.1';
mysql> GRANT ALL PRIVILEGES ON confluence.* TO 'confluenceuser'@'127.0.0.1';
mysql> quit;
此时可以通过浏览器打开http://ip:7990,开始配置Bitbucket。首先选择数据库为External,然后选择类型为MySQL,依次填写:
Hostname: 127.0.0.1
Database name: bitbucket
Database username: bitbucketuser
Database password: password
Hostname: 127.0.0.1
Database name: bitbucket
Database username: bitbucketuser
Database password: password
同样可通过8090端口访问Confluence并配置,MySQL信息为:
Hostname: 127.0.0.1
Database name: confluence
Database username: confluenceuser
Database password: password
Hostname: 127.0.0.1
Database name: confluence
Database username: confluenceuser
Database password: password
Atlassian自2021年初即将终止服务器版本和数据中心版本的销售,也就是说无法下载部署了。我们可以参考Atlassian Agent来继续使用。首先将atlassian-agent.jar文件放到一个固定的位置:
$ sudo cp atlassian-agent.jar /opt/atlassian/
$ sudo chmod 666 /opt/atlassian/atlassian-agent.jar
$ sudo cp atlassian-agent.jar /opt/atlassian/
$ sudo chmod 666 /opt/atlassian/atlassian-agent.jar
然后我们按照Atlassian Agent的要求来设定JAVA_OPTS。因为Bitbucket通过其自动创创建的atlbitbucket用户运行,而此用户的默认shell是sh而非bash,所以我们在/etc/profile中设定JAVA_OPTS:
export JAVA_OPTS="-javaagent:/opt/atlassian/atlassian-agent.jar ${JAVA_OPTS}"
export JAVA_OPTS="-javaagent:/opt/atlassian/atlassian-agent.jar ${JAVA_OPTS}"
对于Confluence,则需要在设定其启动环境变量的脚本/opt/atlassian/confluence/bin/setenv.sh中增加以下内容:
CATALINA_OPTS="-javaagent:/opt/atlassian/atlassian-agent.jar ${CATALINA_OPTS}"
CATALINA_OPTS="-javaagent:/opt/atlassian/atlassian-agent.jar ${CATALINA_OPTS}"
重启系统后,Bitbucket和Confluence启动时的JVM参数中就会带有-javaagent参数了。
使用Server ID生成Bitbucket和Confluence的License key:
$ /opt/atlassian/bitbucket/7.7.1/jre/bin/java -jar /opt/atlassian/atlassian-agent.jar -p bitbucket -m "name@example.com" -n name -o name -s AAAA-BBBB-CCCC-DDDD
$ /opt/atlassian/confluence/jre/bin/java -jar /opt/atlassian/atlassian-agent.jar -p conf -m "name@example.com" -n name -o name -s AAAA-BBBB-CCCC-DDDD
$ /opt/atlassian/bitbucket/7.7.1/jre/bin/java -jar /opt/atlassian/atlassian-agent.jar -p bitbucket -m "name@example.com" -n name -o name -s AAAA-BBBB-CCCC-DDDD
$ /opt/atlassian/confluence/jre/bin/java -jar /opt/atlassian/atlassian-agent.jar -p conf -m "name@example.com" -n name -o name -s AAAA-BBBB-CCCC-DDDD
为了更安全地访问,我们可以配置HTTPS的方式,首先我们将SSL证书文件放到一个固定的位置:
$ sudo mkdir -p /opt/atlassian/ssl
$ sudo cp example.com.jks /opt/atlassian/ssl/
$ sudo chmod 666 /opt/atlassian/ssl/example.com.jks
$ sudo mkdir -p /opt/atlassian/ssl
$ sudo cp example.com.jks /opt/atlassian/ssl/
$ sudo chmod 666 /opt/atlassian/ssl/example.com.jks
查看证书文件的别名,Entry type为PrivateKeyEntry的别名是我们要找的:
$ /opt/atlassian/bitbucket/7.7.1/jre/bin/keytool -list -v -keystore /opt/atlassian/ssl/example.com.jks
...
Alias name: alias-key
Creation date: Nov 24, 2020
Entry type: PrivateKeyEntry
...
$ /opt/atlassian/bitbucket/7.7.1/jre/bin/keytool -list -v -keystore /opt/atlassian/ssl/example.com.jks
...
Alias name: alias-key
Creation date: Nov 24, 2020
Entry type: PrivateKeyEntry
...
对于Bitbucket,可参考此页面,将证书别名、jks的密码等信息一并填入/opt/atlassian/application-data/bitbucket/shared/bitbucket.properties中:
server.port=7990
server.ssl.enabled=true
server.ssl.key-store=/opt/atlassian/ssl/example.com.jks
server.ssl.key-store-password=12345678
server.ssl.key-password=12345678
server.ssl.key-alias=alias-key
server.port=7990
server.ssl.enabled=true
server.ssl.key-store=/opt/atlassian/ssl/example.com.jks
server.ssl.key-store-password=12345678
server.ssl.key-password=12345678
server.ssl.key-alias=alias-key
对于Confluence,可参考此页面,在/opt/atlassian/confluence/conf/server.xml文件内打开并修改HTTPS相关的设置,并注释掉原HTTP的服务:
maxThreads="150" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11Nio2Protocol"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" SSLEnabled="true"
URIEncoding="UTF-8" keystorePass="9Ci6i7oi"
keystoreFile="/opt/atlassian/ssl/example.com.jks"
keyAlias="alias-key"/>
maxThreads="150" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11Nio2Protocol"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" SSLEnabled="true"
URIEncoding="UTF-8" keystorePass="9Ci6i7oi"
keystoreFile="/opt/atlassian/ssl/example.com.jks"
keyAlias="alias-key"/>
重启Bitbucket和Confluence服务后就必须通过HTTPS来访问了。