Atlassian提供了许多用于项目管理和软件开发的产品,本文介绍用于Git代码管理的Bitbucket和用于文档协作的Confluence这两个产品的安装配置。
Atlassian的Java服务都极其占内存,我选用了8GB的云服务器,安装这两个服务刚好内存够用。系统选择了Ubuntu 20.04 x64 Server版,其它Linux系统也大致相同。
安装完Ubuntu系统后,更新系统并安装必须的软件:
$ sudo apt update $ sudo apt upgrade $ sudo apt autoremove $ sudo apt install mysql-server git |
接下来分别安装Bitbucket和Confluence软件:
$ chmod +x atlassian-bitbucket-7.7.1-x64.bin atlassian-confluence-7.4.6-x64.bin $ sudo ./atlassian-bitbucket-7.7.1-x64.bin $ sudo ./atlassian-confluence-7.4.6-x64.bin |
Bitbucket和Confluence安装时,大多数选项直接回车即可,同时可以修改默认储存数据的路径:
[/var/atlassian/application-data/bitbucket] -> /opt/atlassian/application-data/bitbucket [/var/atlassian/application-data/confluence] -> /opt/atlassian/application-data/confluence |
Bitbucket和Confluence默认没有包含连接MySQL的JDBC驱动,根据此文档页面的指引,我们到对应的MySQL官网下载mysql-connector-java-5.1.XX-bin.jar版本的文件即可。然后拷贝到安装目录中,并修改Confluence存储数据库配置的文件的权限:
$ sudo cp mysql-connector-java-5.1.46-bin.jar /opt/atlassian/bitbucket/7.7.1/app/WEB-INF/lib/ $ sudo cp mysql-connector-java-5.1.46-bin.jar /opt/atlassian/confluence/confluence/WEB-INF/lib/ $ sudo chmod 666 /opt/atlassian/application-data/confluence/confluence.cfg.xml |
为了增强安全性,建议在/opt/atlassian/bitbucket/7.7.1/bin/_start-webapp.sh文件中找到并取消以下行的注释:
1 | # umask 0027 |
然后重启Bitbucket和Confluence:
$ sudo service atlbitbucket restart $ sudo /etc/init.d/confluence restart |
启动时,在Ubuntu 20.04上若出现如下错误,则可参考此页面进行修改:
pam_unix(sudo:auth): Couldn't open /etc/securetty: No such file or directory |
Bitbucket和Confluence都需要用到数据库,所以我们先配置MySQL。首先向mysqld的配置文件/etc/mysql/my.cnf中增加以下内容:
1 2 3 | [mysqld] transaction-isolation=READ-COMMITTED innodb_log_file_size=512M |
然后重启mysqld:
1 | sudo service mysql restart |
较新的Ubuntu上,要登录MySQL需要首先获取管理员用户名和密码:
1 2 3 4 5 6 7 8 9 10 11 12 | $ sudo cat /etc/mysql/debian.cnf # Automatically generated for Debian scripts. DO NOT TOUCH! [client] host = localhost user = debian-sys-maint password = WPAhowIN3uvVHtVI socket = /var/run/mysqld/mysqld.sock [mysql_upgrade] host = localhost user = debian-sys-maint password = WPAhowIN3uvVHtVI socket = /var/run/mysqld/mysqld.sock |
使用这组用户名和密码连接MySQL并新增Bitbucket和Confluence的数据库和用户:
$ mysql -u debian-sys-maint -p mysql> CREATE DATABASE bitbucket CHARACTER SET utf8 COLLATE utf8_bin; mysql> CREATE USER 'bitbucketuser'@'127.0.0.1' IDENTIFIED BY 'password'; mysql> SHOW GRANTS FOR 'bitbucketuser'@'127.0.0.1'; mysql> GRANT ALL PRIVILEGES ON bitbucket.* TO 'bitbucketuser'@'127.0.0.1'; mysql> CREATE DATABASE confluence CHARACTER SET utf8 COLLATE utf8_bin; mysql> CREATE USER 'confluenceuser'@'127.0.0.1' IDENTIFIED BY 'password'; mysql> SHOW GRANTS FOR 'confluenceuser'@'127.0.0.1'; mysql> GRANT ALL PRIVILEGES ON confluence.* TO 'confluenceuser'@'127.0.0.1'; mysql> quit; |
此时可以通过浏览器打开http://ip:7990,开始配置Bitbucket。首先选择数据库为External,然后选择类型为MySQL,依次填写:
1 2 3 4 | Hostname: 127.0.0.1 Database name: bitbucket Database username: bitbucketuser Database password: password |
同样可通过8090端口访问Confluence并配置,MySQL信息为:
1 2 3 4 | Hostname: 127.0.0.1 Database name: confluence Database username: confluenceuser Database password: password |
Atlassian自2021年初即将终止服务器版本和数据中心版本的销售,也就是说无法下载部署了。我们可以参考Atlassian Agent来继续使用。首先将atlassian-agent.jar文件放到一个固定的位置:
$ sudo cp atlassian-agent.jar /opt/atlassian/ $ sudo chmod 666 /opt/atlassian/atlassian-agent.jar |
然后我们按照Atlassian Agent的要求来设定JAVA_OPTS。因为Bitbucket通过其自动创创建的atlbitbucket用户运行,而此用户的默认shell是sh而非bash,所以我们在/etc/profile中设定JAVA_OPTS:
1 | export JAVA_OPTS="-javaagent:/opt/atlassian/atlassian-agent.jar ${JAVA_OPTS}" |
对于Confluence,则需要在设定其启动环境变量的脚本/opt/atlassian/confluence/bin/setenv.sh中增加以下内容:
1 | CATALINA_OPTS="-javaagent:/opt/atlassian/atlassian-agent.jar ${CATALINA_OPTS}" |
重启系统后,Bitbucket和Confluence启动时的JVM参数中就会带有-javaagent参数了。
使用Server ID生成Bitbucket和Confluence的License key:
$ /opt/atlassian/bitbucket/7.7.1/jre/bin/java -jar /opt/atlassian/atlassian-agent.jar -p bitbucket -m "name@example.com" -n name -o name -s AAAA-BBBB-CCCC-DDDD $ /opt/atlassian/confluence/jre/bin/java -jar /opt/atlassian/atlassian-agent.jar -p conf -m "name@example.com" -n name -o name -s AAAA-BBBB-CCCC-DDDD |
为了更安全地访问,我们可以配置HTTPS的方式,首先我们将SSL证书文件放到一个固定的位置:
$ sudo mkdir -p /opt/atlassian/ssl $ sudo cp example.com.jks /opt/atlassian/ssl/ $ sudo chmod 666 /opt/atlassian/ssl/example.com.jks |
查看证书文件的别名,Entry type为PrivateKeyEntry的别名是我们要找的:
1 2 3 4 5 6 | $ /opt/atlassian/bitbucket/7.7.1/jre/bin/keytool -list -v -keystore /opt/atlassian/ssl/example.com.jks ... Alias name: alias-key Creation date: Nov 24, 2020 Entry type: PrivateKeyEntry ... |
对于Bitbucket,可参考此页面,将证书别名、jks的密码等信息一并填入/opt/atlassian/application-data/bitbucket/shared/bitbucket.properties中:
1 2 3 4 5 6 | server.port=7990 server.ssl.enabled=true server.ssl.key-store=/opt/atlassian/ssl/example.com.jks server.ssl.key-store-password=12345678 server.ssl.key-password=12345678 server.ssl.key-alias=alias-key |
对于Confluence,可参考此页面,在/opt/atlassian/confluence/conf/server.xml文件内打开并修改HTTPS相关的设置,并注释掉原HTTP的服务:
1 2 3 4 5 6 7 8 9 | <Connector port="8090" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
protocol="org.apache.coyote.http11.Http11Nio2Protocol"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" SSLEnabled="true"
URIEncoding="UTF-8" keystorePass="9Ci6i7oi"
keystoreFile="/opt/atlassian/ssl/example.com.jks"
keyAlias="alias-key"/> |
重启Bitbucket和Confluence服务后就必须通过HTTPS来访问了。