安装Postgres

  1. docker run -d --name postgres -p 5432:5432 -e POSTGRES_PASSWORD=123456 postgres

创建数据库:

  1. docker exec -it postgres psql -Upostgres -w -c "CREATE DATABASE jira WITH OWNER postgres;"

如果是重装,则需要重建数据库:

  1. REVOKE CONNECT ON DATABASE jira FROM public;
  3. SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE datname='jira' AND pid<>pg_backend_pid(); 
  5. drop database jira;

Docker安装

直接使用官方镜像安装:

  1. docker run -d --name jira \
  2.  -p 8080:8080 \
  3.  -v /data/docker/jira:/var/atlassian/application-data/jira \
  4.  -e TZ=Asia/Shanghai \
  5.  atlassian/jira-software:8.7.0

https://gitee.com/pengzhile/atlassian-agent 下载破解文件,然后将破解文件拷贝到容器:

  1. docker cp atlassian-agent.jar jira:/opt/atlassian/jira/
  3. docker exec -it jira bash
  4. echo 'export CATALINA_OPTS="-javaagent:/opt/atlassian/jira/atlassian-agent.jar ${CATALINA_OPTS}"' \
  5.     >> /opt/atlassian/jira/bin/setenv.sh
  7. docker restart jira

或者直接编译到镜像:

  1. # https://gitee.com/pengzhile/atlassian-agent
  2. FROM  atlassian/jira-software:8.7.0
  4. #ADD  http://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.30.tar.gz /opt/atlassian/jira/lib/
  5. #COPY  mysql-connector-java-5.1.30-bin.jar /opt/atlassian/jira/lib/
  7. # 将代理破解包加入容器
  8. COPY atlassian-agent.jar /opt/atlassian/jira/
  10. # 设置启动加载代理包
  11. RUN echo 'export CATALINA_OPTS="-javaagent:/opt/atlassian/jira/atlassian-agent.jar ${CATALINA_OPTS}"' >> /opt/atlassian/jira/bin/setenv.sh

构建镜像:

  1. docker build -t javachen/jira-software:8.7.0 .
  2. docker push javachen/jira-software:8.7.0

获取license:

  1. java -jar atlassian-agent.jar -p jira -m chenzj@javachen.com -n wesine \
  2.     -o http://www.javachen.com -s BABY-MGVE-GCQ1-OAZD

K8s安装

创建命名空间和证书:

  1. kubectl create namespace jira
  3. cat << EOF | kubectl create -f -   
  4. apiVersion: cert-manager.io/v1alpha2
  5. kind: Certificate
  6. metadata:
  7.   name: jira-test-wesine-com-cn-cert
  8.   namespace: jira
  9. spec:
  10.   secretName: jira-test-wesine-com-cn-cert
  11.   renewBefore: 720h
  12.   dnsNames:
  13.   - "*.javachen.xyz"
  14.   issuerRef:
  15.     name: cert-manager-webhook-dnspod-cluster-issuer
  16.     kind: ClusterIssuer
  17. EOF

cert-manager-webhook-dnspod-cluster-issuer是提前创建好的cluster-issuer。
下载chart文件:

  1. git clone https://github.com/junetalk/charts
  2. cd charts

创建 jira-values.yaml 文件:

  1. cat <<EOF > jira-values.yaml
  2. image:
  3.   repository: javachen/jira-software:8.7.0
  4. ingress:
  5.   enabled: true
  6.   annotations:
  7.     kubernetes.io/ingress.class: nginx
  8.     nginx.ingress.kubernetes.io/ssl-redirect: "true"
  9.     nginx.ingress.kubernetes.io/proxy-body-size: 100m
  10.   hosts:
  11.     - jira.javachen.xyz
  12.     - jira.test.javachen.xyz
  13.   tls:
  14.     - secretName: jira-test-wesine-com-cn-cert
  15.       hosts:
  16.         - jira.javachen.xyz
  17. env:
  18.   - name: TZ
  19.     value: Asia/Shanghai
  20.   - name: JVM_MINIMUM_MEMORY
  21.     value: "3072m"
  22.   - name: JVM_MAXIMUM_MEMORY
  23.     value: "4096m"
  24.   - name: ATL_PROXY_NAME
  25.     value: jira.javachen.com
  26.   - name: ATL_PROXY_PORT
  27.     value: "443"
  28.   - name: ATL_TOMCAT_SCHEME
  29.     value: "https"
  31. persistence:
  32.   enabled: true
  33.   storageClass: "ceph-rbd"
  34.   accessMode: ReadWriteOnce
  35.   size: 20Gi
  36. EOF

使用helm3安装:

  1. helm install jira -n jira -f jira-values.yaml ./jira

卸载:

  1. helm del jira -n jira

集成OpenLDAP

参考:

首先,设置memberof:

  1. dn: cn=module,cn=config
  2. cn: module
  3. objectClass: olcModuleList
  4. olcModuleLoad: memberof.la
  5. olcModulePath: /usr/lib64/openldap
  7. dn: olcOverlay=memberof,olcDatabase={1}hdb,cn=config
  8. objectClass: olcConfig
  9. objectClass: olcMemberOf
  10. objectClass: olcOverlayConfig
  11. objectClass: top
  12. olcOverlay: memberof
  13. olcMemberOfDangling: ignore
  14. olcMemberOfRefInt: TRUE
  15. olcMemberOfGroupOC: groupOfUniqueNames                      
  16. olcMemberOfMemberAD: uniqueMember                           
  17. olcMemberOfMemberOfAD: memberOf

接着使用 ldapadd 命令将其导入:

  1. ldapadd -Y EXTERNAL -H ldapi:/// -f memberof.ldif

创建组:

  1. cat > basedomain.ldif <<EOF
  2. dn: dc=javachen,dc=com
  3. objectClass: top
  4. objectClass: dcObject
  5. objectclass: organization
  6. o: Javachen
  7. dc: javachen
  9. dn: cn=admin,dc=javachen,dc=com
  10. objectClass: organizationalRole
  11. cn: admin
  12. description: Directory Manager
  14. dn: ou=People,dc=javachen,dc=com
  15. objectClass: organizationalUnit
  16. ou: People
  18. dn: ou=Group,dc=javachen,dc=com
  19. objectClass: organizationalUnit
  20. ou: Group
  21. EOF
  23. ldapadd -x -D cn=admin,dc=javachen,dc=com -W -f basedomain.ldif

创建添加用户脚本add_user.sh:

  1. #!/bin/bash
  3. # const
  4. LDAP_SERVER_IP="localhost"
  5. LDAP_SERVER_PORT="389"
  6. LDAP_ADMIN_USER="cn=admin,dc=javachen,dc=com"
  7. LDAP_ADMIN_PASS="admin"
  9. if [ x"$#" != x"3" ];then
  10.     echo "Usage: $0 <username> <realname>"
  11.     exit -1
  12. fi
  14. # param
  15. USER_ID="$1"
  16. SN="$2"
  17. NAME="$3"
  18. PASSWORD="123456"
  19. ENCRYPT_PASSWORD=$(slappasswd -h {ssha} -s "$PASSWORD")
  21. # add count & group 
  22. cat <<EOF | ldapmodify -c -h $LDAP_SERVER_IP -p $LDAP_SERVER_PORT \
  23.     -w $LDAP_ADMIN_PASS -D $LDAP_ADMIN_USER 
  24. dn: cn=$USER_ID,ou=People,javachen,dc=com
  25. changetype: add
  26. objectClass: top
  27. objectClass: person
  28. objectClass: organizationalPerson
  29. objectClass: inetOrgPerson
  30. cn: $USER_ID
  31. sn: $SN
  32. givenName: $NAME
  33. displayName: $SN$NAME
  34. mail: $USER_ID@javachen.com
  35. userPassword: $ENCRYPT_PASSWORD
  37. dn: cn=jira,ou=Group,dc=javachen,dc=com
  38. changetype: modify
  39. add: uniqueMember
  40. uniqueMember: cn=$USER_ID,ou=People,javachen,dc=com
  41. EOF

添加用户:

  1. add_user.sh zhangsan

在jiar中添加openldap目录:
img
设置用户模式:
img
设置组成员模式:
img
输入用户和秘密进行测试:
img