|
@@ -71,7 +71,7 @@ openssl s_client -starttls postgres -connect my.postgres.host:5432 # etc...
|
|
|
|
|
|
# Proxy setup
|
|
|
|
|
|
-In `JIRA_HOME/bin/setenv.sh`
|
|
|
+In ~`JIRA_HOME/bin/setenv.sh`~ `<jira binaries directory>/bin/setenv.sh`
|
|
|
|
|
|
```
|
|
|
JVM_SUPPORT_RECOMMENDED_ARGS=" -Dhttp.proxyHost=proxy.msoc.defpoint.local -Dhttp.proxyPort=80 -Dhttps.proxyHost=proxy.msoc.defpoint.local -Dhttps.proxyPort=80 -Dhttp.nonProxyHosts='*.defpoint.local|localhost|127.0.0.1|169.254.169.254|*.amazonaws.com'"
|
|
@@ -245,3 +245,170 @@ NOTES:
|
|
|
new jira db:
|
|
|
jira2.csqclvntmsrg.us-gov-east-1.rds.amazonaws.com
|
|
|
|
|
|
+# Upgrade Notes - 5/2021
|
|
|
+
|
|
|
+Manual upgrade, recommended for Linux: https://confluence.atlassian.com/adminjiraserver0813/upgrading-jira-manual-1027137578.html
|
|
|
+
|
|
|
+Tickets: https://jira.xdr.accenturefederalcyber.com/browse/MSOCI-1606
|
|
|
+ https://jira.atlassian.com/browse/JRASERVER-71652
|
|
|
+
|
|
|
+Current Version: v8.12.1#812002-sha1:7c28d59
|
|
|
+Target Version: v8.13.6 (LTS) https://www.atlassian.com/software/jira/download
|
|
|
+
|
|
|
+Download 'tar.gz' from https://www.atlassian.com/software/jira/download
|
|
|
+Copy to server.
|
|
|
+
|
|
|
+## Prep: Plenty of backups
|
|
|
+```
|
|
|
+sudo cat /opt/jira-data/jira/dbconfig.xml
|
|
|
+pg_dump postgresql://jira@jira2.csqclvntmsrg.us-gov-east-1.rds.amazonaws.com:5432/jira?sslmode=verify-full | gzip > backup.202105.psql.gz
|
|
|
+cd /opt
|
|
|
+sudo rsync -rav atlassian atlassian.bak.202105
|
|
|
+sudo rsync -rav jira-data jira-data.202106
|
|
|
+```
|
|
|
+
|
|
|
+Then in the GUI:
|
|
|
+1) Take a snapshot of the instance (be sure to check the box to not restart it)
|
|
|
+2) Take a snapshot of the database
|
|
|
+
|
|
|
+## Prep: Extract and Configure
|
|
|
+
|
|
|
+```
|
|
|
+cd /opt/atlassian
|
|
|
+sudo tar xvzf ~/atlassian-jira-software-8.13.6.tar.gz
|
|
|
+sudo mv atlassian-jira-software-8.13.6-standalone jira-8.13.6
|
|
|
+cd jira-8.13.6/
|
|
|
+sudo chown -R jira:jira .
|
|
|
+sudo cp ../jira/atlassian-jira/WEB-INF/lib/okta-jira-3.1.3.jar ./atlassian-jira/WEB-INF/lib/okta-jira-3.1.3.jar
|
|
|
+sudo cp ../jira/atlassian-jira/okta_login.jsp ./atlassian-jira/okta_login.jsp
|
|
|
+sudo cp ../jira/conf/okta-config-jira.xml ./conf/okta-config-jira.xml
|
|
|
+
|
|
|
+sudo vim atlassian-jira/WEB-INF/classes/jira-application.properties
|
|
|
+# set jira.home to /opt/jira-data/jira
|
|
|
+sudo vim bin/setenv.sh
|
|
|
+# set JIRA_HOME (maybe? It wasn't set in the old one, but i'm setting it)
|
|
|
+# Copy JVM_SUPPORT_RECOMMENDED_ARGS from old copy
|
|
|
+# Note: previous setting JVM_MAXIMUM_MEMORY="768m" is now JVM_MAXIMUM_MEMORY="2048m"
|
|
|
+```
|
|
|
+
|
|
|
+In `atlassian-jira/WEB-INF/web.xml`, just before `THIS MUST BE THE LAST FILTER IN THE DEFINED CHAIN`, add the following:
|
|
|
+```
|
|
|
+ <filter>
|
|
|
+ <filter-name>OktaLoginFilter</filter-name>
|
|
|
+ <filter-class>com.atlassian.jira.authenticator.okta.OktaLoginFilter</filter-class>
|
|
|
+ </filter>
|
|
|
+
|
|
|
+ <filter-mapping>
|
|
|
+ <filter-name>OktaLoginFilter</filter-name>
|
|
|
+ <url-pattern>/*</url-pattern>
|
|
|
+ <dispatcher>REQUEST</dispatcher>
|
|
|
+ <dispatcher>FORWARD</dispatcher>
|
|
|
+ </filter-mapping>
|
|
|
+```
|
|
|
+
|
|
|
+In `conf/server.xml` in the first 'connector' clause, update the last two lines (only chagne on the first line is the `/>`)::
|
|
|
+```
|
|
|
+acceptCount="100" disableUploadTimeout="true" bindOnInit="false"
|
|
|
+proxyName="jira.xdr.accenturefederalcyber.com" proxyPort="443" scheme="https" secure="true"/>
|
|
|
+```
|
|
|
+
|
|
|
+In `atlassian-jira/WEB-INF/classes/seraph-config.xml`:
|
|
|
+
|
|
|
+1. For `<param-name>logout.url</param-name>`, set:
|
|
|
+```
|
|
|
+<param-value>https://mdr-multipass.okta.com</param-value>
|
|
|
+```
|
|
|
+
|
|
|
+2. Comment out the following:
|
|
|
+```
|
|
|
+ <!-- <authenticator class="com.atlassian.jira.security.login.JiraSeraphAuthenticator"/> -->
|
|
|
+```
|
|
|
+
|
|
|
+3. After the last `<!-- CROWD:END -->`, add the following section (note the fixed path):
|
|
|
+```
|
|
|
+ <!-- MDR OKTA:START -->
|
|
|
+
|
|
|
+ <authenticator class="com.atlassian.jira.authenticator.okta.OktaJiraAuthenticator30">
|
|
|
+ <init-param>
|
|
|
+ <param-name>okta.config.file</param-name>
|
|
|
+ <param-value>/opt/atlassian/jira-8.13.6/conf/okta-config-jira.xml</param-value>
|
|
|
+ </init-param>
|
|
|
+ </authenticator>
|
|
|
+
|
|
|
+ <!-- MDR OKTA:END -->
|
|
|
+```
|
|
|
+
|
|
|
+Update okta to latest (optional):
|
|
|
+1. Log into okta admin
|
|
|
+2. go to settings->downloads
|
|
|
+3. Download the latest okta plugin
|
|
|
+4. Copy to the server
|
|
|
+
|
|
|
+```
|
|
|
+ssh gc-prod-okta-server
|
|
|
+cd /opt/atlassian/jira-8.13.6
|
|
|
+sudo rm atlassian-jira/WEB-INF/lib/okta-jira-3.1.3.jar
|
|
|
+sudo mv ~frederick_t_damstra/okta-jira-3.1.5.jar atlassian-jira/WEB-INF/lib/
|
|
|
+sudo chown jira:jira atlassian-jira/WEB-INF/lib/okta-jira-3.1.5.jar
|
|
|
+sudo chmod 644 atlassian-jira/WEB-INF/lib/okta-jira-3.1.5.jar
|
|
|
+```
|
|
|
+
|
|
|
+## Cutover:
|
|
|
+
|
|
|
+```
|
|
|
+sudo /etc/init.d/jira stop
|
|
|
+# In GUI, take db snapshot
|
|
|
+cd /opt
|
|
|
+sudo rsync -rav atlassian atlassian.bak.202105
|
|
|
+sudo rsync -rav jira-data jira-data.202106
|
|
|
+sudo mv /opt/atlassian/jira /opt/atlassian/jira-8.12.1
|
|
|
+vim /etc/rc.d/init.d/jira
|
|
|
+# Update path to /opt/atlassian/jira/bin
|
|
|
+sudo /etc/init.d/jira start
|
|
|
+```
|
|
|
+
|
|
|
+Note, the 'check upgrade' step, suggested that these might have been modified, too:
|
|
|
+```
|
|
|
+jira-application.properties
|
|
|
+WEB-INF/web.xml
|
|
|
+seraph-config.xml
|
|
|
+```
|
|
|
+
|
|
|
+Also, if okta doesn't work, you can try placing okta back:
|
|
|
+```
|
|
|
+sudo cp /opt/atlassian/jira/atlassian-jira/WEB-INF/lib/okta-jira-3.1.3.jar /opt/atlassian/jira-8.13.6/atlassian-jira/WEB-INF/lib/okta-jira-3.1.3.jar
|
|
|
+```
|
|
|
+
|
|
|
+## Problems during 4/27/2021 upgrade:
|
|
|
+
|
|
|
+### Jira wouldn't start because JAVA_HOME was not yet.
|
|
|
+1. edit bin/setenv.sh, search for JAVA_HOME and replace with:
|
|
|
+```
|
|
|
+JAVA_HOME="/opt/atlassian/jre/"; export JAVA_HOME
|
|
|
+```
|
|
|
+2. Copy the old JRE (and I bet this needs to be updated)
|
|
|
+
|
|
|
+### Jira started, but database won't connect. This was because of SSL.
|
|
|
+1. temporarily removed the verify-ssl command from /opt/jira-data/jira/dbconfig.xml
|
|
|
+2. It started.
|
|
|
+3. Stopped it after it initialized
|
|
|
+
|
|
|
+1. copied /home/jira/.posgres to /opt/jira-data/jira/.postgres (this contains the root cert)
|
|
|
+no change
|
|
|
+Tried /opt/jira-data/.postgres, too.
|
|
|
+
|
|
|
+Left it with `sslmode=require`.
|
|
|
+
|
|
|
+### Noisy catalina error: `The encoding [binary] is not recognised by the JRE`, with full stack trace:
|
|
|
+
|
|
|
+see https://jira.atlassian.com/browse/JRASERVER-71265
|
|
|
+added 3 lines to /opt/atlassian/jira-8.13.6/conf/logging.properties:
|
|
|
+```
|
|
|
+# per https://jira.atlassian.com/browse/JRASERVER-71265
|
|
|
+# Surpress 'The encoding [binary] is not recognised by the JRE'
|
|
|
+org.apache.catalina.connector.Response.level = ERROR
|
|
|
+```
|
|
|
+
|
|
|
+## If all is well
|
|
|
+
|
|
|
+do a little dance
|