Installation Guide System Operations - New Version

GSEP Installation Guide System Operations
Version 2.3
Page 1 of 259
Babu R (623)
Relevant Support Unit
Author Date Version Changes
Chapters accepted by
Rajasekar
10th Dec 2014 1.0 Draft All L2, L3 & Arch
Aathimoolam
Bishnu Nayak 4th Mar 2019 1.1 Updated Artifactory L2, L3 & Arch
Bishnu Nayak 23th Jul 2019 1.2 Updated Minor L2, L3 & Arch
Shubhanshu 23th May 2020 1.3 Updated SVN setup added L2, L3 & Arch
Babu R 17th Jun 2020 2.0 Updated Overall structures Platform Services
and Operations
Babu R 7th Oct 2020 2.1 Updated MTC SVN Platform Services
and Operations
Artifactory with S3
Babu R 11th Dec 2020 2.2 Introduced L2, L3 & Arch
storage
Babu R 19th Dec 2020 2.3 Introduced Artifactory HA Setup L2, L3 & Arch
Babu R 15th Mar 2021 2.4 Updated Crucible DB setup L2, L3 & Arch
Page 2 of 259
Babu R (623)
Table of Contents
1 System Operation.....................................................................................................................................8
1.1 SLA guideline and maintenance (maintenance work and maintenance period)..................................8
1.2 Basic information about GSEP environments and applications...........................................................8
1.2.1 Phase1 – PROD (Atlassian tools)....................................................................................8
1.2.2 Phase2 – PROD (Non Atlassian tools)............................................................................9
1.2.3 Dedicated - PROD.........................................................................................................10
1.2.4 Dedicated –INT..............................................................................................................10
1.2.5 Phase2 – INT (Non Atlassian tools)..............................................................................10
1.2.6 Phase1 – INT (Atlassian tools)......................................................................................11
1.3 Conventions.......................................................................................................................................11
1.3.1 Basic information references.........................................................................................11
1.3.2 Console commands........................................................................................................11
1.3.3 Editing files 12
1.3.4 Browser forms 12
1.4 SSH login into the application servers...............................................................................................13
1.4.1 Prerequisites 13
1.4.2 Login into an application server.....................................................................................14
1.4.3 Notes on saved sessions.................................................................................................17
1.5 Database Setup..................................................................................................................................17
1.6 Licenses.............................................................................................................................................17
1.7 Common system setup......................................................................................................................17
1.7.2 Create user 17
1.7.3 Create target directories.................................................................................................18
1.7.4 Copy and extract deployment package..........................................................................18
1.7.5 Install java 18
1.7.6 Reload profile 18
1.7.7 Optional: install nano.....................................................................................................18
1.7.8 Optional: Install midnight commander..........................................................................19
1.7.9 Install service script.......................................................................................................19
1.7.10 Extract application.........................................................................................................19
1.7.11 Create application home directory.................................................................................19
1.7.12 Create symbolic links and correct file privileges...........................................................20
Page 3 of 259
Babu R (623)
1.7.13 Summary 20
1.8 Crowd setup......................................................................................................................................20
1.8.2 Config file adjustments..................................................................................................20
1.8.3 Restart system 21
1.8.4 Web based setup wizard.................................................................................................21
1.8.5 Web based configuration...............................................................................................25
1.8.6 Start & Stop procedures.................................................................................................33
1.8.7 Log files 33
1.8.8 Reference links...............................................................................................................33
1.8.9 Troubleshooting.............................................................................................................33
1.9 Data Center Setup.............................................................................................................................37
1.9.2 Jira Data Center..............................................................................................................41
1.9.3 Confluence Data Center.................................................................................................46
1.9.4 Bit Bucket Data Center..................................................................................................51
1.9.5 Crowd Data Center.........................................................................................................61
1.9.6 Artifactory HA (High Availability)...............................................................................65
1.10 Standalone Installation......................................................................................................................68
1.10.1 Jira setup 68
1.10.2 Configuring single sign on (SSO)..................................................................................83
1.10.3 Start & Stop procedures.................................................................................................84
1.10.4 Backup 85
1.10.5 Log files 85
1.10.6 Reference links...............................................................................................................85
1.10.7 Confluence setup............................................................................................................86
1.10.8 Bitbucket setup.............................................................................................................102
1.10.9 Crucible setup 116
1.10.10 Bamboo setup 128
1.10.11 SonarQube Setup..........................................................................................................140
1.10.12 Jenkins setup 143
1.10.13 Gerrit setup 144
1.10.14 TestRail setup 160
1.10.15 SVN Setup 174
1.10.16 Artifactory Setup..........................................................................................................175
1.10.17 Artifactory upgrade to version 7.x.x............................................................................182
1.10.18 Jfrog Xray Setup..........................................................................................................191
1.10.19 Zephyr Setup 195
1.10.20 Protex (BlackDuck) setup............................................................................................200
1.10.21 GSEP Utilities setup.....................................................................................................206
1.10.22 GSEP Project Automation Service setup.....................................................................208
1.10.23 GSEP Helpdesk setup..................................................................................................210
Page 4 of 259
Babu R (623)
1.10.24 GSEP User Automation setup......................................................................................211
1.10.25 CJOC Setup 213
1.10.26 Bitbucket Mirror Instance setup...................................................................................216
1.11 JFROG Mission Control....................................................................................................................219
1.11.2 Installation and configuration......................................................................................219
1.11.3 Permission and startup scripts......................................................................................220
1.11.4 Uninstallation 220
1.11.5 Log File 220
1.11.6 Reference Links...........................................................................................................221
1.12 HAproxy setup.................................................................................................................................221
1.12.2 HA-proxy Architecture................................................................................................221
1.12.3 Download and move the installer rpm File..................................................................221
1.12.4 Haproxy Installation.....................................................................................................221
1.12.5 Configuration of maintenance page in haproxy...........................................................222
1.12.6 Logger configuration for haproxy................................................................................222
1.12.7 Start the Application....................................................................................................223
1.12.8 Redirect haproxy request to apache for GSEP landing page.......................................223
1.12.9 Finish 224
1.12.10 Backup 224
1.12.11 Log files 224
1.12.12 Reference links.............................................................................................................224
1.13 Ansible Controller setup..................................................................................................................224
1.13.2 Overview 224
1.13.3 Ansible Controller and system architecture.................................................................225
1.13.4 Installation of Ansible controller and other dependency packages..............................225
1.13.5 Copy the Ansible scripts to controller..........................................................................228
1.13.6 Deployment or upgrade using Ansible scripts.............................................................228
1.13.7 Finish 229
1.13.8 Backup 229
1.13.9 Log files 229
1.13.10 Reference links.............................................................................................................230
1.14 Connecting the Atlassian applications with application links..........................................................230
1.14.1 No application links with Crowd.................................................................................230
1.14.2 Jira with Confluence....................................................................................................230
1.14.3 Jira with Stash 232
1.14.4 Jira with Bamboo.........................................................................................................232
1.14.5 Confluence with Stash.................................................................................................232
1.14.6 Confluence with Bamboo.............................................................................................232
1.14.7 Stash with Bamboo......................................................................................................232
Page 5 of 259
Babu R (623)
1.14.8 Crucible with Jira.........................................................................................................232
1.14.9 Crucible with Confluence............................................................................................232
1.14.10 Crucible with Stash......................................................................................................232
1.14.11 Crucible with Bamboo.................................................................................................232
1.15 Configuring application navigator....................................................................................................233
1.16 Oracle 12C Database setup for Artifactory India Mirror..................................................................234
1.16.1 Hosts File 234
1.16.2 Oracle Installation Prerequisites..................................................................................234
1.16.3 Add the following lines in “/etc/security/limits.conf” file...........................................235
1.16.4 Install the following packages in not present...............................................................235
1.16.5 Create the new groups and users..................................................................................236
1.16.6 Additional Setup..........................................................................................................236
1.16.7 Create Installation directories and grant permissions..................................................236
1.16.8 Setup profile 236
1.16.9 Installation Steps..........................................................................................................236
1.16.10 OS User Creation for datatbase instance......................................................................243
1.16.11 Prepare init.ora and createDB_ATM_PROD.sql file...................................................244
1.16.12 Database Instance Creation..........................................................................................246
1.16.13 Table Space Creation...................................................................................................246
1.17 Data center Tool Upgrade...............................................................................................................247
1.18 Appendix..........................................................................................................................................248
1.18.1 SuSE SLES hints & commands...................................................................................248
1.19 Monitoring.......................................................................................................................................249
1.19.1 Automated Monitoring.................................................................................................249
1.19.2 Non Automated Monitoring.........................................................................................249
1.19.3 Sources of error and catalog of errors..........................................................................249
1.20 Performance test.............................................................................................................................250
1.20.1 Automated performance tests.......................................................................................250
1.20.2 Non automated performance tests................................................................................250
1.21 Handling of errors/solution approach.............................................................................................250
1.21.1 Common measures in case of application downtime or partial breakdown................250
1.21.2 Emergency plan............................................................................................................250
1.21.3 Solution Assistance......................................................................................................250
1.21.4 Maintenance contracts..................................................................................................250
1.21.5 Work instructions.........................................................................................................250
1.22 Job control and time controlled processing.....................................................................................251
1.23 Change management (normal case, emergency case-deployments, patches, hotfixes)..................251
1.23.1 Changes for normal case..............................................................................................251
1.23.2 Changes in case of emergency.....................................................................................251
1.24 Backup/recovery and archiving.......................................................................................................251
1.24.1 Backup 251
Page 6 of 259
Babu R (623)
1.24.2 Recovery of application data........................................................................................251
1.24.3 Emergency and disaster recovery................................................................................251
1.24.4 Archiving of long term data.........................................................................................251
1.25 Reporting (SLA, performance, availability)......................................................................................252
1.25.1 Performance 252
1.25.2 Reporting and trend analysis........................................................................................252
2 IT security.............................................................................................................................................253
2.1 Information classification................................................................................................................253
2.2 Concept of roles and authorization / access control.......................................................................254
2.3 Communication security..................................................................................................................256
3 Requirements for sundowning.............................................................................................................257
3.1 Legal obligations for data storage....................................................................................................257
3.2 ICS-aspects.......................................................................................................................................257
4 Incidents and emergencies...................................................................................................................258
4.1 Notification/escalation....................................................................................................................258
4.2 Emergency plan...............................................................................................................................258
4.3 Development of solutions................................................................................................................258
4.4 Network supervisor/network support.............................................................................................258
5 Appendix..............................................................................................................................................259
5.1 Work instructions............................................................................................................................259
5.1.1 – for further use - /introduction....................................................................................259
5.1.2 Special features............................................................................................................259
5.1.3 Problem analysis..........................................................................................................259
5.1.4 Start/Stop/Restart procedures.......................................................................................259
5.1.5 Troubleshooting guide.................................................................................................259
5.1.6 System dependencies...................................................................................................259
5.1.7 Failover 259
5.1.8 Worst case scenarios....................................................................................................259
Page 7 of 259
Babu R (623)
1 System Operation.
This section describes the installing and uninstalling procedures for the Atlassian applications. Be
sure to follow the installation instructions in this guide in the given order.
1.1 SLA guideline and maintenance (maintenance work and maintenance period)
 See Support concept
1.2 Basic information about GSEP environments and applications

This chapter aggregates the basic information for the different environments and applications.
As this information is needed throughout the whole installation processes it is recommended to print
out the corresponding environment table for easier reference.
Use this file for future changes 

1.2.1 Phase1 – PROD (Atlassian tools)
Page 8 of 259
Babu R (623)
1.2.2 Phase2 – PROD (Non Atlassian tools)
Page 9 of 259
Babu R (623)
1.2.3 Dedicated - PROD
1.2.4 Dedicated –INT
1.2.5 Phase2 – INT (Non Atlassian tools)
Page 10 of 259
Babu R (623)
1.2.6 Phase1 – INT (Atlassian tools)
1.3 Conventions
This chapter describes several conventions for the current document.
1.3.1 Basic information references

A reference to basic information is indicated by parentheses and with a special format: {osuser}
On every occurrence you have to replace the whole string with the information given in chapter 1.2
for current tool and environment - e.g. for jira in INT-environment {osuser} would resolve to
jir_int_osuser.
When data from another application is needed, the reference is prefixed with the appname of the
other application - this is especially needed for linking the applications. E.g. when you are inside of
the jira chapter the following reference would resolve to the url of crowd: {crowd:url}
1.3.2 Console commands

The installation procedures require utilizing the command line to access, setup and manage the
target servers. In this guide console commands have a special format like the following:
Page 11 of 259
Babu R (623)
mkdir /opt/atlassian
Comments begin with a hash (#) and are printed in green. They aren’t part of the command and
therefore should not be typed:
yast --install nano-2.2.6.1.x86-64.rpm #installs nano
1.3.3 Editing files

The installation procedures require editing several configuration files on the target servers through
the command line interface. We won’t dictate any editor (like vi, emacs etc.), but instead describe
the kind of operation to be done in a special format like the following:
/opt/atlassian/crowd/apache-tomcat/bin/setenv.sh
Line 1: change
-Xms128m -Xmx512m -XX:MaxPermSize=256m
to
-Xms{minmem} –Xmx{maxmem} -XX:MaxPermSize=512m
You can then use either the default SuSE-Texteditor (vim) or install nano (see 1.7.7) or edit the file
with a scp browser like WinSCP or MobaXterm.
Note that especially line number in config files tend to change in different versions. The specified line
numbers are only valid for the app versions specified in (chapter 1.2).
1.3.4 Browser forms

Each application has a web based setup wizard that is visible on hitting the application url for the first
time right after the installation.
This installation guide documents the step with screenshots. Where input is necessary the fields are
highlighted in yellow. Every other field should be left as is.
So in the Form above you have to select the radio button “JDBC Connection”, then select “Oracle
10g/11g” in the database dropdown, and provide a “JDBC URL” by resolving the references to the
basic information, but you would leave “Driver Class Name” alone.
Page 12 of 259
Babu R (623)
1.4 SSH login into the application servers
This chapter describes the SSH remote login into the GSEP atlassian application servers inside the
EDC hosting network. The application servers are set up by the EDC without any graphical user
interface, so the only way to access these systems and setup and configure software is by terminal
though SSH. The following overview graphic describes the different login possibilities.
1.4.1 Prerequisites
The following checklists has to be fulfilled before you can start:
1.4.1.1 Organizational
 You have requested LZ@EDC access, received a security token, and a confirmation email that
the access has been granted.
 You can access to the SSH Gateway (suSSHi) as shown in the overview diagram by either
o being inside the Daimler Corporate Network and connecting through EDC SSLVPN
Gateway (https://gate.edc.corpintra.net) with the help of your security token, or
o connecting externally via RASnG SSLVPN Gateway, a provided dial-up software and
your security token, or
o connecting externally via Business Partner SSLVPN Gateway
(https://sagw.daimler.com) and your security token.
 You have created a SSH-key and registered it with EDC as documented in
LZ@EDC_HowTo_Create_SSH_Key_EN.pdf by entering the appropriate data in
o [inside the Daimler corporate network] the public SSH key management
webfrontend (https://edc-ssh-keys.e.corpintra.net/)
o [via Business Partner SSLVPN Gateway] the public SSH key management
webfrontend that is linked in the user interface after the SSLVPN login.
 You have saved the private SSH-key file to disk, and you know the SSH-key passphrase that
you used during SSH-key creation (you will need them to login).
1.4.1.2 Software
 You have a SSH and SCP client software installed on your machine.
Putty and WinSCP are excellent free programs for that matter. As commercial alternative we
recommend MobaXTerm that provides combined SSH and SCP functionality and that we
utilized for the :em INT Environment and for initial INT testing.
Page 13 of 259
Babu R (623)
1.4.1.3 Connection
 You are connected to the EDC and can access susshi.edc.corpintra.net (you can test this by
calling “ping susshi.edc.corpintra.net” on a command shell).
1.4.2 Login into an application server

To login to a GSEP Application server you need to use the following login credentials in your SSH/SCP
client software:
 Host name: susshi.edc.corpintra.net

 User name: [ActiveDirectoryUser]@[UserOnServer]@{host}
e.g. if your active directory user name is “NOCHUC1” and you want to login to the Crowd
application server in GSEP INT Environment (sedcagse0050) as “root” then your ssh user
name would be “NOCHUC1@root@sedcagse0050”
 Password: [SSHPassphraseUsedDuringSSHKeyGeneration]
To clarify things a little bit we’ll do some examples:

1.4.2.1 Login with Putty
Open Putty. Enter “susshi.edc.corpintra.net” as host name. After that provide your private SSH-Key
file in Connection->SSH->Auth. Click ok to continue.
When the terminal window opens enter “NOCHUC1@root@sedcagse0050” as username and your
SSH-key’s passphrase as “suSSHi Gateway Password”.
Page 14 of 259
Babu R (623)
If you entered the credentials correctly you will see the application servers command prompt.
1.4.2.2 Optional: SSH tunneling with Putty

By establishing an SSH tunnel to the target application server, you can access the web applications
directly without going through the Daimler GSEP Loadbalancer.
In general you shouldn’t need this - but when there are problems with the load balancer or with
client certificates you can use this method to access the servers.
In the Putty Configuration screen, select Connection  SSH  Tunnels enter the values as shown
below in the screenshot and press the “Add”-button.
You should now see the forwarded port in the list as visible below (blue highlighting).
The target servers port 8080 is now mapped to your local machines port 8080 (keep sure that you
haven’t any webserver on your local machine in place before doing this).
You can access the target web application in browser by using the url
“http://localhost:8080/{appname}”.
1.4.2.3 Login with WinSCP
Open WinSCP. Click on “Session”. As file protocol choose “SCP”.
Enter the host name, user name, and private key file as shown below and click on login.
Page 15 of 259
Babu R (623)
Confirm the upcoming (only on first server-connection) warning with “Yes”.
In the Key passphrase dialog enter your SSH-key’s passphrase and continue with “OK”.
Now you’re logged in and you can copy files from your local computer to the application server by
drag’n’dropping them.
Page 16 of 259
Babu R (623)
1.4.3 Notes on saved sessions
Despite not being documented here you should consider saving sessions in your client software for
the environments and servers you’re working in. Login into the susshi gateway is a somewhat
complicated process, and when not done on a regular basis a little bit error prone. Saved sessions will
keep you away from looking up and typing all the credentials again and again.
Saving passwords might be a security risk. It is recommended not to save them in saved sessions.
1.5 Database Setup

Database service and user creation is done by EDC with request from the team, and once application
is started after installation schema is automatically created.
1.6 Licenses
You can get the licenses needed for the installation of the Atlassian tools and plugins here. (Note: It
has to be discussed with PO for any new application or plugins licenses) It has to be discussed with
PO for any new application or plugins licenses)
1.7 Common system setup

This chapter provides setup guidelines that are in common for all applications. You have to repeat
these steps for each and every application before continuing with their designated setup chapters.
1.7.1 Prerequisites
The following checklist has to be fulfilled before you start:
 The databases for the Atlassian applications for your target environment are set up by the
EDC and ready to use.
 The load balancer (in-bound-proxy) has been configured by the EDC:
o {url} is mapped to {host}:{port}{contextpath} for each system
o the root url (“https://{proxy}”) is mapped to {jira:host}:{port}
o the load balancer is configured not to use the Daimler standard keep-alive page at
/infra/lbtest1.html but a tcp-connect test
 The security proxy (out-bound-proxy) has been configured by the EDC.
 {host} has SuSE Linux Enterprise Server 11 SP3 installed and you can access it by SSH.
 Your login to the {host} is either root or has full root-privileges
 The firewall is allowing access to the service at port {port} on {host}
 You have access to the install package for the given application
 A SSH connection to the {host} has been established – you are logged in in textmode (with
Putty, MobaXterm or something like that)
 A SCP connection to the {host} has been established – you have a means to copy files to the
{host} (e.g. WinSCP, MobaXterm or something like that)
 You have the licenses for the applications or access to the atlassian account that has bought
the licenses
1.7.2 Create user

A non-root user account needs to be created on the target server.
Page 17 of 259
Babu R (623)
yast users add username={osuser} password={osuserpw} # create user
1.7.3 Create target directories

mkdir /opt/atlassian
mkdir /opt/atlassian/packages
1.7.4 Copy and extract deployment package

Use an SCP program to copy the deployment packages (common_setup.zip and
{appname}_setup.zip) to /opt/atlassian/packages.
Extract and remove the packages.
cd /opt/atlassian/packages
unzip common_setup.zip # extract in current dir
unzip {appname}_setup.zip # extract in current dir
rm common_setup.zip # remove archive
rm {appname}_setup.zip # remove archive
1.7.5 Install java

Install java with yast and set JAVA_HOME environment variable.
yast –-install jdk-8ux-linux-x64.rpm # install package
# write JAVA_HOME to profile file for all users
echo export JAVA_HOME=/usr/java/default > /etc/profile.local
1.7.6 Reload profile

. /etc/profile # note the space between . and /etc/profile!
1.7.7 Optional: install nano

Nano is a text editor that is more user friendly than vim. If you want to edit files with nano you can
install and configure it. If you would like to use another editor you can skip this check.
yast --install nano-2.2.6-1.x86_64.rpm
~/.nanorc
Add the following lines:

include /usr/share/nano/xml.nanorc
include /usr/share/nano/sh.nanorc
To start nano type:
nano
A word of warning: depending on the terminal you’re using nano might automatically create line
breaks for long lines if your terminal window is to narrow to show the line completely. This is nine
times out of ten not what you want - and can lead to servers not starting because of script or xml
errors. If you encounter such a line break when working with nano, check back the file after saving
with another editor or the less-command. If this line break issue applies to your environment, use
another editor!
Page 18 of 259
Babu R (623)
1.7.8 Optional: Install midnight commander
Instead of nano you can also install midnight commander to have a norton commander like file
browser and an editor (like nano):
zypper --install mc
To open the file browser
mc
To open the text editor
mcedit
1.7.9 Install service script

To autostart the application on server startup a service script (init-script) is needed.
The service startup script for each application is provided in the deployment package. It is activated
by the following commands - you can install the service scripts before installing the application.
cp /opt/atlassian/packages/{appname} /etc/init.d
chmod +x /etc/init.d/{appname}
/sbin/yast runlevel add service={appname} runlevels=3,5
For PROD Environment only you also need to edit the file and change the user:
/etc/init.d/{appname}
in line 18 change int to prod user:

USER={osuser}
Now {appname} is started automatically on next reboot. You can also use the initscript yourself:
/etc/init.d/{appname} start # to start the application
/etc/init.d/{appname} stop # to stop the application
/etc/init.d/{appname} restart # to restart the application
/etc/init.d/{appname} status # to retrieve the current status of the application
Do not start the atlassian-provided scripts directly, as they’ll run under your root user then, instead
use always the init script - it will switch to the correct user for it’s operations.
1.7.10 Extract application

cp /opt/atlassian/packages/atlassian-{appname}-{appversion}.tar.gz
/opt/atlassian # copy app-package to target folder
cd /opt/atlassian
tar -xzvf atlassian-{appname}-{appversion}.tar.gz
rm atlassian-{appname}-{appversion}.tar.gz # remove app-package
1.7.11 Create application home directory

mkdir /opt/atlassian/atlassian-{appname}-home-{appversion}
Page 19 of 259
Babu R (623)
1.7.12 Create symbolic links and correct file privileges
By now you should have a version specific application folder mentioned as {install_dir} and a version
specific application home folder which is {home_dir}. Now version agnostic symbolic links are
created.
cd /opt/atlassian
ln -s atlassian-{appname}-{appversion}/ {appname}
ln -s atlassian-{appname}-home-{appversion}/ {appname}-home
And the owner is changed recursively to the {osuser}.
chown {osuser}:users . --recursive
E.g. for crowd if you type dir you would now get the following (some data removed [...] for
readability).
dir
... cro_int_osuser ... {install_dir}
... cro_int_osuser ... {home_dir}
... cro_int_osuser ... crowd -> {install_dir}/
... cro_int_osuser ... crowd-home -> {home_dir}/
The symbolic links are useful for installing 2 versions in parallel (e.g. for upgrading versions) and
switching between them. The service script for example will use these links.
1.7.13 Summary
Now everything is in place for the basic setup and configuration of the application. You should
continue directly with the application specific setup chapter. Do not reboot the system or start the
application until you’re advised to.
1.8 Crowd setup
1.8.1 Prerequisites
 You have completed the common system setup for the crowd target server (see chapter 1.7).
 You are logged in as root on the crowd target server.
1.8.2 Config file adjustments

Edit the following files on your crowd target server.
{install_dir}/crowd-webapp/WEB-INF/classes/crowd-init.properties
Replace line 25 with:

crowd.home={home_dir}
{install_dir}/apache-tomcat/conf/server.xml
in line 6 (<Connector>-Element):
change port-Attribute from 8095 to 8080
Page 20 of 259
Babu R (623)
{install_dir}/apache-tomcat/bin/setenv.sh
In line 1 change:
JAVA_OPTS="-Xms128m -Xmx512m -XX:MaxPermSize=256m -Dfile.encoding=UTF-8 $JAVA_OPTS"

to
JAVA_OPTS="-javaagent:/opt/appdynamics/appagent/AppServerAgent-4-2/javaagent.jar -
Datlassian.org.osgi.framework.bootdelegation=META-
INF.services,com.yourkit,com.singularity.*,com.jprofiler,com.jprofiler.*,org.apache.xerces,org.apa
che.xerces.*,org.apache.xalan,org.apache.xalan.*,sun.*,com.sun.jndi,com.icl.saxon,com.icl.saxon.
*,javax.servlet,javax.servlet.*,com.sun.xml.bind.* -Xms{minmem} –Xmx{maxmem} -
Dfile.encoding=UTF-8 $JAVA_OPTS -Dhttp.proxyHost=security-proxy.emea.svc.corpintra.net -
Dhttp.proxyPort=3128 -Dhttps.proxyHost=security-proxy.emea.svc.corpintra.net -
Dhttps.proxyPort=3128 -Dhttp.nonProxyHosts=localhost\|127.0.0.1\|gsep.daimler.com
-Xloggc:/opt/atlassian/crowd/apache-tomcat/logs/`date +%F_%H-%M-%S`-gc.log -XX:
+PrintGCDetails -XX:+PrintGCTimeStamps -XX:+PrintTenuringDistribution -XX:+PrintGCCause -XX:
+UseGCLogFileRotation -XX:NumberOfGCLogFiles=10 -XX:GCLogFileSize=5M -XX:
+UseParallelOldGC $JAVA_OPTS"
1.8.3 Restart system

reboot
1.8.4 Web based setup wizard

After the system is restarted (~3min) the web based setup application wizard is available at {url}.
Open a browser and go to {url}.

1.8.4.1 License setup
Specify your license by generating one with the help of the given server id (highlighted in blue in the
screenshot below).
For Daimler environments the license is already bound - Just enter it in the “License Key” field.
1.8.4.2 Installation type

Select “New Installation” as installation type.
Page 21 of 259
Babu R (623)
1.8.4.3 Database configuration
Configure the database as shown in the screenshot below.
1.8.4.4 Options
Configure the options form as shown in the screenshot below.
Warning: use “http://localhost:8080/crowd” as {url} here. Configuring the proxys in a correct way
so that you can use the original {url} here is really hard and we haven’t got it working until now.
Page 22 of 259
Babu R (623)
1.8.4.5 Mail configuration
Configure the mail configuration as shown in the following screenshot. Note that the “Subject-Prefix”
field is empty, as a filtering can also be done by the “From Email Address”.
1.8.4.6 Create default internal directory

Initially Crowd needs one internal directory. The name “Default” can be configured later.
Page 23 of 259
Babu R (623)
1.8.4.7 Default administrator
Crowd also needs a default administrator account.
1.8.4.8 Integrated applications

Neither the OpenID Server, nor the demo application should be installed.
1.8.4.9 Adjust application.login.url and finish

Now the web based Crowd setup is complete.
Page 24 of 259
Babu R (623)
Now login to the crowd server as root with SSH console and edit the following file:
{home_dir}/crowd.properties
Set application.login.url:
application.login.url={url}
Set crowd.base.url
crowd.base.url={url}/services/
Do not use http://localhost:8080/crowd in the file above but the real {url}.
Restart the system and wait ~3min for the restart to complete.
reboot
1.8.5 Web based configuration

To allow other applications to connect to Crowd we have to do some basic configuration steps. Log in
to Crowd as {admin}.
1.8.5.1 Configuring the Self-Service Console
Beside the Crowd Administration Console where you are logged in, there is also a stripped down
Crowd Self-Service Console where users without admin rights can manage their credentials. Each
user in the group crowd-administrators will by convention have access to the Crowd Administration
Console. To activate the Self-Service Console for all other users we have to allow all users to
authenticate with the default Crowd application:
Click on “Applications” and then in the Application Browser Table on “crowd” to edit the Crowd-
Application.
Page 25 of 259
Babu R (623)
Click on the Directories Tab and set “Allow All to Authenticate” to “True” for the Default-Directory.
Click on Update.
1.8.5.2 Create groups

We need to create groups for each application.
Click on Groups  Add Group.
Page 26 of 259
Babu R (623)
After you added a group you’re redirected to the groups’ details page. Click on the “Direct Members”
tab and on “Add Users”.
No search for the crowd admin user and add it to the group. The crowd admin user will be our super
admin for all systems. Now the group creation is done.
Add the following groups by repeating this step for all entries.
Name Description Directory
bamboo-admin Administrators for Bamboo
bamboo-developers Developers for Bamboo
bamboo-users Users for Bamboo
confluence-administrators Administrators for Confluence
confluence-users Users for Confluence
crucible-administrators Administrators for Crucible
crucible-users Users for Crucible Default
jira-administrators Administrators for Jira
jira-developers Developers for Jira
jira-users Users for Jira
stash-systemadministrators Systemadministrators for Stash
stash-administrators Administrators for Stash
stash-projectcreators Projectcreators for Stash
stash-users Users for Stash
After you’re done the Group Browser should look like this
Page 27 of 259
Babu R (623)
1.8.5.3 Add Crowd Administrator to all groups
Now for each created group (1.8.5.2) add the crowd administrator as direct member like shown
below.
1.8.5.4 Create applications

In Crowd for each Atlassian application that want to connect an “Application” has to be created.
Repeat the following steps for all Atlassian applications (except Crowd itself).
Use the data from the corresponding table and column in the basic information chapter for each
application. So. e.g. when {url} is stated, do not use Crowds’ {url} but the {url] of the corresponding
app (jia, confluence etc.).
Click on Applications  Add Application, fill in the form on Tab 1. Details as stated below in the
Screenshot, and click next.
Page 28 of 259
Babu R (623)
In step 2. Connection you have to provide the application URL.
Enter the URL and click on Resolve IP Address. In the blue highlighted field the IP-address is shown.
Note that you will never see the target servers’ IP-address here but the one of the reverse proxy (so
it’s equal for all applications). Click next.
On tab 3. Directories you select directories for the application. Since there is only one default
directory, select this one and click next.
Page 29 of 259
Babu R (623)
In Step 4. Authorization you have to add all groups matching the application by selecting the group in
the dropdown and clicking on the Add Group button.
E.g. for Jira you would add the groups jira-administrators, jira-developers, jira-users etc.
Then Click next.
Finally on tab 5. Confirmation you have to confirm the Application-creation. Control all inputs and
group mappings and click Add Application to create the application.
1.8.5.5 Configure permissions for application

Now the permissions for the applications needs to be set.
Crowd directory’s are by default 2-way administrable, that means that you can use jira, or
bamboo, etc. to create new users and groups inside crowd. We don’t want that behavior to
prevent accidental deletion, and to get a single administration point for users and groups. So we
have to configure permissions.
Click on Applications.
Page 30 of 259
Babu R (623)
Repeat the following steps for each application marked in the screenshot below (Jira, Confluence,
Stash, Bamboo, Crucible). Do not change the permissions for crowd itself!
Click on the applications‘ name to enter the applications’ detail screen.
Select the “Permissions” tab, select the “Default”-Directory and remove all permissions by
deselecting all checkboxes. Click on “Update” when done and proceed with the next application as
stated above.
1.8.5.6 Configure remote addresses

Now the remote addresses must be configured for each application.
Page 31 of 259
Babu R (623)
Crowd will check the incoming request from another application for the source-IP. If this IP isn’t
configured as remote address for the application, crowd will block the access. Therefore we’ll have
to “whitelist” the applications IPs. In case of the Daimler environment these IPs would be the IPs of
the loadbalancer NAT system because the server cannot communicate directly but only through
the security proxy.
Repeat the following step for each application (Jira, Confluence, Stash, Bamboo, Crucible). Do not
change the permissions for crowd itself!
Click on the application in the „Search Applications“ area to get to the detail view of the application.
Click on the “Remote Addresses” Tab. Add all the {natips} addresses.
1.8.5.7 Optional: Add test users

For testing purposes you could now add some users and put them into the different groups.
Beside the super/system admin user “user1”, the project admin “user2”, the developer “user3” and
the reader user “user4”. With these users the Crowd self-service console, the privileges of the
different systems, and the single sign on can be tested. Be sure to add the users in “all groups with
their rights and below” - e.g. developer user should be added into the project developer role group,
but also into the jira-users group - and for the other systems accordingly.
1.8.5.8 Single sign on (SSO)
Click on Administration -> General and enter the SSO Domain as stated below to activate single sign
on for the domain.
Now you have completed the Crowd integration steps on Crowd’s behalf. The other half will be done
in the following setup chapters for each Atlassian application.
Page 32 of 259
Babu R (623)
1.8.6 Start & Stop procedures
Crowd can be started by the init-script (as noted in chapter ):
/etc/init.d/crowd start # to start the application

/etc/init.d/crowd stop # to stop the application
/etc/init.d/crowd restart # to restart the application
/etc/init.d/crowd status # to retrieve the current status of the
application
To check whether crowd is running you can use (beside the above status method)
ps aux | grep crowd
If this returns a java process (tomcat) then crowd is running.
1.8.7 Log files

The logfiles are located in {home_dir}/logs.
If there are issues with the service script the boot log for SuSE SLES is located in /var/log/boot.msg.
1.8.8 Reference links

This section lists further resources for Crowd.
 Official Crowd documentation

https://confluence.atlassian.com/display/CROWD/Crowd+Documentation
 Atlassian answers (questions tagged with “crowd”)
https://answers.atlassian.com/tags/crowd
 Crowd security advisories and fixes
https://confluence.atlassian.com/display/CROWD/Crowd+Security+Advisories+and+Fixes
this site should be checked frequently in order to maintain maximum security.
 Crowd knowledgebase
https://confluence.atlassian.com/display/CROWDKB/Browse+Articles+by+Page+Tree+Hierarc
hy
this site is very useful for troubleshooting.
1.8.9 Troubleshooting
1.8.9.1 Users and administrators cannot login to crowd or any of the other systems (I)
Sometimes, especially during crowd configuration you will be logged out, and can’t login anymore
because of an invalid login-cookie. Clear your browsers cache and try again.
1.8.9.2 Users and administrators cannot login to crowd or any of the other systems (II)
After a given period of time neither users nor administrators can login into Crowd or any of the other
system. By entering valid login credentials a user isn’t logged in but instead is redirected to the login
form again. A crowd server restart helps for a given period of time, but then the problem comes
back.
There is a bug [see https://jira.atlassian.com/browse/CWD-3769] that can cause this issue. The
database connections are locking when Crowd saves a user token and never freed. So when the
database connection pool limit is reached Crowd will crash.
There are two possible workarounds, the interactive one:
1. Restart the Crowd server

2. Login as admin user
Page 33 of 259
Babu R (623)
3. Switch to in-memory token storage by clicking on Administration->Session Config and
selecting “Memory Cache” as shown below.
and if the interactive one isn’t working the “hard” one:
1. Stop the Crowd server by killing the tomcat process (as Crowd’s own stop script won’t work)
2. Execute the following SQL query on your Crowd database to switch to the in-memory token-
store (note that crowd might freeze some time until the migration is done):
UPDATE {dbuser}. CWD_PROPERTY SET property_value='false' WHERE
property_name='database.token.storage.enabled';
3. Execute the following SQL query on your Crowd database to remove the cached tokens (note
that all users will have to relogin)
DELETE FROM {dbuser}.CWD_TOKEN
4. Restart Crowd server
1.8.9.3 Crowd refuses Base URL during setup
The following issue was encountered in Daimler INT environment.
In the setup assistant you configured the Crowd base URL as specified in this guide but got the
following error message:
The advised URL https://gsep-int.daimler.com:443/crowd won’t work also.
As stated in the article at

https://confluence.atlassian.com/display/CROWDKB/Unable+to+complete+Crowd+Setup+Wizard+D
ue+To+Invalid+Server+Base+URL, “The Base URL configured here is what the Crowd Console will use
Page 34 of 259
Babu R (623)
to communicate to the Crowd Server. Since they are usually on the same server, using localhost
generally works.”. So we can also use a localhost based base URL - that would be in our case
http://localhost:8080/crowd.
Entering localhost as settings has some bad implications:
 You have to login on and on

 You may get locked out of the system completely (see troubleshooting above for that case)
To prevent that you should consider the following steps:
 In {home_dir}/crowd-
 In Crowd Administration page:
o In section Trusted Proxy Servers add
 gsep-int.daimler.com
 141.113.99.23 (IP of gsep-int.daimler.com)
 security-proxy.emea.svc.corpintra.net
 53.31.36.31 (IP of security-proxy.emea.svc.corpintra.net)
o In section General set SSO Domain to
 gsep-int.daimler.com
o In Session Config switch Require Consistent Client IP Address to “false”.
1.8.9.4 Application cannot connect to Crowd (I)

If you encounter the following error while integrating an application (e.g. Stash with Crowd)
then the proxy configuration for the crowd integration plugin is missing. The crowd integration plugin
uses it’s own proxy settings and doesn’t pick up the java default proxy system properties. Add system
parameters to the java startup parameters as shown below to configure the proxy completely
(usually in a setenv.sh file) - example for the Daimler INT environment:
-Dhttp.proxyHost=security-proxy.emea.svc.corpintra.net -Dhttp.proxyPort=3128 -
Dhttps.proxyHost=security-proxy.emea.svc.corpintra.net -Dhttps.proxyPort=3128 -
Dhttp.nonProxyHosts=localhost\|127.0.0.1 -Dcrowd.property.http.proxy.host=security-
proxy.emea.svc.corpintra.net -Dcrowd.property.http.proxy.port=3128
1.8.9.5 Application cannot connect to Crowd (II)

If you encounter the following error while integrating an application (e.g. Jira with Crowd)
Page 35 of 259
Babu R (623)
Then you need to configure the IP address shown in the error message as trusted ip address for the
application in crowd as shown below for Jira in Daimler INT environment.
In Daimler INT environment there are two IPs the loadbalancer is using, 141.113.99.238 and
141.113.99.239 - so both of them has to be configured as shown below.
1.8.9.6 InvalidAuthorizationTokenException in log file

All the proxy settings are in place but when crowd starts the admin cannot login, and a
InvalidAuthorizationTokenException is logged in the log file, like:
2014-10-22 13:08:16,945 http-bio-8080-exec-14 ERROR

[crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter] Unable to unset
Crowd SSO token
com.atlassian.crowd.exception.InvalidAuthorizationTokenException: Client with address

"141.113.99.239" is forbidden from making requests to the application, crowd.
Page 36 of 259
Babu R (623)
The reason for that is that the crowd web-front end is just an application like jira, confluence, etc.
that talks to the crowd server. Like every other application the crowd application has list of valid
remote addresses, and the proxy isn’t set there yet.
To fix that you have to revert the proxy settings in server.xml and set the crowd.server.url in crowd-
home/crowd.properties to “https\://localhost\:8080/crowd”, so that you can login to crowd, and
enter the IPs as stated in the chapter before for the crowd application:
After you’ve done that you can stop crowd, enter the proxy settings again, correct the
crowd.server.url and restart crowd.
1.9 Data Center Setup

This section explains moving JIRA, Confluence, Bitbucket & Crowd server to Data Center Mode.
1.9.1 Prerequisites
All common setup should be completed before proceeding with Data Center configurations.
 Follow 3.2.6 for common setup for all individual Data Center Nodes.
 Apache 2.4.X version web servers required for load balancing.
 All the cluster nodes should be able to access NFS drive.
 Nodes must be configured to have unrestricted port access to each other.
 Nodes must be configured with the same time zone and keep the current time synchronized.
 A load balancer that supports both HTTP mode (for web traffic) and TCP mode (for SSH
traffic), and support session affinity ("sticky sessions")
 A supported external database, shared and available to all cluster nodes.
1.9.1.1 Web Server Installation
Login to web server as a root and run below command
$zypper install apache2
Page 37 of 259
Babu R (623)
This will install default apache 2.4.x version
Check version
$which apachectl
/usr/sbin/apachectl
$ apachectl –version
Server version: Apache/2.4.23 (Linux/SUSE)
Server built: 2017-07-17 14:47:51.000000000 +0000
Enable Apache Modules
a2enmod proxy
a2enmod proxy_http
a2enmod mod_proxy_balancer
a2enmod rewrite
a2enmod proxy_wstunnel
a2enmod mod_slotmem_shm
Page 38 of 259
Babu R (623)
a2enmod mod_lbmethod_byrequests
a2enmod mod_lbmethod_bytraffic
a2enmod mod_lbmethod_bybusyness
sudo a2enmod headers
Hardening
Do the following to harden the Apache Reverse Proxy server:
Disable some unnecessary modules:

a2dismod actions # we don't want to have cgi actions
a2dismod autoindex # we don't want directory indexes
a2dismod cgi # we have no cgi scripts
a2dismod env # we don't want to mess around with environment variables
a2dismod include # we don't want server side includes
a2dismod setenvif # we don't want to set environment based on any criteria
a2dismod ssl # the loadbalancer will do ssl termination
a2dismod userdir # we don't want to serve user specific directories
Create a file /etc/apache2/conf.d/gsep_proxy.conf
Edit the file and insert the following content right below the <VirtualHost *:80> line at the top:
#--- Add this section at the top of the file

# Hardening related stuff
# -----------------------
# Deactivate Tracing (that can be used for attacks)

TraceEnable off
# Unset ETag header

Header unset ETag
# Landing page
DocumentRoot "/srv/www/htdocs"
<Directory "/srv/www/htdocs">
Options None
Require all granted
FileETag None
<LimitExcept GET HEAD>
Require all denied
</LimitExcept>
</Directory>
Page 39 of 259
Babu R (623)
<LocationMatch "^.*">
Require all granted
# Limit all requests to common http verbs

<LimitExcept GET HEAD POST PUT DELETE>
Require all denied
</LimitExcept>
# disable http 1.0 protocol - Uh Oh This seems to kill the Loadbalancer... so we'll disable that
for now
#RewriteEngine On
#RewriteCond %{THE_REQUEST} !HTTP/1.1$
#RewriteRule .* - [F]
# disable ETAG
FileETag None
# Limit request bodies to 500kb (this may create upload problems! then we have to adjust)
LimitRequestBody 512000
# Secure Cookies (this kills crowd sso login - what a pitty :-( )
#Header edit Set-Cookie ^((?!HttpOnly).)*$ $1;HttpOnly
#Header edit Set-Cookie ^((?!Secure).)*$ $1;Secure
# Cross Site Scripting protection (this may block REST API calls! then we have to adjust)
Header merge X-XSS-Protection "1; mode=block"
# Clickjacking protection
Header merge X-Frame-Options SAMEORIGIN
# Prevent mime-sniffing
Header merge X-Content-Type-Options "nosniff"
# Change tomcat server name: this works only for proxied responses
Header set Server "Apache"
</LocationMatch>
# Proxying
# --------
#---
# Remove or comment out the following section
<Proxy *>
Require all granted
</Proxy>
Start the Apache

$apachectl –k start
Page 40 of 259
Babu R (623)
1.9.2 Jira Data Center
1.9.2.1 Prerequisites
 Each node does not need to be identical, but for consistent performance, we recommend
they are as close as possible
 Nodes must run the exact same JIRA version and must be located in the same data center
 All the node should have same OS application user to own everything in the Jira Server
shared home directory. Choose a UID for OS user that's free on all your cluster nodes and the
shared file system server.
 You must ensure that the OS user has the same UID on all cluster nodes and the shared file
system server. (You can check in /etc/passwd for UID) refer common setup section.
1.9.2.1.1 NFS Mount Point
NFS drive mounted on all the JIRA nodes.
sedcspb1002f.emea.bg.corpintra.net:/sedcspb1002f_nas_vol097/ 11T 5.0T 5.1T 50%

/gsep_data_int
Create folder structure as below under NFS drive.
$cd /gsep_data_int
$ mkdir -p /gsep_data_int/DATA_CENTER/GSEP_JIRA
1.9.2.2 Installation
For JIRA server installation follow section 3.2.8
1.9.2.3 Shared Home Directory Setup
In this step, you need to set up a shared home directory that is writable by the JIRA instance and any
future nodes.
Final mount point for this shared storage location is
/gsep_data_int/DATA_CENTER/GSEP_JIRA Create shared-home directory
$cd /gsep_data_int/DATA_CENTER/GSEP_JIRA
$mkdir –p /gsep_data_int/DATA_CENTER/GSEP_JIRA/shared-home
Ensure that directory can be read and written by other potential nodes
Stop the Jira application before going further setup.
/etc/init.d/jira stop
Copy the following directories into {sharedhome_dir}
$cp –R {home_dir}/{data,plugins,logos,import,export} {sharedhome_dir}
Note: DO NOT create symbolic links between the local and shared homes! This will cause issues
when having more than one node running at the same time.
Page 41 of 259
Babu R (623)
1.9.2.4 Change Ownership
$cd {sharedhome_dir}
1.9.2.5 Cluster Configurations

Stop Jira instance
Create cluster.properties file in the {home_dir}

$vi cluster.properties
And add the below lines

# This ID must be unique across the cluster
jira.node.id = Jira-Node1
# The location of the shared home directory for all JIRA nodes
jira.shared.home = /gsep_data_int/DATA_CENTER/GSEP_JIRA/shared-home
Start Jira instance

/etc/init.d/jira start
1.9.2.6 License Update

Install Data Center License.
Page 42 of 259
Babu R (623)
Navigate to https://gsep.daimler.com/jira
Goto Admin  System  System Info
Jira node1 is started in Clustering mode .

1.9.2.7 Add the first node to load balancer
Login to web server ex: sedcigse0070
$vi /etc/apache2/conf.d/gsep_proxy.conf
<VirtualHost *:80>
ProxyRequests off
<Proxy balancer://jiracluster>
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/"
env=BALANCER_ROUTE_CHANGED
# JIRA node 1
BalancerMember http://53.31.30.174:8080/jira route=Jira-Node1
</Proxy>
<Location /balancer-manager>
SetHandler balancer-manager
Page 43 of 259
Babu R (623)
</Location>
ProxyPass /balancer-manager !
ProxyPass /jira balancer://jiracluster stickysession=ROUTEID
</VirtualHost>
Restart the Apache

$apachectl –k graceful
After adding JIRA to the load balancer, ensure that basic functionality is working after restarting the
JIRA instance by navigating to the instance, logging in, and noting any broken links or malfunctioning
JIRA functionality.
1.9.2.8 Add Cluster Node
Stop the JIRA cluster node1
Login to JIRA cluster node2
Copy the JIRA installation directory to a new host from Node1.

$cp –r <temp_dir>/jira /opt/atlassian/
Copy the local home directory from the first node to this new node.
$cp –r <temp_dir>/jira-home /opt/atlassian
Alter the cluster.properties file to reference the new node id. All node ids must be unique among
nodes.
$vi cluster.properties
And add the below lines

# This ID must be unique across the cluster
jira.node.id = Jira-Node2
# The location of the shared home directory for all JIRA nodes
jira.shared.home ={sharedhome_dir}
Start the new node and monitor for startup problems.

/etc/init.d/jira start
1.9.2.9 Connect this new node to the load balancer

Login to web server ex: sedcigse0090 and sedcigse0100 and add the new cluster node details under
Proxy balancer section.
<VirtualHost *:80>
ProxyRequests off
<Proxy balancer://jiracluster>
# JIRA node 1
Page 44 of 259
Babu R (623)
# JIRA node 2
</Proxy>
</Location>
ProxyPass /jira balancer://jiracluster stickysession=ROUTEID
</VirtualHost>
Restart the Apache

Ensure that issue creation, search, attachments, and customizations work as expected.
Navigate to https://gsep.daimler.com/jira Go to Admin  System  System Info
Repeat steps 7 and 8 for each new node from this section.
1.9.2.10 Health Check
Goto Administrations  System  Support Tools
All the Items should be checked above.
Page 45 of 259
Babu R (623)
1.9.2.11 References
https://confluence.atlassian.com/adminjiraserver071/installing-jira-data-center-802592197.html
https://confluence.atlassian.com/enterprise/jira-data-center-load-balancer-examples-
781200827.html
https://confluence.atlassian.com/kb/proxying-atlassian-server-applications-with-apache-http-server-
mod_proxy_http-806032611.html
https://confluence.atlassian.com/enterprise/jira-data-center-health-check-tools-644580752.html
1.9.3 Confluence Data Center

 Each node does not need to be identical, but for consistent performance, we recommend
they are as close as possible
 Nodes must run the exact same Confluence version and must be located in the same data
center.
 All the node should have same OS application user to own everything in the confluence
Server shared home directory. Choose a UID for OS user that's free on all your cluster nodes
and the shared file system server.
system server. (You can check in /etc/passwd for UID)
1.9.3.1.1 NFS Mount Point
NFS drive mounted on all the Confluence nodes.
sedcspb1002f.emea.bg.corpintra.net:/sedcspb1002f_nas_vol097/ 11T 5.0T 5.1T 50%

/gsep_data_int
$cd /backup_nfs
$ mkdir -p /gsep_data_int/DATA_CENTER/ GSEP_CONFLUENCE
1.9.3.2 Terminology
 Installation directory – The directory where you installed Confluence on a node.
 Local home directory – The home or data directory on each node (in non-clustered
Confluence this is simply known as the home directory).
 Shared home directory – The directory you created that is accessible to all nodes in the
cluster via the same path.
At the end of the installation process, you'll have an installation and local home directory on each
node, and a single shared home directory
For Confluence server installation follow section 3.2.9
In this step, you need to set up a shared home directory that is writable by the JIRA instance and any
future nodes.
Page 46 of 259
Babu R (623)
/gsep_data_int/DATA_CENTER/GSEP_CONFLUENCE
Create shared-home directory
$cd /gsep_data_int/DATA_CENTER/ GSEP_CONFLUENCE
$mkdir –p {sharedhome_dir}
Stop the confluence application before going further setup.
/etc/init.d/confluence stop
In the existing Confluence home directory move contents of {home_dir}/shared-home to the new
shared home directory you just created.
$mv {home_dir}/shared-home/* {sharedhome_dir}
Once the data is moved, delete the shared-home directory from local server {home_dir}
$cd {home_dir}/
$rm –rf shared-home
Move your attachments directory to the new shared home directory.
$mv {home_dir}/attachments {sharedhome_dir}

1.9.3.6 Cluster Configurations

Start Confluence instance
/etc/init.d/confluence start
Note: your home directory (configured in confluence\WEB-INF\classes\confluence-init.properties)

should still be pointing to your existing (local) home directory.
Navigate to https://gsep-int.daimler.com/confluence
The setup wizard will guide you through setting up the first node. You'll be prompted to enter:
Your cluster license:
Go to Admin  General Configuration  License Details
Enter your new Confluence Data Center license key.
Page 47 of 259
Babu R (623)
This will initiate Data Center Migration.
Enter details as below.
 A name for cluster Confluence-Node1

 Path to the shared home directory you created earlier
/gsep_data_int/DATA_CENTER/ GSEP_CONFLUENCE/shared-home
 Select option Use (TCP/IP)
Page 48 of 259
Babu R (623)
Goto Admin  General Configurations  Clustering
Confluence is migrated to Data Center mode successfully.
Go to /opt/atlassian/confluence-home path and add All cluster ip address in confluence.cfg.xml file

Shut down Confluence on node 1
/etc/init.d/confluence stop
Copy the installation directory from node 1 to node 2.
$cp –r <temp_dir>/confluence /opt/atlassian/
Copy the local home directory from node 1 to node 2.
$cp –r <temp_dir>/confluence-home /opt/atlassian/
Copying the local home directory ensures the Confluence search index, the database and cluster
configuration, and any other settings are copied to node 2.
Go to /opt/atlassian/confluence/bin path add the respective node in setenv.sh file.
IMP NOTE: Start Confluence on the first node, wait, and then start Confluence on second node.
 Start Confluence on node 1.
 Wait for Confluence to become available on node 1.

 Start Confluence on node 2.
Page 49 of 259
Babu R (623)
 Wait for Confluence to become available on node 2.
1.9.3.8 Test Cluster Connectivity
The Cluster Administration page ( > Clustering) includes information about the active cluster.
When the cluster is running properly, this page displays.
1.9.3.9 Configure Load Balancer

Append the below proxy configurations /etc/apache2/conf.d/gsep_proxy.conf under virtual host.
<Proxy balancer://confluencecluster>
# confluence node 1
BalancerMember http://53.31.30.179:8080/confluence route=Confluence-Node1
# confluence node 2
BalancerMember http://53.31.30.165:8080/confluence route=Confluence-Node2
</Proxy>
</Location>
ProxyPass /confluence balancer://confluencecluster stickysession=ROUTEID
Restart the Apache
After adding Confluence to the load balancer, ensure that basic functionality is working after
restarting the Confluence instance by navigating to the instance, logging in, and noting any broken
links or malfunctioning Confluence functionality.
For each new node follow the steps from 6 to 8 in this section.
Page 50 of 259
Babu R (623)
1.9.3.10 Name Cluster Nodes
On each Confluence Node add the below parameter for cluster name nodes CATALINA_OPTS="”.
-Dconfluence.cluster.node.name=Confluence-Node1
vi {install_dir}/bin/setenv.sh
CATALINA_OPTS=" -Dconfluence.upgrade.recovery.file.enabled=false -Dhttp.proxyHost=security-

proxy.emea.svc.corpintra.net -Dhttp.proxyPort=3128 -Dhttps.proxyHost=security-
proxy.emea.svc.corpintra.net -Dhttps.proxyPort=3128 -Dhttp.nonProxyHosts=localhost\|127.0.0.1
-Dcrowd.property.http.proxy.host=security-proxy.emea.svc.corpintra.net -
Dcrowd.property.http.proxy.port=3128 -Dfile.encoding=utf-8 -
Dconfluence.cluster.node.name=Confluence-Node1 ${CATALINA_OPTS}"
1.9.3.11 Health Check

Goto Administrations  General Configuration  Support Tools
All the Items should be checked above.

1.9.3.12 References
https://confluence.atlassian.com/conf56/moving-to-confluence-data-center-658737333.html
1.9.4 Bit Bucket Data Center

 A cluster of Bitbucket application nodes all running the same version of Bitbucket Data
Center web application.
 A remote Elasticsearch instance, with an only one remote connection to Bitbucket. The
instance may be a standalone Elasticsearch installation, or a clustered installation behind a
load balancer
 Each Bitbucket cluster node must be a dedicated machine.
 The cluster nodes must be connected in a high speed LAN (that is, high bandwidth and low
latency).
 All cluster nodes must run the same version of Bitbucket Data Center.
Page 51 of 259
Babu R (623)
 Ensure that only permit cluster nodes are allowed to connect to a Bitbucket cluster node's
Hazelcast port, which by default is port 5701, through the use of a firewall and/or network
segregation.
 All the node should have same OS application user to own everything in the Bitbucket Server
 Take a backup of your production Bitbucket Server instance's database and home directory.
1.9.4.1.1.1 NFS Mount Point
NFS drive mounted on all the Bitbucket nodes.
sedcspb1002f.emea.bg.corpintra.net:/sedcspb1002f_nas_vol079/DATA_CENTER/
GSEP_PROD_DATA/GSEP_BITBUCKET/shared-home 21T 7.4T 14T 36% /opt/atlassian/atlassian-
bitbucket-home-<version>/shared
$cd /gsep_data_int
$ mkdir -p /gsep_data_int/DATA_CENTER/GSEP_BITBUCKET
Prod NFS mount folder:
/opt/atlassian/atlassian-bitbucket-home-<version>/shared
1.9.4.2 Git Installation

Follow section 3.2.10.2 for Git installation for each bitbucket node.
1.9.4.3 Terminology
 Installation directory - <Bit bucket install directory> is the directory where you installed Bit
bucket on a node.
 Shared home directory – <Bit bucket shared home> the directory you created that is
accessible to all nodes in the cluster via the same path.
For Bitbucket server installation follow section 3.2.10
Go to  Licensing  Edit license, then paste your Bitbucket Data Center license.
In this step, you need to set up a shared home directory that is writable by the Bitbucket instance
and any future nodes.
/GSEP_DATA/DATA_CENTER/GSEP_PROD_DATA/GSEP_BITBUCKET/shared-home
$mkdir –p /GSEP_DATA/DATA_CENTER/GSEP_PROD_DATA/GSEP_BITBUCKET/shared-home
Page 52 of 259
Babu R (623)
Stop the Bitbucket application before going further setup.
/etc/init.d/stash stop
Copy the shared directory from backup you have taken.
shared directory in the Bitbucket Server home directory needs to be restored into the NFS shared
home directory. The remaining directories (bin, caches, export, lib, log, plugins, and tmp) contains
only caches and temporary files, and do not need to be restored
$cp –r <temp_dir>/shared/* {sharedhome_dir}
Delete the existing shared directory from {home_dir} dir, if exist from first node.
$cd {home_dir}
$rm –rf shared

1.9.4.8 Mount Shared Path

On each cluster node, mount the NFS shared home directory.
$vi /etc/fstab
Add the below line at the end of line.
GSEP_PROD_DATA/GSEP_BITBUCKET/shared-home /opt/atlassian/atlassian-bitbucket-home-
<version>/shared
Note: Only the /DATA_CENTER/GSEP_PROD_DATA/GSEP_BITBUCKET/shared-home directory should

be shared between cluster nodes. All other directories, including ${BITBUCKET_HOME}, should be
node-local (that is, private to each node).
Then mount it:
$mkdir -p {home_dir}/shared
mount -B /backup_nfs/DATA_CENTER/int/bitbucket/shared-home {home_dir}/shared
Change ownership again of /opt/atlassian/*
$cd /opt/atlassian/
1.9.4.9 Edit Config Files

Edit the file {home_dir}/shared/bitbucket.properties
#Add the below lines at the end of file.
hazelcast.network.tcpip=true
Page 53 of 259
Babu R (623)
hazelcast.network.tcpip.members=53.31.30.160:5701,53.31.30.62:5701,53.31.30.65:5701
#Note: Ip adresses mentioned are of all the nodes with port 5701.
# The following should uniquely identify your cluster on the LAN.
hazelcast.group.name=bitbucket-cluster
hazelcast.group.password=bitbucket-cluster
server.port=8080
server.scheme=https
server.proxy-name=gsep.daimler.com
server.proxy-port=443
server.secure=true
server.require-ssl=true
server.context-path=/stash
1.9.4.10 Start Bitbucket

/etc/init.d/stash start
If the Data Center license is not updated already then go to

https://gsep-int.daimler.com/admin/license, and install the Bitbucket Data Center license you were
issued.
Restart the Bitbucket
Navigate to https://gsep.daimler.com/stash
Once Bitbucket Server has started, go to https://gsep.daimler.com/stash/admin/clustering you

should see a page similar to this:
Page 54 of 259
Babu R (623)
Verify that the node you have started up has successfully joined the cluster. If it does not, please
check your network configuration and the {home_dir} /log/atlassian-bitbucket.log for the node.
1.9.4.11 Configure Load Balancer
Append the below proxy configurations /etc/apache2/conf.d/gsep_proxy.conf under virtual host.
<Proxy balancer://stashcluster>
# Bitbucket node 1
BalancerMember http://53.31.30.160:8080/stash route=Bitbucket-Node1
# Bitbucket node 2
# Bitbucket node 3
</Proxy><Location /balancer-manager>
</Location>
ProxyPass /stash balancer://stashcluster stickysession=ROUTEID
Restart the Apache
After adding Bitbucket to the load balancer, ensure that basic functionality is working after restarting
the Bitbucket instance by navigating to the instance, logging in, and noting any broken links or
malfunctioning Bitbucket functionality.
1.9.4.12 Configure App Sync server(Haproxy)
Page 55 of 259
Babu R (623)
Login to Application Sync server ex: sedcagse1000, sedcagse1010,
Add below configurations under etc/haproxy/ haproxy.cfg.directbackend

backend_stashcluster
balance leastconn
cookie BITBUCKETSESSIONID prefix nocache
server stash_node_1 53.31.30.160:8080 check cookie stash_node_1
stick on cookie(BITBUCKETSESSIONID)
stick store-response set-cookie(BITBUCKETSESSIONID)
stick-table type string len 52 size 5M expire 1h peers haproxy_appzone
Restart the haproxy
$ service haproxy restart

Shut down Bitbucket on node 1
$cp –r <temp_dir>/stash /opt/atlassian/
$cp –r <temp_dir>/stash-home /opt/atlassian/
Copying the local home directory ensures the Bitbucket search index, the database and cluster
Mount Shared Path to this node. Follow Below.

1.9.4.13.1 Mount Shared Path
$vi /etc/fstab
sedcspb1002f.emea.bg.corpintra.net:sedcspb1002f_nas_vol097/DATA_CENTER/
GSEP_BITBUCKET/shared-home /opt/atlassian/atlassian-bitbucket-home-<version>/shared nfs
lookupcache=pos,noatime,intr,rsize=32768,wsize=32768 0 0
Note: Only the {sharedhome_dir} directory should be shared between cluster nodes. All other
directories, including ${BITBUCKET_HOME}, should be node-local (that is, private to each node).
Then mount it:

Page 56 of 259
Babu R (623)
mount -B {sharedhome_dir} {home_dir}/shared
$cd /opt/atlassian/
1.9.4.13.2 Edit Config Files

Add the New node Ip address in format <IP Address>:5701
Edit the file {home_dir}/shared/bitbucket.properties
#Add the below lines at the end of file.

hazelcast.network.tcpip=true
hazelcast.network.tcpip.members=53.31.30.160:5701,53.31.30.62:5701,53.31.30.65:5701
#Note: Ip adresses mentioned are of all the nodes with port 5701.
# The following should uniquely identify your cluster on the LAN.

server.port=8080
server.scheme=https
server.proxy-name=gsep.daimler.com
server.secure=true
1.9.4.13.3 Start Bitbucket

If the Data Center license is not updated already then go to

https://gsep-int.daimler.com/admin/license, and install the Bitbucket Data Center license you were
issued.
Restart the Bitbucket
Navigate to https://gsep.daimler.com/stash
Page 57 of 259
Babu R (623)
Once Bitbucket Server has started, go to https://gsep.daimler.com/stash/admin/clustering you
should see a page similar to this:
Repeat 1, 2, 3 section for adding new nodes from this section.
1.9.4.14 Add ElasticSearch Node
Upgrade Middleware (JAVA)-Download the java installer file from the below URL
http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
Setting up the environment to run elasticsearch Download package from>>
https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.5.3.tar.
Untar the installation package in /opt/atlassian
$ tar -zxf elasticsearch-5.5.3.tar.gz
Create a softlink elasticsearch-5.5.3 to elasticsearch.
$ ln –sfn elasticsearch-5.5.3 elasticsearch
Create a os user to run the elasticsearch.
$ yast users add username=elasticsearch password={osuserpw}
Open the limit.conf and add the below parameter in the last line of the file (operation should
perform in root user).
# root@sedcagse0470: vi /etc/security/limit.conf
elasticsearch - nofile 262144

Page 58 of 259
Babu R (623)
Run the below two command to apply changes
sysctl -w fs.file-max=65536
sysctl -w vm.max_map_count=262144
Configuration adjustments for elasticsearch
Redirect to path {install_dir}/config and open the file elasticsearch.yml
# root@sedcagse0470: cd {install_dir}/config/
$ vi elasticsearch.yml
Change the elasticsearch.yml file by adding the below line at last.
action.auto_create_index: false
network.host: 0.0.0.0
http.type: buckler
transport.type: buckler
Download the required plugins for elasticsearch from the below URL ,
P S: without these plugins elasticsearch will not work .
https://packages.atlassian.com/maven/com/atlassian/elasticsearch/buckler-plugin/1.0.4/buckler-plugin-1.0.4-
5.5.3.zip?_ga=2.162916796.1888886840.1538201448-1871531355.1511863314
Install those plugins in ealsticsearch with the below command.
# root@sedcagse0470: {install_dir}/bin :
Page 59 of 259
Babu R (623)
$ ./elasticsearch-plugin install -b buckler-plugin-1.0.4-5.5.3.zip
Create a directory called buckler within the elasticsearch/config/ directory and within the
elasticsearch/config/buckler directory, create a file named buckler.yml.
# root@sedcagse0470:{install_dir}/config : mkdir buckler
# root@sedcagse0470:{install_dir}/config : cd buckler
# root@sedcagse0470:{install_dir}/config : touch buckler.yml
Modify the buckler.yml by adding these below lines to enable the Buckler for basic HTTP
authentication.
# root@sedcagse0470:{install_dir}/bin : vi buckler.yml
auth.basic.http.enabled: true
auth.basic.username: <elasticsearch - username>
auth.basic.password: <elasticsearch – password>
Change the elasticsearch user permission.
# root@sedcagse0470:/opt/atlassian : chown -R elasticsearch: users elasticsearch
# root@sedcagse0470:/opt/atlassian : chmod 755 –R elasticsearch
Start the elasticsearch server.
# root@sedcagse0470: {install_dir}/bin : nohup sh elasticsearch &
Configuration changes in Bitbucket server to connect to Elasticsearch.
Login to bitbucket server all 3 nodes and do a telnet to sedcagse0470 9200 port.
Connectivity should be there because elasticsearch is running in 9200 port.
# root@sedcagse0090: telnet sedcagse0470 9200
If the telnet is successful then proceed to next, go to bitbucket server sedcagse0090 and redirect to
below path.
# root@sedcagse0090: {home_dir}/shared :
Open the file bitbucket.properties and at the end add the below line.
Page 60 of 259
Babu R (623)
root@sedcagse0090: {home_dir}/shared : vi bitbucket.properties
plugin.search.elasticsearch.baseurl=http://<elasticsearch server ip>:9200/
plugin.search.elasticsearch.username=<username configured in buckler.yml>
plugin.search.elasticsearch.password==<password configured in buckler.yml>
Restart all the bitbucket nodes one by one.
1.9.4.15 References
https://confluence.atlassian.com/bitbucketserver0414/installing-bitbucket-data-center-
895368445.html
https://confluence.atlassian.com/bitbucketserver/install-and-configure-a-remote-elasticsearch-
instance-815577748.html
1.9.5 Crowd Data Center

 A cluster of Crowd application nodes all running the same version of Crowd Data Center web
application.
 Each Crowd cluster node must be a dedicated machine.
latency).
 All cluster nodes must run the same version of Crowd Data Center.
 All the nodes should have same OS application user to own everything in the Crowd Server
 Take a backup of your production Crowd Server instance's database and home directory.
1.9.5.1.1.1 NFS Mount Point
NFS drive mounted on all the Crowd nodes.
GSEP_PROD_DATA/GSEP_CROWD/shared
$cd /GSEP_PROD_DATA
$ mkdir -p / GSEP_PROD_DATA/DATA_CENTER/GSEP_CROWD
1.9.5.2 Terminology
 Installation directory - <Crowd install directory> is the directory where you installed Crowd
on a node.
 Shared home directory – <Crowd shared home> the directory you created that is accessible
to all nodes in the cluster via the same path.
Page 61 of 259
Babu R (623)
For Crowd server installation follow section 3.2.7
Go to  Licensing  Edit license, then paste your Crowd Data Center license.
In this step, you need to set up a shared home directory that is writable by the Crowd instance and
any future nodes.
/GSEP_PROD_DATA/DATA_CENTER/GSEP_CROWD
$cd /GSEP_PROD_DATA/DATA_CENTER/int/crowd/
$mkdir –p /GSEP_PROD_DATA/DATA_CENTER/GSEP_CROWD/shared
Stop the Crowd application before going further setup.
/etc/init.d/crowd stop
Copy the shared directory from backup you have taken.
shared directory in the crowd Server home directory needs to be restored into the NFS shared home
directory. The remaining directories (bin, caches, export, lib, log, plugins, and tmp) contains only
caches and temporary files, and do not need to be restored
$cp –r <temp_dir>/shared/* {sharedhome_dir}
Delete the existing shared directory from {home_dir} dir, if exist from first node.
$cd {home_dir}
$rm –rf shared

1.9.5.7 Mount Shared Path

$vi /etc/fstab
sedcspb1002f.emea.bg.corpintra.net:sedcspb1002f_nas_vol097/DATA_CENTER/GSEP_CROWD/
shared-home /opt/atlassian/atlassian-crowd-home-{version}/shared nfs
Page 62 of 259
Babu R (623)
Note: Only the /GSEP_PROD_DATA/DATA_CENTER/GSEP_CROWD/shared directory should be
shared between cluster nodes. All other directories, including ${CROWD_HOME}, should be node-
local (that is, private to each node).
Then mount it:
mount -B /GSEP_PROD_DATA/GSEP_CROWD/shared {home_dir}/shared
$cd /opt/atlassian/
1.9.5.8 Edit Config Files

Edit the file {INST_dir}/bin/setenv.sh
Add the line

CATALINA_OPTS=-Dcluster.node.name=node-1
1.9.5.9 Start Crowd

/etc/init.d/crowd start
Navigate to https://gsep-int.daimler.com/crowd
Once crowd Server has started, go to https://gsep.daimler.com/crowd/plugins/servlet/cluster-

monitoring you should see a page similar to this:
check your network configuration and the {home_dir} /log/atlassian-crowd.log for the node.
Shut down crowd on node 1
/etc/init.d/crowd stop
Page 63 of 259
Babu R (623)
$cp –r <temp_dir>/crowd /opt/atlassian/
$cp –r <temp_dir>/crowd-home /opt/atlassian/
Copying the local home directory ensures the Crowd search index, the database and cluster
Mount Shared Path to this node. Follow Below.

1.9.5.10.1 Mount Shared Path
$vi /etc/fstab
sedcspb1002f.emea.bg.corpintra.net:sedcspb1002f_nas_vol097/DATA_CENTER/GSEP_CROWD/
shared /opt/atlassian/atlassian-crowd-home-3.7.1/shared nfs
Note: Only the {sharedhome_dir} directory should be shared between cluster nodes. All other
directories, including ${CROWD_HOME}, should be node-local (that is, private to each node).
Then mount it:
mount -B {sharedhome_dir} {home_dir}/shared
$cd /opt/atlassian/
1.9.5.10.2 Edit Config Files

Add the New node Ip address in format <IP Address>:5701
Edit the file {INST_dir}/bin/setenv.sh
Add the line

CATALINA_OPTS=-Dcluster.node.name=node-2
1.9.5.10.3 Start Crowd

/etc/init.d/crowd start
Page 64 of 259
Babu R (623)
check your network configuration and the {home_dir} /log/atlassian-crowd.log for the node.
1.9.5.11 References
https://confluence.atlassian.com/crowd/installing-crowd-data-center-935369773.html#
1.9.6 Artifactory HA (High Availability)

 A cluster of Artifactory application nodes all running the same version of Artifactory web
application.
 Each cluster node must be a dedicated machine.
latency).
 All cluster nodes must run the same version of Artifactory.
 All the nodes should have same OS application user to own everything in the Crowd Server
 Take a backup of your production Artifactory Server instance's database and home directory.
1.9.6.2 Primary Node changes
In this step, we need to introduce ha-node.properties file and restart Artifactory.
Create the $ARTIFACTORY_HOME/etc/ha-node.properties file and populate it with the following

parameters
$ cd /opt/atlassian/artifactory/etc/
$ vim ha-node.properties
node.id=art1
context.url=http://53.31.30.37:8080/artifactory
primary=true
artifactory.ha.data.dir=/gsep_art_prod/artifactory-data/filestore
Change the permission to ha-node.properties
Page 65 of 259
Babu R (623)
$ chown {osuser}:users /opt/atlassian/artifactory/etc/ha-node.properties
$ chmod 644 /opt/atlassian/artifactory/etc/ha-node.properties
Start the Primary node
/etc/init.d/ artifactory start
1.9.6.3 Secondary Node Setup

NFS Mount Point in secondary node:
NFS drive to be mounted on all the Artifactory nodes (which is used as filesystem).
sedcs096314f.emea.bg.corpintra.net:/sedcs096314f_cifs_nfs_vol078/eedc_o00078
Installation in secondary node

Install a fresh application in the secondary node server, which should be the same as Primary node
Artifactory version, as mentioned in Prerequisites. For Artifactory server installation, follow section
1.10.16.
Introduce ha-node.properties file
Create the $ARTIFACTORY_HOME/etc/ha-node.properties file and populate it with the following

parameters
$ cd /opt/atlassian/artifactory/etc/
$ vim ha-node.properties
node.id=art2
context.url=http://53.31.55.70:8080/artifactory
primary=false
artifactory.ha.data.dir=/gsep_art_prod/artifactory-data/filestore
Copy the following configuration from primary node to secondary node

$ scp sedcagse0180:/opt/atlassian/artifactory/etc/binarystore.xml /opt/atlassian/artifactory/etc/
$ scp sedcagse0180:/opt/atlassian/artifactory/etc/db.properties /opt/atlassian/artifactory/etc/
$ scp sedcagse0180:/opt/atlassian/artifactory/etc/artifactory.system.properties
/opt/atlassian/artifactory/etc/
$ scp sedcagse0180:/opt/atlassian/artifactory/etc/security/master.key
/opt/atlassian/artifactory/etc/security
$ scp sedcagse0180:/opt/atlassian/artifactory/bin/default /opt/atlassian/artifactory/bin/
$ scp sedcagse0180:/opt/atlassian/artifactory/tomcat/conf/server.xml
/opt/atlassian/artifactory/tomcat/conf/
$ scp sedcagse0180:/opt/atlassian/artifactory/tomcat/bin/setenv.sh
/opt/atlassian/artifactory/tomcat/bin/
$ scp sedcagse0180:/usr/java/latest/jre/lib/security/cacerts /usr/java/latest/jre/lib/security/
Page 66 of 259
Babu R (623)
Apply artifactry user permission to Artifactory directory
$cd /opt/atlassian/
$ chown {osuser}:users . –recursive
$ chmod 755 . –recursive
Set ulimit value to following /etc/security/limits.conf

art_prod_osuser soft nofile 32768
art_prod_osuser hard nofile 32768
art_prod_osuser soft as unlimited
art_prod_osuser hard as unlimited
Start the Secondary node

Before starting the application, please make sure that you have added the HA Proxy configuration
setup for secondary node.
/etc/init.d/ artifactory start
check your network configuration and the {home_dir} /logs/artifactory.log for the node.
Post-secondary node is up in UI – Need apply the license (available in privateArk)
1.9.6.4 HA Proxy configuration

Following configuration to be added in both appsync server (HA Proxy)
$ login to sedcagse1000 & sedcagse1010

$ vim /etc/haproxy/haproxy.cfg
backend backend_180_8080
server Artifactory_EDC 53.31.30.37:8080 check
server Artifactory2_8080 53.31.55.70:8080 check (to be added for secondary node)
backend backend_docker_artifactory
server docker_artifactory 53.31.30.37:8080 check
server docker_artifactory2 53.31.55.70:8080 check (to be added for secondary node)
$ service haproxy status

$ service haproxy stop
$ service haproxy start
Page 67 of 259
Babu R (623)
$ service haproxy status
1.9.6.5 References
 https://gsep.daimler.com/confluence/pages/viewpage.action?pageId=496151344
 https://gsep.daimler.com/confluence/display/GSEPDMINTE/Jfrog-EDC+Artifactory-HA+Setup
 https://gsep.daimler.com/confluence/display/GSEPDMINTE/Test+case+information+-+Jfrog-
EDC+Artifactory-HA+Setup
 https://www.jfrog.com/confluence/display/RTF6X/
HA+Installation+and+Setup#InstallationandSetup-ConfiguringArtifactoryHA
1.10 Standalone Installation

1.10.1 Jira setup
 You have completed the common system setup for the jira target server (see chapter 1.7).
 You have completed the crowd setup (see chapter 1.8).
 You are logged in as root on the jira target server.
1.10.1.2 Landing page installation
To have a more professional customer experience on first login, we created a landing page (plain
HTML) that shows a systems overview and links to the individual systems. The following screenshot
shows the landing page.
In coordination with EDC we decided to serve this landing page on the Jira application server on the
root context path (localhost:8080/). As such a landing page is not an atlassian offering we need to
configure it manually here. If any adjustments are needed - just edit the html files - no server
restart is required.
Create a new folder „ROOT“ in the webapps folder of the jira installation for the landing page.
# Create a new folder for the landing page

mkdir /opt/atlassian/jira/webapps/ROOT
# extract landing page to that folder

unzip /opt/atlassian/packages/landingpage.zip -d
/opt/atlassian/jira/webapps/ROOT
# correct access rights

Page 68 of 259
Babu R (623)
chown {osuser}:users /opt/atlassian/jira -R
The landing page folder should look like this now (screenshot from Daimler INT environment):
Now that everything is in place we only need to configure the new context path in server.xml (as
documented in the following chapter).
1.10.1.3 Config file adjustments
Edit the following files on your jira target server.
{install_dir}/atlassian-jira/WEB-INF/classes/jira-application.properties

jira.home={home_dir}
{install_dir}/conf/server.xml
around line 49 (<Connector>-Element):

be sure that port-Attribute is set to 8080
for Daimler INT and PROD environments add the following attributes:
scheme="https"
proxyName="{proxy}"
proxyPort="443"
secure="true"
around line 116 (<Context>-Element):

set path-Attribute to /jira
(so the line would start with <Context path="/jira" ...)
add a new <Context>-Element below the closing tag (</Context>) of the one you just edited to
configure the context path for the landing page:
<Context path="" docBase="${catalina.home}/webapps/ROOT" reloadable="false"
useHttpOnly="true">
<Manager pathname=""/>
</Context>
Page 69 of 259
Babu R (623)
{install_dir}/bin/setenv.sh
In line 9 change:
JVM_SUPPORT_RECOMMENDED_ARGS=""
to
JVM_SUPPORT_RECOMMENDED_ARGS="-Dhttp.proxyHost=security-proxy.emea.svc.corpintra.net
-Dhttp.proxyPort=3128 -Dhttps.proxyHost=security-proxy.emea.svc.corpintra.net -
Dhttps.proxyPort=3128 -Dhttp.nonProxyHosts=localhost\|127.0.0.1 -
Dcrowd.property.http.proxy.host=security-proxy.emea.svc.corpintra.net -
Dcrowd.property.http.proxy.port=3128"
In line 14 and 15 change:

JVM_MINIMUM_MEMORY="384m"
JVM_MAXIMUM_MEMORY="768m"
to
JVM_MINIMUM_MEMORY="{minmem}"
JVM_MAXIMUM_MEMORY="{maxmem}"
In line 60 change:
JIRA_MAX_PERM_SIZE=384m
to
JIRA_MAX_PERM_SIZE={maxperm}
1.10.1.4 Restart system

reboot
1.10.1.5 Web based setup wizard

Open a Web browser and go to {url}.

1.10.1.5.1 Language and database
Configure the language and database as shown in the screenshot below. Click on “Test Connection”
to ensure valid database credentials before continuing.
Page 70 of 259
Babu R (623)
1.10.1.5.2 Application properties
Configure the options form as shown in the screenshot below.
Page 71 of 259
Babu R (623)
1.10.1.5.3 Jira package
Choose “Jira + Jira Agile” to activate the Jira Agile plugin during setup.
Page 72 of 259
Babu R (623)
1.10.1.5.4 License setup
Click on “I have a Jira key”. Ignore the email and password fields, enter the license and click on
“Next”.
Page 73 of 259
Babu R (623)
Ignore the warning and continue by clicking “Next”.
Page 74 of 259
Babu R (623)
1.10.1.5.5 Default administrator
Jira needs also a default administrator account.
Page 75 of 259
Babu R (623)
1.10.1.5.6 Mail configuration
Configure the mail configuration as shown in the screenshot below. Note that the “Email-Prefix” field
is empty (filtering can also be done by the “From address” later so we won’t need a prefix).
Page 76 of 259
Babu R (623)
Page 77 of 259
Babu R (623)
By clicking “Finish” the setup wizard will close and you will be redirected to the login screen.
1.10.1.5.7 Finish
Now the jira basic setup is complete.
1.10.1.6 Web based configuration

Now we have to do some basic configuration steps. Log into Jira as {admin}.
1.10.1.6.1 Enter user management administration interface

Click on the gear icon at the right of the top navigation bar, and in the popup menu on “User
management”.
Page 78 of 259
Babu R (623)
.
When asked for Administration Access, re-enter your credentials.
The additional credentials needed here is because of a mechanism Atlassian calls “websudo”. You
will enter a special “secure administration session” that will automatically timeout after 10 min of
inactivity. Not all Atlassian tools have websudo enabled, but for the ones that have you should
provide your credentials as needed. The rest of this document assumes that you will - and won’t
document it anymore.
1.10.1.6.2 Connecting with Crowd

Click on “User Directories” left pane, and then on “Add Directory” as shown in the screenshot below.
Page 79 of 259
Babu R (623)
In the popup window select “Atlassian Crowd” as directory type and press “Next”.
Page 80 of 259
Babu R (623)
Configure the Crowd connection as shown below. Before you can save the settings you have to test
them by clicking “Test Settings”.
After the positive connection test you can click “Save and Test” to activate the Crowd connection.
Page 81 of 259
Babu R (623)
To load the users and groups immediately press “Synchronize” and wait for the synchronization to
complete.
Page 82 of 259
Babu R (623)
Now the connection to crowd is established.
1.10.2 Configuring single sign on (SSO)

Login as root into the jira target server.
/etc/init.d/jira stop # stop jira before SSO configuration
{install_dir}/atlassian-jira/WEB-INF/classes/seraph-config.xml
around line 95 uncomment the SSOSeraphAuthenticator- by changing


to
<authenticator class="com.atlassian.jira.security.login.SSOSeraphAuthenticator"/>
around line 98 comment out the JiraSeraphAuthenticator element by changing

<authenticator class="com.atlassian.jira.security.login.JiraSeraphAuthenticator"/>
to

Create a new empty file “crowd.properties” in the same directory and edit it:
{install_dir}/atlassian-jira/WEB-INF/classes/crowd.properties
Enter the following content:
application.name jira
application.password {crowdpw}
application.login.url {url}
Page 83 of 259
Babu R (623)
crowd.server.url {crowd:url}/services/
crowd.base.url {crowd:url}
session.isauthenticated session.isauthenticated
session.tokenkey session.tokenkey
session.validationinterval 2
session.lastvalidation session.lastvalidation
As an example, for the :em INT Environment this file would look like this:
application.name jira
application.password jira
application.login.url http://dagsep/jira
crowd.server.url http://dagsep/crowd/services
crowd.base.url http://dagsep/crowd
Set the access rights for the newly created file.
chown {osuser}:users crowd.properties
Now restart jira and you‘re done.
/etc/init.d/jira start # start jira after SSO configuration
Now that you’ve activated SSO for Jira, the default local Jira user directory won’t work anymore. All
authentication requests are handled by Crowd. So if for some reason crowd isn’t working and you
need to log in to jira, you have to revert the changes you did in this chapter to be able to login with
the local admin credentials.
1.10.3 Start & Stop procedures

Jira can be started by the init-script (as noted in chapter ):
/etc/init.d/jira start # to start the application

/etc/init.d/jira stop # to stop the application
/etc/init.d/jira restart # to restart the application
/etc/init.d/jira status # to retrieve the current status of the
application
To check whether crowd is running you can also use
ps aux | grep jira
If this returns a java process (tomcat) then jira is running.
Page 84 of 259
Babu R (623)
1.10.4 Backup
To keep the data integrity jira should be shut down before doing a backup.
Then a database backup should be done in conjunction with a file system backup of the {home_dir}
directory.
1.10.5 Log files

The logfiles are located in {home_dir}/log.

This section lists further resources for Jira.
 Official Jira documentation

https://confluence.atlassian.com/display/JIRA/JIRA+Documentation
 Official Jira Installation Guide
https://confluence.atlassian.com/display/JIRA/JIRA+Installation+and+Upgrade+Guide
 Atlassian answers (questions tagged with “jira”)
https://answers.atlassian.com/tags/jira
 Jira performance tuning
https://confluence.atlassian.com/display/JIRAKB/JIRA+Performance+Tuning
 Scaling Jira enterprise
https://confluence.atlassian.com/display/ENTERPRISE/Scaling+JIRA
 Connecting to Crowd for user management
https://confluence.atlassian.com/display/JIRA/Connecting+to+Crowd+or+Another+JIRA+Serv
er+for+User+Management
Page 85 of 259
Babu R (623)
1.10.7 Confluence setup
 You have completed the common system setup for the confluence target server (see chapter
1.7).
 You are logged in as root on the confluence target server.
Edit the following files on your confluence target server.
{install_dir}/confluence/WEB-INF/classes/confluence-init.properties
Decomment and update “confluence.home” attribute in line 19:

confluence.home={home_dir}
in line 3 (‘<Connector>’-Element):
be sure that port-Attribute is set to “8080”
scheme="https"
proxyName="{proxy}"
proxyPort="443"
secure="true"
in line with (‘<Engine>’ -> ‘<Host>’ -> ‘<Context>’)-Element:

set ‘path’-Attribute to “/confluence”
(so the line would start with: <Context path="/confluence" ...)
update the memory attribute “CATALINA_OPTS”:
CATALINA_OPTS="$CATALINA_OPTS -Xms{minmem} -Xmx{minmem} -

XX:MaxPermSize={maxperm} -XX:+UseG1GC"
near the end of the file, right before the line

export CATALINA_OPTS
insert the following lines for the proxy settings
# proxy settings
CATALINA_OPTS="$CATALINA_OPTS -Dhttp.proxyHost=security-proxy.emea.svc.corpintra.net -
Dhttp.proxyPort=3128 -Dhttps.proxyHost=security-proxy.emea.svc.corpintra.net -
Page 86 of 259
Babu R (623)
1.10.7.3 Installing Oracle 11g JDBC driver
cp /opt/atlassian/packages/ojdbc7.jar {install_dir}/confluence/WEB-INF/lib #
copy jdbc driver

reboot
1.10.7.5 Webbased setup wizard

After the system is restarted (~3min) the webbased setup application wizard is available at {url}.
Open a Webbrowser and go to {url}.

1.10.7.5.1 Production installation
Choose “Start setup” for the production installation.

Specify your license by generating one with the help of the given server id (blue highlighting in the
screenshot below).
For Daimler environments the license is already bound - Just enter it in the “License Key”-field.
Page 87 of 259
Babu R (623)
1.10.7.5.3 Database configuration
Configure the database as “Oracle 11g” as shown below.
Page 88 of 259
Babu R (623)
Choose kind of connection.
Enter connection settings.
Page 89 of 259
Babu R (623)
1.10.7.5.4 Load content
As we don’t want to have any demo-data in the confluence instance choose “Empty Site”.
1.10.7.5.5 Configure user management

For now choose “Manage users and groups within Confluence”. We’ll connect to Crowd for user
management later.
Page 90 of 259
Babu R (623)
Confluence needs also a default administrator account.
1.10.7.5.7 Finish
Now you’re done with the basic confluence setup. Click on “Start using Confluence” to get to the
Confluence login screen.
Page 91 of 259
Babu R (623)
Now we have to do some basic configuration steps. Log into Confluence as {admin}.
1.10.7.6.1 Enter user management administration interface

Click on the gear icon at the right of the top navigation bar, and in the popup menu on “User
management”.
When asked for Administration Access, re-enter your credentials (websudo).

Click on “User Directories” left pane, and then on “Add Directory” as shown in the screenshot below.
Page 92 of 259
Babu R (623)
Page 93 of 259
Babu R (623)
Page 94 of 259
Babu R (623)
complete.
Page 95 of 259
Babu R (623)
Now the connection to crowd is established.
In the administration area click on “Mail Servers” and then on “Add a new SMTP mail server”.
Now enter the mail server credentials as shown below, click „Submit“ and the mail server
configuration is done.
Page 96 of 259
Babu R (623)
1.10.7.6.4 Deactivate automatic backups
We need to deactivate automatic backups, as Atlassian recommends:
“Warning: We do not recommend the automatic backup procedure for production installations, as
it may require a large amount of memory, CPU and disk space.
Instead, we recommend that you perform a manual backup of your Confluence database, home
directory and attachments. For more information, please refer to our online documentation.”
To do this click on „Schedule Jobs“ in the administration area and “Disable” the “Back Up
Confluence”-Job.
Page 97 of 259
Babu R (623)
1.10.7.6.5 Add-on installation: draw.io
Draw.io (former name: diagramly) is a confluence add-on for drawing diagrams.
In the administration area click on “Manage add-ons” and then on “Upload add-on”.
In the upload window select the plugin with the “browse” button on your local computer (it inside
the provided install package in /opt/atlassian/packages where you can download it with SCP) and
click on “Upload”.
Confirm the dialog when the upload is complete.
Page 98 of 259
Babu R (623)
Now enter the License for the draw.io plugin as shown below.
Check the 'Plugin Administration' screen to ensure if the plugin is available.
1.10.7.7 Configuring single sign on (SSO)

Login as root into the confluence target server.
Page 99 of 259
Babu R (623)
/etc/init.d/confluence stop # stop confluence before SSO configuration
{install_dir}/confluence/WEB-INF/classes/seraph-config.xml
around line 43 comment out the ConfluenceAuthenticator element by changing

<authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>
to

around line 48 uncomment the SSOSeraphAuthenticator- by changing


to
<authenticator class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/>
{install_dir}/confluence/WEB-INF/classes/crowd.properties
Enter the following content:
application.name confluence
application.password {crowdpw}
As an example, for the :em INT Environment this file would look like this:
application.name confluence
application.password confluence
application.login.url http://dagsep/confluence
crowd.server.url http://dagsep/crowd/services
crowd.base.url http://dagsep/crowd
Now restart Confluence and you‘re done.
Page 100 of 259

Babu R (623)
/etc/init.d/confluence start # start Confluence after SSO configuration
Now that you’ve activated SSO for Confluence, the default local Confluence user directory won’t
work anymore. All authentication requests are handled by Crowd. So if for some reason crowd isn’t
working and you need to log in to Confluence, you have to revert the changes you did in this
chapter to be able to login with the local admin credentials.
1.10.7.8 Start & Stop procedures

Confluence can be started by the init-script (as noted in chapter ):
/etc/init.d/confluence start # to start the application

/etc/init.d/confluence stop # to stop the application
/etc/init.d/confluence restart # to restart the application
/etc/init.d/confluence status # to retrieve the current status of the
application
To check whether confluence is running you can also use
ps aux | grep confluence
If this returns a java process (tomcat) then confluence is running.

1.10.7.9 Backup
To keep the data integrity confluence should be shut down before doing a backup.
Then a database backup should be done in conjunction with a file system backup of the {home_dir}
directory.
1.10.7.10 Log files
The logfiles are located in {home_dir}/logs.
1.10.7.11 Reference links
This section lists further resources for Confluence.
 Confluence Documentation Home

https://confluence.atlassian.com/display/DOC/Confluence+Documentation+Home
 Confluence Installation Guide
https://confluence.atlassian.com/display/DOC/Confluence+Installation+and+Upgrade+Guide
 Confluence FAQ
https://confluence.atlassian.com/display/CONFKB/Confluence+FAQ
 Confluence Knowledge Base: Troubleshooting Installation Problems
https://confluence.atlassian.com/display/CONFKB/Installation+Troubleshooting
 Atlassian Answers Confluence topic
https://answers.atlassian.com/questions/topics/753687/confluence
 Confluence Managing Confluence Data
https://confluence.atlassian.com/display/DOC/Managing+Confluence+Data
Page 101 of 259

Babu R (623)
1.10.8 Bitbucket setup
 You have completed the common system setup for the stash target server (see chapter 1.7).
 You have completed the jira setup (see chapter ).
 You are logged in as root on the crowd target server.
1.10.8.2 Git installation
Stash needs git to work. In /opt/atlassian/packages you find git 2.1.0 and all its dependencies. Install
them in the correct order to get a working git environment:
yast --install perl-Error-0.17022-35.4.noarch.rpm
yast --install git-core-2.1.0-209.1.x86_64.rpm
yast --install git-2.1.0-209.1.x86_64.rpm

Edit the following files on your stash target server.
{install_dir}/bin/set-bitbucket-home.sh
Add below home path
BITBUCKET_HOME={home_dir}
{install_dir}/bin/_start-webapp.sh
In line 22 change:
to
JVM_SUPPORT_RECOMMENDED_ARGS="-Dhttps.proxyHost=security-
proxy.emea.svc.corpintra.net -Dhttps.proxyPort=3128 -Dhttp.nonProxyHosts=localhost|127.0.0.1|
53.31.30.160|53.31.30.38|53.255.82.156|53.255.99.10|53.255.101.10|53.88.186.122|
53.88.191.254|53.55.135.229|53.255.82.157|53.88.186.123|53.55.8.253|53.55.8.252|
53.55.8.251|53.55.32.254|53.55.64.250|53.55.80.250|53.55.96.250|gsep.daimler.com|
*.corpintra.net|master.caas.rd.corpintra.net -Dcluster.node.name=Bitbucket-Node1"

to
In line 44 uncomment the command by changing:

# umask 0027
to
umask 0027
Page 102 of 259

Babu R (623)
In line 268 change:
STASH_MAX_PERM_SIZE=256m
to
STASH_MAX_PERM_SIZE={maxperm}
{home_dir}/shared/bitbucket.properties
server.port=8080
server.scheme=https
server.proxy-name=gsep-.daimler.com
server.secure=true

reboot

Open a web browser and go to {url}.

1.10.8.5.1 Language and database
Page 103 of 259

Babu R (623)
1.10.8.5.2 Application properties and license setup
Configure the application properties as shown in the screenshot below.
screenshot below).
Page 104 of 259

Babu R (623)
Stash needs also a default administrator account. Do not click on “Integrate with JIRA” now, continue
by clicking “Go to Stash”. We will integrate with Jira later.
Page 105 of 259

Babu R (623)
1.10.8.6.1 Enter administration interface
Log into stash now with the created administrator account.
Go to the administration interface by clicking the cog icon at the right in the blue header bar.
Page 106 of 259

Babu R (623)
Click on Mail server either in the left pane or in the main view area as shown in the screenshot
below.
Now enter the mail server configuration data as stated in the screenshot and hit “Save”. You may
send a test email to yourself to validate the mail server credentials.
Page 107 of 259

Babu R (623)
Click on “User Directories” either in the left pane or in the main view area as shown in the screenshot
below.
Page 108 of 259

Babu R (623)
Click on “Add Directory”.
Page 109 of 259

Babu R (623)
Page 110 of 259

Babu R (623)
Page 111 of 259

Babu R (623)
complete.
Page 112 of 259

Babu R (623)
1.10.8.6.4 Setting permissions for Crowd groups
Click on “Global permissions” either in the left pane or in the main view area as shown in the
screenshot below.
In the „Group Access“ section add the missing stash groups („stash-projectcreators”, “stash-
administrators”, “stash-systemadministrators”) - you can select them when you start typing “stash”
in the input field. When all missing stash groups are visible (see screenshot below) inside of the input
field click on the “Add” button to add them all.
Page 113 of 259

Babu R (623)
Now you have to set the rights according to the group name by activating the checkboxes as shown
below.

Login as root into the stash target server.
{home_dir}/shared/stash-config.properties
Add the following lines to that file:

# Whether SSO support should be enabled or not. Regardless of this setting SSO authentication
# will only be activated when a Crowd directory is configured in Stash that is configured
# for SSO.
plugin.auth-crowd.sso.enabled=true
Reboot the system
reboot
When the server comes up and stash has been initialized you have configured SSO
Page 114 of 259

Babu R (623)
Stash can be started by the init-script (as noted in chapter ):
/etc/init.d/stash start # to start the application

/etc/init.d/stash stop # to stop the application
/etc/init.d/stash restart # to restart the application
/etc/init.d/stash status # to retrieve the current status of the
application
To check whether stash is running you can also use
ps aux | grep stash
If this returns a java process (tomcat) then stash is running.

1.10.8.9 Backup
Creating a backup of Stash is a non-trivial task because there is strong connection between the stash
application, the data in the database and the data on the filesystem (git repositories, configs, caches
etc.).
Atlassian states: “Any backup strategy that captures both the file system and database while
Stash is still available to users runs the risk that the backed up Git repositories are corrupted or
that the data in the database doesn't reflect the repository state on disk. Therefore, strategies for
backing up and restoring Stash data must keep the repository data and the database perfectly
synchronised.”
They further recommend the use of the Stash Backup Client, a command line based application that
will lock a running Stash instance for users, waits for all git operations to complete and will backup all
necessary files and the database at once. While this may take a little bit more time than a “native”
database and filesystem backup it is also a more secure way considering data integrity and keeps
stash - although not usable - running.
The Stash Backup Client can also restore backups.
During maintenance mode (backup and restore) users will see a lock and status screen like the
following:
We also recommend using the Stash Backup Client and therefore bundled it into the Stash
deployment package.
Information on how to use the Stash Backup Client can be found here:
https://confluence.atlassian.com/display/STASH/Using+the+Stash+Backup+Client
1.10.8.10 Log files
The log files are located in {home_dir}/log and in {install_dir}/logs.
Page 115 of 259

Babu R (623)
1.10.8.11 Reference Links
 Stash Documentation Home
https://confluence.atlassian.com/display/STASH/Stash+Documentation+Home
 Stash Installation Guide
https://confluence.atlassian.com/display/STASH/Getting+started
 Connecting Stash to Crowd
https://confluence.atlassian.com/display/STASH/Connecting+Stash+to+Crowd
 Stash FAQ
https://confluence.atlassian.com/display/STASH/Stash+FAQ
 Stash Knowledge Base: Troubleshooting Installation Problems
https://confluence.atlassian.com/display/STASHKB/Troubleshooting+Installation
 Atlassian Answers Stash topic
https://answers.atlassian.com/questions/topics/753750/stash
 Stash data recovery and backup
https://confluence.atlassian.com/display/STASH/Data+recovery+and+backups
 Scaling Stash
https://confluence.atlassian.com/display/STASH/Scaling+Stash
1.10.9 Crucible setup

 You have completed the common system setup for the crucible target server (see chapter
1.7).
 You are logged in as root on the crucible target server.
1.10.9.2 Install crucible package
 Download the target version package from  Link
Then edit config.xml like this:
$ cd /opt/atlassian/
$ unzip crucible-x.x.x.zip
$ mv fecru-x.x.x atlassian-crucible-x.x.x
$ mkdir atlassian-crucible-home-x.x.x
$ ln -s /opt/atlassian/atlassian-crucible-x.x.x crucible
$ ln -s /opt/atlassian/atlassian-crucible-home-x.x.x crucible-home
$ cp /opt/atlassian/crucible/config.xml /opt/atlassian/crucible-home
Edit the following file:
{install_dir}/bin/fisheyectl.sh
Add the following line at the top of the file just before the “case ...” line (around line 3)
FISHEYE_INST={home_dir}
Search for the following line (near the end of the file)
FISHEYE_CMD="$JAVACMD $FISHEYE_OPTS -Dfisheye.library.path=$FISHEYE_LIBRARY_PATH -
Dfisheye.inst=$FISHEYE_INST -Djava.awt.headless=true
-Djava.endorsed.dirs=$FISHEYE_HOME/lib/endorsed -jar $FISHEYE_HOME/fisheyeboot.jar"
Page 116 of 259

Babu R (623)
and change it to
FISHEYE_CMD="$JAVACMD $FISHEYE_OPTS -javaagent:/opt/appdynamics/appagent/javaagent.jar

-Dappdynamics.agent.tierName=crucible -Dappdynamics.agent.nodeName=crucible -
Datlassian.org.osgi.framework.bootdelegation=META-
*,javax.servlet,javax.servlet.*,com.sun.xml.bind.* -Dfisheye.library.path=$FISHEYE_LIBRARY_PATH
-Dfisheye.inst=$FISHEYE_INST -Djava.awt.headless=true
-Djava.endorsed.dirs=$FISHEYE_HOME/lib/endorsed –Xms{minmem} –Xmx{maxmem} -XX:
+PrintGCDetails -XX:+PrintTenuringDistribution -XX:+PrintGCCause -XX:
+PrintGCApplicationStoppedTime -XX:+PrintGCDateStamps -XX:+PrintGCTimeStamps -verbose:gc -
Xloggc:/opt/atlassian/crucible-home/log/atlassian-fecru-gc-$(date +%Y-%m-%d_%H%M).log -
XX:GCLogFileSize=20M -XX:+UseGCLogFileRotation -XX:+UseG1GC -XX:NumberOfGCLogFiles=5 -jar
$FISHEYE_HOME/fisheyeboot.jar"
Then copy the file config.xml from the installation folder to the root of the home directory:
cp {install_dir}/config.xml {home_dir}
Then edit config.xml like this:
{home_dir}/config.xml
Change line 4 from

<http bind=”:8060”/>
to
<http bind=":8080" context="/crucible" proxy-host="{proxy}" proxy-port="{proxyport}" proxy-
scheme="https" />
Then save the xml file.

Now you should restart the system for the changes to take effect.
reboot

After the system reboot the web based setup application wizard is available at {url}.

The first step of the setup wizard requires entering a valid Crucible license key. Therefor use the
displayed Server ID (highlighted in blue in the following screenshot) to generate the license key. Then
click on the Enter existing license button, enter or better paste the license key in the empty text field
and click on the Next button.
Page 117 of 259

Babu R (623)
1.10.9.5.2 FishEye inclusion
On the following second tab you are asked if you want to include Atlassian FishEye. You don’t want
to. So skip the inclusion by clicking on the No thanks, skip this step button.
1.10.9.5.3 Connect to Jira

In the next step you can setup a connection to the Jira instance for user management. Since Crucible
is to use Crowd for user management, you skip it by clicking on the Skip button.
Page 118 of 259

Babu R (623)
Crucible is a bit different than the other Atlassian tools when it comes to administrative access.
Instead of creating a new administrator user you only have to set an administrator password.
Enter {adminpw} in both text fields and confirm this setup step by clicking on the Next button.
To enter the administration area of Crucible you have to click on the Administration link at the
bottom of the Crucible web page.
Page 119 of 259
Babu R (623)
1.10.9.6.1 Database configuration
After entering the administrator area click on Database  Edit.
Then change the database type to PostgreSQL and enter the URL to the database and the login data.
Page 120 of 259

Babu R (623)
Confirm the inputs by clicking on the Test connection button.
If the connection to the PostgreSQL database was successful you can save your configuration by
clicking on the Save & Migrate button. The database migration will take about 1 min. and will confirm
it with the following message.
Click on the Ok button and finish the database configuration.
Page 121 of 259

Babu R (623)
At first you have to create a connection to Atlassian Crowd. Login to the administrator area and click
on Authentication  Setup JIRA/Crowd authentication.
Then click on the Edit button.
Fill in the following form and confirm your inputs by clicking the next button.
Page 122 of 259
Babu R (623)
In step 2 of the authentication, you have to select the Crucible user groups available on Crowd and
pass them to the right list field. Confirm it by clicking the Save button.
After that click on the Administrators link in the left hand menu and teach Crucible the administrator
group.
Page 123 of 259

Babu R (623)
Now every user within the selected group(s) provided by Crowd will have administrator rights.
You get to the mail server configuration by clicking on Authentication in the left-hand menu. Then
scroll down until you reach the section Mail Server and click on the Edit config button.
Page 124 of 259

Babu R (623)
Fill out the following form and confirm your inputs by clicking on the Save button.
Page 125 of 259

Babu R (623)
Crucible can be started by the init-script (as noted in chapter ):
/etc/init.d/crucible start # to start the application

/etc/init.d/crucible stop # to stop the application
/etc/init.d/crucible restart # to restart the application
/etc/init.d/crucible status # to retrieve the current status of the
application
To check whether Crucible is running you can also use
ps aux | grep java
If this returns a java process (fisheye / crucible) then crucible is running.

1.10.9.8 Backup
1.10.9.8.1 Export current data
To create a backup of the current Crucible instance, you have to log in as admin and then click on the
Backup link in the left-hand menu.
Page 126 of 259

Babu R (623)
Change the file name of the backup archive file if necessary and then click on the Create Backup Now
button. As stated the file will be created in the backup folder of the Crucible home directory.
1.10.9.8.2 Import data
Actually you can’t restore a previously made backup from the web interface because Crucible must
not running during that process. So, shut it down and make sure that the Crucible instance is not
running any more.
A backup can only be restored into the same version of crucible or later.
Log in as root to the Crucible target server, navigate to the Crucible installation directory
{install_dir}/bin and use the restore command like this:
./fisheyectl.sh restore -f {home_dir}/backup/<filename>
For more detailed information see the backup link in chapter 1.10.9.10.
1.10.9.9 Log files
The log files are located in {home_dir}/var/log.
1.10.9.10 Reference Links
 Crucible Documentation Home
https://confluence.atlassian.com/display/CRUCIBLE/Crucible+Documentation+Home
 Crucible Installation Guide
https://confluence.atlassian.com/display/CRUCIBLE/Installing+Crucible+on+Linux+and+Mac
Page 127 of 259
Babu R (623)
 Connecting Crucible to Crowd
https://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Atlassian+Crucib
le
 Crucible FAQ
https://confluence.atlassian.com/display/CRUCIBLE/Crucible+FAQ
 Crucible Knowledge Base: Troubleshooting Installation
https://confluence.atlassian.com/display/FISHKB/Troubleshooting+Installation
 Atlassian Answers Crucible topic
https://answers.atlassian.com/questions/topics/753725/crucible
 Crucible backup
https://confluence.atlassian.com/display/CRUCIBLE/Backing+up+and+restoring+Crucible+dat
a
1.10.10 Bamboo setup

 You have completed the common system setup for the bamboo target server (see chapter
1.7).
 You are logged in as root on the bamboo target server.
1.10.10.2 Install Oracle JDBC Driver
Copy the Oracle JDBC Driver file to the following directory:
cp /opt/atlassian/packages/ojdbc6.jar
{install_dir}/atlassian-bamboo/WEB-INF/lib

Edit the following files in your bamboo installation directory.
{install_dir}/atlassian-bamboo/WEB-INF/classes/bamboo-init.properties
Decomment and update “bamboo.home” attribute in line 3:

bamboo.home={home_dir}
Look for the the entry
<Service name="Catalina">
<Connector port="8085"...
and replace 8085 with 8080.

scheme="https"
proxyName="{proxy}"
proxyPort="443"
secure="true"
Then you have to change Bamboo’s context path because it runs behind a proxy. So look for the
following entry
Page 128 of 259
Babu R (623)
<Engine name="Catalina" …>
<Host name="localhost" …>
<Context path="" …>
and insert the context path to the attribute path like this:
<Context path="/bamboo" …>
change:
to
JVM_SUPPORT_RECOMMENDED_ARGS="-Dhttp.proxyHost=security-proxy.emea.svc.corpintra.net
-Dhttp.proxyPort=3128 -Dhttps.proxyHost=security-proxy.emea.svc.corpintra.net -
to
and
BAMBOO_MAX_PERM_SIZE=512m
to
BAMBOO_MAX_PERM_SIZE="{maxperm}"

After that you should reboot the machine for the changes to take effect.
reboot

After the system is restarted (~30sec) the web based setup application wizard is available at {url}.

1.10.10.5.1License setup
screenshot below).
Page 129 of 259

Babu R (623)
1.10.10.5.2General configuration
The Setup Wizard starts with the site General configuration as shown in the following screenshot.
Check the fields, replace their content if necessary and then go on with Continue.
Page 130 of 259

Babu R (623)
1.10.10.5.3Database configuration
For the next setup step you have to choose a database configuration. Switch to “External” und
choose Oracle 11g from the list of supported databases.
Page 131 of 259

Babu R (623)
After confirming it with Continue you have to configure the external database connection. Enter the
information as stated below in the screenshot.
1.10.10.5.4Create Bamboo Home

Select Create a new Bamboo home and click on Continue.
Page 132 of 259

Babu R (623)
1.10.10.5.5Default administrator
Finally you are asked to create the Bamboo administrator user.

1.10.10.6.1Mail configuration
Log-In on the Bamboo-Server via browser and click on the gear-wheel icon on the ride-hand side of
the top navigation bar and then on Overview.
Click on the Mail server link in the left-hand menu. Enter the mail server details as shown below in
the screenshot.
Page 133 of 259

Babu R (623)
1.10.10.6.2Connecting with Crowd
Select User repositories under Security in the left-hand menu. Choose Users and groups from JIRA or
Crowd.
Page 134 of 259

Babu R (623)
Confirm your input by clicking on the Save button.
Login as root into the bamboo target server.
/etc/init.d/bamboo stop # stop bamboo before SSO configuration
Then edit the following files:
{install_dir}/atlassian-bamboo/WEB-INF/classes/seraph-config.xml
Comment out the athenticator node:


and add instead a new authenticator:

<authenticator class="com.atlassian.crowd.integration.seraph.v25.BambooAuthenticator"/>
{home_dir}/xml-data/configuration/crowd.properties
Make sure the file is configured like this:
application.name bamboo
application.password bamboo
Page 135 of 259
Babu R (623)
bamboo.crowd.cache.minutes 60

Bamboo can be started by the init-script (as noted in chapter ):
/etc/init.d/bamboo start # to start the application

/etc/init.d/bamboo stop # to stop the application
/etc/init.d/bamboo restart # to restart the application
/etc/init.d/bamboo status # to retrieve the current status of the
application
To check whether Bamboo is running you can also use
ps aux | grep bamboo
If this returns a java process (tomcat) then Bamboo is running.

1.10.10.9 Backup
1.10.10.9.1Configure path editing rights
Per default it is not possible to modify the Bamboo path settings in order to minimize the risk of
Bamboo being compromised by security-related attacks. If you want to change the destination folder
of the backup file you have to edit the following file:
Find the section JVM_SUPPORT_RECOMMENDED_ARGS=

and add -Dbamboo.paths.set.allowed=true
so that it looks like
JVM_SUPPORT_RECOMMENDED_ARGS="-Dbamboo.paths.set.allowed=true"
Once you have finished the backup, remember to undo the changes.
1.10.10.9.2Export data
Make sure that no plans are currently or about to being built, because the data export may take a
long time and does not start if a build is running. Also make sure that you have enough free disk
space in your desired backup location.
Login as root into the Bamboo target server.
Log in to Bamboo web server as {admin} and enter the administration area (Overview).
Click Export  Pause server to make sure no plan is running during export procedure.
Page 136 of 259

Babu R (623)
Then set the Export directory path to your desired backup location. If the directory does not exist,
you have to create it first before you start the export.
mkdir /desired/backup/location
Adjust the name of the export archive and click on the Export button. The export procedure may take
a while…
Finally you have to undo the activation of path editing to minimize the risk of Bamboo being
compromised by security-related attacks.
Page 137 of 259

Babu R (623)
1.10.10.9.3Import data
It is the same for import as it is for export; first you have to allow editing of the Bamboo path settings
(see chapter 1.10.10.9.1).
Then log in to Bamboo web server as {admin} and enter the administration area (Overview).
Click on the Import link in the left hand menu. Enter the full file path of your earlier exported backup
file and it is recommended to back up your current Bamboo instance. So make sure the checkbox
Backup data? is checked and the destination folder and the backup file name are set. Then click on
the Import button.
Page 138 of 259

Babu R (623)
Page 139 of 259
Babu R (623)
Immediately thereafter you are asked to confirm the import. Be aware that the import procedure will
delete the current Bamboo instance and there may be a chance that a failed import process could
render the instance unusable.
After the import has successfully finished you should prohibit the editing of the Bamboo path settings
again and reboot the system.
1.10.10.10Log files
The log files are located in {home_dir}/logs and in {install_dir}/logs.
1.10.10.11Reference Links
 Bamboo Documentation Home
https://confluence.atlassian.com/display/BAMBOO/Bamboo+documentation+home
 Bamboo Installation Guide
https://confluence.atlassian.com/display/BAMBOO/Bamboo+installation+guide
 Connecting Bamboo to Crowd
https://confluence.atlassian.com/display/BAMBOO/Integrating+Bamboo+with+Crowd
 Bamboo FAQ
https://confluence.atlassian.com/display/BAMBOO/Bamboo+FAQ
 Bamboo Knowledge Base: Troubleshooting Installation
https://confluence.atlassian.com/display/BAMKB/Troubleshooting+Installation
 Atlassian Answers Bamboo topic
https://answers.atlassian.com/questions/topics/753705/bamboo
 Bamboo backup
https://confluence.atlassian.com/display/BAMBOO/Exporting+data+for+backup
1.10.11 SonarQube Setup

1.10.11.1 Prerequisite
 You have completed the common system setup for the SonarQube target server (see chapter
1.7).
You are logged in as root on the SonarQube target server
Page 140 of 259

Babu R (623)
1.10.11.2 console Installation
Download SonarQube package (sonarqube-7.9.1.zip from
https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-7.9.1.zip
Copy the downloaded package to destination server and Unzip package under “/opt/packages”
directory
root@sedcagse0200:/opt/packages: unzip sonarqube-7.9.1.zip
Move unzipped directory to “/opt”

root@sedcagse0200:/opt/packages: mv sonarqube-7.9.1/opt
Create symbolic Lync to package

root@sedcagse0200:/opt/packages: ln –s sonarqube-7.9.1 sonarqube
Change permissions to internal user

root@sedcagse0200:/opt/packages: chown sonar_prod_osuser.users sonarqube-7.9.1 sonarqube -R

Edit sonar.properties file and save the file .
$ vim /opt/sonarqube/conf/sonar.properties
In line 82 add below:
# WEB SERVER
sonar.ce.javaOpts=-Xmx{minmem} –Xms8g
sonar.search.javaOpts=-Xmx3g –Xms3g
sonar.web.javaOpts=-Xmx3g –Xms3g
# Web context. When set, it must start wlaith forward slash (for example /sonarqube).
sonar.web.context=/sonar
sonar.web.port=8080
sonar.host.url=https://localhost:8080/sonar
In line 14 add below for external DB configuration

# Permissions to create tables, indices and triggers must be granted to JDBC user.
sonar.jdbc.username=cod_dev_dbuser
sonar.jdbc.password=XXXXXXXXXXXX
#----- Oracle 11g/12c
sonar.jdbc.url=jdbc:oracle:thin:@sedcbgse0020:1546/cod_dev

reboot
Page 141 of 259

Babu R (623)
1.10.11.5.1SonarQube Crowd Integration
$ vim /opt/sonarqube/conf/sonar.properties
# If the external system is not reachable or if the user is not defined in the external system, the authentication will be
performed through the SonarQube internal system.
sonar.security.realm=Crowd
# URL of the Crowd server.
crowd.url=http://53.31.XX.XXX:8080/crowd/
# Crowd application name.
crowd.application=sonarqube
# Crowd application password.
crowd.password=XXXXXXXXXXXXXXX
1.10.11.6 General Configuration & Proxy Setup

1.10.11.6.1Mail server configuration
Login sonar application in UI and add mail server
SMTP host = mailhost.emea.svc.corpintra.net
Port =25
Page 142 of 259

Babu R (623)
1.10.11.7 Restart Application
/etc/init.d/sonar start
/etc/init.d/sonar stop
/etc/init.d/sonar restart
1.10.12 Jenkins setup

 You are logged in as root on the Jenkins target server.
Create the folders as below and move updated Jenkins war file.
root@sedcagse0190:/opt/atlassian : mkdir jenkins_home

root@sedcagse0190:/opt/atlassian : mkdir jenkins
root@sedcagse0190:/opt/atlassian/packages/Jenkins/package : cp apache-tomcat-
8.0.32.tar.gz ../../../Jenkins
root@sedcagse0060:/opt/atlassian : tar -xvzf apache-tomcat-8.0.32.tar.gz
root@sedcagse0190:/opt/atlassian : mv apache-tomcat-8.0.32
root@sedcagse0190:/opt/atlassian/packages/Jenkins/package : cp jenkins.war
/opt/atlassian/jenkins/webapps
Edit the below server.xml files,
root@ sedcagse0190: {install_dir}/conf : vi server.xml

Line 69, change the port number 8080 to 8080
from
<Connector port="8080" protocol="HTTP/1.1"
to <Connector port="8080" protocol="HTTP/1.1"
Line 127, add the Jenkins home directory.

<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Context path="/jenkins" >
<Environment name="JENKINS_HOME" value="{home_dir}" type="java.lang.String"/>
</Context>
Copy the all the plugins to plugin folder.
root@ sedcagse0190:/opt/atlassian/packages/Jenkins/plugin : ls
ace-editor.hpi durable-task.hpi groovy-postbuild.hpi mailer.hpi ssh-
credentials.hpi workflow-basic-steps.hpi workflow-job.hpi
credentials.hpi git-client.hpi icon-shim.hpi matrix-project .hpi timestamper.hpi
workflow-cps-global-lib.hpi workflow-scm-step.hpi
crowd2.hpi git.hpi jquery-detached.hpi scm-api.hpi workflow-aggregator.hpi
workflow-cps.hpi workflow-step-api.hpi
crowd.hpi git-server.hpi junit.hpi script-security.hpi workflow-api.hpi
workflow-durable-task-step.hpi workflow-support.hpi
root@sedcagse0190:/opt/atlassian/packages/Jenkins/plugin : cp -r *
/opt/atlassian/jenkins_home/
1.10.12.3 Upgrade Jenkins using Ansible

 Login to Ansible controller (sedcagse0980) through winscp and place the target version
jenkins war file in “/opt/atlassian/storage/” directory.
 Now login to Ansible controller with putty and verify the below things.
1. In “/etc/Ansible/hosts” file Jenkins IP should be configured.
Page 143 of 259
Babu R (623)
2. Now check the connectivity by using the below command and it should be successful.
ansible -m ping jenkins-upgrade
 Once the validation is done use the below command to upgrade the Jenkins.
ansible-playbook jenkins-application-upgrade.yml
 The above command should be upgraded successfully without any error.

root@sedcagse0190: {install_dir}/bin :./shutdown.sh
root@sedcagse0190: {install_dir}/bin :./startup.sh


To allow other applications to connect to Crowd we have to do some basic configuration steps. Log in
to Crowd as {admin}.
1.10.12.7 Configuring the Self-Service Console
1.10.13 Gerrit setup

 You have completed the common system setup for the Gerrit target server (see chapter 1.7).
 You are logged in as root on the Gerrit target server.
Page 144 of 259

Babu R (623)
1.10.13.2 Git Installation
Gerrit needs git to work. In /opt/atlassian/packages you find git 2.12.3 and all its dependencies.
Install them in the correct order to get a working git environment:
yast --install perl-Error-0.17022-35.4.noarch.rpm
yast --install git-core-2.12.3-209.1.x86_64.rpm
yast --install git-2.12.3-209.1.x86_64.rpm
1.10.13.3 Install Postgresql
Download the Postgresql installer from https://www.postgresql.org/download/linux/suse/
Package name: (postgresql-9.6.15-1-linux-x64.run) Change the permission of file to (+x) execute

mode
$ chmod +x postgresql-9.6.15-1-linux-x64.run
Run the installer
root@sedcagse0230:/opt/atlassian/packages/gerrit-2.13.7-installation : ./postgresql-9.6.15-1-
linux-x64.run ----------------------------------------------------------------------------
Welcome to the PostgreSQL Setup Wizard.
----------------------------------------------------------------------------
Please specify the directory where PostgreSQL will be installed.
Installation Directory [/opt/PostgreSQL/9.6]:
----------------------------------------------------------------------------
Please select a directory under which to store your data.
Data Directory [/opt/PostgreSQL/9.6/data]:
----------------------------------------------------------------------------
Please provide a password for the database superuser (postgres). A locked Unix
user account (postgres) will be created if not present.
Password :
Retype password :
----------------------------------------------------------------------------
Please select the port number the server should listen on.
Port [5432]:
----------------------------------------------------------------------------
Advanced Options
Select the locale to be used by the new database cluster.
Locale
Page 145 of 259

Babu R (623)
[1] [Default locale]
[2] C
[3] POSIX
[4] aa_DJ
[5] aa_DJ.utf8
[6] aa_ER
[7] aa_ER.utf8
[8] aa_ER@saaho
[9] aa_ET
[10] aa_ET.utf8
[11] af_ZA
[12] af_ZA.utf8
[13] am_ET
[14] am_ET.utf8
[15] an_ES
[16] an_ES.utf8
[17] ar_AE
[18] ar_AE.utf8
[19] ar_BH
[20] ar_BH.utf8
[21] ar_DZ
[22] ar_DZ.utf8
[23] ar_EG
[24] ar_EG.utf8
[25] ar_IN
[26] ar_IN.utf8
[27] ar_IQ
[28] ar_IQ.utf8
[29] ar_JO
[30] ar_JO.utf8
[31] ar_KW
[32] ar_KW.utf8
[33] ar_LB
[34] ar_LB.utf8
[35] ar_LY
[36] ar_LY.utf8
[37] ar_MA
[38] ar_MA.utf8
[39] ar_OM
[40] ar_OM.utf8
[41] ar_QA
[42] ar_QA.utf8
[43] ar_SA
[44] ar_SA.utf8
[45] ar_SD
[46] ar_SD.utf8
[47] ar_SY
Page 146 of 259

Babu R (623)
[48] ar_SY.utf8
[49] ar_TN
[50] ar_TN.utf8
[51] ar_YE
[52] ar_YE.utf8
[53] as_IN.utf8
[54] ast_ES
[55] ast_ES.utf8
[56] az_AZ.utf8
[57] be_BY
[58] be_BY.utf8
[59] be_BY@latin
[60] ber_DZ
[61] ber_MA
[62] bg_BG
[63] bg_BG.utf8
[64] bn_BD
[65] bn_BD.utf8
[66] bn_IN
[67] bn_IN.utf8
[68] bo_CN
[69] bo_IN
[70] br_FR
[71] br_FR.utf8
[72] br_FR@euro
[73] bs_BA
[74] bs_BA.utf8
[75] byn_ER
[76] byn_ER.utf8
[77] ca_AD
[78] ca_AD.utf8
[79] ca_ES
[80] ca_ES.utf8
[81] ca_ES@euro
[82] ca_FR
[83] ca_FR.utf8
[84] ca_IT
[85] ca_IT.utf8
[86] crh_UA
[87] cs_CZ
[88] cs_CZ.utf8
[89] csb_PL
[90] cy_GB
[91] cy_GB.utf8
[92] da_DK
[93] da_DK.utf8
[94] de_AT
[95] de_AT.utf8
Page 147 of 259

Babu R (623)
[96] de_AT@euro
[97] de_BE
[98] de_BE.utf8
[99] de_BE@euro
[100] de_CH
[101] de_CH.utf8
[102] de_DE
[103] de_DE.utf8
[104] de_DE@euro
[105] de_LU
[106] de_LU.utf8
[107] de_LU@euro
[108] dv_MV
[109] dz_BT
[110] el_CY
[111] el_CY.utf8
[112] el_GR
[113] el_GR.utf8
[114] en_AG
[115] en_AU
[116] en_AU.utf8
[117] en_BE
[118] en_BE.utf8
[119] en_BE@euro
[120] en_BW
[121] en_BW.utf8
[122] en_CA
[123] en_CA.utf8
[124] en_DK
[125] en_DK.utf8
[126] en_GB
[127] en_GB.iso885915
[128] en_GB.utf8
[129] en_HK
[130] en_HK.utf8
[131] en_IE
[132] en_IE.utf8
[133] en_IE@euro
[134] en_IN
[135] en_IN.utf8
[136] en_NG
[137] en_NZ
[138] en_NZ.utf8
[139] en_PH
[140] en_PH.utf8
[141] en_SG
[142] en_SG.utf8
[143] en_US
Page 148 of 259

Babu R (623)
[144] en_US.iso885915
[145] en_US.utf8
[146] en_ZA
[147] en_ZA.utf8
[148] en_ZW
[149] en_ZW.utf8
[150] es_AR
[151] es_AR.utf8
[152] es_BO
[153] es_BO.utf8
[154] es_CL
[155] es_CL.utf8
[156] es_CO
[157] es_CO.utf8
[158] es_CR
[159] es_CR.utf8
[160] es_DO
[161] es_DO.utf8
[162] es_EC
[163] es_EC.utf8
[164] es_ES
[165] es_ES.utf8
[166] es_ES@euro
[167] es_GT
[168] es_GT.utf8
[169] es_HN
[170] es_HN.utf8
[171] es_MX
[172] es_MX.utf8
[173] es_NI
[174] es_NI.utf8
[175] es_PA
[176] es_PA.utf8
[177] es_PE
[178] es_PE.utf8
[179] es_PR
[180] es_PR.utf8
[181] es_PY
[182] es_PY.utf8
[183] es_SV
[184] es_SV.utf8
[185] es_US
[186] es_US.utf8
[187] es_UY
[188] es_UY.utf8
[189] es_VE
[190] es_VE.utf8
[191] et_EE
Page 149 of 259

Babu R (623)
[192] et_EE.iso885915
[193] et_EE.utf8
[194] eu_ES
[195] eu_ES.utf8
[196] eu_ES@euro
[197] fa_IR
[198] fa_IR.utf8
[199] fi_FI
[200] fi_FI.utf8
[201] fi_FI@euro
[202] fil_PH
[203] fo_FO
[204] fo_FO.utf8
[205] fr_BE
[206] fr_BE.utf8
[207] fr_BE@euro
[208] fr_CA
[209] fr_CA.utf8
[210] fr_CH
[211] fr_CH.utf8
[212] fr_FR
[213] fr_FR.utf8
[214] fr_FR@euro
[215] fr_LU
[216] fr_LU.utf8
[217] fr_LU@euro
[218] fur_IT
[219] fy_DE
[220] fy_NL
[221] ga_IE
[222] ga_IE.utf8
[223] ga_IE@euro
[224] gd_GB
[225] gd_GB.utf8
[226] gez_ER
[227] gez_ER@abegede
[228] gez_ET
[229] gez_ET@abegede
[230] gl_ES
[231] gl_ES.utf8
[232] gl_ES@euro
[233] gu_IN
[234] gv_GB
[235] gv_GB.utf8
[236] ha_NG
[237] he_IL
[238] he_IL.utf8
[239] hi_IN
Page 150 of 259

Babu R (623)
[240] hi_IN.utf8
[241] hne_IN
[242] hr_HR
[243] hr_HR.utf8
[244] hsb_DE
[245] hsb_DE.utf8
[246] ht_HT
[247] hu_HU
[248] hu_HU.utf8
[249] hy_AM
[250] id_ID
[251] id_ID.utf8
[252] ig_NG
[253] ik_CA
[254] is_IS
[255] is_IS.utf8
[256] it_CH
[257] it_CH.utf8
[258] it_IT
[259] it_IT.utf8
[260] it_IT@euro
[261] iu_CA
[262] iw_IL
[263] iw_IL.utf8
[264] ja_JP.eucjp
[265] ja_JP.utf8
[266] ka_GE.utf8
[267] kk_KZ.utf8
[268] kl_GL
[269] kl_GL.utf8
[270] km_KH
[271] kn_IN
[272] ko_KR.euckr
[273] ko_KR.utf8
[274] ks_IN
[275] ks_IN@devanagari
[276] ku_TR
[277] ku_TR.utf8
[278] kw_GB
[279] kw_GB.utf8
[280] ky_KG
[281] lg_UG
[282] lg_UG.utf8
[283] li_BE
[284] li_NL
[285] lo_LA
[286] lt_LT
[287] lt_LT.utf8
Page 151 of 259

Babu R (623)
[288] lv_LV
[289] lv_LV.utf8
[290] mai_IN
[291] mg_MG
[292] mg_MG.utf8
[293] mi_NZ
[294] mi_NZ.utf8
[295] mk_MK
[296] mk_MK.utf8
[297] ml_IN
[298] ml_IN.utf8
[299] mn_MN
[300] mn_MN.utf8
[301] mr_IN
[302] mr_IN.utf8
[303] ms_MY
[304] ms_MY.utf8
[305] mt_MT
[306] mt_MT.utf8
[307] my_MM
[308] nan_TW@latin
[309] nb_NO
[310] nb_NO.utf8
[311] nds_DE
[312] nds_NL
[313] ne_NP
[314] ne_NP.utf8
[315] nl_AW
[316] nl_BE
[317] nl_BE.utf8
[318] nl_BE@euro
[319] nl_NL
[320] nl_NL.utf8
[321] nl_NL@euro
[322] nn_NO
[323] nn_NO.utf8
[324] no_NO
[325] no_NO.utf8
[326] nr_ZA
[327] nso_ZA
[328] oc_FR
[329] oc_FR.utf8
[330] om_ET
[331] om_ET.utf8
[332] om_KE
[333] om_KE.utf8
[334] or_IN
[335] pa_IN
Page 152 of 259

Babu R (623)
[336] pa_IN.utf8
[337] pa_PK
[338] pap_AN
[339] pl_PL
[340] pl_PL.utf8
[341] ps_AF
[342] pt_BR
[343] pt_BR.utf8
[344] pt_PT
[345] pt_PT.utf8
[346] pt_PT@euro
[347] ro_RO
[348] ro_RO.utf8
[349] ru_RU
[350] ru_RU.koi8r
[351] ru_RU.utf8
[352] ru_UA
[353] ru_UA.utf8
[354] rw_RW
[355] sa_IN
[356] sc_IT
[357] sd_IN
[358] sd_IN@devanagari
[359] se_NO
[360] se_NO.utf8
[361] sh_YU
[362] sh_YU.utf8
[363] shs_CA
[364] si_LK
[365] sid_ET
[366] sid_ET.utf8
[367] sk_SK
[368] sk_SK.utf8
[369] sl_SI
[370] sl_SI.utf8
[371] so_DJ
[372] so_DJ.utf8
[373] so_ET
[374] so_ET.utf8
[375] so_KE
[376] so_KE.utf8
[377] so_SO
[378] so_SO.utf8
[379] sq_AL
[380] sq_AL.utf8
[381] sr_ME
[382] sr_RS
[383] sr_RS@latin
Page 153 of 259

Babu R (623)
[384] ss_ZA
[385] st_ZA
[386] st_ZA.utf8
[387] sv_FI
[388] sv_FI.utf8
[389] sv_FI@euro
[390] sv_SE
[391] sv_SE.iso885915
[392] sv_SE.utf8
[393] ta_IN
[394] ta_IN.utf8
[395] te_IN
[396] te_IN.utf8
[397] tg_TJ.utf8
[398] th_TH.utf8
[399] ti_ER
[400] ti_ER.utf8
[401] ti_ET
[402] ti_ET.utf8
[403] tig_ER
[404] tig_ER.utf8
[405] tk_TM
[406] tl_PH
[407] tl_PH.utf8
[408] tn_ZA
[409] tr_CY
[410] tr_CY.utf8
[411] tr_TR
[412] tr_TR.utf8
[413] ts_ZA
[414] tt_RU.utf8
[415] tt_RU@iqtelif.UTF-8
[416] ug_CN
[417] uk_UA
[418] uk_UA.utf8
[419] ur_PK
[420] ur_PK.utf8
[421] uz_UZ
[422] uz_UZ@cyrillic
[423] ve_ZA
[424] vi_VN
[425] wa_BE
[426] wa_BE.utf8
[427] wa_BE@euro
[428] wo_SN
[429] xh_ZA
[430] xh_ZA.utf8
[431] yi_US
Page 154 of 259

Babu R (623)
[432] yi_US.utf8
[433] yo_NG
[434] zh_CN
[435] zh_CN.utf8
[436] zh_HK.utf8
[437] zh_SG
[438] zh_SG.utf8
[439] zh_TW.euctw
[440] zh_TW.utf8
[441] zu_ZA
[442] zu_ZA.utf8
Please choose an option [1] : 1
----------------------------------------------------------------------------
Setup is now ready to begin installing PostgreSQL on your computer.
Do you want to continue? [Y/n]: Y
----------------------------------------------------------------------------
Please wait while Setup installs PostgreSQL on your computer.
Installing
0% ______________ 50% ______________ 100%
#########################################
----------------------------------------------------------------------------
Setup has finished installing PostgreSQL on your computer.
You have mail in /var/mail/root

root@sedcagse0170:/opt/atlassian/packages/gerrit-{appversion}-installation :
Login to Postgresql Database:
$ su - postgres
$ psql
postgres=#
postgres=# \list
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+----------+----------+-------------+-------------+-----------------------
postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
reviewdb | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
test_db | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
(5 rows)
Page 155 of 259

Babu R (623)
postgres=#
Create a user for the web application within PostgreSQL, assign it a password, create a database to
store the metadata, and grant the user full rights on the newly created database:
Create DB:
CREATE DATABASE reviewdb;
1.10.13.4 Install Gerrit

root@sedcagse0170:/opt/atlassian/packages/gerrit-{appversion}-installation : java -jar gerrit-
{appversion}.war init -d {install_dir}
Using secure store: com.google.gerrit.server.securestore.DefaultSecureStore
[2017-08-27 12:59:59,100] [main] INFO
com.google.gerrit.server.config.GerritServerConfigProvider : No {install_dir}/etc/gerrit.config;
assuming defaults
*** Gerrit Code Review {appversion}

***
*** Git Repositories

***
Location of Git repositories [git]:
*** SQL Database

***
Database server type [h2]: postgresql

Server hostname [localhost]:
Server port [(postgresql default)]:
Database name [reviewdb]:
Database username [root]: postgres
postgres's password :
confirm password :
*** User Authentication

***
Authentication method [OPENID/?]:

Enable signed push support [y/N]?
*** Review Labels

***
Install Verified label [y/N]?
*** Email Delivery

***
Page 156 of 259
Babu R (623)
SMTP server hostname [localhost]:
SMTP server port [(default)]:
SMTP encryption [NONE/?]:
SMTP username :
*** Container Process

***
Run as [root]:
Java runtime [/usr/java/jdk1.8.0_121/jre]:
Copy gerrit-{appversion}.war to {install_dir}/bin/gerrit.war [Y/n]? y
Copying gerrit-{appversion}.war to {install_dir}/bin/gerrit.war
*** SSH Daemon

***
Listen on address [*]:

Listen on port [29418]:
Gerrit Code Review is not shipped with Bouncy Castle Crypto SSL v152
If available, Gerrit can take advantage of features
in the library, but will also function without it.
Download and install it now [Y/n]? y
Downloading https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/1.52/bcpkix-
jdk15on-1.52.jar ... Failed to clean up lib: {install_dir}/lib/bcpkix-jdk15on-1.52.jar
!! FAIL !!
error: repo1.maven.org
Please download:
https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/1.52/bcpkix-jdk15on-
1.52.jar
and save as:
{install_dir}/lib/bcpkix-jdk15on-1.52.jar
Press enter to continue

Continue without this library [Y/n]? y
Generating SSH host key ... rsa(simple)... done
*** HTTP Daemon

***
Behind reverse proxy [y/N]?

Use SSL (https://) [y/N]?
Listen on address [*]:
Page 157 of 259

Babu R (623)
Listen on port [8080]: 8086
Canonical URL [http://sedcagse0170.emea.bg.corpintra.net:8086/]:
*** Plugins
***
Installing plugins.
Install plugin commit-message-length-validator version v2.13.7 [y/N]? y
Installed commit-message-length-validator v2.13.7
Install plugin download-commands version v2.13.7 [y/N]? y
Installed download-commands v2.13.7
Install plugin hooks version v2.13.7 [y/N]? y
Installed hooks v2.13.7
Install plugin replication version v2.13.7 [y/N]? y
Installed replication v2.13.7
Install plugin reviewnotes version v2.13.7 [y/N]? y
Installed reviewnotes v2.13.7
Install plugin singleusergroup version v2.13.7 [y/N]? y
Installed singleusergroup v2.13.7
Initializing plugins.
No plugins found with init steps.
Initialized {install_dir}
You have mail in /var/mail/root
root@sedcagse0170:/opt/atlassian/packages/gerrit-2.13.7-installation :
Starting Gerrit Code Review: OK

$vi {install_dir}/etc/gerrit.config
[gerrit]
basePath = git
serverId = 2bb47a3b-a708-4f38-97e5-f46793fe7359
# canonicalWebUrl = http://sedcagse0170.emea.bg.corpintra.net:8086/
canonicalWebUrl = https://gsep.app.corpintra.net/gerrit
[database]
type = postgresql
hostname = localhost
database = reviewdb
username = postgres
[auth]
type = OPENID
[receive]
enableSignedPush = false
[sendemail]
Page 158 of 259

Babu R (623)
smtpServer = localhost
[container]
user = gerrit_prod_osuser
javaHome = /usr/java/jdk1.8.0_121/jre
[sshd]
listenAddress = *:29418
[httpd]
# listenUrl = http://*:8086/
listenUrl = proxy-https://*:8086/gerrit
[cache]
directory = cache
[http]
proxy = http://security-proxy.emea.svc.corpintra.net:3128
[https]
proxy = http://security-proxy.emea.svc.corpintra.net:3128
proxy = https://security-proxy.emea.svc.corpintra.net:3128
[commentlink "changeid"]
match = (I[0-9a-f]{8,40})
link = "#q,$1,n,z"
[commentlink "jira"]
match = ([A-Z]+-[0-9]+)
link = https://gsep.daimler.com/jira/browse/$1
association = SUGGESTED
1.10.13.6 For Gerrit and Stash replication: Prerequisites:
1. Install replication plugin

2. ssh <stash.hostname> 7999
$su – Gerrit_prod_osuser
$ssh-keygen -R hostname -f ~/.ssh/known_hosts
vi ~/.ssh/config
Add below lines and save the file
Host sedcagse0030.emea.bg.corpintra.net
IdentityFile .ssh/id_rsa
1.10.13.7 Plug-Ins Installation
Download the needed plugins from https://gerrit.googlesource.com/plugins/ source and place it in

path:
{install_dir}/plugins
Change the permission to Gerrit user:
Page 159 of 259

Babu R (623)
chown gerrit_int_osuser:users {install_dir}/plugins --recursive

reboot
1.10.13.10Start & Stop procedures

/etc/init.d/gerrit start # to start the application

/etc/init.d/gerrit stop # to stop the application
/etc/init.d/gerrit restart # to restart the application
/etc/init.d/gerrit status # to retrieve the current status of the
application
ps aux | grep gerrit
If this returns a java process (tomcat) then jira is running.
1.10.14 TestRail setup

 You have completed the common system setup for the Gerrit target server (see chapter 1.7).
 You are logged in as root on the Gerrit target server.
1.10.14.2 Installing Apache

root@sedcagse0210:/root : zypper in apache2
root@sedcagse0210:/etc/opt : rcapache2 start
Starting httpd2 (prefork)
done
Change the listen port to 8080,
root@sedcagse0210:/etc/apache2 : vi listen.conf
Line 19
Change from
Listen 80
Page 160 of 259

Babu R (623)
Listen 8080
Save:
Restart Apache:
root@sedcagse0210:/etc/apache2 : /etc/init.d/apache2 restart

Syntax OK
Shutting down httpd2 (waiting for all children to terminate)
done
Starting httpd2 (prefork)
done
1.10.14.3 Installing PHP
Make sure PHP is already installed.

root@sedcagse0210:/opt/atlassian/packages : php -version
PHP 5.3.5 (cli)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
1.10.14.4 Installing Mysql
Install mysql using below command
Root@sedcagse0170:/opt/atlassian/packages : zypper install mysql

Refreshing service 'spacewalk'.
Loading repository data...
Reading installed packages...
Resolving package dependencies...
The following NEW packages are going to be installed:

mysql mysql-client
The following packages are not supported by their vendor:

mysql mysql-client
2 new packages to install.

Overall download size: 14.1 MiB. After the operation, additional 59.6 MiB will be used.
Continue? [y/n/? shows all options] (y): y
Retrieving package mysql-client-5.5.43-0.7.3.x86_64 (1/2), 3.1 MiB (17.1 MiB unpacked)
Retrieving: mysql-client-5.5.43-0.7.3.x86_64.rpm [done]
Retrieving package mysql-5.5.43-0.7.3.x86_64 (2/2), 11.0 MiB (42.5 MiB unpacked)
Retrieving: mysql-5.5.43-0.7.3.x86_64.rpm [done]
Installing: mysql-client-5.5.43-0.7.3 [done]
Installing: mysql-5.5.43-0.7.3 [done]
root@sedcagse0170:/opt/atlassian/packages :
mysqladmin -u root password xxxxx

mysql -u root -p
Page 161 of 259
Babu R (623)
mysql> CREATE DATABASE testrail DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
Query OK, 1 row affected (0.00 sec)
mysql> CREATE USER 'testrail'@'localhost' IDENTIFIED BY [Password];

Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL ON testrail.* TO 'testrail'@'localhost';

Query OK, 0 rows affected (0.00 sec)
root@sedcagse0210:/etc/php5/apache2 : /etc/init.d/mysql status

root@sedcagse0210:/etc/php5/apache2 : /etc/init.d/mysql start
root@sedcagse0210:/etc/php5/apache2 : ln -s /var/lib/mysql/mysql.sock
/var/run/mysql/mysql.sock
root@sedcagse0210:/etc/php5/apache2 : /etc/init.d/apache2 restart
1.10.14.5 Install testrail
Install the below packages:

root@sedcagse0210:/opt/atlassian/packages : yast --install php5-5.3.5-5.12.1.x86_64.rpm
root@sedcagse0210:/opt/atlassian/packages : yast --install libmm14-1.4.2-92.1.x86_64.rpm
root@sedcagse0210:/opt/atlassian/packages : yast --install apache2-mod_php5-5.3.5-
5.12.1.x86_64.rpm
root@sedcagse0210:/opt/atlassian/packages : yast --install php5-json-5.3.5-5.12.1.x86_64.rpm
root@sedcagse0210:/opt/atlassian/packages : yast --install php5-curl-5.3.5-5.12.1.x86_64.rpm
root@sedcagse0210:/opt/atlassian/packages : yast --install php5-pdo-5.3.5-5.12.1.x86_64.rpm
root@sedcagse0210:/opt/atlassian/packages : yast --install libpcre0-8.10-4.1.x86_64.rpm
root@sedcagse0210:/opt/atlassian/packages : yast --install php5-mysql-5.3.5-
5.12.1.x86_64.rpm
root@sedcagse0210:/opt/atlassian/packages : yast --install php5-mbstring-5.3.5-

5.12.1.x86_64.rpm
root@sedcagse0210:/opt/atlassian/packages : yast --install php5-soap-5.3.5-5.12.1.x86_64.rpm
root@sedcagse0210:/opt/atlassian/packages : yast --install php5-zip-5.3.5-5.12.1.x86_64.rpm
Install pcre latest version,
root@sedcagse0210:/opt/atlassian/packages : cd pcre-8.38
root@sedcagse0210:/opt/atlassian/packages/pcre-8.38 : ./configure
checking for a BSD-compatible install... /usr/bin/install –c
root@sedcagse0210:/opt/atlassian/packages/pcre-8.38 : make
Unzip the testrail package
root@sedcagse0210:/srv/www/htdocs : unzip testrail-5.2.0.3452-ion53.zip
Add the ioncube_loader in PHP.ini file.
root@sedcagse0210:/etc/php5/apache2 : vi php.ini
Page 162 of 259

Babu R (623)
extension=mysql.so
extension=curl.so
[PHP]
extension=mysql.so
extension=curl.so
extension=php_soap.dll
zend_extension=/opt/atlassian/packages/ioncube /ioncube_loader_lin_5.3.so
root@sedcagse0210:/etc/php5/apache2 : /etc/init.d/apache2 restart

Syntax OK
Create directories,
root@sedcagse0210:{home_dir} : mkdir attachments/

root@sedcagse0210:{home_dir} : mkdir reports/
Page 163 of 259

Babu R (623)
Page 164 of 259

Babu R (623)
If you use Linux: the path to the mysql.sock file is wrong. This is usually because you are
using (LAMPP) XAMPP and it isn't in /tmp/mysql.sock
Open the php.ini file and find this line:
mysql.default_socket
And make it
mysql.default_socket = /path/to/mysql.sock
Page 165 of 259

Babu R (623)
Page 166 of 259
Babu R (623)
Page 167 of 259
Babu R (623)
reboot
1.10.14.8 Webbased setup wizard

After the system is restarted (~3min) the webbased setup application wizard is available at {url}.
Page 168 of 259

Babu R (623)
1.10.14.8.1.1 Production installation
Choose “Start setup” for the production installation.
1.10.14.9 Database and License setup

screenshot below).
Page 169 of 259

Babu R (623)
Page 170 of 259
Babu R (623)
Page 171 of 259
Babu R (623)
Page 172 of 259
Babu R (623)
1.10.14.10Mail configuration
1.10.14.11Start & Stop procedures

Confluence can be started by the init-script (as noted in chapter ):
/etc/init.d/apache2 start # to start the application

/etc/init.d/apache2 stop # to stop the application
/etc/init.d/apache2 restart # to restart the application
/etc/init.d/apache2 status # to retrieve the current status of the
application
Page 173 of 259

Babu R (623)
To check whether testrails is running you can also use
ps aux | grep testaril
If this returns a java process (tomcat) then testrail is running.
1.10.15 SVN Setup

 You have completed the common system setup for the SVN target server (see chapter 1.7).
 You are logged in as root on the SVN target server.
1.10.15.2 Installations
Make sure to keep the rpms ready in the server
 CTF-Disconnected-media-20.0.321-620.rhel7.x86_64.rpm
 compat-ctf-dc-media-1.2-1.el7.noarch.rpm
 python-modules-sources-el7.zip
 monit-5.25.1-1.el6.x86_64.rpm
Unzip the downloaded packages under /opt
root@sedcagse0350: $ yum install CTF-Disconnected-media-20.0.321-620.rhel7.x86_64.rpm

root@sedcagse0350: $ yum install compat-ctf-dc-media-1.2-1.el7.noarch.rpm
root@sedcagse0350: $ yum clean all
root@sedcagse0350: $ unzip python-modules-sources-el7.zip -d
/opt/collabnet/teamforge/service/reviewboard/resources/SOURCES/python-modules-sources
1.10.15.3 configuration
Verify your yum configuration:
yum list httpd
yum list apr
Install TeamForge
yum install teamforge
Install Monit
yum install monit-5.25.1-1.el6.x86_64.rpm
Setup the site-options file and provision
root@sedcagse1310:/opt/collabnet/teamforge/etc: vi site-options.conf
localhost:SERVICES = ctfcore ctfcore-database ctfcore-datamart etl search subversion mail

codesearch cliserver gerrit gerrit-database service-monitor reviewboard reviewboard-database
reviewboard-adapter webr webr-database
localhost:PUBLIC_FQDN = gsep.daimler.com
Page 174 of 259

Babu R (623)
JBOSS_JAVA_OPTS=-Xms2048m -Xmx4098m -XX:MaxPermSize=1024m -server -XX:
+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp -verbose:gc -
Dsun.rmi.dgc.client.gcInterval=600000 -Dsun.rmi.dgc.server.gcInterval=600000
INTEGRATION_JAVA_OPTS=-Xms256m -Xmx256m -server -XX:+HeapDumpOnOutOfMemoryError -

XX:HeapDumpPath=/tmp -verbose:gc -Dsun.rmi.dgc.client.gcInterval=600000 -
Dsun.rmi.dgc.server.gcInterval=600000
PHOENIX_JAVA_OPTS=-Xms256m -Xmx256m -server -XX:+HeapDumpOnOutOfMemoryError -

XX:HeapDumpPath=/tmp -verbose:gc -Dsun.rmi.dgc.client.gcInterval=600000 -
Dsun.rmi.dgc.server.gcInterval=600000 -Dsf.luceneOptimizeEvery=100000
ETL_JAVA_OPTS=-javaagent:/opt/appdynamics/AppServerAgent-20.4.0.29862/javaagent.jar -
Xms256m -Xmx512m -server -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp -
verbose:gc -Dsun.rmi.dgc.client.gcInterval=600000 -Dsun.rmi.dgc.server.gcInterval=600000
LDAP_SERVER_URL=ldap://sedcagse1310.emea.bg.corpintra.net:10389
#BDCS_SDK_SEARCH_LIMIT_MAX=200
#GERRIT_FORCE_HISTORY_PROTECTION=true
Copy the license key under:

cd /opt/collabnet/teamforge/var/etc/ : vim sflicense.txt
teamforge provision -y
teamforge provision -y
1.10.15.4 Restart
Start/Stop the svn using below command,
teamforge start/stop
Check this URLS working fine https://gsep.daimler.com/sf/sfmain/do/home
1.10.16 Artifactory Setup
 You have completed the common system setup for the Artifactory target server (see chapter
1.7).
 You are logged in as root on the Artifactory target server.
Page 175 of 259

Babu R (623)
 Edit the following files on your Artifactory target server.
{install_dir}/tomcat/conf/server.xml
<Connector port="8080"
protocol="HTTP/1.1"
relaxedPathChars='[]'
relaxedQueryChars='[]'
scheme="https"
sendReasonPhrase="true"
maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
proxyName="gsep.daimler.com"
proxyport="443"
secure="true"
useBodyEncodingForURI="true"
enableLookups="false"
acceptCount="100"
disableUploadTimeout="true"
maxHttpHeaderSize="8192"
redirectPort="8443"
compression="on"
compressableMimeType="text/html,text/xml,text/plain,text/css,application/
json,application/javascript,application/x-javascript"/>
-Note: proxyName will be different based on the instance. Above is for Artifactory EDC.
-For India Artifactory use “gsep.in623.corpintra.net”
-For Sunnyvale do not use the “proxyName” option.
 Create a new file “setenv.sh” in [TOMCAT_HOME]/bin/ folder and change the os user
permission which is there for Artifactory. Open the setenv.sh.
$vi {install_dir}/tomcat/bin/setenv.sh
Add the below lines:
JAVA_OPTS="-javaagent:/opt/appdynamics/appagent/javaagent.jar $JAVA_OPTS -
Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dhttp.proxyHost=security-
proxy.emea.svc.corpintra.net -Dhttps.proxyPort=3128 -Dhttp.nonProxyHosts=localhost\|
127.0.0.1\|gsep.daimler.com"
 By default data folder will point to “<ARTIFACTORY_HOME>/data/”, if this has to be pointed

out to somewhere else i.e. external NFS please change the below configuration.
 Go to [ARTIFACTORY_HOME]/etc/
 Open “binarystore.xml”, comment all the lines in that file and add the below parameters
Page 176 of 259

Babu R (623)
Below configuration is for FileSystem:-
<config version="v1">
<chain template="file-system"/>
<provider id="file-system" type="file-system">
<baseDataDir>[ARTIFACTORY_HOME]/data</baseDataDir>
<fileStoreDir>[Shared NFS Path]/filestore</fileStoreDir>
<tempDir> [Shared NFS Path]/temp</tempDir>
</provider>
</config>
Below configuration is for S3:-

<config version="1">
<chain template="s3"/>
<provider id="s3" type="s3">
<endpoint>xxxxxxxxxxxxxxxxxxxxx</endpoint>
<httpsPort>443</httpsPort>
<port>443</port>
<identity>xxxxxxxxxxxxxxxxxxxxxxx</identity>
<credential>xxxxxxxxxxxxxxxxxxxxx</credential>
<bucketName>xxxxxxxxxxxxxxxxxxx</bucketName>
<httpsOnly>true</httpsOnly>
<property name="xxxxxxxxxxxxxxxxxxxxx" value="true"></property>
</provider>
</config>
 Create two folders filestore & temp under [Shared NFS Path] and change the os user
permission which is there for Artifactory.
reboot

1.10.16.5 License Setup

screenshot below).
Login to Artifactory as Admin
Page 177 of 259

Babu R (623)
Go to Admin  General Configuration under Configuration
“Custom Base URL” will be different based on the instance.

Page 178 of 259
Babu R (623)
For EDC Artifactory – https://gsep.daimler.com/artifactory
For Sunnyvale Artifactory - https://s624suselnx0001.us624.corpintra.net/artifactory
For India Artifactory - https://gsep.in623.corpintra.net/artifactory
Go to Admin  Proxies under Configuration
1.10.16.7 Artifactory Crowd Integration

Go to Admin  Crowd/Jira under Security
Page 179 of 259

Babu R (623)
1.10.16.8 Mail server configuration
1.10.16.9 Artifactory Database configuration
 Open “db.properties” file and change the db details if external DB is available. Comment all
the lines in that file and add the below parameters.
type=oracle
driver=oracle.jdbc.OracleDriver
url=jdbc:oracle:thin:@//<db host name>:<db port>/<db name>
username=<db username>
password=<db password>
Page 180 of 259

Babu R (623)
(If you do not have this file you can take it from the standalone zip distribution or directly from the
JFrog domain)
 You must adjust the connection definitions in the $ARTIFACTORY_HOME/etc/db.properties

file to match the attributes of the Artifactory database you created.
 You must configure the database URL and username/password to use. The schema and
tables are created first time Artifactory is run using the new database
 Download the JDBC driver corresponding to your Oracle version from the JDBC/UCP
Download Page and copy the ojdbc7.jar file into the server's shared lib directory.
 For example $TOMCAT_HOME/lib when installed as a service or
$ARTIFACTORY_HOME/tomcat/lib in the standalone version.
1.10.16.10 Restart
/etc/init.d/artifactory start # to start the application
/etc/init.d/artifactory stop # to stop the application
/etc/init.d/artifactory restart # to restart the application
/etc/init.d/artifactory status # to retrieve the current status of the
application
1.10.16.11 Upgradation Steps with Ansible

 Login to Ansible controller.
 Download the new package which needs to be upgraded and place it under
“/opt/atlassian/storage/” directory.
 Redirect to “/etc/ansible/artifactory-app-upgrade.yml” file.
 Verify the “hosts” section, it should be “Artifactory”. Refer “/etc/ansible/host” file for detail.
 Similarly go to “/etc/ansible/ansible_vars/hosts_vars/artifactory-upgrade.yml” and change
and verify the “os_user”, “app_name”, “app_version”, “app_old_version”, “host_name”.
Note – “app_old_version” should be the existing app version and “app_version” should be app
version which you are going to upgrade.
 Do the changes for necessary files and save it.

 Now redirect to below path and execute the command.
root@sedcagse0980: cd /etc/ansible/
root@sedcagse0980:/etc/ansible: ansible-playbook artifactory-app-
upgrade.yml
Page 181 of 259

Babu R (623)
 Application should be upgraded to target version.
 Now verify all the configurations and start the application.
1.10.17 Artifactory upgrade to version 7.x.x
1.7).

Before upgrading Artifactory ensure you can restore your Artifactory and database in case you
encounter any issues during the upgrade process, strongly recommend that you make sure your
system and database backups are up to date.
Oracle Database users

Artifactory 7.x requires a new setup to connect to an Oracle Database. Follow the below procedure
to the Configure Artifactory to use Oracle.
Upgrade Steps
The upgrade procedure involves the following main steps:
 Download the package to upgrade (Linux Archive).
 Stop the current server
 Extract/Install the package according to the installer distribution type.
 Check the Migration Log and review system.yaml to validate the migration was successful
(only for upgrading from v6.x).
 Start the service using the start scripts or OS service management.
 Check the Artifactory Log for the status of the service.
Migration is a manual process for a Linux archive installation. The below steps also include copying
directories over and running the migration script.
Note : Make sure to run all commands on the server with the user that's running Artifactory.
 Stop the current server.
cd /etc/init.d/
./artifactory stop
 Download the package. Copy to Artifactory machine and Extract the contents of the
compressed archive and move it into artifactory directory.
tar -xvf jfrog-artifactory-<pro|oss|cpp-ce>-<version>-linux.tar.gz

mkdir jfrog
mv jfrog-artifactory-<pro|oss|cpp-ce>-<version>-linux jfrog/artifactory
 Set your ARTIFACTORY_HOME and JFROG_HOME variables.

Note: the $ARTIFACTORY_HOME variable points to your existing installation, and
the $JFROG_HOME variable points to the new installation.
Page 182 of 259
Babu R (623)
export ARTIFACTORY_HOME=<Path to your current Artifactory installation>
export JFROG_HOME=<Full path to jfrog directory>
export JF_PRODUCT_HOME=$JFROG_HOME/artifactory
 Copy the directories from your current to the new path.

Mandatory Steps:
# Artifactory data
mkdir -p $JFROG_HOME/artifactory/var/data/artifactory/
cp -rp $ARTIFACTORY_HOME/data/. $JFROG_HOME/artifactory/var/data/artifactory/
# Access data
mkdir -p $JFROG_HOME/artifactory/var/data/access/
cp -rp $ARTIFACTORY_HOME/access/data/. $JFROG_HOME/artifactory/var/data/access/
# Replicator data
# Note: If you've have never used the Artifactory Replicator
# your $ARTIFACTORY_HOME/replicator/ directory will be empty
mkdir -p $JFROG_HOME/artifactory/var/data/replicator/
cp -rp $ARTIFACTORY_HOME/replicator/data/.
$JFROG_HOME/artifactory/var/data/replicator/
# Artifactory config
mkdir -p $JFROG_HOME/artifactory/var/etc/artifactory/
cp -rp $ARTIFACTORY_HOME/etc/. $JFROG_HOME/artifactory/var/etc/artifactory/
# Access config
mkdir -p $JFROG_HOME/artifactory/var/etc/access/
cp -rp $ARTIFACTORY_HOME/access/etc/. $JFROG_HOME/artifactory/var/etc/access/
# Replicator config
# Note: If you have never used the Artifactory Replicator
# your $ARTIFACTORY_HOME/replicator/ directory will be empty
mkdir -p $JFROG_HOME/artifactory/var/etc/replicator/
cp -rp $ARTIFACTORY_HOME/replicator/etc/.
$JFROG_HOME/artifactory/var/etc/replicator/
# master.key
mkdir -p $JFROG_HOME/artifactory/var/etc/security/
cp -p $ARTIFACTORY_HOME/etc/security/master.key
$JFROG_HOME/artifactory/var/etc/security/master.key
# server.xml
mkdir -p $JFROG_HOME/artifactory/var/work/
cp -p $ARTIFACTORY_HOME/tomcat/conf/server.xml
$JFROG_HOME/artifactory/var/work/server.xml
# artifactory.defaults
Page 183 of 259

Babu R (623)
cp -rp $ARTIFACTORY_HOME/bin/artifactory.default
$JFROG_HOME/artifactory/var/work/artifactory.default
#or, if Artifactory was installed a service
cp -rp $ARTIFACTORY_HOME/etc/default
$JFROG_HOME/artifactory/var/work/artifactory.default
# External database driver, for example: mysql-connector-java-<version>.jar

mkdir -p $JFROG_HOME/artifactory/var/bootstrap/artifactory/tomcat/lib
cp -rp $ARTIFACTORY_HOME/tomcat/lib/<your database driver>
$JFROG_HOME/artifactory/var/bootstrap/artifactory/tomcat/lib/<your database driver>
# Remove logback.xml with old links. Please consider migrating manually anything that is
customized here
rm -f $JFROG_HOME/artifactory/var/etc/artifactory/logback.xml
rm -f $JFROG_HOME/artifactory/var/etc/access/logback.xml
# Move Artifactory logs

mkdir -p $JFROG_HOME/artifactory/var/log/archived/artifactory/
cp -rp $ARTIFACTORY_HOME/logs/.
$JFROG_HOME/artifactory/var/log/archived/artifactory/
 Optional Steps
# Artifactory backup (optional)

mkdir -p $JFROG_HOME/artifactory/var/backup/artifactory/
cp -rp $ARTIFACTORY_HOME/backup/. $JFROG_HOME/artifactory/var/backup/artifactory/
# Access backup (optional)

mkdir -p $JFROG_HOME/artifactory/var/backup/access/
cp -rp $ARTIFACTORY_HOME/access/data/. $JFROG_HOME/artifactory/var/backup/access/
# Replicator backup (optional)

mkdir -p $JFROG_HOME/artifactory/var/backup/replicator/
cp -rp $ARTIFACTORY_HOME/replicator/data/.
$JFROG_HOME/artifactory/var/backup/replicator/
# Access logs (optional)

mkdir -p $JFROG_HOME/artifactory/var/log/archived/access/
cp -rp $ARTIFACTORY_HOME/access/logs/.
$JFROG_HOME/artifactory/var/log/archived/access/
# Replicator logs (optional)

mkdir -p $JFROG_HOME/artifactory/var/log/archived/replicator/
cp -rp $ARTIFACTORY_HOME/replicator/logs/.
$JFROG_HOME/artifactory/var/log/archived/replicator/
Page 184 of 259

Babu R (623)
 Run the migration script with the same privileges as you have in your current Artifactory
installation. This script will copy over and translate your current configurations to the new
configuration format, according to the new file system layout.
Note: The migration script only migrates configuration values. Any comments added to the
configuration files in the Artifactory 6.x installation will not be migrated.
cd $JFROG_HOME/artifactory/app/bin
./migrate.sh
 Check that the migration has completed successfully, by reviewing the following files:
a. migration log: $JFROG_HOME/artifactory/var/log/migration.log
b. system.yaml configuration: $JFROG_HOME/artifactory/var/etc/system.yaml
This newly created file will contain your current custom configurations in the new format.
 If Artifactory was installed as a service in previous version, install this version also as a
service.
Note: When an earlier version is installed as a service, it is important to update the new one
also as a service. Otherwise a restart of the server may lead to older version of Artifactory
coming up.
-Note: proxyName will be different based on the instance. Above is for Artifactory EDC.
-For India Artifactory use “gsep.in623.corpintra.net”
-For Sunnyvale do not use the “proxyName” option.
 Configuring Artifactory to use Oracle

1. Copy the libaio directory to the Artifactory tomcat lib directory, for example:
cp -rp /usr/lib64/libaio.so
$JFROG_HOME/artifactory/var/bootstrap/artifactory/tomcat/lib
2. Download the Oracle Instant Client lib.
3. Extract the Oracle Instant Client and copy the ojdbc.jar to
the $JFROG_HOME/artifactory/var/bootstrap/artifactory/tomcat/lib directory
Permissions
Make sure your driver has the same permissions as the rest of the files in the
$JFROG_HOME/artifactory/var directory
4. Set the LD_LIBRARY_PATH, in the system.yaml configuration file, to point to the

extracted Oracle Instant Client directory.
shared:
env:
LD_LIBRARY_PATH: <path Oracle Instant Client directory, for ex: /usr/lib64>
Example:
LD_LIBRARY_PATH: /opt/instantclient_12_2
5. Verify the DB connection details in the system.yaml configuration file

Page 185 of 259
Babu R (623)
shared:
database:
type: oracle
driver: oracle.jdbc.OracleDriver
url: jdbc:oracle:thin:@<your db server url, for example: localhost:1521>:ORCL
username: artifactory
password: password
 Start Artifactory.
/etc/init.d/artifactory start
 Check Artifactory Log.
tail -f $JFROG_HOME/artifactory/var/log/console.log
 Access Artifactory from your browser at: https://gsep.daimler.com/ui/ or

https://gsep.daimler.com/artifactory . For example, on your local
machine: http://localhost:8082/ui
 By default data folder will point to “<ARTIFACTORY_HOME>/data/”, if this has to be pointed

out to somewhere else i.e. external NFS please change the below configuration.
 Open “binarystore.xml”, comment all the lines in that file and add the below parameters
<config version="v1">
<chain template="file-system"/>
<provider id="file-system" type="file-system">
<baseDataDir>[ARTIFACTORY_HOME]/data</baseDataDir>
<fileStoreDir>[Shared NFS Path]/filestore</fileStoreDir>
<tempDir> [Shared NFS Path]/temp</tempDir>
</provider>
</config>
 Create two folders filestore & temp under [Shared NFS Path] and change the os user
permission which is there for Artifactory.
reboot

Page 186 of 259

Babu R (623)
1.10.17.5 License Setup
screenshot below).

Go to Admin  General Configuration under Configuration
Page 187 of 259

Babu R (623)
“Custom Base URL” will be different based on the instance.
For EDC Artifactory – https://gsep.daimler.com/artifactory
For Sunnyvale Artifactory - https://s624suselnx0001.us624.corpintra.net/artifactory
For India Artifactory - https://gsep.in623.corpintra.net/artifactory
Go to Admin  Proxies under Configuration
Page 188 of 259

Babu R (623)
1.10.17.7 Artifactory Crowd Integration
Go to Admin  Crowd/Jira under Security
Page 189 of 259

Babu R (623)
1.10.17.9 Artifactory Database configuration

Database Configuration is explained in 3.2.9.13.2 section.
1.10.17.10 Restart
/etc/init.d/artifactory start # to start the application
/etc/init.d/artifactory stop # to stop the application
/etc/init.d/artifactory restart # to restart the application
/etc/init.d/artifactory status # to retrieve the current status of the
application

 Login to Ansible controller.
 Redirect to “/etc/ansible/artifactory-app-upgrade.yml” file.
 Verify the “hosts” section, it should be “Artifactory”. Refer “/etc/ansible/host” file for detail.
 Similarly go to “/etc/ansible/ansible_vars/hosts_vars/artifactory-upgrade.yml” and change
and verify the “os_user”, “app_name”, “app_version”, “app_old_version”, “host_name”.
Note – “app_old_version” should be the existing app version and “app_version” should be app
version which you are going to upgrade.
 Do the changes for necessary files and save it.

 Now redirect to below path and execute the command.
Page 190 of 259
Babu R (623)
root@sedcagse0980: cd /etc/ansible/
root@sedcagse0980:/etc/ansible: ansible-playbook artifactory-app-
upgrade.yml
 Application should be upgraded to target version.

 Now verify all the configurations and start the application.
1.10.18 Jfrog Xray Setup
1.7).
Docker Installation
Docker Requirements
For Docker and Docker Compose installations, JFrog services require Docker v18 and Docker
Compose v1.24 and up to be installed on the machine on which you want to run on.
Docker Offline Install
Method #1 - Using Artifactory with Anonymous permissions for Remote repository.
Use this method for environments that does not have internet access, but can access an Artifactory
instance.Either have a remote Docker repository pointing to 'https://docker.bintray.io' or have the
files manually deployed to another Docker repository.
In order for the 'docker-compose.yaml' script to use Artifactory instead of the default Bintray Docker
repository, add the following setting to the .env configuration file:
$ vim /opt/jfrog-xray-3.2.0-compose-installer/.env (to edit the file)
## Docker registry to fetch images from
DOCKER_REGISTRY="<docker-virtual>.<my-artifactory>/jfrog" (set your Docker repository)
Now you can run the script which will resolve the docker images from the configured above
repository.
*You may ask the user to grant with such permissions only a dedicated Docker repository for this
procedure.
Method #2 - Pull all the required docker images from a server that have internet access using below
commands and save the images as tar file:
1) docker pull docker.bintray.io/jfrog/xray-analysis:3.2.0
docker save docker.bintray.io/jfrog/xray-analysis:3.2.0> xray-analysis3.2.0.tar
2) docker pull docker.bintray.io/jfrog/xray-persist:3.2.0
docker save docker.bintray.io/jfrog/xray-persist:3.2.0> xray-persist3.2.0.tar
3) docker pull docker.bintray.io/jfrog/xray-indexer:3.2.0
docker save docker.bintray.io/jfrog/xray-indexer:3.2.0> xray-indexer3.2.0.tar
4) docker pull docker.bintray.io/jfrog/xray-server:3.2.0
Page 191 of 259

Babu R (623)
docker save docker.bintray.io/jfrog/xray-server:3.2.0> xray-server3.2.0.tar
5) docker pull docker.bintray.io/jfrog/router:1.1.0
docker save docker.bintray.io/jfrog/router:1.1.0 > router1.1.0.tar
6) docker pull docker.bintray.io/jfrog/xray-rabbitmq:3.7.0-management
docker save docker.bintray.io/jfrog/xray-rabbitmq:3.7.0-management > xray-rabbitmq3.7.0-
management.tar
7) docker pull docker.bintray.io/jfrog/xray-postgres:9.5.2
docker save docker.bintray.io/jfrog/xray-postgres:9.5.2 > xray-postgres9.5.2.tar
Now using winscp send the tar files to the Xray server that has no internet access:
Then run the below commands to load the docker images from tar:
1) docker load < xray-server3.2.0.tar

2) docker load < xray-indexer3.2.0.tar
3) docker load < router1.1.0.tar
4) docker load < xray-persist3.2.0.tar
5) docker load < xray-analysis3.2.0.tar
7) docker load < xray-rabbitmq3.7.0-management.tar
8) docker load < xray-postgres9.5.2.tar
Now after changing the tar files into images, download the docker installation script from
here: https://gsep.daimler.com/stash/projects/GSEPDM/repos/jfrog-xray-installation-conf-file/
browse/Jfrog_Xray
Install and start Xray:
The installation process will prompt you for a "root folder". You may keep the default (current)
location or specify another location on your machine. Choose this location carefully since you may
not change it later, and this is where JFrog Xray saves its data, configuration files and logs. The Xray
installer will only prompt you for this location for initial installation. It is stored for later use when
upgrading.
To install Xray, run the following command:
Docker Compose Installation
1. Download the package . Extract the contents of the compressed archive and go to
the extracted folder.
tar -xvf jfrog-xray-<version>-compose.tar.gz

cd jfrog-xray-<version>-compose.tar.gz
2. Run the config.sh script to setup folders with required ownership. Note: the script
will prompt you with a series of mandatory inputs, including if this is part of a cluster,
and configure the needed system.yaml.
./config.sh
Configure the service

Connection to Artifactory (joinKey and jfrogUrl)
Page 192 of 259

Babu R (623)
jfrogUrl : http://<Artifactory IPAddress>:8082
joinkey : Admin>security>Settings>Join Key
3. Start and manage Xray using docker-compose commands. Note: Run this command
only from the extracted folder. Run the following command:
cd jfrog-xray-<version>-compose
docker-compose -p xray up -d
docker-compose -p xray ps
docker-compose -p xray down
4. JFrog Xray can be accessed on the browser at: https://gsep.daimler.com/ui/, go the

Security & Compliance tab in the Application module in the UI.
5. Check Xray Log.
docker-compose -p xray logs

tail -f $JFROG_HOME/xray/var/log/console.log

Docker-compose –p xray up -d
1.10.18.5 General Configuration

Xray's configuration parameters are stored in its configuration file which is located at <xray-compose-
version>/.env for the Docker compose installation.
Indexing Resources
Page 193 of 259

Babu R (623)
To avoid a lengthy and intensive analysis processes, Xray does not automatically analyze all the
resources in the system but allows you to manually select the repositories, builds and release
bundles to be indexed.
To configure your indexed resources, in the Administration module, go to Xray Security and
Compliance | General and click Indexed Resources.
From the Indexed Resources page:
 Select the resource type to index (Repositories | Builds | Release Bundles).

 Add Repositories/Builds/Release Bundles from the available resources in Artifactory.
 For repositories, from the list of available repositories in Artifactory.
 For builds and release Bundles, according to Name or Patter.
 Review the list of added resources.
1.10.18.6 Advanced Settings

Xray is built on a set of microservices that perform its actions in the realm of indexing artifacts,
communicating with Artifactory, managing events and notifications and so on.
To configure these settings, in the Administration module, go to Xray Security and Compliance |
Advanced and click Settings.
The following advanced configurations are available:
 Basic Settings: allows enabling Xray, configuring the behaviour when it is unavailable and for blocked
artifacts.
 System Parameters: provides system settings.
 Queue Workers: provides several parameters for tweaking Xray performance by changing the
number of workers performing the different tasks.
Note: Adjusting these parameters may affect your system's performance,
Page 194 of 259

Babu R (623)
1.10.18.7 Database Synchronization
1.10.19 Zephyr Setup
 You have completed the common system setup for the Zephyr target server (see chapter
1.7).
 You are logged in as root on the Zephyr target server
1.10.19.2 Console Installation
1. Download Zephyr package(zephyr_5_0_15001_linux_setup.sh) from
http://download.yourzephyr.com/linux/download.php
2. Copy the downloaded package to destination server

3. Download the ojdbc7.jar from site https://oracle.com/ and save it destination server
Run the download zephyr script as below.
root@sedcagse0380:/opt/atlassian/packages : ./zephyr_5_1_15434_linux_setup.sh
Starting Installer ...
Page 195 of 259
Babu R (623)
This will install Zephyr 5.1 on your computer.
OK [o, Enter], Cancel [c]
Welcome
This will Install Zephyr 5.1 on your computer.
It is recommended that you close all other applications before continuing.
Choose type:
Install [1, Enter], Upgrade [2]
1
Requirements
Requirements
Server
OS: RedHat Enterprise
CentOS
Ubuntu/Debian
SUSE/openSUSE
CPU: Quad-core CPU Intel Pentium or AMD Opteron (2Ghz or higher)
RAM: Minimum 8GB; Preferred 12GB
Disk Space: At least 5GB Free
Networking: Wired Ethernet

Static IP address
If Firewall exists, please allow ports
80, 443, 8005, 8009 , 3306
Account: Superuser (root) access to the machine

Installer and services need to be installed as "root"
[Enter]
Software: No other Tomcat is installed on the machine

Sun JDK 8 which can be downloaded from here.
Not Supported:
1.6 , 1.7
Client
OS: Any
Browser: Chrome, Mozilla Firefox, Microsoft Internet Explorer 11
Other: Screen resolution of 1280x1024 (1280x800 for widescreen) or
higher
Turn off pop-up blockers and Flash blockers.
Client machine should have access to port 80 of Zephyr Server machine.
License Agreement
D Software End User License Agreement
IMPORTANT - PLEASE READ CAREFULLY:

Keep hitting [enter] until the license agreement get passed.
Page 196 of 259

Babu R (623)
[Enter]
I accept the terms of this license agreement [1], I do not accept the terms of this license agreement [2, Enter]
1
Select Destination Location
Setup will install Zephyr into the following folder.
To continue click Next. If you would like to select a different folder, click Browse
[{install_dir}]
At least 5120 MB of free disk space is required.

Available disk space: 202304 MB
Select Zephyr Deployment
Please select the appropriate deployment for this installation:
Choose deployment type:

Server deployment [1, Enter], Data Center deployment [2]
2
License File
License Key File:
[/opt/atlassian/packages/license.lic]
Customization
Server Port :
[80]
8080
Tomcat Server Shutdown Port:
[8005]
Note: If you had just uninstalled. Please wait few miniutes for the port to get free and try again.
Configure Database
Database Type:
MySQL [1, Enter]
Oracle [2]
Microsoft SQL Server [3]
2
Database Character Set: utf8
Password:
[]
<ITCC user DB password>
Dversion Database Configuration:

Password:
[]
<DVERSION userd DB password>
Database URL Configuration:

Sample URL: jdbc:oracle:thin:@<hostname>:<port>:<sid>
Database URL:
[]
jdbc:oracle:thin:@sedcbgse0000:1563:zpr_int
Database Driver File:
[]
/opt/atlassian/packages/ojdbc7.jar
Please check our documentation to learn more on how to connect Zephyr to a database.
http://www.yourzephyr.com/clickthru/redirect.php?f1=db_driver_config
Extracting files ...
--------------------------------------------------------
-- File created - Thursday-February-18-2016
Page 197 of 259

Babu R (623)
--------------------------------------------------------
DECLARE
type namesarray IS VARRAY(97) OF VARCHAR2(512);
Now this will install the zephyr application.
Done!
Zephyr 5.1 has now been installed on your computer.
Zephyr Desktop will now be launched automatically.

You can access additional help from the Zephyr installation.
Click Finish to exit setup.
Launch Zephyr Desktop?

Yes [y, Enter], No [n]
n
Finishing installation ...
root@sedcagse0380:/opt/atlassian/packages :

<Connector port="8080" protocol="HTTP/1.1"

scheme="https"
proxyName="gsep.app.corpintra.net"
proxyPort="443"
secure="true"
connectionTimeout="20000"
useBodyEncodingForURI="true"
redirectPort="8443"
compression="on"
compressableMimeType="text/html,text/xml,text/plain,text/css,application/json,application/
javascript,application/x-javascript"/>
Set the context path:
After line 147 add below:
<Context
docBase="flex/"
path="/zephyr"
Debug="0"
reloadable="false"/>
vi {install_dir}/tomcat/bin/ catalina.sh
in 241 line add
JAVA_OPTS="$JAVA_OPTS -Dhttp.proxyHost=security-proxy.emea.svc.corpintra.net -Dhttp.proxyPort=3128 -

Dhttps.proxyHost=security-proxy.emea.svc.corpintra.net -Dhttps.proxyPort=3128 -Dhttp.nonProxyHosts=localhost\|
127.0.0.1\|53.31.30.90 -Dcrowd.property.http.proxy.host=security-proxy.emea.svc.corpintra.net -
Dcrowd.property.http.proxy.port=3128 -Datlassian.plugins.enable.wait=300 -DZEPHYR.PROXY.HOST=security-
proxy.emea.svc.corpintra.net -DZEPHYR.PROXY.PORT=3128"
Page 198 of 259

Babu R (623)
reboot

1.10.19.6 Zephyr Crowd Integration
1.10.19.7 Jira Zephyr Integration

1.10.19.10Restart
/etc/init.d/ZephyrService.sh start # to start the application
/etc/init.d/ZephyrService.sh stop # to stop the application
Page 199 of 259

Babu R (623)
1.10.20 Protex (BlackDuck) setup
 You have completed the common system setup for the Protex target server (see chapter 1.7).
 You are logged in as root on the protex target server.
 Contact protex vendor and get the dependency packages
 Copy dependency packages to the protex target server
1.10.20.2 Installation steps
Step 1: Go to packages directory and run the setup.
root@sedcagse0150:/opt/foss/package : ./install.sh -i console

Total number of files in Installation Media matches md5sum.txt
Do you want to verify the Installation Media which may take up to 30 minutes? (yes/no) no
Unsetting DISPLAY for console mode
Extracting 64bit jre...
Preparing to install...
Extracting the JRE from the installer archive...
Unpacking the JRE...
Extracting the installation resources from the installer archive...
Configuring the installer for this system's environment...
Launching installer...
===============================================================================
Protex (created with InstallAnywhere)
-------------------------------------------------------------------------------
Preparing CONSOLE Mode Installation...
===============================================================================
Introduction
------------
InstallAnywhere guides you through the installation of Black Duck Protex Server
7.3.0.0.
You should quit all programs before continuing with this installation.
Respond to each prompt to proceed to the next step in the installation. If you
Want to change something on a previous step, type 'back'.
Type 'quit' to halt this installation at any time.
PRESS <ENTER> TO CONTINUE:
Press enter to continue setup
Step 2: Select full server installation: choose option 1 and press enter to proceed next step
Please choose server type

->1- Full Server Installation
2- Application Server Installation Only
ENTER THE NUMBER FOR YOUR CHOICE, OR PRESS <ENTER> TO ACCEPT THE DEFAULT::
Press enter to continue setup
Step 3 : Choose installation directory /opt/blackduck/protexIP

Page 200 of 259
Babu R (623)
Click Enter to install in Default Folder: /opt/blackduck/protexIP
Step 4 : Select database - Choose PostgreSQL admin home directory as default
Press enter to choose Default: /var/lib/bds-protexip/data
Step 5 : Choose search index directory
=================
Choose search index directory-----------------------------
Where would you like the search index to be stored?
It must contain "solr" as the last element (see default).
If not, the installation creates the folder ending in "solr".
Please specify a folder:
(Default: /var/lib/bds-protexip/solr):
Press enter to choose default directory as /var/lib/bds-protexip/solr
Step 6: Configure tomcat definations
===============
Tomcat Definitions : Please select as mentioned below
------------------
Run as 'root'? (Y/N): Y
Use HTTPS Connection? (Y/N): N
Port (Default: 80): 8080
Shutdown Port (Default: 8005):8005
Step 7: Choose link location as below
===============
Choose Link Location
--------------------
Where would you like to create links?
Page 201 of 259

Babu R (623)
->1- Default: /usr/local/bin
2- In your home folder
3- Choose another location...
4- Don't create links
ENTER THE NUMBER OF AN OPTION ABOVE, OR PRESS <ENTER> TO ACCEPT THE DEFAULT
Choose default location for links, select option 1 and proceed for next step
You will be prompted for Pre-Installation Summary
Press enter to start the installation
===============================================================================
Installing...
-------------
[==================|==================|==================|==================]
[------------------|------------------|-------
-----------|------------------]
===============================================================================
Installation Complete
---------------------
Congratulations. Black Duck Protex Server has been successfully installed to:
/opt/blackduck/protexIP
PRESS <ENTER> TO EXIT THE INSTALLER: root@sedcagse0150:/opt/foss/package :
Press enter to exit the installer .
Step 8: Create soft link in blackduck home directory for source code storage
We do not have disc space under “/” hence we are creating soft link under /home/blackduck directory so that
source code will be visible for users in UI .
Create a new directory “/opt/source_code/FOSS_Source_Code_Scan”and create a soft link like below.
$ cd /opt
$ mkdir source_code
Page 202 of 259
Babu R (623)
$ mkdir FOSS_Source_Code_Scan
$ ln -s /opt/source_code/FOSS_Source_Code_Scan /home/blackduck/FOSS_Source_Code_Scan
Step 9 : Configure GSEP web based setup
Adjust setenv.sh configurations .
$ vim /opt/blackduck/protexIP/tomcat/conf/server.xml
$ vim server.xml
Around line 61 add gsep proxy name and save the file .
port="8080" proxyName="gsep-protex.app.corpintra.net"
proxyPort="443" scheme="https" secure="true"

reboot
1.10.20.4 Web server configurations
Go to webserver and add below content and save the file
$ vim /etc/apache2/conf.d/gsep_proxy.conf
<VirtualHost *:80>
#--- Add this section at the top of the file

# Hardening related stuff
# -----------------------
# Deactivate Tracing (that can be used for attacks)

TraceEnable off
# Unset ETag header

Header unset ETag
# Landing page
<LocationMatch "^.*">
Require all granted
# Limit all requests to common http verbs

Page 203 of 259
Babu R (623)
<LimitExcept GET HEAD POST PUT DELETE>
Require all denied
</LimitExcept>
# disable http 1.0 protocol - Uh Oh This seems to kill the Loadbalancer... so we'll disable that
for now
#RewriteEngine On
#RewriteCond %{THE_REQUEST} !HTTP/1.1$
#RewriteRule .* - [F]
# disable ETAG
FileETag None
# Limit request bodies to 500kb (this may create upload problems! then we have to adjust)
LimitRequestBody 512000
# Secure Cookies (this kills crowd sso login - what a pitty :-( )
#Header edit Set-Cookie ^((?!HttpOnly).)*$ $1;HttpOnly
#Header edit Set-Cookie ^((?!Secure).)*$ $1;Secure
# Cross Site Scripting protection (this may block REST API calls! then we have to adjust)
Header merge X-XSS-Protection "1; mode=block"
# Clickjacking protection
Header merge X-Frame-Options SAMEORIGIN
# Prevent mime-sniffing
# Header merge X-Content-Type-Options "nosniff"
# Change tomcat server name: this works only for proxied responses
Header set Server "Apache"
</LocationMatch>
# Proxying
# --------
#---
ServerName gsep-protex.app.corpintra.net
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
Require all granted
Page 204 of 259

Babu R (623)
</Proxy>
AllowEncodedSlashes On
ProxyPass / http://53.31.30.34:8080/
ProxyPassReverse / http://53.31.30.34:8080/
ErrorLog logs/error.log
ErrorDocument 502 /maintenance_page/maintenance.html

ErrorDocument 503 /maintenance_page/maintenance.html
</VirtualHost>
Restart apache to apply the changes
$ apachectl -k restart
1.10.20.5 Connect Vendor Databse

Once setup is done we need to connect vendor database in order to get KB, Software upgrades
automatically
Click on *cog icon > Administration > Registration
https://gsep-protex.app.corpintra.net/p/admin#registration
Add Registration ID and HTTP/HTTPS proxy details, then click on save proxy settings.
1.10.20.6 Configure Schedule Upgrades

Schedule upgrades in non-business hours, to configure click on *cog icon --> Administration -->
Updates --> Auto-Update Schedule and schedule accordingly.
Page 205 of 259

Babu R (623)
1.10.20.7 Stop-Start Application
/etc/init.d/bds-protexIP-tomcat stop
/etc/init.d/bds-protexIP-tomcat start
1.10.20.8 Log files

The logfiles are located in /opt/blackduck/protexIP/tomcat/logs.
1.10.21 GSEP Utilities setup
 You have completed the common system setup for the GSEP Utilities target server (see
chapter 1.7).
1.10.21.2 Download and move the installation File

 Take the application WAR files from the GSEP Bitbucket location:
https://gsep.daimler.com/stash/projects/GSEPDM/repos/gsep_utilities/browse
(Utilities.war)
 Latest Version of Tomcat Application server could be available at the project site:
http://tomcat.apache.org/
To download the package directly from the Linux command line, you'll use a command that looks
something like this:
$ wget
http://apache.YourFavoriteMirror.com/tomcat/tomcat-[#]/v[#]/apache-
tomcat-[#].tar.gz
1.10.21.3 Tomcat Installation

1. Extract the package that had been downloaded from 3.1.1.1.2
Page 206 of 259

Babu R (623)
$ tar xvzf apache-tomcat-[#].tar.gz
2. And move the extracted folder into a dedicated directory

$ sudo mv apache-tomcat-[#] /path/to/directory/
1.10.21.4 Placing Application within Tomcat

Go to the directory where the Utilities.war file had been downloaded and move it to the
correct path using the below command.
mv Utilities.war /{install_dir}/webapps/
1.10.21.5 Log Configuration

Create a directory named logs inside the installation folder with the below command:
mkdir /{install_dir}/logs

/etc/init.d/utilities start # to start the application

/etc/init.d/utilities stop # to stop the application
/etc/init.d/utilities restart # to restart the application
/etc/init.d/utilities status # to retrieve the current status
of the application
ps aux | grep utilities
If this returns a java process (tomcat) then GSEP Utilities is running.

1.10.21.7 Finish
Now you’re done with the basic Helpdesk setup. You should now be able to verify the same at
https://gsep.app.corpintra.net/utilities
1.10.21.8 Log files

The log files are located in {install_dir}/logs.
Page 207 of 259

Babu R (623)
This section lists further resources for GSEP Utilities.
 GSEP Utilities Database Design

https://gsep.daimler.com/confluence/display/GSEPSKB/GSEP+Utilities+Database+Design
 Utilities RFC Document

https://gsep.daimler.com/confluence/display/GSEPSKB/Utilities+RFC+Document
 Apache Tomcat Installation

https://www.mulesoft.com/tcat/tomcat-linux
1.10.22 GSEP Project Automation Service setup
 You have completed the common system setup for the HelpDesk target server (see chapter
1.7).
https://gsep.daimler.com/stash/projects/GSEPDM/repos/gsep_projectautomation/browse
(projectAutomation-0.0.1-SNAPSHOT.jar)
$ wget
tomcat-[#].tar.gz


$ sudo mv apache-tomcat-[#] /{install_dir}

Go to the directory where the projectAutomation-0.0.1-SNAPSHOT.jar file had been
downloaded and move it to the correct path using the below command.
mv projectAutomation-0.0.1-SNAPSHOT.jar /{install_dir}/webapps/
1.10.22.5 Configuring the Logs

Page 208 of 259

Babu R (623)
1.10.22.6 Start the Application

Navigate to the bin folder in tomcat with the below command
cd /{install_dir}/bin
Execute the start command as shown below

./startup.sh
Tomcat runs on port 8080 by default. To check if your server is up and running correctly,
use:
$ ps -ef | grep java | grep 8080
If this command returns the Catalina process, Tomcat is up and running. You should now be able to
verify the same at https://gsep.app.corpintra.net/projectAutomation/service
/etc/init.d/projectAutomation start # to start the application

/etc/init.d/projectAutomation stop # to stop the application
/etc/init.d/projectAutomation restart # to restart the application
/etc/init.d/projectAutomation status # to retrieve the current status
of the application
ps aux | grep projectAutomation
If this returns a java process (tomcat) then projectAutomation is running.

1.10.22.8 Finish
https://gsep.app.corpintra.net/projectAutomation/service
1.10.22.9 Log files
1.10.22.10Reference links
This section lists further resources for Project Automation.
 GSEP Project Automation API Updates

https://gsep.daimler.com/confluence/display/GSEPSKB/GSEP+Project+Automation+API+Updates
 Sequence Diagram Project Automation
https://gsep.daimler.com/confluence/display/GSEPSKB/Sequence+Diagram+Project+Automation
 GSEP Project Automation Design Document
https://gsep.daimler.com/confluence/display/GSEPSKB/
GSEP+Project+Automation+Design+Document
1.10.23 GSEP Helpdesk setup
Page 209 of 259

Babu R (623)
 You have completed the common system setup for the HelpDesk target server (see chapter
1.7).
https://gsep.daimler.com/stash/projects/GSEPDM/repos/helpdeskmaven/browse
(helpdesk.war)
$ wget
tomcat-[#].tar.gz


$ sudo mv apache-tomcat-[#] /{install_dir}
1.10.23.4 Placing Helpdesk within Tomcat

Go to the directory where the helpdesk.war file had been downloaded and move it to the
correct path using the below command.
mv helpdesk.war /{install_dir}/webapps/
1.10.23.5 Configuring the Logs

1.10.23.6 Start the Application


./startup.sh
Tomcat runs on port 8080 by default. To check if your server is up and running correctly,
use:
$ ps -ef | grep java | grep 8080
If this command returns the Catalina process, Tomcat is up and running. You should now be able to
access the application at https://gsep.app.corpintra.net/helpdesk
Page 210 of 259

Babu R (623)
1.10.23.7 Finish
Now you’re done with the basic Helpdesk setup. You should now be able to access the application at
https://gsep.app.corpintra.net/helpdesk
1.10.23.8 Log files

 GSEP Helpdesk Usage Manual

https://gsep.daimler.com/confluence/display/GSEPSKB/GSEP+Helpdesk+Usage+Manual
1.10.24 GSEP User Automation setup
 You have completed the common system setup for the GSEP Utilities target server (see
chapter 1.7).

https://gsep.daimler.com/stash/projects/GSEPDM/repos/usermanagement/browse
(GSEPUserAutomaton.war)
Page 211 of 259

Babu R (623)
$ wget
tomcat-[#].tar.gz


$ sudo mv apache-tomcat-[#] /path/to/directory/

Go to the directory where the GSEPUserAutomaton.war file had been downloaded and move
it to the correct path using the below command.
mv GSEPUserAutomaton.war /{install_dir}/webapps/
1.10.24.5 Log Configuration



./startup.sh
1.10.24.7 Finish
https://gsep.app.corpintra.net/utilities
1.10.24.8 Log files

Page 212 of 259

Babu R (623)
This section lists further resources for GSEP Utilities.
 User Management Process

https://gsep.daimler.com/confluence/display/GSEPSKB/User+Management+Process
 GSEP Utilities Database Design

https://gsep.daimler.com/confluence/display/GSEPSKB/GSEP+Utilities+Database+Design
 Utilities RFC Document

https://gsep.daimler.com/confluence/display/GSEPSKB/Utilities+RFC+Document

1.10.25 CJOC Setup
 You are logged in as root on the cloudbees Jenkins operations center target server.
 Copy packages from internet and keep it in /opt directory Apache-tomcat package & cjoc war
cloudbees-core-oc.war
1.10.25.2 Installation and configurations

Login to server with root access and create the folders as below,
root@sedcagse0960:/opt : mkdir cjoc
Copy software packages (Apache-tomcat)
root@sedcagse0980:/opt/CJOC : cp /opt/apache-tomcat-8.5.41.tar.gz .
Extract apache-tomcat software
root@sedcagse0960:/opt/CJOC : tar -xvzf apache-tomcat-8.5.41.tar.gz
Rename war file to cjoc
root@sedcagse0960:/opt : mv cloudbees-core-oc.war cjoc.war
Go to web apps directory Copy CJOC war package
root@sedcagse0960:/opt/cjoc/apache-tomcat-8.5.41/webapps/: cp /op t/cjoc.war .
Edit the below catalina.sh file
root@sedcagse0960:/opt/cjoc/apache-tomcat-8.5.41/bin : vi catalina.sh
Line 115, add following content
CATALINA_OPTS="$CATALINA_OPTS -Dhudson.TcpSlaveAgentListener.hostName=sedcagse0920 -
Dhttp.proxyHost=security-proxy.emea.svc.corpintra.net -Dhttp.proxyPort=3128 -
Dhttps.proxyHost=security-proxy.emea.svc.corpintra.net -Dhttps.proxyPort=3128 -
Page 213 of 259

Babu R (623)
Dhttp.nonProxyHosts=localhost\|127.0.0.1 -Dcrowd.property.http.proxy.host=security-
proxy.emea.svc.corpintra.net -Dcrowd.property.http.proxy.port=3128
-DJENKINS_HOME=/opt/cjoc/jenkins_home -Xms3072m -Xmx10240m -XX:+UseG1GC -
Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true"
1.10.25.3 Permissions and startup script

We have completed setup in 3.2.9.18.2 , Now create softlink to apache-tomcat
Go to /opt/cjoc directory and change the permissions
root@sedcagse0960:/opt/cjoc : chown –R jenkins_int_osuser.users *
Create application startup script
root@sedcagse0960:/opt/cjoc : touch /etc/init.d/cjoc
Add following script in init.d
#!/bin/sh
APP=jenkins
USER=jenkins_int_osuser
APPBASE=/opt/cjoc/$APP
APPHOME=$APPBASE-home
STARTUPSCRIPT=$APPBASE/bin/startup.sh
SHUTDOWNSCRIPT=$APPBASE/bin/shutdown.sh
echo "Atlassian $APP init-script"

echo "--------------------------------"
echo ""
echo "APPBASE=$APPBASE"
echo "USER=$USER"
echo "STARTUPSCRIPT=$STARTUPSCRIPT"
echo "SHUTDOWNSCRIPT=$SHUTDOWNSCRIPT"
# define function that will find running tomcat process id

tomcat_pid() {
echo `ps aux | grep "Dcatalina.base=$APPBASE" | grep -v grep | awk '{ print $2 }'`
}
# test installation
test -x $STARTUPSCRIPT || { echo "$STARTUPSCRIPT was not found.";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
test -x $SHUTDOWNSCRIPT || { echo "$SHUTDOWNSCRIPT was not found.";

if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
# switch for different arguments

case "$1" in
start)
# "start" argument
echo "Starting "$APP
# start app with given user
su - $USER -c "$STARTUPSCRIPT"
;;
stop)
# "stop argument
echo "Shutting down "$APP
# stop app with given user
su - $USER -c "$SHUTDOWNSCRIPT"
;;
restart)
## Stop the service and regardless of whether it was
## running or not, start it again.
Page 214 of 259

Babu R (623)
#$0 stop
#$0 start
su - $USER -c "$SHUTDOWNSCRIPT"
echo "Shutting down "$APP
sleep 5
su - $USER -c "$STARTUPSCRIPT"
;;
status)
pid=$(tomcat_pid)
if [ -n "$pid" ]
then
echo "$APP is running with pid: $pid."
else
echo "$APP is not running."
fi
;;
*)
echo "Usage: /etc/init.d/$APP {start|stop|restart|status}"
exit 1
esac
exit 0
1.10.25.4 Web Server configuration

Configure CJOC URL in webservers in order to access the application via https://gsep.daimler.com
 Login to sedcigse0090 & sedcigse0100server and add CJOC details in haproxy configuration
$ vim /etc/haproxy/haproxy.conf
##Around line no 150 add below content
acl path_cjoc path_beg /cjoc
use_backend backend_920_8080 if path_cjoc
##Around line no 250 add below content
backend backend_920_8080
server cjoc 53.31.55.20:8080 check
 Reload haproxy services

$ service haproxy reload
Now you can access application via https://gsep.daimler.com/cjoc

1.10.25.5 Application runbook
Start application by running following command
root@sedcagse0960:/opt : /etc/init.d/cjoc start
Stop application by running following command
root@sedcagse0960:/opt : /etc/init.d/cjoc stop
Restart application by running following command
root@sedcagse0960:/opt : /etc/init.d/cjoc restart
Page 215 of 259

Babu R (623)
1.10.26 Bitbucket Mirror Instance setup
 You have completed the common system setup for the stash target server (see chapter 1.7).
 The server has SSH client available
 IP whitelisting done for 7999 port in the primary Bitbucket node
Edit the following files on your Bitbucket-mirror target server.
${install_dir}/bin/set-bitbucket-home.sh
Add below home path:

BITBUCKET_HOME=${home_dir}
${install_dir}/bin/_start-webapp.sh
In line 22 change:
to
JVM_SUPPORT_RECOMMENDED_ARGS="-javaagent:/opt/appdynamics/AppServerAgent-
Bitbucket-Sunnyvale/javaagent.jar -Datlassian.org.osgi.framework.bootdelegation=META-
*,javax.servlet,javax.servlet.*,com.sun.xml.bind.* -Dhttp.proxyHost=security-
proxy.emea.svc.corpintra.net -Dhttps.proxyPort=3128 -Dhttp.nonProxyHosts=localhost\|
127.0.0.1\|53.255.82.226\|53.31.30.160\|53.255.101.10\|53.255.101.11\|53.255.82.24\|
53.255.99.10\|141.113.99.31 -Dcrowd.property.http.proxy.host=security-
proxy.emea.svc.corpintra.net -Dcrowd.property.http.proxy.port=3128"

to
In line 44 uncomment the command by changing:

# umask 0027
to
umask 0027
${home_dir}/bitbucket.properties
server.port=8080
server.scheme=https
server.proxy-name={proxyname}
Page 216 of 259

Babu R (623)
server.secure=true
server.context-path={contextpath}
reboot

1.10.26.5 Instance Selection

1.10.26.6 Set up the Mirror
{sitename}
{url}
{url} of primary server
Page 217 of 259

Babu R (623)
1.10.26.7 Approve Bitbucket mirror request
Once a mirror has been installed and configured a request is sent to the primary Bitbucket Data
Center instance
Within the primary Bitbucket Data Center instance, go to Admin > Mirrors, and you will see the
name of the mirror and that approval is required
Click Approve to approve the mirror request and start syncing the projects and repositories of the
primary Bitbucket Data Center instance
1.10.26.8 Decide which projects to mirror
Once a mirror instance is approved you need to decide which projects to mirror. Go to Admin >
Mirrors and type in the name of a project in the search box. Do this for each projects you want to
mirror.
You can also choose to mirror all projects.

Bitbucket mirror can be started by the init-script (as noted in chapter ):
/etc/init.d/bitbucket_mirror start # to start the application

/etc/init.d/bitbucket_mirror stop # to stop the application
/etc/init.d/bitbucket_mirror restart # to restart the application
/etc/init.d/bitbucket_mirror status # to retrieve the current status
of the application
To check whether mirror is running you can also use
ps aux | grep bitbucket
If this returns a java process (tomcat) then BitBucket mirror is running.
1.10.26.10 Backup
 Backup of Application Filesystem is integrated in EDC standard process (refer 3.8).
Refer the document Backup and Recovery for BitBucket Mirror

1.10.26.11Log files
The log files are located in {home_dir}/log and in {install_dir}/logs.
1.10.26.12Reference Links
 Bitbucket Documentation Home
https://confluence.atlassian.com/bitbucketserver/administering-bitbucket-server-
776640044.html
 Smart Mirroring
https://confluence.atlassian.com/bitbucketserver/smart-mirroring-776640046.html
 Bitbucket Mirror Installation Guide
https://confluence.atlassian.com/bitbucketserver/set-up-a-mirror-790632894.html
 Troubleshooting Smart Mirroring
https://confluence.atlassian.com/bitbucketserverkb/troubleshooting-smart-mirroring-
838407670.html
 Backup and Recovery for BitBucket Mirror
Page 218 of 259
Babu R (623)
https://gsep.daimler.com/confluence/display/GSEPDMINTE/
Backup+and+Recovery+of+Sunnyvale+Mirror
 Stash Knowledge Base: Troubleshooting Installation Problems
https://confluence.atlassian.com/display/STASHKB/Troubleshooting+Installation
1.11 JFROG Mission Control

1.11.1 Prerequisites
 The below system requirements are set:

 Openjdk 11 is required.
 Docker and Docker Compose is installed in system.
 All the required ports are open.
1.11.2 Installation and configuration

 Log in to the a server which has internet connection and run the following commands:
 docker pull docker.bintray.io/jfrog/elasticsearch-oss:6.6.0>elasticsearch-oss-6.6.0.tar

docker pull docker.bintray.io/postgres:9.6.11>postgres-9.6.11.tar
docker pull docker.bintray.io/jfrog/mission-control:4.2.0>mission-control-4.2.0.tar
docker pull docker.bintray.io/jfrog/insight-scheduler:4.2.0>insight-scheduler-4.2.0.tar
docker pull docker.bintray.io/jfrog/insight-executor:4.2.0>insight-executor-4.2.0.tar
docker pull docker.bintray.io/jfrog/insight-server:4.2.0>insight-server-4.2.0.tar

docker save docker.bintray.io/jfrog/elasticsearch-oss:6.6.0>elasticsearch-oss-6.6.0.tar
docker save docker.bintray.io/postgres:9.6.11>postgres-9.6.11.tar
docker save docker.bintray.io/jfrog/mission-control:4.2.0>mission-control-4.2.0.tar
docker save docker.bintray.io/jfrog/insight-scheduler:4.2.0>insight-scheduler-4.2.0.tar
docker save docker.bintray.io/jfrog/insight-executor:4.2.0>insight-executor-4.2.0.tar
docker save docker.bintray.io/jfrog/insight-server:4.2.0>insight-server-4.2.0.tar
 Save the tar images and transfer it the server where you want to install Mission Control.
Page 219 of 259

Babu R (623)
 Run the below commands in the server:
 docker load < elasticsearch-oss-6.6.0.tar
docker load < postgres-9.6.11.tar
docker load < mission-control-4.2.0.tar
docker load < insight-scheduler-4.2.0.tar
docker load < insight-executor-4.2.0.tar
docker load < insight-server-4.2.0.tar
 Place the zip folder jfrog-mc-4.2.0-compose.tar.gz” under /opt and unzip it.
 ./config.sh (give the mount folder; for eg /opt)
 docker-compose -p mc up –d (for making the services up )
 docker-compose -p mc down (for making them down)
1.11.3 Permission and startup scripts
 Edit the System.yaml file after stopping the services.

 vi /opt/mc/var/etc/system.yaml

 Start the services again.

 docker-compose -p mc up –d (for making the services up )
1.11.4 Uninstallation
 Log in to server and stop the process.
 docker-compose -p mc down
 Remove all the docker images pertaining to the Mission Control
 Docker stop <image id> && docker rm <image id>
 All the services will be removed, moreover you can delete the folders manually.
1.11.5 Log File

 Log files are stored under <Install_dir>/var/log/
Page 220 of 259
Babu R (623)
1.11.6 Reference Links
 https://www.jfrog.com/confluence/display/MC3X/Installing+with+Docker+Compose
1.12 HAproxy setup
You have completed the common system setup for the haproxy target server (see chapter 1.7).
1.12.2 HA-proxy Architecture
1.12.3 Download and move the installer rpm File

 Download the rpm file from here. This package is compatible with only SuSE SLES12 version.
Based on your OS version you can download.
 Move the package to the server or if the internet connection is enabled you can wget to
download the package.
$ wget
https://download.opensuse.org/repositories/server:/http/SLE_12/x86_64/
haproxy-1.8.14~git0.52e4d43b-5.1.x86_64.rpm
1.12.4 Haproxy Installation

 Install the downloaded rpm package.
$ rpm –ivh haproxy-1.8.14~git0.52e4d43b-5.1.x86_64.rpm
 Check and verify the package whether it is installed or not.

$ rpm -qa | grep haproxy
Page 221 of 259

Babu R (623)
 Haproxy default installation path is /etc/haproxy/.
 When you install haproxy by default os user haproxy will be created. Make sure that same
user permission should be there for /etc/haproxy directory.
 haproxy.cfg is the configuration file of haproxy which is available in /etc/haproxy directory
where you can configure all your application server details.
 When you configure load balancing using HAProxy, there are two types of sections which
need to be defined in frontend and backend. The frontend is the node by which HAProxy
listens for connections. Backend nodes are those by which HAProxy can forward requests. So
here like the same way we will configure the application details one by one in haproxy.cfg
file.
 Sample configurations are available here for future use.
*Note – Configuration parameters can be changed based on the project requirement.
1.12.5 Configuration of maintenance page in haproxy

 Open the haproxy.cfg file and add the below two parameter to configure the landing page.
errorfile 502 /srv/www/htdocs/maintenance_page/maintenance.html

errorfile 503 /srv/www/htdocs/maintenance_page/maintenance.html
 Maintenance.html is just a simple html file and can be configured based on the requirement.
1.12.6 Logger configuration for haproxy.

 Redirect to the below path and create a new file called haproxy.conf.
cd /etc/rsyslog.d/
 Open the file and add the below configurations.

$ModLoad imudp
$UDPServerRun 514
$UDPServerAddress 127.0.0.1
### keep logs in localhost ##
local0.=info -/var/log/haproxy/haproxy.log
local0.notice -/var/log/haproxy/haproxy.notice.log
local0.* -/var/log/haproxy/haproxy.log
if ($programname == 'haproxy') then -/var/log/haproxy/haproxy.log
& stop
 Now save the file and change file permission to 755 for haproxy.conf.
 Create a new directory haproxy inside /var/log/ directory and change the os user permission
to haproxy.
Page 222 of 259
Babu R (623)
chown –R haproxy:haproxy haproxy
 Now restart the rsyslog service.
service rsyslog restart
1.12.7 Start the Application

 Once the above step is done, start the haproxy.
service haproxy start
 Haproxy stop, start, status check can be done by using the below command.
service haproxy stop/start/status
 Now go to browser and hit this URL https://gsep/daimler.com/stats
 Above url will ask username and password first. Credential is configured in haproxy.cfg file.
 Once you are done above screen will appear with all the application details which are
configured in haproxy.cfg file.
 HAProxy Stats provides a lot of information about data transfer, total connection, server
state etc.
1.12.8 Redirect haproxy request to apache for GSEP landing page.

 Stop the apache service which is running now.
apachectl –k stop
 Redirect to listen.conf file available in /etc/apache2 directory.

 Open the listen.conf file and change the port from 80 to 81.
Listen 81
<IfDefine SSL>
<IfDefine !NOSSL>
<IfModule mod_ssl.c>
Listen 443
</IfModule>
</IfDefine>
</IfDefine>
 Similarly change the configured port in gsep_proxy.conf from 80 to 81 in VirtualHost.

 Now start the apache server.
Page 223 of 259

Babu R (623)
apachectl –k start
 Now in the backed section in haproxy.cfg file add the below line.
default_backend apache_servers
backend apache_servers
server server1 127.0.0.1:81
 Restart the haproxy.

 Whoever is hitting to gsep.daimler.com for GSEP-Landing page above configuration will redirect
those requests to apache where we have configured the landing page.
1.12.9 Finish
Now you are done with the basic setup for HAproxy.
1.12.10 Backup
 Backup of Application Filesystem is integrated in EDC standard process (refer 3.8).
1.12.11 Log files

The log files are located in /var/log/haproxy/ directory.

 Haproxy Architecture details.

https://gsep.daimler.com/confluence/display/GSEPJCTF/Architecture+HaProxy
 Installation steps in confluence.
https://gsep.daimler.com/confluence/pages/viewpage.action?pageId=188476536
 Haproxy configuration manual.
https://www.haproxy.org/download/1.8/doc/configuration.txt
1.13 Ansible Controller setup
You have completed the common system setup for Ansible controller target server (see chapter
1.7).
1.13.2 Overview
Ansible is an open-source software provisioning, configuration management, and application-
deployment tool. It runs on many Unix-like systems, and can configure both Unix-like systems as well
as Microsoft Windows. It includes its own declarative language to describe system configuration.
We are using python script to write and maintain the playbook for our deployment.
Page 224 of 259

Babu R (623)
1.13.3 Ansible Controller and system architecture
1.13.4 Installation of Ansible controller and other dependency packages

 Before begin with the installation of controller we need to install python to run the playbook.
 Install python(already package is available in SuSe Manager)
zypper install python
 Check the pip package is installed or not by typing (pip --version) ,if pip isn't installed install
pip by using the below command.
zypper install pip
Note - pip is a package management system used to install and manage software packages
written in Python.
 Use the command pip freeze to list all python related dependencies.
 Similarly install GCC (GNU Compiler Collection). At the time of installing a python
dependency it will search for GCC c++ compiler, install by using the below command.
zypper install gcc
Page 225 of 259

Babu R (623)
 Now we have to install all the dependency packages which are related to Ansible.
Before installing the python dependencies, check python-devel, python libffi-devel, python
openssl-devel packages are installed or not. (these pkg's are python development libraries) .
 These are the list of commands related to PIP where we can search the python related
dependencies.
pip list → list all python packages and versions

pip check → check all dependencies
pip search → searching for packages
pip config → configure the package
 Here are the list of python dependencies need to be installed before we start Ansible.
Package
asn1crypto
backports.ssl-match-hostname
bcrypt
cffi
crmsh
cryptography
cssselect
cx-Oracle
enum34
ethtool
futures
idna
ipaddress
Jinja2
lxml
MarkupSafe
msgpack-python
netaddr
parallax
paramiko
pciutils
pexpect
psutil
pyasn1
Page 226 of 259
Babu R (623)
pycparser
pycrypto
pycurl
pygobject
PyNaCl
pyOpenSSL
python-dateutil
python-dmidecode
pyudev
PyYAML
pyzmq
requests
requests-toolbelt
rhnlib
salt
setuptools
simplejson
six
suds
tornado
libffi4
Setuptools
Note – Dependency versions are depends on which version of Ansible and PIP you are installing. All
these packages need to be installed in /usr/lib/python2.7/site-packages directory.
 After installing all these dependencies, download Ansible

(https://releases.ansible.com/ansible/) from Ansible website.
 Install Ansible in python default folder (/usr/lib/python2.7/site-packages)
cd /usr/lib/python2.7/site-packages/ansible-2.6.4/
python setup.py install
Note - Once you run this command (python setup.py install) it will start installing the Ansible. If
some of the above dependencies are not available it will terminate the installation by showing
those missing dependencies list. If all are good then it will install the Ansible.
 Check the Ansible version by using the below command.
ansible --version
 Ansible controller setup is done successfully.
1.13.5 Copy the Ansible scripts to controller

All the developed automated scripts (ansible playbooks) are available here in Bitbucket. Once the
controller setup is done, copy the scripts to that controller server.
Page 227 of 259
Babu R (623)
1. Login to Ansible Controller.
2. Create a directory named “ansible” inside /etc.
3. Copy the scripts to /etc/ansible/ directory.
1.13.6 Deployment or upgrade using Ansible scripts
General Overview
 Default directory of Ansible is /etc/ansible.

 Inside this directory we have a file called hosts, destination server IP details with node name
are configured here.
 Inside “/etc/ansible/ansible_vars/hosts_vars” we have application specific configuration
files. These are the files where “application installation directory path, home directory path,
application port, JVM memory what will be configured, backup nfs path what it will use, with
which os user application will run etc..” are written. This is the main file we have to edit
based on the environment.
 Inside “/etc/ansible/roles” directory all the codes (ansible playbooks) are available.
 Inside “/etc/ansible/ansible_vars/groups_vars” directory “all.yml” is there. This file contains
the source and destination path details for deploying the package.
 Under “/etc/ansible” there is a file “jira-application.yml”, for confluence and Bitbucket
similar files are available. This is the main file which will be executed and will call the
respective ansible playbook to deploy the application. Since we have data center setup we
need to specify the node name in this file based on that it will call the hosts file and get the
IP details and connect with SSH and try to push the packages.
Upgradation Steps
 Redirect to “/etc/ansible/”. Open the “jira-application.yml” file (if you are upgrading
confluence you have to open “confluence-application.yml”).
 Change the node name where the upgrade should happen. Save and close the file.
Page 228 of 259

Babu R (623)
 Similarly go to /etc/ansible/ansible_vars/hosts_vars/jira.yml and change the host_name
with related node ip address.
root@sedcagse0980: /etc/ansible/ansible_vars/hosts_vars :
vi jira.yml  app_node_id = “Jira Node-4 “
Host_name= “53.31.30.172”
 Now check the connection from client to server.
root@sedcagse0980: /etc/ansible:
ansible –m ping jira-node4
 Now run the below command to start the upgrade.
ansible-playbook jira-application.yml
 The upgrade should start once you hit enter. You could see the console log on the same
screen. If there is an issue it will show the error message on the same screen and terminate
the upgrade.
 Similarly for plugin upgrade we have a file called “jira-addons.yml”. In the similar way
change the node name where the upgrade need to be done and hit the below command.
ansible-playbook jira-addons.yml
 Scripts will upload the new package to destination server and do the configuration and start
the application. The whole process with take almost 5 to 10 min based on the package size.
1.13.7 Finish
Now you are done with the setup of ansible controller and application upgrade.
1.13.8 Backup
 Backup of Application filesystem is integrated in EDC standard process (refer 3.8).
1.13.9 Log files

You can check the console log during the upgrade.

Page 229 of 259

Babu R (623)
 Ansible setup architecture details.
https://gsep.daimler.com/confluence/display/GSEPSKB/GSEP-
Infrastructure+Automation+Design+and+Architecture
 Presentation demo.
https://gsep.daimler.com/confluence/display/GSEPSKB/Presentation+Demo%27s+
 Installation setup and dependencies.
https://gsep.daimler.com/confluence/display/GSEPSKB/
Python+Dependencies+for+Installing+Ansible
1.14 Connecting the Atlassian applications with application links

As a final step you have to link the applications with each other.
The following overview image shows how the applications are linked. Although in most cases it
doesn’t matter from which system the link is initiated (in crucible it does matter!) the links should be
created from the systems with the arrow-source (circle) in the image.
1.14.1 No application links with Crowd

As crowd’s own base url is set to localhost:8080/crowd an application link to Crowd cannot be
established. For now that doesn’t really matter because linking to crowd doesn’t add any
functionality to any application - instead of a link to crowd in the application navigator. This link
we’ll add manually in chapter 1.15.
1.14.2 Jira with Confluence

In the Jira administration area goto “Add-ons” -> “Application Links”. Enter the Confluence url into
the input field and click “Create new link”.
Page 230 of 259

Babu R (623)
In the next popup box leave the standard settings as is and click on “Continue”. You will be redirected
to Confluence, where the application link is also established - you have to confirm it there too, and
back.
Now you can see the link to the created application. The screenshot below shows a demonstration
screen from the Daimler INT environment.
Page 231 of 259

Babu R (623)
If there are errors during link creation log into both applications and delete the links on each side.
The link creation mechanism is sometimes kind of “unstable”- but you can always retry and create
the links again. When you encounter problems it may help to open the applications to link in
different browser tabs and logging in to the administration interfaces before establishing the
application link.
Further if you misconfigured proxy settings for one of the applications they may run as you’d
expect, but an application link cannot be established. So if you encounter reproducible failures,
check your applications proxy settings (in + outbound!).
1.14.3 Jira with Stash

Do the same as above but this time establish a link to {stash:url}.
1.14.4 Jira with Bamboo

Do the same as above but this time establish a link to {bamboo:url}.
1.14.5 Confluence with Stash

In the Confluence administration area click on “Application Links” in the left pane.
Do the same as above and establish a link to {stash:url}.
1.14.6 Confluence with Bamboo

Do the same as above and establish a link to {bamboo:url}.
1.14.7 Stash with Bamboo

Do the same as above and establish a link to {bamboo:url}.
1.14.8 Crucible with Jira

Do the same as above from the crucible admin interface and establish a link to {jira:url}.
1.14.9 Crucible with Confluence

Do the same as above from the crucible admin interface and establish a link to {confluence:url}.
1.14.10 Crucible with Stash

Do the same as above from the crucible admin interface and establish a link to {stash:url}.
1.14.11 Crucible with Bamboo

Do the same as above from the crucible admin interface and establish a link to {bamboo:url}.
Page 232 of 259

Babu R (623)
1.15 Configuring application navigator
Now to complete the application linking process configure the “Application Navigator” in each
application’s administration interface and add an “Overview” Element with the url “https://{proxy}/”
at the top of the list and a “Crowd” Element with the url {crowd:url} at the bottom. To make the
configuration perfect, drag + drop the “Crucible”-Element right before the “Crowd”-Element to
match the sequence to the landing-page’s sequence. In the screenshots below you can see the fully
configured Application Navigator for Jira.
If you have problems to configure the application links (e.g. double entries etc.) you can always
click on the little refresh/reset button at the right side of the table’s column header. By clicking this
link the application navigator will reset to just the current applications entry. This is a weird
behavior, because when you enter the “Application Links” section and then go back to the
“Application Navigator” section all application links are in place again. Seems like the application
links are synced between the applications somehow... Now you just need to move the Overview
and the Crucible-Elements again to the right position and you’re done.
The application menu should now look like this in all applications (combined screenshot):
And with that matches the application sequence in the overview on the landing page.
Page 233 of 259

Babu R (623)
1.16 Oracle 12C Database setup for Artifactory India Mirror
This document explains 2 topics

1. Oracle software installation.
2. Create database instances
Version: Oracle Database 12c Release 1 (12.1.0.2.0)
1.16.1 Hosts File

The "/etc/hosts" file must contain a fully qualified name for the server.
<IP-address> <fully-qualified-machine-name> <machine-name>
For Eg.
127.0.0.1 localhost
53.88.187.224 SGSCBIU0044.in623.corpintra.net SGSCBIU0044
1.16.2 Oracle Installation Prerequisites
Add or amend the following lines in the "/etc/sysctl.conf" file. Keep any existing values if they are
higher than those specified here.
fs.file-max = 6815744
kernel.sem = 250 32000 100 128
kernel.shmmni = 4096
kernel.shmall = 1073741824
kernel.shmmax = 4398046511104
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
Page 234 of 259

Babu R (623)
net.core.wmem_max = 1048576
fs.aio-max-nr = 1048576
net.ipv4.ip_local_port_range = 1024 65500
Run the following command to change the current kernel parameters.
$ /sbin/sysctl -p
1.16.3 Add the following lines in “/etc/security/limits.conf” file
oracle soft nofile 1024

oracle hard nofile 65536
oracle soft nproc 2047
oracle hard nproc 16384
oracle soft stack 10240
oracle hard stack 32768
1.16.4 Install the following packages in not present
Use Zypper install command to install following packages

binutils-2.25.0-13.1
gcc-4.8-6.189
gcc48-4.8.5-24.1
glibc-2.19-31.9
glibc-32bit-2.19-31.9
glibc-devel-2.19-31.9.x86_64
glibc-devel-32bit-2.19-31.9.x86_64
mksh-50-2.13
libaio1-0.3.109-17.15
libaio-devel-0.3.109-17.15
libcap1-1.10-59.61
libstdc++48-devel-4.8.5-24.1.x86_64
libstdc++48-devel-32bit-4.8.5-24.1.x86_64
libstdc++6-5.2.1+r226025-4.1.x86_64
libstdc++6-32bit-5.2.1+r226025-4.1.x86_64
libstdc++-devel-4.8-6.189.x86_64
libstdc++-devel-32bit-4.8-6.189.x86_64
libgcc_s1-5.2.1+r226025-4.1.x86_64
libgcc_s1-32bit-5.2.1+r226025-4.1.x86_64
make-4.0-4.1.x86_64
sysstat-10.2.1-3.1.x86_64
xorg-x11-driver-video-7.6_1-14.30.x86_64
xorg-x11-server-7.6_1.15.2-36.21.x86_64
xorg-x11-essentials-7.6_1-14.17.noarch
xorg-x11-Xvnc-1.4.3-7.2.x86_64
xorg-x11-fonts-core-7.6-29.45.noarch
xorg-x11-7.6_1-14.17.noarch
xorg-x11-server-extra-7.6_1.15.2-36.21.x86_64
Page 235 of 259
Babu R (623)
xorg-x11-libs-7.6-45.14.noarch
xorg-x11-fonts-7.6-29.45.noarch
1.16.5 Create the new groups and users
$ groupadd -g 600 dba

$ groupadd -g 601 oinstall
$ groupadd -g 602 oper
$ useradd -c "Oracle database user" -d /home/oracle -G dba,oinstall,oper -g dba -m -u 600 -s

/bin/bash oracle
1.16.6 Additional Setup
The following steps must be performed, whether you did the manual or automatic setup.
Set the password for the "oracle" user.
$ passwd oracle
If you have the Linux firewall enabled, you will need to disable or configure it as following :
# service iptables stop

# chkconfig iptables off
1.16.7 Create Installation directories and grant permissions
$ mkdir -p /opt/oracle/product/12.1.0.2.0/db
$ chown -R oracle:dba /opt/
$ chmod -R 775 /opt/
Unless you are working from the console, or using SSH tunnelling, login as root and issue the
following command.
$ xhost +<machine-name>
1.16.8 Setup profile
Add the following lines at the end of the "/home/oracle/.bash_profile" file.
# Oracle 12c installation Settings
export TMP=/tmp
export TMPDIR=$TMP
export ORACLE_BASE=/opt/oracle
export ORACLE_HOME=$ORACLE_BASE/product/12.1.0.2.0/db
export PATH=/usr/sbin:$PATH
export PATH=$ORACLE_HOME/bin:$PATH
export LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib
export CLASSPATH=$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib
1.16.9 Installation Steps
Note: Make sure to launch the xming before going to next steps.
Log into the oracle user. If you are using X emulation then set the DISPLAY environmental variable.
DISPLAY=SGSCBIU0044.in623.corpintra.net.net:0.0; export DISPLAY
Page 236 of 259
Babu R (623)
Unpack Files
Unzip the files.

$ unzip linuxamd64_12102_database_1of2.zip
$ unzip linuxamd64_12102_database_2of2.zip
You should now have a single directory called "database" containing installation files.
Start the Oracle Universal Installer (OUI) by issuing the following command in the database directory.
$ ./runInstaller
Page 237 of 259

Babu R (623)
Page 238 of 259
Babu R (623)
Page 239 of 259
Babu R (623)
Page 240 of 259
Babu R (623)
Page 241 of 259
Babu R (623)
Page 242 of 259
Babu R (623)
Now after successful installation of database, run the following queries as root user
$ /opt/oraInventory/orainstRoot.sh
$ opt/oracle/product/12.1.0.2.0/db/root.sh
Once the query is executed, Oracle 12C database installation is completed
Post Installation to Verify :

$ oracle@SGSCBIU0044:/opt/oracle/> explort ORACLE_SID=test
$ oracle@SGSCBIU0044:/opt/oracle/> sqlplus / as sysdba
SQL*Plus: Release 12.1.0.2.0 Production on Fri Mar 3 11:38:37 2017
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Connected to an idle instance.
SQL>
1.16.10 OS User Creation for datatbase instance
Note: these users are associated to individual database instances.
Syntax:
$ useradd -o -u 600 -g 600 -m -s /bin/bash -c "Oracle DB user for <DBNAME>" –d
/home/<osusername> -m <osusername>
Page 243 of 259
Babu R (623)
Add the below environment variable in bash profile.
#ORACLE 12c related.
export ORACLE_BASE=/opt/oracle
export ORACLE_HOME=/opt/oracle/product/12.1.0.2.0/db
export TNS_ADMIN=$ORACLE_HOME/network/admin
export PATH=$ORACLE_HOME/bin:$ORACLE_HOME/OPatch:$PATH
export ORACLE_SID=<SID Name>
1.16.11 Prepare init.ora and createDB_ATM_PROD.sql file
1. initATM_PROD.ora (Artifactory India Mirror)
initATM_PROD.ora
#audit_sys_operations=TRUE
# audit_syslog_level='LOCAL4.INFO'
audit_trail=none
audit_file_dest="/opt/oracle/log/daig/rdbms/atm_prod/atm_prod/adump"
backup_tape_io_slaves=TRUE
compatible=12.1.0.2.0
control_files=("/opt/oracle/data1/atm_prod/atm_prod_control01.ctl",
"/opt/oracle/onredom/atm_prod/atm_prod_control02.ctl",
"/opt/oracle/onredop/atm_prod/atm_prod_control03.ctl")
control_file_record_keep_time=35
db_block_size=8192
db_file_multiblock_read_count=16
db_domain=""
db_name="atm_prod"
diagnostic_dest=/opt/oracle/log
dispatchers="(PROTOCOL=TCP) (SERVICE=atm_prodXDB)"
filesystemio_options=setall
large_pool_size=20m
local_listener='(ADDRESS=(PROTOCOL=IPC) (KEY=LISTENER_ATM_PROD))'
log_archive_dest_1='LOCATION=/opt/oracle/offredo/atm_prod'
log_archive_format=atm_prod_arch_%t_%r_%s.dbf
log_buffer=6156288
max_dump_file_size=52428800
open_cursors=300
pga_aggregate_target=400M
processes=150
recyclebin=off
remote_login_passwordfile=EXCLUSIVE
sec_max_failed_login_attempts=10
sec_protocol_error_further_action=continue
sec_protocol_error_trace_action=trace
sec_return_server_release_banner=false
sga_target=2G
timed_statistics=TRUE
undo_tablespace=UNDO
Page 244 of 259

Babu R (623)
2. createDB_ATM_PROD.sql (Artifactory India Mirror)
createDB_ATM_PROD.sql
#SET VERIFY OFF

connect "SYS"/"&&sysPassword" as SYSDBA
set echo on
spool /home/ora_atmp/create/CreateDB.log append
startup nomount pfile="/opt/oracle/product/12.1.0.2.0/db/dbs/initATM_PROD.ora";
CREATE DATABASE "atm_prod"
MAXINSTANCES 8
MAXLOGHISTORY 1
MAXLOGFILES 16
MAXLOGMEMBERS 3
MAXDATAFILES 100
DATAFILE '/opt/oracle/data1/atm_prod/atm_prod_system01.dbf' SIZE 700M REUSE
AUTOEXTEND ON NEXT 50M MAXSIZE 1000M
EXTENT MANAGEMENT LOCAL
SYSAUX DATAFILE '/opt/oracle/data1/atm_prod/atm_prod_sysaux01.dbf' SIZE 600M
AUTOEXTEND ON NEXT 50M MAXSIZE 2000M
SMALLFILE DEFAULT TEMPORARY TABLESPACE TEMP TEMPFILE
'/opt/oracle/temp1/atm_prod/atm_prod_temp01.dbf' SIZE 200M
SMALLFILE UNDO TABLESPACE "UNDO" DATAFILE
'/opt/oracle/data1/atm_prod/atm_prod_undo01.dbf' SIZE 200M AUTOEXTEND ON NEXT 50M
MAXSIZE 1000M
CHARACTER SET AL32UTF8
NATIONAL CHARACTER SET AL16UTF16
LOGFILE
GROUP 1 ('/opt/oracle/onredop/atm_prod/atm_prod_redo01.log',
'/opt/oracle/onredom/atm_prod/atm_prod_redo01.log') SIZE 50M,
'/opt/oracle/onredom/atm_prod/atm_prod_redo02.log') SIZE 50M,
'/opt/oracle/onredom/atm_prod/atm_prod_redo03.log') SIZE 50M
USER SYS IDENTIFIED BY "&&sysPassword" USER SYSTEM IDENTIFIED BY "&&systemPassword";
spool off
NOTE: Make sure that all the directories are available (created) before mentioning in the init.ora &
createDB.sql files.
$ mkdir -p /opt/oracle/log/daig/rdbms/atm_prod/atm_prod/adump
$ mkdir -p /opt/oracle/data1/atm_prod/
$ mkdir -p /opt/oracle/onredom/atm_prod/
$ mkdir -p /opt/oracle/onredop/atm_prod/
$ mkdir -p /opt/oracle/offredo/atm_prod
$ mkdir -p /opt/oracle/log
$ mkdir –p /opt/oracle/temp1/atm_prod
Page 245 of 259

Babu R (623)
1.16.12 Database Instance Creation
Once the init.ora files are ready:

Run the below query to create database instance for Artifactory mirror.
$ su – ora_atmp
$ echo $ORACLE_SID
atm_prod
$ oracle@SGSCBIU0044:~> sqlplus / as sysdba
SQL*Plus: Release 12.1.0.2.0 Production on Fri Mar 3 17:04:29 2017
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Connected to an idle instance.
SQL>
SQL> startup nomount
pfile=/opt/oracle/product/12.1.0.2.0/db/dbs/initATM_PROD.ora
Shutdown the database:
SQL> shutdown immediate

Run the below created.sql query from the SQL prompt.
SQL> @createDB_ATM_PROD.sql
To verify :
SQL> select name from v$database;
NAME
---------
ATM_PROD
SQL>
So your database is created. Now just run the catalog.sql and catproc.sql scripts to take it effet.
You will find the in $ cd $ORACLE_HOME/rdbms/admin
SQL> @/opt/oracle/product/12.1.0.2.0/db/rdbms/admin/catalog.sql
SQL> @/opt/oracle/product/12.1.0.2.0/db/rdbms/admin/catproc.sql
Check the database.
SQL> select name from v$database;

NAME
---------
ATM_PROD
1 row selected.
1.16.13 Table Space Creation
Artifactory India Mirror :-
CREATE SMALLFILE TABLESPACE "ATM_PROD_TS" LOGGING DATAFILE

'/opt/oracle/data1/atm_prod/atm_prod_ts01.dbf' SIZE 1G AUTOEXTEND ON NEXT 1280K
MAXSIZE 10G EXTENT MANAGEMENT LOCAL SEGMENT SPACE MANAGEMENT AUTO;
Page 246 of 259

Babu R (623)
CREATE SMALLFILE TABLESPACE "USERS" LOGGING DATAFILE
'/opt/oracle/data1/atm_prod/atm_prod_users01.dbf' SIZE 5M AUTOEXTEND ON NEXT 1280K
MAXSIZE UNLIMITED EXTENT MANAGEMENT LOCAL SEGMENT SPACE MANAGEMENT AUTO;
create user atm_prod_dbuser identified by <password> default tablespace ATM_PROD_TS QUOTA

UNLIMITED ON ATM_PROD_TS;
grant connect, resource, create table, create sequence, create trigger, create session to
atm_prod_dbuser;
Start database in mount
Artifactory India Mirror:
SQL> startup pfile="/opt/oracle/product/12.1.0.2.0/db/dbs/initATM_PROD.ora";

ORACLE instance started.
Total System Global Area 2147483648 bytes

Fixed Size 3712904 bytes
Variable Size 520095864 bytes
Database Buffers 1610612736 bytes
Redo Buffers 13062144 bytes
Database mounted.
Database opened.
SQL>
Note: Make sure that Database instance is mounted and opened.
1.17 Data center Tool Upgrade

1.17.1.1 Jira DC Upgrade
1.17.1.1.1 Information
Affected server are 3 jira nodes, shared home and webservers remains untouched.
1.17.1.1.2 Procedure for the upgrade
 Copy the new installation folder to the shared location.
 Change to be made for the following files:
{install_dir}/atlassian-jira/WEB-INF/classes/jira-application.properties
{install_dir}/atlassian-jira/WEB-INF/classes/seraph.config.xml
{install_dir}/atlassian-jira/WEB-INF/classes/crowd.properties
Page 247 of 259

Babu R (623)
1.18 Appendix
The appendix gives information that aren’t directly necessary for systems setup but can be of value in
some cases.
1.18.1 SuSE SLES hints & commands

This chapter gives some hints about commands you may need. The official SLES 11 sp3
documentation can be found at http://www.suse.com/documentation/sles11.
1.18.1.1 Tip: Never start application as root user
Never start an application as root user, not even for testing. Each applications write several
config/log/cache/etc. files on start up. Newly created files take the current user as owner - in this
case this would be root. When you’re trying to start the application with a non-root user afterwards
it will crash because it cannot access these files. Then you’d have to fix the owners of the files
manually (see 1.18.1.5).
1.18.1.2 YaST
For nearly all system related configuration tasks (firewall, services etc.) you can use YaST, even on the
command line with a text based user interface by calling
yast
1.18.1.3 System log files

System log files are stored in /var/log. The „boot.msg“ file is the boot log and the „boot.omsg“ file is
the shutdown log.
1.18.1.4 Find files
You can find a file recursively by
find . -name FileThatIsSearched
You can find a file that belongs to a given group or user by
find . -user OwnerOfTheFile

find . -group GroupsOfTheFile
1.18.1.5 Change owner recursively

You can change the owner of a directory recursively by
chown --recursive NewUser:NewGroup Folder
Another option would be to combine the owner change with a recursive find. The following example
will search recursively for all files that belong to root and change their owner to cro_int_osuser and
the group to users:
find . -user root | xargs chown cro_int_osuser:users
1.18.1.6 Check if a tool/process is running

ps aux | grep Tool
1.18.1.7 Database setups and wipe script templates

This chapter presents a setup- and wipe-script template for Oracle 11g.
Page 248 of 259

Babu R (623)
1.18.1.7.1 Database setup script template
The following variables are used:
 {tsname} - tablespace name, e.g. “jirats”

 {datafile} - full path to the data file, e.g. “/u01/app/oracle/oradata/XE/jirats.dbf”
 {initsize} - initial size of the data file, e.g. “1000M” (for 1000 MB)
 {extendsize} - autoextend size, e.g. “500M” (for 500MB)
 {dbuser} - database user, e.g. “jir_int_dbuser”
 {dbuserpw} - database user password, e.g. “e387fh4”!$§/A438rj”
CREATE TABLESPACE {tsname} DATAFILE '{datafile}' SIZE {initsize}

AUTOEXTEND ON NEXT {extendsize} MAXSIZE UNLIMITED;
CREATE USER {dbuser} IDENTIFIED BY {dbuserpw} DEFAULT TABLESPACE {tsname}

QUOTA UNLIMITED ON {tsname};
GRANT CONNECT, RESOURCE, CREATE TABLE, CREATE SEQUENCE, CREATE TRIGGER TO

{dbuser};
CREATE VIEW {dbuser}.all_objects AS select * FROM sys.all_objects WHERE

owner = upper('{dbuser}');
1.18.1.7.2 Database wipe script template

The following variables are used:
 {tsname} - tablespace name, e.g. “jirats”

 {dbuser} - database user, e.g. “jir_int_dbuser”
DROP VIEW {dbuser}.all_objects;

DROP USER {dbuser};
DROP TABLESPACE {tsname} INCLUDING CONTENTS AND DATAFILES;
1.19 Monitoring
1.19.1 Automated Monitoring
“Basic monitoring/standard” monitoring packages
 Standard Monitoring EDC
“Application specific/optional” monitoring packages
 Documented in Support Concept
1.19.2 Non Automated Monitoring

 Documented in Support Concept (if necessary)
1.19.3 Sources of error and catalog of errors

For the installation see the “Troubleshooting” chapters for each individual application in chapter
Error: Reference source not found.
For everything else:
 In Detail documented in Support Concept
1.20 Performance test

1.20.1 Automated performance tests
 Not available
Page 249 of 259

Babu R (623)
1.20.2 Non automated performance tests
 Documented in User Acceptance Tests
1.21 Handling of errors/solution approach

1.21.1 Common measures in case of application downtime or partial breakdown
1.21.2 Emergency plan

1.21.3 Solution Assistance

From Atlassian side, a knowledgebase is provided for each application:
https://confluence.atlassian.com
You can find deeper links to specific topics in the “Troubleshooting” chapters for each individual
application in chapter Error: Reference source not found.
 Further information is additionally documented in Support Concept
1.21.4 Maintenance contracts

Software:
For contact details see Chapter 2.2.1. Maintenance needs to be purchased yearly.
Component Supplier Contact Telephone Contract number

number
Hardware:
Component Supplier Contact Telephone Contract number

number
1.21.5 Work instructions

1.22 Job control and time controlled processing

 Not available
Page 250 of 259

Babu R (623)
1.23 Change management (normal case, emergency case-deployments, patches,
hotfixes)
 Not available
1.23.1 Changes for normal case

1.23.2 Changes in case of emergency

1.24 Backup/recovery and archiving

 Backup of Database and Application Filesystem is integrated in EDC standard process.
For information considering Atlassians recommendation of application backups the “Backup”

chapters for each individual application in chapter Error: Reference source not found.
1.24.1 Backup
Object Tool Method Interval Offsite
1.24.2 Recovery of application data

Required recovery period (RTO):
Recovery date (RPO):
Execution: EDC Operations
Has to be coordinated with: Application Operator (TSS) and Business Unit (A.Seidl)
1.24.3 Emergency and disaster recovery

1.24.4 Archiving of long term data

No regular processes of archiving. Possibility of xml exports on demand.
Medium:
Execution:
Has to be coordinated with:
Archiving cycle:
Maximum time of retention:
Repository:
Page 251 of 259

Babu R (623)
1.25 Reporting (SLA, performance, availability)
1.25.1 Performance
 Standard Reporting processes of EDC.
1.25.2 Reporting and trend analysis

 Standard Reporting processes of EDC.
Page 252 of 259

Babu R (623)
2 IT security
2.1 Information classification

Confidentiality:
Public Intern Confidential Secret
Comments for operation:
Integrity:
Standard (none) Sensitivity for integrity Criticality of integrity
Availability (information):
Standard Criticality of availability Critical timescale: 7 days

“Critical timescale” =Period, in which the non-availability of information has huge consequences
Further characteristics:
Continuity-critical (system) Personal data ICS – relevant data
It was recommended in the information classification, that the system is continuity-critical. Anyway
due to the defined critical timescale, that architecture will be implemented as designed in the OPM.
Page 253 of 259

Babu R (623)
2.2 Concept of roles and authorization / access control
GSEP NTG6 provides the following roles for each Atlassian Tool project, requestable by ZULA by the
BU.
Component Available Roles
Atlassian Reader, User and Developer

Jira
Atlassian Confluence Reader, User and Developer
Atlassian Stash Reader, User and Developer
Atlassian Bamboo Reader, User and Developer
Atlassian Crucible Creator, Author, Reviewer, Moderator
Atlassian Access is provided for each GSEP NTG6 to change PW and details.
Page 254 of 259

Babu R (623)
Crowd Support will administrate user within Crowd.
Ubuntu on Build Server In responsibility by the Business Unit
ZULA is used for user authorization and access control and fullfils the main requirements:
User Access Management: Daimler employees can use ZULA to request access to GSEP NTG for
internal and Supplier users. For Supplier Users there is the restriction that they have to be registered
in Supplier Portal and apply for EngineeringPortal within Supplier Portal before ZULA can fetch the
user details one day after (due to user syncronisation). In a ZULA request there is the possibility to
select for each Business Unit project (currently only NTG6) which Atlassian tools with which projects
and which role shall be available for the selected users.
User Access Approval: The Information owner or his named deputy must approve each ZULA request
for each user.
User Lifecycle Management: The permission of access to the plattform is valid:
1 Year for Daimler users
6 Month for Supplier users
After that period of time:
Daimler Users can extend their rights via ZULA (They will be informed via Mail before)
Suppliers receive a Mail from ZULA, that they need to contact their PKU (must be the requestor), so
that he can extend the rights.
ZULA will send a CISM Ticket or Mail to GSEP support, if:
The ZULA request is approved and a user can be administrated in Atlassian Crowd
The ZULA request is expired (e.g. was not extended) or deleted so that the user can be deleted in
Atlassian Crowd.
The user is deleted from Supplier Portal/ Supplier Directory or CorpDir so that the user can be
deleted in Atlassian Crowd.
After the approved ZULA request, the GSEP support will administrate the users and contact them via
encrypted mail to inform them about the URL, the initial password and the handling of the client
certificate.
Every Supplier (resp. SKU) will receive one separate client certificate for all his project members. The
client certificates are valid for one year after their creation. If suppliers join the Business Unit Project
during this period, they will get one of the initially created certificates, so that there is always a
defined date, when all certificates expires.
In sufficient time before the expiry of the certificates, new ones were created and send out one by
one to each supplier (the responsible SKU).
If a supplier leaves the project, all users needs to be deactivated via ZULA. The BU or responsible PKU
shall inform GSEP support via mail, as soon as the project gets the information from the supplier. The
support will deactivate the users and inform the KCS that the certificate of the company must be
revoqued.
Page 255 of 259
Babu R (623)
Details regarding ZULA in the ZULA BRD (see Appendix)
2.3 Communication security
As described in the OPM, the following communication is encrypted via SSL:
User -> SSL Accelerator

Application -> SSL Accelerator
Build Slave -> Build Master
Access to the application is only possible via http over SSL
Page 256 of 259

Babu R (623)
3 Requirements for sundowning
3.1 Legal obligations for data storage

 To be clarified by Project/Business Unit.
3.2 ICS-aspects
 To be clarified by Project/Business Unit.
Page 257 of 259

Babu R (623)
4 Incidents and emergencies
 Documented in Support Concept, Emergency Plan, Kommunikationsmatrix
4.1 Notification/escalation
4.2 Emergency plan
4.3 Development of solutions
4.4 Network supervisor/network support
Page 258 of 259

Babu R (623)
5 Appendix
5.1 Work instructions

5.1.1 – for further use - /introduction
5.1.2 Special features
· Which differences to the standard of the <system> have to be expected?

· Are there any special features in the project whicht make the system more likely to differ on the
standard?
· Which points have to be considered in the process of error searching and restart of the system?
· Which „traps“ have to be considered?
5.1.3 Problem analysis
· Decision tree
· General test process for error allocation
· Which actions have to be taken if the instructions don’t contain the necessary information?
· Which measures have to be taken by the SCC until the incident escalates to the third level?
5.1.4 Start/Stop/Restart procedures
 Installation Guide
5.1.5 Troubleshooting guide

5.1.6 System dependencies

5.1.7 Failover
 N.a.
5.1.8 Worst case scenarios
· Description of the worst case scenario (e.g. under which circumstances will the worst case take
place and what will the consequences be like?)
· Organizational measures
· Technical measures
· Are there particular measures for escalation?
Page 259 of 259
Babu R (623)

Installation Guide System Operations - New Version

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Installation Guide System Operations - New Version

Uploaded by

Copyright:

Available Formats

GSEP Installation Guide System Operations

1.2 Basic information about GSEP environments and applications

Use this file for future changes 

1.2.4 Dedicated –INT

1.2.5 Phase2 – INT (Non Atlassian tools)

1.3.1 Basic information references

1.3.2 Console commands

yast --install nano-2.2.6.1.x86-64.rpm #installs nano

1.3.3 Editing files

1.3.4 Browser forms

1.4.2 Login into an application server

 Host name: susshi.edc.corpintra.net

To clarify things a little bit we’ll do some examples:

1.4.2.2 Optional: SSH tunneling with Putty

1.5 Database Setup

1.7 Common system setup

1.7.2 Create user

1.7.3 Create target directories

1.7.4 Copy and extract deployment package

Extract and remove the packages.

1.7.5 Install java

1.7.6 Reload profile

1.7.7 Optional: install nano

Add the following lines:

To start nano type:

To open the file browser

To open the text editor

1.7.9 Install service script

in line 18 change int to prod user:

1.7.10 Extract application

1.7.11 Create application home directory

And the owner is changed recursively to the {osuser}.

chown {osuser}:users . --recursive

1.8 Crowd setup

1.8.2 Config file adjustments

Replace line 25 with:

JAVA_OPTS="-Xms128m -Xmx512m -XX:MaxPermSize=256m -Dfile.encoding=UTF-8 $JAVA_OPTS"

1.8.3 Restart system

1.8.4 Web based setup wizard

Open a browser and go to {url}.

1.8.4.2 Installation type

1.8.4.6 Create default internal directory

1.8.4.8 Integrated applications

1.8.4.9 Adjust application.login.url and finish

1.8.5 Web based configuration

1.8.5.2 Create groups

Click on Groups  Add Group.

1.8.5.4 Create applications

1.8.5.5 Configure permissions for application

Click on the applications‘ name to enter the applications’ detail screen.

1.8.5.6 Configure remote addresses

1.8.5.7 Optional: Add test users

/etc/init.d/crowd start # to start the application

ps aux | grep crowd

If this returns a java process (tomcat) then crowd is running.

1.8.7 Log files

1.8.8 Reference links

 Official Crowd documentation

There are two possible workarounds, the interactive one:

1. Restart the Crowd server

and if the interactive one isn’t working the “hard” one:

The advised URL https://gsep-int.daimler.com:443/crowd won’t work also.

As stated in the article at

Entering localhost as settings has some bad implications: