Professional Documents
Culture Documents
Installation Guide System Operations - New Version
Installation Guide System Operations - New Version
Version 2.3
Page 1 of 259
Babu R (623)
GSEP Installation Guide System Operations
Relevant Support Unit
Author Date Version Changes
Chapters accepted by
Rajasekar
10th Dec 2014 1.0 Draft All L2, L3 & Arch
Aathimoolam
Bishnu Nayak 4th Mar 2019 1.1 Updated Artifactory L2, L3 & Arch
Bishnu Nayak 23th Jul 2019 1.2 Updated Minor L2, L3 & Arch
Shubhanshu 23th May 2020 1.3 Updated SVN setup added L2, L3 & Arch
Babu R 17th Jun 2020 2.0 Updated Overall structures Platform Services
and Operations
Babu R 7th Oct 2020 2.1 Updated MTC SVN Platform Services
and Operations
Artifactory with S3
Babu R 11th Dec 2020 2.2 Introduced L2, L3 & Arch
storage
Babu R 19th Dec 2020 2.3 Introduced Artifactory HA Setup L2, L3 & Arch
Babu R 15th Mar 2021 2.4 Updated Crucible DB setup L2, L3 & Arch
Page 2 of 259
Babu R (623)
GSEP Installation Guide System Operations
Table of Contents
1 System Operation.....................................................................................................................................8
1.1 SLA guideline and maintenance (maintenance work and maintenance period)..................................8
1.2 Basic information about GSEP environments and applications...........................................................8
1.2.1 Phase1 – PROD (Atlassian tools)....................................................................................8
1.2.2 Phase2 – PROD (Non Atlassian tools)............................................................................9
1.2.3 Dedicated - PROD.........................................................................................................10
1.2.4 Dedicated –INT..............................................................................................................10
1.2.5 Phase2 – INT (Non Atlassian tools)..............................................................................10
1.2.6 Phase1 – INT (Atlassian tools)......................................................................................11
1.3 Conventions.......................................................................................................................................11
1.3.1 Basic information references.........................................................................................11
1.3.2 Console commands........................................................................................................11
1.3.3 Editing files 12
1.3.4 Browser forms 12
1.4 SSH login into the application servers...............................................................................................13
1.4.1 Prerequisites 13
1.4.2 Login into an application server.....................................................................................14
1.4.3 Notes on saved sessions.................................................................................................17
1.5 Database Setup..................................................................................................................................17
1.6 Licenses.............................................................................................................................................17
1.7 Common system setup......................................................................................................................17
1.7.1 Prerequisites 17
1.7.2 Create user 17
1.7.3 Create target directories.................................................................................................18
1.7.4 Copy and extract deployment package..........................................................................18
1.7.5 Install java 18
1.7.6 Reload profile 18
1.7.7 Optional: install nano.....................................................................................................18
1.7.8 Optional: Install midnight commander..........................................................................19
1.7.9 Install service script.......................................................................................................19
1.7.10 Extract application.........................................................................................................19
1.7.11 Create application home directory.................................................................................19
1.7.12 Create symbolic links and correct file privileges...........................................................20
Page 3 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.7.13 Summary 20
1.8 Crowd setup......................................................................................................................................20
1.8.1 Prerequisites 20
1.8.2 Config file adjustments..................................................................................................20
1.8.3 Restart system 21
1.8.4 Web based setup wizard.................................................................................................21
1.8.5 Web based configuration...............................................................................................25
1.8.6 Start & Stop procedures.................................................................................................33
1.8.7 Log files 33
1.8.8 Reference links...............................................................................................................33
1.8.9 Troubleshooting.............................................................................................................33
1.9 Data Center Setup.............................................................................................................................37
1.9.1 Prerequisites 37
1.9.2 Jira Data Center..............................................................................................................41
1.9.3 Confluence Data Center.................................................................................................46
1.9.4 Bit Bucket Data Center..................................................................................................51
1.9.5 Crowd Data Center.........................................................................................................61
1.9.6 Artifactory HA (High Availability)...............................................................................65
1.10 Standalone Installation......................................................................................................................68
1.10.1 Jira setup 68
1.10.2 Configuring single sign on (SSO)..................................................................................83
1.10.3 Start & Stop procedures.................................................................................................84
1.10.4 Backup 85
1.10.5 Log files 85
1.10.6 Reference links...............................................................................................................85
1.10.7 Confluence setup............................................................................................................86
1.10.8 Bitbucket setup.............................................................................................................102
1.10.9 Crucible setup 116
1.10.10 Bamboo setup 128
1.10.11 SonarQube Setup..........................................................................................................140
1.10.12 Jenkins setup 143
1.10.13 Gerrit setup 144
1.10.14 TestRail setup 160
1.10.15 SVN Setup 174
1.10.16 Artifactory Setup..........................................................................................................175
1.10.17 Artifactory upgrade to version 7.x.x............................................................................182
1.10.18 Jfrog Xray Setup..........................................................................................................191
1.10.19 Zephyr Setup 195
1.10.20 Protex (BlackDuck) setup............................................................................................200
1.10.21 GSEP Utilities setup.....................................................................................................206
1.10.22 GSEP Project Automation Service setup.....................................................................208
1.10.23 GSEP Helpdesk setup..................................................................................................210
Page 4 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.10.24 GSEP User Automation setup......................................................................................211
1.10.25 CJOC Setup 213
1.10.26 Bitbucket Mirror Instance setup...................................................................................216
1.11 JFROG Mission Control....................................................................................................................219
1.11.1 Prerequisites 219
1.11.2 Installation and configuration......................................................................................219
1.11.3 Permission and startup scripts......................................................................................220
1.11.4 Uninstallation 220
1.11.5 Log File 220
1.11.6 Reference Links...........................................................................................................221
1.12 HAproxy setup.................................................................................................................................221
1.12.1 Prerequisites 221
1.12.2 HA-proxy Architecture................................................................................................221
1.12.3 Download and move the installer rpm File..................................................................221
1.12.4 Haproxy Installation.....................................................................................................221
1.12.5 Configuration of maintenance page in haproxy...........................................................222
1.12.6 Logger configuration for haproxy................................................................................222
1.12.7 Start the Application....................................................................................................223
1.12.8 Redirect haproxy request to apache for GSEP landing page.......................................223
1.12.9 Finish 224
1.12.10 Backup 224
1.12.11 Log files 224
1.12.12 Reference links.............................................................................................................224
1.13 Ansible Controller setup..................................................................................................................224
1.13.1 Prerequisites 224
1.13.2 Overview 224
1.13.3 Ansible Controller and system architecture.................................................................225
1.13.4 Installation of Ansible controller and other dependency packages..............................225
1.13.5 Copy the Ansible scripts to controller..........................................................................228
1.13.6 Deployment or upgrade using Ansible scripts.............................................................228
1.13.7 Finish 229
1.13.8 Backup 229
1.13.9 Log files 229
1.13.10 Reference links.............................................................................................................230
1.14 Connecting the Atlassian applications with application links..........................................................230
1.14.1 No application links with Crowd.................................................................................230
1.14.2 Jira with Confluence....................................................................................................230
1.14.3 Jira with Stash 232
1.14.4 Jira with Bamboo.........................................................................................................232
1.14.5 Confluence with Stash.................................................................................................232
1.14.6 Confluence with Bamboo.............................................................................................232
1.14.7 Stash with Bamboo......................................................................................................232
Page 5 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.14.8 Crucible with Jira.........................................................................................................232
1.14.9 Crucible with Confluence............................................................................................232
1.14.10 Crucible with Stash......................................................................................................232
1.14.11 Crucible with Bamboo.................................................................................................232
1.15 Configuring application navigator....................................................................................................233
1.16 Oracle 12C Database setup for Artifactory India Mirror..................................................................234
1.16.1 Hosts File 234
1.16.2 Oracle Installation Prerequisites..................................................................................234
1.16.3 Add the following lines in “/etc/security/limits.conf” file...........................................235
1.16.4 Install the following packages in not present...............................................................235
1.16.5 Create the new groups and users..................................................................................236
1.16.6 Additional Setup..........................................................................................................236
1.16.7 Create Installation directories and grant permissions..................................................236
1.16.8 Setup profile 236
1.16.9 Installation Steps..........................................................................................................236
1.16.10 OS User Creation for datatbase instance......................................................................243
1.16.11 Prepare init.ora and createDB_ATM_PROD.sql file...................................................244
1.16.12 Database Instance Creation..........................................................................................246
1.16.13 Table Space Creation...................................................................................................246
1.17 Data center Tool Upgrade...............................................................................................................247
1.18 Appendix..........................................................................................................................................248
1.18.1 SuSE SLES hints & commands...................................................................................248
1.19 Monitoring.......................................................................................................................................249
1.19.1 Automated Monitoring.................................................................................................249
1.19.2 Non Automated Monitoring.........................................................................................249
1.19.3 Sources of error and catalog of errors..........................................................................249
1.20 Performance test.............................................................................................................................250
1.20.1 Automated performance tests.......................................................................................250
1.20.2 Non automated performance tests................................................................................250
1.21 Handling of errors/solution approach.............................................................................................250
1.21.1 Common measures in case of application downtime or partial breakdown................250
1.21.2 Emergency plan............................................................................................................250
1.21.3 Solution Assistance......................................................................................................250
1.21.4 Maintenance contracts..................................................................................................250
1.21.5 Work instructions.........................................................................................................250
1.22 Job control and time controlled processing.....................................................................................251
1.23 Change management (normal case, emergency case-deployments, patches, hotfixes)..................251
1.23.1 Changes for normal case..............................................................................................251
1.23.2 Changes in case of emergency.....................................................................................251
1.24 Backup/recovery and archiving.......................................................................................................251
1.24.1 Backup 251
Page 6 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.24.2 Recovery of application data........................................................................................251
1.24.3 Emergency and disaster recovery................................................................................251
1.24.4 Archiving of long term data.........................................................................................251
1.25 Reporting (SLA, performance, availability)......................................................................................252
1.25.1 Performance 252
1.25.2 Reporting and trend analysis........................................................................................252
2 IT security.............................................................................................................................................253
2.1 Information classification................................................................................................................253
2.2 Concept of roles and authorization / access control.......................................................................254
2.3 Communication security..................................................................................................................256
3 Requirements for sundowning.............................................................................................................257
3.1 Legal obligations for data storage....................................................................................................257
3.2 ICS-aspects.......................................................................................................................................257
4 Incidents and emergencies...................................................................................................................258
4.1 Notification/escalation....................................................................................................................258
4.2 Emergency plan...............................................................................................................................258
4.3 Development of solutions................................................................................................................258
4.4 Network supervisor/network support.............................................................................................258
5 Appendix..............................................................................................................................................259
5.1 Work instructions............................................................................................................................259
5.1.1 – for further use - /introduction....................................................................................259
5.1.2 Special features............................................................................................................259
5.1.3 Problem analysis..........................................................................................................259
5.1.4 Start/Stop/Restart procedures.......................................................................................259
5.1.5 Troubleshooting guide.................................................................................................259
5.1.6 System dependencies...................................................................................................259
5.1.7 Failover 259
5.1.8 Worst case scenarios....................................................................................................259
Page 7 of 259
Babu R (623)
GSEP Installation Guide System Operations
1 System Operation.
This section describes the installing and uninstalling procedures for the Atlassian applications. Be
sure to follow the installation instructions in this guide in the given order.
1.1 SLA guideline and maintenance (maintenance work and maintenance period)
See Support concept
Page 8 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.2.2 Phase2 – PROD (Non Atlassian tools)
Page 9 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.2.3 Dedicated - PROD
Page 10 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.2.6 Phase1 – INT (Atlassian tools)
1.3 Conventions
This chapter describes several conventions for the current document.
On every occurrence you have to replace the whole string with the information given in chapter 1.2
for current tool and environment - e.g. for jira in INT-environment {osuser} would resolve to
jir_int_osuser.
When data from another application is needed, the reference is prefixed with the appname of the
other application - this is especially needed for linking the applications. E.g. when you are inside of
the jira chapter the following reference would resolve to the url of crowd: {crowd:url}
Page 11 of 259
Babu R (623)
GSEP Installation Guide System Operations
mkdir /opt/atlassian
Comments begin with a hash (#) and are printed in green. They aren’t part of the command and
therefore should not be typed:
/opt/atlassian/crowd/apache-tomcat/bin/setenv.sh
Line 1: change
-Xms128m -Xmx512m -XX:MaxPermSize=256m
to
-Xms{minmem} –Xmx{maxmem} -XX:MaxPermSize=512m
You can then use either the default SuSE-Texteditor (vim) or install nano (see 1.7.7) or edit the file
with a scp browser like WinSCP or MobaXterm.
Note that especially line number in config files tend to change in different versions. The specified line
numbers are only valid for the app versions specified in (chapter 1.2).
This installation guide documents the step with screenshots. Where input is necessary the fields are
highlighted in yellow. Every other field should be left as is.
So in the Form above you have to select the radio button “JDBC Connection”, then select “Oracle
10g/11g” in the database dropdown, and provide a “JDBC URL” by resolving the references to the
basic information, but you would leave “Driver Class Name” alone.
Page 12 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.4 SSH login into the application servers
This chapter describes the SSH remote login into the GSEP atlassian application servers inside the
EDC hosting network. The application servers are set up by the EDC without any graphical user
interface, so the only way to access these systems and setup and configure software is by terminal
though SSH. The following overview graphic describes the different login possibilities.
1.4.1 Prerequisites
The following checklists has to be fulfilled before you can start:
1.4.1.1 Organizational
You have requested LZ@EDC access, received a security token, and a confirmation email that
the access has been granted.
You can access to the SSH Gateway (suSSHi) as shown in the overview diagram by either
o being inside the Daimler Corporate Network and connecting through EDC SSLVPN
Gateway (https://gate.edc.corpintra.net) with the help of your security token, or
o connecting externally via RASnG SSLVPN Gateway, a provided dial-up software and
your security token, or
o connecting externally via Business Partner SSLVPN Gateway
(https://sagw.daimler.com) and your security token.
You have created a SSH-key and registered it with EDC as documented in
LZ@EDC_HowTo_Create_SSH_Key_EN.pdf by entering the appropriate data in
o [inside the Daimler corporate network] the public SSH key management
webfrontend (https://edc-ssh-keys.e.corpintra.net/)
o [via Business Partner SSLVPN Gateway] the public SSH key management
webfrontend that is linked in the user interface after the SSLVPN login.
You have saved the private SSH-key file to disk, and you know the SSH-key passphrase that
you used during SSH-key creation (you will need them to login).
1.4.1.2 Software
You have a SSH and SCP client software installed on your machine.
Putty and WinSCP are excellent free programs for that matter. As commercial alternative we
recommend MobaXTerm that provides combined SSH and SCP functionality and that we
utilized for the :em INT Environment and for initial INT testing.
Page 13 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.4.1.3 Connection
You are connected to the EDC and can access susshi.edc.corpintra.net (you can test this by
calling “ping susshi.edc.corpintra.net” on a command shell).
When the terminal window opens enter “NOCHUC1@root@sedcagse0050” as username and your
SSH-key’s passphrase as “suSSHi Gateway Password”.
Page 14 of 259
Babu R (623)
GSEP Installation Guide System Operations
If you entered the credentials correctly you will see the application servers command prompt.
In general you shouldn’t need this - but when there are problems with the load balancer or with
client certificates you can use this method to access the servers.
In the Putty Configuration screen, select Connection SSH Tunnels enter the values as shown
below in the screenshot and press the “Add”-button.
You should now see the forwarded port in the list as visible below (blue highlighting).
The target servers port 8080 is now mapped to your local machines port 8080 (keep sure that you
haven’t any webserver on your local machine in place before doing this).
You can access the target web application in browser by using the url
“http://localhost:8080/{appname}”.
1.4.2.3 Login with WinSCP
Open WinSCP. Click on “Session”. As file protocol choose “SCP”.
Enter the host name, user name, and private key file as shown below and click on login.
Page 15 of 259
Babu R (623)
GSEP Installation Guide System Operations
Confirm the upcoming (only on first server-connection) warning with “Yes”.
In the Key passphrase dialog enter your SSH-key’s passphrase and continue with “OK”.
Now you’re logged in and you can copy files from your local computer to the application server by
drag’n’dropping them.
Page 16 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.4.3 Notes on saved sessions
Despite not being documented here you should consider saving sessions in your client software for
the environments and servers you’re working in. Login into the susshi gateway is a somewhat
complicated process, and when not done on a regular basis a little bit error prone. Saved sessions will
keep you away from looking up and typing all the credentials again and again.
Saving passwords might be a security risk. It is recommended not to save them in saved sessions.
1.6 Licenses
You can get the licenses needed for the installation of the Atlassian tools and plugins here. (Note: It
has to be discussed with PO for any new application or plugins licenses) It has to be discussed with
PO for any new application or plugins licenses)
1.7.1 Prerequisites
The following checklist has to be fulfilled before you start:
The databases for the Atlassian applications for your target environment are set up by the
EDC and ready to use.
The load balancer (in-bound-proxy) has been configured by the EDC:
o {url} is mapped to {host}:{port}{contextpath} for each system
o the root url (“https://{proxy}”) is mapped to {jira:host}:{port}
o the load balancer is configured not to use the Daimler standard keep-alive page at
/infra/lbtest1.html but a tcp-connect test
The security proxy (out-bound-proxy) has been configured by the EDC.
{host} has SuSE Linux Enterprise Server 11 SP3 installed and you can access it by SSH.
Your login to the {host} is either root or has full root-privileges
The firewall is allowing access to the service at port {port} on {host}
You have access to the install package for the given application
A SSH connection to the {host} has been established – you are logged in in textmode (with
Putty, MobaXterm or something like that)
A SCP connection to the {host} has been established – you have a means to copy files to the
{host} (e.g. WinSCP, MobaXterm or something like that)
You have the licenses for the applications or access to the atlassian account that has bought
the licenses
Page 17 of 259
Babu R (623)
GSEP Installation Guide System Operations
yast users add username={osuser} password={osuserpw} # create user
cd /opt/atlassian/packages
unzip common_setup.zip # extract in current dir
unzip {appname}_setup.zip # extract in current dir
rm common_setup.zip # remove archive
rm {appname}_setup.zip # remove archive
cd /opt/atlassian/packages
yast –-install jdk-8ux-linux-x64.rpm # install package
# write JAVA_HOME to profile file for all users
echo export JAVA_HOME=/usr/java/default > /etc/profile.local
cd /opt/atlassian/packages
yast --install nano-2.2.6-1.x86_64.rpm
~/.nanorc
nano
A word of warning: depending on the terminal you’re using nano might automatically create line
breaks for long lines if your terminal window is to narrow to show the line completely. This is nine
times out of ten not what you want - and can lead to servers not starting because of script or xml
errors. If you encounter such a line break when working with nano, check back the file after saving
with another editor or the less-command. If this line break issue applies to your environment, use
another editor!
Page 18 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.7.8 Optional: Install midnight commander
Instead of nano you can also install midnight commander to have a norton commander like file
browser and an editor (like nano):
zypper --install mc
mc
mcedit
The service startup script for each application is provided in the deployment package. It is activated
by the following commands - you can install the service scripts before installing the application.
cp /opt/atlassian/packages/{appname} /etc/init.d
chmod +x /etc/init.d/{appname}
/sbin/yast runlevel add service={appname} runlevels=3,5
For PROD Environment only you also need to edit the file and change the user:
/etc/init.d/{appname}
Now {appname} is started automatically on next reboot. You can also use the initscript yourself:
/etc/init.d/{appname} start # to start the application
/etc/init.d/{appname} stop # to stop the application
/etc/init.d/{appname} restart # to restart the application
/etc/init.d/{appname} status # to retrieve the current status of the application
Do not start the atlassian-provided scripts directly, as they’ll run under your root user then, instead
use always the init script - it will switch to the correct user for it’s operations.
Page 19 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.7.12 Create symbolic links and correct file privileges
By now you should have a version specific application folder mentioned as {install_dir} and a version
specific application home folder which is {home_dir}. Now version agnostic symbolic links are
created.
cd /opt/atlassian
ln -s atlassian-{appname}-{appversion}/ {appname}
ln -s atlassian-{appname}-home-{appversion}/ {appname}-home
E.g. for crowd if you type dir you would now get the following (some data removed [...] for
readability).
dir
... cro_int_osuser ... {install_dir}
... cro_int_osuser ... {home_dir}
... cro_int_osuser ... crowd -> {install_dir}/
... cro_int_osuser ... crowd-home -> {home_dir}/
The symbolic links are useful for installing 2 versions in parallel (e.g. for upgrading versions) and
switching between them. The service script for example will use these links.
1.7.13 Summary
Now everything is in place for the basic setup and configuration of the application. You should
continue directly with the application specific setup chapter. Do not reboot the system or start the
application until you’re advised to.
1.8.1 Prerequisites
You have completed the common system setup for the crowd target server (see chapter 1.7).
You are logged in as root on the crowd target server.
{install_dir}/crowd-webapp/WEB-INF/classes/crowd-init.properties
{install_dir}/apache-tomcat/conf/server.xml
in line 6 (<Connector>-Element):
change port-Attribute from 8095 to 8080
Page 20 of 259
Babu R (623)
GSEP Installation Guide System Operations
{install_dir}/apache-tomcat/bin/setenv.sh
In line 1 change:
JAVA_OPTS="-javaagent:/opt/appdynamics/appagent/AppServerAgent-4-2/javaagent.jar -
Datlassian.org.osgi.framework.bootdelegation=META-
INF.services,com.yourkit,com.singularity.*,com.jprofiler,com.jprofiler.*,org.apache.xerces,org.apa
che.xerces.*,org.apache.xalan,org.apache.xalan.*,sun.*,com.sun.jndi,com.icl.saxon,com.icl.saxon.
*,javax.servlet,javax.servlet.*,com.sun.xml.bind.* -Xms{minmem} –Xmx{maxmem} -
Dfile.encoding=UTF-8 $JAVA_OPTS -Dhttp.proxyHost=security-proxy.emea.svc.corpintra.net -
Dhttp.proxyPort=3128 -Dhttps.proxyHost=security-proxy.emea.svc.corpintra.net -
Dhttps.proxyPort=3128 -Dhttp.nonProxyHosts=localhost\|127.0.0.1\|gsep.daimler.com
-Xloggc:/opt/atlassian/crowd/apache-tomcat/logs/`date +%F_%H-%M-%S`-gc.log -XX:
+PrintGCDetails -XX:+PrintGCTimeStamps -XX:+PrintTenuringDistribution -XX:+PrintGCCause -XX:
+UseGCLogFileRotation -XX:NumberOfGCLogFiles=10 -XX:GCLogFileSize=5M -XX:
+UseParallelOldGC $JAVA_OPTS"
For Daimler environments the license is already bound - Just enter it in the “License Key” field.
1.8.4.4 Options
Configure the options form as shown in the screenshot below.
Warning: use “http://localhost:8080/crowd” as {url} here. Configuring the proxys in a correct way
so that you can use the original {url} here is really hard and we haven’t got it working until now.
Page 22 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.8.4.5 Mail configuration
Configure the mail configuration as shown in the following screenshot. Note that the “Subject-Prefix”
field is empty, as a filtering can also be done by the “From Email Address”.
Page 23 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.8.4.7 Default administrator
Crowd also needs a default administrator account.
Page 24 of 259
Babu R (623)
GSEP Installation Guide System Operations
Now login to the crowd server as root with SSH console and edit the following file:
{home_dir}/crowd.properties
Set application.login.url:
application.login.url={url}
Set crowd.base.url
crowd.base.url={url}/services/
Do not use http://localhost:8080/crowd in the file above but the real {url}.
Restart the system and wait ~3min for the restart to complete.
reboot
Click on “Applications” and then in the Application Browser Table on “crowd” to edit the Crowd-
Application.
Page 25 of 259
Babu R (623)
GSEP Installation Guide System Operations
Click on the Directories Tab and set “Allow All to Authenticate” to “True” for the Default-Directory.
Click on Update.
Page 26 of 259
Babu R (623)
GSEP Installation Guide System Operations
After you added a group you’re redirected to the groups’ details page. Click on the “Direct Members”
tab and on “Add Users”.
No search for the crowd admin user and add it to the group. The crowd admin user will be our super
admin for all systems. Now the group creation is done.
Add the following groups by repeating this step for all entries.
Name Description Directory
bamboo-admin Administrators for Bamboo
bamboo-developers Developers for Bamboo
bamboo-users Users for Bamboo
confluence-administrators Administrators for Confluence
confluence-users Users for Confluence
crucible-administrators Administrators for Crucible
crucible-users Users for Crucible Default
jira-administrators Administrators for Jira
jira-developers Developers for Jira
jira-users Users for Jira
stash-systemadministrators Systemadministrators for Stash
stash-administrators Administrators for Stash
stash-projectcreators Projectcreators for Stash
stash-users Users for Stash
After you’re done the Group Browser should look like this
Page 27 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.8.5.3 Add Crowd Administrator to all groups
Now for each created group (1.8.5.2) add the crowd administrator as direct member like shown
below.
Repeat the following steps for all Atlassian applications (except Crowd itself).
Use the data from the corresponding table and column in the basic information chapter for each
application. So. e.g. when {url} is stated, do not use Crowds’ {url} but the {url] of the corresponding
app (jia, confluence etc.).
Click on Applications Add Application, fill in the form on Tab 1. Details as stated below in the
Screenshot, and click next.
Page 28 of 259
Babu R (623)
GSEP Installation Guide System Operations
In step 2. Connection you have to provide the application URL.
Enter the URL and click on Resolve IP Address. In the blue highlighted field the IP-address is shown.
Note that you will never see the target servers’ IP-address here but the one of the reverse proxy (so
it’s equal for all applications). Click next.
On tab 3. Directories you select directories for the application. Since there is only one default
directory, select this one and click next.
Page 29 of 259
Babu R (623)
GSEP Installation Guide System Operations
In Step 4. Authorization you have to add all groups matching the application by selecting the group in
the dropdown and clicking on the Add Group button.
E.g. for Jira you would add the groups jira-administrators, jira-developers, jira-users etc.
Then Click next.
Finally on tab 5. Confirmation you have to confirm the Application-creation. Control all inputs and
group mappings and click Add Application to create the application.
Crowd directory’s are by default 2-way administrable, that means that you can use jira, or
bamboo, etc. to create new users and groups inside crowd. We don’t want that behavior to
prevent accidental deletion, and to get a single administration point for users and groups. So we
have to configure permissions.
Click on Applications.
Page 30 of 259
Babu R (623)
GSEP Installation Guide System Operations
Repeat the following steps for each application marked in the screenshot below (Jira, Confluence,
Stash, Bamboo, Crucible). Do not change the permissions for crowd itself!
Select the “Permissions” tab, select the “Default”-Directory and remove all permissions by
deselecting all checkboxes. Click on “Update” when done and proceed with the next application as
stated above.
Repeat the following step for each application (Jira, Confluence, Stash, Bamboo, Crucible). Do not
change the permissions for crowd itself!
Click on the application in the „Search Applications“ area to get to the detail view of the application.
Click on the “Remote Addresses” Tab. Add all the {natips} addresses.
Now you have completed the Crowd integration steps on Crowd’s behalf. The other half will be done
in the following setup chapters for each Atlassian application.
Page 32 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.8.6 Start & Stop procedures
Crowd can be started by the init-script (as noted in chapter ):
To check whether crowd is running you can use (beside the above status method)
If there are issues with the service script the boot log for SuSE SLES is located in /var/log/boot.msg.
1.8.9 Troubleshooting
1.8.9.1 Users and administrators cannot login to crowd or any of the other systems (I)
Sometimes, especially during crowd configuration you will be logged out, and can’t login anymore
because of an invalid login-cookie. Clear your browsers cache and try again.
1.8.9.2 Users and administrators cannot login to crowd or any of the other systems (II)
After a given period of time neither users nor administrators can login into Crowd or any of the other
system. By entering valid login credentials a user isn’t logged in but instead is redirected to the login
form again. A crowd server restart helps for a given period of time, but then the problem comes
back.
There is a bug [see https://jira.atlassian.com/browse/CWD-3769] that can cause this issue. The
database connections are locking when Crowd saves a user token and never freed. So when the
database connection pool limit is reached Crowd will crash.
1. Stop the Crowd server by killing the tomcat process (as Crowd’s own stop script won’t work)
2. Execute the following SQL query on your Crowd database to switch to the in-memory token-
store (note that crowd might freeze some time until the migration is done):
UPDATE {dbuser}. CWD_PROPERTY SET property_value='false' WHERE
property_name='database.token.storage.enabled';
3. Execute the following SQL query on your Crowd database to remove the cached tokens (note
that all users will have to relogin)
DELETE FROM {dbuser}.CWD_TOKEN
4. Restart Crowd server
1.8.9.3 Crowd refuses Base URL during setup
The following issue was encountered in Daimler INT environment.
In the setup assistant you configured the Crowd base URL as specified in this guide but got the
following error message:
Page 34 of 259
Babu R (623)
GSEP Installation Guide System Operations
to communicate to the Crowd Server. Since they are usually on the same server, using localhost
generally works.”. So we can also use a localhost based base URL - that would be in our case
http://localhost:8080/crowd.
In {home_dir}/crowd-
In Crowd Administration page:
o In section Trusted Proxy Servers add
gsep-int.daimler.com
141.113.99.23 (IP of gsep-int.daimler.com)
security-proxy.emea.svc.corpintra.net
53.31.36.31 (IP of security-proxy.emea.svc.corpintra.net)
o In section General set SSO Domain to
gsep-int.daimler.com
o In Session Config switch Require Consistent Client IP Address to “false”.
then the proxy configuration for the crowd integration plugin is missing. The crowd integration plugin
uses it’s own proxy settings and doesn’t pick up the java default proxy system properties. Add system
parameters to the java startup parameters as shown below to configure the proxy completely
(usually in a setenv.sh file) - example for the Daimler INT environment:
-Dhttp.proxyHost=security-proxy.emea.svc.corpintra.net -Dhttp.proxyPort=3128 -
Dhttps.proxyHost=security-proxy.emea.svc.corpintra.net -Dhttps.proxyPort=3128 -
Dhttp.nonProxyHosts=localhost\|127.0.0.1 -Dcrowd.property.http.proxy.host=security-
proxy.emea.svc.corpintra.net -Dcrowd.property.http.proxy.port=3128
Page 35 of 259
Babu R (623)
GSEP Installation Guide System Operations
Then you need to configure the IP address shown in the error message as trusted ip address for the
application in crowd as shown below for Jira in Daimler INT environment.
In Daimler INT environment there are two IPs the loadbalancer is using, 141.113.99.238 and
141.113.99.239 - so both of them has to be configured as shown below.
Page 36 of 259
Babu R (623)
GSEP Installation Guide System Operations
The reason for that is that the crowd web-front end is just an application like jira, confluence, etc.
that talks to the crowd server. Like every other application the crowd application has list of valid
remote addresses, and the proxy isn’t set there yet.
To fix that you have to revert the proxy settings in server.xml and set the crowd.server.url in crowd-
home/crowd.properties to “https\://localhost\:8080/crowd”, so that you can login to crowd, and
enter the IPs as stated in the chapter before for the crowd application:
After you’ve done that you can stop crowd, enter the proxy settings again, correct the
crowd.server.url and restart crowd.
1.9.1 Prerequisites
All common setup should be completed before proceeding with Data Center configurations.
Follow 3.2.6 for common setup for all individual Data Center Nodes.
Apache 2.4.X version web servers required for load balancing.
All the cluster nodes should be able to access NFS drive.
Nodes must be configured to have unrestricted port access to each other.
Nodes must be configured with the same time zone and keep the current time synchronized.
A load balancer that supports both HTTP mode (for web traffic) and TCP mode (for SSH
traffic), and support session affinity ("sticky sessions")
A supported external database, shared and available to all cluster nodes.
1.9.1.1 Web Server Installation
Login to web server as a root and run below command
Page 37 of 259
Babu R (623)
GSEP Installation Guide System Operations
This will install default apache 2.4.x version
Check version
$which apachectl
/usr/sbin/apachectl
$ apachectl –version
a2enmod proxy
a2enmod proxy_http
a2enmod mod_proxy_balancer
a2enmod rewrite
a2enmod proxy_wstunnel
a2enmod mod_slotmem_shm
Page 38 of 259
Babu R (623)
GSEP Installation Guide System Operations
a2enmod mod_lbmethod_byrequests
a2enmod mod_lbmethod_bytraffic
a2enmod mod_lbmethod_bybusyness
Hardening
Edit the file and insert the following content right below the <VirtualHost *:80> line at the top:
# Landing page
DocumentRoot "/srv/www/htdocs"
<Directory "/srv/www/htdocs">
Options None
Require all granted
FileETag None
<LimitExcept GET HEAD>
Require all denied
</LimitExcept>
</Directory>
Page 39 of 259
Babu R (623)
GSEP Installation Guide System Operations
<LocationMatch "^.*">
Require all granted
# disable http 1.0 protocol - Uh Oh This seems to kill the Loadbalancer... so we'll disable that
for now
#RewriteEngine On
#RewriteCond %{THE_REQUEST} !HTTP/1.1$
#RewriteRule .* - [F]
# disable ETAG
FileETag None
# Limit request bodies to 500kb (this may create upload problems! then we have to adjust)
LimitRequestBody 512000
# Secure Cookies (this kills crowd sso login - what a pitty :-( )
#Header edit Set-Cookie ^((?!HttpOnly).)*$ $1;HttpOnly
#Header edit Set-Cookie ^((?!Secure).)*$ $1;Secure
# Cross Site Scripting protection (this may block REST API calls! then we have to adjust)
Header merge X-XSS-Protection "1; mode=block"
# Clickjacking protection
Header merge X-Frame-Options SAMEORIGIN
# Prevent mime-sniffing
Header merge X-Content-Type-Options "nosniff"
# Change tomcat server name: this works only for proxied responses
Header set Server "Apache"
</LocationMatch>
# Proxying
# --------
#---
# Remove or comment out the following section
<Proxy *>
Require all granted
</Proxy>
Page 40 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.9.2 Jira Data Center
1.9.2.1 Prerequisites
Each node does not need to be identical, but for consistent performance, we recommend
they are as close as possible
Nodes must run the exact same JIRA version and must be located in the same data center
All the node should have same OS application user to own everything in the Jira Server
shared home directory. Choose a UID for OS user that's free on all your cluster nodes and the
shared file system server.
You must ensure that the OS user has the same UID on all cluster nodes and the shared file
system server. (You can check in /etc/passwd for UID) refer common setup section.
1.9.2.1.1 NFS Mount Point
NFS drive mounted on all the JIRA nodes.
$cd /gsep_data_int
$ mkdir -p /gsep_data_int/DATA_CENTER/GSEP_JIRA
1.9.2.2 Installation
For JIRA server installation follow section 3.2.8
1.9.2.3 Shared Home Directory Setup
In this step, you need to set up a shared home directory that is writable by the JIRA instance and any
future nodes.
$cd /gsep_data_int/DATA_CENTER/GSEP_JIRA
$mkdir –p /gsep_data_int/DATA_CENTER/GSEP_JIRA/shared-home
Ensure that directory can be read and written by other potential nodes
/etc/init.d/jira stop
Note: DO NOT create symbolic links between the local and shared homes! This will cause issues
when having more than one node running at the same time.
Page 41 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.9.2.4 Change Ownership
$cd {sharedhome_dir}
/etc/init.d/jira stop
Page 42 of 259
Babu R (623)
GSEP Installation Guide System Operations
Navigate to https://gsep.daimler.com/jira
Page 43 of 259
Babu R (623)
GSEP Installation Guide System Operations
</Location>
ProxyPass /balancer-manager !
ProxyPass /jira balancer://jiracluster stickysession=ROUTEID
</VirtualHost>
After adding JIRA to the load balancer, ensure that basic functionality is working after restarting the
JIRA instance by navigating to the instance, logging in, and noting any broken links or malfunctioning
JIRA functionality.
1.9.2.8 Add Cluster Node
Stop the JIRA cluster node1
/etc/init.d/jira stop
Copy the local home directory from the first node to this new node.
$cp –r <temp_dir>/jira-home /opt/atlassian
Alter the cluster.properties file to reference the new node id. All node ids must be unique among
nodes.
$vi cluster.properties
$vi /etc/apache2/conf.d/gsep_proxy.conf
<VirtualHost *:80>
ProxyRequests off
<Proxy balancer://jiracluster>
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/"
env=BALANCER_ROUTE_CHANGED
# JIRA node 1
BalancerMember http://53.31.30.174:8080/jira route=Jira-Node1
Page 44 of 259
Babu R (623)
GSEP Installation Guide System Operations
# JIRA node 2
BalancerMember http://53.31.30.163:8080/jira route=Jira-Node2
</Proxy>
<Location /balancer-manager>
SetHandler balancer-manager
</Location>
ProxyPass /balancer-manager !
ProxyPass /jira balancer://jiracluster stickysession=ROUTEID
</VirtualHost>
Ensure that issue creation, search, attachments, and customizations work as expected.
Navigate to https://gsep.daimler.com/jira Go to Admin System System Info
Repeat steps 7 and 8 for each new node from this section.
1.9.2.10 Health Check
Goto Administrations System Support Tools
Page 45 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.9.2.11 References
https://confluence.atlassian.com/adminjiraserver071/installing-jira-data-center-802592197.html
https://confluence.atlassian.com/enterprise/jira-data-center-load-balancer-examples-
781200827.html
https://confluence.atlassian.com/kb/proxying-atlassian-server-applications-with-apache-http-server-
mod_proxy_http-806032611.html
https://confluence.atlassian.com/enterprise/jira-data-center-health-check-tools-644580752.html
$cd /backup_nfs
1.9.3.2 Terminology
Installation directory – The directory where you installed Confluence on a node.
Local home directory – The home or data directory on each node (in non-clustered
Confluence this is simply known as the home directory).
Shared home directory – The directory you created that is accessible to all nodes in the
cluster via the same path.
At the end of the installation process, you'll have an installation and local home directory on each
node, and a single shared home directory
1.9.3.3 Installation
For Confluence server installation follow section 3.2.9
1.9.3.4 Shared Home Directory Setup
In this step, you need to set up a shared home directory that is writable by the JIRA instance and any
future nodes.
Page 46 of 259
Babu R (623)
GSEP Installation Guide System Operations
/gsep_data_int/DATA_CENTER/GSEP_CONFLUENCE
$mkdir –p {sharedhome_dir}
Ensure that directory can be read and written by other potential nodes
/etc/init.d/confluence stop
In the existing Confluence home directory move contents of {home_dir}/shared-home to the new
shared home directory you just created.
Once the data is moved, delete the shared-home directory from local server {home_dir}
$cd {home_dir}/
/etc/init.d/confluence start
Navigate to https://gsep-int.daimler.com/confluence
The setup wizard will guide you through setting up the first node. You'll be prompted to enter:
Page 47 of 259
Babu R (623)
GSEP Installation Guide System Operations
This will initiate Data Center Migration.
/gsep_data_int/DATA_CENTER/ GSEP_CONFLUENCE/shared-home
Page 48 of 259
Babu R (623)
GSEP Installation Guide System Operations
Goto Admin General Configurations Clustering
/etc/init.d/confluence stop
Copying the local home directory ensures the Confluence search index, the database and cluster
configuration, and any other settings are copied to node 2.
IMP NOTE: Start Confluence on the first node, wait, and then start Confluence on second node.
/etc/init.d/confluence start
/etc/init.d/confluence start
Page 49 of 259
Babu R (623)
GSEP Installation Guide System Operations
Wait for Confluence to become available on node 2.
1.9.3.8 Test Cluster Connectivity
The Cluster Administration page ( > Clustering) includes information about the active cluster.
When the cluster is running properly, this page displays.
$vi /etc/apache2/conf.d/gsep_proxy.conf
<Proxy balancer://confluencecluster>
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/"
env=BALANCER_ROUTE_CHANGED
# confluence node 1
BalancerMember http://53.31.30.179:8080/confluence route=Confluence-Node1
# confluence node 2
BalancerMember http://53.31.30.165:8080/confluence route=Confluence-Node2
</Proxy>
<Location /balancer-manager>
SetHandler balancer-manager
</Location>
ProxyPass /balancer-manager !
ProxyPass /confluence balancer://confluencecluster stickysession=ROUTEID
Restart the Apache
$apachectl –k start
After adding Confluence to the load balancer, ensure that basic functionality is working after
restarting the Confluence instance by navigating to the instance, logging in, and noting any broken
links or malfunctioning Confluence functionality.
For each new node follow the steps from 6 to 8 in this section.
Page 50 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.9.3.10 Name Cluster Nodes
On each Confluence Node add the below parameter for cluster name nodes CATALINA_OPTS="”.
-Dconfluence.cluster.node.name=Confluence-Node1
vi {install_dir}/bin/setenv.sh
sedcspb1002f.emea.bg.corpintra.net:/sedcspb1002f_nas_vol079/DATA_CENTER/
GSEP_PROD_DATA/GSEP_BITBUCKET/shared-home 21T 7.4T 14T 36% /opt/atlassian/atlassian-
bitbucket-home-<version>/shared
$cd /gsep_data_int
$ mkdir -p /gsep_data_int/DATA_CENTER/GSEP_BITBUCKET
/opt/atlassian/atlassian-bitbucket-home-<version>/shared
/GSEP_DATA/DATA_CENTER/GSEP_PROD_DATA/GSEP_BITBUCKET/shared-home
$mkdir –p /GSEP_DATA/DATA_CENTER/GSEP_PROD_DATA/GSEP_BITBUCKET/shared-home
Ensure that directory can be read and written by other potential nodes
Page 52 of 259
Babu R (623)
GSEP Installation Guide System Operations
Stop the Bitbucket application before going further setup.
/etc/init.d/stash stop
shared directory in the Bitbucket Server home directory needs to be restored into the NFS shared
home directory. The remaining directories (bin, caches, export, lib, log, plugins, and tmp) contains
only caches and temporary files, and do not need to be restored
Delete the existing shared directory from {home_dir} dir, if exist from first node.
$cd {home_dir}
$vi /etc/fstab
sedcspb1002f.emea.bg.corpintra.net:/sedcspb1002f_nas_vol079/DATA_CENTER/
GSEP_PROD_DATA/GSEP_BITBUCKET/shared-home /opt/atlassian/atlassian-bitbucket-home-
<version>/shared
$mkdir -p {home_dir}/shared
$cd /opt/atlassian/
hazelcast.network.tcpip=true
Page 53 of 259
Babu R (623)
GSEP Installation Guide System Operations
hazelcast.network.tcpip.members=53.31.30.160:5701,53.31.30.62:5701,53.31.30.65:5701
#Note: Ip adresses mentioned are of all the nodes with port 5701.
hazelcast.group.name=bitbucket-cluster
hazelcast.group.password=bitbucket-cluster
server.port=8080
server.scheme=https
server.proxy-name=gsep.daimler.com
server.proxy-port=443
server.secure=true
server.require-ssl=true
server.context-path=/stash
/etc/init.d/stash stop
/etc/init.d/stash start
Navigate to https://gsep.daimler.com/stash
Page 54 of 259
Babu R (623)
GSEP Installation Guide System Operations
Verify that the node you have started up has successfully joined the cluster. If it does not, please
check your network configuration and the {home_dir} /log/atlassian-bitbucket.log for the node.
1.9.4.11 Configure Load Balancer
Login to web server ex: sedcigse0090
<Proxy balancer://stashcluster>
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/"
env=BALANCER_ROUTE_CHANGED
# Bitbucket node 1
BalancerMember http://53.31.30.160:8080/stash route=Bitbucket-Node1
# Bitbucket node 2
BalancerMember http://53.31.30.62:8080/stash route=Bitbucket-Node2
# Bitbucket node 3
BalancerMember http://53.31.30.65:8080/stash route=Bitbucket-Node3
</Proxy><Location /balancer-manager>
SetHandler balancer-manager
</Location>
ProxyPass /balancer-manager !
ProxyPass /stash balancer://stashcluster stickysession=ROUTEID
Restart the Apache
$apachectl –k start
After adding Bitbucket to the load balancer, ensure that basic functionality is working after restarting
the Bitbucket instance by navigating to the instance, logging in, and noting any broken links or
malfunctioning Bitbucket functionality.
1.9.4.12 Configure App Sync server(Haproxy)
Page 55 of 259
Babu R (623)
GSEP Installation Guide System Operations
Login to Application Sync server ex: sedcagse1000, sedcagse1010,
balance leastconn
stick on cookie(BITBUCKETSESSIONID)
/etc/init.d/stash stop
Copying the local home directory ensures the Bitbucket search index, the database and cluster
configuration, and any other settings are copied to node 2.
$vi /etc/fstab
sedcspb1002f.emea.bg.corpintra.net:sedcspb1002f_nas_vol097/DATA_CENTER/
GSEP_BITBUCKET/shared-home /opt/atlassian/atlassian-bitbucket-home-<version>/shared nfs
lookupcache=pos,noatime,intr,rsize=32768,wsize=32768 0 0
Note: Only the {sharedhome_dir} directory should be shared between cluster nodes. All other
directories, including ${BITBUCKET_HOME}, should be node-local (that is, private to each node).
$cd /opt/atlassian/
hazelcast.network.tcpip.members=53.31.30.160:5701,53.31.30.62:5701,53.31.30.65:5701
#Note: Ip adresses mentioned are of all the nodes with port 5701.
hazelcast.group.name=bitbucket-cluster
hazelcast.group.password=bitbucket-cluster
server.port=8080
server.scheme=https
server.proxy-name=gsep.daimler.com
server.proxy-port=443
server.secure=true
server.require-ssl=true
server.context-path=/stash
/etc/init.d/stash stop
/etc/init.d/stash start
Navigate to https://gsep.daimler.com/stash
Page 57 of 259
Babu R (623)
GSEP Installation Guide System Operations
Once Bitbucket Server has started, go to https://gsep.daimler.com/stash/admin/clustering you
should see a page similar to this:
Upgrade Middleware (JAVA)-Download the java installer file from the below URL
http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html
Setting up the environment to run elasticsearch Download package from>>
https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-5.5.3.tar.
Open the limit.conf and add the below parameter in the last line of the file (operation should
perform in root user).
# root@sedcagse0470: vi /etc/security/limit.conf
sysctl -w fs.file-max=65536
sysctl -w vm.max_map_count=262144
# root@sedcagse0470: cd {install_dir}/config/
$ vi elasticsearch.yml
action.auto_create_index: false
network.host: 0.0.0.0
http.type: buckler
transport.type: buckler
Download the required plugins for elasticsearch from the below URL ,
https://packages.atlassian.com/maven/com/atlassian/elasticsearch/buckler-plugin/1.0.4/buckler-plugin-1.0.4-
5.5.3.zip?_ga=2.162916796.1888886840.1538201448-1871531355.1511863314
# root@sedcagse0470: {install_dir}/bin :
Page 59 of 259
Babu R (623)
GSEP Installation Guide System Operations
$ ./elasticsearch-plugin install -b buckler-plugin-1.0.4-5.5.3.zip
Create a directory called buckler within the elasticsearch/config/ directory and within the
elasticsearch/config/buckler directory, create a file named buckler.yml.
# root@sedcagse0470:{install_dir}/config : cd buckler
Modify the buckler.yml by adding these below lines to enable the Buckler for basic HTTP
authentication.
# root@sedcagse0470:{install_dir}/bin : vi buckler.yml
auth.basic.http.enabled: true
Login to bitbucket server all 3 nodes and do a telnet to sedcagse0470 9200 port.
If the telnet is successful then proceed to next, go to bitbucket server sedcagse0090 and redirect to
below path.
# root@sedcagse0090: {home_dir}/shared :
Open the file bitbucket.properties and at the end add the below line.
Page 60 of 259
Babu R (623)
GSEP Installation Guide System Operations
root@sedcagse0090: {home_dir}/shared : vi bitbucket.properties
1.9.4.15 References
https://confluence.atlassian.com/bitbucketserver0414/installing-bitbucket-data-center-
895368445.html
https://confluence.atlassian.com/bitbucketserver/install-and-configure-a-remote-elasticsearch-
instance-815577748.html
sedcspb1002f.emea.bg.corpintra.net:/sedcspb1002f_nas_vol079/DATA_CENTER/
GSEP_PROD_DATA/GSEP_CROWD/shared
$cd /GSEP_PROD_DATA
$ mkdir -p / GSEP_PROD_DATA/DATA_CENTER/GSEP_CROWD
1.9.5.2 Terminology
Installation directory - <Crowd install directory> is the directory where you installed Crowd
on a node.
Shared home directory – <Crowd shared home> the directory you created that is accessible
to all nodes in the cluster via the same path.
Page 61 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.9.5.3 Installation
For Crowd server installation follow section 3.2.7
1.9.5.4 License Update
Go to Licensing Edit license, then paste your Crowd Data Center license.
1.9.5.5 Shared Home Directory Setup
In this step, you need to set up a shared home directory that is writable by the Crowd instance and
any future nodes.
/GSEP_PROD_DATA/DATA_CENTER/GSEP_CROWD
$cd /GSEP_PROD_DATA/DATA_CENTER/int/crowd/
$mkdir –p /GSEP_PROD_DATA/DATA_CENTER/GSEP_CROWD/shared
Ensure that directory can be read and written by other potential nodes
/etc/init.d/crowd stop
shared directory in the crowd Server home directory needs to be restored into the NFS shared home
directory. The remaining directories (bin, caches, export, lib, log, plugins, and tmp) contains only
caches and temporary files, and do not need to be restored
Delete the existing shared directory from {home_dir} dir, if exist from first node.
$cd {home_dir}
$vi /etc/fstab
sedcspb1002f.emea.bg.corpintra.net:sedcspb1002f_nas_vol097/DATA_CENTER/GSEP_CROWD/
shared-home /opt/atlassian/atlassian-crowd-home-{version}/shared nfs
lookupcache=pos,noatime,intr,rsize=32768,wsize=32768 0 0
Page 62 of 259
Babu R (623)
GSEP Installation Guide System Operations
Note: Only the /GSEP_PROD_DATA/DATA_CENTER/GSEP_CROWD/shared directory should be
shared between cluster nodes. All other directories, including ${CROWD_HOME}, should be node-
local (that is, private to each node).
$mkdir -p {home_dir}/shared
$cd /opt/atlassian/
Navigate to https://gsep-int.daimler.com/crowd
Verify that the node you have started up has successfully joined the cluster. If it does not, please
check your network configuration and the {home_dir} /log/atlassian-crowd.log for the node.
1.9.5.10 Add Cluster Node
Shut down crowd on node 1
/etc/init.d/crowd stop
Page 63 of 259
Babu R (623)
GSEP Installation Guide System Operations
$cp –r <temp_dir>/crowd /opt/atlassian/
Copying the local home directory ensures the Crowd search index, the database and cluster
configuration, and any other settings are copied to node 2.
$vi /etc/fstab
sedcspb1002f.emea.bg.corpintra.net:sedcspb1002f_nas_vol097/DATA_CENTER/GSEP_CROWD/
shared /opt/atlassian/atlassian-crowd-home-3.7.1/shared nfs
lookupcache=pos,noatime,intr,rsize=32768,wsize=32768 0 0
Note: Only the {sharedhome_dir} directory should be shared between cluster nodes. All other
directories, including ${CROWD_HOME}, should be node-local (that is, private to each node).
$mkdir -p {home_dir}/shared
$cd /opt/atlassian/
Page 64 of 259
Babu R (623)
GSEP Installation Guide System Operations
Verify that the node you have started up has successfully joined the cluster. If it does not, please
check your network configuration and the {home_dir} /log/atlassian-crowd.log for the node.
1.9.5.11 References
https://confluence.atlassian.com/crowd/installing-crowd-data-center-935369773.html#
$ cd /opt/atlassian/artifactory/etc/
$ vim ha-node.properties
node.id=art1
context.url=http://53.31.30.37:8080/artifactory
primary=true
artifactory.ha.data.dir=/gsep_art_prod/artifactory-data/filestore
Page 65 of 259
Babu R (623)
GSEP Installation Guide System Operations
$ chown {osuser}:users /opt/atlassian/artifactory/etc/ha-node.properties
sedcs096314f.emea.bg.corpintra.net:/sedcs096314f_cifs_nfs_vol078/eedc_o00078
$ cd /opt/atlassian/artifactory/etc/
$ vim ha-node.properties
node.id=art2
context.url=http://53.31.55.70:8080/artifactory
primary=false
artifactory.ha.data.dir=/gsep_art_prod/artifactory-data/filestore
$ scp sedcagse0180:/opt/atlassian/artifactory/etc/artifactory.system.properties
/opt/atlassian/artifactory/etc/
$ scp sedcagse0180:/opt/atlassian/artifactory/etc/security/master.key
/opt/atlassian/artifactory/etc/security
$ scp sedcagse0180:/opt/atlassian/artifactory/tomcat/conf/server.xml
/opt/atlassian/artifactory/tomcat/conf/
$ scp sedcagse0180:/opt/atlassian/artifactory/tomcat/bin/setenv.sh
/opt/atlassian/artifactory/tomcat/bin/
Page 66 of 259
Babu R (623)
GSEP Installation Guide System Operations
Apply artifactry user permission to Artifactory directory
$cd /opt/atlassian/
Verify that the node you have started up has successfully joined the cluster. If it does not, please
check your network configuration and the {home_dir} /logs/artifactory.log for the node.
backend backend_180_8080
server Artifactory_EDC 53.31.30.37:8080 check
server Artifactory2_8080 53.31.55.70:8080 check (to be added for secondary node)
backend backend_docker_artifactory
server docker_artifactory 53.31.30.37:8080 check
server docker_artifactory2 53.31.55.70:8080 check (to be added for secondary node)
Page 67 of 259
Babu R (623)
GSEP Installation Guide System Operations
$ service haproxy status
1.9.6.5 References
https://gsep.daimler.com/confluence/pages/viewpage.action?pageId=496151344
https://gsep.daimler.com/confluence/display/GSEPDMINTE/Jfrog-EDC+Artifactory-HA+Setup
https://gsep.daimler.com/confluence/display/GSEPDMINTE/Test+case+information+-+Jfrog-
EDC+Artifactory-HA+Setup
https://www.jfrog.com/confluence/display/RTF6X/
HA+Installation+and+Setup#InstallationandSetup-ConfiguringArtifactoryHA
In coordination with EDC we decided to serve this landing page on the Jira application server on the
root context path (localhost:8080/). As such a landing page is not an atlassian offering we need to
configure it manually here. If any adjustments are needed - just edit the html files - no server
restart is required.
Create a new folder „ROOT“ in the webapps folder of the jira installation for the landing page.
The landing page folder should look like this now (screenshot from Daimler INT environment):
Now that everything is in place we only need to configure the new context path in server.xml (as
documented in the following chapter).
1.10.1.3 Config file adjustments
Edit the following files on your jira target server.
{install_dir}/atlassian-jira/WEB-INF/classes/jira-application.properties
{install_dir}/conf/server.xml
for Daimler INT and PROD environments add the following attributes:
scheme="https"
proxyName="{proxy}"
proxyPort="443"
secure="true"
add a new <Context>-Element below the closing tag (</Context>) of the one you just edited to
configure the context path for the landing page:
<Context path="" docBase="${catalina.home}/webapps/ROOT" reloadable="false"
useHttpOnly="true">
<Manager pathname=""/>
</Context>
Page 69 of 259
Babu R (623)
GSEP Installation Guide System Operations
{install_dir}/bin/setenv.sh
In line 9 change:
JVM_SUPPORT_RECOMMENDED_ARGS=""
to
JVM_SUPPORT_RECOMMENDED_ARGS="-Dhttp.proxyHost=security-proxy.emea.svc.corpintra.net
-Dhttp.proxyPort=3128 -Dhttps.proxyHost=security-proxy.emea.svc.corpintra.net -
Dhttps.proxyPort=3128 -Dhttp.nonProxyHosts=localhost\|127.0.0.1 -
Dcrowd.property.http.proxy.host=security-proxy.emea.svc.corpintra.net -
Dcrowd.property.http.proxy.port=3128"
In line 60 change:
JIRA_MAX_PERM_SIZE=384m
to
JIRA_MAX_PERM_SIZE={maxperm}
Page 70 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.10.1.5.2 Application properties
Configure the options form as shown in the screenshot below.
Page 71 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.10.1.5.3 Jira package
Choose “Jira + Jira Agile” to activate the Jira Agile plugin during setup.
Page 72 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.10.1.5.4 License setup
Click on “I have a Jira key”. Ignore the email and password fields, enter the license and click on
“Next”.
Page 73 of 259
Babu R (623)
GSEP Installation Guide System Operations
Ignore the warning and continue by clicking “Next”.
Page 74 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.10.1.5.5 Default administrator
Jira needs also a default administrator account.
Page 75 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.10.1.5.6 Mail configuration
Configure the mail configuration as shown in the screenshot below. Note that the “Email-Prefix” field
is empty (filtering can also be done by the “From address” later so we won’t need a prefix).
Page 76 of 259
Babu R (623)
GSEP Installation Guide System Operations
Page 77 of 259
Babu R (623)
GSEP Installation Guide System Operations
By clicking “Finish” the setup wizard will close and you will be redirected to the login screen.
1.10.1.5.7 Finish
Now the jira basic setup is complete.
Page 78 of 259
Babu R (623)
GSEP Installation Guide System Operations
.
The additional credentials needed here is because of a mechanism Atlassian calls “websudo”. You
will enter a special “secure administration session” that will automatically timeout after 10 min of
inactivity. Not all Atlassian tools have websudo enabled, but for the ones that have you should
provide your credentials as needed. The rest of this document assumes that you will - and won’t
document it anymore.
Page 79 of 259
Babu R (623)
GSEP Installation Guide System Operations
In the popup window select “Atlassian Crowd” as directory type and press “Next”.
Page 80 of 259
Babu R (623)
GSEP Installation Guide System Operations
Configure the Crowd connection as shown below. Before you can save the settings you have to test
them by clicking “Test Settings”.
After the positive connection test you can click “Save and Test” to activate the Crowd connection.
Page 81 of 259
Babu R (623)
GSEP Installation Guide System Operations
To load the users and groups immediately press “Synchronize” and wait for the synchronization to
complete.
Page 82 of 259
Babu R (623)
GSEP Installation Guide System Operations
Now the connection to crowd is established.
{install_dir}/atlassian-jira/WEB-INF/classes/seraph-config.xml
Create a new empty file “crowd.properties” in the same directory and edit it:
{install_dir}/atlassian-jira/WEB-INF/classes/crowd.properties
application.name jira
application.password {crowdpw}
application.login.url {url}
Page 83 of 259
Babu R (623)
GSEP Installation Guide System Operations
crowd.server.url {crowd:url}/services/
crowd.base.url {crowd:url}
session.isauthenticated session.isauthenticated
session.tokenkey session.tokenkey
session.validationinterval 2
session.lastvalidation session.lastvalidation
As an example, for the :em INT Environment this file would look like this:
application.name jira
application.password jira
application.login.url http://dagsep/jira
crowd.server.url http://dagsep/crowd/services
crowd.base.url http://dagsep/crowd
session.isauthenticated session.isauthenticated
session.tokenkey session.tokenkey
session.validationinterval 2
session.lastvalidation session.lastvalidation
Now that you’ve activated SSO for Jira, the default local Jira user directory won’t work anymore. All
authentication requests are handled by Crowd. So if for some reason crowd isn’t working and you
need to log in to jira, you have to revert the changes you did in this chapter to be able to login with
the local admin credentials.
Page 84 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.10.4 Backup
To keep the data integrity jira should be shut down before doing a backup.
Then a database backup should be done in conjunction with a file system backup of the {home_dir}
directory.
If there are issues with the service script the boot log for SuSE SLES is located in /var/log/boot.msg.
Page 85 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.10.7 Confluence setup
1.10.7.1 Prerequisites
You have completed the common system setup for the confluence target server (see chapter
1.7).
You have completed the crowd setup (see chapter 1.8).
You are logged in as root on the confluence target server.
1.10.7.2 Config file adjustments
Edit the following files on your confluence target server.
{install_dir}/confluence/WEB-INF/classes/confluence-init.properties
{install_dir}/conf/server.xml
in line 3 (‘<Connector>’-Element):
be sure that port-Attribute is set to “8080”
for Daimler INT and PROD environments add the following attributes:
scheme="https"
proxyName="{proxy}"
proxyPort="443"
secure="true"
{install_dir}/bin/setenv.sh
Page 86 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.10.7.3 Installing Oracle 11g JDBC driver
cp /opt/atlassian/packages/ojdbc7.jar {install_dir}/confluence/WEB-INF/lib #
copy jdbc driver
For Daimler environments the license is already bound - Just enter it in the “License Key”-field.
Page 87 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.10.7.5.3 Database configuration
Configure the database as “Oracle 11g” as shown below.
Page 88 of 259
Babu R (623)
GSEP Installation Guide System Operations
Choose kind of connection.
Page 89 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.10.7.5.4 Load content
As we don’t want to have any demo-data in the confluence instance choose “Empty Site”.
Page 90 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.10.7.5.6 Default administrator
Confluence needs also a default administrator account.
1.10.7.5.7 Finish
Now you’re done with the basic confluence setup. Click on “Start using Confluence” to get to the
Confluence login screen.
Page 91 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.10.7.6 Web based configuration
Now we have to do some basic configuration steps. Log into Confluence as {admin}.
Page 92 of 259
Babu R (623)
GSEP Installation Guide System Operations
In the popup window select “Atlassian Crowd” as directory type and press “Next”.
Configure the Crowd connection as shown below. Before you can save the settings you have to test
them by clicking “Test Settings”.
Page 93 of 259
Babu R (623)
GSEP Installation Guide System Operations
After the positive connection test you can click “Save and Test” to activate the Crowd connection.
Page 94 of 259
Babu R (623)
GSEP Installation Guide System Operations
To load the users and groups immediately press “Synchronize” and wait for the synchronization to
complete.
Page 95 of 259
Babu R (623)
GSEP Installation Guide System Operations
Now the connection to crowd is established.
1.10.7.6.3 Mail configuration
In the administration area click on “Mail Servers” and then on “Add a new SMTP mail server”.
Now enter the mail server credentials as shown below, click „Submit“ and the mail server
configuration is done.
Page 96 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.10.7.6.4 Deactivate automatic backups
We need to deactivate automatic backups, as Atlassian recommends:
“Warning: We do not recommend the automatic backup procedure for production installations, as
it may require a large amount of memory, CPU and disk space.
Instead, we recommend that you perform a manual backup of your Confluence database, home
directory and attachments. For more information, please refer to our online documentation.”
To do this click on „Schedule Jobs“ in the administration area and “Disable” the “Back Up
Confluence”-Job.
Page 97 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.10.7.6.5 Add-on installation: draw.io
Draw.io (former name: diagramly) is a confluence add-on for drawing diagrams.
In the administration area click on “Manage add-ons” and then on “Upload add-on”.
In the upload window select the plugin with the “browse” button on your local computer (it inside
the provided install package in /opt/atlassian/packages where you can download it with SCP) and
click on “Upload”.
Page 98 of 259
Babu R (623)
GSEP Installation Guide System Operations
Now enter the License for the draw.io plugin as shown below.
{install_dir}/confluence/WEB-INF/classes/seraph-config.xml
{install_dir}/confluence/WEB-INF/classes/crowd.properties
application.name confluence
application.password {crowdpw}
application.login.url {url}
crowd.server.url {crowd:url}/services/
crowd.base.url {crowd:url}
session.isauthenticated session.isauthenticated
session.tokenkey session.tokenkey
session.validationinterval 2
session.lastvalidation session.lastvalidation
As an example, for the :em INT Environment this file would look like this:
application.name confluence
application.password confluence
application.login.url http://dagsep/confluence
crowd.server.url http://dagsep/crowd/services
crowd.base.url http://dagsep/crowd
session.isauthenticated session.isauthenticated
session.tokenkey session.tokenkey
session.validationinterval 2
session.lastvalidation session.lastvalidation
Now that you’ve activated SSO for Confluence, the default local Confluence user directory won’t
work anymore. All authentication requests are handled by Crowd. So if for some reason crowd isn’t
working and you need to log in to Confluence, you have to revert the changes you did in this
chapter to be able to login with the local admin credentials.
Then a database backup should be done in conjunction with a file system backup of the {home_dir}
directory.
1.10.7.10 Log files
The logfiles are located in {home_dir}/logs.
If there are issues with the service script the boot log for SuSE SLES is located in /var/log/boot.msg.
1.10.7.11 Reference links
This section lists further resources for Confluence.
cd /opt/atlassian/packages
yast --install perl-Error-0.17022-35.4.noarch.rpm
yast --install git-core-2.1.0-209.1.x86_64.rpm
yast --install git-2.1.0-209.1.x86_64.rpm
{install_dir}/bin/set-bitbucket-home.sh
BITBUCKET_HOME={home_dir}
{install_dir}/bin/_start-webapp.sh
In line 22 change:
JVM_SUPPORT_RECOMMENDED_ARGS=""
to
JVM_SUPPORT_RECOMMENDED_ARGS="-Dhttps.proxyHost=security-
proxy.emea.svc.corpintra.net -Dhttps.proxyPort=3128 -Dhttp.nonProxyHosts=localhost|127.0.0.1|
53.31.30.160|53.31.30.38|53.255.82.156|53.255.99.10|53.255.101.10|53.88.186.122|
53.88.191.254|53.55.135.229|53.255.82.157|53.88.186.123|53.55.8.253|53.55.8.252|
53.55.8.251|53.55.32.254|53.55.64.250|53.55.80.250|53.55.96.250|gsep.daimler.com|
*.corpintra.net|master.caas.rd.corpintra.net -Dcluster.node.name=Bitbucket-Node1"
{home_dir}/shared/bitbucket.properties
server.port=8080
server.scheme=https
server.proxy-name=gsep-.daimler.com
server.proxy-port=443
server.secure=true
server.require-ssl=true
server.context-path=/stash
Specify your license by generating one with the help of the given server id (blue highlighting in the
screenshot below).
For Daimler environments the license is already bound - Just enter it in the “License Key”-field.
Go to the administration interface by clicking the cog icon at the right in the blue header bar.
Now enter the mail server configuration data as stated in the screenshot and hit “Save”. You may
send a test email to yourself to validate the mail server credentials.
Configure the Crowd connection as shown below. Before you can save the settings you have to test
them by clicking “Test Settings”.
In the „Group Access“ section add the missing stash groups („stash-projectcreators”, “stash-
administrators”, “stash-systemadministrators”) - you can select them when you start typing “stash”
in the input field. When all missing stash groups are visible (see screenshot below) inside of the input
field click on the “Add” button to add them all.
{home_dir}/shared/stash-config.properties
reboot
When the server comes up and stash has been initialized you have configured SSO
Atlassian states: “Any backup strategy that captures both the file system and database while
Stash is still available to users runs the risk that the backed up Git repositories are corrupted or
that the data in the database doesn't reflect the repository state on disk. Therefore, strategies for
backing up and restoring Stash data must keep the repository data and the database perfectly
synchronised.”
They further recommend the use of the Stash Backup Client, a command line based application that
will lock a running Stash instance for users, waits for all git operations to complete and will backup all
necessary files and the database at once. While this may take a little bit more time than a “native”
database and filesystem backup it is also a more secure way considering data integrity and keeps
stash - although not usable - running.
During maintenance mode (backup and restore) users will see a lock and status screen like the
following:
We also recommend using the Stash Backup Client and therefore bundled it into the Stash
deployment package.
Information on how to use the Stash Backup Client can be found here:
https://confluence.atlassian.com/display/STASH/Using+the+Stash+Backup+Client
1.10.8.10 Log files
The log files are located in {home_dir}/log and in {install_dir}/logs.
If there are issues with the service script the boot log for SuSE SLES is located in /var/log/boot.msg.
$ cd /opt/atlassian/
$ unzip crucible-x.x.x.zip
$ mv fecru-x.x.x atlassian-crucible-x.x.x
$ mkdir atlassian-crucible-home-x.x.x
$ ln -s /opt/atlassian/atlassian-crucible-x.x.x crucible
$ ln -s /opt/atlassian/atlassian-crucible-home-x.x.x crucible-home
$ cp /opt/atlassian/crucible/config.xml /opt/atlassian/crucible-home
1.10.9.3 Config file adjustments
Edit the following file:
{install_dir}/bin/fisheyectl.sh
Add the following line at the top of the file just before the “case ...” line (around line 3)
FISHEYE_INST={home_dir}
Search for the following line (near the end of the file)
FISHEYE_CMD="$JAVACMD $FISHEYE_OPTS -Dfisheye.library.path=$FISHEYE_LIBRARY_PATH -
Dfisheye.inst=$FISHEYE_INST -Djava.awt.headless=true
-Djava.endorsed.dirs=$FISHEYE_HOME/lib/endorsed -jar $FISHEYE_HOME/fisheyeboot.jar"
Then copy the file config.xml from the installation folder to the root of the home directory:
cp {install_dir}/config.xml {home_dir}
{home_dir}/config.xml
reboot
For Daimler environments the license is already bound - Just enter it in the “License Key”-field.
Enter {adminpw} in both text fields and confirm this setup step by clicking on the Next button.
1.10.9.6 Web based configuration
To enter the administration area of Crucible you have to click on the Administration link at the
bottom of the Crucible web page.
Page 119 of 259
Babu R (623)
GSEP Installation Guide System Operations
1.10.9.6.1 Database configuration
After entering the administrator area click on Database Edit.
Then change the database type to PostgreSQL and enter the URL to the database and the login data.
If the connection to the PostgreSQL database was successful you can save your configuration by
clicking on the Save & Migrate button. The database migration will take about 1 min. and will confirm
it with the following message.
Fill in the following form and confirm your inputs by clicking the next button.
Page 122 of 259
Babu R (623)
GSEP Installation Guide System Operations
In step 2 of the authentication, you have to select the Crucible user groups available on Crowd and
pass them to the right list field. Confirm it by clicking the Save button.
After that click on the Administrators link in the left hand menu and teach Crucible the administrator
group.
A backup can only be restored into the same version of crucible or later.
Log in as root to the Crucible target server, navigate to the Crucible installation directory
{install_dir}/bin and use the restore command like this:
For more detailed information see the backup link in chapter 1.10.9.10.
1.10.9.9 Log files
The log files are located in {home_dir}/var/log.
If there are issues with the service script the boot log for SuSE SLES is located in /var/log/boot.msg.
1.10.9.10 Reference Links
Crucible Documentation Home
https://confluence.atlassian.com/display/CRUCIBLE/Crucible+Documentation+Home
Crucible Installation Guide
https://confluence.atlassian.com/display/CRUCIBLE/Installing+Crucible+on+Linux+and+Mac
Page 127 of 259
Babu R (623)
GSEP Installation Guide System Operations
Connecting Crucible to Crowd
https://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Atlassian+Crucib
le
Crucible FAQ
https://confluence.atlassian.com/display/CRUCIBLE/Crucible+FAQ
Crucible Knowledge Base: Troubleshooting Installation
https://confluence.atlassian.com/display/FISHKB/Troubleshooting+Installation
Atlassian Answers Crucible topic
https://answers.atlassian.com/questions/topics/753725/crucible
Crucible backup
https://confluence.atlassian.com/display/CRUCIBLE/Backing+up+and+restoring+Crucible+dat
a
cp /opt/atlassian/packages/ojdbc6.jar
{install_dir}/atlassian-bamboo/WEB-INF/lib
{install_dir}/atlassian-bamboo/WEB-INF/classes/bamboo-init.properties
{install_dir}/conf/server.xml
<Service name="Catalina">
<Connector port="8085"...
Then you have to change Bamboo’s context path because it runs behind a proxy. So look for the
following entry
Page 128 of 259
Babu R (623)
GSEP Installation Guide System Operations
<Engine name="Catalina" …>
and insert the context path to the attribute path like this:
{install_dir}/bin/setenv.sh
change:
JVM_SUPPORT_RECOMMENDED_ARGS=""
to
JVM_SUPPORT_RECOMMENDED_ARGS="-Dhttp.proxyHost=security-proxy.emea.svc.corpintra.net
-Dhttp.proxyPort=3128 -Dhttps.proxyHost=security-proxy.emea.svc.corpintra.net -
Dhttps.proxyPort=3128 -Dhttp.nonProxyHosts=localhost\|127.0.0.1 -
Dcrowd.property.http.proxy.host=security-proxy.emea.svc.corpintra.net -
Dcrowd.property.http.proxy.port=3128"
JVM_MINIMUM_MEMORY="256m"
JVM_MAXIMUM_MEMORY="384m"
to
JVM_MINIMUM_MEMORY="{minmem}"
JVM_MAXIMUM_MEMORY="{maxmem}"
and
BAMBOO_MAX_PERM_SIZE=512m
to
BAMBOO_MAX_PERM_SIZE="{maxperm}"
reboot
For Daimler environments the license is already bound - Just enter it in the “License Key”-field.
Click on the Mail server link in the left-hand menu. Enter the mail server details as shown below in
the screenshot.
{install_dir}/atlassian-bamboo/WEB-INF/classes/seraph-config.xml
{home_dir}/xml-data/configuration/crowd.properties
application.name bamboo
application.password bamboo
application.login.url {url}
crowd.base.url {crowd:url}
crowd.server.url {crowd:url}/services/
session.isauthenticated session.isauthenticated
session.tokenkey session.tokenkey
session.validationinterval 2
Page 135 of 259
Babu R (623)
GSEP Installation Guide System Operations
session.lastvalidation session.lastvalidation
bamboo.crowd.cache.minutes 60
{install_dir}/bin/setenv.sh
Once you have finished the backup, remember to undo the changes.
1.10.10.9.2Export data
Make sure that no plans are currently or about to being built, because the data export may take a
long time and does not start if a build is running. Also make sure that you have enough free disk
space in your desired backup location.
Log in to Bamboo web server as {admin} and enter the administration area (Overview).
Click Export Pause server to make sure no plan is running during export procedure.
mkdir /desired/backup/location
Adjust the name of the export archive and click on the Export button. The export procedure may take
a while…
Finally you have to undo the activation of path editing to minimize the risk of Bamboo being
compromised by security-related attacks.
Then log in to Bamboo web server as {admin} and enter the administration area (Overview).
Click on the Import link in the left hand menu. Enter the full file path of your earlier exported backup
file and it is recommended to back up your current Bamboo instance. So make sure the checkbox
Backup data? is checked and the destination folder and the backup file name are set. Then click on
the Import button.
After the import has successfully finished you should prohibit the editing of the Bamboo path settings
again and reboot the system.
1.10.10.10Log files
The log files are located in {home_dir}/logs and in {install_dir}/logs.
If there are issues with the service script the boot log for SuSE SLES is located in /var/log/boot.msg.
1.10.10.11Reference Links
Bamboo Documentation Home
https://confluence.atlassian.com/display/BAMBOO/Bamboo+documentation+home
Bamboo Installation Guide
https://confluence.atlassian.com/display/BAMBOO/Bamboo+installation+guide
Connecting Bamboo to Crowd
https://confluence.atlassian.com/display/BAMBOO/Integrating+Bamboo+with+Crowd
Bamboo FAQ
https://confluence.atlassian.com/display/BAMBOO/Bamboo+FAQ
Bamboo Knowledge Base: Troubleshooting Installation
https://confluence.atlassian.com/display/BAMKB/Troubleshooting+Installation
Atlassian Answers Bamboo topic
https://answers.atlassian.com/questions/topics/753705/bamboo
Bamboo backup
https://confluence.atlassian.com/display/BAMBOO/Exporting+data+for+backup
Copy the downloaded package to destination server and Unzip package under “/opt/packages”
directory
root@sedcagse0200:/opt/packages: unzip sonarqube-7.9.1.zip
$ vim /opt/sonarqube/conf/sonar.properties
In line 82 add below:
# WEB SERVER
sonar.ce.javaOpts=-Xmx{minmem} –Xms8g
sonar.search.javaOpts=-Xmx3g –Xms3g
sonar.web.javaOpts=-Xmx3g –Xms3g
# Web context. When set, it must start wlaith forward slash (for example /sonarqube).
sonar.web.context=/sonar
sonar.web.port=8080
sonar.host.url=https://localhost:8080/sonar
# If the external system is not reachable or if the user is not defined in the external system, the authentication will be
performed through the SonarQube internal system.
sonar.security.realm=Crowd
crowd.url=http://53.31.XX.XXX:8080/crowd/
crowd.application=sonarqube
crowd.password=XXXXXXXXXXXXXXX
root@sedcagse0190:/opt/atlassian : mv apache-tomcat-8.0.32
root@sedcagse0190:/opt/atlassian/packages/Jenkins/package : cp jenkins.war
/opt/atlassian/jenkins/webapps
root@ sedcagse0190:/opt/atlassian/packages/Jenkins/plugin : ls
ace-editor.hpi durable-task.hpi groovy-postbuild.hpi mailer.hpi ssh-
credentials.hpi workflow-basic-steps.hpi workflow-job.hpi
credentials.hpi git-client.hpi icon-shim.hpi matrix-project .hpi timestamper.hpi
workflow-cps-global-lib.hpi workflow-scm-step.hpi
crowd2.hpi git.hpi jquery-detached.hpi scm-api.hpi workflow-aggregator.hpi
workflow-cps.hpi workflow-step-api.hpi
crowd.hpi git-server.hpi junit.hpi script-security.hpi workflow-api.hpi
workflow-durable-task-step.hpi workflow-support.hpi
root@sedcagse0190:/opt/atlassian/packages/Jenkins/plugin : cp -r *
/opt/atlassian/jenkins_home/
Once the validation is done use the below command to upgrade the Jenkins.
ansible-playbook jenkins-application-upgrade.yml
cd /opt/atlassian/packages
yast --install perl-Error-0.17022-35.4.noarch.rpm
yast --install git-core-2.12.3-209.1.x86_64.rpm
yast --install git-2.12.3-209.1.x86_64.rpm
$ chmod +x postgresql-9.6.15-1-linux-x64.run
root@sedcagse0230:/opt/atlassian/packages/gerrit-2.13.7-installation : ./postgresql-9.6.15-1-
linux-x64.run ----------------------------------------------------------------------------
Welcome to the PostgreSQL Setup Wizard.
----------------------------------------------------------------------------
Please specify the directory where PostgreSQL will be installed.
----------------------------------------------------------------------------
Please select a directory under which to store your data.
----------------------------------------------------------------------------
Please provide a password for the database superuser (postgres). A locked Unix
user account (postgres) will be created if not present.
Password :
Retype password :
----------------------------------------------------------------------------
Please select the port number the server should listen on.
Port [5432]:
----------------------------------------------------------------------------
Advanced Options
Locale
----------------------------------------------------------------------------
Setup is now ready to begin installing PostgreSQL on your computer.
----------------------------------------------------------------------------
Please wait while Setup installs PostgreSQL on your computer.
Installing
0% ______________ 50% ______________ 100%
#########################################
----------------------------------------------------------------------------
Setup has finished installing PostgreSQL on your computer.
$ su - postgres
$ psql
postgres=#
postgres=# \list
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+----------+----------+-------------+-------------+-----------------------
postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
reviewdb | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres +
| | | | | postgres=CTc/postgres
test_db | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
(5 rows)
Create a user for the web application within PostgreSQL, assign it a password, create a database to
store the metadata, and grant the user full rights on the newly created database:
Create DB:
Run as [root]:
Java runtime [/usr/java/jdk1.8.0_121/jre]:
Copy gerrit-{appversion}.war to {install_dir}/bin/gerrit.war [Y/n]? y
Copying gerrit-{appversion}.war to {install_dir}/bin/gerrit.war
Gerrit Code Review is not shipped with Bouncy Castle Crypto SSL v152
If available, Gerrit can take advantage of features
in the library, but will also function without it.
Download and install it now [Y/n]? y
Downloading https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/1.52/bcpkix-
jdk15on-1.52.jar ... Failed to clean up lib: {install_dir}/lib/bcpkix-jdk15on-1.52.jar
!! FAIL !!
error: repo1.maven.org
Please download:
https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/1.52/bcpkix-jdk15on-
1.52.jar
{install_dir}/lib/bcpkix-jdk15on-1.52.jar
*** Plugins
***
Installing plugins.
Install plugin commit-message-length-validator version v2.13.7 [y/N]? y
Installed commit-message-length-validator v2.13.7
Install plugin download-commands version v2.13.7 [y/N]? y
Installed download-commands v2.13.7
Install plugin hooks version v2.13.7 [y/N]? y
Installed hooks v2.13.7
Install plugin replication version v2.13.7 [y/N]? y
Installed replication v2.13.7
Install plugin reviewnotes version v2.13.7 [y/N]? y
Installed reviewnotes v2.13.7
Install plugin singleusergroup version v2.13.7 [y/N]? y
Installed singleusergroup v2.13.7
Initializing plugins.
No plugins found with init steps.
Initialized {install_dir}
You have mail in /var/mail/root
root@sedcagse0170:/opt/atlassian/packages/gerrit-2.13.7-installation :
$vi {install_dir}/etc/gerrit.config
[gerrit]
basePath = git
serverId = 2bb47a3b-a708-4f38-97e5-f46793fe7359
# canonicalWebUrl = http://sedcagse0170.emea.bg.corpintra.net:8086/
canonicalWebUrl = https://gsep.app.corpintra.net/gerrit
[database]
type = postgresql
hostname = localhost
database = reviewdb
username = postgres
[auth]
type = OPENID
[receive]
enableSignedPush = false
[sendemail]
[commentlink "changeid"]
match = (I[0-9a-f]{8,40})
link = "#q,$1,n,z"
[commentlink "jira"]
match = ([A-Z]+-[0-9]+)
link = https://gsep.daimler.com/jira/browse/$1
association = SUGGESTED
$su – Gerrit_prod_osuser
$ssh-keygen -R hostname -f ~/.ssh/known_hosts
vi ~/.ssh/config
Add below lines and save the file
Host sedcagse0030.emea.bg.corpintra.net
IdentityFile .ssh/id_rsa
After the system is restarted (~3min) the web based setup application wizard is available at {url}.
Open a Webbrowser and go to {url}.
root@sedcagse0210:/etc/apache2 : vi listen.conf
Line 19
Change from
Listen 80
Restart Apache:
root@sedcagse0210:/opt/atlassian/packages : cd pcre-8.38
root@sedcagse0210:/opt/atlassian/packages/pcre-8.38 : ./configure
checking for a BSD-compatible install... /usr/bin/install –c
root@sedcagse0210:/opt/atlassian/packages/pcre-8.38 : make
root@sedcagse0210:/etc/php5/apache2 : vi php.ini
[PHP]
extension=mysql.so
extension=curl.so
extension=php_soap.dll
zend_extension=/opt/atlassian/packages/ioncube /ioncube_loader_lin_5.3.so
Create directories,
mysql.default_socket
And make it
mysql.default_socket = /path/to/mysql.sock
For Daimler environments the license is already bound - Just enter it in the “License Key”-field.
CTF-Disconnected-media-20.0.321-620.rhel7.x86_64.rpm
compat-ctf-dc-media-1.2-1.el7.noarch.rpm
python-modules-sources-el7.zip
monit-5.25.1-1.el6.x86_64.rpm
1.10.15.3 configuration
Verify your yum configuration:
yum list httpd
yum list apr
Install TeamForge
yum install teamforge
Install Monit
yum install monit-5.25.1-1.el6.x86_64.rpm
Setup the site-options file and provision
root@sedcagse1310:/opt/collabnet/teamforge/etc: vi site-options.conf
localhost:PUBLIC_FQDN = gsep.daimler.com
ETL_JAVA_OPTS=-javaagent:/opt/appdynamics/AppServerAgent-20.4.0.29862/javaagent.jar -
Xms256m -Xmx512m -server -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/tmp -
verbose:gc -Dsun.rmi.dgc.client.gcInterval=600000 -Dsun.rmi.dgc.server.gcInterval=600000
LDAP_SERVER_URL=ldap://sedcagse1310.emea.bg.corpintra.net:10389
#BDCS_SDK_SEARCH_LIMIT_MAX=200
#GERRIT_FORCE_HISTORY_PROTECTION=true
teamforge provision -y
teamforge provision -y
1.10.15.4 Restart
Start/Stop the svn using below command,
teamforge start/stop
1.10.16.1 Prerequisite
You have completed the common system setup for the Artifactory target server (see chapter
1.7).
You have completed the crowd setup (see chapter 1.8).
You are logged in as root on the Artifactory target server.
{install_dir}/tomcat/conf/server.xml
Replace line 4 with:
<Connector port="8080"
protocol="HTTP/1.1"
relaxedPathChars='[]'
relaxedQueryChars='[]'
scheme="https"
sendReasonPhrase="true"
maxThreads="150"
minSpareThreads="25"
connectionTimeout="20000"
proxyName="gsep.daimler.com"
proxyport="443"
secure="true"
useBodyEncodingForURI="true"
enableLookups="false"
acceptCount="100"
disableUploadTimeout="true"
maxHttpHeaderSize="8192"
redirectPort="8443"
compression="on"
compressableMimeType="text/html,text/xml,text/plain,text/css,application/
json,application/javascript,application/x-javascript"/>
-Note: proxyName will be different based on the instance. Above is for Artifactory EDC.
Create a new file “setenv.sh” in [TOMCAT_HOME]/bin/ folder and change the os user
permission which is there for Artifactory. Open the setenv.sh.
$vi {install_dir}/tomcat/bin/setenv.sh
JAVA_OPTS="-javaagent:/opt/appdynamics/appagent/javaagent.jar $JAVA_OPTS -
Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Dhttp.proxyHost=security-
proxy.emea.svc.corpintra.net -Dhttp.proxyPort=3128 -Dhttps.proxyHost=security-
proxy.emea.svc.corpintra.net -Dhttps.proxyPort=3128 -Dhttp.nonProxyHosts=localhost\|
127.0.0.1\|gsep.daimler.com"
Create two folders filestore & temp under [Shared NFS Path] and change the os user
permission which is there for Artifactory.
1.10.16.3 Restart system
reboot
For Daimler environments the license is already bound - Just enter it in the “License Key”-field.
Go to [ARTIFACTORY_HOME]/etc/
Open “db.properties” file and change the db details if external DB is available. Comment all
the lines in that file and add the below parameters.
type=oracle
driver=oracle.jdbc.OracleDriver
url=jdbc:oracle:thin:@//<db host name>:<db port>/<db name>
username=<db username>
password=<db password>
1.10.16.10 Restart
/etc/init.d/artifactory start # to start the application
/etc/init.d/artifactory stop # to stop the application
/etc/init.d/artifactory restart # to restart the application
/etc/init.d/artifactory status # to retrieve the current status of the
application
root@sedcagse0980: cd /etc/ansible/
root@sedcagse0980:/etc/ansible: ansible-playbook artifactory-app-
upgrade.yml
1.10.17.1 Prerequisite
You have completed the common system setup for the Artifactory target server (see chapter
1.7).
You have completed the crowd setup (see chapter 1.8).
You are logged in as root on the Artifactory target server.
Migration is a manual process for a Linux archive installation. The below steps also include copying
directories over and running the migration script.
Note : Make sure to run all commands on the server with the user that's running Artifactory.
cd /etc/init.d/
./artifactory stop
Download the package. Copy to Artifactory machine and Extract the contents of the
compressed archive and move it into artifactory directory.
# Artifactory data
mkdir -p $JFROG_HOME/artifactory/var/data/artifactory/
cp -rp $ARTIFACTORY_HOME/data/. $JFROG_HOME/artifactory/var/data/artifactory/
# Access data
mkdir -p $JFROG_HOME/artifactory/var/data/access/
cp -rp $ARTIFACTORY_HOME/access/data/. $JFROG_HOME/artifactory/var/data/access/
# Replicator data
# Note: If you've have never used the Artifactory Replicator
# your $ARTIFACTORY_HOME/replicator/ directory will be empty
mkdir -p $JFROG_HOME/artifactory/var/data/replicator/
cp -rp $ARTIFACTORY_HOME/replicator/data/.
$JFROG_HOME/artifactory/var/data/replicator/
# Artifactory config
mkdir -p $JFROG_HOME/artifactory/var/etc/artifactory/
cp -rp $ARTIFACTORY_HOME/etc/. $JFROG_HOME/artifactory/var/etc/artifactory/
# Access config
mkdir -p $JFROG_HOME/artifactory/var/etc/access/
cp -rp $ARTIFACTORY_HOME/access/etc/. $JFROG_HOME/artifactory/var/etc/access/
# Replicator config
# Note: If you have never used the Artifactory Replicator
# your $ARTIFACTORY_HOME/replicator/ directory will be empty
mkdir -p $JFROG_HOME/artifactory/var/etc/replicator/
cp -rp $ARTIFACTORY_HOME/replicator/etc/.
$JFROG_HOME/artifactory/var/etc/replicator/
# master.key
mkdir -p $JFROG_HOME/artifactory/var/etc/security/
cp -p $ARTIFACTORY_HOME/etc/security/master.key
$JFROG_HOME/artifactory/var/etc/security/master.key
# server.xml
mkdir -p $JFROG_HOME/artifactory/var/work/
cp -p $ARTIFACTORY_HOME/tomcat/conf/server.xml
$JFROG_HOME/artifactory/var/work/server.xml
# artifactory.defaults
# Remove logback.xml with old links. Please consider migrating manually anything that is
customized here
rm -f $JFROG_HOME/artifactory/var/etc/artifactory/logback.xml
rm -f $JFROG_HOME/artifactory/var/etc/access/logback.xml
Optional Steps
Note: The migration script only migrates configuration values. Any comments added to the
configuration files in the Artifactory 6.x installation will not be migrated.
cd $JFROG_HOME/artifactory/app/bin
./migrate.sh
Check that the migration has completed successfully, by reviewing the following files:
a. migration log: $JFROG_HOME/artifactory/var/log/migration.log
b. system.yaml configuration: $JFROG_HOME/artifactory/var/etc/system.yaml
This newly created file will contain your current custom configurations in the new format.
If Artifactory was installed as a service in previous version, install this version also as a
service.
Note: When an earlier version is installed as a service, it is important to update the new one
also as a service. Otherwise a restart of the server may lead to older version of Artifactory
coming up.
-Note: proxyName will be different based on the instance. Above is for Artifactory EDC.
cp -rp /usr/lib64/libaio.so
$JFROG_HOME/artifactory/var/bootstrap/artifactory/tomcat/lib
2. Download the Oracle Instant Client lib.
3. Extract the Oracle Instant Client and copy the ojdbc.jar to
the $JFROG_HOME/artifactory/var/bootstrap/artifactory/tomcat/lib directory
Permissions
Make sure your driver has the same permissions as the rest of the files in the
$JFROG_HOME/artifactory/var directory
shared:
env:
LD_LIBRARY_PATH: <path Oracle Instant Client directory, for ex: /usr/lib64>
Example:
LD_LIBRARY_PATH: /opt/instantclient_12_2
/etc/init.d/artifactory start
Check Artifactory Log.
tail -f $JFROG_HOME/artifactory/var/log/console.log
<config version="v1">
<chain template="file-system"/>
<baseDataDir>[ARTIFACTORY_HOME]/data</baseDataDir>
</provider>
</config>
Create two folders filestore & temp under [Shared NFS Path] and change the os user
permission which is there for Artifactory.
1.10.17.3 Restart system
reboot
For Daimler environments the license is already bound - Just enter it in the “License Key”-field.
1.10.18.1 Prerequisite
You have completed the common system setup for the Artifactory target server (see chapter
1.7).
You have completed the crowd setup (see chapter 1.8).
You are logged in as root on the Artifactory target server.
1.10.18.2 Config file adjustments
Docker Installation
Docker Requirements
For Docker and Docker Compose installations, JFrog services require Docker v18 and Docker
Compose v1.24 and up to be installed on the machine on which you want to run on.
Docker Offline Install
Method #1 - Using Artifactory with Anonymous permissions for Remote repository.
Use this method for environments that does not have internet access, but can access an Artifactory
instance.Either have a remote Docker repository pointing to 'https://docker.bintray.io' or have the
files manually deployed to another Docker repository.
In order for the 'docker-compose.yaml' script to use Artifactory instead of the default Bintray Docker
repository, add the following setting to the .env configuration file:
$ vim /opt/jfrog-xray-3.2.0-compose-installer/.env (to edit the file)
Now you can run the script which will resolve the docker images from the configured above
repository.
*You may ask the user to grant with such permissions only a dedicated Docker repository for this
procedure.
Method #2 - Pull all the required docker images from a server that have internet access using below
commands and save the images as tar file:
1) docker pull docker.bintray.io/jfrog/xray-analysis:3.2.0
docker save docker.bintray.io/jfrog/xray-analysis:3.2.0> xray-analysis3.2.0.tar
2) docker pull docker.bintray.io/jfrog/xray-persist:3.2.0
docker save docker.bintray.io/jfrog/xray-persist:3.2.0> xray-persist3.2.0.tar
3) docker pull docker.bintray.io/jfrog/xray-indexer:3.2.0
docker save docker.bintray.io/jfrog/xray-indexer:3.2.0> xray-indexer3.2.0.tar
4) docker pull docker.bintray.io/jfrog/xray-server:3.2.0
Now using winscp send the tar files to the Xray server that has no internet access:
Then run the below commands to load the docker images from tar:
Now after changing the tar files into images, download the docker installation script from
here: https://gsep.daimler.com/stash/projects/GSEPDM/repos/jfrog-xray-installation-conf-file/
browse/Jfrog_Xray
The installation process will prompt you for a "root folder". You may keep the default (current)
location or specify another location on your machine. Choose this location carefully since you may
not change it later, and this is where JFrog Xray saves its data, configuration files and logs. The Xray
installer will only prompt you for this location for initial installation. It is stored for later use when
upgrading.
To install Xray, run the following command:
Docker Compose Installation
1. Download the package . Extract the contents of the compressed archive and go to
the extracted folder.
2. Run the config.sh script to setup folders with required ownership. Note: the script
will prompt you with a series of mandatory inputs, including if this is part of a cluster,
and configure the needed system.yaml.
./config.sh
3. Start and manage Xray using docker-compose commands. Note: Run this command
only from the extracted folder. Run the following command:
cd jfrog-xray-<version>-compose
docker-compose -p xray up -d
docker-compose -p xray ps
docker-compose -p xray down
After the system is restarted (~3min) the web based setup application wizard is available at {url}.
Open a web browser and go to {url}.
For Daimler environments the license is already bound - Just enter it in the “License Key”-field.
Indexing Resources
Basic Settings: allows enabling Xray, configuring the behaviour when it is unavailable and for blocked
artifacts.
System Parameters: provides system settings.
Queue Workers: provides several parameters for tweaking Xray performance by changing the
number of workers performing the different tasks.
1.10.19.1 Prerequisite
You have completed the common system setup for the Zephyr target server (see chapter
1.7).
You have completed the crowd setup (see chapter 1.8).
You are logged in as root on the Zephyr target server
1.10.19.2 Console Installation
1. Download Zephyr package(zephyr_5_0_15001_linux_setup.sh) from
http://download.yourzephyr.com/linux/download.php
root@sedcagse0380:/opt/atlassian/packages : ./zephyr_5_1_15434_linux_setup.sh
Starting Installer ...
Page 195 of 259
Babu R (623)
GSEP Installation Guide System Operations
This will install Zephyr 5.1 on your computer.
OK [o, Enter], Cancel [c]
Welcome
Choose type:
Install [1, Enter], Upgrade [2]
1
Requirements
Requirements
Server
OS: RedHat Enterprise
CentOS
Ubuntu/Debian
SUSE/openSUSE
[Enter]
Client
OS: Any
Browser: Chrome, Mozilla Firefox, Microsoft Internet Explorer 11
Other: Screen resolution of 1280x1024 (1280x800 for widescreen) or
higher
Turn off pop-up blockers and Flash blockers.
License Agreement
I accept the terms of this license agreement [1], I do not accept the terms of this license agreement [2, Enter]
1
Select Destination Location
Setup will install Zephyr into the following folder.
To continue click Next. If you would like to select a different folder, click Browse
[{install_dir}]
Customization
Server Port :
[80]
8080
Tomcat Server Shutdown Port:
[8005]
Note: If you had just uninstalled. Please wait few miniutes for the port to get free and try again.
Configure Database
Database Type:
MySQL [1, Enter]
Oracle [2]
Microsoft SQL Server [3]
2
Database Character Set: utf8
Password:
[]
<ITCC user DB password>
<Context
docBase="flex/"
path="/zephyr"
Debug="0"
reloadable="false"/>
vi {install_dir}/tomcat/bin/ catalina.sh
1.10.19.10Restart
/etc/init.d/ZephyrService.sh start # to start the application
/etc/init.d/ZephyrService.sh stop # to stop the application
You should quit all programs before continuing with this installation.
Respond to each prompt to proceed to the next step in the installation. If you
Want to change something on a previous step, type 'back'.
Type 'quit' to halt this installation at any time.
PRESS <ENTER> TO CONTINUE:
Press enter to continue setup
Step 2: Select full server installation: choose option 1 and press enter to proceed next step
=================
Choose search index directory-----------------------------
Where would you like the search index to be stored?
It must contain "solr" as the last element (see default).
If not, the installation creates the folder ending in "solr".
Please specify a folder:
(Default: /var/lib/bds-protexip/solr):
===============
Tomcat Definitions : Please select as mentioned below
------------------
Run as 'root'? (Y/N): Y
Use HTTPS Connection? (Y/N): N
Port (Default: 80): 8080
Shutdown Port (Default: 8005):8005
===============
Choose Link Location
--------------------
Where would you like to create links?
Choose default location for links, select option 1 and proceed for next step
===============================================================================
Installing...
-------------
[==================|==================|==================|==================]
[------------------|------------------|-------
-----------|------------------]
===============================================================================
Installation Complete
---------------------
Congratulations. Black Duck Protex Server has been successfully installed to:
/opt/blackduck/protexIP
Step 8: Create soft link in blackduck home directory for source code storage
We do not have disc space under “/” hence we are creating soft link under /home/blackduck directory so that
source code will be visible for users in UI .
Create a new directory “/opt/source_code/FOSS_Source_Code_Scan”and create a soft link like below.
$ cd /opt
$ mkdir source_code
Page 202 of 259
Babu R (623)
GSEP Installation Guide System Operations
$ mkdir FOSS_Source_Code_Scan
$ ln -s /opt/source_code/FOSS_Source_Code_Scan /home/blackduck/FOSS_Source_Code_Scan
$ vim /opt/blackduck/protexIP/tomcat/conf/server.xml
$ vim server.xml
Around line 61 add gsep proxy name and save the file .
port="8080" proxyName="gsep-protex.app.corpintra.net"
proxyPort="443" scheme="https" secure="true"
$ vim /etc/apache2/conf.d/gsep_proxy.conf
<VirtualHost *:80>
# Landing page
<LocationMatch "^.*">
Require all granted
# disable http 1.0 protocol - Uh Oh This seems to kill the Loadbalancer... so we'll disable that
for now
#RewriteEngine On
#RewriteCond %{THE_REQUEST} !HTTP/1.1$
#RewriteRule .* - [F]
# disable ETAG
FileETag None
# Limit request bodies to 500kb (this may create upload problems! then we have to adjust)
LimitRequestBody 512000
# Secure Cookies (this kills crowd sso login - what a pitty :-( )
#Header edit Set-Cookie ^((?!HttpOnly).)*$ $1;HttpOnly
#Header edit Set-Cookie ^((?!Secure).)*$ $1;Secure
# Cross Site Scripting protection (this may block REST API calls! then we have to adjust)
Header merge X-XSS-Protection "1; mode=block"
# Clickjacking protection
Header merge X-Frame-Options SAMEORIGIN
# Prevent mime-sniffing
# Header merge X-Content-Type-Options "nosniff"
# Change tomcat server name: this works only for proxied responses
Header set Server "Apache"
</LocationMatch>
# Proxying
# --------
#---
ServerName gsep-protex.app.corpintra.net
ProxyRequests Off
ProxyVia Off
ProxyPreserveHost On
<Proxy *>
AllowEncodedSlashes On
ProxyPass / http://53.31.30.34:8080/
ProxyPassReverse / http://53.31.30.34:8080/
ErrorLog logs/error.log
</VirtualHost>
$ apachectl -k restart
https://gsep-protex.app.corpintra.net/p/admin#registration
Add Registration ID and HTTP/HTTPS proxy details, then click on save proxy settings.
1.10.21.1 Prerequisites
You have completed the common system setup for the GSEP Utilities target server (see
chapter 1.7).
Latest Version of Tomcat Application server could be available at the project site:
http://tomcat.apache.org/
To download the package directly from the Linux command line, you'll use a command that looks
something like this:
$ wget
http://apache.YourFavoriteMirror.com/tomcat/tomcat-[#]/v[#]/apache-
tomcat-[#].tar.gz
1.10.22.1 Prerequisites
You have completed the common system setup for the HelpDesk target server (see chapter
1.7).
1.10.22.2 Download and move the installation File
Take the application WAR files from the GSEP Bitbucket location:
https://gsep.daimler.com/stash/projects/GSEPDM/repos/gsep_projectautomation/browse
(projectAutomation-0.0.1-SNAPSHOT.jar)
Latest Version of Tomcat Application server could be available at the project site:
http://tomcat.apache.org/
To download the package directly from the Linux command line, you'll use a command that looks
something like this:
$ wget
http://apache.YourFavoriteMirror.com/tomcat/tomcat-[#]/v[#]/apache-
tomcat-[#].tar.gz
Tomcat runs on port 8080 by default. To check if your server is up and running correctly,
use:
$ ps -ef | grep java | grep 8080
If this command returns the Catalina process, Tomcat is up and running. You should now be able to
verify the same at https://gsep.app.corpintra.net/projectAutomation/service
1.10.22.7 Start & Stop procedures
Jira can be started by the init-script (as noted in chapter ):
To download the package directly from the Linux command line, you'll use a command that looks
something like this:
$ wget
http://apache.YourFavoriteMirror.com/tomcat/tomcat-[#]/v[#]/apache-
tomcat-[#].tar.gz
Tomcat runs on port 8080 by default. To check if your server is up and running correctly,
use:
$ ps -ef | grep java | grep 8080
If this command returns the Catalina process, Tomcat is up and running. You should now be able to
access the application at https://gsep.app.corpintra.net/helpdesk
1.10.24.1 Prerequisites
You have completed the common system setup for the GSEP Utilities target server (see
chapter 1.7).
To download the package directly from the Linux command line, you'll use a command that looks
something like this:
$ wget
http://apache.YourFavoriteMirror.com/tomcat/tomcat-[#]/v[#]/apache-
tomcat-[#].tar.gz
1.10.24.7 Finish
Now you’re done with the basic Helpdesk setup. You should now be able to verify the same at
https://gsep.app.corpintra.net/utilities
1.10.25.1 Prerequisites
You have completed the common system setup for the crowd target server (see chapter 1.7).
You are logged in as root on the cloudbees Jenkins operations center target server.
Copy packages from internet and keep it in /opt directory Apache-tomcat package & cjoc war
cloudbees-core-oc.war
root@sedcagse0980:/opt/CJOC : cp /opt/apache-tomcat-8.5.41.tar.gz .
root@sedcagse0960:/opt/cjoc/apache-tomcat-8.5.41/bin : vi catalina.sh
Line 115, add following content
CATALINA_OPTS="$CATALINA_OPTS -Dhudson.TcpSlaveAgentListener.hostName=sedcagse0920 -
Dhttp.proxyHost=security-proxy.emea.svc.corpintra.net -Dhttp.proxyPort=3128 -
Dhttps.proxyHost=security-proxy.emea.svc.corpintra.net -Dhttps.proxyPort=3128 -
#!/bin/sh
APP=jenkins
USER=jenkins_int_osuser
APPBASE=/opt/cjoc/$APP
APPHOME=$APPBASE-home
STARTUPSCRIPT=$APPBASE/bin/startup.sh
SHUTDOWNSCRIPT=$APPBASE/bin/shutdown.sh
# test installation
test -x $STARTUPSCRIPT || { echo "$STARTUPSCRIPT was not found.";
if [ "$1" = "stop" ]; then exit 0;
else exit 5; fi; }
esac
exit 0
backend backend_920_8080
1.10.26.1 Prerequisites
You have completed the common system setup for the stash target server (see chapter 1.7).
The server has SSH client available
IP whitelisting done for 7999 port in the primary Bitbucket node
1.10.26.2 Config file adjustments
Edit the following files on your Bitbucket-mirror target server.
${install_dir}/bin/set-bitbucket-home.sh
${install_dir}/bin/_start-webapp.sh
In line 22 change:
JVM_SUPPORT_RECOMMENDED_ARGS=""
to
JVM_SUPPORT_RECOMMENDED_ARGS="-javaagent:/opt/appdynamics/AppServerAgent-
Bitbucket-Sunnyvale/javaagent.jar -Datlassian.org.osgi.framework.bootdelegation=META-
INF.services,com.yourkit,com.singularity.*,com.jprofiler,com.jprofiler.*,org.apache.xerces,org.apa
che.xerces.*,org.apache.xalan,org.apache.xalan.*,sun.*,com.sun.jndi,com.icl.saxon,com.icl.saxon.
*,javax.servlet,javax.servlet.*,com.sun.xml.bind.* -Dhttp.proxyHost=security-
proxy.emea.svc.corpintra.net -Dhttp.proxyPort=3128 -Dhttps.proxyHost=security-
proxy.emea.svc.corpintra.net -Dhttps.proxyPort=3128 -Dhttp.nonProxyHosts=localhost\|
127.0.0.1\|53.255.82.226\|53.31.30.160\|53.255.101.10\|53.255.101.11\|53.255.82.24\|
53.255.99.10\|141.113.99.31 -Dcrowd.property.http.proxy.host=security-
proxy.emea.svc.corpintra.net -Dcrowd.property.http.proxy.port=3128"
${home_dir}/bitbucket.properties
server.port=8080
server.scheme=https
server.proxy-name={proxyname}
server.proxy-port=443
{sitename}
{url}
Within the primary Bitbucket Data Center instance, go to Admin > Mirrors, and you will see the
name of the mirror and that approval is required
Click Approve to approve the mirror request and start syncing the projects and repositories of the
primary Bitbucket Data Center instance
1.10.26.8 Decide which projects to mirror
Once a mirror instance is approved you need to decide which projects to mirror. Go to Admin >
Mirrors and type in the name of a project in the search box. Do this for each projects you want to
mirror.
1.10.26.10 Backup
Backup of Application Filesystem is integrated in EDC standard process (refer 3.8).
If there are issues with the service script the boot log for SuSE SLES is located in /var/log/boot.msg.
1.10.26.12Reference Links
Bitbucket Documentation Home
https://confluence.atlassian.com/bitbucketserver/administering-bitbucket-server-
776640044.html
Smart Mirroring
https://confluence.atlassian.com/bitbucketserver/smart-mirroring-776640046.html
Bitbucket Mirror Installation Guide
https://confluence.atlassian.com/bitbucketserver/set-up-a-mirror-790632894.html
Troubleshooting Smart Mirroring
https://confluence.atlassian.com/bitbucketserverkb/troubleshooting-smart-mirroring-
838407670.html
Backup and Recovery for BitBucket Mirror
Page 218 of 259
Babu R (623)
GSEP Installation Guide System Operations
https://gsep.daimler.com/confluence/display/GSEPDMINTE/
Backup+and+Recovery+of+Sunnyvale+Mirror
Stash Knowledge Base: Troubleshooting Installation Problems
https://confluence.atlassian.com/display/STASHKB/Troubleshooting+Installation
Openjdk 11 is required.
Docker and Docker Compose is installed in system.
All the required ports are open.
Place the zip folder jfrog-mc-4.2.0-compose.tar.gz” under /opt and unzip it.
./config.sh (give the mount folder; for eg /opt)
docker-compose -p mc up –d (for making the services up )
docker-compose -p mc down (for making them down)
1.11.4 Uninstallation
Log in to server and stop the process.
docker-compose -p mc down
Remove all the docker images pertaining to the Mission Control
Docker stop <image id> && docker rm <image id>
All the services will be removed, moreover you can delete the folders manually.
1.12.1 Prerequisites
You have completed the common system setup for the haproxy target server (see chapter 1.7).
To download the package directly from the Linux command line, you'll use a command that looks
something like this:
$ wget
https://download.opensuse.org/repositories/server:/http/SLE_12/x86_64/
haproxy-1.8.14~git0.52e4d43b-5.1.x86_64.rpm
Maintenance.html is just a simple html file and can be configured based on the requirement.
cd /etc/rsyslog.d/
Now save the file and change file permission to 755 for haproxy.conf.
Create a new directory haproxy inside /var/log/ directory and change the os user permission
to haproxy.
Page 222 of 259
Babu R (623)
GSEP Installation Guide System Operations
chown –R haproxy:haproxy haproxy
Haproxy stop, start, status check can be done by using the below command.
Above url will ask username and password first. Credential is configured in haproxy.cfg file.
Once you are done above screen will appear with all the application details which are
configured in haproxy.cfg file.
HAProxy Stats provides a lot of information about data transfer, total connection, server
state etc.
apachectl –k stop
Listen 81
<IfDefine SSL>
<IfDefine !NOSSL>
<IfModule mod_ssl.c>
Listen 443
</IfModule>
</IfDefine>
</IfDefine>
Now in the backed section in haproxy.cfg file add the below line.
default_backend apache_servers
backend apache_servers
server server1 127.0.0.1:81
1.12.9 Finish
Now you are done with the basic setup for HAproxy.
1.12.10 Backup
Backup of Application Filesystem is integrated in EDC standard process (refer 3.8).
1.13.1 Prerequisites
You have completed the common system setup for Ansible controller target server (see chapter
1.7).
1.13.2 Overview
Ansible is an open-source software provisioning, configuration management, and application-
deployment tool. It runs on many Unix-like systems, and can configure both Unix-like systems as well
as Microsoft Windows. It includes its own declarative language to describe system configuration.
We are using python script to write and maintain the playbook for our deployment.
Check the pip package is installed or not by typing (pip --version) ,if pip isn't installed install
pip by using the below command.
Note - pip is a package management system used to install and manage software packages
written in Python.
Use the command pip freeze to list all python related dependencies.
Similarly install GCC (GNU Compiler Collection). At the time of installing a python
dependency it will search for GCC c++ compiler, install by using the below command.
Here are the list of python dependencies need to be installed before we start Ansible.
Package
asn1crypto
backports.ssl-match-hostname
bcrypt
cffi
crmsh
cryptography
cssselect
cx-Oracle
enum34
ethtool
futures
idna
ipaddress
Jinja2
lxml
MarkupSafe
msgpack-python
netaddr
parallax
paramiko
pciutils
pexpect
psutil
pyasn1
Page 226 of 259
Babu R (623)
GSEP Installation Guide System Operations
pycparser
pycrypto
pycurl
pygobject
PyNaCl
pyOpenSSL
python-dateutil
python-dmidecode
pyudev
PyYAML
pyzmq
requests
requests-toolbelt
rhnlib
salt
setuptools
simplejson
six
suds
tornado
libffi4
Setuptools
Note – Dependency versions are depends on which version of Ansible and PIP you are installing. All
these packages need to be installed in /usr/lib/python2.7/site-packages directory.
cd /usr/lib/python2.7/site-packages/ansible-2.6.4/
python setup.py install
Note - Once you run this command (python setup.py install) it will start installing the Ansible. If
some of the above dependencies are not available it will terminate the installation by showing
those missing dependencies list. If all are good then it will install the Ansible.
ansible --version
General Overview
Upgradation Steps
Download the new package which needs to be upgraded and place it under
“/opt/atlassian/storage/” directory.
Redirect to “/etc/ansible/”. Open the “jira-application.yml” file (if you are upgrading
confluence you have to open “confluence-application.yml”).
Change the node name where the upgrade should happen. Save and close the file.
root@sedcagse0980: /etc/ansible/ansible_vars/hosts_vars :
vi jira.yml app_node_id = “Jira Node-4 “
Host_name= “53.31.30.172”
root@sedcagse0980: /etc/ansible:
ansible –m ping jira-node4
ansible-playbook jira-application.yml
The upgrade should start once you hit enter. You could see the console log on the same
screen. If there is an issue it will show the error message on the same screen and terminate
the upgrade.
Similarly for plugin upgrade we have a file called “jira-addons.yml”. In the similar way
change the node name where the upgrade need to be done and hit the below command.
ansible-playbook jira-addons.yml
Scripts will upload the new package to destination server and do the configuration and start
the application. The whole process with take almost 5 to 10 min based on the package size.
1.13.7 Finish
Now you are done with the setup of ansible controller and application upgrade.
1.13.8 Backup
Backup of Application filesystem is integrated in EDC standard process (refer 3.8).
The following overview image shows how the applications are linked. Although in most cases it
doesn’t matter from which system the link is initiated (in crucible it does matter!) the links should be
created from the systems with the arrow-source (circle) in the image.
Now you can see the link to the created application. The screenshot below shows a demonstration
screen from the Daimler INT environment.
If you have problems to configure the application links (e.g. double entries etc.) you can always
click on the little refresh/reset button at the right side of the table’s column header. By clicking this
link the application navigator will reset to just the current applications entry. This is a weird
behavior, because when you enter the “Application Links” section and then go back to the
“Application Navigator” section all application links are in place again. Seems like the application
links are synced between the applications somehow... Now you just need to move the Overview
and the Crucible-Elements again to the right position and you’re done.
The application menu should now look like this in all applications (combined screenshot):
And with that matches the application sequence in the overview on the landing page.
Add or amend the following lines in the "/etc/sysctl.conf" file. Keep any existing values if they are
higher than those specified here.
fs.file-max = 6815744
kernel.sem = 250 32000 100 128
kernel.shmmni = 4096
kernel.shmall = 1073741824
kernel.shmmax = 4398046511104
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
$ /sbin/sysctl -p
The following steps must be performed, whether you did the manual or automatic setup.
Set the password for the "oracle" user.
$ passwd oracle
If you have the Linux firewall enabled, you will need to disable or configure it as following :
$ mkdir -p /opt/oracle/product/12.1.0.2.0/db
$ chown -R oracle:dba /opt/
$ chmod -R 775 /opt/
Unless you are working from the console, or using SSH tunnelling, login as root and issue the
following command.
$ xhost +<machine-name>
1.16.8 Setup profile
Add the following lines at the end of the "/home/oracle/.bash_profile" file.
# Oracle 12c installation Settings
export TMP=/tmp
export TMPDIR=$TMP
export ORACLE_BASE=/opt/oracle
export ORACLE_HOME=$ORACLE_BASE/product/12.1.0.2.0/db
export PATH=/usr/sbin:$PATH
export PATH=$ORACLE_HOME/bin:$PATH
export LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib
export CLASSPATH=$ORACLE_HOME/jlib:$ORACLE_HOME/rdbms/jlib
1.16.9 Installation Steps
Note: Make sure to launch the xming before going to next steps.
Log into the oracle user. If you are using X emulation then set the DISPLAY environmental variable.
DISPLAY=SGSCBIU0044.in623.corpintra.net.net:0.0; export DISPLAY
Page 236 of 259
Babu R (623)
GSEP Installation Guide System Operations
Unpack Files
You should now have a single directory called "database" containing installation files.
Start the Oracle Universal Installer (OUI) by issuing the following command in the database directory.
$ ./runInstaller
Syntax:
$ useradd -o -u 600 -g 600 -m -s /bin/bash -c "Oracle DB user for <DBNAME>" –d
/home/<osusername> -m <osusername>
Page 243 of 259
Babu R (623)
GSEP Installation Guide System Operations
Add the below environment variable in bash profile.
#ORACLE 12c related.
export ORACLE_BASE=/opt/oracle
export ORACLE_HOME=/opt/oracle/product/12.1.0.2.0/db
export TNS_ADMIN=$ORACLE_HOME/network/admin
export PATH=$ORACLE_HOME/bin:$ORACLE_HOME/OPatch:$PATH
export ORACLE_SID=<SID Name>
1.16.11 Prepare init.ora and createDB_ATM_PROD.sql file
initATM_PROD.ora
#audit_sys_operations=TRUE
# audit_syslog_level='LOCAL4.INFO'
audit_trail=none
audit_file_dest="/opt/oracle/log/daig/rdbms/atm_prod/atm_prod/adump"
backup_tape_io_slaves=TRUE
compatible=12.1.0.2.0
control_files=("/opt/oracle/data1/atm_prod/atm_prod_control01.ctl",
"/opt/oracle/onredom/atm_prod/atm_prod_control02.ctl",
"/opt/oracle/onredop/atm_prod/atm_prod_control03.ctl")
control_file_record_keep_time=35
db_block_size=8192
db_file_multiblock_read_count=16
db_domain=""
db_name="atm_prod"
diagnostic_dest=/opt/oracle/log
dispatchers="(PROTOCOL=TCP) (SERVICE=atm_prodXDB)"
filesystemio_options=setall
large_pool_size=20m
local_listener='(ADDRESS=(PROTOCOL=IPC) (KEY=LISTENER_ATM_PROD))'
log_archive_dest_1='LOCATION=/opt/oracle/offredo/atm_prod'
log_archive_format=atm_prod_arch_%t_%r_%s.dbf
log_buffer=6156288
max_dump_file_size=52428800
open_cursors=300
pga_aggregate_target=400M
processes=150
recyclebin=off
remote_login_passwordfile=EXCLUSIVE
sec_max_failed_login_attempts=10
sec_protocol_error_further_action=continue
sec_protocol_error_trace_action=trace
sec_return_server_release_banner=false
sga_target=2G
timed_statistics=TRUE
undo_tablespace=UNDO
createDB_ATM_PROD.sql
NOTE: Make sure that all the directories are available (created) before mentioning in the init.ora &
createDB.sql files.
$ mkdir -p /opt/oracle/log/daig/rdbms/atm_prod/atm_prod/adump
$ mkdir -p /opt/oracle/data1/atm_prod/
$ mkdir -p /opt/oracle/onredom/atm_prod/
$ mkdir -p /opt/oracle/onredop/atm_prod/
$ mkdir -p /opt/oracle/offredo/atm_prod
$ mkdir -p /opt/oracle/log
$ mkdir –p /opt/oracle/temp1/atm_prod
$ su – ora_atmp
$ echo $ORACLE_SID
atm_prod
$ oracle@SGSCBIU0044:~> sqlplus / as sysdba
SQL*Plus: Release 12.1.0.2.0 Production on Fri Mar 3 17:04:29 2017
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Connected to an idle instance.
SQL>
SQL> startup nomount
pfile=/opt/oracle/product/12.1.0.2.0/db/dbs/initATM_PROD.ora
Shutdown the database:
SQL> @createDB_ATM_PROD.sql
To verify :
SQL> select name from v$database;
NAME
---------
ATM_PROD
SQL>
So your database is created. Now just run the catalog.sql and catproc.sql scripts to take it effet.
You will find the in $ cd $ORACLE_HOME/rdbms/admin
SQL> @/opt/oracle/product/12.1.0.2.0/db/rdbms/admin/catalog.sql
SQL> @/opt/oracle/product/12.1.0.2.0/db/rdbms/admin/catproc.sql
Check the database.
grant connect, resource, create table, create sequence, create trigger, create session to
atm_prod_dbuser;
{install_dir}/conf/server.xml
{install_dir}/bin/setenv.sh
{install_dir}/atlassian-jira/WEB-INF/classes/jira-application.properties
{install_dir}/atlassian-jira/WEB-INF/classes/seraph.config.xml
{install_dir}/atlassian-jira/WEB-INF/classes/crowd.properties
yast
Another option would be to combine the owner change with a recursive find. The following example
will search recursively for all files that belong to root and change their owner to cro_int_osuser and
the group to users:
1.19 Monitoring
1.19.1 Automated Monitoring
“Basic monitoring/standard” monitoring packages
Standard Monitoring EDC
“Application specific/optional” monitoring packages
Documented in Support Concept
You can find deeper links to specific topics in the “Troubleshooting” chapters for each individual
application in chapter Error: Reference source not found.
For contact details see Chapter 2.2.1. Maintenance needs to be purchased yearly.
Hardware:
1.24.1 Backup
Object Tool Method Interval Offsite
Medium:
Execution:
Has to be coordinated with:
Archiving cycle:
Maximum time of retention:
Repository:
1.25.1 Performance
Standard Reporting processes of EDC.
Integrity:
Availability (information):
Further characteristics:
It was recommended in the information classification, that the system is continuity-critical. Anyway
due to the defined critical timescale, that architecture will be implemented as designed in the OPM.
Atlassian Access is provided for each GSEP NTG6 to change PW and details.
ZULA is used for user authorization and access control and fullfils the main requirements:
User Access Management: Daimler employees can use ZULA to request access to GSEP NTG for
internal and Supplier users. For Supplier Users there is the restriction that they have to be registered
in Supplier Portal and apply for EngineeringPortal within Supplier Portal before ZULA can fetch the
user details one day after (due to user syncronisation). In a ZULA request there is the possibility to
select for each Business Unit project (currently only NTG6) which Atlassian tools with which projects
and which role shall be available for the selected users.
User Access Approval: The Information owner or his named deputy must approve each ZULA request
for each user.
Daimler Users can extend their rights via ZULA (They will be informed via Mail before)
Suppliers receive a Mail from ZULA, that they need to contact their PKU (must be the requestor), so
that he can extend the rights.
The ZULA request is approved and a user can be administrated in Atlassian Crowd
The ZULA request is expired (e.g. was not extended) or deleted so that the user can be deleted in
Atlassian Crowd.
The user is deleted from Supplier Portal/ Supplier Directory or CorpDir so that the user can be
deleted in Atlassian Crowd.
After the approved ZULA request, the GSEP support will administrate the users and contact them via
encrypted mail to inform them about the URL, the initial password and the handling of the client
certificate.
Every Supplier (resp. SKU) will receive one separate client certificate for all his project members. The
client certificates are valid for one year after their creation. If suppliers join the Business Unit Project
during this period, they will get one of the initially created certificates, so that there is always a
defined date, when all certificates expires.
In sufficient time before the expiry of the certificates, new ones were created and send out one by
one to each supplier (the responsible SKU).
If a supplier leaves the project, all users needs to be deactivated via ZULA. The BU or responsible PKU
shall inform GSEP support via mail, as soon as the project gets the information from the supplier. The
support will deactivate the users and inform the KCS that the certificate of the company must be
revoqued.
Page 255 of 259
Babu R (623)
GSEP Installation Guide System Operations
Details regarding ZULA in the ZULA BRD (see Appendix)
3.2 ICS-aspects
4.1 Notification/escalation
· Decision tree
· General test process for error allocation
· Which actions have to be taken if the instructions don’t contain the necessary information?
· Which measures have to be taken by the SCC until the incident escalates to the third level?
Installation Guide
5.1.5 Troubleshooting guide
N.a.
5.1.8 Worst case scenarios
· Description of the worst case scenario (e.g. under which circumstances will the worst case take
place and what will the consequences be like?)
· Organizational measures
· Technical measures
· Are there particular measures for escalation?
Documented in Support Concept
Page 259 of 259
Babu R (623)
GSEP Installation Guide System Operations