Confluence Cluster 6.3.1集群搭建+LDAP集成+CAS/SSO认证集成+插件破解+邮件服务器配置
目录
Confluence Cluster 6.3.1集群搭建+LDAP集成+CAS/SSO认证集成+插件破解+邮件服务器配置
修订历史记录
日期 | 版本 | 说明 | 作者 |
2019-4-9 | 1.0 | ** | |
2019-4-11 | 1.1 | 郁涛 | |
软件包
链接:https://pan.baidu.com/s/1xZxWRwiN1hSxh0g8uJP8fQ
提取码:itpc
拓扑图
系统环境
1. 服务器基本信息
服务器ip | 操作系统版本 | 角色 | 管理员账户 | 备注 |
10.5.0.90 | Centos 7.4 | 前端节点1 | root/* | |
10.5.0.91 | Centos 7.4 | 前端节点2 | root/* | |
10.5.0.92 | Centos 7.4 | 前端节点3 | root/* |
2.数据库信息
数据库VIP | 类型 | 数据库名 | 账号 | 密码 | 备注 |
10.2.2.53 | MSSQL | confluence_cluster | confluence | * |
3. 共享存储挂载信息
挂载类型 | 挂载IP | 挂载目的主机IP | 挂载路径 | 挂载权限 | 空间大小 | 备注 |
ISCSI | 10.2.55.5 | 10.5.0.90 | /home/confluence_cluster | 777 | 1T | |
ISCSI | 10.2.55.5 | 10.5.0.91 | /home/confluence_cluster | 777 | 1T | |
ISCSI | 10.2.55.5 | 10.5.0.92 | /home/confluence_cluster | 777 | 1T |
4. 授权信息
服务器ID号 | KEY |
BXDS-3LKZ-QL86-FJ1R | * |
节点安装配置
各节点环境配置
- 关闭selinux
- 关闭防火墙
systemctl stop firewalld.servicesystemctl disable firewalld.service
-
取消linux打开的文件数量限制
为了使服务器重启设置还能生效, 采取永久改变的方法。
vim /etc/security/limits.conf
在文档最后添加
* soft nofile 65535* hard nofile 65535
- 安装iscsi客户端
[root@confluence01 ~]# yum install iscsi-initiator-utils
设置开启自启
systemctl enable iscsi.service
- 在DELL存储上划分卷并分配给3台节点。
- 配置多路径
安装多路径软件
yum install device-mapper-multipath
启动服务
/bin/systemctl start multipathd.service
设置开机自启
systemctl enable multipathd.service
创建multipath.conf配置文件
cp /usr/share/doc/device-mapper-multipath-0.4.9/multipath.conf /etc/
修改multipath.conf配置文件,按如下要求:
multipath也会为本地的磁盘生成相应的dm设备,所以需要在multipath.conf中将本地磁盘加入到黑名单:
blacklist {wwid 26353900f02796769devnode "^(ram|raw|loop|fd|md|dm-|sr|scd|st)[0-9]*"devnode "^hd[a-z]"devnode "^sda[0-9]?"}
固定multipath设备的命名:
通过wwid和设备别名一一对应的方式固定multipath设备的名称,这些和别名对应的设备会被创建到/dev/mapper/目录下,知识兔使用时直接使用这个目录的设备
wwid值可以通过multipath -ll (建议可以查看的信息比较详细) 或者more /etc/multipath/bindings查看,如下:
排除黑名单
blacklist_exceptions {wwid "36000d31000739b00000000000000009a"}
设置别名
multipaths {multipath {alias DM-1Tuid 1000gid 1000wwid "36000d31000739b00000000000000009a"mode 0777}}
配置完成之后,重启multipathd服务,知识兔使用下面的命令清空已有的multipath记录
multipath -F
然后知识兔使用multipath -v2重新扫描设备,这时会在/dev/mapper/目录下生成和别名对应的设备文件
- 格式化分区并挂载到/home/confluence_cluster 具体参照我的另一篇文章(gfs集群文件挂载):
2.各节点安装JAVA
confluence的运行是依赖java环境的,需要安装jdk并且知识兔要是1.7以上版本,拷贝jdk到服务器根目录进行安装:
[root@test-vm03 opt]# rpm -ivh jdk-7u55-linux-x64.rpm
确定已安装
java -version
节点1
节点2
节点3
3.节点1 安装confluence
将上面两个包下载到本机的/home目录下,给二进制文件授执行权限,然后知识兔安装
[root@bogon home]# chmod +x atlassian-confluence-6.3.1-x64.bin[root@bogon home]# ./atlassian-confluence-6.3.1-x64.bin
执行可执行文件进行confluence的安装
[root@yeebian ConfluenceInstall]# ./atlassian-confluence-6.3.1-x64.bin
#执行安装并根据提示输入,知识兔选择默认安装。Unpacking JRE ...Starting Installer ...Apr 20, 2017 6:47:35 PM java.util.prefs.FileSystemPreferences$1 runINFO: Created user preferences directory.Apr 20, 2017 6:47:35 PM java.util.prefs.FileSystemPreferences$2 runINFO: Created system preferences directory in java.home.This will install Confluence 6.3.1 on your computer.OK [o, Enter], Cancel [c]o ## 默认回车Choose the appropriate installation or upgrade option.Please choose one of the following:Express Install (uses default settings) [1], Custom Install (recommended for advanced users) [2, Enter], Upgrade an existing Confluence installation [3]1See where Confluence will be installed and the settings that will be used.Installation Directory: /opt/atlassian/confluence ## 安装目录默认路径Home Directory: /var/atlassian/application-data/confluence ## 家目录默认路径HTTP Port: 8090 ## http默认端口8090RMI Port: 8000Install as service: YesInstall [i, Enter], Exit [e]i ## 输入 i,回车Extracting files ...Please wait a few moments while Confluence starts up.Launching Confluence ...Installation of Confluence 6.3.1 is completeYour installation of Confluence 6.3.1 is now ready and can be accessed viayour browser.Confluence 6.3.1 can be accessed at http://localhost:8090Finishing installation ...
(4)启动confluence
[root@localhost ~]# /home/atlassian/confluence/bin/start-confluence.sh
查看默认端口8090
(5)浏览器confluence ,http://10.5.0.90:8090,第一步选择中文,下一步
(6)选择“产品安装”,下一步
(7)安装下面两个插件,下一步
(8)破解confluence
替换/home/atlassian/confluence/confluence/WEB-INF/lib/atlassian-extras-decoder-v2-3.2.jar
atlassian-extras-decoder-v2-3.2.jar
替换 /home/atlassian/confluence/confluence/WEB-INF/atlassian-bundled-plugins/atlassian-universal-plugin-manager-plugin-2.21.jar
atlassian-universal-plugin-manager-plugin-2.22.1.jar
替换后把服务器ID给我(底部有知识兔)进行生成ID号输入。
(9)由于上一步输入的是confluence data center版本的授权,下面开始新建集群
此时涉及到一个共享主目录,上面已经创建了一个 /home/confluence_cluster共享目录
(10)配置数据库,这里选择MSSQL
在10.2.2.53上创建confluence数据库并执行以下语句:
ALTER DATABASE confluence_clusterSET READ_COMMITTED_SNAPSHOT ONWITH ROLLBACK IMMEDIATE; ALTER DATABASE confluence_cluster COLLATE SQL_Latin1_General_CP1_CS_AS;
(11)配置数据库
类驱动器名称:net.sourceforge.jtds.jdbc.Driver
数据库URL:jdbc:jtds:sqlserver://10.2.2.53:1433/confluence_cluster
用户名:confluence
密码: *
(12)confluence中配置用户和组,知识兔设置一个管理员账户和密码
(13)至此节点1 的工作完成了,进入管理-集群 ,看到此时集群状态是只有节点1在集群中,下面开始操作节点2,使其加入confluence集群
(14)节点1关闭confluence
节点2,3安装配置
(1)节点2,3验证共享目录/share的挂载情况
(2)从节点1拷贝confluence的安装路径以及家目录到节点2和节点3
scp -rp /home/atlassian/ root@10.5.0.91:/home/
scp -rp /home/atlassian/ root@10.5.0.92:/home/
并分别设置权限
chown -R confluence /home/atlassian/confluence/temp/
chown -R confluence:confluence /home/atlassian/application-data/confluence/
chown -R confluence /home/atlassian/confluence/logs/
chown -R confluence /home/atlassian/confluence/work
(3)验证节点是否正常运行
分别按序启动节点2、节点3(不可以同时启动)
(6)等待全部启动后,访问各自URL,确保度都可以正常访问,并观察集群状态
四 集成oa认证
(1)替换 /home/atlassian/confluence/confluence/WEB-INF/web.xml
特别注意下面配置
ignorePageString /plugins/servlet/streams*,/rest/applinks/**/*,/rest/capabilities/**,/plugins/servlet/oauth/**,/rest/gadgets/1.0/**,/rest/mywork/**,/rest/knowledge-base/**,/rest/prototype/** CasSingleSignOutFilter com.kedacom.sso.atlassiansso.KDSingleSignOutFilter casServerUrlPrefix https://oatest.kedacom.com/CasServer CasAuthenticationFilter com.kedacom.sso.atlassiansso.KDAuthenticationFilter casServerLoginUrl https://sso.kedacom.com:8443/CasServer/login serverName https://oa.kedacom.com/confluence CasValidationFilter com.kedacom.sso.atlassiansso.KDCas20ProxyReceivingTicketValidationFilter casServerUrlPrefix https://sso.kedacom.com:8443/CasServer serverName https://oa.kedacom.com/confluence redirectAfterValidation true CasSingleSignOutFilter /* CasAuthenticationFilter /* CasValidationFilter /* org.jasig.cas.client.session.SingleSignOutHttpSessionListener
3、替换 /home/atlassian/confluence/confluence/WEB-INF/classes/seraph-config.xml
特别注意修改下面配置
login.url https://sso.kedacom.com:8443/CasServer/login?service=${originalurl} link.login.url https://sso.kedacom.com:8443/CasServer/login?service=${originalurl} cookie.encoding cNf login.cookie.key seraph.confluence authentication.type os_authType invalidate.session.on.login true invalidate.session.exclude.list
4、在 /home/atlassian/confluence/confluence/WEB-INF/classes/ 新增xwork.xml
5、在 /home/atlassian/confluence/confluence/WEB-INF/lib/ 放入如下三个文件
需要和CAS服务器集成使用
cas-client-integration-atlassian-3.4.1.jar
atlassiansso-0.0.1-SNAPSHOT.jar
6、重启confluence服务,并测试OA登录
# /home/atlassian/confluence/bin/stop-confluence.sh
# /home/atlassian/confluence/bin/start-confluence.sh
五 反向代理配置
(1)修改httpd.conf
取消注释反向代理和负载均衡模块
LoadModule proxy_module modules/mod_proxy.soLoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.soLoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.soLoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.soLoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.soLoadModule proxy_ajp_module modules/mod_proxy_ajp.soLoadModule proxy_balancer_module modules/mod_proxy_balancer.so
附件:httpd.conf
(2)修改httpd-vhosts.conf
添加如下代理
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGEDBalancerMember http://10.5.0.90:8090/confluence route=90BalancerMember http://10.5.0.91:8090/confluence route=91BalancerMember http://10.5.0.92:8090/confluence route=92ProxySet lbmethod=byrequestsProxySet stickysession=ROUTEID ProxyPass /confluence balancer://confluenceProxyPassReverse /confluence balancer://confluence
(3) 修改ssl.conf 配置文件
Listen 443 httpsAddType application/x-x509-ca-cert .crtAddType application/x-pkcs7-crl .crlSSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialogSSLSessionCache shmcb:/run/httpd/sslcache(512000)SSLSessionCacheTimeout 1200SSLRandomSeed startup file:/dev/urandom 256SSLRandomSeed connect builtinSSLCryptoDevice builtin#SSLCryptoDevice ubsec#### SSL Virtual Host Context##ErrorLog logs/ssl_error_logTransferLog logs/ssl_access_logLogLevel warn# SSL Engine Switch:# Enable/Disable SSL for this virtual host.SSLEngine on# SSL Protocol support:# List the enable protocol levels with which clients will be able to# connect. Disable SSLv2 access by default:SSLProtocol all -SSLv2SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEASSLCertificateFile /etc/httpd/conf/server.crtSSLCertificateKeyFile /etc/httpd/conf/server.keySSLCertificateChainFile /etc/httpd/conf/ca.crt SSLOptions +StdEnvVars SSLOptions +StdEnvVars BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0# Per-Server Logging:# The home of a custom SSL log file. Use this when you want a# compact non-error SSL logfile on a virtual host basis.CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
附件:ssl.conf
(4)添加虚拟目录
修改/home/atlassian/confluence/conf/server.xml
(5)重启所有节点并进行测试
# /home/atlassian/confluence/bin/stop-confluence.sh
# /home/atlassian/confluence/bin/start-confluence.sh
(6)修改confluence URL
六 协同编辑开启
1.设置Synchrony
协作编辑需要Synchrony,它作为一个单独的进程运行。
拷贝下面配置服务包到每个节点上,并解压,这里解压到/home/Synchrony并给与权限
2、修改启动文件
vi /home/Synchrony/start-sync.sh
#!/bin/bash# Script to start a standalone Synchrony process on a separate node from Confluence (for use with data center).# Define a timestamp functiontimestamp() { date +"[%Y-%m-%d %H:%M:%S]"}# Define the user with which to run Synchrony# user must already be created before running this scriptUSER="root"# Enter your base url#confluence主站地址CONFLUENCE_BASEURL="https://oa.kedacom.com"# Enter the log location (create the directory & grant permissions to $USER first)SYNCHRONY_LOG="/home/Synchrony/synchrony-logs/atlassian-synchrony.log"# This server's IP# 本机监听IPSYNCHRONY_SERVER_IP="10.5.0.90"# Copy these from your confluence server > /confluence-home/confluence.cfg.xml#/home/atlassian/application-data/confluence/confluence.cfg.xml配置文件中有JWT_PRIVATE_KEY="MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJGmzwJOHDXy7XZG/TC0rwX0Euz74UNGfgmS1zoCDiFy489D1W69VCbbJyDDECVD5GWZp9EUKFtYGuYCc52WJTJUOMxqhPH7e+TiVfV4O705IR9aQRvdIUoKHgwoMRz93EHieHApnZdLi9ycjKJRWNdUEs4g0GqEET5tVj1181ihAgMBAAECgYBWzTOXaxeS6zirgXkI2tVn1eKliyLfZhZc/D76Ghlzw7WSYxnCimCpW3gBJV7s5n4qMp15k+rNLT+yjgl7A+0cIDtPMMSHb36Mj49hdv5WU8KgVXqB9F1JkADvjJxXUspH13SkGYqVB8hbBDCXoJuOX+AAX2o9/fvUujHtbMY+MQJBAMM1PYkKh17MZnzNGfMcobFKekJq3RczuDFHp3ETBCK5cvHZO+nOTU4JaO0H+tUyBGexAuO/U3B7GxDT+1Yu7F0CQQC/ArxtemOPKeR9ORhouNksB5E2ai87tGN3Ho/ID81XKcqVOPMsvPcjgpqdrDtNHysZOcAtpy3zR8fcLGw5ynkVAkB8IsM6/qMPOdSC0LsLys1YPRB6ZBKsyor7a6GjWoBqxJvACHD9QeAPHBTJhyWPpfr/JaW8xtJ82QxhKyzNpZFRAkA6SD5wdUC9pT23y90bzxNM8P4pCVtiL1eOOEAM/m1cZD8RKzBf/US3jBlbdPsfPBxtdQajp3hI3CUqlE9tjs9FAkEAgqMGl3AP/ttWelNLbB4xhhORe/yhOdbbvR2rPTAuV0CJG2fSEFEQT4tcgAPCYFJgnDQWmVW3X5iZt07Cn7ttnA=="JWT_PUBLIC_KEY="MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCRps8CThw18u12Rv0wtK8F9BLs++FDRn4Jktc6Ag4hcuPPQ9VuvVQm2ycgwxAlQ+RlmafRFChbWBrmAnOdliUyVDjMaoTx+3vk4lX1eDu9OSEfWkEb3SFKCh4MKDEc/dxB4nhwKZ2XS4vcnIyiUVjXVBLOINBqhBE+bVY9dfNYoQIDAQAB"#MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCRps8CThw18u12Rv0wtK8F9BLs++FDRn4Jktc6Ag4hcuPPQ9VuvVQm2ycgwxAlQ+RlmafRFChbWBrmAnOdliUyVDjMaoTx+3vk4lX1eDu9OSEfWkEb3SFKCh4MKDEc/dxB4nhwKZ2XS4vcnIyiUVjXVBLOINBqhBE+bVY9dfNYoQIDAQAB#数据库URL和账号密码DATABASE_URL="jdbc:jtds:sqlserver://10.2.2.53:1433/confluence_cluster"DATABASE_USER="confluence"DATABASE_PASSWORD="*"# Location of the synchrony-standalone.jar and database driver jar# You must copy these over from the confluence server to the directory of your choice#数据库驱动包和协同编辑jar包DATABASE_DRIVER_PATH="/home/Synchrony/jtds-1.3.1.jar"SYNCHRONY_CLASSPATH="/home/Synchrony/synchrony-standalone.jar"# Load balancer contect path, leave as "/synchrony"SYNCHRONY_CONTEXT_PATH="/synchrony"# This combines two variables above to create the synchrony service urlSYNCHRONY_SERVICE_URL=$CONFLUENCE_BASEURL$SYNCHRONY_CONTEXT_PATH# path to store the PID - normally in /var/run/mydaemonname# prerequisite: create this directory i.e. /var/run/synchrony and chown it to make the $USER the ownerSYNCHRONY_PID="/home/Synchrony/synchrony.pid"# this is where you can setup the jvm startup parameters_RUNJAVA="/home/atlassian/confluence/jre/bin/java -Xss2048k -Xmx1024m"# In this p, set the synchrony cluster member IP's using comma separated like so:# -Dcluster.join.tcpip.members=192.168.2.1,192.168.2.2 # Don't change the other properties without consulting support firstSYNCHRONY_PROPERTIES="\-classpath ${SYNCHRONY_CLASSPATH}:${DATABASE_DRIVER_PATH} \-Dsynchrony.cluster.impl=hazelcast-btf \-Dsynchrony.port=8091 \-Dcluster.listen.port=5701 \-Dsynchrony.cluster.base.port=25500 \-Dcluster.join.type=tcpip \-Dcluster.join.tcpip.members=10.5.0.90,10.5.0.91,10.5.0.92 \-Dsynchrony.context.path=${SYNCHRONY_CONTEXT_PATH} \-Dsynchrony.cluster.bind=${SYNCHRONY_SERVER_IP} \-Dsynchrony.bind=${SYNCHRONY_SERVER_IP} \-Dcluster.interfaces=${SYNCHRONY_SERVER_IP} \-Dsynchrony.service.url=${SYNCHRONY_SERVICE_URL} \-Dreza.service.url=${SYNCHRONY_SERVICE_URL} \-Djwt.private.key=${JWT_PRIVATE_KEY} \-Djwt.public.key=${JWT_PUBLIC_KEY} \-Dsynchrony.database.url=${DATABASE_URL} \-Dsynchrony.database.username=${DATABASE_USER} \-Dsynchrony.database.password=${DATABASE_PASSWORD} \-Djava.net.preferIPv4Stack=true \-Dip.whitelist=127.0.0.1,localhost,10.5.0.90,10.5.0.91,10.5.0.92,10.0.0.222"# Synchrony system properties: # https://confluence.atlassian.com/doc/configuring-synchrony-for-data-center-858772125.html/bin/su -m $USER -c "(${_RUNJAVA} ${SYNCHRONY_PROPERTIES} synchrony.core sql & ) >> ${SYNCHRONY_LOG} 2>&1"# Getting the PID of the processPID=`ps aux | grep -i synchrony.cluster | grep -i java | awk -F '[ ]*' '{print $2}'`echo "$PID" > $SYNCHRONY_PIDecho "$(timestamp) Started Synchrony service with PID: $PID" >> $SYNCHRONY_LOGecho "Starting Synchrony..."echo "Binding: $SYNCHRONY_SERVER_IP:8091"echo "Synchrony Logs: $SYNCHRONY_LOG"echo "Please wait 30 seconds, then check this heartbeat URL in your browser for an 'OK': $SYNCHRONY_SERVICE_URL/heartbeat"
在10.5.0.90上就配置监听地址为10.5.0.90
详细参数见:https://confluence.atlassian.com/conf63/configuring-synchrony-for-data-center-929730118.html
3、启动协同编辑
/home/Synchrony/start-sync.sh #启动
/home/Synchrony/stop-sync.sh #关闭
七 LDAP集成
1、打开用户目录
2、知识兔点击添加目录
3、按照图片添加信息
用户名:confluence
密码:*
4、进行同步
七 配置邮件服务器
1、在邮件服务器中添加SMTP邮件服务器
2、按如下信息添加邮件服务器
3、确认邮件服务器信息
八、业务备份和还原
手动备份和还原
备份:
业务备份:
拷贝/home/confluence-cluster/backups目录下备份文件到备份服务器即可
数据库备份:
无需备份,文件和页面都在上面备份文件中。
还原:
业务还原:
拷贝备份文件到/home/confluence-cluster/restore目录中
然后知识兔点击“一般配置”,“备份还原”,选中还原。
九、FAQ
借鉴文章:
confluence 数据中心版安装:https://confluence.atlassian.com/conf63/installing-confluence-data-center-929729992.html
协同编辑:https://confluence.atlassian.com/conf63/configuring-synchrony-for-data-center-929730118.html
APACHE文档:http://httpd.apache.org/docs/2.4/zh-cn/mod/mod_proxy.html
http://httpd.apache.org/docs/2.4/zh-cn/rewrite/vhosts.html
http://httpd.apache.org/docs/2.4/zh-cn/mod/mod_proxy_balancer.html
http://httpd.apache.org/docs/2.4/en/mod/mod_headers.html
服务器版授权详情:
数据中心版授权详情:
插件授权信息:
需要安装,知识兔支持,插件安装可以联系我
下载仅供下载体验和测试学习,不得商用和正当使用。