Install Jira 7.1 on CentOS 7.

x
Prerequisites
Atlassian docs:
Prepare the server
Install HTTPD and mod_ssl (Optional)
Install Postgres DB
Configure the DB
Install Jira
Configure AD authentication

Prerequisites
1. OS must be CentOS 7.x or RHEL 7.x
2. root access to the Linux server
3. Access to "\\fis1\install\Dev Tools\Atlassian"
4. The server spec is:

property Value

vCPU 8

RAM 16GB

system disk 100GB

data disk 250GB

Atlassian docs:
Install: https://confluence.atlassian.com/adminjiraserver071/installing-jira-applications-on-linux-802592173.html

DB config: https://confluence.atlassian.com/adminjiraserver071/connecting-jira-applications-to-postgresql-802592176.html

Prepare the server

1. log to the server and change to root user

$ sudo su -

2. Install all the prerequisites from: http://fis1.sapiens.int/install/Dev%20Tools/Atlassian/Prerequisites/

 rpm install
# rpm -ivh
http://fis1.sapiens.int/install/Dev%20Tools/Atlassian/Prerequisites/e
pel-release-latest-7.noarch.rpm
# rpm -ivh
http://fis1.sapiens.int/install/Dev%20Tools/Atlassian/Prerequisites/i
cinga-rpm-release-7-2.el7.centos.noarch.rpm
# rpm -ivh
http://fis1.sapiens.int/install/Dev%20Tools/Atlassian/Prerequisites/i
us-release-1.0-15.ius.centos7.noarch.rpm
# rpm -ivh
http://fis1.sapiens.int/install/Dev%20Tools/Atlassian/Prerequisites/p
gdg-centos93-9.3-3.noarch.rpm

3. Update the OS to the latest updates

# yum update -y

if you have any kernel update reboot the server after the updated finished

4. Install openssl

# yum install openssl -y

5. Create the self signed SSL certificate

Or download the the certificate and the key from "\\fis1\install\Dev Tools\Atlassian\Prerequisites\SSL cert"

# openssl genrsa -out star.sapiens.int.key 4096

Generating RSA private key, 4096 bit long modulus

.....................................................................
.........................................................++

.....................................................................
...................++
e is 65537 (0x10001)
# openssl req -new -x509 -days 3650 -key star.sapiens.int.key -out
ca.star.sapiens.int.crt
You are about to be asked to enter information that will be
incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name
or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IL
 State or Province Name (full name) []:Holon
Locality Name (eg, city) [Default City]:Holon
Organization Name (eg, company) [Default Company Ltd]:Sapiens
Organizational Unit Name (eg, section) []:ALIS
Common Name (eg, your name or your server's hostname)
[]:*.sapiens.int
Email Address []:
# openssl req -new -key star.sapiens.int.key -out star.sapiens.int.csr
You are about to be asked to enter information that will be
incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name
or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IL
State or Province Name (full name) []:Holon
Locality Name (eg, city) [Default City]:Holon
Organization Name (eg, company) [Default Company Ltd]:Sapiens
Organizational Unit Name (eg, section) []:ALIS
Common Name (eg, your name or your server's hostname)
[]:*.sapiens.int
Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request
A challenge password []:
An optional company name []:
# openssl x509 -req -days 3650 -in star.sapiens.int.csr -CA
ca.star.sapiens.int.crt -CAkey star.sapiens.int.key -set_serial 01
-out star.sapiens.int.crt
 Signature ok
subject=/C=IL/ST=Holon/L=Holon/O=Sapiens/OU=ALIS/CN=*.sapiens.int
Getting CA Private Key

6. Copy the certificate to the correct location

# cp -a star.sapiens.int.crt /etc/pki/tls/certs/
# cp -a ca.star.sapiens.int.crt /etc/pki/tls/certs/
# cp -a star.sapiens.int.key /etc/pki/tls/private/

Install HTTPD and mod_ssl (Optional)

1. Install the packages

# yum install -y httpd mod_ssl

2. Set the httpd services to auto start

# systemctl enable httpd.service

3. Configure the httpd to work with the new ssl certificate

# cd /etc/httpd/conf.d/

4. edit the ssl.conf

# vim ssl.conf
change the following lines:
from: SSLCertificateFile /etc/pki/tls/certs/localhost.crt
to: SSLCertificateFile /etc/pki/tls/certs/star.sapiens.int.crt
from: #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
to: SSLCACertificateFile /etc/pki/tls/certs/ca.star.sapiens.int.crt
from: SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
to: SSLCertificateKeyFile /etc/pki/tls/private/star.sapiens.int.key

save the changes

Install Postgres DB
1. Install the packages
 1.

# yum install -y postgresql93-libs postgresql93-server postgresql93

postgresql93-contrib

2. create the data space

# cp -a /var/lib/pgsql /data
# mv /var/lib/pgsql /var/lib/pgsql.install
# ln -s /data/pgsql/ /var/lib/pgsql

3. Initiate the DB

# /usr/pgsql-9.3/bin/postgresql93-setup initdb

4. configure the listening IP

# vim /var/lib/pgsql/9.3/data/postgresql.conf
change the following lines:
from: #listen_addresses = 'localhost'
to: listen_addresses = '0.0.0.0'
save the changes

5. Configure the authentication

# vim /var/lib/pgsql/9.3/data/pg_hba.conf
change the following lines:
from: host all all 127.0.0.1/32
ident
to: host all all 0.0.0.0/0 md5
from: host all all ::1/128
ident
to: host all all ::1/128
md5
save the changes

6. Start the service

# systemctl start postgresql-9.3.service

Configure the DB
1. log as postgres user

# sudo su postgres -

2.
 2. Log to the postgres

$ psql

3. Create the DB

postgres=# CREATE DATABASE jiradb WITH ENCODING 'UNICODE' LC_COLLATE

'C' LC_CTYPE 'C' TEMPLATE template0;

4. Create the user

postgres=# CREATE USER jiradbuser WITH PASSWORD '<see passowrd repo>';

SVN path to password repo: https://alis-cm02/svn/UTILS/Passwords

5. Grant permission to jiradbuser on jiradb

postgres=# GRANT ALL PRIVILEGES ON DATABASE jiradb to jiradbuser;

Install Jira
1. Prepare the data directory

# mkdir -p /data/atlassian/jira

2. Link the new folders

# ln -s /data/atlassian/ /var/atlassian

3. Download the JIRA

# wget
http://fis1.sapiens.int/install/Dev%20Tools/Atlassian/Jira/atlassian-
jira-software-7.4.1-x64.bin

4. Run the installer

# chmod 755 atlassian-jira-software-7.4.1-x64.bin

# ./atlassian-jira-software-7.4.1-x64.bin
Unpacking JRE ...
Starting Installer ...
Jul 18, 2017 3:50:34 PM java.util.prefs.FileSystemPreferences$2 run
INFO: Created system preferences directory in java.home.

This will install JIRA Software 7.4.1 on your computer.

OK [o, Enter], Cancel [c]
o
Choose the appropriate installation or upgrade option.
Please choose one of the following:
Express Install (use default settings) [1], Custom Install
(recommended for advanced users) [2], Upgrade an existing JIRA
installation [3, Enter]
2

Where should JIRA Software be installed?

[/opt/atlassian/jira]

Default location for JIRA Software data

[/var/atlassian/application-data/jira]

Configure which ports JIRA Software will use.

JIRA requires two TCP ports that are not being used by any other
applications on this machine. The HTTP port is where you will access
JIRA
through your browser. The Control port is used to startup and shutdown
JIRA.
Use default ports (HTTP: 8080, Control: 8005) - Recommended [1,
Enter], Set custom value for HTTP and Control ports [2]

JIRA can be run in the background.

You may choose to run JIRA as a service, which means it will start
automatically whenever the computer restarts.
Install JIRA as Service?
Yes [y, Enter], No [n]
y
Details on where JIRA Software will be installed and the settings that
will be used.
Installation Directory: /data/atlassian/jira
Home Directory: /data/atlassian/application-data/jira
HTTP Port: 8080
RMI Port: 8005
Install as service: Yes
Install [i, Enter], Exit [e]
i

Extracting files ...

Please wait a few moments while JIRA Software is configured.

Installation of JIRA Software 7.4.1 is complete
Start JIRA Software 7.4.1 now?
Yes [y, Enter], No [n]
y
Please wait a few moments while JIRA Software starts up.
Launching JIRA Software ...
Installation of JIRA Software 7.4.1 is complete
Your installation of JIRA Software 7.4.1 is now ready and can be
accessed
 via your browser.
JIRA Software 7.4.1 can be accessed at http://localhost:8080
Finishing installation ...

5. Configure the log location

# service jira1 stop

# cp -a /opt/atlassian/jira/logs/ /data/atlassian/
# mv /opt/atlassian/jira/logs/ /opt/atlassian/jira/logs.orig
# ln -s /data/atlassian/logs /opt/atlassian/jira/logs
# service jira1 start

6. log to the web interface http://<host name>:8080/

Click on "I'll set up myself"
Click "Next"

7. Configure the DB connections:

Tick: "My own Database"
Select: "Database Type": PostgreSQL
Hostname: <hostname>
Port: :5432
Database: jiradb
Username: jiradbuser
Password: <see passowrd repo>
Schema: public
Click "Test Connection"
 If all is OK click "Next"

8. Set the "Application Title" to the host name

Set the "Base URL" to the server proxy URL (e.g https://alis-jira-stg.sapiens.com)
Click "Next"

9. Insert the license

Click: "Next"
 9.

10. Create the local Admin account

Set the "Full Name": Local Admin
Set "Email Address": DSG.Israel@sapiens.com
Set "Username": local_admin
Set "Password": <see passowrd repo>
Click "Next"

11. Configure the mail notification

Tick "Now"
Set "Host Name": hqex10.sapiens.int
Set "SMTP Port": 9925
Click "Test Connection"
 If all is OK, Click "Finish"

12. Set the language to "English (United States) [Default]"

Click: "Continue"

13. Click "Next"

13.

14. Create Demo project

Click on "Create new project"

15. Select the project type "Scrum software development"

Click "Next"

16. Click "Select"

 16.

17. Set the project name

Set "Name": Demo
Click: "Submit"

Configure AD authentication
1. Log to Jira with the local admin(User and password are in the password repo)

2. Click on "Administration" button

Click on "User managment"
3. Enter the password and click "Confirm"

4. Click "User Directory"

Click "Add Directory"

5. Select "Microsoft Active Directory"

Click "Next"
5.

6. Set the "Name" to Sapiens

Set "Hostname" to sapiens.int
Set "Port" to 3268
Set "Username" to CN=Delivery Support Team User,OU=Service Accounts,OU=ALIS,DC=sapiens,DC=int
Set "Password" to <See password repo>
Set "Base DN" to DC=sapiens,DC=int
Click on "Advance Settings"

7. Tick "Enable Nested Groups"

Click "User Schema Setting"
8. Set "User Object Filter" to (&(objectCategory=Person)(sAMAccountName=*)(memberOf=CN=alis-jira-stg,OU=Security
Groups,OU=ALIS,DC=sapiens,DC=int))
Click "Group Schema Setting"