Monitoring JIRA without allowing anonymous access


Our current monitoring simply requests JIRA's front-page periodically -- and verifies, that the HTML response says "Welcome to JIRA".

Unfortunately, we've had two outages already, which this simple check failed to notice: the Welcome-page was displayed normally, but any other activity (such as browsing a ticket or viewing a user's dashboard) was hanging -- producing nothing but empty pages.

What's the best way to detect such conditions programmatically? We generally do not, as a matter of security policy, allow anonymous access to our JIRA-instance. So, to force JIRA to perform any meaningful excercise, we need to create a special monitoring account for the script to use, don't we?

If so, how do we keep that monitoring account from accessing anything other than the special "monitoring" ticket -- a dummy created solely for the monitoring purpose? The monitoring account will be a member of the "jira-users" group and thus able to browse all our other projects, wouldn't it? Or can it be created belonging to some other group, which can be limited to a single ticket?

Or should we make an exception: create a special monitoring project and allow anonymous access to it? This is tempting (generally cleaner and no license is used up by the monitoring account), but there is a concern, that this may not catch some funky outage, whereby an anonymous user can browse, but logged-in accounts get hung...

What are the recommendations and known "best practices" for such "deep monitoring"? Thank you!

2 answers

0 vote

The actual reason behind the downtime could be because of lack of memory, high CPU etc. IMHO, you should monitor the JVM, Server, Database ect instead of just doing a heartbeat check or browsing/accesing a few pages.

Thanks, Jobin, for replying. Yes, we are monitoring all of these as a matter of course -- our standard set of server-monitoring includes all of those attributes you listed. Unfortunately, so far, have not been able to establish an obvious correlation between externally-observable problems and JIRA's downtime.

Not to say, none exists -- we just don't know, what they are... High CPU-utilization, for example, has been observed during perfectly normal functioning of the application.

Regardless, we'd like to rest assured, that we have a monitor, that checks for exactly the same thing, that users are seeing... Any ideas? Thank you.

I see. In that case monitoring using anonymous access might not help unless you can zero in on a purticular functionality that can be relied up on to check the application help. Difficult to say which one will help without playing around on the instance.

Because of security concerns like what you're mentioning, we are not putting jira-users into the Users role for any project. I would consider some other group but not jira-users keeping that role only for monitoring who can log into JIRA.

To do this, you'll need to change the default roles and go through each project removing jira-users but the result is worth the effort. IMHO, you should not put jira-users into the Users role except for the most simple organizations.

Now, if a user has only jira-users permission then they cannot access any project. You can create a single dummy project that only this one monitoring account can see. Now no one can see this project except 'dummy' and 'dummy' can see only this one project.

Suggest an answer

Log in or Join to answer
Community showcase
Alexey Matveev
Published Saturday in Jira

How to run Jira in a docker container

Everything below is tested on Ubuntu 17.10. I prefer to use Jira in a docker container because: 1. I can install Jira with a couple of commands. 2. I can start and stop Jira just by starting and s...

495 views 6 8
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you
Atlassian Team Tour

Join us on the Team Tour

We're bringing product updates and pro tips on teamwork to ten cities around the world.

Save your spot