Monitoring JIRA without allowing anonymous access

Hello!

Our current monitoring simply requests JIRA's front-page periodically -- and verifies, that the HTML response says "Welcome to JIRA".

Unfortunately, we've had two outages already, which this simple check failed to notice: the Welcome-page was displayed normally, but any other activity (such as browsing a ticket or viewing a user's dashboard) was hanging -- producing nothing but empty pages.

What's the best way to detect such conditions programmatically? We generally do not, as a matter of security policy, allow anonymous access to our JIRA-instance. So, to force JIRA to perform any meaningful excercise, we need to create a special monitoring account for the script to use, don't we?

If so, how do we keep that monitoring account from accessing anything other than the special "monitoring" ticket -- a dummy created solely for the monitoring purpose? The monitoring account will be a member of the "jira-users" group and thus able to browse all our other projects, wouldn't it? Or can it be created belonging to some other group, which can be limited to a single ticket?

Or should we make an exception: create a special monitoring project and allow anonymous access to it? This is tempting (generally cleaner and no license is used up by the monitoring account), but there is a concern, that this may not catch some funky outage, whereby an anonymous user can browse, but logged-in accounts get hung...

What are the recommendations and known "best practices" for such "deep monitoring"? Thank you!

2 answers

0 votes

The actual reason behind the downtime could be because of lack of memory, high CPU etc. IMHO, you should monitor the JVM, Server, Database ect instead of just doing a heartbeat check or browsing/accesing a few pages.

Thanks, Jobin, for replying. Yes, we are monitoring all of these as a matter of course -- our standard set of server-monitoring includes all of those attributes you listed. Unfortunately, so far, have not been able to establish an obvious correlation between externally-observable problems and JIRA's downtime.

Not to say, none exists -- we just don't know, what they are... High CPU-utilization, for example, has been observed during perfectly normal functioning of the application.

Regardless, we'd like to rest assured, that we have a monitor, that checks for exactly the same thing, that users are seeing... Any ideas? Thank you.

I see. In that case monitoring using anonymous access might not help unless you can zero in on a purticular functionality that can be relied up on to check the application help. Difficult to say which one will help without playing around on the instance.

Because of security concerns like what you're mentioning, we are not putting jira-users into the Users role for any project. I would consider some other group but not jira-users keeping that role only for monitoring who can log into JIRA.

To do this, you'll need to change the default roles and go through each project removing jira-users but the result is worth the effort. IMHO, you should not put jira-users into the Users role except for the most simple organizations.

Now, if a user has only jira-users permission then they cannot access any project. You can create a single dummy project that only this one monitoring account can see. Now no one can see this project except 'dummy' and 'dummy' can see only this one project.

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 27, 2018 in Portfolio for Jira

Introducing a new planning experience in Portfolio for Jira (Server/DC)

In the past, Portfolio for Jira required a high degree of detail–foresight that was unrealistic for many businesses to   have–in   order to produce a reliable long-term roadmap. We're tur...

2,720 views 17 21
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you