Greetings. I'm a systems analyst at the university of ottawa. We have a confluence instance here and we're in a bit of a bind. The people who used to manage it are gone. I've inherited it. And my first task is to upgrade it and migrate to SSO or to our central domain LDAP. I've been looking into it, - kind of a rabbit hole because we run an older version of CentOS (6.10) with an older version of postgresql..... so - i'm thinking of building a new VM with ubuntu LTS or something and installing the new Confluence fresh on that , then using the data export / import tools in the GUI to just move over to that new server.
What landmines, roadblocks or other sleep-losers am I going to run into and how can I avoid them?
Hello, @Shawn Quinn
0) Make sure you run a mitigation for https://jira.atlassian.com/browse/CONFSERVER-67940
I mean: RIGHT NOW
1) You don't need to update to have SSO (there are plenty of 3rd party SSO apps on Atlassian Marketplace, including our EasySSO for Confluence that will do this for you on 6.10 both on Server or Data Center – depending on the protocol you choose and your organisation's complexity and capabilities, this can take from 15min to couple of hours) or LDAP integration (this is supported in 6.10 and will take about 5 minutes)
2) You should definitely update Confluence to make sure it is secure.
3) Find a Solution Partner https://www.atlassian.com/partners next to you, they will do all of this (update + integration) faster.
We (in New Zealand) do things like this as a fixed-price 16h engagement.
4) Don't even think about moving to Cloud at this stage of your project. If the update of Confluence is potentially a problem raising this kind of questions, migration to Cloud is going to be a much much much bigger one. Typical one takes from 6 to 18 months. Again a Partner will help.
5) If you insist on doing this yourself – built a test environment first. Use a new version of CentOS, but install the same Postgres, and the same Confluence - literally copy over the content on the filesystem, including home directory. Copy db data over via SQL dump restore.
Change the db URL to point to the new database (if needed – might be on localhost by the way you've phrased it)
Change settings in CONFLUENCE_INSTALL/conf/server.xml to reflect the new hostname
Disable outgoing and inbound email via flags in setenv.sh file.
Once started – change the baseURL.
Make sure everything runs as it used to be (except for a different baseURL).
Here is a question of having a test plan. Have one. Use it. Engage the stakeholders.
6) Update Postgres and Confluence in place. Use the test plan.
7) Review changes between 6.10 and whatever version you are going to. Socialise these – there will be changed to UX, that will affect users.
8) Do LDAP integration. Start with delegated authentication directory.
9) You may need to rename you internal directory users so the LDAP ones (eventually) match by username. We use Adaptavist ScriptRunner with a custom Groovy script working off a CSV file. Talk to a Solution Partner – they should be able to help.
10) You may need to cleanup inactive users and move users around form the internal directory to the delegated one (so they get LDAP login, but retain the link to their data) or export a CSV file for the above. Use our UserManagement for Confluence app for this. Feel free to use it on evaluation license. Buy if you like it. Reach out to our 24x7 support if you need more advice or talk to your Solution Partner.
11) Do the SSO integration. EasySSO offers 5 authentication protocols – SAML, NTLMv2, Kerberos, X.509 and HTTP Headers. Choose one that your Security Team and Architects approve of. Or use another app from another vendor.
12) Test and test and test again. Ask your users to test.
13) Document every step in a run book – to repeat for PROD migration.
You can use Product Requirements blueprint in Confluence for this, but make sure you export and print it out before you do PROD migration. Use checkboxes for actions you will need to tick off
14) Do a test migration again. Test your runbook.
15) Arrange an outage, do the prod migration.
Don't touch the old instance – keep it as a rollback strategy. Merely bring it down, and switch DNS to point to the new one.
16) Do a smoke test. Stop. Enable email. Start. Do a test again. Get users to accept the result.
17) Keep the old Confluence instance around for some time, possibly start it back up with email disabled and a different name/baseURL and non-admin users locked out (by removing application access groups). This can be done in bulk with Bulk User Actions in UserManagement app
18) Eventually shut it down and decommission.
19) Did I mention "talk to a Solution Partner"?
Good luck.
that's more like it. Thanks for taking the time to walk me through this.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Shawn Quinn - I think the idea of moving to a cloud version would be good but you will have to check with your security group as well as check any of the plugins that you might be using and see if they are also available in the cloud version. You might have to contact Atlassian and give you a quote for the move. It is sometimes easier said than done. Realistically, upgrade your current instance and then plan out a move in the future after you have done your research
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey @Shawn Quinn
Why not move from on-prem and all the hassle that comes with it and switch to Confluence Cloud instead?
Just a suggestion.
Best wishes
Jon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
That's the ultimate goal. Just not sure even reading through the documentation, whether I can jump straight to cloud or not.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
@Shawn Quinn Hey, Shawn! I'm going to move this to the Confluence collection, so you can continue to get the best possible answers.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Confluence Version 6.15.4
Build Number 8100
Database name PostgreSQL
Database version 9.5.6
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I would need a quote for sure. I don't know how to get a quote. Do I need to talk to a sales agent or something? If so, how do I make it happen? ( the support site dosn't make it easy to contact an actual person)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hey @Shawn Quinn this would probably be a good place to start: https://www.atlassian.com/migration/cloud
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hey @Shawn Quinn!
My first questions back to you would be what version of Confluence are you running and are you on the server or Data Center version?
I don't disagree with your thought process however, without knowing what version you are on I'm not sure if you will run into any issues trying to import an export from your existing instance. If your version is significantly older than the version you are planning to go to you might need to take a slower upgrade approach.
I hope that helps get you started.
-Jimmy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.