Docker Confluence Swarm Service deployment (Also works for other Jira products)

Hello all,

I hope this helps someone out there.

I struggled and battled to get Confluence running as an SSL based Docker service. I build mine on Centcon 7.6 OS. It is easily scalable and has built in HA. I can now remove it and put it back and all data is persistent. I have a Jenkins job that backs up the main Confluence data directory nightly.

Here is what I found and did to correct any issues.  Many forums helped with small pieces for the SSL part.

Original Base Image:

docker run -v /opt/atlassian/confluence/data:/var/atlassian/application-data/confluence --name="confluence" -d -p 0.0.0.0:8090:8090 -p 0.0.0.0:8091:8091 -e JVM_SUPPORT_RECOMMENDED_ARGS=-Datlassian.recovery.password=admin1 atlassian/confluence-server

 

DIRS of interest: /opt/atlassian/confluence/data

/var/lib/docker/volumes/confluence_volume

 

SSL Image:

docker service create --name confluence --publish 8090:8090 --network  confluence_network  --constraint node.role==worker  --mount source=confluence_volume,target=/var/atlassian/application-data/confluence  -e ATL_PROXY_NAME=confluence.watchsystems.com -e ATL_PROXY_PORT=443 -e ATL_TOMCAT_SCHEME=https  -e JVM_MINIMUM_MEMORY=1024m -e JVM_MAXIMUM_MEMORY=1024m -e JVM_RESERVED_CODE_CACHE_SIZE=512m -e watchsystems/offenderwatch:confluence

 

Build out, move and Issues to overcome: 

First thing is make a fresh DB. Mine was SQL, so I followed the SQL build instructions by Atlassian.

I then backed up my original site and pulled the backup.zip from my Linux VM to a local location. 

I created the Docker Swarm Service using the Command above and configured it. 

******************************************************************************

RESTORING during install caused me headaches, so I restored after install, and also used an evaluation license to begin, because of other issues with users not syncing after restore

To move Confluence to a docker service or container I had to do the following 

  1. Create new DB jiraconfluence
  2. Set up db : https://confluence.atlassian.com/doc/database-setup-for-sql-server-9258.html
  3. Spin up docker service
  4. Confluence - Install it as normal, connect to the DB, then for options, select Restore .
  5. While installing - Choose EVAL license, Login to Atlassian and copy paste key into Confluence. This allows you to set up users you will need to get all running later.
  6. Upload backup file found on watchit> backups >jira >confluence.
  7. When complete, remove the service.
  8. Redo the service with the following -e added to allow you to login:
  9. -e JVM_SUPPORT_RECOMMENDED_ARGS=-Datlassian.recovery.password=admin1
  10. Add a new local user  after and make the user admin, so you can use this user after remove the recovery_admin user down below.
  11. Kill docker service.
  12. Redo service without the recovery_admin env.
  13. Login as new added user and follow the steps below.

 

Setting Confluence service as HTTPS:

Because Docker uses images and that has all Docker container and service configurations. You have to create a new image from the original to have changes set in new Docker service for Jira products.

 I had to do this to get Server.xml to be changed. ( I will add to post):

  1. Start docker service using the command.
  2. Copy and change an existing  server.xml locally from the container (Steps below).  Once copied locally on host, change it and save it.
    1. I did this by going to host for the docker container (Swarm Task) and copied the server.xml out of it.
    2. Docker   container  ls    -- list containers
    3. Docker   cp     (containerID):/opt/Atlassian/jira/conf/ server.xml       .         ( copy locally from container)
    4. Docker    cp   server.xml    (containerID):/opt/Atlassian/jira/conf/      or confluence path.     ( change and copy back into the running container)
    5. Then, you have to COMMIT your changes back out of the container to a new image.     
    6. Docker    commit    (containerID)  (some new image name)           (commit changed container to a new image)
  3. Once that is done, you can stop the existing docker service and simply use this image at the end of the Docker service command to spin up a new service with changes.
  4. This Server.xml change  along with  service command with -e PROXY sets all to HTTPS.

 

Issues after moving Confluence:

You may have to run through these steps if Confluence cannot add the User Directory for Jira. With a Docker container or service, once you have to restored Confluence in the directories on the host VM, and the DB tables, you can kill the service or container as many times as you like,as you tweak and change ENV like memory settings, paths. etc...

  1. Issue with adding the Jira User Directoy: The User Directory will not sync and throw a "Forbidden 403". This is because after a restore, the database tables no longer are in sync with the user CDW_user and CDW_membership.
  2. Solution:

    1. I figured out the cdw_membership and cdw_user tables in both had different records after RESTORE.
    2. I simply went one by one down the databases; cdw_membership and cdw_users.
    3. I removed all Confluence-Users from the Confluence table that did not have Confluence-user membership. I also had to delete the same records in Jira that matched the Confluence-Users membership (THIS WAS ODD that to me that I had to do this).
    4. After this I simply added the User Directory successfully and was then able to correctly SYNC the directory with Confluence.

     

 

 

 

 

 

2 comments

WatchSystems IT Admin August 18, 2020

I forgot something critical.. You also have to make sure you tweak the SERVER.XML file in /opt/atlassian/jira/conf/

like this for servicedesk.

<?xml version="1.0" encoding="utf-8"?>

<Server port="8005"
shutdown="SHUTDOWN">

<Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on"/>
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>

<Service name="Catalina">

<Connector port="8080"
maxThreads="100"
minSpareThreads="10"
connectionTimeout="20000"
enableLookups="false"
protocol="HTTP/1.1"
redirectPort="8443"
acceptCount="10"
secure="false"
scheme="https"
proxyName="servicedesk.watchsystems.com"
proxyPort="443"

relaxedPathChars="[]|"
relaxedQueryChars="[]|{}^\`&quot;&lt;&gt;"
bindOnInit="false"
maxHttpHeaderSize="8192"
useBodyEncodingForURI="true"
disableUploadTimeout="true" />

David Drinnan May 23, 2022

Great write-up. Have you had any luck with running Confluence Data Center with clustering in docker?

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events