Wednesday, March 24, 2010

Installing Atlassian FishEye and Crucible

Here I will explain how to install another Atlassian tool, the Fisheye (v2.2.1) (see the previous post for more about JIRA and Confluence). This documentation is based on the original guide, which I recommend you to read:


http://confluence.atlassian.com/display/FISHEYE/FishEye+Installation+Guide


1. First you need to download it. You can go to the download page: http://www.atlassian.com/software/fisheye/FishEyeDownloadCenter.jspa or get it with:

#---
wget http://www.atlassian.com/software/fisheye/downloads/binary/fisheye-2.2.1.zip
#---


I will assume that you already done the first steps from the JIRA and Confluence installation guide (MySQL + Tomcat) and that you have a running SVN server (see installation here). It is also assumed that you already enrolled a license for FishEye and Crucible. Have it handy.

2. To install FishEye you need to decompress the archive file:
#---
unzip fisheye-2.2.1.zip -d /usr/local/
#---


3. You need to create the database for FishEye and Crucible (I assume that the daemon is running):
#---
mysql -u root -p
#---


4. At the MySQL shell:
#---
CREATE DATABASE fisheyedb CHARACTER SET utf8;
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,ALTER,INDEX,LOCK TABLES ON fisheyedb.* TO 'fisheyeuser'@'localhost' IDENTIFIED BY '';
FLUSH PRIVILEGES;
\q
#---


5. Check if you can access the databases:
#---
mysql \--user=fisheyeuser \--password= \--database=fisheyedb
#---


6. Then prepare for running:
#---
export FISHEYE_HOME="/usr/local/fecru-2.2.1/"
mkdir -p /var/local/atlassian/fisheye
export FISHEYE_INST="/var/local/atlassian/fisheye"
export JAVA_HOME="/usr/java/default/"
export JRE_HOME="/usr/java/default/jre/"
cp $FISHEYE_HOME/config.xml $FISHEYE_INST/
cd $FISHEYE_HOME/bin
./run.sh
#---


6.1. Wait until the server is up an than go to: http://localhost:8060/

7. Go directly to the Database Configuration and provide the following fields with the following data:

Type: MySQL
URL: jdbc:mysql://localhost/fisheyedb
User Name: fisheyeuser
Password: <plain text pass for fisheyeuser>


Hit "Test Connection" and than "Save & Migrate"

8. Go to Users and add a user putting it as administrator (in Administrators)

9. Add a user to your JIRA Server, if you have one: http://localhost:8080/jira

10. Set JIRA to accept API remote calls:
Administration -> General Configuration -> Accept remote API calls (must be ON)

11. Then return to FishEye and configure your JIRA server with the corresponding user. (You have to have at least one project).

12. Add a user in SVN by editing the files (for the very crude installation): [/var/svn/<repository>/conf/passwd]

13. Then return to FishEye and configure your SVN repository: svn://localhost/var/svn/<project>

P.S.: You may need to add an additional rule to your IPtables in the file [/etc/sysconfig/iptables]:

...
# Tomcat (FishEye)
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8060 -j ACCEPT
...


#---
service iptables restart
#---


Related posts:
JIRA and Confluence instalation: http://gka-linux.blogspot.com/2010/03/jira-and-confluence.html
SVN instalation: http://gka-linux.blogspot.com/2009/07/subversion-and-apache-with-pam.html

Sunday, March 21, 2010

Postfix + Cyrus SASL + TLS

Setting up Postfix as a relay:

A. Postfix basic configuration:

1. You need to install Posftix and Cyrus for authentication (you definitely do not want an open relay).
#---
yum -y install \
postfix \
cyrus-sasl \
cyrus-sasl-lib \
cyrus-sasl-md5 \
cyrus-sasl-ntlm \
cyrus-sasl-plain
#---


1.1. If you want Postfix, remove sendmail.
#---
yum -y remove \
sendmail
#---


2. Edit your IPtables configuration file and add the following line (you will change it when we are done) to the file [/etc/sysconfig/iptables]:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 --source 127.0.0.1 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 587 --source 127.0.0.1 -j ACCEPT


3. Restart Postfix and check if you can access it:
#---
service postfix restart
telnet 127.0.0.1 25
#---


3.1. You must become something like this:
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 note ESMTP Postfix


4. Configuring Postfix for relay:
#---
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
service postfix reload
#---


4.1. This has the same effect as adding the parameter directly to [/etc/postfix/main.cf].

5. Set your relay host:
#---
postconf -e 'relayhost ='
postconf -e 'myhostname = <your mail server, such as mx.yourdomain.com>'
service postfix reload
#---


5.1. Check if you can send emails:

5.2. On the telnet prompt give the following commands, but on another terminal keep track of the file [/var/log/maillog]

5.2.1. Terminal A:
#---
tail -f /var/log/maillog
#---


5.2.2. Terminal B:
#---
telnet 127.0.0.1 25


EHLO localhost
MAIL FROM: root@localhost
RCPT TO: <some external valid email>
DATA
Subject:Test mail

Testing email relay
.
QUIT

#---

5.2.3. It should come something like this by Terminal A:
Mar 20 16:59:43 note postfix/smtpd[8705]: connect from localhost[127.0.0.1]
Mar 20 16:59:50 note postfix/smtpd[8705]: improper command pipelining after HELO from localhost[127.0.0.1]
Mar 20 16:59:50 note postfix/smtpd[8705]: 6694A6AB62: client=localhost[127.0.0.1]
Mar 20 16:59:50 note postfix/cleanup[8722]: 6694A6AB62: message-id=<20100320195950.6694A6AB62@localhost>
Mar 20 16:59:50 note postfix/qmgr[8691]: 6694A6AB62: from=<root@localhost.localdomain>, size=376, nrcpt=1 (queue active)
Mar 20 16:59:52 note postfix/smtpd[8705]: disconnect from localhost[127.0.0.1]
Mar 20 16:59:53 note postfix/smtp[8694]: 20C526AB51: to=<some external valid email>, relay=<external mail server>[<ip address>]:25, delay=1215, delays=1167/0.02/6.9/41, dsn=2.0.0, status=sent (250 2.0.0 OK 1269115192 10si2969636yxe.131)
Mar 20 16:59:53 note postfix/qmgr[8691]: 20C526AB51: removed


Your email wont be delivered if the destination server checks if you are an actual registered mail exchanger (mx entry of your domain). But you may get lucky (for instance, google accepted my emails, even though it threw them in the Spam box).

6. If everything worked until this point you need to setup authentication (remember until here you are an open relay, even though you blocked external incoming connections via IPtables).

B. Prepare Postfix for using TLS.

NOTE: Because this documentation is "education"-purposed only I will skip the proper TLS configuration (this means that I'm skipping the certificate generation step) but you can easily get further information at: http://www.postfix.org/TLS_README.html

#---
postconf -e 'smtpd_tls_cert_file = none' # no CA signed file
postconf -e 'smtpd_tls_loglevel = 1' # get at least handshake logging
service postfix restart
#---


C. Setting Cyrus up as its authentication server:

NOTE: You have basically two authentication options: internal authentication (using local users) or external authentication (using an additional user/password database). I will approach the 'shadow' (internal authentication) and 'sasldb' (Cyrus built-in external authentication database). You may customize for your own needs, like LDAP, SQL (MySQL for instance), etc. But that is not my concern here.

C.1. Using the internal authentication (local users):

1. This is the simplest method and pretty straight forward. So first you create a local test user:
#---
adduser -b /tmp -s /sbin/nologin -c "Cyrus SASL authentication test account" -p tst smtptst
#---


2. Set SASL tu use local authentication by editing [/etc/sysconfig/saslauthd] and setting the MECH variable to shadow:

...
MECH=shadow
...


3. Restart and test if it is working:
#---
service saslauthd restart
testsaslauthd -u smtptst -p tst -s smtp
#---


You should get:
0: OK "Success."

C.2. Using 'sasldb' to authenticate users:

1. First and MOST important step: setup PAM at [/etc/pam.d/smtp]
#---
cat > /etc/pam.d/smtp << __END__
#%PAM-1.0
auth required pam_permit.so
account required pam_permit.so
session required pam_permit.so
password required pam_permit.so
__END__
#---


2. Set Cyrus to use PAM by editing [/etc/sysconfig/saslauthd] and setting the MECH variable to pam:

...
MECH=pam
...


3. Set Cyrus to use sasldb:
#---
cat > /usr/lib/sasl2/smtpd.conf << __END__
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: plain login cram-md5 digest-md5 ntlm
__END__
#---


3.1. To add a user to sasldb:
#---
## this one is for domain specific
saslpasswd2 -c -u <your domain> smtptst2
## this is for internal services that also send emails
saslpasswd2 -c smtptst2
#---


NOTE: for testing purposes I assume that you set the password to 'tst'

3.2. Check if it was included:
#---
sasldblistusers2 ## password will be substituted by the 'userPassword' string
#---


3.3. Set the right permissions:
#---
chmod 640 /etc/sasldb2
chown root:mail /etc/sasldb2
#---


4. Restart and test if it is working:
#---
service saslauthd restart
testsaslauthd -u smtptst2 -p tst -s smtp
#---


You should get:
0: OK "Success."

D. Setting Postfix up to enforce authentication using TLS through SASL:
#---
postconf -e 'myhostname = localhost' ## change for your actual hostname
postconf -e 'smtpd_client_restrictions = permit_sasl_authenticated,reject' ## some protection
postconf -e 'smtpd_sasl_type = cyrus' ## just be explicit about this
postconf -e 'smtpd_sasl_path = smtpd' ## just be explicit about this
postconf -e 'smtpd_sasl_auth_enable = yes' ## use authentication
postconf -e 'smtpd_sasl_authenticated_header = yes'
postconf -e 'smtpd_sasl_security_options = noanonymous' ## enforce authentication
postconf -e 'smtpd_sasl_tls_security_options = $smtpd_sasl_security_options'
postconf -e 'broken_sasl_auth_clients = yes' ## for Outlook
service postfix restart
#---


1. Testing everything together:
#---
telnet localhost 25
#---


1.1. Type:
EHLO localhost
AUTH LOGIN


Then enter the full qualified username encoded in base64:

1.1.1. Internal user:
#---
perl -MMIME::Base64 -e 'print encode_base64("smtptst\@localhost")'
#---


1.1.2. SASLDB user:
#---
perl -MMIME::Base64 -e 'print encode_base64("smtptst2\@localhost")'
#---


Then enter the password encoded in base64:
#---
perl -MMIME::Base64 -e 'print encode_base64("tst")'
#---


Then follow as usual:

MAIL FROM: smtptst@localhost
RCPT TO: <some external valid email>
DATA
Subject:Test mail

Testing email relay
.
QUIT


#---

1.2. It all should look like this:

telnet 0 25
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
220 localhost ESMTP Postfix
EHLO tst
250-localhost
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-AUTH NTLM PLAIN CRAM-MD5 DIGEST-MD5 LOGIN
250-AUTH=NTLM PLAIN CRAM-MD5 DIGEST-MD5 LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH LOGIN
334 VXNlcm5hbWU6
bXh1c2VyQGxvY2FsaG9zdA==
334 UGFzc3dvcmQ6
dHN0
235 2.7.0 Authentication successful
MAIL FROM: smtptst@localhost
250 2.1.0 Ok
RCPT TO: <some external valid email>
250 2.1.5 Ok
DATA
Subject:Test mail

Testing email relay
.
QUIT

354 End data with <CR><LF>.<CR><LF>
250 2.0.0 Ok: queued as 0C4B861845
221 2.0.0 Bye
Connection closed by foreign host.


2. Cleaning up:
#---
userdel smtptst
saslpasswd2 -d smtptst2
#---


3. Opening IPTables up at [/etc/sysconfig/iptables]:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 587 -j ACCEPT


Relevant configuration files:
SASL: /usr/lib/sasl2/smtpd.conf
SASL user mapping: /etc/postfix/sasl_passwd
Postfix: /etc/postfix/main.cf
IPtables: /etc/sysconfig/iptables


Relevant log files:
Security/authentication related: /var/log/secure
Mail: /var/log/maillog
General process: /var/log/messages

Wednesday, March 17, 2010

Jira and Confluence - Backup

This is a follow-up from my previous post about how to install and configure Jira and Confluence.

Backing everything up:

Create the backup directory:
#---
mkdir -p /var/local/atlassian-bkp/
chmod 750 /var/local/atlassian-bkp/
#---


Create the backup script:
#---
cat > /var/local/atlassian-bkp/atlassian_bkp.sh << __END__
#!/bin/sh
#
# Author: Gustavo Kuhn Andriotti
# Date: 2010.03.17
#

####
## Needed variables, you should edit only this
####

## general
BACKUP_DIR="/var/local/atlassian-bkp/"
DATE=\`date --utc +%Y%m%d-%H%M%S\`
LOG_FILE="\${BACKUP_DIR}/bkp-\${DATE}.log"

## JIRA
JIRA_DIR="/var/local/atlassian/jira/"
JIRA_DB="jiradb"
JIRA_USER="jirauser"
JIRA_PASS=""
## Confluence
CONFLUENCE_DIR="/var/local/atlassian/confluence/"
CONFLUENCE_DB="confluencedb"
CONFLUENCE_USER="confluenceuser"
CONFLUENCE_PASS=""

## services
STOP_TOMCAT="Y"
STOP_MYSQL="N"

####
## Stop relevant services
## You may not want to do this
####

echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Starting backup" > \${LOG_FILE}

## tomcat
if [ "Y" == \${STOP_TOMCAT} ]
then
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Stopping Tomcat" >> \${LOG_FILE}
service tomcat5 stop
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Tomcat stopped" >> \${LOG_FILE}
fi
## mysql
if [ "Y" == \${STOP_MYSQL} ]
then
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Stopping MySQL" >> \${LOG_FILE}
service mysqld stop
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" MySQL Stopped" >> \${LOG_FILE}
fi

####
## Backup databases
####

## General
mkdir -p \${BACKUP_DIR}

## JIRA
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Backing the JIRA database up" >> \${LOG_FILE}
BKP_FILE="\${BACKUP_DIR}/\${JIRA_DB}-\${DATE}.gz"
mysqldump -B \${JIRA_DB} -u \${JIRA_USER} -p\${JIRA_PASS} | gzip -c - > \${BKP_FILE}
chmod 400 \${BKP_FILE}
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" JIRA database backed up at: \${BKP_FILE}" >> \${LOG_FILE}

## CONFLUENCE
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Backing the Confluence database up" >> \${LOG_FILE}
BKP_FILE="\${BACKUP_DIR}/\${CONFLUENCE_DB}-\${DATE}.gz"
mysqldump -B \${CONFLUENCE_DB} -u \${CONFLUENCE_USER} -p\${CONFLUENCE_PASS} | gzip -c - > \${BKP_FILE}
chmod 400 \${BKP_FILE}
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Confluence database backed up at: \${BKP_FILE}" >> \${LOG_FILE}

####
## Backup files
####

## JIRA
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Backing the JIRA files up" >> \${LOG_FILE}
BKP_FILE="\${BACKUP_DIR}/\`basename \${JIRA_DIR}\`-\${DATE}.tgz"
tar -czf \${BKP_FILE} \${JIRA_DIR}
chmod 400 \${BKP_FILE}
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" JIRA files backed up at: \${BKP_FILE}" >> \${LOG_FILE}

## Confluence
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Backing the Confluence files up" >> \${LOG_FILE}
BKP_FILE="\${BACKUP_DIR}/\`basename \${CONFLUENCE_DIR}\`-\${DATE}.tgz"
tar -czf \${BKP_FILE} \${CONFLUENCE_DIR}
chmod 400 \${BKP_FILE}
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Confluence files backed up at: \${BKP_FILE}" >> \${LOG_FILE}

####
## Start services if they were stopped
####

## mysql
if [ "Y" == \${STOP_MYSQL} ]
then
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Starting MySQL" >> \${LOG_FILE}
service mysqld start
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" MySQL Started" >> \${LOG_FILE}
fi

## tomcat
if [ "Y" == \${STOP_TOMCAT} ]
then
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Starting Tomcat" >> \${LOG_FILE}
rm -f \${JIRA_DIR}/.jira-home.lock
service tomcat5 start
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Tomcat started" >> \${LOG_FILE}
fi

####
## Done
####
echo \`date --utc +%Y.%m.%d\ %H:%M:%S\`" Backup done!" >> \${LOG_FILE}
__END__
chmod 750 /var/local/atlassian-bkp/atlassian_bkp.sh
#---

NOTE: DO edit the resulting file: /var/local/atlassian-bkp/atlassian_bkp.sh to put the correct passwords for the database users.

It will store all backups at /var/local/atlassian-bkp/ and a typical backup will have a file list as follows:

-rwxr-xr-x. 1 root root 3112 2010-03-17 19:32 atlassian_bkp.sh
-rw-r--r--. 1 root root 796 2010-03-17 19:32 bkp-20100317-223145.log
-r--------. 1 root root 181902319 2010-03-17 19:32 confluence-20100317-223145.tgz
-r--------. 1 root root 8572 2010-03-17 19:31 confluencedb-20100317-223145.gz
-r--------. 1 root root 79531583 2010-03-17 19:31 jira-20100317-223145.tgz
-r--------. 1 root root 15302 2010-03-17 19:31 jiradb-20100317-223145.gz


Test the script:
#---
sh -x /var/local/atlassian-bkp/atlassian_bkp.sh
#---


Put the script in the crontab (daily):
#---
ln /var/local/atlassian-bkp/atlassian_bkp.sh /etc/cron.daily/atlassian
#---


Notice that it is a HARD link to the cron.daily, so that when you edit the original file it also reflects a change at the crontab.

BUT to remove the file completely you MUST remove from BOTH locations:
#---
rm -f /var/local/atlassian-bkp/atlassian_bkp.sh
rm -f /etc/cron.daily/atlassian
#---


Checkout if the starting time is okay for you (the standard is 03:00):
#---
cat /etc/anacrontab
#---


Related posts:
Installation and configuration: http://gka-linux.blogspot.com/2010/03/jira-and-confluence.html

Sunday, March 14, 2010

[UPDATE] Jira and Confluence

I will not explain what are Jira (v4.0.2) and Confluence (v3.1.2) (read at their corresponding description) but how to put both of them to run in a Fedora box using MySQL and Tomcat v5.5 (just one).

This procedure is based on the original documentation (given below) and when in doubt please DO read the originals.

Jira: http://confluence.atlassian.com/display/JIRA/Installing+JIRA+on+Tomcat+5.5
Confluence: http://confluence.atlassian.com/display/DOC/Installing+Confluence+EAR-WAR+on+Tomcat


NOTE: Before you start installing please do get it handy both licenses. I will also assume that you already downloaded both programs in the WAR/EAR form. This is *VERY* important because you do *NOT* want the standalone versions. The links are provided here: Jira v4.0.2 and Confluence v3.1.2.

Or:
#---
wget http://www.atlassian.com/software/jira/downloads/binary/atlassian-jira-enterprise-4.0.2.tar.gz
wget http://www.atlassian.com/software/confluence/downloads/binary/confluence-3.1.2.tar.gz
#---


1. Install the necessary software:
#---
yum -y install \
mysql \
mysql-server \
mysql-connector-java \
javamail \
tomcat5
#---


2. Install Sun's JDK:
JDK: http://java.sun.com/javase/downloads/widget/jdk6.jsp

Get the some additional libs from Atlassian:
#---
wget http://confluence.atlassian.com/download/attachments/200709089/jira-jars-tomcat5.zip
#---


3. Put the necessary libs in the Tomcat lib dir:
#---
unzip jira-jars-tomcat5.zip -d /tmp/
mv /tmp/jira-jars-tomcat5/*.jar /var/lib/tomcat5/common/lib/
rm -rf /tmp/jira-jars-tomcat5/
unzip jaf-1_1_1.zip -d /tmp/
mv /tmp/jaf-1.1.1/activation.jar /var/lib/tomcat5/common/lib/
rm -rf /tmp/jaf-1.1.1/
ln -s /usr/share/java/mysql-connector-java-5.1.12.jar /var/lib/tomcat5/common/lib
ln -s /usr/share/java/javamail/mail-1.4.3.jar /var/lib/tomcat5/common/lib
ln -s /usr/share/java/javamail/dsn-1.4.3.jar /var/lib/tomcat5/common/lib
#---


4. Create a build directory for Jira and Confluence:
#---
mkdir -p /usr/local/atlassian/
tar -vxzf atlassian-jira-enterprise-4.0.2.tar.gz -C /usr/local/atlassian/
tar -vxzf confluence-3.1.2.tar.gz -C /usr/local/atlassian/
#---


5. Create the home directory for Jira and Confluence:
#---
mkdir -p /var/local/atlassian/jira/
mkdir -p /var/local/atlassian/confluence/
#---


6. Forces Tomcat to use Sun's JRE by editing [/etc/tomcat5/tomcat5.conf] and setting the following variables:

JAVA_HOME="/usr/java/default/"
JRE_HOME="/usr/java/default/jre/"


Also add the following statements (do NOT remove the already existing ones, just ADD):

JAVA_OPTS="$JAVA_OPTS -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dmail.mime.decodeparameters=true -Xms128m -Xmx512m -XX:MaxPermSize=256m"

7. Prepare the MySQL:

You need to create the databases for Jira and Confluence:
#---
mysql -u root -p
#---


[UPDATE]
At the MySQL shell:
#---
CREATE DATABASE jiradb CHARACTER SET utf8;
CREATE DATABASE confluencedb CHARACTER SET utf8;
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,ALTER,INDEX,LOCK TABLES ON jiradb.* TO 'jirauser'@'localhost' IDENTIFIED BY '<plain text pass for jirauser>';
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,ALTER,INDEX,LOCK TABLES ON confluencedb.* TO 'confluenceuser'@'localhost' IDENTIFIED BY '<plain text pass for confluenceuser>';
FLUSH PRIVILEGES;
\q
#---


Check if you can access the databases:
#---
mysql \--user=jirauser \--password=<plain text pass for jirauser> \--database=jiradb
#---


#---
mysql \--user=confluenceuser \--password=<plain text pass for confluenceuser> \--database=confluencedb
#---


8. Install Jira:

8.1. Set Jira to use MySQL in the file [/usr/local/atlassian/atlassian-jira-enterprise-4.0.2/edit-webapp/WEB-INF/classes/entityengine.xml]

Change from:
<datasource name="defaultDS" field-type-name="hsql"
schema-name="PUBLIC"


to:
<datasource name="defaultDS" field-type-name="mysql"

8.2. Set Jira home dir in the file: [/usr/local/atlassian/atlassian-jira-enterprise-4.0.2/edit-webapp/WEB-INF/classes/jira-application.properties]

It looks like this:
jira.home = /var/local/atlassian/jira/

8.3. Compile Jira:
#---
export JAVA_HOME="/usr/java/default/"
cd /usr/local/atlassian/atlassian-jira-enterprise-4.0.2/
rm -f /usr/local/atlassian/atlassian-jira-enterprise-4.0.2/webapp/WEB-INF/lib/{activation-1.1.1.jar,mail-1.4.1.jar}
sh ./build.sh
rm -f /var/local/atlassian/jira/atlassian-jira-4.0.2.war
cp /usr/local/atlassian/atlassian-jira-enterprise-4.0.2/dist-tomcat/atlassian-jira-4.0.2.war /var/local/atlassian/jira/
cp /usr/local/atlassian/atlassian-jira-enterprise-4.0.2/dist-tomcat/tomcat-5.5/jira.xml /etc/tomcat5/Catalina/localhost/
chown -R tomcat:tomcat /var/local/atlassian/jira/
chmod 755 /var/local/atlassian/jira/
chmod -R ug+rw /var/local/atlassian/jira/
chmod -R o+r /var/local/atlassian/jira/
chmod -R o-w /var/local/atlassian/jira/
#---


8.4. Setup the Jira application to use MySQL in file [/etc/tomcat5/Catalina/localhost/jira.xml]

The resource section must look like this:
<Context path="/jira" docBase="/var/local/atlassian/jira/atlassian-jira-4.0.2.war" debug="0">
...
<Resource name="jdbc/JiraDS" auth="Container" type="javax.sql.DataSource"
username="jirauser"
password="<plain text pass for jirauser>"
driverClassName="com.mysql.jdbc.Driver"
url="jdbc:mysql://localhost/jiradb?autoReconnect=true&amp;sessionVariables=storage_engine=InnoDB&amp;useUnicode=true&amp;characterEncoding=UTF8"/>


If a complementary build is necessary try this shorter form:
#---
export JAVA_HOME="/usr/java/default/"
cd /usr/local/atlassian/atlassian-jira-enterprise-4.0.2/
rm -f /usr/local/atlassian/atlassian-jira-enterprise-4.0.2/webapp/WEB-INF/lib/{activation-1.1.1.jar,mail-1.4.1.jar}
sh ./build.sh
rm -f /var/local/atlassian/jira/atlassian-jira-4.0.2.war
cp /usr/local/atlassian/atlassian-jira-enterprise-4.0.2/dist-tomcat/atlassian-jira-4.0.2.war /var/local/atlassian/jira/
chown tomcat:tomcat /var/local/atlassian/jira/atlassian-jira-4.0.2.war
#---



8.5. Checking it out if Jira is working:
#---
service mysqld restart
service tomcat5 restart
#---


Go to: http://localhost:8080/jira/

9. Install Confluence:

9.1. Set Confluence home dir in the file: [/usr/local/atlassian/confluence-3.1.2/confluence/WEB-INF/classes/confluence-init.properties]

It looks like this:
confluence.home = /var/local/atlassian/confluence

9.2. Compile Confluence:
#---
export JAVA_HOME="/usr/java/default/"
cd /usr/local/atlassian/confluence-3.1.2/
rm -f /usr/local/atlassian/confluence-3.1.2/confluence/WEB-INF/lib/{activation-1.0.2.jar,mail-1.4.1.jar}
sh ./build.sh
rm -f /var/local/atlassian/confluence/confluence-3.1.2.war
cp /usr/local/atlassian/confluence-3.1.2/dist/confluence-3.1.2.war /var/local/atlassian/confluence/
cat > /etc/tomcat5/Catalina/localhost/confluence.xml << __END__
<Context path="/confluence" docBase="/var/local/atlassian/confluence/confluence-3.1.2.war" debug="0" reloadable="true">
</Context>
__END__
chown -R tomcat:tomcat /var/local/atlassian/confluence/
chmod 755 /var/local/atlassian/confluence/
chmod -R ug+rw /var/local/atlassian/confluence/
chmod -R o+r /var/local/atlassian/confluence/
chmod -R o-w /var/local/atlassian/confluence/
#---


Shorter version for recompile:
#---
export JAVA_HOME="/usr/java/default/"
cd /usr/local/atlassian/confluence-3.1.2/
rm -f /usr/local/atlassian/confluence-3.1.2/confluence/WEB-INF/lib/{activation-1.0.2.jar,mail-1.4.1.jar}
sh ./build.sh
rm -f /var/local/atlassian/confluence/confluence-3.1.2.war
cp /usr/local/atlassian/confluence-3.1.2/dist/confluence-3.1.2.war /var/local/atlassian/confluence/
chown tomcat:tomcat /var/local/atlassian/confluence/confluence-3.1.2.war
#---


9.3. Checking it out if Confluence is working:
#---
service mysqld restart
service tomcat5 restart
#---


Go to: http://localhost:8080/confluence/

Setting up Confluence (at http://localhost:8080/confluence/)

9.4. Enter the key and go to Custom Installation

9.5. At External Database choose MySQL and click at External Database >>

At Configure Database choose Direct JDBC >>

9.6. For the Database configuration fill with the following:

Driver Class Name: com.mysql.jdbc.Driver
Database URL: jdbc:mysql://localhost/confluencedb?autoReconnect=true&amp;sessionVariables=storage_engine=InnoDB&amp;useUnicode=true&amp;characterEncoding=UTF8
User Name: confluenceuser
Password: <plain text pass for confluenceuser>



The rest is straight forward.

P.S.: You may want to change your MySQL maximum allowed packet size to allow plugin installation (which normally requires more than the default 1Mb size). Edit the file [/etc/my.cnf] and put the following line (or change it) to:
...
[mysqld]
...
max_allowed_packet = 16M


Important logs for trouble shooting:
System: /var/log/messages
Tomcat: /var/log/tomcat5/catalina.out
MySQL: /var/log/mysqld.log
Jira: /var/log/tomcat5/catalina.out (all gets thrown at the Tomcat log)
Confluence: /var/local/atlassian/confluence/logs/atlassian-confluence.log
Jira database config: /etc/tomcat5/Catalina/localhost/jira.xml
Confluence database config: /var/local/atlassian/confluence/confluence.cfg.xml

Related posts:
Jira and Confluence Backup: http://gka-linux.blogspot.com/2010/03/jira-and-confluence-backup.html
Fedora 12 Road Map: http://gka-linux.blogspot.com/2009/12/my-fedora-12-road-map.html
MySQL root password reset: http://gka-linux.blogspot.com/2010/03/mysql-root-password-reset.html

MySQL root password reset

This is rather annoying, so here is the complete procedure:

Get MySQL to be in the safe mode:
#---
service mysqld stop
mysqld_safe --skip-grant-tables &
#---


Start the MySQL shell:
#---
mysql -u root
#---


At the MySQL shell (this is NOT safe):
USE mysql;
UPDATE user SET PASSWORD=PASSWORD("<plain text root password for mysql>") WHERE User='root';
FLUSH PRIVILEGES;
FLUSH TABLES;
\q


Back at the root shell:
#---
kill `cat /var/run/mysqld/mysqld.pid`
service mysqld start
#---


NOTE: MySQL records its shell commands at ~/.mysql_history This means that
your passwords (informed as I shown you) are recorded in plain text at this
file. It is advised to remove this file after applying the commands above
displayed:
#---
rm -f ~/.msyql_history
#---