Mirrored_Repos/docker-atlassian-confluence-server
1
0
Fork 0
mirror of https://bitbucket.org/atlassian-docker/docker-atlassian-confluence-server.git synced 2024-08-30 18:22:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged in DCD-545-confluence-dc-updates (pull request #38)

Browse Source 
DCD-545: Confluence Docker DB/cluster configuration updates

Approved-by: Dave Chevell <dchevell@atlassian.com>
Approved-by: Minh Tran <mtran@atlassian.com>
Approved-by: Joe Xie <jxie@atlassian.com>
Approved-by: Adam Brokes <abrokes@atlassian.com>
This commit is contained in:
Steve Smith 2019-08-18 23:06:14 +00:00
commit a4b7fde2b6
15 changed files with 868 additions and 220 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.dockerignore
View File

@ -1,3 +1,2 @@
.git
scripts
.idea
.idea

2
.gitignore vendored
View File

@ -1 +1,3 @@
__pycache__/
Pipfile
Pipfile.lock

39
Dockerfile
View File

@ -1,7 +1,9 @@
FROM adoptopenjdk/openjdk8:slim
ENV RUN_USER daemon
ENV RUN_GROUP daemon
ENV RUN_USER confluence
ENV RUN_GROUP confluence
ENV RUN_UID 2002
ENV RUN_GID 2002
# https://confluence.atlassian.com/doc/confluence-home-and-other-important-directories-590259707.html
ENV CONFLUENCE_HOME /var/atlassian/application-data/confluence
@ -14,25 +16,32 @@ WORKDIR $CONFLUENCE_HOME
EXPOSE 8090
EXPOSE 8091
CMD ["/entrypoint.sh", "-fg"]
ENTRYPOINT ["/tini", "--"]
CMD ["/entrypoint.py", "-fg"]
ENTRYPOINT ["/sbin/tini", "--"]
RUN apt-get update \
&& apt-get install -y --no-install-recommends fontconfig \
&& apt-get install -y --no-install-recommends fontconfig python3 python3-jinja2 \
&& apt-get clean autoclean && apt-get autoremove -y && rm -rf /var/lib/apt/lists/*
ARG TINI_VERSION=v0.18.0
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini
RUN chmod +x /tini
COPY entrypoint.sh /entrypoint.sh
ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /sbin/tini
RUN chmod +x /sbin/tini
ARG CONFLUENCE_VERSION
ARG DOWNLOAD_URL=https://product-downloads.atlassian.com/software/confluence/downloads/atlassian-confluence-${CONFLUENCE_VERSION}.tar.gz
RUN mkdir -p ${CONFLUENCE_INSTALL_DIR} \
&& curl -L --silent ${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "${CONFLUENCE_INSTALL_DIR}" \
&& chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/ \
&& sed -i -e 's/-Xms\([0-9]\+[kmg]\) -Xmx\([0-9]\+[kmg]\)/-Xms\${JVM_MINIMUM_MEMORY:=\1} -Xmx\${JVM_MAXIMUM_MEMORY:=\2} \${JVM_SUPPORT_RECOMMENDED_ARGS} -Dconfluence.home=\${CONFLUENCE_HOME}/g' ${CONFLUENCE_INSTALL_DIR}/bin/setenv.sh \
&& sed -i -e 's/port="8090"/port="8090" secure="${catalinaConnectorSecure}" scheme="${catalinaConnectorScheme}" proxyName="${catalinaConnectorProxyName}" proxyPort="${catalinaConnectorProxyPort}"/' ${CONFLUENCE_INSTALL_DIR}/conf/server.xml \
&& sed -i -e 's/Context path=""/Context path="${catalinaContextPath}"/' ${CONFLUENCE_INSTALL_DIR}/conf/server.xml
RUN groupadd --gid ${RUN_GID} ${RUN_GROUP} \
&& useradd --uid ${RUN_UID} --gid ${RUN_GID} --home-dir ${CONFLUENCE_HOME} ${RUN_USER} \
\
&& mkdir -p ${CONFLUENCE_INSTALL_DIR} \
&& curl -L --silent ${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "${CONFLUENCE_INSTALL_DIR}" \
&& chmod -R "u=rwX,g=rX,o=rX" ${CONFLUENCE_INSTALL_DIR}/ \
&& chown -R root. ${CONFLUENCE_INSTALL_DIR}/ \
&& chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/logs \
&& chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/temp \
&& chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/work \
\
&& sed -i -e 's/-Xms\([0-9]\+[kmg]\) -Xmx\([0-9]\+[kmg]\)/-Xms\${JVM_MINIMUM_MEMORY:=\1} -Xmx\${JVM_MAXIMUM_MEMORY:=\2} \${JVM_SUPPORT_RECOMMENDED_ARGS} -Dconfluence.home=\${CONFLUENCE_HOME}/g' ${CONFLUENCE_INSTALL_DIR}/bin/setenv.sh
COPY entrypoint.py /entrypoint.py
COPY config/* /opt/atlassian/etc/

43
Dockerfile-alpine
View File

@ -1,25 +1,25 @@
FROM adoptopenjdk/openjdk8:alpine
MAINTAINER Atlassian Confluence
ENV RUN_USER daemon
ENV RUN_GROUP daemon
ENV RUN_USER confluence
ENV RUN_GROUP confluence
ENV RUN_UID 2002
ENV RUN_GID 2002
# https://confluence.atlassian.com/doc/confluence-home-and-other-important-directories-590259707.html
ENV CONFLUENCE_HOME /var/atlassian/application-data/confluence
ENV CONFLUENCE_INSTALL_DIR /opt/atlassian/confluence
ENV CONFLUENCE_HOME /var/atlassian/application-data/confluence
ENV CONFLUENCE_INSTALL_DIR /opt/atlassian/confluence
VOLUME ["${CONFLUENCE_HOME}"]
WORKDIR $CONFLUENCE_HOME
# Expose HTTP and Synchrony ports
EXPOSE 8090
EXPOSE 8091
WORKDIR $CONFLUENCE_HOME
CMD ["/entrypoint.sh", "-fg"]
CMD ["/entrypoint.py", "-fg"]
ENTRYPOINT ["/sbin/tini", "--"]
RUN apk add --no-cache ca-certificates wget curl openssh bash procps openssl perl ttf-dejavu tini
RUN apk add --no-cache ca-certificates wget curl openssh bash procps openssl perl ttf-dejavu tini python3 py3-jinja2
# Workaround for AdoptOpenJDK Alpine fontconfig bug
RUN ln -s /usr/lib/libfontconfig.so.1 /usr/lib/libfontconfig.so \
@ -27,14 +27,21 @@ RUN ln -s /usr/lib/libfontconfig.so.1 /usr/lib/libfontconfig.so \
&& ln -s /lib/libc.musl-x86_64.so.1 /usr/lib/libc.musl-x86_64.so.1
ENV LD_LIBRARY_PATH /usr/lib
COPY entrypoint.sh /entrypoint.sh
ARG CONFLUENCE_VERSION
ARG DOWNLOAD_URL=http://www.atlassian.com/software/confluence/downloads/binary/atlassian-confluence-${CONFLUENCE_VERSION}.tar.gz
ARG DOWNLOAD_URL=https://product-downloads.atlassian.com/software/confluence/downloads/atlassian-confluence-${CONFLUENCE_VERSION}.tar.gz
RUN mkdir -p ${CONFLUENCE_INSTALL_DIR} \
&& curl -L --silent ${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "$CONFLUENCE_INSTALL_DIR" \
&& chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/ \
&& sed -i -e 's/-Xms\([0-9]\+[kmg]\) -Xmx\([0-9]\+[kmg]\)/-Xms\${JVM_MINIMUM_MEMORY:=\1} -Xmx\${JVM_MAXIMUM_MEMORY:=\2} \${JVM_SUPPORT_RECOMMENDED_ARGS} -Dconfluence.home=\${CONFLUENCE_HOME}/g' ${CONFLUENCE_INSTALL_DIR}/bin/setenv.sh \
&& sed -i -e 's/port="8090"/port="8090" secure="${catalinaConnectorSecure}" scheme="${catalinaConnectorScheme}" proxyName="${catalinaConnectorProxyName}" proxyPort="${catalinaConnectorProxyPort}"/' ${CONFLUENCE_INSTALL_DIR}/conf/server.xml \
&& sed -i -e 's/Context path=""/Context path="${catalinaContextPath}"/' ${CONFLUENCE_INSTALL_DIR}/conf/server.xml
RUN addgroup -g ${RUN_GID} ${RUN_GROUP} \
&& adduser -u ${RUN_UID} -G ${RUN_GROUP} -h ${CONFLUENCE_HOME} -D ${RUN_USER} \
\
&& mkdir -p ${CONFLUENCE_INSTALL_DIR} \
&& curl -L --silent ${DOWNLOAD_URL} | tar -xz --strip-components=1 -C "${CONFLUENCE_INSTALL_DIR}" \
&& chmod -R "u=rwX,g=rX,o=rX" ${CONFLUENCE_INSTALL_DIR}/ \
&& chown -R root. ${CONFLUENCE_INSTALL_DIR}/ \
&& chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/logs \
&& chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/temp \
&& chown -R ${RUN_USER}:${RUN_GROUP} ${CONFLUENCE_INSTALL_DIR}/work \
\
&& sed -i -e 's/-Xms\([0-9]\+[kmg]\) -Xmx\([0-9]\+[kmg]\)/-Xms\${JVM_MINIMUM_MEMORY:=\1} -Xmx\${JVM_MAXIMUM_MEMORY:=\2} \${JVM_SUPPORT_RECOMMENDED_ARGS} -Dconfluence.home=\${CONFLUENCE_HOME}/g' ${CONFLUENCE_INSTALL_DIR}/bin/setenv.sh
COPY entrypoint.py /entrypoint.py
COPY config/* /opt/atlassian/etc/

13
LICENSE Normal file
View File

@ -0,0 +1,13 @@
Copyright © 2019 Atlassian Corporation Pty Ltd.
Licensed under the Apache License, Version 2.0 (the "License"); you
may not use this file except in compliance with the License. You may
obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied. See the License for the specific language governing
permissions and limitations under the License.

279
README.md
View File

@ -1,6 +1,11 @@
![Atlassian Confluence Server](https://www.atlassian.com/dam/wac/legacy/confluence_logo_landing.png)
[Atlassian Confluence Server][1]
Confluence Server is where you create, organise and discuss work with your team. Capture the knowledge that's too often lost in email inboxes and shared network drives in Confluence where it's easy to find, use, and update. Give every team, project, or department its own space to create the things they need, whether it's meeting notes, product requirements, file lists, or project plans, you can get more done in Confluence.
Confluence Server is where you create, organise and discuss work with your
team. Capture the knowledge that's too often lost in email inboxes and shared
network drives in Confluence where it's easy to find, use, and update. Give
every team, project, or department its own space to create the things they need,
whether it's meeting notes, product requirements, file lists, or project plans,
you can get more done in Confluence.
Learn more about Confluence Server: <https://www.atlassian.com/software/confluence>
@ -8,30 +13,38 @@ You can find the repository for this Dockerfile at <https://hub.docker.com/r/atl
# Overview
This Docker container makes it easy to get an instance of Confluence up and running.
This Docker container makes it easy to get an instance of Confluence up and
running.
# Quick Start
For the directory in the environmental variable `CONFLUENCE_HOME` that is used to store Confluence data
(amongst other things) we recommend mounting a host directory as a [data volume](https://docs.docker.com/userguide/dockervolumes/#mount-a-host-directory-as-a-data-volume):
For the directory in the environmental variable `CONFLUENCE_HOME` that is used
to store Confluence data (amongst other things) we recommend mounting a host
directory as a [data volume][2]:
Additionally, if running Confluence in Data Center mode it is required that a
shared filesystem is mounted. The mountpoint (inside the container) can be
configured with `CONFLUENCE_SHARED_HOME`.
Start Atlassian Confluence Server:
$> docker run -v /data/your-confluence-home:/var/atlassian/application-data/confluence --name="confluence" -d -p 8090:8090 -p 8091:8091 atlassian/confluence-server
**Success**. Confluence is now available on [http://localhost:8090](http://localhost:8090)*
**Success**. Confluence is now available on <http://localhost:8090>*
Please ensure your container has the necessary resources allocated to it.
We recommend 2GiB of memory allocated to accommodate the application server.
See [Supported Platforms](https://confluence.atlassian.com/display/DOC/Supported+platforms) for further information.
Please ensure your container has the necessary resources allocated to it. We
recommend 2GiB of memory allocated to accommodate the application server. See
[Supported Platforms][4] for further information.
_* Note: If you are using `docker-machine` on Mac OS X, please use `open http://$(docker-machine ip default):8090` instead._
## Memory / Heap Size
If you need to override Confluence Server's default memory allocation, you can control the minimum heap (Xms) and maximum heap (Xmx) via the below environment variables.
If you need to override Confluence Server's default memory allocation, you can
control the minimum heap (Xms) and maximum heap (Xmx) via the below environment
variables.
* `JVM_MINIMUM_MEMORY` (default: 1024m)
@ -41,33 +54,59 @@ If you need to override Confluence Server's default memory allocation, you can c
The maximum heap size of the JVM
## Reverse Proxy Settings
## Tomcat and Reverse Proxy Settings
If Confluence is run behind a reverse proxy server, then you need to specify extra options to make Confluence aware of the setup. They can be controlled via the below environment variables.
If Confluence is run behind a reverse proxy server (e.g. a load-balancer or
nginx server), then you need to specify extra options to make Confluence aware
of the setup. They can be controlled via the below environment variables.
* `CATALINA_CONNECTOR_PROXYNAME` (default: NONE)
* `ATL_PROXY_NAME` (default: NONE)
The reverse proxy's fully qualified hostname.
The reverse proxy's fully qualified hostname. `CATALINA_CONNECTOR_PROXYNAME`
is also supported for backwards compatability.
* `CATALINA_CONNECTOR_PROXYPORT` (default: NONE)
* `ATL_PROXY_PORT` (default: NONE)
The reverse proxy's port number via which Confluence is accessed.
The reverse proxy's port number via which Confluence is
accessed. `CATALINA_CONNECTOR_PROXYPORT` is also supported for backwards
compatability.
* `CATALINA_CONNECTOR_SCHEME` (default: http)
* `ATL_TOMCAT_PORT` (default: 8090)
The protocol via which Confluence is accessed.
The port for Tomcat/Confluence to listen on. Depending on your container
deployment method this port may need to be
[exposed and published][docker-expose].
* `CATALINA_CONNECTOR_SECURE` (default: false)
* `ATL_TOMCAT_SCHEME` (default: http)
Set 'true' if CATALINA_CONNECTOR_SCHEME is 'https'.
* `CATALINA_CONTEXT_PATH` (default: NONE)
The protocol via which Confluence is accessed. `CATALINA_CONNECTOR_SCHEME` is also
supported for backwards compatability.
The context path the application is served over.
* `ATL_TOMCAT_SECURE` (default: false)
Set 'true' if `ATL_TOMCAT_SCHEME` is 'https'. `CATALINA_CONNECTOR_SECURE` is
also supported for backwards compatability.
* `ATL_TOMCAT_CONTEXTPATH` (default: NONE)
The context path the application is served over. `CATALINA_CONTEXT_PATH` is
also supported for backwards compatability.
The following Tomcat/Catalina options are also supported. For more information,
see https://tomcat.apache.org/tomcat-7.0-doc/config/index.html.
* `ATL_TOMCAT_MGMT_PORT` (default: 8000)
* `ATL_TOMCAT_MAXTHREADS` (default: 100)
* `ATL_TOMCAT_MINSPARETHREADS` (default: 10)
* `ATL_TOMCAT_CONNECTIONTIMEOUT` (default: 20000)
* `ATL_TOMCAT_ENABLELOOKUPS` (default: false)
* `ATL_TOMCAT_PROTOCOL` (default: HTTP/1.1)
* `ATL_TOMCAT_ACCEPTCOUNT` (default: 10)
## JVM configuration
If you need to pass additional JVM arguments to Confluence such as specifying a custom trust store, you can add them via the below environment variable
If you need to pass additional JVM arguments to Confluence such as specifying a
custom trust store, you can add them via the below environment variable
* `JVM_SUPPORT_RECOMMENDED_ARGS`
@ -75,13 +114,135 @@ If you need to pass additional JVM arguments to Confluence such as specifying a
Example:
$> docker run -e JVM_SUPPORT_RECOMMENDED_ARGS=-Djavax.net.ssl.trustStore=/var/atlassian/application-data/confluence/cacerts -v confluenceVolume:/var/atlassian/application-data/confluence --name="confluence" -d -p 8090:8090 -p 8091:8091 atlassian/confluence-server
docker run -e JVM_SUPPORT_RECOMMENDED_ARGS=-Djavax.net.ssl.trustStore=/var/atlassian/application-data/confluence/cacerts -v confluenceVolume:/var/atlassian/application-data/confluence --name="confluence" -d -p 8090:8090 -p 8091:8091 atlassian/confluence-server
## Confluence-specific settings
* `ATL_AUTOLOGIN_COOKIE_AGE` (default: 1209600; two weeks, in seconds)
The maximum time a user can remain logged-in with 'Remember Me'.
* `CONFLUENCE_HOME`
The confluence home directory. This may be on an mounted volume; if so it
should be writable by the user `confluence`. See note below about UID
mappings.
## Database configuration
It is optionally possible to configure the database from the environment,
avoiding the need to do so through the web startup screen.
The following variables are all must all be supplied if using this feature:
* `ATL_JDBC_URL`
The database URL; this is database-specific.
* `ATL_JDBC_USER`
The database user to connect as.
* `ATL_JDBC_PASSWORD`
The password for the database user.
* `ATL_DB_TYPE`
The type of database; valid supported values are:
* `mssql`
* `mysql`
* `oracle12c`
* `postgresql`
The following variables are for the database connection pool, and are
optional.
* `ATL_DB_POOLMINSIZE` (default: 20)
* `ATL_DB_POOLMAXSIZE` (default: 100)
* `ATL_DB_TIMEOUT` (default: 30)
* `ATL_DB_IDLETESTPERIOD` (default: 100)
* `ATL_DB_MAXSTATEMENTS` (default: 0)
* `ATL_DB_VALIDATE` (default: false)
* `ATL_DB_ACQUIREINCREMENT` (default: 1)
* `ATL_DB_VALIDATIONQUERY` (default: "select 1")
## Data Center configuration
This docker image can be run as part of a [Data Center][5] cluster. You can
specify the following properties to start Confluence as a Data Center node,
instead of manually configuring a cluster. See [Installing Confluence Data
Center][6] for more information.
### Cluster configuration
Confluence Data Center allows clustering via various methods. For more
information on the setting for each type see [this page][7].
**NOTE:** The underlying network should be set-up to support the Confluence
clustering type you are using. How to do this depends on the container
management technology, and is beyond the scope of this documentation.
#### Common cluster settings
* `ATL_CLUSTER_TYPE`
The cluster type. Setting this effectively enables clustering. Valid values
are `aws`, `multicast`, and `tcp_ip`.
* `ATL_CLUSTER_NAME`
The cluster name; this should be common across all nodes.
* `ATL_PRODUCT_HOME_SHARED`
The location of the shared home directory for all Confluence nodes. **Note**:
This must be real shared filesystem that is mounted inside the
container. Additionally, see the note about UIDs.
* `ATL_CLUSTER_TTL`
The time-to-live for cluster packets. Primarily of use in multicast clusters.
#### AWS cluster settings
The following should be populated from the AWS environment.
* `ATL_HAZELCAST_NETWORK_AWS_IAM_ROLE`
* `ATL_HAZELCAST_NETWORK_AWS_IAM_REGION`
* `ATL_HAZELCAST_NETWORK_AWS_HOST_HEADER`
* `ATL_HAZELCAST_NETWORK_AWS_SECURITY_GROUP`
* `ATL_HAZELCAST_NETWORK_AWS_TAG_KEY`
* `ATL_HAZELCAST_NETWORK_AWS_TAG_VALUE`
#### TCP cluster settings
* `ATL_CLUSTER_PEERS`
A comma-separated list of peer IPs.
#### Multicast cluster settings
* `ATL_CLUSTER_ADDRESS`
The multicast address the cluster will communicate on.
# Shared directory and user IDs
By default the Confuence application runs as the user `confluence`, with a UID
and GID of 2002. Consequently this UID must have write access to the shared
filesystem. If for some reason a different UID must be used, there are a number
of options available:
* The Docker image can be rebuilt with a different UID.
* Under Linux, the UID can be remapped using
[user namespace remapping][8].
# Upgrade
To upgrade to a more recent version of Confluence Server you can simply stop the `Confluence`
container and start a new one based on a more recent image:
To upgrade to a more recent version of Confluence Server you can simply stop the
`Confluence` container and start a new one based on a more recent image:
$> docker stop confluence
$> docker rm confluence
@ -95,42 +256,58 @@ container and its volumes using the `-v` option._
# Backup
For evaluating Confluence you can use the built-in database that will store its files in the Confluence Server home directory. In that case it is sufficient to create a backup archive of the directory on the host that is used as a volume (`/data/your-confluence-home` in the example above).
For evaluating Confluence you can use the built-in database that will store its
files in the Confluence Server home directory. In that case it is sufficient to
create a backup archive of the directory on the host that is used as a volume
(`/data/your-confluence-home` in the example above).
Confluence's [automatic backup](https://confluence.atlassian.com/display/DOC/Configuring+Backups) is currently supported in the Docker setup. You can also use the [Production Backup Strategy](https://confluence.atlassian.com/display/DOC/Production+Backup+Strategy) approach if you're using an external database.
Confluence's [automatic backup][9] is currently supported in the Docker
setup. You can also use the [Production Backup Strategy][10] approach if you're
using an external database.
Read more about data recovery and backups: [Site Backup and Restore](https://confluence.atlassian.com/display/DOC/Site+Backup+and+Restore)
Read more about data recovery and backups: [Site Backup and Restore][11]
# Versioning
The `latest` tag matches the most recent release of Atlassian Confluence Server.
So `atlassian/confluence-server:latest` will use the newest stable version of Confluence Server available.
So `atlassian/confluence-server:latest` will use the newest stable version of
Confluence Server available.
Alternatively, you can use a specific minor version of Confluence Server by using a version number
tag: `atlassian/confluence-server:6.13`. This will install the latest `6.13.x` version that
is available.
Alternatively, you can use a specific minor version of Confluence Server by
using a version number tag: `atlassian/confluence-server:6.13`. This will
install the latest `6.13.x` version that is available.
For the latest developer (EAP) release use `atlassian/confluence-server:eap`. This will install our latest milestone (not supported for use in production).
For the latest developer (EAP) release use
`atlassian/confluence-server:eap`. This will install our latest milestone (not
supported for use in production).
By default our Docker image uses OpenJDK, which is not supported for production sites. However we do provide a fully supported Docker image that uses AdoptOpenJDK 8. These images are tagged with the suffix `ubuntu-18.04-adoptopenjdk8` together with the Confluence version.
For example, `atlassian/confluence-server:6.13-ubuntu-18.04-adoptopenjdk8` will install the latest 6.13.x version with AdoptOpenJDK 8.
# Known Problems
In Mac OS X with Docker version 1.11.0, when running with docker-machine, there is a bug where the directory specified for `CONFLUENCE_HOME` in a volume mount will not have the correct permission, and thus startup fails with a permission denied error:
Error writing state to confluence.cfg.xml
com.atlassian.config.ConfigurationException: Couldn't save confluence.cfg.xml to /var/atlassian/confluence-home directory.
See https://github.com/docker/docker/issues/4023 for details.
To work around this issue, use a different host operating system other than Mac OSX until a newer release of Docker fixes this issue.
For example, `atlassian/confluence-server:6.13-ubuntu-18.04-adoptopenjdk8` will
install the latest 6.13.x version with AdoptOpenJDK 8.
# Support
This Docker image is great for evaluating Confluence. However, it does not use an Oracle JDK due to licensing constraints. Instead, it uses OpenJDK which is not supported for running Confluence in production.
These Confluence Docker images are presented as a technical preview, and not
recommended for critical production deployments. However if you are interested
in deploying with containers we would be interested in hearing your feedback.
To meet our supported platform requirements, you'll need to either:
Note that these images are built on the [AdoptOpenJDK][12] images. Prior to
Confluence 6.13 OpenJDK was not a supported platform. See [the 6.13
release-notes][13] for more information.
* build your own image based on [Oracle JDK](https://github.com/oracle/docker-images/tree/master/OracleJDK). See [Update the Confluence Docker image to use Oracle JDK ](https://confluence.atlassian.com/display/CONFKB/Update+the+Confluence+Docker+image+to+use+Oracle+JDK) for more info.
* use our image that is based on AdoptOpenJDK 8, which is fully supported for Confluence 6.13 and later. These images are tagged with the suffix `ubuntu-18.04-adoptopenjdk8` together with the Confluence version.
# License
Copyright © 2019 Atlassian Corporation Pty Ltd.
Licensed under the Apache License, Version 2.0.
[1]: https://www.atlassian.com/dam/wac/legacy/confluence_logo_landing.png
[2]: https://docs.docker.com/userguide/dockervolumes/#mount-a-host-directory-as-a-data-volume
[4]: https://confluence.atlassian.com/display/DOC/Supported+platforms
[5]: https://confluence.atlassian.com/doc/confluence-data-center-technical-overview-790795847.html
[6]: https://confluence.atlassian.com/doc/installing-confluence-data-center-203603.html
[7]: https://confluence.atlassian.com/doc/change-node-discovery-from-multicast-to-tcp-ip-or-aws-792297728.html#ChangeNodeDiscoveryfromMulticasttoTCP/IPorAWS-TochangefromTCP/IPtomulticast
[8]: https://docs.docker.com/engine/security/userns-remap/
[9]: https://confluence.atlassian.com/display/DOC/Configuring+Backups
[10]: https://confluence.atlassian.com/display/DOC/Production+Backup+Strategy
[11]: https://confluence.atlassian.com/display/DOC/Site+Backup+and+Restore
[12]: https://adoptopenjdk.net/
[13]: https://confluence.atlassian.com/doc/confluence-6-13-release-notes-959288785.html

1
config/confluence-init.properties.j2 Normal file
View File

@ -0,0 +1 @@
confluence.home = {{ atl_product_home | default(confluence_home) | default('') }}

68
config/confluence.cfg.xml.j2 Normal file
View File

@ -0,0 +1,68 @@
<?xml version="1.0" encoding="UTF-8"?>
<confluence-configuration>
<setupStep>setupstart</setupStep>
<setupType>custom</setupType>
<buildNumber>0</buildNumber>
<properties>
<property name="confluence.database.connection.type">database-type-standard</property>
<property name="webwork.multipart.saveDir">${localHome}/temp</property>
<property name="attachments.dir">${confluenceHome}/attachments</property>
{% if atl_jdbc_url is defined %}
{% set databases = {
"mysql": ["com.mysql.jdbc.Driver", "MySQLDialect"],
"postgresql": ["org.postgresql.Driver", "PostgreSQLDialect"],
"mssql": ["com.microsoft.sqlserver.jdbc.SQLServerDriver", "SQLServerDialect"],
"oracle12c": ["oracle.jdbc.driver.OracleDriver", "OracleDialect"]
} %}
<property name="confluence.database.choice">{{ atl_db_type }}</property>
<property name="hibernate.connection.url">{{ atl_jdbc_url }}</property>
<property name="hibernate.connection.username">{{ atl_jdbc_user }}</property>
<property name="hibernate.connection.password">{{ atl_jdbc_password }}</property>
<property name="hibernate.connection.driver_class">{{ databases[atl_db_type][0] }}</property>
<property name="hibernate.dialect">com.atlassian.confluence.impl.hibernate.dialect.{{ databases[atl_db_type][1] }}</property>
<property name="hibernate.c3p0.min_size">{{ atl_db_poolminsize | default('20') }}</property>
<property name="hibernate.c3p0.max_size">{{ atl_db_poolmaxsize | default('100') }}</property>
<property name="hibernate.c3p0.timeout">{{ atl_db_timeout | default('30') }}</property>
<property name="hibernate.c3p0.idle_test_period">{{ atl_db_idletestperiod | default('100') }}</property>
<property name="hibernate.c3p0.max_statements">{{ atl_db_maxstatements | default('0') }}</property>
<property name="hibernate.c3p0.validate">{{ atl_db_validate | default('false') }}</property>
<property name="hibernate.c3p0.acquire_increment">{{ atl_db_acquireincrement | default('1') }}</property>
<property name="hibernate.c3p0.preferredTestQuery">{{ atl_db_validationquery | default('select 1') }}</property>
{% endif %}
{% if atl_cluster_type is defined %}
<property name="confluence.cluster">true</property>
<property name="confluence.cluster.name">{{ atl_cluster_name }}</property>
<property name="confluence.cluster.node.name">{{ atl_cluster_node_name }}</property>
<property name="confluence.cluster.home">{{ atl_product_home_shared | default(confluence_shared_home) | default('') }}</property>
<property name="shared-home">{{ atl_product_home_shared | default(confluence_shared_home) | default('') }}</property>
<property name="confluence.cluster.join.type">{{ atl_cluster_type }}</property>
{% if atl_cluster_type == 'aws' %}
<property name="confluence.cluster.aws.iam.role">{{ atl_hazelcast_network_aws_iam_role }}</property>
<property name="confluence.cluster.aws.region">{{ atl_hazelcast_network_aws_iam_region }}</property>
<property name="confluence.cluster.aws.host.header">{{ atl_hazelcast_network_aws_host_header }}</property>
<property name="confluence.cluster.aws.security.group.name">{{ atl_hazelcast_network_aws_security_group }}</property>
<property name="confluence.cluster.aws.tag.key">{{ atl_hazelcast_network_aws_tag_key }}</property>
<property name="confluence.cluster.aws.tag.value">{{ atl_hazelcast_network_aws_tag_value }}</property>
<property name="confluence.cluster.ttl">{{ atl_cluster_ttl }}</property>
{% elif atl_cluster_type == 'tcp_ip' %}
<property name="confluence.cluster.peers">{{ atl_cluster_peers }}</property>
{% elif atl_cluster_type == 'multicast' %}
<property name="confluence.cluster.address">{{ atl_cluster_address }}</property>
<property name="confluence.cluster.ttl">{{ atl_cluster_ttl }}</property>
{% endif %}
{% endif %}
</properties>
</confluence-configuration>

71
config/seraph-config.xml.j2 Normal file
View File

@ -0,0 +1,71 @@
<security-config>
<parameters>
<init-param>
<param-name>login.url</param-name>
<param-value>/login.action?os_destination=${originalurl}&amp;permissionViolation=true</param-value>
</init-param>
<init-param>
<param-name>link.login.url</param-name>
<param-value>/login.action</param-value>
</init-param>
<init-param>
<param-name>cookie.encoding</param-name>
<param-value>cNf</param-value>
</init-param>
<init-param>
<param-name>login.cookie.key</param-name>
<param-value>seraph.confluence</param-value>
</init-param>
{% if atl_autologin_cookie_age is defined %}
<init-param>
<param-name>autologin.cookie.age</param-name>
<param-value>{{ atl_autologin_cookie_age }}</param-value>
</init-param>
{% endif %}
<!--only basic authentication available-->
<init-param>
<param-name>authentication.type</param-name>
<param-value>os_authType</param-value>
</init-param>
<!-- Invalidate session on login to prevent session fixation attack -->
<init-param>
<param-name>invalidate.session.on.login</param-name>
<param-value>true</param-value>
</init-param>
<!-- Add names for session attributes that must not be copied to a new session when the old one gets invalidated.
Currently it is empty (i.e. all attributes will be copied). -->
<init-param>
<param-name>invalidate.session.exclude.list</param-name>
<param-value></param-value>
</init-param>
</parameters>
<rolemapper class="com.atlassian.confluence.security.ConfluenceRoleMapper"/>
<controller class="com.atlassian.confluence.setup.seraph.ConfluenceSecurityController"/>
<!-- Default Confluence authenticator, which uses the configured user management for authentication. -->
<authenticator class="com.atlassian.confluence.user.ConfluenceAuthenticator"/>
<!-- Custom authenticators appear below. To enable one of them, comment out the default authenticator above and uncomment the one below. -->
<!-- Authenticator with support for Crowd single-sign on (SSO). -->
<!-- <authenticator class="com.atlassian.confluence.user.ConfluenceCrowdSSOAuthenticator"/> -->
<!-- Specialised version of the default authenticator which adds authenticated users to confluence-users if they aren't already a member. -->
<!-- <authenticator class="com.atlassian.confluence.user.ConfluenceGroupJoiningAuthenticator"/> -->
<services>
<service class="com.atlassian.seraph.service.PathService">
<init-param>
<param-name>config.file</param-name>
<param-value>seraph-paths.xml</param-value>
</init-param>
</service>
</services>
<elevatedsecurityguard class="com.atlassian.confluence.security.seraph.ConfluenceElevatedSecurityGuard"/>
</security-config>

70
config/server.xml.j2 Normal file
View File

@ -0,0 +1,70 @@
<?xml version="1.0" encoding="utf-8"?>
<Server port="{{ atl_tomcat_mgmt_port | default('8000') }}"
shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
<Listener className="org.apache.catalina.core.AprLifecycleListener"
SSLEngine="on"/>
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
<Service name="Catalina">
<Connector port="{{ atl_tomcat_port | default('8090') }}"
maxThreads="{{ atl_tomcat_maxthreads | default('100') }}"
minSpareThreads="{{ atl_tomcat_minsparethreads | default('10') }}"
connectionTimeout="{{ atl_tomcat_connectiontimeout | default('20000') }}"
enableLookups="{{ atl_tomcat_enablelookups | default('false') }}"
protocol="{{ atl_tomcat_protocol | default('HTTP/1.1') }}"
redirectPort="{{ atl_tomcat_redirectport | default('8443') }}"
acceptCount="{{ atl_tomcat_acceptcount | default('10') }}"
secure="{{ atl_tomcat_secure | default(catalina_connector_secure) | default('false') }}"
scheme="{{ atl_tomcat_scheme | default(catalina_connector_scheme) | default('http') }}"
proxyName="{{ atl_proxy_name | default(catalina_connector_proxyname) | default('') }}"
proxyPort="{{ atl_proxy_port | default(catalina_connector_proxyport) | default('') }}"
relaxedPathChars="[]|"
relaxedQueryChars="[]|{}^\`&quot;&lt;&gt;"
bindOnInit="false"
maxHttpHeaderSize="8192"
useBodyEncodingForURI="true"
disableUploadTimeout="true" />
<Engine name="Standalone"
defaultHost="localhost"
debug="0">
<Host name="localhost"
debug="0"
appBase="webapps"
unpackWARs="true"
autoDeploy="false"
startStopThreads="4">
<Context path="{{ atl_tomcat_contextpath | default(catalina_context_path) | default('') }}"
docBase="../confluence"
debug="0"
reloadable="false"
useHttpOnly="true">
<!-- Logging configuration for Confluence is specified in confluence/WEB-INF/classes/log4j.properties -->
<Manager pathname=""/>
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve"
threshold="60"/>
</Context>
<Context path="${confluence.context.path}/synchrony-proxy"
docBase="../synchrony-proxy"
debug="0"
reloadable="false"
useHttpOnly="true">
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve"
threshold="60"/>
</Context>
</Host>
</Engine>
</Service>
</Server>

77
entrypoint.py Executable file
View File

@ -0,0 +1,77 @@
#!/usr/bin/python3
import sys
import os
import shutil
import logging
import jinja2 as j2
######################################################################
# Utils
logging.basicConfig(level=logging.DEBUG)
def set_perms(path, user, group, mode):
shutil.chown(path, user=user, group=group)
os.chmod(path, mode)
# Setup Jinja2 for templating
jenv = j2.Environment(
loader=j2.FileSystemLoader('/opt/atlassian/etc/'),
autoescape=j2.select_autoescape(['xml']))
def gen_cfg(tmpl, target, env, user='root', group='root', mode=0o644):
logging.info(f"Generating {target} from template {tmpl}")
cfg = jenv.get_template(tmpl).render(env)
with open(target, 'w') as fd:
fd.write(cfg)
set_perms(target, user, group, mode)
######################################################################
# Setup inputs and outputs
# Import all ATL_* and Dockerfile environment variables. We lower-case
# these for compatability with Ansible template convention. We also
# support CATALINA variables from older versions of the Docker images
# for backwards compatability, if the new version is not set.
env = {k.lower(): v
for k, v in os.environ.items()
if k.startswith(('ATL_', 'CONFLUENCE_', 'RUN_', 'CATALINA_'))}
######################################################################
# Generate all configuration files for Confluence
gen_cfg('server.xml.j2',
f"{env['confluence_install_dir']}/conf/server.xml", env)
gen_cfg('seraph-config.xml.j2',
f"{env['confluence_install_dir']}/confluence/WEB-INF/classes/seraph-config.xml", env)
gen_cfg('confluence-init.properties.j2',
f"{env['confluence_install_dir']}/confluence/WEB-INF/classes/confluence-init.properties", env)
gen_cfg('confluence.cfg.xml.j2',
f"{env['confluence_home']}/confluence.cfg.xml", env,
user=env['run_user'], group=env['run_group'], mode=0o640)
######################################################################
# Start Confluence as the correct user
start_cmd = f"{env['confluence_install_dir']}/bin/start-confluence.sh"
if os.getuid() == 0:
logging.info(f"User is currently root. Will change directory ownership to {env['run_user']} then downgrade permissions")
set_perms(env['confluence_home'], env['run_user'], env['run_group'], 0o700)
cmd = '/bin/su'
start_cmd = ' '.join([start_cmd] + sys.argv[1:])
args = [cmd, env['run_user'], '-c', start_cmd]
else:
cmd = start_cmd
args = [start_cmd] + sys.argv[1:]
logging.info(f"Running Confluence with command '{cmd}', arguments {args}")
os.execv(cmd, args)

35
entrypoint.sh
View File

@ -1,35 +0,0 @@
#!/bin/bash
set -euo pipefail
# Setup Catalina Opts
: ${CATALINA_CONNECTOR_PROXYNAME:=}
: ${CATALINA_CONNECTOR_PROXYPORT:=}
: ${CATALINA_CONNECTOR_SCHEME:=http}
: ${CATALINA_CONNECTOR_SECURE:=false}
: ${CATALINA_CONTEXT_PATH:=}
: ${CATALINA_OPTS:=}
CATALINA_OPTS="${CATALINA_OPTS} -DcatalinaConnectorProxyName=${CATALINA_CONNECTOR_PROXYNAME}"
CATALINA_OPTS="${CATALINA_OPTS} -DcatalinaConnectorProxyPort=${CATALINA_CONNECTOR_PROXYPORT}"
CATALINA_OPTS="${CATALINA_OPTS} -DcatalinaConnectorScheme=${CATALINA_CONNECTOR_SCHEME}"
CATALINA_OPTS="${CATALINA_OPTS} -DcatalinaConnectorSecure=${CATALINA_CONNECTOR_SECURE}"
CATALINA_OPTS="${CATALINA_OPTS} -DcatalinaContextPath=${CATALINA_CONTEXT_PATH}"
export CATALINA_OPTS
# Start Confluence as the correct user
if [ "${UID}" -eq 0 ]; then
echo "User is currently root. Will change directory ownership to ${RUN_USER}:${RUN_GROUP}, then downgrade permission to ${RUN_USER}"
PERMISSIONS_SIGNATURE=$(stat -c "%u:%U:%a" "${CONFLUENCE_HOME}")
EXPECTED_PERMISSIONS=$(id -u ${RUN_USER}):${RUN_USER}:700
if [ "${PERMISSIONS_SIGNATURE}" != "${EXPECTED_PERMISSIONS}" ]; then
chmod -R 700 "${CONFLUENCE_HOME}" &&
chown -R "${RUN_USER}:${RUN_GROUP}" "${CONFLUENCE_HOME}"
fi
# Now drop privileges
exec su -s /bin/bash "${RUN_USER}" -c "$CONFLUENCE_INSTALL_DIR/bin/start-confluence.sh $@"
else
exec "$CONFLUENCE_INSTALL_DIR/bin/start-confluence.sh" "$@"
fi

3
tests/conftest.py
View File

@ -18,7 +18,6 @@ def docker_cli():
for tag in container.image.tags:
if tag.startswith(IMAGE_NAME):
container.remove(force=True)
@pytest.fixture(scope='module', params=DOCKERFILES)
@ -32,4 +31,4 @@ def image(request):
buildargs=buildargs,
dockerfile=request.param,
rm=True)[0]
return image
return image

1
tests/test-requirements.txt
View File

@ -17,3 +17,4 @@ urllib3==1.25.3
wcwidth==0.1.7
websocket-client==0.56.0
zipp==0.5.2
testinfra==3.0.6

383
tests/test_image.py
View File

@ -2,103 +2,51 @@ import pytest
import io
import tarfile
import testinfra
import time
import xml.etree.ElementTree as etree
import requests
# Helper function to get a file-like object from an image
def get_fileobj_from_container(container, filepath):
time.sleep(0.5) # Give container a moment if just started
stream, stat = container.get_archive(filepath)
f = io.BytesIO()
for chunk in stream:
f.write(chunk)
f.seek(0)
with tarfile.open(fileobj=f, mode='r') as tar:
filename = tar.getmembers()[0].name
file = tar.extractfile(filename)
return file
CONF_INSTALL = '/opt/atlassian/confluence'
CONF_HOME = '/var/atlassian/application-data/confluence'
CONF_SHARED_HOME = '/media/atl/confluence/shared-home'
# Run an image and wrap it in a TestInfra host for convenience.
# FIXME: There's probably a way to turn this into a fixture with parameters.
def run_image(docker_cli, image, environment={}, ports={}):
container = docker_cli.containers.run(image, environment=environment, ports=ports, detach=True)
return testinfra.get_host("docker://"+container.id)
# TestInfra's process command doesn't seem to work for arg matching
def get_procs(container):
ps = container.run('ps -axo args')
return ps.stdout.split('\n')
def wait_for_proc(container, proc_str, max_wait=10):
waited = 0
while waited < max_wait:
procs = list(filter(lambda p: proc_str in p, get_procs(container)))
if len(procs) > 0:
return procs[0]
time.sleep(0.1)
waited += 0.1
raise TimeoutError("Failed to find target process")
def wait_for_file(container, path, max_wait=10):
waited = 0
while waited < max_wait:
if container.file(path).exists:
return
time.sleep(0.1)
waited += 0.1
raise TimeoutError("Failed to find target process")
# def test_server_xml_defaults(docker_cli, image):
# container = docker_cli.containers.run(image, detach=True)
# server_xml = get_fileobj_from_container(container, '/opt/atlassian/jira/conf/server.xml')
# xml = etree.parse(server_xml)
# connector = xml.find('.//Connector')
# context = xml.find('.//Context')
#
# assert connector.get('port') == '8090'
# assert connector.get('maxThreads') == '200'
# assert connector.get('minSpareThreads') == '10'
# assert connector.get('connectionTimeout') == '20000'
# assert connector.get('enableLookups') == 'false'
# assert connector.get('protocol') == 'HTTP/1.1'
# assert connector.get('acceptCount') == '10'
# assert connector.get('secure') == 'false'
# assert connector.get('scheme') == 'http'
# assert connector.get('proxyName') == ''
# assert connector.get('proxyPort') == ''
#
#
# def test_server_xml_params(docker_cli, image):
# environment = {
# 'ATL_TOMCAT_MGMT_PORT': '8006',
# 'ATL_TOMCAT_PORT': '9090',
# 'ATL_TOMCAT_MAXTHREADS': '201',
# 'ATL_TOMCAT_MINSPARETHREADS': '11',
# 'ATL_TOMCAT_CONNECTIONTIMEOUT': '20001',
# 'ATL_TOMCAT_ENABLELOOKUPS': 'true',
# 'ATL_TOMCAT_PROTOCOL': 'HTTP/2',
# 'ATL_TOMCAT_ACCEPTCOUNT': '11',
# 'ATL_TOMCAT_SECURE': 'true',
# 'ATL_TOMCAT_SCHEME': 'https',
# 'ATL_PROXY_NAME': 'jira.atlassian.com',
# 'ATL_PROXY_PORT': '443',
# 'ATL_TOMCAT_CONTEXTPATH': '/myjira',
# }
# container = docker_cli.containers.run(image, environment=environment, detach=True)
# server_xml = get_fileobj_from_container(container, '/opt/atlassian/jira/conf/server.xml')
# xml = etree.parse(server_xml)
# server = xml.getroot()
# connector = xml.find('.//Connector')
# context = xml.find('.//Context')
#
# assert server.get('port') == environment.get('ATL_TOMCAT_MGMT_PORT')
#
# assert connector.get('port') == environment.get('ATL_TOMCAT_PORT')
# assert connector.get('maxThreads') == environment.get('ATL_TOMCAT_MAXTHREADS')
# assert connector.get('minSpareThreads') == environment.get('ATL_TOMCAT_MINSPARETHREADS')
# assert connector.get('connectionTimeout') == environment.get('ATL_TOMCAT_CONNECTIONTIMEOUT')
# assert connector.get('enableLookups') == environment.get('ATL_TOMCAT_ENABLELOOKUPS')
# assert connector.get('protocol') == environment.get('ATL_TOMCAT_PROTOCOL')
# assert connector.get('acceptCount') == environment.get('ATL_TOMCAT_ACCEPTCOUNT')
# assert connector.get('secure') == environment.get('ATL_TOMCAT_SECURE')
# assert connector.get('scheme') == environment.get('ATL_TOMCAT_SCHEME')
# assert connector.get('proxyName') == environment.get('ATL_PROXY_NAME')
# assert connector.get('proxyPort') == environment.get('ATL_PROXY_PORT')
#
# assert context.get('path') == environment.get('ATL_TOMCAT_CONTEXTPATH')
#
#
# def test_confluence_cfg_xml_defaults(docker_cli, image):
# environment = {
#
# }
# container = docker_cli.containers.run(image, environment=environment, detach=True)
# confluence_cfg_xml = get_fileobj_from_container(container, '/var/atlassian/application-data/confluence/confluence.cfg.xml')
# xml = etree.parse(confluence_cfg_xml)
#
#
# def test_confluence_cfg_xml_params(docker_cli, image):
# environment = {
#
# }
# container = docker_cli.containers.run(image, environment=environment, detach=True)
# confluence_cfg_xml = get_fileobj_from_container(container, '/var/atlassian/application-data/confluence/confluence.cfg.xml')
# xml = etree.parse(confluence_cfg_xml)
######################################################################
# Tests
def test_jvm_args(docker_cli, image):
environment = {
@ -106,19 +54,29 @@ def test_jvm_args(docker_cli, image):
'JVM_MAXIMUM_MEMORY': '2047m',
'JVM_SUPPORT_RECOMMENDED_ARGS': '-verbose:gc',
}
container = docker_cli.containers.run(image, environment=environment, detach=True)
time.sleep(0.5) # JVM doesn't start immediately when container runs
procs = container.exec_run('ps aux')
procs_list = procs.output.decode().split('\n')
jvm = [proc for proc in procs_list if '-Dconfluence.home' in proc][0]
container = run_image(docker_cli, image, environment=environment)
jvm = wait_for_proc(container, "org.apache.catalina.startup.Bootstrap")
assert f'-Xms{environment.get("JVM_MINIMUM_MEMORY")}' in jvm
assert f'-Xmx{environment.get("JVM_MAXIMUM_MEMORY")}' in jvm
assert environment.get('JVM_SUPPORT_RECOMMENDED_ARGS') in jvm
def test_install_permissions(docker_cli, image):
container = run_image(docker_cli, image)
assert container.file(f'{CONF_INSTALL}/conf/server.xml').user == 'root'
for d in ['logs', 'work', 'temp']:
path = f'{CONF_INSTALL}/{d}/'
assert container.file(path).user == 'confluence'
def test_first_run_state(docker_cli, image):
PORT = 8090
container = docker_cli.containers.run(image, ports={PORT: PORT}, detach=True)
container = run_image(docker_cli, image, ports={PORT: PORT})
jvm = wait_for_proc(container, "org.apache.catalina.startup.Bootstrap")
for i in range(20):
try:
r = requests.get(f'http://localhost:{PORT}/status')
@ -131,4 +89,235 @@ def test_first_run_state(docker_cli, image):
return
time.sleep(1)
raise TimeoutError
def test_server_xml_defaults(docker_cli, image):
container = run_image(docker_cli, image)
_jvm = wait_for_proc(container, "org.apache.catalina.startup.Bootstrap")
xml = etree.fromstring(container.file(f'{CONF_INSTALL}/conf/server.xml').content)
connector = xml.find('.//Connector')
context = xml.find('.//Context')
assert connector.get('port') == '8090'
assert connector.get('maxThreads') == '100'
assert connector.get('minSpareThreads') == '10'
assert connector.get('connectionTimeout') == '20000'
assert connector.get('enableLookups') == 'false'
assert connector.get('protocol') == 'HTTP/1.1'
assert connector.get('acceptCount') == '10'
assert connector.get('secure') == 'false'
assert connector.get('scheme') == 'http'
assert connector.get('proxyName') == ''
assert connector.get('proxyPort') == ''
def test_server_xml_catalina_fallback(docker_cli, image):
environment = {
'CATALINA_CONNECTOR_PROXYNAME': 'PROXYNAME',
'CATALINA_CONNECTOR_PROXYPORT': 'PROXYPORT',
'CATALINA_CONNECTOR_SECURE': 'SECURE',
'CATALINA_CONNECTOR_SCHEME': 'SCHEME',
'CATALINA_CONTEXT_PATH': 'CONTEXT'
}
container = run_image(docker_cli, image, environment=environment)
_jvm = wait_for_proc(container, "org.apache.catalina.startup.Bootstrap")
xml = etree.fromstring(container.file(f'{CONF_INSTALL}/conf/server.xml').content)
connector = xml.find('.//Connector')
context = xml.find('.//Context')
assert connector.get('proxyName') == 'PROXYNAME'
assert connector.get('proxyPort') == 'PROXYPORT'
assert connector.get('scheme') == 'SCHEME'
assert connector.get('secure') == 'SECURE'
assert context.get('path') == 'CONTEXT'
def test_server_xml_params(docker_cli, image):
environment = {
'ATL_TOMCAT_MGMT_PORT': '8006',
'ATL_TOMCAT_PORT': '9090',
'ATL_TOMCAT_MAXTHREADS': '201',
'ATL_TOMCAT_MINSPARETHREADS': '11',
'ATL_TOMCAT_CONNECTIONTIMEOUT': '20001',
'ATL_TOMCAT_ENABLELOOKUPS': 'true',
'ATL_TOMCAT_PROTOCOL': 'HTTP/2',
'ATL_TOMCAT_ACCEPTCOUNT': '11',
'ATL_TOMCAT_SECURE': 'true',
'ATL_TOMCAT_SCHEME': 'https',
'ATL_PROXY_NAME': 'conf.atlassian.com',
'ATL_PROXY_PORT': '443',
'ATL_TOMCAT_CONTEXTPATH': '/myconf',
}
container = run_image(docker_cli, image, environment=environment)
_jvm = wait_for_proc(container, "org.apache.catalina.startup.Bootstrap")
xml = etree.fromstring(container.file(f'{CONF_INSTALL}/conf/server.xml').content)
connector = xml.find('.//Connector')
context = xml.find('.//Context')
assert xml.get('port') == environment.get('ATL_TOMCAT_MGMT_PORT')
assert connector.get('port') == environment.get('ATL_TOMCAT_PORT')
assert connector.get('maxThreads') == environment.get('ATL_TOMCAT_MAXTHREADS')
assert connector.get('minSpareThreads') == environment.get('ATL_TOMCAT_MINSPARETHREADS')
assert connector.get('connectionTimeout') == environment.get('ATL_TOMCAT_CONNECTIONTIMEOUT')
assert connector.get('enableLookups') == environment.get('ATL_TOMCAT_ENABLELOOKUPS')
assert connector.get('protocol') == environment.get('ATL_TOMCAT_PROTOCOL')
assert connector.get('acceptCount') == environment.get('ATL_TOMCAT_ACCEPTCOUNT')
assert connector.get('secure') == environment.get('ATL_TOMCAT_SECURE')
assert connector.get('scheme') == environment.get('ATL_TOMCAT_SCHEME')
assert connector.get('proxyName') == environment.get('ATL_PROXY_NAME')
assert connector.get('proxyPort') == environment.get('ATL_PROXY_PORT')
assert context.get('path') == environment.get('ATL_TOMCAT_CONTEXTPATH')
def test_seraph_defaults(docker_cli, image):
container = run_image(docker_cli, image)
wait_for_file(container, f"{CONF_INSTALL}/confluence/WEB-INF/classes/seraph-config.xml")
xml = etree.fromstring(container.file(f'{CONF_INSTALL}/confluence/WEB-INF/classes/seraph-config.xml').content)
#param = xml.findall('//param-name[text()="autologin.cookie.age"]') == []
param = xml.findall('.//param-name[.="autologin.cookie.age"]') == []
def test_seraph_login_set(docker_cli, image):
container = run_image(docker_cli, image, environment={"ATL_AUTOLOGIN_COOKIE_AGE": "TEST_VAL"})
wait_for_file(container, f"{CONF_INSTALL}/confluence/WEB-INF/classes/seraph-config.xml")
xml = etree.fromstring(container.file(f'{CONF_INSTALL}/confluence/WEB-INF/classes/seraph-config.xml').content)
assert xml.findall('.//param-value[.="TEST_VAL"]')[0].text == "TEST_VAL"
def test_conf_init_set(docker_cli, image):
container = run_image(docker_cli, image, environment={"CONFLUENCE_HOME": "/tmp/"})
wait_for_file(container, f"{CONF_INSTALL}/confluence/WEB-INF/classes/confluence-init.properties")
init = container.file(f'{CONF_INSTALL}/confluence/WEB-INF/classes/confluence-init.properties')
assert init.contains("confluence.home = /tmp/")
def test_confluence_xml_default(docker_cli, image):
container = run_image(docker_cli, image)
wait_for_file(container, f"{CONF_INSTALL}/confluence/WEB-INF/classes/confluence-init.properties")
#_jvm = wait_for_proc(container, "org.apache.catalina.startup.Bootstrap")
xml = etree.fromstring(container.file(f'{CONF_HOME}/confluence.cfg.xml').content)
assert xml.findall('.//buildNumber')[0].text == "0"
assert xml.findall('.//property[@name="hibernate.connection.url"]') == []
assert xml.findall('.//property[@name="confluence.cluster.home"]') == []
def test_confluence_xml_postgres(docker_cli, image):
environment = {
'ATL_DB_TYPE': 'postgresql',
'ATL_JDBC_URL': 'atl_jdbc_url',
'ATL_JDBC_USER': 'atl_jdbc_user',
'ATL_JDBC_PASSWORD': 'atl_jdbc_password'
}
container = run_image(docker_cli, image, environment=environment)
wait_for_file(container, f"{CONF_INSTALL}/confluence/WEB-INF/classes/confluence-init.properties")
xml = etree.fromstring(container.file(f'{CONF_HOME}/confluence.cfg.xml').content)
assert xml.findall('.//property[@name="hibernate.connection.url"]')[0].text == "atl_jdbc_url"
assert xml.findall('.//property[@name="hibernate.connection.username"]')[0].text == "atl_jdbc_user"
assert xml.findall('.//property[@name="hibernate.connection.password"]')[0].text == "atl_jdbc_password"
assert xml.findall('.//property[@name="confluence.database.choice"]')[0].text == "postgresql"
assert xml.findall('.//property[@name="hibernate.dialect"]')[0].text == "com.atlassian.confluence.impl.hibernate.dialect.PostgreSQLDialect"
assert xml.findall('.//property[@name="hibernate.connection.driver_class"]')[0].text == "org.postgresql.Driver"
assert xml.findall('.//property[@name="hibernate.c3p0.min_size"]')[0].text == "20"
assert xml.findall('.//property[@name="hibernate.c3p0.max_size"]')[0].text == "100"
assert xml.findall('.//property[@name="hibernate.c3p0.timeout"]')[0].text == "30"
assert xml.findall('.//property[@name="hibernate.c3p0.idle_test_period"]')[0].text == "100"
assert xml.findall('.//property[@name="hibernate.c3p0.max_statements"]')[0].text == "0"
assert xml.findall('.//property[@name="hibernate.c3p0.validate"]')[0].text == "false"
assert xml.findall('.//property[@name="hibernate.c3p0.acquire_increment"]')[0].text == "1"
assert xml.findall('.//property[@name="hibernate.c3p0.preferredTestQuery"]')[0].text == "select 1"
def test_confluence_xml_postgres_all_set(docker_cli, image):
environment = {
'ATL_DB_TYPE': 'postgresql',
'ATL_JDBC_URL': 'atl_jdbc_url',
'ATL_JDBC_USER': 'atl_jdbc_user',
'ATL_JDBC_PASSWORD': 'atl_jdbc_password',
'ATL_DB_POOLMAXSIZE': 'x100',
'ATL_DB_POOLMINSIZE': 'x20',
'ATL_DB_TIMEOUT': 'x30',
'ATL_DB_IDLETESTPERIOD': 'x100',
'ATL_DB_MAXSTATEMENTS': 'x0',
'ATL_DB_VALIDATE': 'xfalse',
'ATL_DB_ACQUIREINCREMENT': 'x1',
'ATL_DB_VALIDATIONQUERY': 'xselect 1'
}
container = run_image(docker_cli, image, environment=environment)
wait_for_file(container, f"{CONF_HOME}/confluence.cfg.xml")
xml = etree.fromstring(container.file(f'{CONF_HOME}/confluence.cfg.xml').content)
assert xml.findall('.//property[@name="hibernate.connection.driver_class"]')[0].text == "org.postgresql.Driver"
assert xml.findall('.//property[@name="hibernate.dialect"]')[0].text == "com.atlassian.confluence.impl.hibernate.dialect.PostgreSQLDialect"
assert xml.findall('.//property[@name="hibernate.c3p0.min_size"]')[0].text == "x20"
assert xml.findall('.//property[@name="hibernate.c3p0.max_size"]')[0].text == "x100"
assert xml.findall('.//property[@name="hibernate.c3p0.timeout"]')[0].text == "x30"
assert xml.findall('.//property[@name="hibernate.c3p0.idle_test_period"]')[0].text == "x100"
assert xml.findall('.//property[@name="hibernate.c3p0.max_statements"]')[0].text == "x0"
assert xml.findall('.//property[@name="hibernate.c3p0.validate"]')[0].text == "xfalse"
assert xml.findall('.//property[@name="hibernate.c3p0.acquire_increment"]')[0].text == "x1"
assert xml.findall('.//property[@name="hibernate.c3p0.preferredTestQuery"]')[0].text == "xselect 1"
def test_confluence_xml_cluster_aws(docker_cli, image):
environment = {
'ATL_CLUSTER_TYPE': 'aws',
'ATL_HAZELCAST_NETWORK_AWS_IAM_ROLE': 'atl_hazelcast_network_aws_iam_role',
'ATL_HAZELCAST_NETWORK_AWS_IAM_REGION': 'atl_hazelcast_network_aws_iam_region',
'ATL_HAZELCAST_NETWORK_AWS_HOST_HEADER': 'atl_hazelcast_network_aws_host_header',
'ATL_HAZELCAST_NETWORK_AWS_TAG_KEY': 'atl_hazelcast_network_aws_tag_key',
'ATL_HAZELCAST_NETWORK_AWS_TAG_VALUE': 'atl_hazelcast_network_aws_tag_value',
'ATL_CLUSTER_NAME': 'atl_cluster_name',
'ATL_CLUSTER_TTL': 'atl_cluster_ttl'
}
container = run_image(docker_cli, image, environment=environment)
wait_for_file(container, f"{CONF_HOME}/confluence.cfg.xml")
xml = etree.fromstring(container.file(f'{CONF_HOME}/confluence.cfg.xml').content)
assert xml.findall('.//property[@name="confluence.cluster"]')[0].text == "true"
assert xml.findall('.//property[@name="confluence.cluster.join.type"]')[0].text == "aws"
assert xml.findall('.//property[@name="confluence.cluster.aws.iam.role"]')[0].text == "atl_hazelcast_network_aws_iam_role"
assert xml.findall('.//property[@name="confluence.cluster.aws.region"]')[0].text == "atl_hazelcast_network_aws_iam_region"
assert xml.findall('.//property[@name="confluence.cluster.aws.host.header"]')[0].text == "atl_hazelcast_network_aws_host_header"
assert xml.findall('.//property[@name="confluence.cluster.aws.tag.key"]')[0].text == "atl_hazelcast_network_aws_tag_key"
assert xml.findall('.//property[@name="confluence.cluster.aws.tag.value"]')[0].text == "atl_hazelcast_network_aws_tag_value"
assert xml.findall('.//property[@name="confluence.cluster.name"]')[0].text == "atl_cluster_name"
assert xml.findall('.//property[@name="confluence.cluster.ttl"]')[0].text == "atl_cluster_ttl"
def test_confluence_xml_cluster_multicast(docker_cli, image):
environment = {
'ATL_CLUSTER_TYPE': 'multicast',
'ATL_CLUSTER_NAME': 'atl_cluster_name',
'ATL_CLUSTER_TTL': 'atl_cluster_ttl',
'ATL_CLUSTER_ADDRESS': '99.99.99.99'
}
container = run_image(docker_cli, image, environment=environment)
wait_for_file(container, f"{CONF_HOME}/confluence.cfg.xml")
xml = etree.fromstring(container.file(f'{CONF_HOME}/confluence.cfg.xml').content)
assert xml.findall('.//property[@name="confluence.cluster"]')[0].text == "true"
assert xml.findall('.//property[@name="confluence.cluster.join.type"]')[0].text == "multicast"
assert xml.findall('.//property[@name="confluence.cluster.name"]')[0].text == "atl_cluster_name"
assert xml.findall('.//property[@name="confluence.cluster.ttl"]')[0].text == "atl_cluster_ttl"
assert xml.findall('.//property[@name="confluence.cluster.address"]')[0].text == "99.99.99.99"
def test_confluence_xml_cluster_tcp(docker_cli, image):
environment = {
'ATL_CLUSTER_TYPE': 'tcp_ip',
'ATL_CLUSTER_PEERS': '1.1.1.1,99.99.99.99',
'ATL_CLUSTER_NAME': 'atl_cluster_name',
}
container = run_image(docker_cli, image, environment=environment)
wait_for_file(container, f"{CONF_HOME}/confluence.cfg.xml")
xml = etree.fromstring(container.file(f'{CONF_HOME}/confluence.cfg.xml').content)
assert xml.findall('.//property[@name="confluence.cluster"]')[0].text == "true"
assert xml.findall('.//property[@name="confluence.cluster.join.type"]')[0].text == "tcp_ip"
assert xml.findall('.//property[@name="confluence.cluster.name"]')[0].text == "atl_cluster_name"
assert xml.findall('.//property[@name="confluence.cluster.peers"]')[0].text == "1.1.1.1,99.99.99.99"