Deploying Jira on Google Cloud

This tutorial shows how to deploy Atlassian Jira Server Edition on Google Cloud, using Compute Engine and using Cloud SQL as the MySQL database.

Objectives

Create a Linux Ubuntu virtual machine to install Jira version 8.8.1.
Create a Cloud SQL for MySQL version 5.7 instance for Jira to connect to.
Configure Jira to run as a service.
Enable access to the Jira service using HTTPS.

Costs

This tutorial uses billable components of Google Cloud, including:

Compute Engine
Cloud SQL
Cloud Load Balancing
Networking

Use the Pricing Calculator to generate a cost estimate based on your projected usage.

Before you begin

Sign in to your Google Account.
If you don't already have one, sign up for a new account.
In the Google Cloud Console, on the project selector page, select or create a Google Cloud project.

Note: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.

Go to the project selector page
Make sure that billing is enabled for your Cloud project. Learn how to confirm that billing is enabled for your project.
Enable the Compute Engine and Cloud SQL Admin APIs.
Enable the APIs

In addition, make sure you meet these requirements:

Make sure you have a trial or full license key for Jira Server Edition.
Make sure you have a domain name registered for your Jira site.

When you finish this tutorial, you can avoid continued billing by deleting the resources you created. See Cleaning up for more detail.

Deployment architecture

The following diagram shows the deployment architecture you use to install Jira. The primary Jira application server runs on a Compute Engine instance. That instance is securely connected to an instance of Cloud SQL for MySQL using the Cloud SQL Proxy tool running on the same virtual machine as Jira.

Architecture of JIRA deployment on Google Cloud

Setting up your environment

In this section, you configure the infrastructure and identities that are required in order to complete the tutorial.

Start a Cloud Shell instance

You run all the terminal commands in this tutorial from Cloud Shell.

Open Cloud Shell:

OPEN Cloud Shell

Configure a service account

The next step is to create a service account to delegate permissions to Jira so that Jira can access data in Cloud SQL.

In Cloud Shell, create the service account:

gcloud iam service-accounts create jira-service-account \
    --display-name jira-service-account

Store the service account email address, current project ID, and default zone in environment variables for use in later commands. For [ZONE], choose the zone that's geographically closest to you.

export SA_EMAIL=$(gcloud iam service-accounts list \
    --filter="displayName:jira-service-account" \
    --format='value(email)')
export PROJECT=$(gcloud info \
    --format='value(config.project)')
export ZONE=[ZONE]

To see a list of zones, run the following command:

gcloud compute zones list

Bind the roles/cloudsql.client role to your service account:

gcloud projects add-iam-policy-binding $PROJECT \
    --role roles/cloudsql.client \
    --member serviceAccount:$SA_EMAIL

Creating an instance of Cloud SQL for MySQL

For this tutorial, you set up Jira to use a MySQL database. Rather than installing MySQL yourself, you use Cloud SQL, which provides a managed version of MySQL.

In Cloud Shell, create an instance of Cloud SQL with MySQL as the database. The following command uses the name mysql-jira-instance as the name of the instance. You can use a different name; if you do, make a note of it, because you need this name in later steps.

gcloud sql instances create mysql-jira-instance \
    --database-version MYSQL_5_7 --zone $ZONE \
    --database-flags \
    character_set_server=utf8mb4,sql_mode=STRICT_TRANS_TABLES

The properties of the new instance are displayed:

NAME                 DATABASE_VERSION  LOCATION    TIER              STATUS
mysql-jira-instance  MYSQL_5_7         us-east1-d  db-n1-standard-1  RUNNABLE

Set the password for the root@% MySQL user. If you didn't use the name mysql-jira-instance for the Cloud SQL instance, be sure that you use the name you used earlier. For [PASSWORD], substitute a strong password.
```
gcloud sql users set-password root \
    --host=% --instance=mysql-jira-instance --password=[PASSWORD]
```

Creating the Compute Engine instance and instance group

You create a Compute Engine instance to deploy Jira and then add the new instance to an instance group. This allows you to use an HTTPS load balancer in a later step.

Create the Compute Engine instance

For this tutorial, you use the default machine type of n1-standard-1.

In Cloud Shell, create a Compute Engine instance on which you can install Jira Software. For this tutorial, you name the instance jira-instance.

gcloud config set compute/zone $ZONE

gcloud compute instances create jira-instance \
    --image-family ubuntu-1804-lts \
    --image-project gce-uefi-images \
    --tags=jira-server \
    --service-account $SA_EMAIL \
    --scopes cloud-platform

The properties of the new instance are displayed:

NAME           ZONE        MACHINE_TYPE   PREEMPTIBLE    STATUS
jira-instance  us-east1-d  n1-standard-1                 RUNNING

For more information about operating systems and machine types by Jira, see the following Atlassian pages:

Supported platforms for Jira 8.8
Jira Data Center size profiles

Create an instance group and add the Compute Engine instance

You can now create an instance group and add the jira-instance virtual machine.

In Cloud Shell, create an instance group:

gcloud compute instance-groups unmanaged create jira-resources \
    --zone $ZONE

Add the Compute Engine instance to the instance group:

gcloud compute instance-groups unmanaged add-instances jira-resources \
    --instances jira-instance \
    --zone $ZONE

Installing Jira Software

In this section, you configure the Compute Engine instance and complete the Jira installation.

Connect to the Compute Engine instance

In order to configure the instance settings, you establish an SSH connection to your instance.

In Cloud Shell, connect to your instance:
```
gcloud compute ssh jira-instance
```
Compute Engine generates an SSH key and adds the generated key to the project or instance metadata.

Install required packages

In the Compute Engine instance, you need to install tools that let you work with Jira and with MySQL in later steps.

At the command line of your instance, install wget:
```
sudo apt-get install wget
```
Install the MySQL client on the instance:
```
sudo apt-get install mysql-client
```

Download the software installer and install Jira Software

At the command line of your instance, download the Jira Software installer from Atlassian:

wget https://www.atlassian.com/software/jira/downloads/binary/atlassian-jira-software-8.8.1-x64.bin

Make the installer file executable:

chmod a+x atlassian-jira-software-8.8.1-x64.bin

Run the installer. You must perform this step using sudo, which gives you the option to install Jira as a service during the installation process.
```
sudo ./atlassian-jira-software-8.8.1-x64.bin
```
If prompted, install any dependencies.
Enter the following values during the installation process:
- Installation option: choose Custom Install (option 2)
- Installation directory: /opt/atlassian/jira
- Software data directory: /var/atlassian/application-data/jira
- TCP ports: HTTP: 8080, Control: 8005
- Install as service: y
- Start Jira: no. You don't want to start Jira yet, because there are steps remaining.

Clean up by removing the installer file:

rm atlassian-jira-software-8.8.1-x64.bin

Configuring a connection for Jira to Cloud SQL for MySQL

This section describes how to use the MySQL client to connect to Cloud SQL for MySQL, the database used by Jira.

Download MySQL Connector/J

Jira connects to a database using a JDBC database connection. The MySQL Connector is the official JDBC driver for MySQL. This tutorial uses version 5.1.48 of the MySQL Connector.

At the command line of your Jira instance, download the connector:

wget https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.48.tar.gz

Uncompress the tar file:

tar -xzf mysql-connector-java-5.1.48.tar.gz

Copy the file to /opt/atlassian/jira/lib:

sudo cp ./mysql-connector-java-5.1.48/mysql-connector-java-5.1.48-bin.jar /opt/atlassian/jira/lib/.

Clean up by removing the tar file:

rm -rf mysql-connector-java-5.1.48d \
mysql-connector-java-5.1.48.tar.gz

Install Cloud SQL Proxy on the Compute Engine instance

Cloud SQL Proxy helps provides secure access to Cloud SQL for the MySQL instance.

At the command line of your instance, download the proxy:

wget https://dl.google.com/cloudsql/cloud_sql_proxy.linux.amd64 -O cloud_sql_proxy

Make the proxy executable:
```
chmod +x cloud_sql_proxy
```
Copy the proxy binary to a local directory:
```
sudo cp cloud_sql_proxy /usr/local/bin/.
```

Running Jira as a service

Running Jira as a service allows Jira to start automatically whenever the computer restarts.

At the command line of your instance, create a new file called cloud_sql_proxy.service. For example, use the following vi command to create the cloud_sql_proxy.service file:
```
sudo vi /lib/systemd/system/cloud_sql_proxy.service
```

Add the following configuration to the file. Replace [PROJECT_ID] with your Google Cloud project ID, and replace [REGION] with the region you are using (for example, us-east1). If you didn't use the name mysql-jira-instance for the Cloud SQL instance, substitute your name.

[Unit]
Description=Google Cloud SQL Proxy
After=network.service

[Service]
User=root
Type=forking
WorkingDirectory=/usr/local/bin
ExecStart=/bin/sh -c '/usr/bin/nohup /usr/local/bin/cloud_sql_proxy -instances=[PROJECT_ID]:[REGION]:mysql-jira-instance=tcp:3306 &'
RemainAfterExit=yes
StandardOutput=journal
KillMode=process

[Install]
WantedBy=multi-user.target

Save and close the file.

Create a new file called jira.service:

sudo vi /lib/systemd/system/jira.service

Add the following configuration to the file.

[Unit]
Description=JIRA Service
Requires=cloud_sql_proxy.service
After=network.target iptables.service firewalld.service httpd.service

[Service]
Type=forking
User=root
ExecStart=/opt/atlassian/jira/bin/start-jira.sh
ExecStop=/opt/atlassian/jira/bin/stop-jira.sh
ExecReload=/opt/atlassian/jira/bin/stop-jira.sh | sleep 60 | /opt/atlassian/jira/bin/stop-jira.sh

[Install]
WantedBy=multi-user.target

Save and close the file.
Remove the SysV script that was created when you installed Jira:
```
sudo rm /etc/init.d/jira
```

Enable the Jira and Cloud SQL Proxy services:

sudo systemctl daemon-reload
sudo systemctl enable jira
sudo systemctl enable cloud_sql_proxy

Start the services:
```
sudo systemctl start jira
```
You need to start only the Jira service. The proxy service is dependent on the Jira service, and it automatically starts after the Jira service has started.
Check the status of the services:
```
sudo systemctl status jira
sudo systemctl status cloud_sql_proxy
```
If the status is green and says active (running), the service is active and running. If the status is inactive, try reloading the services again in a few minutes using sudo systemctl daemon-reload.

Starting the MySQL session

This section shows how to create a MySQL user and password and how to create a MySQL database to connect Jira to during the setup process.

At the command line of your instance, start a MySQL session:
```
mysql -u root -p --host 127.0.0.1 -P 3306
```
When the session is ready, you see the mysql prompt.
Create the database. Substitute [DATABASE_NAME] for your database name. For information on naming, see MySQL's Database Creation Guide.
```
CREATE Database [DATABASE_NAME] CHARACTER SET utf8 COLLATE utf8_bin;
```
Create a non-root user and set the user's password. Replace [USERNAME] for your username and [PASSWORD] with your password.
```
CREATE USER '[USERNAME]'@'%' IDENTIFIED BY '[PASSWORD]';
```

Grant the user all privileges:

GRANT ALL PRIVILEGES ON [DATABASE_NAME] . * TO '[USERNAME]'@'%';
FLUSH PRIVILEGES;

Close the MySQL session:
```
EXIT;
```
Close the SSH connection to the instance:
```
exit
```

Creating and configuring the HTTPS load balancer

The next step is to create an HTTPS load balancer in order to secure traffic to the Jira instance. At the time of writing, running Jira over HTTPS is outside of the scope of Atlassian support. Therefore, you use an HTTPS load balancer with the Jira instance. For more information on configuring HTTPS, see Running Jira applications over SSL or HTTPS on the Atlassian site.

Create a global static IP address

Global static external IP addresses are the external IP addresses that your customers use to reach the load balancer.

In Cloud Shell, create a global static external IP address for your load balancer:
```
gcloud compute addresses create lb-ip --global
```

Configure the load balancing service

The next step is to configure the load balancer.

In Cloud Shell, create a named port:
```
gcloud compute instance-groups unmanaged set-named-ports jira-resources \
    --named-ports http:8080 \
    --zone $ZONE
```
When the port is configured, the load balancing service forwards traffic to the named port.

Create a health check:

gcloud compute health-checks create tcp jira-health --port 8080

Create a backend service using the jira-health health check. The timeout is configured to 300 seconds to allow time for the installation process to complete. This value is changed to 30 seconds after the installation is complete.
```
gcloud compute backend-services create jira-app \
    --protocol http \
    --health-checks jira-health \
    --timeout 300 \
    --global
```

Add your instance group as a backend to the backend service:

gcloud compute backend-services add-backend jira-app \
    --instance-group jira-resources \
    --instance-group-zone $ZONE \
    --global

Create a default URL map that directs all incoming requests to your instances:
```
gcloud compute url-maps create jira-app \
    --default-service jira-app
```

Create a firewall rule

To allow traffic for working with the Jira service, you configure the firewall.

Create a firewall rule to allow traffic from the load balancer to the jira-instance instance:

gcloud compute firewall-rules create jira-lb-allow \
    --action=ALLOW \
    --rules=tcp:8080 \
    --source-ranges=130.211.0.0/22,35.191.0.0/16 \
    --target-tags=jira-server

Create a Google-managed SSL certificate resource

To support HTTPS traffic, you need an SSL certificate. In this section, you add a Google-managed SSL certificate. (This feature is currently in beta.) If you want to use a different SSL certificate, see create SSL certificate resource.

Google-managed SSL certificates are automatically renewed in advance of their expiration date. For more information on the renewal process, see Google-managed SSL certificate resource status.

In Cloud Shell, create a Google-managed SSL certificate resource. Replace [DOMAIN] with your domain:
```
gcloud beta compute ssl-certificates create jira-cert \
    --domains [DOMAIN]
```

Configure HTTPS routing

You can now configure routing to send Jira traffic to the proxy.

Create a target HTTPS proxy to route requests to your URL map:

gcloud compute target-https-proxies create https-lb-proxy \
    --url-map jira-app --ssl-certificates jira-cert

Get the static external IP address of the load balancer:
```
gcloud compute addresses list
```
Make a note of the address because you need it in later steps.
Create a global forwarding rule to route incoming requests to the proxy. Replace [LB_IP_ADDRESS] with the static external address you created and that you listed in the previous step.
```
gcloud compute forwarding-rules create https-fwd-rule \
    --address [LB_IP_ADDRESS] \
    --global \
    --target-https-proxy https-lb-proxy \
    --ports 443
```

Add or update the DNS record

The next step is to add or update the DNS record for your domain so that traffic is directed from your domain to the load balancer.

At your registrar's site, add or update the DNS record for your domain so that it points to the static external IP address you created.

To see the external IP address, use the following command:
```
gcloud compute addresses list
```

Confirm that the SSL certificate resource is active

The certificate resource provisioning takes several minutes.

Check the status of the process:
```
gcloud beta compute ssl-certificates list
```
Wait for the SSL resource to have an ACTIVE status.

Connecting to Jira in the browser

Now that you have installed Jira, configured it to run as a service, and created a database for it, you can begin the setup process in a web browser window.

On your local computer, open a window in your web browser.
In the address bar, enter: https://[DOMAIN]. Replace [DOMAIN] with your domain.
In the Jira setup window, click I'll set it up myself and then click Next.

The database connection window appears.
Click my own database, which is recommended for production environments, and fill out the following:
- Database type: MySQL 5.7+
- Hostname: 127.0.0.1
- Port: 3306
- Database: the MySQL database you created
- User: the MySQL user you created
- Password: the password for the MySQL user
Click the Test Connection button to test your database connection with Jira.

The following image shows a successful connection.
Enter your license key for Jira.
During the setup process, configure your email notifications and admin access.

You now can use Jira Software on your database connection using Cloud SQL for MySQL.

Update the load balancer timeout

Now that the installation is complete, you set the load balancer timeout back to the default value of 30 seconds.

In Cloud Shell, update the timeout for the jira-app backend service:

gcloud compute backend-services update jira-app --timeout 30 --global

Cleaning up

To avoid incurring charges to your Google Cloud account for the resources used in this tutorial, either delete the project that contains the resources, or keep the project and delete the individual resources.

Delete the project

In the Cloud Console, go to the Manage resources page.
Go to Manage resources
In the project list, select the project that you want to delete, and then click Delete.
In the dialog, type the project ID, and then click Shut down to delete the project.

What's next

Explore Jira functionality by starting your first project with Jira Software.
Configure email to be sent on a non-standard port.
Schedule automated backups for your Cloud SQL instance.
Try out other Google Cloud features for yourself. Have a look at our tutorials.