streamline with actual product package

README.md

@@ -39,9 +39,10 @@ Puppet.
 
 * JIRA requires a Java Developers Kit (JDK) or Java Run-time Environment (JRE)
   platform to be installed on your server's operating system. Oracle JDK / JRE
-  (formerly Sun JDK / JRE) versions 8 (and 11 since JIRA 8.2) are currently
-  supported by Atlassian. OpenJDK version 8 (and 11 since JIRA 8.2) are supported
-  as well - Atlassian recommends to use AdoptOpenJDK to get better support
+  (formerly Sun JDK / JRE) versions 8 (and 11 since JIRA 8.2 and 17 since JIRA
+  9.5) are currently supported by Atlassian. OpenJDK version 8 (and 11 since
+  JIRA 8.2 and 17 since JIRA 9.5) are supported as well - Atlassian recommends
+  to use AdoptOpenJDK to get better support
 
 * JIRA requires a relational database to store its issue data. This module
   currently supports PostgreSQL and MySQL and Oracle and Microsoft SQL Server.
@@ -51,9 +52,9 @@ Puppet.
 * Whilst not required, for production use we recommend using nginx/apache as a
   reverse proxy to JIRA. We suggest using the puppet/nginx puppet module.
 
-* On RHEL 8 and variants, you may experience SELinux denials if you use a custom
-  installation directory that is not under `/opt`. To fix this, add an fcontext
-  equivalence between `/opt` and your desired directory:
+* On RHEL 8 and 9 and variants, you may experience SELinux denials if you use a
+  custom installation directory that is not under `/opt`. To fix this, add an
+  fcontext equivalence between `/opt` and your desired directory:
   `semanage fcontext -a /apps/jira -e /opt`
   and run `restorecon`.
 
@@ -249,16 +250,16 @@ Reverse proxy can be configured as a hash as part of the JIRA resource
 
 ## Limitations
 
-* Puppet 6.1.0
+* Puppet 7.x, 8.x
 * Puppet Enterprise
 
 The puppetlabs repositories can be found at:
 <http://yum.puppetlabs.com/> and <http://apt.puppetlabs.com/>
 
-* RedHat 7, 8 or compatible (CentOS, Oracle Linux, etc)
+* RedHat 7, 8, 9 or compatible (CentOS, Oracle Linux, etc)
 * Ubuntu 18.04, 20.04
 
-* Jira 8.x
+* Jira 8.x, 9.x
 
 * PostgreSQL
 * MySQL

manifests/config.pp

@@ -26,7 +26,7 @@
   }
 
   # JVM args. These will be the defaults if not overridden
-  if $jira::jvm_type == 'openjdk-11' {
+  if $jira::jvm_type == 'openjdk-11' or $jira::jvm_type == 'openjdk-17' {
     $jvm_gc_args = '-XX:+UseG1GC -XX:+ExplicitGCInvokesConcurrent'
   } else {
     $jvm_gc_args = '-XX:+ExplicitGCInvokesConcurrent'

manifests/init.pp

@@ -391,7 +391,7 @@
   Stdlib::Absolutepath $tomcat_keystore_file                        = '/home/jira/jira.jks',
   String $tomcat_keystore_pass                                      = 'changeit',
   Enum['JKS', 'JCEKS', 'PKCS12'] $tomcat_keystore_type              = 'JKS',
-  String $tomcat_accesslog_format                                   = '%a %{jira.request.id}r %{jira.request.username}r %t "%m %U%q %H" %s %b %D "%{Referer}i" "%{User-Agent}i" "%{jira.request.assession.id}r"',
+  String $tomcat_accesslog_format                                   = '%a %{jira.request.id}r %{jira.request.username}r %t "%m %U%{sanitized.query}r %H" %s %b %D "%{sanitized.referer}r" "%{User-Agent}i" "%{jira.request.assession.id}r"',
   Boolean $tomcat_accesslog_enable_xforwarded_for                   = false,
   # Tomcat Tunables
   Integer $tomcat_max_threads                                       = 150,

metadata.json

@@ -36,21 +36,24 @@
       "operatingsystem": "RedHat",
       "operatingsystemrelease": [
         "7",
-        "8"
+        "8",
+        "9"
       ]
     },
     {
       "operatingsystem": "CentOS",
       "operatingsystemrelease": [
         "7",
-        "8"
+        "8",
+        "9"
       ]
     },
     {
       "operatingsystem": "OracleLinux",
       "operatingsystemrelease": [
         "7",
-        "8"
+        "8",
+        "9"
       ]
     },
     {

spec/type_aliases/jvm_types_spec.rb

@@ -4,7 +4,7 @@
 
 describe 'Jira::Jvm_types' do
   describe 'valid attributes' do
-    %w[openjdk-11 oracle-jdk-1.8].each do |value|
+    %w[openjdk-11 oracle-jdk-1.8 openjdk-17].each do |value|
       describe value.inspect do
         it { is_expected.to allow_value(value) }
       end

templates/check-java.sh.erb

@@ -31,10 +31,10 @@ else
     java_version=${values[0]}
 fi
 
-if [ "$java_version" -ne 8 ] && [ "$java_version" -ne 11 ]
+if [ "$java_version" -ne 8 ] && [ "$java_version" -ne 11 ] && [ "$java_version" -ne 17 ]
 then
     echo "****************************************************************************"
-    echo "*******      Wrong JVM version! Jira requires 1.8 or 11 to run.      *******"
+    echo "*******    Wrong JVM version! Jira requires 1.8, 11 or 17 to run.    *******"
     echo "****************************************************************************"
     echo "***"
     echo "*** Output of java -version command is:"
@@ -54,4 +54,4 @@ then
         echo "****************************************************************************"
         exit 1
     fi
-fi
+fi

templates/context.xml.epp

@@ -1,4 +1,4 @@
-<?xml version='1.0' encoding='utf-8'?>
+<?xml version="1.0" encoding="UTF-8"?>
 <!--
   Licensed to the Apache Software Foundation (ASF) under one or more
   contributor license agreements.  See the NOTICE file distributed with
@@ -18,15 +18,18 @@
 <!-- The contents of this file will be loaded for each web application -->
 <Context>
 
-    <!-- Default set of monitored resources -->
+    <!-- Default set of monitored resources. If one of these changes, the    -->
+    <!-- web application will be reloaded.                                   -->
     <WatchedResource>WEB-INF/web.xml</WatchedResource>
+    <WatchedResource>WEB-INF/tomcat-web.xml</WatchedResource>
+    <WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
 
     <!-- Uncomment this to disable session persistence across Tomcat restarts -->
     <!--
     <Manager pathname="" />
     -->
 
-    <!-- Uncomment this to enable Comet connection tacking (provides events
+    <!-- Uncomment this to enable Comet connection tracking (provides events
          on session expiration as well as webapp lifecycle) -->
     <!--
     <Valve className="org.apache.catalina.valves.CometConnectionManagerValve" />
@@ -39,5 +42,5 @@
 <%     } -%>
     />
 <% } -%>
-<JarScanner scanManifest="false"/>
+    <JarScanner scanManifest="false"/>
 </Context>

templates/server.xml.epp

@@ -1,5 +1,4 @@
 <?xml version="1.0" encoding="utf-8"?>
-
 <!--
   Licensed to the Apache Software Foundation (ASF) under one or more
   contributor license agreements.  See the NOTICE file distributed with
@@ -17,13 +16,12 @@
   limitations under the License.
 -->
 <Server port="<%= $jira::tomcat_shutdown_port %>" shutdown="SHUTDOWN">
-    <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+    <Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
+    <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/>
     <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
     <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
     <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
 
-    <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
-
     <Service name="Catalina">
 <% if $jira::tomcat_default_connector { -%>
         <Connector port="<%= $jira::tomcat_port %>"
@@ -39,16 +37,16 @@
                    maxHttpHeaderSize="<%= $jira::tomcat_max_http_header_size %>"
                    protocol="<%= $jira::tomcat_protocol %>"
                    useBodyEncodingForURI="<%= $jira::tomcat_use_body_encoding_for_uri %>"
-                   acceptCount="<%= $jira::tomcat_accept_count %>"
-<% if ! $jira::proxy['scheme'] { -%>
-                   scheme="http"
-<% } -%>
-                   disableUploadTimeout="<%= $jira::tomcat_disable_upload_timeout %>"
-                   bindOnInit="false"
 <% if $jira::tomcat_native_ssl and $jira::tomcat_redirect_https_port { -%>
                    redirectPort="<%= $jira::tomcat_redirect_https_port %>"
 <% } else { -%>
-                   redirectPort="<%= $jira::tomcat_https_port %>"
+                   redirectPort="<%= $jira::tomcat_https_port%>"
+<% } -%>
+                   acceptCount="<%= $jira::tomcat_accept_count %>"
+                   disableUploadTimeout="<%= $jira::tomcat_disable_upload_timeout %>"
+                   bindOnInit="false"
+<% if ! $jira::proxy['scheme'] { -%>
+                   scheme="http"
 <% } -%>
 <% if $jira::proxy { -%>
 <%   jira::sort_hash($jira::proxy).each |$key, $value| { -%>
@@ -59,37 +57,36 @@
 <%- } -%>
 
 <% if $jira::tomcat_native_ssl { -%>
-        <Connector
-                    port="<%= $jira::tomcat_https_port %>"
-                    protocol="<%= $jira::config::tomcat_protocol_ssl_real %>"
-                    <%- if $jira::tomcat_address { -%>
-                    address="<%= $jira::tomcat_address %>"
-                    <%- } -%>
-                    relaxedPathChars="[]|"
-                    relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
-                    maxHttpHeaderSize="<%= $jira::tomcat_max_http_header_size %>"
-                    SSLEnabled="true"
-                    maxThreads="<%= $jira::tomcat_max_threads %>"
-                    minSpareThreads="<%= $jira::tomcat_min_spare_threads %>"
-                    enableLookups="<%= $jira::tomcat_enable_lookups %>"
-                    disableUploadTimeout="<%= $jira::tomcat_disable_upload_timeout %>"
-                    acceptCount="<%= $jira::tomcat_accept_count %>"
-<%   if ! $jira::proxy['scheme'] { -%>
-                    scheme="https"
+        <Connector port="<%= $jira::tomcat_https_port %>"
+                   <%- if $jira::tomcat_address { -%>
+                   address="<%= $jira::tomcat_address %>"
+                   <%- } -%>
+                   relaxedPathChars="[]|"
+                   relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
+                   maxThreads="<%= $jira::tomcat_max_threads %>"
+                   minSpareThreads="<%= $jira::tomcat_min_spare_threads %>"
+                   enableLookups="<%= $jira::tomcat_enable_lookups %>"
+                   maxHttpHeaderSize="<%= $jira::tomcat_max_http_header_size %>"
+                   protocol="<%= $jira::config::tomcat_protocol_ssl_real %>"
+                   useBodyEncodingForURI="<%= $jira::tomcat_use_body_encoding_for_uri %>"
+                   acceptCount="<%= $jira::tomcat_accept_count %>"
+                   disableUploadTimeout="<%= $jira::tomcat_disable_upload_timeout %>"
+<%   if $jira::proxy['scheme'] { -%>
+                   scheme="https"
 <%   } -%>
-                    secure="true"
-                    clientAuth="false"
-                    sslProtocol="TLS"
-                    useBodyEncodingForURI="true"
-                    keyAlias="<%= $jira::tomcat_key_alias %>"
-                    keystoreFile="<%= $jira::tomcat_keystore_file %>"
-                    keystorePass="<%= $jira::tomcat_keystore_pass %>"
-                    keystoreType="<%= $jira::tomcat_keystore_type %>"
 <%   if $jira::proxy { -%>
 <%     jira::sort_hash($jira::proxy).each |$key, $value| { -%>
-                    <%= $key %> = '<%= $value %>'
+                   <%= $key %> = '<%= $value %>'
 <%     } -%>
 <%   } -%>
+                   SSLEnabled="true"
+                   secure="true"
+                   clientAuth="false"
+                   sslProtocol="TLS"
+                   keyAlias="<%= $jira::tomcat_key_alias %>"
+                   keystoreFile="<%= $jira::tomcat_keystore_file %>"
+                   keystorePass="<%= $jira::tomcat_keystore_pass %>"
+                   keystoreType="<%= $jira::tomcat_keystore_type %>"
         />
 <% } -%>
 
@@ -108,11 +105,11 @@
 <% } -%>
                    />
 <% } -%>
+
         <Engine name="Catalina" defaultHost="localhost">
             <Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">
 
                 <Context path="<%= $jira::contextpath %>" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">
-
                     <Resource name="UserTransaction" auth="Container" type="javax.transaction.UserTransaction"
                               factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/>
 <% if $jira::use_jndi_ds { %>
@@ -131,14 +128,13 @@
                     <JarScanner scanManifest="false"/>
                     <Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="120" />
                 </Context>
-            </Host>
 
-          <Valve className="org.apache.catalina.valves.AccessLogValve" resolveHosts="false"
+            </Host>
+            <Valve className="org.apache.catalina.valves.AccessLogValve" resolveHosts="false"
 <% if $jira::tomcat_accesslog_enable_xforwarded_for { %>
-                 requestAttributesEnabled="true"
+                   requestAttributesEnabled="true"
 <% } -%>
-                 pattern="<%= $jira::tomcat_accesslog_format %>"/>
-
+                   pattern="<%= $jira::tomcat_accesslog_format %>"/>
 <% if $jira::tomcat_accesslog_enable_xforwarded_for { %>
             <Valve
               className="org.apache.catalina.valves.RemoteIpValve"

templates/setenv.sh.epp

@@ -38,7 +38,9 @@ JVM_CODE_CACHE_ARGS='<%= pick_default($jira::jvm_code_cache_args, $jira::config:
 #
 # The following are the required arguments for Jira.
 #
-<%- if ($jira::product != "servicedesk" and versioncmp($jira::version, '8.11.0') > 0) or ($jira::product == "servicedesk" and (versioncmp($jira::version, '4.11.0') > 0)){ -%>
+<%- if $jira::product != "servicedesk" and versioncmp($jira::version, '9.0.0' >= 0) { -%>
+JVM_REQUIRED_ARGS='-Dlog4j2.contextSelector=org.apache.logging.log4j.core.selector.BasicContextSelector -Dlog4j2.disableJmx=true -Dlog4j2.garbagefree.threadContextMap=true -Dlog4j2.isWebapp=false -Djava.awt.headless=true -Datlassian.standalone=JIRA -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dmail.mime.decodeparameters=true -Dorg.dom4j.factory=com.atlassian.core.xml.InterningDocumentFactory'
+<% } elsif $jira::product != "servicedesk" and versioncmp($jira::version, '8.11.0') > 0 or $jira::product == "servicedesk" and (versioncmp($jira::version, '4.11.0') > 0) { -%>
 JVM_REQUIRED_ARGS='-Djava.awt.headless=true -Datlassian.standalone=JIRA -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dmail.mime.decodeparameters=true -Dorg.dom4j.factory=com.atlassian.core.xml.InterningDocumentFactory'
 <% } else { -%>
 JVM_REQUIRED_ARGS='-Djava.awt.headless=true -Datlassian.standalone=JIRA -Dorg.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER=true -Dmail.mime.decodeparameters=true'
@@ -87,6 +89,9 @@ if [ "$JIRA_HOME" != "" ]; then
     fi
 fi
 
+# DO NOT remove the following line
+# !INSTALLER SET JAVA_HOME
+
 JAVA_OPTS="-Xms${JVM_MINIMUM_MEMORY} -Xmx${JVM_MAXIMUM_MEMORY} ${JVM_CODE_CACHE_ARGS} ${JAVA_OPTS} ${JVM_REQUIRED_ARGS} ${DISABLE_NOTIFICATIONS} ${JVM_SUPPORT_RECOMMENDED_ARGS} ${JVM_EXTRA_ARGS} ${JIRA_HOME_MINUSD} ${START_JIRA_JAVA_OPTS}"
 
 j_ver=`echo "$($JAVA_HOME/bin/java -version 2>&1)" | grep "version" | awk '{ print substr($3, 2, length($3)-2); }'`
@@ -99,11 +104,8 @@ fi
 
 export JAVA_OPTS
 
-# DO NOT remove the following line
-# !INSTALLER SET JAVA_HOME
-
 echo ""
-echo "If you encounter issues starting or stopping Jira, please see the Troubleshooting guide at https://docs.atlassian.com/jira/jadm-docs-0813/Troubleshooting+installation"
+echo "If you encounter issues starting or stopping Jira, please see the Troubleshooting guide at https://docs.atlassian.com/jira/jadm-docs-0912/Troubleshooting+installation"
 echo ""
 if [ "$JIRA_HOME_MINUSD" != "" ]; then
     echo "Using JIRA_HOME:       $JIRA_HOME"

templates/user.sh.epp

@@ -1,6 +1,6 @@
 # START INSTALLER MAGIC ! DO NOT EDIT !
 JIRA_USER="<%= $jira::user %>" # user created by puppet
 SHELL="/bin/bash"
-# # END INSTALLER MAGIC ! DO NOT EDIT !
+# END INSTALLER MAGIC ! DO NOT EDIT !
 
 export JIRA_USER SHELL

types/jvm_types.pp

@@ -1,2 +1,2 @@
 # @summary Java Virtual Machine (JVM) types
-type Jira::Jvm_types = Enum['openjdk-11', 'oracle-jdk-1.8']
+type Jira::Jvm_types = Enum['openjdk-11', 'oracle-jdk-1.8', 'openjdk-17']