码上快乐

相关内容   简体   繁体

jumpserver安装配置

本文转载自  查看原文  2020-09-21 17:24  666    jumpserver安装配置

1.环境配置

[root@xmj ~]# getenforce
Permissive

[root@xmj ~]# systemctl stop firewalld       关闭防火墙

修改字符集,否则可能报in put/out put error的问题,因为日志里打印了中文

[root@localhost ~]#  localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8

[root@localhost ~]#  export  LC_ALL=zh_CN.UTF-8

[root@localhost ~]# echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf

修改完字符集后,安装一些必须要的环境:

[root@localhost ~]# yum install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git -y

 [root@xmj ~]#  wget https://www.python.org/ftp/python/3.6.1/python-3.6.1.tar.xz

 [root@xmj ~]#   tar xvf Python-3.6.1.tar.xz && cd Python-3.6.1

这里必须执行编译安装,否则会在安装python依赖库时会有麻烦

[root@xmj Python-3.6.1]# cd /opt

[root@xmj opt]# python3 -m venv py3

[root@xmj opt]# source  /opt/py3/bin/activate

(py3) [root@xmj opt]# git clone git://github.com/kennethreitz/autoenv.git

 (py3) [root@xmj opt]# echo 'source /opt/autoenv/activate.sh' >> ~/.bashrc 

(py3) [root@xmj ~]# source ./.bashrc

2.下载jumpserver安装包

(py3) [root@xmj opt]# git clone https://github.com/jumpserver/jumpserver.git

(py3) [root@xmj opt]#  cd jumpserver

(py3) [root@xmj jumpserver]# git checkout master

 3.安装所需要的 python modules

(py3) [root@xmj jumpserver]# echo "source /opt/py3/bin/activate" > /opt/jumpserver/.env

(py3) [root@xmj jumpserver]# cd requirements/

 选择y

(py3) [root@xmj requirements]# yum install $(cat rpm_requirements.txt) -y

(py3) [root@xmj requirements]# pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/

 (py3) [root@xmj requirements]# pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/

 4.安装redis

(py3) [root@xmj requirements]# yum install redis -y             安装

(py3) [root@xmj requirements]# systemctl enable redis     设为开机自启

(py3) [root@xmj requirements]# systemctl start redis 

5.安装mysql服务

(py3) [root@xmj requirements]# yum -y install mariadb mariadb-devel mariadb-server

 (py3) [root@xmj requirements]# systemctl enable mariadb

(py3) [root@xmj requirements]# systemctl start mariadb

进入mariadb数据库

MariaDB [(none)]> create database jumpserver default charset 'utf8';                创建名为jumpserver 的数据库,默认使用utf8字符集

MariaDB [(none)]> grant all on jumpserver.* to 'jumpserveradmin'@'127.0.0.1' identified by 'jumpserverpwd';           给数据库授权

MariaDB [(none)]> flush privileges;               刷新下数据库

 6.配置jumpserver

(py3) [root@xmj requirements]# pwd      确认下路径
/opt/jumpserver/requirements

(py3) [root@xmj requirements]# cd ..  返回到上一级目录

(py3) [root@xmj jumpserver]# cp config_example.yml config.yml  复制一下配置文件

(py3) [root@xmj jumpserver]# SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`   随机生成一个包含大a到大z,小a到小z的 0-9 的50位数

确认是否生成

(py3) [root@xmj jumpserver]# echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc             写入到bash.rc里面

(py3) [root@xmj jumpserver]# cd        切换到家目录看看,确认内容是否追加

(py3) [root@xmj ~]# BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 |head -c 16`

(py3) [root@xmj ~]# echo $BOOTSTRAP_TOKEN
48hmOImYsCWRqqn0

(py3) [root@xmj ~]# echo "BOOTSTRAP_TOKEN= $BOOTSTRAP_TOKEN" >> ~/.bashrc

(py3) [root@xmj ~]# sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
(py3) [root@xmj ~]# sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
(py3) [root@xmj ~]# sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
(py3) [root@xmj ~]# sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
(py3) [root@xmj ~]# sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
(py3) [root@xmj ~]# sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
(py3) [root@xmj ~]# echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"
你的SECRET_KEY是 24AybD8hm1XtVMC1F1TnQTAY6088q8UmeETKvL6mumvt5FItuC

(py3) [root@xmj ~]# echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"

你的BOOTSTRAP_TOKEN是 48hmOImYsCWRqqn0

(py3) [root@xmj ~]# cd /opt/jumpserver/

(py3) [root@xmj jumpserver]# vim config.yml   修改如下内容

DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserveradmin
DB_PASSWORD: jumpserverpwd
DB_NAME: jumpserver

 7.启动/关闭jumpserver

(py3) [root@xmj jumpserver]# pwd
/opt/jumpserver

(py3) [root@xmj jumpserver]# ./jms start        启动

(py3) [root@xmj jumpserver]# ./jms stop       停止
Stop service
gunicorn is stopped
celery_ansible is stopped
celery_default is stopped
beat is stopped

(py3) [root@xmj jumpserver]# ./jms start  -d  放在后台启动

(四)、安装 docker 部署coco与guacamole
1、安装Docker
yum install -y yum-utils device-mapper-persistent-data lvm2

# 安装相关依赖

yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

# 配置Docker源

yum makecache fast

# 重新生成缓存

rpm --import https://mirrors.aliyun.com/docker-ce/linux/centos/gpg

yum -y install docker-ce

# 安装Docker-ce

mkdir -p /etc/docker

wget -O /etc/docker/daemon.json http://demo.jumpserver.org/download/docker/daemon.json

# 下载相关文件

systemctl restart docker && systemctl enable docker

# 启动docker并设置开机自启

8.部署koko

(py3) [root@xmj ~]# Server_IP=192.168.6.189

(py3) [root@xmj ~]# BOOTSTRAP_TOKEN=48hmOImYsCWRqqn0

(py3) [root@xmj ~]# docker run --name jms_koko -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP-TOKEN jumpserver/jms_koko:1.5.5

 

(py3) [root@xmj ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
jumpserver/jms_koko 1.5.5 17cf3f220213 9 months ago 41.4MB

手工部署koko(coco目前已经被koko取代)

9.部署guacamole

 (py3) [root@xmj ~]# docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP-TOKEN jumpserver/jms_guacamole:1.5.5

[root@xmj opt]# cd /opt

 [root@xmj opt]# wget https://github.com/jumpserver/luna/releases/download/1.5.5/luna.tar.gz

[root@xmj opt]# tar xvf luna.tar.gz

[root@xmj opt]# chown -R root:root luna    

11.配置nginx下载nginx的源码包

[root@xmj ~]# tar xvf nginx-1.14.2.tar.gz    解压

[root@xmj ~]# cd nginx-1.14.2/

[root@xmj nginx-1.14.2]#./configure --prefix=/usr/local/nginx

[root@xmj nginx-1.14.2]# make && make install

[root@xmj nginx-1.14.2]# cd /usr/local/nginx/conf/

[root@xmj conf]# mkdir conf.d

[root@xmj conf]# cd conf.d/

[root@xmj conf.d]# vim jumpserver.conf

server { listen 80; client_max_body_size 100m; # 录像及文件上传大小限制 location /luna/ { try_files $uri / /index.html; alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改 } location /media/ { add_header Content-Encoding gzip; root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改 } location /static/ { root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改 } location /socket.io/ { proxy_pass http://localhost:5000/socket.io/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location /coco/ { proxy_pass http://localhost:5000/coco/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location /guacamole/ { proxy_pass http://localhost:8081/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location / { proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }

[root@xmj conf.d]# /usr/local/nginx/sbin/nginx -t              检测下nginx配置文件
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@xmj conf.d]# pwd
/usr/local/nginx/conf/conf.d
[root@xmj conf.d]# cd ..

[root@xmj conf]# cp nginx.conf nginx.conf.bak

[root@xmj conf]#  grep -Pv "^($| *#)" nginx.conf  去掉注释行

[root@xmj conf]# vim nginx.conf     以下内容是过滤好的,可直接清空nginx.conf后在粘贴进去

worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
include /usr/local/nginx/conf/conf.d/*.conf;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}

[root@xmj conf]# /usr/local/nginx/sbin/nginx -t             再次检查
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful

[root@xmj bin]# /usr/local/nginx/sbin/nginx  启动nginx

访问ip

 


免责声明!

本站转载的文章为个人学习借鉴使用,本站对版权不负任何法律责任。如果侵犯了您的隐私权益,请联系本站邮箱yoyou2525@163.com删除。



猜您在找 Jumpserver堡垒机安装配置全过程 jumpserver安装与配置 jumpserver堡垒机安装与配置 jumpserver的安装 jumpserver的安装 Hadoop安装配置 inotify安装配置 如何安装配置ulipad Jetty安装配置 Apollo安装配置
 
粤ICP备18138465号  © 2018-2025 CODEPRJ.COM