安装jumpserver堡垒机

1.修改字符集
如果用的云服务器，云服务器默认是英文字符集。否则可能报 input/output error的问题，因为日志里打印了中文

[root@snowy201~]# localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
[root@snowy201~]# export LC_ALL=zh_CN.UTF-8
[root@snowy201~]# echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf

2.安装依赖包

[root@snowy201~]# yum -y install epel-release
[root@snowy201~]# yum clean all && yum makecache
[root@snowy201~]# yum -y update
[root@snowy201~]# yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git

3.关闭selinux(如果不关闭，后面登录jumpserver管理后台时,会报错 502 bad gateway)

[root@snowy201~]# setenforce 0
[root@snowy201~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config    #长期关闭selinux 
[root@snowy201~]# systemctl stop firewalld && systemctl disable firewalld　　#关闭防火墙

4.编译安装python-3.6.1

[root@snowy201~]# wget https://mirrors.huaweicloud.com/python/3.6.1/Python-3.6.1.tar.xz
[root@snowy201~]# tar xf Python-3.6.1.tar.xz && cd Python-3.6.1
[root@snowy201~]# ./configure && make -j 4 && make install
[root@snowy201~]# cd /opt/

• 创建虚拟环境

[root@snowy201 ~]#python3 -m venv py3
[root@snowy201 ~]#source /opt/py3/bin/activate  //进入py3虚拟环境
(py3) [root@snowy201~]#    //看到面的py3提示符，就表示己经时入python3的虚拟环境     

5.下载安装jumpserver

(py3) [root@snowy201 ~]#cd /opt
(py3) [root@snowy201 opt]#wget https://github.com/jumpserver/jumpserver/releases/download/v2.2.2/jumpserver-v2.2.2.tar.gz
(py3) [root@snowy201 opt]#tar xf jumpserver-v2.2.2.tar.gz
(py3) [root@snowy201 opt]#mv jumpserver-v2.2.2 jumpserver
(py3) [root@snowy201 opt]#cd /opt/jumpserver/requirements
(py3) [root@snowy201 opt]#yum install -y $(cat rpm_requirements).
(py3) [root@snowy201 opt]#pip install wheel -i https://mirrors.aliyun.com/pypi/simple/
(py3) [root@snowy201 opt]#pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/
(py3) [root@snowy201 opt]#pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/

6.安装Redis

(py3) [root@snowy201 opt] cd 
(py3) [root@snowy201 ~]#yum -y install redis
(py3) [root@snowy201 ~]#systemctl enable redis  --now 

7.安装MySQL

(py3) [root@snowy201 ~]#yum -y install mariadb mariadb-devel mariadb-server
(py3) [root@snowy201 ~]#systemctl enable mariadb --now

• 创建jumpserver数据库并授权

(py3) [root@snowy201 ~]#mysql -u root -p
(py3) [root@snowy201 ~]#create database jumpserver default charset 'utf8';
(py3) [root@snowy201 ~]#grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '1';
(py3) [root@snowy201 ~]#flush privileges; 

8.配置Jumpserver

(py3) [root@snowy201 ~]#cd /opt/jumpserver
(py3) [root@snowy201 ~]#vim config.yml
修改以下几行内容
SECRET_KEY: 3NF6ldRQzLNeRh8ewjJ4FkRXCccjExTRWXQ4JYIi4cIwQprZG  
可以使用命令生成（cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 29;echo） 
BOOTSTRAP_TOKEN: ujye866EVpHUDV9F 
可以使用命令生成（cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16;echo）
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: '1' //密码如果是纯数字一定要加单引号
DB_NAME: jumpserver

• 启动和关闭jumpserver

(py3) [root@snowy201 ~]#cd /opt/jumpserver
(py3) [root@snowy201 ~]#./jms start -d
(py3) [root@snowy201 ~]#./jms stop

ps：jumpserver服务启动后，通过web访问后台，打开页面很慢，超时，查看进程资源使用情况发现,进程celery一直占用CPU使用率达100%，解决办法：pip install django-celery==3.1.17

9.部署koko

(py3) [root@snowy201 ~]# cd /opt/
(py3) [root@snowy201 opt]# wget https://github.com/jumpserver/koko/releases/download/v2.2.2/koko-v2.2.2-linux-amd64.tar.gz
(py3) [root@snowy201 opt]# tar -xf koko-v2.2.2-linux-amd64.tar.gz
(py3) [root@snowy201 opt]# cd koko
(py3) [root@snowy201 koko]# mv kubectl /usr/local/bin/
(py3) [root@snowy201 koko]# wget https://download.jumpserver.org/public/kubectl.tar.gz
(py3) [root@snowy201 koko]# tar xf kubectl.tar.gz
(py3) [root@snowy201 koko]# chmod 755 kubectl
(py3) [root@snowy201 koko]# mv kubectl /usr/local/bin/rawkubectl
(py3) [root@snowy201 koko]# rm -rf kubectl.tar.gz
(py3) [root@snowy201 koko]# cp config_example.yml config.yml
(py3) [root@snowy201 koko]# vim config.yml
# Bootstrap Token, 预共享秘钥, 用来注册coco使用的service account和terminal
# 请和jumpserver 配置文件中保持一致，注册完成后可以删除
BOOTSTRAP_TOKEN: ujye866EVpHUDV9F

# Redis配置
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
# REDIS_PASSWORD:
# REDIS_CLUSTERS:
# REDIS_DB_ROOM:

• 启动和关闭koko

(py3) [root@snowy201 koko]# ./koko    #前台启动
(py3) [root@snowy201 koko]# ./koko -d  #后台启动

10. 部署guacamole

• 安装docker

(py3) [root@snowy201 koko]# cd
(py3) [root@snowy201 ~]# yum -y install docker
(py3) [root@snowy201 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://qtfb3ml8.mirror.aliyuncs.com"]
}
(py3) [root@snowy201 ~]# systemctl enable docker --now

• 拉取guacamole镜像

(py3) [root@snowy201 ~]# docker run --restart=always --name jms_guacamole -d -p 127.0.0.1:8081:8080 -e JUMPSERVER_SERVER=172.20.77.201:8080 -e BOOTSTRAP_TOKEN=SGwEzYzaBruFOcdU -e GUACAMOLE_LOG_LEVEL=ERROR jumpserver/jms_guacamole:v2.2.2

11. 部署lina组件

(py3) [root@snowy201 ~]# cd /opt/
(py3) [root@snowy201 opt]# wget https://github.com/jumpserver/lina/releases/download/v2.2.2/lina-v2.2.2.tar.gz
(py3) [root@snowy201 opt]# tar -xf lina-v2.2.2.tar.gz
(py3) [root@snowy201 opt]# mv lina-v2.2.2 lina

12. 部署luna组件

py3) [root@snowy201 opt]# wget https://github.com/jumpserver/luna/releases/download/v2.2.2/luna-v2.2.2.tar.gz
py3) [root@snowy201 opt]# tar -xf luna-v2.2.2.tar.gz
py3) [root@snowy201 opt]# mv luna-v2.2.2 luna

13. 安装配置nginx

py3) [root@snowy201 opt]# yun install -y nginx
py3) [root@snowy201 opt]# vi /etc/nginx/nginx.conf
#37行开始配置文件修改为以下内容
server {
listen 80;
client_max_body_size 100m; # 录像及文件上传大小限制

location /ui/ {
try_files $uri / /index.html;
alias /opt/lina/;
}

location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
}

location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
}

location /static/ {
root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
}

location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}

location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}

location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}

location /api/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

location /core/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}

启动nginx

py3) [root@snowy201 opt]# systemctl enable nginx --now 

14. 启动jumpserver

py3) [root@snowy201 opt]# cd /opt/jumpserver
py3) [root@snowy201 opt]# ./jms start -d

15.启动koko

py3) [root@snowy201 opt]# cd /opt/koko
py3) [root@snowy201 koko]# ./koko -d

16.通过web登录jumpserver管理后台即可

ps：如果通过web访问后台，打开页面很慢，超时，查看进程资源使用情况发现,进程celery一直占用CPU使用率达100%，解决办法：pip install django-celery==3.1.17
17.jumpersever开机启动脚本
虽然jumperserver己经可以正常使用了，但是服务器重启后，又得手动启动服务，比较麻烦，写个开机启动脚本

[root@snowy201 ~]# vi /etc/init.d/start_jumpserver.sh
#/bin/bash
echo "start jumpserver"
source /opt/py3/bin/activate
/opt/jumpserver/jms start -d >>/root/log.txt 2>&1
sleep 60
cd /opt/koko/
./koko -d >> /root/log.txt 2>&1
[root@snowy201 ~]# chmod +x /etc/init.d/start_jumpserver.sh
[root@snowy201 ~]# echo "/etc/init.d/start_jumpserver.sh" >> /etc/rc.d/rc.local
[root@snowy201 ~]# chmod +x /etc/rc.d/rc.local

部分文档参考：https://blog.csdn.net/zyy130988/article/details/112313703