碼上快樂

相關內容    簡體    繁體

centos7安裝部署jumpserver

本文轉載自   查看原文   2019-05-08 13:56   1824    jumpserver

一、系統環境准備
1、查看系統版本

# cat /etc/redhat-release // 查看系統版本
CentOS Linux release 7.5.1804 (Core)

# uname -a // 查看系統信息
Linux localhost.localdomain 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux


2、關閉selinux和防火牆

# getenforce //查看selinux的狀態 
   Disabled // 如果是Enable需要修改為Disabled,命令是“setenforce 0”

# systemctl stop firewalld.service // 關閉防火牆

 

3、修改字符集
因為日志里打印了中文,否則肯能報錯:input/output error問題

# localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
# export LC_ALL=zh_CN.UTF-8
# echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf

二、准備Python3和Python虛擬環境
1、安裝依賴包 
 # yum -y install wget vim lrzsz xz gcc git epel-release python-pip python-devel mysql-devel automake autoconf sqlite-devel zlib-devel openssl-devel sshpass readline-devel
 2、編譯安裝 
# yum -y install python36 python36-devel

// 如果下載速度很慢, 可以換國內源
# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
# yum -y install python36 python36-devel
 3、建立 Python 虛擬環境 CentOS 7 自帶的是 Python2,而 yum 等工具依賴原來的 Python,為了不擾亂原來的環境我們來使用 Python 虛擬環境 
# cd /opt
# python3.6 -m venv py3
# source /opt/py3/bin/activate
(py3) [root@localhost opt]#  //看到這一行的提示符代表成功,以后運行 Jumpserver 都要先運行以上 source 命令
 以下所有命令均在該虛擬環境中運行: 三、安裝 Jumpserver 1、下載或 Clone 項目 項目提交較多 git clone 時較大,你可以選擇去 Github 項目頁面直接下載zip包
(py3) [root@localhost opt]# git clone --depth=1 https://github.com/jumpserver/jumpserver.git

2、安裝依賴 RPM 包 
(py3) [root@localhost opt]# cd /opt/jumpserver/requirements
(py3) [root@localhost requirements]# yum -y install $(cat rpm_requirements.txt)

//如果下載速度很慢, 可以換國內源
# pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/
# pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
 3、安裝python庫依賴 
(py3) [root@localhost  opt]# pip install --upgrade pip setuptools
(py3) [root@localhost  opt]# pip install -r requirements.txt
 4、安裝 Redis, Jumpserver 使用 Redis 做 cache 和 celery broke 
(py3) [root@localhost  opt]# yum -y install redis
(py3) [root@localhost  opt]# systemctl enable redis
(py3) [root@localhost  opt]# systemctl start redis
 5、安裝 MySQL 
(py3) [root@localhost  opt]# yum -y install mariadb mariadb-devel mariadb-server   //centos7下安裝的是mariadb
(py3) [root@localhost  opt]# systemctl enable mariadb
(py3) [root@localhost  opt]# systemctl start mariadb
 6、創建數據庫 Jumpserver 並授權
(py3) [root@localhost  opt]# DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`  // 生成隨機數據庫密碼
(py3) [root@localhost  opt]# mysql -uroot -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD'; flush privileges;"
 7、修改 Jumpserver 配置文件 
(py3) [root@localhost  opt]# cd /opt/jumpserver/
(py3) [root@localhost  jumpserver]# cp config_example.yml config.yml
(py3) [root@localhost  jumpserver]# SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`   // 生成隨機的SECRET_KEY
(py3) [root@localhost  jumpserver]# echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
(py3) [root@localhost  jumpserver]# BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`  // 生成隨機BOOTSTRAP_TOKEN
(py3) [root@localhost  jumpserver]# echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
(py3) [root@localhost  jumpserver]# sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
(py3) [root@localhost  jumpserver]# sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
(py3) [root@localhost  jumpserver]# sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
(py3) [root@localhost  jumpserver]# sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
(py3) [root@localhost  jumpserver]# sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
(py3) [root@localhost  jumpserver]# sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml

8、運行 Jumpserver 
(py3) [root@jumpserver jumpserver]# cd /opt/jumpserver
(py3) [root@jumpserver jumpserver]# ./jms start all -d // 新版本更新了運行腳本,使用方式./jms start|stop|status|restart all  后台運行請添加 -d 參數
 四、安裝ssh server和websocket server:Coco 1、下載或clone目錄 
(py3)[root@jumpserver opt]# cd /opt 
(py3)[root@jumpserver opt]# git clone --depth=1 https://github.com/jumpserver/coco.git   // 下載項目
 2、安裝依賴 
(py3)[root@jumpserver opt]# cd /opt/coco/requirements
(py3)[root@jumpserver requirements]# yum -y install $(cat rpm_requirements.txt)
(py3)[root@jumpserver requirements]# pip install -r requirements.txt

//如果下載速度很慢, 可以換國內源
# pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/

3、修改配置文件並運行 
(py3)[root@jumpserver requirements]# cd /opt/coco
(py3)[root@jumpserver coco]# cp config_example.yml config.yml
(py3)[root@jumpserver coco]# sed -i "s/BOOTSTRAP_TOKEN: <PleasgeChangeSameWithJumpserver>/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/coco/config.yml
(py3)[root@jumpserver coco]# sed -i "s/# LOG_LEVEL: INFO/LOG_LEVEL: ERROR/g" /opt/coco/config.yml
(py3)[root@jumpserver coco]# ./cocod start -d  // 后台運行使用 -d 參數./cocod start -d
 五、安裝web Terminal 前端 :luna  Luna 已改為純前端, 需要 Nginx 來運行訪問 訪問(https://github.com/jumpserver/luna/releases)下載對應版本的 release 包, 直接解壓不需要編譯 1、下載並解壓luna 
(py3)[root@jumpserver coco]# cd /opt
(py3)[root@jumpserver opt]# wget https://github.com/jumpserver/luna/releases/download/1.4.10/luna.tar.gz
(py3)[root@jumpserver opt]# tar -xvf  luna.tar.gz
(py3)[root@jumpserver opt]# chown -R root:root luna
 六、配置 Nginx 整合各組件  1、安裝nginx 
(py3)[root@jumpserver opt]# yum install yum-utils
(py3)[root@jumpserver opt]# vi /etc/yum.repos.d/nginx.repo
    [nginx-stable]
    name=nginx stable repo
    baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
    gpgcheck=1
    enabled=1
    gpgkey=https://nginx.org/keys/nginx_signing.key

(py3)[root@jumpserver opt]# yum makecache fast
(py3)[root@jumpserver opt]# yum install -y nginx
(py3)[root@jumpserver opt]# rm -rf /etc/nginx/conf.d/default.conf
(py3)[root@jumpserver opt]# systemctl enable nginx
 2、准備配置文件,修改/etc/nginx/conf.d/jumpserver.conf  
(py3)[root@jumpserver opt]# vim /etc/nginx/conf.d/jumpserver.conf  

server {
    listen 80;
    client_max_body_size 100m;  # 錄像及文件上傳大小限制
    location /luna/ {
        try_files $uri / /index.html;
        alias /opt/luna/;  # luna 路徑, 如果修改安裝目錄, 此處需要修改
    }
    location /media/ {
        add_header Content-Encoding gzip;
        root /opt/jumpserver/data/;  # 錄像位置, 如果修改安裝目錄, 此處需要修改
    }

    location /static/ {
        root /opt/jumpserver/data/;  # 靜態資源, 如果修改安裝目錄, 此處需要修改
    }

    location /socket.io/ {
        proxy_pass       http://localhost:5000/socket.io/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log off;
    }

    location /coco/ {
        proxy_pass       http://localhost:5000/coco/;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log off;
    }

    location /guacamole/ {
        proxy_pass       http://localhost:8081/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log off;
    }

    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}
 3、運行 Nginx 
(py3)[root@jumpserver opt]# nginx -t   # 確保配置沒有問題, 有問題請先解決

// centos 7
(py3)[root@jumpserver opt]# systemctl start nginx
(py3)[root@jumpserver opt]# systemctl enable nginx
 七、測試jumpser功能  1、檢查web頁面是否已經正常運行 服務全部啟動后, 訪問 http://192.168.0.1(ip地址是你配置的那台機器的ip), 訪問nginx代理的端口, 不要再通過8080端口訪問 默認賬號: admin 密碼: admin 到Jumpserver 會話管理-終端管理 檢查 Coco Guacamole 等應用的注冊。 2、測試連接 如果登錄客戶端是 macOS 或 Linux, 登錄語法如下 
$ ssh -p2222 admin@192.168.0.1
$ sftp -P2222 admin@192.168.0.1
密碼: admin
 如果登錄客戶端是 Windows, Xshell Terminal 登錄語法如下 
$ ssh admin@192.168.0.1 2222
$ sftp admin@192.168.0.1 2222
密碼: admin
 如果能登陸代表部署成功 # sftp默認上傳的位置在資產的 /tmp 目錄下 # windows拖拽上傳的位置在資產的 Guacamole RDP上的 G 目錄下 八、錯誤集合: 錯誤1: # pip install -r requirements.txt Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-fadyxpv4/mysqlclient/ You are using pip version 9.0.1, however version 19.1.1 is available. You should consider upgrading via the 'pip install --upgrade pip' command 解決方法: # pip install --upgrade pip # pip install -r requirements.txt


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 CentOS7 安裝JumpServer CentOS6和CentOS7安裝jumpserver centos7上部署新版 jumpserver 跳板機服務 centos7 jumpserver 部署和使用手冊(一) Jumpserver部署與安裝 Jumpserver安裝部署 jumpserver的安裝部署 jumpserver安裝與部署 JumpServer安裝部署 Centos 7.6 部署 Jumpserver 1.5.0
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM