環境:
- CentOS Linux release 7.6.1810 (Core)
- JumpServer 1.4.8
- Python 3.6.X
- MariaDB
編譯安裝Python3.6
首先,下載Python 3.6.9的tar包。鏈接地址為:https://www.python.org/ftp/python/3.6.9/Python-3.6.9.tgz,然后使用命令tar -xvf Python-3.6.9.tgz解壓。
安裝依賴項
安裝編譯安裝Python所需要的依賴項。
yum install -y zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel libffi-devel gcc make
配置編譯
進入到之前解壓的Python目錄中
cd Python-3.6.9
屏幕日志:
[root@localhost ~]# ls
anaconda-ks.cfg Python-3.6.9 Python-3.6.9.tgz
[root@localhost ~]# cd Python-3.6.9
配置編譯安裝的路徑:
./configure --prefix=/opt/Python/Python369
屏幕日志:
[root@localhost Python-3.6.9]# ls
aclocal.m4 config.sub configure.ac Grammar install-sh LICENSE Makefile.pre.in Modules Parser PCbuild pyconfig.h.in README.rst Tools
config.guess configure Doc Include Lib Mac Misc Objects PC Programs Python setup.py
[root@localhost Python-3.6.9]# ./configure --prefix=/opt/Python/Python369
其中:
--prefix是指定編譯安裝的文件夾的參數,這里根據需要指定安裝目錄
優化選項(可選)
執行上一步之后,會在最后又這樣一段話:
If you want a release build with all stable optimizations active (PGO, etc),
please run ./configure --enable-optimizations
如果使用了--enable-optimizations選項,--prefix選項不在生效,--enable-optimizations選項會安裝在/usr/目錄下,后續不在添加軟連接或環境變量。
編譯安裝
執行make && make install命令,進行編譯安裝
[root@localhost Python-3.6.9]# ls
aclocal.m4 config.status configure.ac Include LICENSE Makefile.pre Modules PC pyconfig.h README.rst
config.guess config.sub Doc install-sh Mac Makefile.pre.in Objects PCbuild pyconfig.h.in setup.py
config.log configure Grammar Lib Makefile Misc Parser Programs Python Tools
[root@localhost Python-3.6.9]# make && make install
配置環境變量
安裝完成之后,可以通過配置環境變量,或者軟連,方便使用。在/etx/profile中的最后添加安裝安裝目錄的bin目錄,PATH=/opt/Python/Python369/bin:$PATH。
屏幕日志:
[root@localhost ~]# tail -f /etc/profile
. "$i" >/dev/null
fi
fi
done
unset i
unset -f pathmunge
# Python settings
PATH=/opt/Python/Python369/bin:$PATH
使用命令source /etc/profile,重新加載配置,使之生效。
環境部署
這步主要是配置阿里鏡像源,epel,安裝Mariadb,Redis,Git,Docker,Nginx服務
配置epel源
yum install -y epel-release
安裝Mariadb,Redis,Git,Docker,Nginx,git服務
yum -y install redis mariadb mariadb-devel mariadb-server mariadb-shared nginx git
配置開機啟動
systemctl enable redis mariadb nginx docker
啟動redis和mariadb
systemctl start redis mariadb
創建Python虛擬環境,並加載虛擬環境
python3.6 -m venv /opt/py3
. /opt/py3/bin/activate
數據庫中創建jumpserver用戶及其數據庫,並且將jumpserver數據庫授權給jumpserver用戶。
create database jumpserver default charset 'utf8';
grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'Jumpserver1!';
屏幕信息:
MariaDB [(none)]> create database jumpserver default charset 'utf8';
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| jumpserver |
| mysql |
| performance_schema |
| test |
+--------------------+
5 rows in set (0.00 sec)
MariaDB [(none)]> grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'Jumpserver1!';
Query OK, 0 rows affected (0.00 sec)
安裝Jumpserver
這里主要是下載jumpserver的安裝包,Python的三方庫的安裝,docker拉取相關組件,Jumpserver安裝在/opt下,所以,文件都下載在/opt/下,首先移動到/opt/目錄下
使用Git克隆jumpserver項目,並且切換到1.4.8版本
cd /opt
git clone https://github.com/jumpserver/jumpserver.git
cd /opt/jumpserver
git checkout 1.4.8
屏幕信息:
[root@localhost opt]# git clone https://github.com/jumpserver/jumpserver.git
Cloning into 'jumpserver'...
remote: Enumerating objects: 43783, done.
remote: Total 43783 (delta 0), reused 0 (delta 0), pack-reused 43783
Receiving objects: 100% (43783/43783), 52.94 MiB | 59.00 KiB/s, done.
Resolving deltas: 100% (30028/30028), done.
[root@localhost opt]# ls
jumpserver Python
[root@localhost opt]# cd jumpserver/
[root@localhost jumpserver]# git checkout 1.4.8
Note: checking out '1.4.8'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
git checkout -b new_branch_name
HEAD is now at 232674b... Merge pull request #2423 from jumpserver/dev
安裝jumpserver依賴項
cd /opt/jumpserver/requirements
yum install -y $(cat rpm_requirements.txt)
pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
修改jumpserver配置文件
cd /opt/jumpserver
cp config_example.yml config.yml
vim config.yml
# 注意 SECRET_KEY 和 BOOTSTRAP_TOKEN 不能使用純數字字符串
修改config.yml中的配置信息,SECRET_KEY,BOOTSTRAP_TOKEN,MySQL的配置項。
啟動jumpserver
$ cd /opt/jumpserver
$ ./jms start # 可以 -d 參數在后台運行 ./jms start -d
注意:
啟動前確保已經載入py3虛擬環境
安裝coco組件
使用git克隆項目,並且切換到1.4.8版本,注意:
koko組件不支持jumpserver1.4.8
cd /opt
git clone https://github.com/jumpserver/coco.git
cd /opt/coco/
git checkout 1.4.8
屏幕信息:
(py3) [root@localhost opt]# git clone https://github.com/jumpserver/coco.git
Cloning into 'coco'...
remote: Enumerating objects: 98, done.
remote: Counting objects: 100% (98/98), done.
remote: Compressing objects: 100% (74/74), done.
remote: Total 3748 (delta 43), reused 46 (delta 22), pack-reused 3650
Receiving objects: 100% (3748/3748), 2.03 MiB | 800.00 KiB/s, done.
Resolving deltas: 100% (2407/2407), done.
(py3) [root@localhost opt]# cd coco/
(py3) [root@localhost coco]# git checkout 1.4.8
Note: checking out '1.4.8'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
git checkout -b new_branch_name
HEAD is now at 74582ea... Merge pull request #191 from jumpserver/dev
安裝coco依賴項
cd /opt/coco/requirements
pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
coco配置
cd /opt/coco
cp config_example.yml config.yml
vim config.yml # BOOTSTRAP_TOKEN 需要從 jumpserver/config.yml 里面獲取, 保證一致
參考一下信息修改:
# Bootstrap Token, 預共享秘鑰, 用來注冊coco使用的service account和terminal
# 請和jumpserver 配置文件中保持一致,注冊完成后可以刪除
BOOTSTRAP_TOKEN: NGMhSQlXvtpsi0xClRtzeqeqMPsCAy01JmApWtGtNsPwFJiQz
啟動coco組件
./cocod start # 可以 -d 參數在后台運行 ./jms start -d
屏幕信息:
(py3) [root@localhost coco]# ./cocod start -d
Use eventlet dispatch
2019-09-21 14:58:27 [service INFO] No access key found, register it
Start coco process
安裝guacamole組件
cd /opt
git clone https://github.com/jumpserver/docker-guacamole.git
cd /opt/docker-guacamole
tar xf guacamole-server-1.0.0.tar.gz
cd /opt/docker-guacamole/guacamole-server-1.0.0
安裝包含ffmpeg的yum源
cd ~
wget https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm 2
wget https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm 1
rpm -ivh *.rpm
安裝編譯guacamole依賴項
cd /opt/docker-guacamole/guacamole-server-1.0.0
yum install -y cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel
yum install -y ffmpeg-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel libtool java-1.8.0-openjdk
ln -s /usr/local/lib/freerdp/*.so /usr/lib64/freerdp2/
autoreconf -fi
./configure --with-init-dir=/etc/init.d
make
make install
注意:
/usr/lib64/freerdp2/有可能是/usr/lib64/freerdp/,請查看改成相對應的目錄名
安裝Tomcat
mkdir -p /config/guacamole /config/guacamole/lib /config/guacamole/extensions /config/guacamole/data/log/
cd /config
wget https://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v9.0.26/bin/apache-tomcat-9.0.26.tar.gz
tar xf apache-tomcat-9.0.26.tar.gz
mv apache-tomcat-9.0.26.tar.gz tomcat9
rm -rf /config/tomcat9/webapps/*
sed -i 's/Connector port="8080"/Connector port="8081"/g' /config/tomcat9/conf/server.xml
echo "java.util.logging.ConsoleHandler.encoding = UTF-8" >> /config/tomcat9/conf/logging.properties
ln -sf /opt/docker-guacamole/guacamole-1.0.0.war /config/tomcat9/webapps/ROOT.war
ln -sf /opt/docker-guacamole/guacamole-auth-jumpserver-1.0.0.jar /config/guacamole/extensions/guacamole-auth-jumpserver-1.0.0.jar
ln -sf /opt/docker-guacamole/root/app/guacamole/guacamole.properties /config/guacamole/guacamole.properties
wget https://github.com/ibuler/ssh-forward/releases/download/v0.0.5/linux-amd64.tar.gz
tar xf linux-amd64.tar.gz -C /bin/
chmod +x /bin/ssh-forward
設置 guacamole 環境
export JUMPSERVER_SERVER=http://127.0.0.1:8080 # http://127.0.0.1:8080 指 jumpserver 訪問地址
echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
# BOOTSTRAP_TOKEN 為 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN 值
export BOOTSTRAP_TOKEN=******
echo "export BOOTSTRAP_TOKEN=******" >> ~/.bashrc
export JUMPSERVER_KEY_DIR=/config/guacamole/keys
echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
export GUACAMOLE_HOME=/config/guacamole
echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
啟動
/etc/init.d/guacd start
sh /config/tomcat9/bin/startup.sh
docker部署guacamole組件
使用docker部署,部分環境可能無法正常編譯安裝
$ docker run --name jms_guacamole -d -p 127.0.0.1:8081:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=<Jumpserver_BOOTSTRAP_TOKEN> jumpserver/jms_guacamole:<Tag>
# <Jumpserver_url> 為 jumpserver 的 url 地址, <Jumpserver_BOOTSTRAP_TOKEN> 需要從 jumpserver/config.yml 里面獲取, 保證一致, <Tag> 是版本
# 例: docker run --name jms_guacamole -d -p 127.0.0.1:8081:8081 -e JUMPSERVER_SERVER=http://192.168.244.144:8080 -e BOOTSTRAP_TOKEN=abcdefg1234 jumpserver/jms_guacamole:1.5.2
安裝luna組件
cd /opt
wget https://github.com/jumpserver/luna/releases/download/1.5.2/luna.tar.gz
tar xf luna.tar.gz
chown -R root:root luna
安裝nginx
yum install yum-utils
創建文件/etc/yum.repos.d/nginx.repo,並寫入一下內容:
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
安裝nginx
yum-config-manager --enable nginx-mainline
yum install nginx
Nginx整合組件
rm -rf /etc/nginx/conf.d/default.conf
vim /etc/nginx/conf.d/jumpserver.conf
jumpserver.conf中的配置如下:
server {
listen 80;
client_max_body_size 100m; # 錄像及文件上傳大小限制
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路徑, 如果修改安裝目錄, 此處需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 錄像位置, 如果修改安裝目錄, 此處需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 靜態資源, 如果修改安裝目錄, 此處需要修改
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /coco/ {
proxy_pass http://localhost:5000/coco/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
常見問題
數據庫無權限鏈接
如果使用MySQL數據庫,啟動jumpserver報數據庫鏈接異常,無權限鏈接,
如果是由於登錄主機名不一致造成的,使用以下方法處理:
需要在/etc/my.conf中的[mysqld]選項中添加--skip-grant-tables,然后重啟MySQL服務。登錄MySQL,使用SQLgrant all on jumpserver.* to 'jumpserver'@'%' identified by 'Jumpserver1!';修改登錄的主機名,然后執行flush privileges;刷新權限。
安裝python-gssapi
如果pip安裝python-gssapi==0.6.4,已在卡在這一步,需要退出,下載安裝包,移動到安裝包所在目錄,使用pip install python-gssapi-0.6.4.tar.gz
安裝之后,移動到/opt/jumpserver/requirements目錄下,使用pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/繼續安裝
使用git克隆倉庫卡住
如果使用git克隆倉庫是,卡在接受對象是,可能是由於網絡的原因,可推出重新克隆,或者是使用瀏覽器下載zip包之后上傳服務器,解壓。