安裝jumpserver堡壘機

1.修改字符集
如果用的雲服務器，雲服務器默認是英文字符集。否則可能報 input/output error的問題，因為日志里打印了中文

[root@snowy201~]# localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
[root@snowy201~]# export LC_ALL=zh_CN.UTF-8
[root@snowy201~]# echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf

2.安裝依賴包

[root@snowy201~]# yum -y install epel-release
[root@snowy201~]# yum clean all && yum makecache
[root@snowy201~]# yum -y update
[root@snowy201~]# yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git

3.關閉selinux(如果不關閉，后面登錄jumpserver管理后台時,會報錯 502 bad gateway)

[root@snowy201~]# setenforce 0
[root@snowy201~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config    #長期關閉selinux 
[root@snowy201~]# systemctl stop firewalld && systemctl disable firewalld　　#關閉防火牆

4.編譯安裝python-3.6.1

[root@snowy201~]# wget https://mirrors.huaweicloud.com/python/3.6.1/Python-3.6.1.tar.xz
[root@snowy201~]# tar xf Python-3.6.1.tar.xz && cd Python-3.6.1
[root@snowy201~]# ./configure && make -j 4 && make install
[root@snowy201~]# cd /opt/

• 創建虛擬環境

[root@snowy201 ~]#python3 -m venv py3
[root@snowy201 ~]#source /opt/py3/bin/activate  //進入py3虛擬環境
(py3) [root@snowy201~]#    //看到面的py3提示符，就表示己經時入python3的虛擬環境     

5.下載安裝jumpserver

(py3) [root@snowy201 ~]#cd /opt
(py3) [root@snowy201 opt]#wget https://github.com/jumpserver/jumpserver/releases/download/v2.2.2/jumpserver-v2.2.2.tar.gz
(py3) [root@snowy201 opt]#tar xf jumpserver-v2.2.2.tar.gz
(py3) [root@snowy201 opt]#mv jumpserver-v2.2.2 jumpserver
(py3) [root@snowy201 opt]#cd /opt/jumpserver/requirements
(py3) [root@snowy201 opt]#yum install -y $(cat rpm_requirements).
(py3) [root@snowy201 opt]#pip install wheel -i https://mirrors.aliyun.com/pypi/simple/
(py3) [root@snowy201 opt]#pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/
(py3) [root@snowy201 opt]#pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/

6.安裝Redis

(py3) [root@snowy201 opt] cd 
(py3) [root@snowy201 ~]#yum -y install redis
(py3) [root@snowy201 ~]#systemctl enable redis  --now 

7.安裝MySQL

(py3) [root@snowy201 ~]#yum -y install mariadb mariadb-devel mariadb-server
(py3) [root@snowy201 ~]#systemctl enable mariadb --now

• 創建jumpserver數據庫並授權

(py3) [root@snowy201 ~]#mysql -u root -p
(py3) [root@snowy201 ~]#create database jumpserver default charset 'utf8';
(py3) [root@snowy201 ~]#grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '1';
(py3) [root@snowy201 ~]#flush privileges; 

8.配置Jumpserver

(py3) [root@snowy201 ~]#cd /opt/jumpserver
(py3) [root@snowy201 ~]#vim config.yml
修改以下幾行內容
SECRET_KEY: 3NF6ldRQzLNeRh8ewjJ4FkRXCccjExTRWXQ4JYIi4cIwQprZG  
可以使用命令生成（cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 29;echo） 
BOOTSTRAP_TOKEN: ujye866EVpHUDV9F 
可以使用命令生成（cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16;echo）
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: '1' //密碼如果是純數字一定要加單引號
DB_NAME: jumpserver

• 啟動和關閉jumpserver

(py3) [root@snowy201 ~]#cd /opt/jumpserver
(py3) [root@snowy201 ~]#./jms start -d
(py3) [root@snowy201 ~]#./jms stop

ps：jumpserver服務啟動后，通過web訪問后台，打開頁面很慢，超時，查看進程資源使用情況發現,進程celery一直占用CPU使用率達100%，解決辦法：pip install django-celery==3.1.17

9.部署koko

(py3) [root@snowy201 ~]# cd /opt/
(py3) [root@snowy201 opt]# wget https://github.com/jumpserver/koko/releases/download/v2.2.2/koko-v2.2.2-linux-amd64.tar.gz
(py3) [root@snowy201 opt]# tar -xf koko-v2.2.2-linux-amd64.tar.gz
(py3) [root@snowy201 opt]# cd koko
(py3) [root@snowy201 koko]# mv kubectl /usr/local/bin/
(py3) [root@snowy201 koko]# wget https://download.jumpserver.org/public/kubectl.tar.gz
(py3) [root@snowy201 koko]# tar xf kubectl.tar.gz
(py3) [root@snowy201 koko]# chmod 755 kubectl
(py3) [root@snowy201 koko]# mv kubectl /usr/local/bin/rawkubectl
(py3) [root@snowy201 koko]# rm -rf kubectl.tar.gz
(py3) [root@snowy201 koko]# cp config_example.yml config.yml
(py3) [root@snowy201 koko]# vim config.yml
# Bootstrap Token, 預共享秘鑰, 用來注冊coco使用的service account和terminal
# 請和jumpserver 配置文件中保持一致，注冊完成后可以刪除
BOOTSTRAP_TOKEN: ujye866EVpHUDV9F

# Redis配置
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
# REDIS_PASSWORD:
# REDIS_CLUSTERS:
# REDIS_DB_ROOM:

• 啟動和關閉koko

(py3) [root@snowy201 koko]# ./koko    #前台啟動
(py3) [root@snowy201 koko]# ./koko -d  #后台啟動

10. 部署guacamole

• 安裝docker

(py3) [root@snowy201 koko]# cd
(py3) [root@snowy201 ~]# yum -y install docker
(py3) [root@snowy201 ~]# vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://qtfb3ml8.mirror.aliyuncs.com"]
}
(py3) [root@snowy201 ~]# systemctl enable docker --now

• 拉取guacamole鏡像

(py3) [root@snowy201 ~]# docker run --restart=always --name jms_guacamole -d -p 127.0.0.1:8081:8080 -e JUMPSERVER_SERVER=172.20.77.201:8080 -e BOOTSTRAP_TOKEN=SGwEzYzaBruFOcdU -e GUACAMOLE_LOG_LEVEL=ERROR jumpserver/jms_guacamole:v2.2.2

11. 部署lina組件

(py3) [root@snowy201 ~]# cd /opt/
(py3) [root@snowy201 opt]# wget https://github.com/jumpserver/lina/releases/download/v2.2.2/lina-v2.2.2.tar.gz
(py3) [root@snowy201 opt]# tar -xf lina-v2.2.2.tar.gz
(py3) [root@snowy201 opt]# mv lina-v2.2.2 lina

12. 部署luna組件

py3) [root@snowy201 opt]# wget https://github.com/jumpserver/luna/releases/download/v2.2.2/luna-v2.2.2.tar.gz
py3) [root@snowy201 opt]# tar -xf luna-v2.2.2.tar.gz
py3) [root@snowy201 opt]# mv luna-v2.2.2 luna

13. 安裝配置nginx

py3) [root@snowy201 opt]# yun install -y nginx
py3) [root@snowy201 opt]# vi /etc/nginx/nginx.conf
#37行開始配置文件修改為以下內容
server {
listen 80;
client_max_body_size 100m; # 錄像及文件上傳大小限制

location /ui/ {
try_files $uri / /index.html;
alias /opt/lina/;
}

location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路徑, 如果修改安裝目錄, 此處需要修改
}

location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 錄像位置, 如果修改安裝目錄, 此處需要修改
}

location /static/ {
root /opt/jumpserver/data/; # 靜態資源, 如果修改安裝目錄, 此處需要修改
}

location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}

location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}

location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}

location /api/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

location /core/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}

啟動nginx

py3) [root@snowy201 opt]# systemctl enable nginx --now 

14. 啟動jumpserver

py3) [root@snowy201 opt]# cd /opt/jumpserver
py3) [root@snowy201 opt]# ./jms start -d

15.啟動koko

py3) [root@snowy201 opt]# cd /opt/koko
py3) [root@snowy201 koko]# ./koko -d

16.通過web登錄jumpserver管理后台即可

ps：如果通過web訪問后台，打開頁面很慢，超時，查看進程資源使用情況發現,進程celery一直占用CPU使用率達100%，解決辦法：pip install django-celery==3.1.17
17.jumpersever開機啟動腳本
雖然jumperserver己經可以正常使用了，但是服務器重啟后，又得手動啟動服務，比較麻煩，寫個開機啟動腳本

[root@snowy201 ~]# vi /etc/init.d/start_jumpserver.sh
#/bin/bash
echo "start jumpserver"
source /opt/py3/bin/activate
/opt/jumpserver/jms start -d >>/root/log.txt 2>&1
sleep 60
cd /opt/koko/
./koko -d >> /root/log.txt 2>&1
[root@snowy201 ~]# chmod +x /etc/init.d/start_jumpserver.sh
[root@snowy201 ~]# echo "/etc/init.d/start_jumpserver.sh" >> /etc/rc.d/rc.local
[root@snowy201 ~]# chmod +x /etc/rc.d/rc.local

部分文檔參考：https://blog.csdn.net/zyy130988/article/details/112313703