安装环境:Centos7.6,4G内存,2核
如果是自己的虚拟机就要把防火墙和SELinux关掉
编译安装Python3
1.1 安装依赖包
root@iZ1la3d1xbmukrZ ~]# yum -y install wget sqlite-devel xz gcc automake zlib- devel openssl-devel epel-release git Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Package wget-1.14-18.el7_6.1.x86_64 already installed and latest version Package xz-5.2.2-1.el7.x86_64 already installed and latest version Package gcc-4.8.5-39.el7.x86_64 already installed and latest version Resolving Dependencies --> Running transaction check
1.2 编译安装
[root@iZ1la3d1xbmukrZ ~]# cd /opt [root@iZ1la3d1xbmukrZ opt]# tar xvf Python-3.6.1.tar.xz && cd Python-3.6.1 Python-3.6.1/ Python-3.6.1/Doc/ Python-3.6.1/Doc/c-api/ Python-3.6.1/Doc/c-api/sys.rst Python-3.6.1/Doc/c-api/conversion.rst Python-3.6.1/Doc/c-api/marshal.rst Python-3.6.1/Doc/c-api/coro.rst Python-3.6.1/Doc/c-api/method.rst
[root@iZ1la3d1xbmukrZ Python-3.6.1]# ./configure && make && make install checking build system type... x86_64-unknown-linux-gnu checking host system type... x86_64-unknown-linux-gnu checking for python3.6... no checking for python3... no checking for python... python checking for --enable-universalsdk... no checking for --with-universal-archs... no checking MACHDEP... linux checking for --without-gcc... no checking for --with-icc... no checking for gcc... gcc checking whether the C compiler works... yes checking for C compiler default output file name...
安装Jumpserver
2.1 下载项目
[root@bogon ~]# cd /opt/ [root@bogon ~]# git clone --depth=1 https://github.com/jumpserver/jumpserver.git && cd jumpserver && git checkout master
注:因为代码一直在更新,这样获取的是最新的代码,很多配置都改变了,使用我用的还是老版本的。
2.2 安装依赖RPM包
[root@iZ1la3d1xbmukrZ ~]# cd /opt/jumpserver/requirements [root@iZ1la3d1xbmukrZ ~]# yum -y install $(cat rpm_requirements.txt)
2.3 安装 Python 库依赖
[root@iZ1la3d1xbmukrZ Python-3.6.1]# pip3 install -r requirements.txt
2.4 安装Redis
root@iZ1la3d1xbmukrZ Python-3.6.1]# yum -y install redis Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Resolving Dependencies --> Running transaction check ---> Package redis.x86_64 0:3.2.12-2.el7 will be installed --> Processing Dependency: libjemalloc.so.1()(64bit) for package: redis-3.2.12-2 .el7.x86_64
[root@iZ1la3d1xbmukrZ Python-3.6.1]# systemctl start redis
2.5 安装MySQL
[root@iZ1la3d1xbmukrZ Python-3.6.1]# yum -y install mariadb mariadb-devel mariad b-server Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Package 1:mariadb-devel-5.5.64-1.el7.x86_64 already installed and latest version Resolving Dependencies --> Running transaction ch
2.6 创建数据库 Jumpserver 并授权
[root@iZ1la3d1xbmukrZ Python-3.6.1]# systemctl start mariadb [root@iZ1la3d1xbmukrZ Python-3.6.1]# mysql Welcome to the MariaDB monitor. Commands end with ; or g. Your MariaDB connection id is 2 Server version: 5.5.64-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or 'h' for help. Type 'c' to clear the current input statement. MariaDB [(none)]> create database jumpserver default charset 'utf8'; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identifi ed by '123'; Query OK, 0 rows affected (0.64 sec) MariaDB [(none)]> exit Bye
2.7 修改Jumserver配置文件
[root@iZ1la3d1xbmukrZ ~]# cd /opt/jumpserver [root@iZ1la3d1xbmukrZ ~]# cp config_example.py config.py [root@iZ1la3d1xbmukrZ ~]# vi config.py 注意:配置文件是Python格式,不要使用TAB,而是用空格
class DevelopmentConfig(Config): DEBUG = True DB_ENGINE = 'mysql' DB_HOST = '127.0.0.1' DB_PORT = 3306 DB_USER = 'jumpserver' DB_PASSWORD = '123' DB_NAME = 'jumpserver' class TestConfig(Config): pass
如果你的服务器是阿里云的话,那就要0.0.0.0,127和公网IP都不行
2.8 生成数据库表结构和初始化数据
[root@iZ1la3d1xbmukrZ Python-3.6.1]# cd /opt/jumpserver/utils [root@iZ1la3d1xbmukrZ utils]# bash make_migrations.sh 2020-02-23 20:02:17 [signals_handler DEBUG] Receive django ready signal 2020-02-23 20:02:17 [signals_handler DEBUG] - fresh all settings No changes detected 2020-02-23 20:02:20 [signals_handler DEBUG] Receive django ready signal 2020-02-23 20:02:20 [signals_handler DEBUG] - fresh all settings System check identified some issues: WARNINGS: ?: (mysql.W002) MySQL Strict Mode is not set for database connection 'default' HINT: MySQL's Strict Mode fixes many data integrity problems in MySQL, s uch as data truncation upon insertion, by escalating warnings into errors. It is strongly recommended you activate it. See: https://docs.djangoproject.com/en/2. 1/ref/databases/#mysql-sql-mode Operations to perform: Apply all migrations: admin, assets, audits, auth, captcha, common, contenttyp es, django_celery_beat, ops, orgs, perms, sessions, terminal, users Running migrations: Applying contenttypes.0001_initial... OK Applying contenttypes.0002_remove_content_type_name... OK Applying auth.0001_initial... OK Applying auth.0002_alter_permission_name_max_length... OK Applying auth.0003_alter_user_email_max_length... OK Applying auth.0004_alter_user_username_opts... OK Applying auth.0005_alter_user_last_login_null... OK Applying auth.0006_require_contenttypes_0002... OK Applying auth.0007_alter_validators_add_error_messages... OK Applying auth.0008_alter_user_username_max_length... OK Applying users.0001_initial... OK Applying admin.0001_initial... OK Applying admin.0002_logentry_remove_auto_add... OK Applying admin.0003_logentry_add_action_flag_choices... OK Applying assets.0001_initial... OK Applying assets.0002_auto_20180927_2128... OK Applying users.0002_auto_20171225_1157... OK Applying users.0003_auto_20180927_2128... OK Applying audits.0001_initial... OK Applying auth.0009_alter_user_last_name_max_length... OK Applying captcha.0001_initial... OK Applying common.0001_initial... OK Applying django_celery_beat.0001_initial... OK Applying django_celery_beat.0002_auto_20161118_0346... OK Applying django_celery_beat.0003_auto_20161209_0049... OK Applying django_celery_beat.0004_auto_20170221_0000... OK Applying django_celery_beat.0005_add_solarschedule_events_choices... OK Applying django_celery_beat.0006_auto_20180210_1226... OK Applying ops.0001_initial... OK Applying ops.0002_celerytask... OK Applying orgs.0001_initial... OK Applying perms.0001_initial... OK Applying perms.0002_auto_20180927_2128... OK Applying sessions.0001_initial... OK Applying terminal.0001_initial... OK Applying terminal.0002_auto_20180927_2128... OK 2020-02-23 20:02:26 [signals_handler DEBUG] Receive django ready signal 2020-02-23 20:02:26 [signals_handler DEBUG] - fresh all settings No conflicts detected to merge. [root@iZ1la3d1xbmukrZ utils]# cd ..
2.9 运行 Jumpserver
[root@iZ1la3d1xbmukrZ jumpserver]# ./jms start all Sun Feb 23 20:11:05 2020 Jumpserver version 1.4.1, more see https://www.jumpserver.org - Start Gunicorn WSGI HTTP Server Check database structure change ... 2020-02-23 20:11:07 [signals_handler DEBUG] Receive django ready signal 2020-02-23 20:11:07 [signals_handler DEBUG] - fresh all settings System check identified some issues: WARNINGS: ?: (mysql.W002) MySQL Strict Mode is not set for database connection 'default' HINT: MySQL's Strict Mode fixes many data integrity problems in MySQL, such as data truncation upon insertion, by escalating warnings into errors. It is strongly recommended you activate it. See: https://docs.djangoproject.com/en/2.1/ref/databases/#mysql-sql-mode Operations to perform: Apply all migrations: admin, assets, audits, auth, captcha, common, contenttypes, django_celery_beat, ops, orgs, perms, sessions, terminal, users Running migrations: No migrations to apply. Collect static files 2020-02-23 20:11:10 [signals_handler DEBUG] Receive django ready signal 2020-02-23 20:11:10 [signals_handler DEBUG] - fresh all settings 0 static files copied to '/opt/jumpserver/data/static', 451 unmodified. - Start Celery as Distributed Task Queue - Start Beat as Periodic Task Scheduler [2020-02-23 20:11:10 +0800] [26917] [INFO] Starting gunicorn 19.9.0 [2020-02-23 20:11:10 +0800] [26917] [INFO] Listening at: http://0.0.0.0:8080 (26917) [2020-02-23 20:11:10 +0800] [26917] [INFO] Using worker: gthread [2020-02-23 20:11:10 +0800] [26928] [INFO] Booting worker with pid: 26928 [2020-02-23 20:11:10 +0800] [26930] [INFO] Booting worker with pid: 26930 [2020-02-23 20:11:11 +0800] [26933] [INFO] Booting worker with pid: 26933 [2020-02-23 20:11:11 +0800] [26936] [INFO] Booting worker with pid: 26936 celery beat v4.1.0 (latentcall) is starting. 2020-02-23 20:11:14 [signals_handler DEBUG] Receive django ready signal 2020-02-23 20:11:14 [signals_handler DEBUG] - fresh all settings 2020-02-23 20:11:14 [signals_handler DEBUG] Receive django ready signal 2020-02-23 20:11:14 [signals_handler DEBUG] - fresh all settings 2020-02-23 20:11:14 [signals_handler DEBUG] Receive django ready signal 2020-02-23 20:11:14 [signals_handler DEBUG] - fresh all settings 2020-02-23 20:11:15 [signals_handler DEBUG] Receive django ready signal 2020-02-23 20:11:15 [signals_handler DEBUG] - fresh all settings 2020-02-23 20:11:15 [signals_handler DEBUG] Receive django ready signal 2020-02-23 20:11:15 [signals_handler DEBUG] - fresh all settings 2020-02-23 20:11:15 [signals_handler DEBUG] Receive django ready signal 2020-02-23 20:11:15 [signals_handler DEBUG] - fresh all settings __ - ... __ - _ LocalTime -> 2020-02-23 20:11:15 Configuration -> . broker -> redis://127.0.0.1:6379/3 . loader -> celery.loaders.app.AppLoader . scheduler -> django_celery_beat.schedulers.DatabaseScheduler . logfile -> [stderr]@%DEBUG . maxinterval -> 1.00 minute (60.0s) Setting default socket timeout to 30 beat: Starting... DatabaseScheduler: initial read Writing entries... DatabaseScheduler: Fetching database schedule Current schedule: <ModelEntry: terminal.tasks.delete_terminal_status_period terminal.tasks.delete_terminal_status_period(*[], **{}) <freq: 1.00 hour>> <ModelEntry: terminal.tasks.clean_orphan_session terminal.tasks.clean_orphan_session(*[], **{}) <freq: 1.00 hour>> <ModelEntry: celery.backend_cleanup celery.backend_cleanup(*[], **{}) <crontab: 0 4 * * * (m/h/d/dM/MY)>> <ModelEntry: assets.tasks.update_assets_hardware_info_period assets.tasks.update_assets_hardware_info_period(*[], **{}) <freq: 1.00 hour>> <ModelEntry: assets.tasks.test_admin_user_connectability_period assets.tasks.test_admin_user_connectability_period(*[], **{}) <freq: 1.00 hour>> <ModelEntry: assets.tasks.test_system_user_connectability_period assets.tasks.test_system_user_connectability_period(*[], **{}) <freq: 1.00 hour>> beat: Ticking with max interval->1.00 minute beat: Waking up in 1.00 minute. /usr/local/lib/python3.6/site-packages/celery/platforms.py:795: RuntimeWarning: You're running the worker with superuser privileges: this is absolutely not recommended!
如果,看见8080端口起来了,直接访问就行,账号密码都是admin
安装WebSocket Server:Coco
3.1 下载项目
[root@iZ1la3d1xbmukrZ ~]# cd /opt [root@iZ1la3d1xbmukrZ ~]# git clone https://github.com/jumpserver/coco.git && cd coco && git checkout master
3.2 安装依赖
[root@iZ1la3d1xbmukrZ ~]# cd /opt/coco/requirements [root@iZ1la3d1xbmukrZ ~]# yum -y install $(cat rpm_requirements.txt) [root@iZ1la3d1xbmukrZ ~]# pip3 install -r requirements.txt
3.3 修改配置文件并运行
[root@iZ1la3d1xbmukrZ ~]# cd /opt/coco
[root@iZ1la3d1xbmukrZ ~]# cp conf_example.py conf.py
[root@iZ1la3d1xbmukrZ coco]# vim conf.py [root@iZ1la3d1xbmukrZ coco]# ./cocod start Start coco process 2020-02-23 20:52:44 [service ERROR] Connect server error or access key is invalid, remove `./keys/.access_key` run again 2020-02-23 20:52:47 [service ERROR] Connect server error or access key is invalid, remove `./keys/.access_key` run again 2020-02-23 20:52:50 [service ERROR] Connect server error or access key is invalid, remove `./keys/.access_key` run again
运行完毕后,需要到Jumpserver 管理后台-会话管理-终端管理接收Coco的注册。
[root@iZ1la3d1xbmukrZ keys]# rm -rf .access_key [root@iZ1la3d1xbmukrZ keys]# ll total 4 -rw-r--r-- 1 root root 1679 Sep 27 2018 host_rsa_key [root@iZ1la3d1xbmukrZ keys]# cd .. [root@iZ1la3d1xbmukrZ coco]# ll total 92 drwxr-xr-x 3 root root 4096 Sep 27 2018 coco -rwxr-xr-x 1 root root 3158 Sep 27 2018 cocod -rw-r--r-- 1 root root 5 Feb 23 20:56 coco.pid -rw-r--r-- 1 root root 2099 Sep 27 2018 conf_example.py -rw-r--r-- 1 root root 2070 Feb 23 20:52 conf.py drwxr-xr-x 2 root root 4096 Feb 23 20:58 keys -rw-r--r-- 1 root root 35141 Sep 27 2018 LICENSE drwxr-xr-x 4 root root 4096 Sep 27 2018 locale -rw-r--r-- 1 root root 0 Sep 27 2018 logo.txt drwxr-xr-x 2 root root 4096 Feb 23 20:52 logs drwxr-xr-x 2 root root 4096 Feb 23 20:52 __pycache__ -rw-r--r-- 1 root root 779 Sep 27 2018 README.md drwxr-xr-x 2 root root 4096 Sep 27 2018 requirements -rw-r--r-- 1 root root 461 Sep 27 2018 run_server.py drwxr-xr-x 2 root root 4096 Sep 27 2018 sessions drwxr-xr-x 2 root root 4096 Sep 27 2018 utils [root@iZ1la3d1xbmukrZ coco]# ./cocod start Start coco process 2020-02-23 20:58:12 [service INFO] No access key found, register it 2020-02-23 20:58:13 [service INFO] "Terminal was not accepted yet" 2020-02-23 20:58:16 [service INFO] "Terminal was not accepted yet" 2020-02-23 20:58:19 [service INFO] "Terminal was not accepted yet" 2020-02-23 20:58:22 [service INFO] "Terminal was not accepted yet" 2020-02-23 20:58:25 [service INFO] "Terminal was not accepted yet" 2020-02-23 20:58:28 [service INFO] "Terminal was not accepted yet" 2020-02-23 20:58:31 [service INFO] "Terminal was not accepted yet" 2020-02-23 20:58:34 [service INFO] "Terminal was not accepted yet" 2020-02-23 20:58:37 [service INFO] "Terminal was not accepted yet"
安装Web Terminal
配置Nginx整合各组件
Jumpserver的Web Terminal已经改为纯前端,需要配置Nginx来访问,直接解压即可。
访问(https://github.com/jumpserver/luna/releases)下载对应版本的 release 包,直接解压,不需要编译
[root@iZ1la3d1xbmukrZ opt]# ll total 63452 drwxr-xr-x 11 root root 4096 Feb 23 20:52 coco -rw-r--r-- 1 root root 1935360 Feb 23 20:43 coco.tar drwxr-xr-x 12 root root 4096 Feb 23 20:38 jumpserver -rw-r--r-- 1 root root 40806400 Feb 23 19:56 jumpserver.tar -rw-r--r-- 1 root root 5337946 Feb 23 20:44 luna.tar.gz drwxr-xr-x 18 501 501 4096 Feb 23 19:59 Python-3.6.1 -rw-r--r-- 1 root root 16872064 Feb 23 19:55 Python-3.6.1.tar.xz [root@iZ1la3d1xbmukrZ opt]# tar xvf luna.tar.gz luna/ luna/fontawesome-webfont.912ec66d7572f [root@iZ1la3d1xbmukrZ opt]# ll total 63456 drwxr-xr-x 11 root root 4096 Feb 23 20:52 coco -rw-r--r-- 1 root root 1935360 Feb 23 20:43 coco.tar drwxr-xr-x 12 root root 4096 Feb 23 20:38 jumpserver -rw-r--r-- 1 root root 40806400 Feb 23 19:56 jumpserver.tar drwxr-xr-x 5 501 games 4096 Aug 7 2018 luna -rw-r--r-- 1 root root 5337946 Feb 23 20:44 luna.tar.gz drwxr-xr-x 18 501 501 4096 Feb 23 19:59 Python-3.6.1 -rw-r--r-- 1 root root 16872064 Feb 23 19:55 Python-3.6.1.tar.xz [root@iZ1la3d1xbmukrZ opt]# ls /opt/luna 3rdpartylicenses.txt OpenSans-BoldItalic.a54aba83b3d5d7702890.svg OpenSans-LightItalic.6725fc490942895a65f5.eot data-table.b0aebd744ce7adb780a9.svg OpenSans-BoldItalic.c36b5ac7c2dddf6f525c.ttf OpenSans-LightItalic.97534dd409492b05b11a.woff data-table.bce071e976865da51100.eot OpenSans-BoldItalic.ea07932c5245dd421e3d.eot OpenSans-LightItalic.b64e9910811cdcc8df89.svg favicon.ico OpenSans-ExtraBold.12e2ed7a180e601bff44.woff OpenSans-LightItalic.e7cc7120e670a8073073.woff2 fontawesome-webfont.674f50d287a8c48dc19b.eot OpenSans-ExtraBold.19b56cfcb97fbcc24524.ttf OpenSans-Regular.55835483c304eaa8477f.woff2
4.1 安装Nginx
[root@iZ1la3d1xbmukrZ opt]# yum -y install nginx Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile Resolving Dependencies
4.2 修改配置文件/etc/nginx/nginx.conf
server { listen 80; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; location /luna/ { try_files $uri / /index.html; alias /opt/luna/; } location /media/ { add_header Content-Encoding gzip; root /opt/jumpserver/data/; } location /static/ { root /opt/jumpserver/data/; } location /socket.io/ { proxy_pass http://localhost:5000/socket.io/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /guacamole/ { proxy_pass http://localhost:8081/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; access_log off; } location / { proxy_pass http://localhost:8080; } }
4.3 运行Nginx
[root@iZ1la3d1xbmukrZ opt]# vim /etc/nginx/nginx.conf [root@iZ1la3d1xbmukrZ opt]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful [root@iZ1la3d1xbmukrZ opt]# service nginx start Redirecting to /bin/systemctl start nginx.service [root@iZ1la3d1xbmukrZ opt]# systemctl status nginx ● nginx.service - The nginx HTTP and reverse proxy server Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled) Active: active (running) since Sun 2020-02-23 21:07:38 CST; 54s ago Process: 25581 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS) Process: 25577 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS) Process: 25575 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS) Main PID: 25583 (nginx) CGroup: /system.slice/nginx.service ├─25583 nginx: master process /usr/sbin/nginx ├─25584 nginx: worker process └─25585 nginx: worker process Feb 23 21:07:38 iZ1la3d1xbmukrZ systemd[1]: Starting The nginx HTTP and reverse proxy server... Feb 23 21:07:38 iZ1la3d1xbmukrZ nginx[25577]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok Feb 23 21:07:38 iZ1la3d1xbmukrZ nginx[25577]: nginx: configuration file /etc/nginx/nginx.conf test is successful Feb 23 21:07:38 iZ1la3d1xbmukrZ systemd[1]: Started The nginx HTTP and reverse proxy server. [root@iZ1la3d1xbmukrZ opt]#
部署完成:
