环境:
- CentOS Linux release 7.6.1810 (Core)
- JumpServer 1.4.8
- Python 3.6.X
- MariaDB
编译安装Python3.6
首先,下载Python 3.6.9的tar包。链接地址为:https://www.python.org/ftp/python/3.6.9/Python-3.6.9.tgz,然后使用命令tar -xvf Python-3.6.9.tgz解压。
安装依赖项
安装编译安装Python所需要的依赖项。
yum install -y zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel libffi-devel gcc make
配置编译
进入到之前解压的Python目录中
cd Python-3.6.9
屏幕日志:
[root@localhost ~]# ls
anaconda-ks.cfg Python-3.6.9 Python-3.6.9.tgz
[root@localhost ~]# cd Python-3.6.9
配置编译安装的路径:
./configure --prefix=/opt/Python/Python369
屏幕日志:
[root@localhost Python-3.6.9]# ls
aclocal.m4 config.sub configure.ac Grammar install-sh LICENSE Makefile.pre.in Modules Parser PCbuild pyconfig.h.in README.rst Tools
config.guess configure Doc Include Lib Mac Misc Objects PC Programs Python setup.py
[root@localhost Python-3.6.9]# ./configure --prefix=/opt/Python/Python369
其中:
--prefix是指定编译安装的文件夹的参数,这里根据需要指定安装目录
优化选项(可选)
执行上一步之后,会在最后又这样一段话:
If you want a release build with all stable optimizations active (PGO, etc),
please run ./configure --enable-optimizations
如果使用了--enable-optimizations选项,--prefix选项不在生效,--enable-optimizations选项会安装在/usr/目录下,后续不在添加软连接或环境变量。
编译安装
执行make && make install命令,进行编译安装
[root@localhost Python-3.6.9]# ls
aclocal.m4 config.status configure.ac Include LICENSE Makefile.pre Modules PC pyconfig.h README.rst
config.guess config.sub Doc install-sh Mac Makefile.pre.in Objects PCbuild pyconfig.h.in setup.py
config.log configure Grammar Lib Makefile Misc Parser Programs Python Tools
[root@localhost Python-3.6.9]# make && make install
配置环境变量
安装完成之后,可以通过配置环境变量,或者软连,方便使用。在/etx/profile中的最后添加安装安装目录的bin目录,PATH=/opt/Python/Python369/bin:$PATH。
屏幕日志:
[root@localhost ~]# tail -f /etc/profile
. "$i" >/dev/null
fi
fi
done
unset i
unset -f pathmunge
# Python settings
PATH=/opt/Python/Python369/bin:$PATH
使用命令source /etc/profile,重新加载配置,使之生效。
环境部署
这步主要是配置阿里镜像源,epel,安装Mariadb,Redis,Git,Docker,Nginx服务
配置epel源
yum install -y epel-release
安装Mariadb,Redis,Git,Docker,Nginx,git服务
yum -y install redis mariadb mariadb-devel mariadb-server mariadb-shared nginx git
配置开机启动
systemctl enable redis mariadb nginx docker
启动redis和mariadb
systemctl start redis mariadb
创建Python虚拟环境,并加载虚拟环境
python3.6 -m venv /opt/py3
. /opt/py3/bin/activate
数据库中创建jumpserver用户及其数据库,并且将jumpserver数据库授权给jumpserver用户。
create database jumpserver default charset 'utf8';
grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'Jumpserver1!';
屏幕信息:
MariaDB [(none)]> create database jumpserver default charset 'utf8';
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| jumpserver |
| mysql |
| performance_schema |
| test |
+--------------------+
5 rows in set (0.00 sec)
MariaDB [(none)]> grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'Jumpserver1!';
Query OK, 0 rows affected (0.00 sec)
安装Jumpserver
这里主要是下载jumpserver的安装包,Python的三方库的安装,docker拉取相关组件,Jumpserver安装在/opt下,所以,文件都下载在/opt/下,首先移动到/opt/目录下
使用Git克隆jumpserver项目,并且切换到1.4.8版本
cd /opt
git clone https://github.com/jumpserver/jumpserver.git
cd /opt/jumpserver
git checkout 1.4.8
屏幕信息:
[root@localhost opt]# git clone https://github.com/jumpserver/jumpserver.git
Cloning into 'jumpserver'...
remote: Enumerating objects: 43783, done.
remote: Total 43783 (delta 0), reused 0 (delta 0), pack-reused 43783
Receiving objects: 100% (43783/43783), 52.94 MiB | 59.00 KiB/s, done.
Resolving deltas: 100% (30028/30028), done.
[root@localhost opt]# ls
jumpserver Python
[root@localhost opt]# cd jumpserver/
[root@localhost jumpserver]# git checkout 1.4.8
Note: checking out '1.4.8'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
git checkout -b new_branch_name
HEAD is now at 232674b... Merge pull request #2423 from jumpserver/dev
安装jumpserver依赖项
cd /opt/jumpserver/requirements
yum install -y $(cat rpm_requirements.txt)
pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
修改jumpserver配置文件
cd /opt/jumpserver
cp config_example.yml config.yml
vim config.yml
# 注意 SECRET_KEY 和 BOOTSTRAP_TOKEN 不能使用纯数字字符串
修改config.yml中的配置信息,SECRET_KEY,BOOTSTRAP_TOKEN,MySQL的配置项。
启动jumpserver
$ cd /opt/jumpserver
$ ./jms start # 可以 -d 参数在后台运行 ./jms start -d
注意:
启动前确保已经载入py3虚拟环境
安装coco组件
使用git克隆项目,并且切换到1.4.8版本,注意:
koko组件不支持jumpserver1.4.8
cd /opt
git clone https://github.com/jumpserver/coco.git
cd /opt/coco/
git checkout 1.4.8
屏幕信息:
(py3) [root@localhost opt]# git clone https://github.com/jumpserver/coco.git
Cloning into 'coco'...
remote: Enumerating objects: 98, done.
remote: Counting objects: 100% (98/98), done.
remote: Compressing objects: 100% (74/74), done.
remote: Total 3748 (delta 43), reused 46 (delta 22), pack-reused 3650
Receiving objects: 100% (3748/3748), 2.03 MiB | 800.00 KiB/s, done.
Resolving deltas: 100% (2407/2407), done.
(py3) [root@localhost opt]# cd coco/
(py3) [root@localhost coco]# git checkout 1.4.8
Note: checking out '1.4.8'.
You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.
If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:
git checkout -b new_branch_name
HEAD is now at 74582ea... Merge pull request #191 from jumpserver/dev
安装coco依赖项
cd /opt/coco/requirements
pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
coco配置
cd /opt/coco
cp config_example.yml config.yml
vim config.yml # BOOTSTRAP_TOKEN 需要从 jumpserver/config.yml 里面获取, 保证一致
参考一下信息修改:
# Bootstrap Token, 预共享秘钥, 用来注册coco使用的service account和terminal
# 请和jumpserver 配置文件中保持一致,注册完成后可以删除
BOOTSTRAP_TOKEN: NGMhSQlXvtpsi0xClRtzeqeqMPsCAy01JmApWtGtNsPwFJiQz
启动coco组件
./cocod start # 可以 -d 参数在后台运行 ./jms start -d
屏幕信息:
(py3) [root@localhost coco]# ./cocod start -d
Use eventlet dispatch
2019-09-21 14:58:27 [service INFO] No access key found, register it
Start coco process
安装guacamole组件
cd /opt
git clone https://github.com/jumpserver/docker-guacamole.git
cd /opt/docker-guacamole
tar xf guacamole-server-1.0.0.tar.gz
cd /opt/docker-guacamole/guacamole-server-1.0.0
安装包含ffmpeg的yum源
cd ~
wget https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm 2
wget https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm 1
rpm -ivh *.rpm
安装编译guacamole依赖项
cd /opt/docker-guacamole/guacamole-server-1.0.0
yum install -y cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel
yum install -y ffmpeg-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel libtool java-1.8.0-openjdk
ln -s /usr/local/lib/freerdp/*.so /usr/lib64/freerdp2/
autoreconf -fi
./configure --with-init-dir=/etc/init.d
make
make install
注意:
/usr/lib64/freerdp2/有可能是/usr/lib64/freerdp/,请查看改成相对应的目录名
安装Tomcat
mkdir -p /config/guacamole /config/guacamole/lib /config/guacamole/extensions /config/guacamole/data/log/
cd /config
wget https://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v9.0.26/bin/apache-tomcat-9.0.26.tar.gz
tar xf apache-tomcat-9.0.26.tar.gz
mv apache-tomcat-9.0.26.tar.gz tomcat9
rm -rf /config/tomcat9/webapps/*
sed -i 's/Connector port="8080"/Connector port="8081"/g' /config/tomcat9/conf/server.xml
echo "java.util.logging.ConsoleHandler.encoding = UTF-8" >> /config/tomcat9/conf/logging.properties
ln -sf /opt/docker-guacamole/guacamole-1.0.0.war /config/tomcat9/webapps/ROOT.war
ln -sf /opt/docker-guacamole/guacamole-auth-jumpserver-1.0.0.jar /config/guacamole/extensions/guacamole-auth-jumpserver-1.0.0.jar
ln -sf /opt/docker-guacamole/root/app/guacamole/guacamole.properties /config/guacamole/guacamole.properties
wget https://github.com/ibuler/ssh-forward/releases/download/v0.0.5/linux-amd64.tar.gz
tar xf linux-amd64.tar.gz -C /bin/
chmod +x /bin/ssh-forward
设置 guacamole 环境
export JUMPSERVER_SERVER=http://127.0.0.1:8080 # http://127.0.0.1:8080 指 jumpserver 访问地址
echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
# BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN 值
export BOOTSTRAP_TOKEN=******
echo "export BOOTSTRAP_TOKEN=******" >> ~/.bashrc
export JUMPSERVER_KEY_DIR=/config/guacamole/keys
echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
export GUACAMOLE_HOME=/config/guacamole
echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
启动
/etc/init.d/guacd start
sh /config/tomcat9/bin/startup.sh
docker部署guacamole组件
使用docker部署,部分环境可能无法正常编译安装
$ docker run --name jms_guacamole -d -p 127.0.0.1:8081:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=<Jumpserver_BOOTSTRAP_TOKEN> jumpserver/jms_guacamole:<Tag>
# <Jumpserver_url> 为 jumpserver 的 url 地址, <Jumpserver_BOOTSTRAP_TOKEN> 需要从 jumpserver/config.yml 里面获取, 保证一致, <Tag> 是版本
# 例: docker run --name jms_guacamole -d -p 127.0.0.1:8081:8081 -e JUMPSERVER_SERVER=http://192.168.244.144:8080 -e BOOTSTRAP_TOKEN=abcdefg1234 jumpserver/jms_guacamole:1.5.2
安装luna组件
cd /opt
wget https://github.com/jumpserver/luna/releases/download/1.5.2/luna.tar.gz
tar xf luna.tar.gz
chown -R root:root luna
安装nginx
yum install yum-utils
创建文件/etc/yum.repos.d/nginx.repo,并写入一下内容:
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
安装nginx
yum-config-manager --enable nginx-mainline
yum install nginx
Nginx整合组件
rm -rf /etc/nginx/conf.d/default.conf
vim /etc/nginx/conf.d/jumpserver.conf
jumpserver.conf中的配置如下:
server {
listen 80;
client_max_body_size 100m; # 录像及文件上传大小限制
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /coco/ {
proxy_pass http://localhost:5000/coco/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
常见问题
数据库无权限链接
如果使用MySQL数据库,启动jumpserver报数据库链接异常,无权限链接,
如果是由于登录主机名不一致造成的,使用以下方法处理:
需要在/etc/my.conf中的[mysqld]选项中添加--skip-grant-tables,然后重启MySQL服务。登录MySQL,使用SQLgrant all on jumpserver.* to 'jumpserver'@'%' identified by 'Jumpserver1!';修改登录的主机名,然后执行flush privileges;刷新权限。
安装python-gssapi
如果pip安装python-gssapi==0.6.4,已在卡在这一步,需要退出,下载安装包,移动到安装包所在目录,使用pip install python-gssapi-0.6.4.tar.gz
安装之后,移动到/opt/jumpserver/requirements目录下,使用pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/继续安装
使用git克隆仓库卡住
如果使用git克隆仓库是,卡在接受对象是,可能是由于网络的原因,可推出重新克隆,或者是使用浏览器下载zip包之后上传服务器,解压。