zoukankan      html  css  js  c++  java
  • jumper-server-部署官网版

    本文链接:https://www.cnblogs.com/wwtao/p/11491574.html

    官网链接: https://jumpserver.readthedocs.io/zh/master/setup_by_localcloud.html

    参考链接 : https://www.cnblogs.com/zsl-find/articles/11181624.html

    https://cloud.tencent.com/developer/article/1460469 此链接是百度搜索的 , 比较详细

    https://www.cnblogs.com/zsl-find/articles/11466132.html

     https://jumpserver.readthedocs.io/zh/master/setup_by_localcloud.html  jumpserver安装

    参考官方文档 https://jumpserver.readthedocs.io/zh/master/introduce.html 详情参考此链接的快速入门

    https://www.cnblogs.com/zsl-find/articles/11179450.html  第一次粗略配置

    jumpserver 是全球首款完全开源的堡垒机

    Jumpserver 采纳分布式架构, 支持多机房跨区域部署, 中心节点提供 API, 各机房部署登录节点, 可横向扩展、无并发访问限制。

    Jumpserver 现已支持管理 SSH、 Telnet、 RDP、 VNC 协议资产

    1.

    环境部署yum update -y

    # 防火墙 与 selinux 设置说明, 如果已经关闭了 防火墙 和 Selinux 的用户请跳过设置
    systemctl start firewalld
    firewall-cmd --zone=public --add-port=80/tcp --permanent  # nginx 端口
    firewall-cmd --zone=public --add-port=2222/tcp --permanent  # 用户SSH登录端口 koko
      --permanent  永久生效, 没有此参数重启后失效

    firewall-cmd --reload  # 重新载入规则

    setenforce 0
    sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

    # 安装依赖包
    yum -y install wget gcc epel-release git

    # 安装 Redis, Jumpserver 使用 Redis 做 cache 和 celery broke
    yum -y install redis
    systemctl enable redis
    systemctl start redis

    # 安装 MySQL, 如果不使用 Mysql 可以跳过相关 Mysql 安装和配置, 支持sqlite3, mysql, postgres等
    yum -y install mariadb mariadb-devel mariadb-server MariaDB-shared # centos7下叫mariadb, 用法与mysql一致
    systemctl enable mariadb
    systemctl start mariadb
    # 创建数据库 Jumpserver 并授权
    DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`  # 生成随机数据库密码
    echo -e "33[31m 你的数据库密码是 $DB_PASSWORD 33[0m"
    mysql -uroot -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD'; flush privileges;"

    # 安装 Nginx, 用作代理服务器整合 Jumpserver 与各个组件
    $ vi /etc/yum.repos.d/nginx.repo

    [nginx]
    name=nginx repo
    baseurl=http://nginx.org/packages/centos/7/$basearch/
    gpgcheck=0
    enabled=1

    $ yum -y install nginx
    systemctl enable nginx

    # 安装 Python3.6
    yum -y install python36 python36-devel

    # 配置并载入 Python3 虚拟环境
    cd /opt
    python3.6 -m venv py3  # py3 为虚拟环境名称, 可自定义
    source /opt/py3/bin/activate  # 退出虚拟环境可以使用 deactivate 命令

    # 看到下面的提示符代表成功, 以后运行 Jumpserver 都要先运行以上 source 命令, 载入环境后默认以下所有命令均在该虚拟环境中运行
    (py3) [root@localhost py3]

    # 下载 Jumpserver 可以用下载好的包上传
    $ cd /opt/
    $ git clone --depth=1 https://github.com/jumpserver/jumpserver.git

    # 安装依赖 RPM 包
    $ yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt)

    # 安装 Python 库依赖
    $ pip install --upgrade pip setuptools
    $ pip install -r /opt/jumpserver/requirements/requirements.txt

    #阿里源更新更快一些
    $ pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/
    $ pip install -r /opt/jumpserver/requirements/requirements.txt -i https://mirrors.aliyun.com/pypi/simple/

    2. # 修改 Jumpserver 配置文件
    cd /opt/jumpserver
    cp config_example.yml config.yml

    SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`  # 生成随机SECRET_KEY
    echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
    BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`  # 生成随机BOOTSTRAP_TOKEN
    echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc

    sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
    sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
    sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
    sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
    sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
    sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml

    echo -e "33[31m 你的SECRET_KEY是 $SECRET_KEY 33[0m"
    echo -e "33[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN 33[0m"

    $ vi config.yml  # 确认内容有没有错误

    3.运行 Jumpserver
    $ cd /opt/jumpserver
    $ ./jms start -d  # 后台运行使用 -d 参数./jms start -d
    # 新版本更新了运行脚本, 使用方式./jms start|stop|status all  后台运行请添加 -d 参数
    4 。# 安装 docker 部署 koko 与 guacamole
    yum install -y yum-utils device-mapper-persistent-data lvm2
    yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
    yum makecache fast
    rpm --import https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
    yum -y install docker-ce
    systemctl enable docker
    curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
    systemctl restart docker

    # 允许 容器ip 访问宿主 8080 端口, (容器的 ip 可以进入容器查看)
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="172.17.0.0/16" port protocol="tcp" port="8080" accept"
    firewall-cmd --reload
    # 172.17.0.x 是docker容器默认的IP池, 这里偷懒直接授权ip段了, 可以根据实际情况单独授权IP

    # 获取当前服务器 IP
    Server_IP=`ip addr | grep inet | egrep -v '(127.0.0.1|inet6|docker)' | awk '{print $2}' | tr -d "addr:" | head -n 1 | cut -d / -f1`
    echo -e "33[31m 你的服务器IP是 $Server_IP 33[0m"

    # http://<Jumpserver_url> 指向 jumpserver 的服务端口, 如 http://192.168.244.144:8080
    # BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN
    #注意docker可能会拉取两次guacamole 可能和docker版本有关已经下载好备份了
    $ docker run --name jms_koko -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_koko:1.5.1
    $ docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_guacamole:1.5.1

    5.# 安装 Web Terminal 前端: Luna  需要 Nginx 来运行访问 访问(https://github.com/jumpserver/luna/releases)下载对应版本的 release 包, 直接解压, 不需要编译
    $ cd /opt
    $ wget https://github.com/jumpserver/luna/releases/download/1.5.1/luna.tar.gz

    # 如果网络有问题导致下载无法完成可以使用下面地址
    $ wget https://demo.jumpserver.org/download/luna/1.5.1/luna.tar.gz

    tar xf luna.tar.gz
    chown -R root:root luna


    6.vi /etc/nginx/conf.d/jumpserver.conf

    server {
        listen 80;

        client_max_body_size 100m;  # 录像及文件上传大小限制

        location /luna/ {
            try_files $uri / /index.html;
            alias /opt/luna/;  # luna 路径, 如果修改安装目录, 此处需要修改
        }

        location /media/ {
            add_header Content-Encoding gzip;
            root /opt/jumpserver/data/;  # 录像位置, 如果修改安装目录, 此处需要修改
        }

        location /static/ {
            root /opt/jumpserver/data/;  # 静态资源, 如果修改安装目录, 此处需要修改
        }

        location /socket.io/ {
            proxy_pass       http://localhost:5000/socket.io/;
            proxy_buffering off;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            access_log off;
        }

        location /coco/ {
            proxy_pass       http://localhost:5000/coco/;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            access_log off;
        }

        location /guacamole/ {
            proxy_pass       http://localhost:8081/;
            proxy_buffering off;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $http_connection;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            access_log off;
        }

        location / {
            proxy_pass http://localhost:8080;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }

    7.# 运行 Nginx
    $ nginx -t   # 确保配置没有问题, 有问题请先解决
    $ systemctl start nginx

    # 访问 http://192.168.244.144 (注意 没有 :8080 通过 nginx 代理端口进行访问)
    # 默认账号: admin 密码: admin  到会话管理-终端管理 接受 koko Guacamole 等应用的注册
    # 测试连接
    $ ssh -p2222 admin@192.168.244.144
    $ sftp -P2222 admin@192.168.244.144
      密码: admin

    # 如果是用在 Windows 下, Xshell Terminal 登录语法如下
    $ ssh admin@192.168.244.144 2222
    $ sftp admin@192.168.244.144 2222
      密码: admin
      如果能登陆代表部署成功

    # sftp默认上传的位置在资产的 /tmp 目录下
    # windows拖拽上传的位置在资产的 Guacamole RDP上的 G 目录下

    8.1 rm -rf /opt/jumpserver  # jumpserver 目录
    rm -rf /opt/coco  # coco 目录
    rm -rf /opt/koko /opt/kokodir  # koko 目录
    rm -rf /opt/docker-guacamole  # guacamole 目录
    rm -rf /opt/py3  # python3 虚拟环境
    rm -rf /config  # guacamole client 目录
    rm -rf /etc/nginx/conf.d/jumpserver.conf



    8.2 $ rm -rf /opt/jumpserver  # jumpserver 目录
    $ rm -rf /opt/py3  # python3 虚拟环境
    $ rm -rf /etc/nginx/conf.d/jumpserver.conf

    # 删除 docker 组件
    $ docker rm jms_coco
    $ docker rm jms_koko
    $ docker rm jms_guacamole
    $ docker rmi jumpserver/jms_coco:1.5.1  # 自行替换版本
    $ docker rmi jumpserver/jms_koko:1.5.1  # 自行替换版本
    $ docker rmi jumpserver/jms_guacamole:1.5.1  # 自行替换版本

    # 删除自启文件
    $ rm -rf /usr/lib/systemd/system/jms.service
    $ rm -rf /opt/start_jms.sh
    $ rm -rf /opt/stop_jms.sh

    # 删除数据库
    $ mysql -uroot
    > drop database jumpserver;
    > exit

    # 清空 redis
    $ redis-cli -h 127.0.0.1
    > flushall
    > exit

    $ reboot # 重启服务器



    9.# Jumpserver
    $ vi /usr/lib/systemd/system/jms.service
    [Unit]
    Description=jms
    After=network.target mariadb.service redis.service docker.service
    Wants=mariadb.service redis.service docker.service

    [Service]
    Type=forking
    Environment="PATH=/opt/py3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin"
    ExecStart=/opt/jumpserver/jms start all -d
    ExecReload=
    ExecStop=/opt/jumpserver/jms stop

    [Install]
    WantedBy=multi-user.target
    --------------------------------------------------------------
    # 启动
    $ vi /opt/start_jms.sh

    #!/bin/bash
    set -e

    export LANG=zh_CN.UTF-8

    systemctl start jms
    docker start jms_koko
    docker start jms_guacamole

    exit 0
    --------------------------------------------------------------
    # 停止
    $ vi /opt/stop_jms.sh

    #!/bin/bash
    set -e

    export LANG=zh_CN.UTF-8

    docker stop jms_koko
    docker stop jms_guacamole
    systemctl stop jms

    exit 0
    --------------------------------------------------------------
    # 写入 rc.local
    $ chmod +x /etc/rc.d/rc.local
    $ if [ "$(cat /etc/rc.local | grep start_jms.sh)" == "" ]; then echo "sh /opt/start_jms.sh" >> /etc/rc.local; fi

    重点粘贴复制部署方式

    
    

    https://jumpserver.readthedocs.io/zh/master/setup_by_localcloud.html

    1.
    echo -e "33[31m 1. 防火墙 Selinux 设置 33[0m"
      && if [ "$(systemctl status firewalld | grep running)" != "" ]; then firewall-cmd --zone=public --add-port=80/tcp --permanent; firewall-cmd --zone=public --add-port=2222/tcp --permanent; firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="172.17.0.0/16" port protocol="tcp" port="8080" accept"; firewall-cmd --reload; fi
      && if [ "$(getenforce)" != "Disabled" ]; then setsebool -P httpd_can_network_connect 1; fi

    2. 注意源可能有问题需要比对 # yum --enablerepo=updates clean metadata
     echo -e "33[31m 2. 部署环境 33[0m"
      && yum update -y
      && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
      && yum -y install kde-l10n-Chinese
      && localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
      && export LC_ALL=zh_CN.UTF-8
      && echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf
      && yum -y install wget gcc epel-release git
      && yum install -y yum-utils device-mapper-persistent-data lvm2
      && yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
      && yum makecache fast
      && rpm --import https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
      && echo -e "[nginx-stable] name=nginx stable repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key" > /etc/yum.repos.d/nginx.repo
      && rpm --import https://nginx.org/keys/nginx_signing.key
      && yum -y install redis mariadb mariadb-devel mariadb-server MariaDB-shared nginx docker-ce
      && systemctl enable redis mariadb nginx docker
      && systemctl start redis mariadb
      && yum -y install python36 python36-devel
      && python3.6 -m venv /opt/py3

    3.
    echo -e "33[31m 3. 下载组件 33[0m"
      && cd /opt
      && if [ ! -d "/opt/jumpserver" ]; then git clone --depth=1 https://github.com/jumpserver/jumpserver.git; fi
      && if [ ! -f "/opt/luna.tar.gz" ]; then wget https://demo.jumpserver.org/download/luna/1.5.2/luna.tar.gz; tar xf luna.tar.gz; chown -R root:root luna; fi
      && yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt)
      && echo -e "[easy_install] index_url = https://mirrors.aliyun.com/pypi/simple/" > ~/.pydistutils.cfg
      && source /opt/py3/bin/activate
      && pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/
      && pip install -r /opt/jumpserver/requirements/requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
      && curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
      && systemctl restart docker
      && docker pull jumpserver/jms_koko:1.5.2
      && docker pull jumpserver/jms_guacamole:1.5.2
      && rm -rf /etc/nginx/conf.d/default.conf
      && wget -O /etc/nginx/conf.d/jumpserver.conf https://demo.jumpserver.org/download/nginx/conf.d/jumpserver.conf

    4.
    echo -e "33[31m 4. 处理配置文件 33[0m"
      && source ~/.bashrc
      && if [ "$DB_PASSWORD" = "" ]; then DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`; fi
      && if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; fi
      && if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; fi
      && if [ "$Server_IP" = "" ]; then Server_IP=`ip addr | grep inet | egrep -v '(127.0.0.1|inet6|docker)' | awk '{print $2}' | tr -d "addr:" | head -n 1 | cut -d / -f1`; fi
      && if [ ! -d "/var/lib/mysql/jumpserver" ]; then mysql -uroot -e "create database jumpserver default charset 'utf8';grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD';flush privileges;"; fi
      && if [ ! -f "/opt/jumpserver/config.yml" ]; then cp /opt/jumpserver/config_example.yml /opt/jumpserver/config.yml; sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml; sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml; sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml; sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml; sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml; sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml; fi

    5.

    echo -e "33[31m 5. 启动 Jumpserver 33[0m"
      && systemctl start nginx
      && cd /opt/jumpserver
      && ./jms start -d
      && docker run --name jms_koko -d -p 2222:2222 -p 127.0.0.1:5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN --restart=always jumpserver/jms_koko:1.5.2
      && docker run --name jms_guacamole -d -p 127.0.0.1:8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN --restart=always jumpserver/jms_guacamole:1.5.2
      && echo -e "33[31m 你的数据库密码是 $DB_PASSWORD 33[0m"
      && echo -e "33[31m 你的SECRET_KEY是 $SECRET_KEY 33[0m"
      && echo -e "33[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN 33[0m"
      && echo -e "33[31m 你的服务器IP是 $Server_IP 33[0m"
      && echo -e "33[31m 请打开浏览器访问 http://$Server_IP 用户名:admin 密码:admin 33[0m"

    ----
     你的数据库密码是 CgOhWnDvDpvH4AskVJlNMD6p
     你的SECRET_KEY是 PaGqYgCzBNaw2t27LdLlvW5hnJvqIgh5iuGYqIl5mQsxC7rkoU
     你的BOOTSTRAP_TOKEN是 JW5HpUJMiY4Przv9
     你的服务器IP是 192.168.1.130
     请打开浏览器访问 http://192.168.1.130 用户名:admin 密码:admin

    6.
    echo -e "33[31m 6. 配置自启 33[0m"
      && if [ ! -f "/usr/lib/systemd/system/jms.service" ]; then wget -O /usr/lib/systemd/system/jms.service https://demo.jumpserver.org/download/shell/centos/jms.service; chmod 755 /usr/lib/systemd/system/jms.service; systemctl enable jms; fi












    可怜一片无暇玉, 误落风尘花草中。 羡他村落无盐女, 不宠无惊过一生。
  • 相关阅读:
    Appium+python自动化3-启动淘宝app
    Appium+python自动化2-环境搭建(下)
    Appium+python自动化1-环境搭建(上)
    postman提取返回值
    Android studio(AS)的下载和安装
    monkey的安装和配置
    配置自己的CentOS7服务器
    mac-homebrew安装太慢
    vue.js中祖孙通信之provide与inject
    nginx location 以及 proxy_pass 的几种情况 以/结尾的问题
  • 原文地址:https://www.cnblogs.com/wwtao/p/11491574.html
Copyright © 2011-2022 走看看