zoukankan      html  css  js  c++  java
  • jumpserver1.4.0.2

    关闭防火墙和selinux

    IP:192.168.199.115

    一. 准备 Python3 和 Python 虚拟环境

    
    
    yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git
    wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz
    tar xvf Python-3.6.1.tar.xz  && cd Python-3.6.1
    ./configure && make && make install


    cd /opt
    python3 -m venv py3
    source /opt/py3/bin/activate
    
    # 看到下面的提示符代表成功,以后运行 Jumpserver 都要先运行以上 source 命令,以下所有命令均在该虚拟环境中运行
    (py3) [root@localhost py3]

    二. 安装 Jumpserver 1.0.0

    2.1 下载或 Clone 项目

    项目提交较多 git clone 时较大,你可以选择去 Github 项目页面直接下载zip包,我是下载安装包之后安装

    cd /opt/
    #git clone --depth=1 https://github.com/jumpserver/jumpserver.git && cd jumpserver && git checkout master   (从官网下载直接安装)
    下载安装包之后把下载的jumpserver-master.zip上传到 /opt目录
    unzip jumpserver-master.zip
    mv jumpserver-master jumpserver
    2.2 安装依赖 RPM 包
    cd /opt/jumpserver/requirements yum -y install $(cat rpm_requirements.txt) # 如果没有任何报错请继续

    2.3 安装 Python 库依赖

    pip install -r requirements.txt  # 不要指定-i参数,因为镜像上可能没有最新的包,如果没有任何报错请继续

    2.4 安装 Redis, Jumpserver 使用 Redis 做 cache 和 celery broke

    yum -y install redis
    systemctl start redis
    systemctl enable redis

    2.5 安装 MySQL

    yum -y install mariadb mariadb-devel mariadb-server # centos7下安装的是mariadb
    systemctl start mariadb
    systemctl enable mariadb

    2.6 创建数据库 Jumpserver 并授权

    $ mysql
    > create database jumpserver default charset 'utf8';
    > grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'jason_zhang';

    2.7 修改 Jumpserver 配置文件

    $ cd /opt/jumpserver
    $ cp config_example.py config.py
    $ vi config.py  # 修改其中 DevelopmentConfig的配置,因为默认jumpserver是使用该配置,它继承自Config
    (py3) [root@jason jumpserver]# cat config.py |grep -Ev '^$|^#'
    """
        jumpserver.config
        ~~~~~~~~~~~~~~~~~
        Jumpserver project setting file
        :copyright: (c) 2014-2017 by Jumpserver Team
        :license: GPL v2, see LICENSE for more details.
    """
    import os
    BASE_DIR = os.path.dirname(os.path.abspath(__file__))
    class Config:
        # Use it to encrypt or decrypt data
        # SECURITY WARNING: keep the secret key used in production secret!
        SECRET_KEY = os.environ.get('SECRET_KEY') or '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
        # Django security setting, if your disable debug model, you should setting that
        ALLOWED_HOSTS = ['*']
        # Development env open this, when error occur display the full process track, Production disable it
        DEBUG = os.environ.get("DEBUG") or True
        # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
        LOG_LEVEL = os.environ.get("LOG_LEVEL") or 'DEBUG'
        LOG_DIR = os.path.join(BASE_DIR, 'logs')
        # Database setting, Support sqlite3, mysql, postgres ....
        # See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
        # SQLite setting:
        DB_ENGINE = 'sqlite3'
        DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
        # MySQL or postgres setting like:
        # DB_ENGINE = os.environ.get("DB_ENGINE") or 'mysql'
        # DB_HOST = os.environ.get("DB_HOST") or '127.0.0.1'
        # DB_PORT = os.environ.get("DB_PORT") or 3306
        # DB_USER = os.environ.get("DB_USER") or 'jumpserver'
        # DB_PASSWORD = os.environ.get("DB_PASSWORD") or 'weakPassword'
        # DB_NAME = os.environ.get("DB_NAME") or 'jumpserver'
        # When Django start it will bind this host and port
        # ./manage.py runserver 127.0.0.1:8080
        HTTP_BIND_HOST = '0.0.0.0'
        HTTP_LISTEN_PORT = 8080
        # Use Redis as broker for celery and web socket
        REDIS_HOST = os.environ.get("REDIS_HOST") or '127.0.0.1'
        REDIS_PORT = os.environ.get("REDIS_PORT") or 6379
        REDIS_PASSWORD = os.environ.get("REDIS_PASSWORD") or ''
        REDIS_DB_CELERY = os.environ.get('REDIS_DB') or 3
        REDIS_DB_CACHE = os.environ.get('REDIS_DB') or 4
        def __init__(self):
            pass
        def __getattr__(self, item):
            return None
    class DevelopmentConfig(Config):
        DEBUG = True
        DB_ENGINE = 'mysql'
        DB_HOST = '127.0.0.1'
        DB_PORT = 3306
        DB_USER = 'jumpserver'
        DB_PASSWORD = 'jason_zhang'
        DB_NAME = 'jumpserver'
    class TestConfig(Config):
        pass
    class ProductionConfig(Config):
        pass
    config = DevelopmentConfig()

    2.8 生成数据库表结构和初始化数据

    cd /opt/jumpserver/utils
    bash make_migrations.sh

     2.9 运行 Jumpserver

    cd /opt/jumpserver
    python run_server.py all      (这个xshell界面不能停止运行,另打开一个进行接下来的操作)

    运行不报错,请浏览器访问 http://192.168.199.115:8080/     

    账号: admin 密码: admin

    三. 安装 SSH Server 和 WebSocket Server: Coco

    新开一个终端,运行Python3虚拟环境

    source /opt/py3/bin/activate

    3.1 下载或 Clone 项目

    cd /opt
    git clone https://github.com/jumpserver/coco.git && cd coco && git checkout master

    3.2 安装依赖

    cd /opt/coco/requirements
    yum -y  install $(cat rpm_requirements.txt)
    pip install -r requirements.txt

    3.3 查看配置文件并运行

    cd /opt/coco
    cp conf_example.py conf.py
    python run_server.py

    这时需要去 Jumpserver 管理后台-会话管理-终端管理,(http://192.168.199.115:8080/terminal/terminal/)接受 Coco 的注册

    四. 安装 Web Terminal 前端: Luna

    另开一个终端,运行Python3虚拟环境

    Luna 已改为纯前端,需要 Nginx 来运行访问

    访问(https://github.com/jumpserver/luna/releases)下载对应版本的 release 包,放在/opt目录下,直接解压,不需要编译

    4.1 解压 Luna

    tar xvf luna.tar.gz

    五. 安装 Windows 支持组件

    因为手动安装 guacamole 组件比较复杂,这里提供打包好的 docker 使用, 启动 guacamole

    yum install docker -y
    systemctl start docker
    systemctl enable docker
    docker run --name jms_guacamole -d \
      -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \
      -e JUMPSERVER_KEY_DIR=/config/guacamole/key \
      -e JUMPSERVER_SERVER=http://192.168.199.115:8080 \
      registry.jumpserver.org/public/guacamole:latest

    这里所需要注意的是 guacamole 暴露出来的端口是 8081,若与主机上其他端口冲突请自定义一下。

    再次强调:修改 JUMPSERVER_SERVER 环境变量的配置,填上 Jumpserver 的内网地址, 这时 去 Jumpserver-会话管理-终端管理 接受[Gua]开头的一个注册

    六. 配置 Nginx 整合各组件

    6.1 安装 Nginx 根据喜好选择安装方式和版本

    yum -y install nginx

    systemctl start nginx

    systemctl enable  nginx

    6.2 准备配置文件  /etc/nginx/nginx.conf

    user nginx;
    worker_processes auto;
    error_log /var/log/nginx/error.log;
    pid /run/nginx.pid;
    include /usr/share/nginx/modules/*.conf;
    events {
        worker_connections 1024;
    }
    http {
        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                          '$status $body_bytes_sent "$http_referer" '
                          '"$http_user_agent" "$http_x_forwarded_for"';
        access_log  /var/log/nginx/access.log  main;
        sendfile            on;
        tcp_nopush          on;
        tcp_nodelay         on;
        keepalive_timeout   65;
        types_hash_max_size 2048;
        include             /etc/nginx/mime.types;
        default_type        application/octet-stream;
        # Load modular configuration files from the /etc/nginx/conf.d directory.
        # See http://nginx.org/en/docs/ngx_core_module.html#include
        # for more information.
        include /etc/nginx/conf.d/*.conf;
            # Load configuration files for the default server block.
    server {
        listen 80;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        location /luna/ {
            try_files $uri / /index.html;
            alias /opt/luna/;
        }
        location /media/ {
            add_header Content-Encoding gzip;
            root /opt/jumpserver/data/;
        }
        location /static/ {
            root /opt/jumpserver/data/;
        }
        location /socket.io/ {
            proxy_pass       http://localhost:5000/socket.io/;
            proxy_buffering off;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
        location /guacamole/ {
            proxy_pass       http://localhost:8081/;
            proxy_buffering off;
            proxy_http_version 1.1;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $http_connection;
            access_log off;
        }
        location / {
            proxy_pass http://localhost:8080;
        }
    }
    }
    nginx -t  (检测配置文件是否正确)
    nginx -s reload

    http://192.168.199.115/

    开机自动运行Python3虚拟环境和jumpserver

    vim /etc/rc.d/rc.local
    cd /opt
    source /opt/py3/bin/activate
    cd /opt/jumpserver
    ./jms start

    chmod +x rc.local

     参考:https://jumpserver.readthedocs.io/zh/latest/step_by_step.html

  • 相关阅读:
    pagination分页插件使用
    ajax实现图片文件上传和图片预览
    屏幕护眼色调调节
    css画三角形以及实现带三角的阴影效果
    软件测试homework3
    使用Junit包进行单元测试并导入eclemma包。
    软件测试homework2
    软件测试homework1 编程过程的一个小错误
    ReentrantLock
    Elasticsearch-基本概念
  • 原文地址:https://www.cnblogs.com/xiaoyou2018/p/9553465.html
Copyright © 2011-2022 走看看