jumpserver 1.5.9安装
Posted blog-lhong
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了jumpserver 1.5.9安装相关的知识,希望对你有一定的参考价值。
##jumpserver 1.5.9安装
#!/bin/bash ###jumpserver 1.5.9 systemctl stop firewalld systemctl disable firewalld setenforce 0 sed -i "s/SELINUX=.*/SELINUX=disabled/g" /etc/selinux/config hostnamectl set-hostname node$(hostname -I |cut -d ‘.‘ -f4) #@准备Python3和python虚拟环境 #安装依赖包 yum -y install wget gcc git epel-release #安装Python3.6 yum -y install python36 python36-devel #安装redis yum -y install redis systemctl enable redis systemctl start redis #安装mariadb yum -y install mariadb mariadb-devel mariadb-server mariadb-shared systemctl enable mariadb systemctl start mariadb #创建数据看看jumpserver并授权 mysql -e "create database if not exists jumpserver default charset ‘utf8‘; grant all on jumpserver.* TO ‘jumpserver‘@‘localhost‘ IDENTIFIED BY ‘jumpserver‘; flush privileges;" mysql -ujumpserver -pjumpserver -e ‘show databases;‘ #建立Python虚拟环境 python3.6 -m venv /opt/py3 source /opt/py3/bin/activate wget http://134.175.107.119/download/jumpserver/1.5.9/jumpserver.tar.gz tar zxvf jumpserver.tar.gz -C /opt/ ####安装编译环境依赖 cd /opt/jumpserver/requirements #安装依赖rpm包 yum install -y $(cat rpm_requirements.txt) #安装Python库依赖 pip install wheel && pip install --upgrade pip setuptools && pip install -r requirements.txt #确保已经载入 py3 虚拟环境, 中间如果遇到报错一般是依赖包没装全, 可以通过 搜索引擎 解决 #国内可以使用镜像加速 # #pip install wheel -i https://mirrors.aliyun.com/pypi/simple/ #pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/ #pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/ ##修改配置文件 cd /opt/jumpserver cp config_example.yml config.yml SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16` echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml ####数据库密码jumpserver sed -i ‘s/DB_PASSWORD:.*/DB_PASSWORD: jumpserver/g‘ /opt/jumpserver/config.yml echo -e "�33[31m 你的SECRET_KEY是 $SECRET_KEY �33[0m" echo -e "�33[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN �33[0m" ##echo -e "�33[31m 你的SECRET_KEY是 $SECRET_KEY �33[0m" ## 你的SECRET_KEY是 jZIfxus6Admhip2vsuOzAEqh3byK5jUx6KOc0hNYaNZSvFjiJW ##(py3) [root@node70 jumpserver]# echo -e "�33[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN �33[0m" ## 你的BOOTSTRAP_TOKEN是 wv5gsAwJdTJOSCab ###启动 jumpserver 要在后台运行加 ./jms start -d source /opt/py3/bin/activate && cd /opt/jumpserver && ./jms start ##正常部署 koko 组件 cd /opt #wget http://134.175.107.119/download/koko/1.5.9/koko-master-linux-amd64.tar.gz wget https://github.com/jumpserver/koko/releases/download/1.5.9/koko-master-linux-amd64.tar.gz tar -zxvf koko-master-linux-amd64.tar.gz -C /opt/ chown -R root:root /opt/kokodir cd /opt/kokodir cp config_example.yml config.yml sed -i "s/BOOTSTRAP_TOKEN:.*/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/kokodir/config.yml sed -i "s/# LOG_LEVEL:.*/LOG_LEVEL: ERROR/" /opt/kokodir/config.yml sed -i "s/# SHARE_ROOM_TYPE:.*/SHARE_ROOM_TYPE: redis/" /opt/kokodir/config.yml ### Redis配置 sed -i "s/# REDIS_HOST:.*/REDIS_HOST: 127.0.0.1/" /opt/kokodir/config.yml sed -i "s/# REDIS_PORT:.*/REDIS_PORT: 6379/" /opt/kokodir/config.yml #sed -i "s/# REDIS_PASSWORD:.*/REDIS_PASSWORD: ZhYnLrodpmPncovxJTnRyiBs/" /opt/kokodir/config.yml sed -i "s/# REDIS_DB_ROOM:.*/REDIS_DB_ROOM: 6/" /opt/kokodir/config.yml grep -Ev ‘^$|^#‘ /opt/kokodir/config.yml ###启动 koko 要在后台运行加 ./koko -d source /opt/py3/bin/activate && cd /opt/kokodir && ./koko ##docker 部署 koko 组件 如果前面已经正常部署了 koko, 可以跳过此步骤 #docker run --name jms_koko -d -p 2222:2222 -p 127.0.0.1:5000:5000 -e CORE_HOST=http://192.168.244.144:8080 -e BOOTSTRAP_TOKEN=zxffNymGjP79j6BN -e LOG_LEVEL=ERROR --restart=always jumpserver/jms_koko:1.5.9 ###正常安装并启动 guacamole 组件 #根据 guacamole官方文档 文档安装对应的依赖包 ###Fedora/CentOS/RHEL: yum -y localinstall --nogpgcheck https://mirrors.aliyun.com/rpmfusion/free/el/rpmfusion-free-release-7.noarch.rpm https://mirrors.aliyun.com/rpmfusion/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm && yum install -y cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel && yum install -y ffmpeg-devel freerdp1.2-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel && ln -s /usr/local/lib/freerdp /usr/lib64/freerdp ##############automake-1.15 wget http://ftp.gnu.org/gnu/automake/automake-1.15.tar.gz tar -zxvf automake-1.15.tar.gz -C /opt/ cd /opt/automake-1.15 ./bootstrap.sh ./configure && make && make install automake --version ############################# yum install -y libtool ##正常安装并启动 guacamole 组件 cd /opt git clone --depth=1 https://github.com/jumpserver/docker-guacamole.git cd /opt/docker-guacamole && tar -xf guacamole-server-1.0.0.tar.gz && tar -xf ssh-forward.tar.gz -C /bin/ && chmod +x /bin/ssh-forward cd /opt/docker-guacamole/guacamole-server-1.0.0 autoreconf -fi && ./configure --with-init-dir=/etc/init.d && make && make install #################需要先在当前环境配置好 java #Centos: yum install -y java-1.8.0-openjdk java-1.8.0-openjdk-devel mkdir -p /config/guacamole /config/guacamole/extensions /config/guacamole/record /config/guacamole/drive && chown daemon:daemon /config/guacamole/record /config/guacamole/drive && cd /config ############################ wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v9.0.35/bin/apache-tomcat-9.0.35.tar.gz tar -xf apache-tomcat-9.0.35.tar.gz && mv apache-tomcat-9.0.35 tomcat9 && rm -rf /config/tomcat9/webapps/* && sed -i ‘s/Connector port="8080"/Connector port="8081"/g‘ /config/tomcat9/conf/server.xml && echo "java.util.logging.ConsoleHandler.encoding = UTF-8" >> /config/tomcat9/conf/logging.properties && ln -sf /opt/docker-guacamole/guacamole-1.0.0.war /config/tomcat9/webapps/ROOT.war && ln -sf /opt/docker-guacamole/guacamole-auth-jumpserver-1.0.0.jar /config/guacamole/extensions/guacamole-auth-jumpserver-1.0.0.jar && ln -sf /opt/docker-guacamole/root/app/guacamole/guacamole.properties /config/guacamole/guacamole.properties ##设置 guacamole 环境 export JUMPSERVER_SERVER=http://127.0.0.1:8080 echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc export BOOTSTRAP_TOKEN=zxffNymGjP79j6BN echo "export BOOTSTRAP_TOKEN=zxffNymGjP79j6BN" >> ~/.bashrc export JUMPSERVER_KEY_DIR=/config/guacamole/keys echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc export GUACAMOLE_HOME=/config/guacamole echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc export GUACAMOLE_LOG_LEVEL=ERROR echo "export GUACAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrc export JUMPSERVER_ENABLE_DRIVE=true echo "export JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc ####环境变量说明 ###JUMPSERVER_SERVER 指 core 访问地址 ###BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN 值 ###JUMPSERVER_KEY_DIR 认证成功后 key 存放目录 ###GUACAMOLE_HOME 为 guacamole.properties 配置文件所在目录 ###GUACAMOLE_LOG_LEVEL 为生成日志的等级 ###JUMPSERVER_ENABLE_DRIVE 为 rdp 协议挂载共享盘 ###启动 guacamole /etc/init.d/guacd start sh /config/tomcat9/bin/startup.sh #####docker 部署 guacamole 组件 ###如果前面已经正常部署了 guacamole, 可以跳过此步骤 ##docker run --name jms_guacamole -d ## -p 127.0.0.1:8081:8080 ## -e JUMPSERVER_SERVER=http://<Jumpserver_url> ## -e BOOTSTRAP_TOKEN=<Jumpserver_BOOTSTRAP_TOKEN> ## -e GUACAMOLE_LOG_LEVEL=ERROR ## jumpserver/jms_guacamole:<Tag> ##<Jumpserver_url> 为 jumpserver 的 url 地址, <Jumpserver_BOOTSTRAP_TOKEN> 需要从 jumpserver/config.yml 里面获取, 保证一致, <Tag> 是版本 ##例: #docker run --name jms_guacamole -d -p 127.0.0.1:8081:8080 -e JUMPSERVER_SERVER=http://192.168.244.144:8080 -e BOOTSTRAP_TOKEN=abcdefg1234 -e GUACAMOLE_LOG_LEVEL=ERROR jumpserver/jms_guacamole:1.5.9 ####下载 luna 组件 cd /opt wget http://134.175.107.119/download/luna/1.5.9/luna.tar.gz ##wget https://github.com/jumpserver/luna/releases/download/1.5.9/luna.tar.gz tar -xf luna.tar.gz chown -R nginx:nginx luna #####nginx yum install -y yum-utils echo ‘[nginx-stable] name=nginx stable repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true [nginx-mainline] name=nginx mainline repo baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true‘ >/etc/yum.repos.d/nginx.repo yum install -y nginx cp /etc/nginx/conf.d/default.conf{,.bak} echo >/etc/nginx/conf.d/default.conf echo ‘ server { listen 80; client_max_body_size 100m; # 录像及文件上传大小限制 location /luna/ { try_files $uri / /index.html; alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改 } location /media/ { add_header Content-Encoding gzip; root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改 } location /static/ { root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改 } location /koko/ { proxy_pass http://localhost:5000; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location /guacamole/ { proxy_pass http://localhost:8081/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location /ws/ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:8070; proxy_http_version 1.1; proxy_buffering off; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location / { proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } ‘ >/etc/nginx/conf.d/jumpserver.conf nginx -t systemctl start nginx.service
以上是关于jumpserver 1.5.9安装的主要内容,如果未能解决你的问题,请参考以下文章