jumpserver_auto_install_v2.sh

Posted 2022-04-20 zhj5551
tags:
篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了jumpserver_auto_install_v2.sh相关的知识，希望对你有一定的参考价值。
  1 #!/bin/bash
  2 #by zhangjia
  3 #date:2019年2月13日09:46:36
  4 #shell_name:jumpserver_auto_install.sh
  5 ###############################################
  6 set -e
  7 #一，环境准备
  8 env() 
  9     set -e
 10     yum update -y
 11     #安装依赖包
 12     yum -y install wget gcc epel-release git vim
 13     systemctl start firewalld
 14     firewall-cmd --zone=public --add-port=80/tcp --permanent
 15     firewall-cmd --zone=public --add-port=2222/tcp --permanent
 16     firewall-cmd --zone=public --add-port=2220/tcp --permanent
 17     firewall-cmd --zone=public --add-port=8080/tcp --permanent
 18     firewall-cmd --zone=public --add-port=5000/tcp --permanent
 19     firewall-cmd --reload
 20     setenforce 0 || true
 21     sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config 
 22     Server_IP=`ip addr | grep inet | egrep -v ‘(127.0.0.1|inet6|docker)‘ | awk ‘print $2‘ | tr -d "addr:" | head -n 1 | cut -d / -f1`
 23 
 24     #修改字符集
 25     #localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
 26     #export LC_ALL=zh_CN.UTF-8
 27     #echo "LANG=zh_CN.UTF-8" > /etc/locale.conf
 28 
 29 #二,安装jumpserver
 30 jumpserver_install() 
 31     #安装 Redis, Jumpserver 使用 Redis 做 cache 和 celery broke
 32     yum install -y redis
 33     systemctl start redis
 34     systemctl enable redis
 35     #安装 mysql
 36     yum install -y mariadb mariadb-devel mariadb-server MariaDB-shared
 37     systemctl enable mariadb
 38     systemctl start mariadb
 39     # 创建数据库 Jumpserver 并授权
 40     DB_PASSWORD=`cat /dev/urandom | tr -dc a-zA-Z0-9|head -c 24`
 41     echo -e "\033[31m 你的数据库密码是 $DB_PASSWORD \033[0m"
 42     echo "DB_PASSWORD:$DB_PASSWORD" > /root/jumpserver.txt
 43     #mysql -uroot -e "create database jumpserver default charset ‘utf8‘"
 44     mysql -uroot -e "create database jumpserver default charset ‘utf8‘" || true
 45     mysql -uroot -e "grant all on jumpserver.* to ‘jumpserver‘@‘127.0.0.1‘ identified by ‘$DB_PASSWORD‘; flush privileges;"
 46 
 47     #安装 nginx
 48     echo "[nginx]
 49     name=nginx repo
 50     baseurl=http://nginx.org/packages/centos/7/\$basearch/
 51     gpgcheck=0
 52     enabled=1" > /etc/yum.repos.d/nginx.repo
 53     sed -i ‘s/^[ \t]//g‘ /etc/yum.repos.d/nginx.repo #去除每行前面的空格
 54     yum install -y nginx
 55     rm -rf /etc/nginx/conf.d/default.conf
 56     systemctl enable nginx
 57 
 58 
 59     #安装 Python3.6
 60     yum -y install python36 python36-devel
 61     #建立 Python 虚拟环境
 62     cd /opt
 63     python3.6 -m venv py3
 64     source /opt/py3/bin/activate
 65     #自动载入 Python 虚拟环境配置
 66     #cd /opt
 67     #[[ -e autoenv ]] || git clone https://github.com/kennethreitz/autoenv.git
 68     #echo ‘source /opt/autoenv/activate.sh‘ >> ~/.bashrc
 69     #source ~/.bashrc
 70 
 71     #安装及配置 Jumpserver
 72     cd /opt/
 73     [[ -e jumpserver  ]]  || git clone --depth=1 https://github.com/jumpserver/jumpserver.git
 74     echo "source /opt/py3/bin/activate" > /opt/jumpserver/.env # 进入 jumpserver 目录时将自动载入 python 虚拟环境
 75     #首次进入 jumpserver 文件夹会有提示,按 y 即可 
 76     # Are you sure you want to allow this? (y/N) y
 77     # 安装依赖 RPM 包
 78     yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt)
 79     #安装 Python 库依赖
 80     pip install --upgrade pip setuptools
 81     pip install -r /opt/jumpserver/requirements/requirements.txt
 82     # 修改 Jumpserver 配置文件
 83     cd /opt/jumpserver
 84     cp config_example.yml config.yml
 85     jumpserver_dir="/opt/jumpserver/config.yml"
 86     SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
 87     BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
 88     echo "SECRET_KEY:$SECRET_KEY" >> /root/jumpserver.txt
 89     echo "BOOTSTRAP_TOKEN:$BOOTSTRAP_TOKEN" >> /root/jumpserver.txt
 90     sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" $jumpserver_dir
 91     sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" $jumpserver_dir
 92     sed -i "s/# DEBUG: true/DEBUG: false/g" $jumpserver_dir
 93     sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" $jumpserver_dir
 94     sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: False/SESSION_EXPIRE_AT_BROWSER_CLOSE: True/g" $jumpserver_dir
 95     sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" $jumpserver_dir
 96     echo -e "\033[31m ======================================== \033[0m"
 97     #运行 Jumpserver
 98     cd /opt/jumpserver
 99     ./jms start all -d  # 后台运行使用 -d 参数./jms start all -d
100 
101 ######################################################################################
102 #三 安装 docker 部署 coco 与 guacamole
103 coco_guacamole_install_docker() 
104     yum install -y yum-utils device-mapper-persistent-data lvm2
105     yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
106     yum makecache fast
107     rpm --import https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
108     yum -y install docker-ce
109     curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
110     systemctl enable docker
111     systemctl restart docker
112     docker pull jumpserver/jms_coco:1.4.10
113     docker pull jumpserver/jms_guacamole:1.4.10
114     docker pull jumpserver/jms_coco:1.5.1
115     docker pull jumpserver/jms_guacamole:1.5.1
116     #docker run --name jms_coco -d -p 2222:2222  -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_coco:1.4.10
117     # docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_guacamole:1.4.10
118     docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_coco:1.5.1
119     docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_guacamole:1.5.1
120 
121 #四. 安装 Web Terminal 前端: Luna
122 luna_install() 
123     cd /opt
124     wget -c  https://github.com/jumpserver/luna/releases/download/1.5.1/luna.tar.gz
125     tar xf luna.tar.gz
126     chown -R root:root luna
127 
128 #五. 配置 Nginx 整合各组件
129     nginx_config() 
130     rm -rf /etc/nginx/conf.d/default.conf
131     echo "
132     server 
133         listen 80;  # 代理端口,以后将通过此端口进行访问,不再通过8080端口
134         # server_name demo.jumpserver.org;  # 修改成你的域名或者注释掉
135 
136         client_max_body_size 100m;  # 录像及文件上传大小限制
137 
138         location /luna/ 
139             try_files $uri / /index.html;
140             alias /opt/luna/;  # luna 路径,如果修改安装目录,此处需要修改
141         
142 
143         location /media/ 
144             add_header Content-Encoding gzip;
145             root /opt/jumpserver/data/;  # 录像位置,如果修改安装目录,此处需要修改
146         
147 
148         location /static/ 
149             root /opt/jumpserver/data/;  # 静态资源,如果修改安装目录,此处需要修改
150         
151 
152 
153         location /socket.io/ 
154             proxy_pass       http://localhost:5000/socket.io/;  # 如果coco安装在别的服务器,请填写它的ip
155             proxy_buffering off;
156             proxy_http_version 1.1;
157             proxy_set_header Upgrade \$http_upgrade;
158             proxy_set_header Connection "upgrade";
159             proxy_set_header X-Real-IP \$remote_addr;
160             proxy_set_header Host \$host;
161             proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
162             access_log off;
163         
164 
165         location /coco/ 
166             proxy_pass       http://localhost:5000/coco/;  # 如果coco安装在别的服务器,请填写它的ip
167             proxy_set_header X-Real-IP \$remote_addr;
168             proxy_set_header Host \$host;
169             proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
170             access_log off;
171         
172 
173         location /guacamole/ 
174             proxy_pass       http://localhost:8081/;  # 如果guacamole安装在别的服务器,请填写它的ip
175             proxy_buffering off;
176             proxy_http_version 1.1;
177             proxy_set_header Upgrade \$http_upgrade;
178             proxy_set_header Connection \$http_connection;
179             proxy_set_header X-Real-IP \$remote_addr;
180             proxy_set_header Host \$host;
181             proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
182             access_log off;
183         
184 
185         location / 
186             proxy_pass http://localhost:8080;  # 如果jumpserver安装在别的服务器,请填写它的ip
187             proxy_set_header X-Real-IP \$remote_addr;
188             proxy_set_header Host \$host;
189             proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
190         
191     " > /etc/nginx/conf.d/jumpserver.conf
192     # sed -i ‘s/^[ \t]//g‘ /etc/nginx/conf.d/jumpserver.conf   #去掉每行前面的空格
193     sed -i ‘/^$/d‘ /etc/nginx/conf.d/jumpserver.conf #去掉空行
194     #sed ‘s/^[[:blank:]]\1,\//g‘ /etc/nginx/conf.d/jumpserver.conf|grep -v ‘^$‘
195     #sed ‘s/^[[:space:]]\1,\//g‘ /etc/nginx/conf.d/jumpserver.conf|grep -v ‘^$‘
196     nginx -t && systemctl restart nginx
197 
198 PS3="please enter you select install menu:"
199 select services in env jumpserver_install coco_guacamole_install_docker luna_install  nginx_config all
200 do
201     case $services  in
202         env)
203             env;;
204         jumpserver_install)
205             jumpserver_install;;
206         coco_guacamole_install_docker)
207             coco_guacamole_install_docker;;
208         luna_install)
209             luna_install;;
210         nginx_config)
211             nginx_config;;
212         all)
213             env
214             jumpserver_install
215             coco_guacamole_install_docker
216             luna_install
217             nginx_config
218             break
219             ;;
220         *)
221             echo "env | jumpserver_install | coco_install | luna_install | guacamole_install | nginx_install"
222             exit;;
223     esac    
224 
225 done
jumpserver_auto_install.sh
以上是关于jumpserver_auto_install_v2.sh的主要内容，如果未能解决你的问题，请参考以下文章