1、服务器准备:
硬盘配置:2核CPU、4G内存、50G以上硬盘。
需要安装的软件:
python3.6
mysql大于5.6
redis 缓存型数据库
2、环境准备:
1)关闭防火墙:
systemctl stop firewalld && systemctl disable firewalld
2)配置SELINUX:
sed -i '/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux3)配置yum源:
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
# 清空原有的yum缓存
# 生成新的yum源,便于加速软件下载
yum clean all
yum makecache4)安装系统初始化所需要的软件:
yum install -y bash-completion vim lrzsz wget expect net-tools nc nmap tree dos2unix htop iftop iotop unzip telnet sl psmisc nethogs glances bc ntpdate openldap-devel5)安装jumpserver运行所需的依赖环境:
yum -y install git python-pip gcc automake autoconf python-devel vim sshpass lrzsz readline-devel zlib zlib-devel openssl openssl-devel
3、部署mysql5.6:
1)获取mysql5.6包:
wget https://cdn.mysql.com//Downloads/MySQL-5.6/MySQL-5.6.49-1.el7.x86_64.rpm-bundle.tar
# 解压数据包
mkdir mysql
tar xvf MySQL-5.6.49-1.el7.x86_64.rpm-bundle.tar -C ./mysql
# 使用yum工具安装一系列的rpm包
cd mysql
yum localinstall * -y
2)修改my.cnf配置文件:
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd
[mysqld_safe]
log-error=/var/log/mysql/mysql.log
pid-file=/var/run/mysql/mysql.pid
#
# include all files from the config directory
#
!includedir /etc/my.cnf.d
将此处的Mariadb都改成mysql。
3)启动mysql:
systemctl start mysql.service4)对Mysql进行初始化:
[root@vm1 ~]# cat ~/.mysql_secret
# The random password set for the root user at Sat Nov 12 22:57:18 2022 (local time): thQgdfSvwS5v1l0j
mysql5.6安装完毕之后,会默认生成一个随机密码。
修改原有的密码,并登录到数据库:
[root@vm1 ~]# mysqladmin -uroot -pthQgdfSvwS5v1l0j password ngs123
Warning: Using a password on the command line interface can be insecure.
5)登录到数据库、并创建jumpserver数据库:
mysql -uroot -pngs123
mysql> create database jumpserver default charset 'utf8' collate 'utf8_bin';创建jumpserver用户:
mysql> create user 'jumpserver'@'%' identified by 'ngs123';授权该用户访问jumpserver的权限:
mysql> grant all privileges on jumpserver.* to 'jumpserver'@'%' identified by 'ngs123';
mysql> flush privileges;至此mysql5.6部署完毕。
4、部署python3.6
jumpserver启动的时候有一个后台程序,这个程序是python开发的,所以要准备好python环境,才能运行代码。
1)下载python3.6代码:
wget https://www.python.org/ftp/python/3.6.10/Python-3.6.10.tgz2)解压python3.6的包,并进行编译安装:
tar -xvf Python-3.6.10.gz
cd Python-3.6.10
./configure --prefix=/usr/local/python3
make && make install3)配置python3的环境变量,可以直接使用python:
echo "PATH="/usr/local/python3/bin:$PATH"" >> /etc/profile
source /etc/profile
echo $PATH4)输入python进行测试:
python3.6
这样,python安装配置成功。
5)创建python3的虚拟环境:
虚拟环境存在的意义只是为了将项目独立,使用虚拟环境的优势就是,该项目使用的第三方工具都需要在虚拟环境中使用pip命令安装,并且安装好的工具不影响系统已有的工具,同时系统中的其他项目也无法调用虚拟环境中安装的工具
假如一个项目需要使用python2运行,而另一个项目使用python3运行,就会导致两个项目无法同时使用,虚拟环境就可以为这两个项目配置不同的运行环境,这样两个项目就可以同时运行
解决一个机器运行多个项目的问题,创建多个python3虚拟环境。
python3是一个解释器,还有一个工具是pip,这个是安装模块用的。
python3程序代码在运行的时候必须下载一些软件才能运行,使用pip3安装。
pip3 install virtualenv
使用虚拟环境工具再创建一个python3解释器,用来允许代码:
cd /usr/local
virtualenv --python=python3 jmp_venvl
激活虚拟python3.6:
source /usr/local/jmp_venvl/bin/activate
# 详细操作步骤
[root@vm1 bin]# ll
total 60
-rw-r--r-- 1 root root 2139 Nov 12 23:55 activate
-rw-r--r-- 1 root root 1431 Nov 12 23:55 activate.csh
-rw-r--r-- 1 root root 3016 Nov 12 23:55 activate.fish
-rw-r--r-- 1 root root 2551 Nov 12 23:55 activate.nu
-rw-r--r-- 1 root root 1754 Nov 12 23:55 activate.ps1
-rw-r--r-- 1 root root 1175 Nov 12 23:55 activate_this.py
-rw-r--r-- 1 root root 682 Nov 12 23:55 deactivate.nu
-rwxr-xr-x 1 root root 236 Nov 12 23:55 pip
-rwxr-xr-x 1 root root 236 Nov 12 23:55 pip3
-rwxr-xr-x 1 root root 236 Nov 12 23:55 pip-3.6
-rwxr-xr-x 1 root root 236 Nov 12 23:55 pip3.6
lrwxrwxrwx 1 root root 32 Nov 12 23:55 python -> /usr/local/python3/bin/python3.6
lrwxrwxrwx 1 root root 6 Nov 12 23:55 python3 -> python
lrwxrwxrwx 1 root root 6 Nov 12 23:55 python3.6 -> python
-rwxr-xr-x 1 root root 223 Nov 12 23:55 wheel
-rwxr-xr-x 1 root root 223 Nov 12 23:55 wheel3
-rwxr-xr-x 1 root root 223 Nov 12 23:55 wheel-3.6
-rwxr-xr-x 1 root root 223 Nov 12 23:55 wheel3.6
[root@vm1 bin]# source activate
(jmp_venvl) [root@vm1 bin]# echo $PATH
/usr/local/jmp_venvl/bin:/usr/local/python3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin
(jmp_venvl) [root@vm1 bin]# which python3
/usr/local/jmp_venvl/bin/python3
(jmp_venvl) [root@vm1 bin]# ll
total 60
-rw-r--r-- 1 root root 2139 Nov 12 23:55 activate
-rw-r--r-- 1 root root 1431 Nov 12 23:55 activate.csh
-rw-r--r-- 1 root root 3016 Nov 12 23:55 activate.fish
-rw-r--r-- 1 root root 2551 Nov 12 23:55 activate.nu
-rw-r--r-- 1 root root 1754 Nov 12 23:55 activate.ps1
-rw-r--r-- 1 root root 1175 Nov 12 23:55 activate_this.py
-rw-r--r-- 1 root root 682 Nov 12 23:55 deactivate.nu
-rwxr-xr-x 1 root root 236 Nov 12 23:55 pip
-rwxr-xr-x 1 root root 236 Nov 12 23:55 pip3
-rwxr-xr-x 1 root root 236 Nov 12 23:55 pip-3.6
-rwxr-xr-x 1 root root 236 Nov 12 23:55 pip3.6
lrwxrwxrwx 1 root root 32 Nov 12 23:55 python -> /usr/local/python3/bin/python3.6
lrwxrwxrwx 1 root root 6 Nov 12 23:55 python3 -> python
lrwxrwxrwx 1 root root 6 Nov 12 23:55 python3.6 -> python
-rwxr-xr-x 1 root root 223 Nov 12 23:55 wheel
-rwxr-xr-x 1 root root 223 Nov 12 23:55 wheel3
-rwxr-xr-x 1 root root 223 Nov 12 23:55 wheel-3.6
-rwxr-xr-x 1 root root 223 Nov 12 23:55 wheel3.6
(jmp_venvl) [root@vm1 bin]# deactivate
# 最后使用deactivate命令退出当前环境6)部署redis数据库:
[root@vm1 bin]# yum install -y redis
[root@vm1 bin]# systemctl start redis
[root@vm1 bin]# netstat -atunlp |grep redis
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 31490/redis-server
[root@vm1 bin]#
[root@vm1 bin]#
[root@vm1 bin]# redis-cli
127.0.0.1:6379> ping
PONG
127.0.0.1:6379>
7)部署jumpserver服务:
一个后台程序,基本上都是需要依赖于数据库才能运行的,后台程序启动的时候,代码都会去连接数据库,保证数据库正确启动,且正确连接,否则后台程序是起不来的。
7.1 获取jumpserver程序代码:
https://github.com/jumpserver/jumpserver/releases/download/v2.1.0/jumpserver-v2.1.0.tar.gz7.2 解压,安装运行jumpserver系统必须的依赖组件:
tar -zxvf jumpserver-v2.1.0.tar.gz #解压
ln -s /opt/jumpserver/jumpserver-v2.1.0 /opt/jumpserver/jumpserver #创建软连接便于使用
7.3 安装运行jumpserver所需要的模块:
cd /opt/jumpserver/jumpserver/requirements
cat requirements.txt[root@vm1 jumpserver]# cd requirements/
[root@vm1 requirements]# ll
total 24
-rw-rw-r-- 1 root root 141 Jul 16 2020 alpine_requirements.txt
-rw-rw-r-- 1 root root 212 Jul 16 2020 deb_requirements.txt
-rw-rw-r-- 1 root root 359 Jul 16 2020 issues.txt
-rw-rw-r-- 1 root root 54 Jul 16 2020 mac_requirements.txt
-rw-rw-r-- 1 root root 1854 Jul 16 2020 requirements.txt
-rw-rw-r-- 1 root root 225 Jul 16 2020 rpm_requirements.txt
[root@vm1 requirements]# cat requirements.txt
amqp==2.5.2
ansible==2.8.8
asn1crypto==0.24.0
bcrypt==3.1.4
billiard==3.6.3.0
boto3==1.12.14
botocore==1.15.26
celery==4.4.2
certifi==2018.1.18
cffi==1.13.2
chardet==3.0.4
configparser==3.5.0
coreapi==2.3.3
coreschema==0.0.4
cryptography==2.8
decorator==4.1.2
Django==2.2.13
django-auth-ldap==1.7.0
django-bootstrap3==9.1.0
django-celery-beat==1.4.0
django-filter==2.0.0
django-formtools==2.1
django-ranged-response==0.2.0
django-redis-cache==2.1.1
django-rest-swagger==2.1.2
django-simple-captcha==0.5.6
django-timezone-field==3.1
djangorestframework==3.9.4
djangorestframework-bulk==0.2.1
docutils==0.14
ecdsa==0.13.3
enum-compat==0.0.2
ephem==3.7.6.0
eventlet==0.24.1
future==0.16.0
ForgeryPy==0.1
greenlet==0.4.14
gunicorn==19.9.0
idna==2.6
itsdangerous==0.24
itypes==1.1.0
Jinja2==2.10.1
jmespath==0.9.3
kombu==4.6.8
ldap3==2.4
MarkupSafe==1.1.1
mysqlclient==1.3.14
olefile==0.44
openapi-codec==1.3.2
paramiko==2.4.2
passlib==1.7.1
Pillow==6.2.2
pyasn1==0.4.8
pycparser==2.19
pycrypto==2.6.1
pyotp==2.2.6
PyNaCl==1.2.1
python-dateutil==2.6.1
python-gssapi==0.6.4
pytz==2018.3
PyYAML==5.1
redis==3.2.0
requests==2.22.0
jms-storage==0.0.29
s3transfer==0.3.3
simplejson==3.13.2
six==1.11.0
sshpubkeys==3.1.0
uritemplate==3.0.0
urllib3==1.25.2
vine==1.3.0
drf-yasg==1.9.1
Werkzeug==0.15.3
drf-nested-routers==0.91
aliyun-python-sdk-core-v3==2.9.1
aliyun-python-sdk-ecs==4.10.1
rest_condition==1.0.3
python-ldap==3.1.0
tencentcloud-sdk-python==3.0.40
django-radius==1.4.0
ipip-ipdb==1.2.1
django-redis-sessions==0.6.1
unicodecsv==0.14.1
python-daemon==2.2.3
httpsig==1.3.0
treelib==1.5.3
django-proxy==1.2.1
flower==0.9.3
channels-redis==2.4.0
channels==2.3.0
daphne==2.3.0
psutil==5.6.6
django-cas-ng==4.0.1
python-cas==1.5.0
ipython
huaweicloud-sdk-python==1.0.21
django-redis==4.11.0
python-redis-lock==3.5.0
jumpserver-django-oidc-rp==0.3.7.5
[root@vm1 requirements]#
安装jumpserver模块,先要激活虚拟环境,然后再安装:
[root@vm1 requirements]# source /usr/local/jmp_venvl/bin/activate
(jmp_venvl) [root@vm1 requirements]# which python3
/usr/local/jmp_venvl/bin/python3
(jmp_venvl) [root@vm1 requirements]#
安装模块:
# 更改pip3的下载源:
mkdir ~/.pip
touch ~/.pip/pip.conf
[global]
index-url = https://mirrors.aliyun.com/pypi/simple/
pip3 install -r /opt/jumpserver/jumpserver/requirements/requirements.txt
修改jumpserver程序运行的配置文件:
cd /opt/jumpserver/jumpserver/
config_example.yml #就是jumpserver的配置文件
cp config_example.yml config.yml #复制一份配置文件
生成密钥:
SECRET_KEY:
BOOTSTRAP_TOKEN:
if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` ; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi
if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi
然后是修改配置文件:
配置文件修改完成。
8、对python程序进行数据迁移:
jump这个程序是由python的框架diango开发而来的,必须得先进行数据库迁移,生成库表得信息,才能运行程序。
注意:所有操作必须在虚拟环境中进行!
8.1 查看数据库:
(jmp_venvl) [root@vm1 jumpserver]# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.6.49 MySQL Community Server (GPL)
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
mysql>
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| jumpserver |
| mysql |
| performance_schema |
| test |
+--------------------+
5 rows in set (0.00 sec)
mysql> use jumpserver
Database changed
mysql> show tables;
Empty set (0.00 sec)
mysql>
mysql>
mysql>
mysql> exit
Bye
8.2 jumpserver后台程序,数据库迁移命令:
(jmp_venvl) [root@vm1 jumpserver]# cd apps
(jmp_venvl) [root@vm1 apps]# ll
total 16
drwxrwxr-x 7 root root 178 Jul 16 2020 applications
drwxrwxr-x 10 root root 248 Jul 16 2020 assets
drwxrwxr-x 4 root root 247 Jul 16 2020 audits
drwxrwxr-x 8 root root 325 Jul 16 2020 authentication
drwxrwxr-x 12 root root 4096 Jul 16 2020 common
-rw-rw-r-- 1 root root 48 Jul 16 2020 __init__.py
drwxrwxr-x 4 root root 227 Jul 16 2020 jumpserver
drwxrwxr-x 3 root root 16 Jul 16 2020 locale
-rwxrwxr-x 1 root root 887 Jul 16 2020 manage.py
drwxrwxr-x 11 root root 307 Jul 16 2020 ops
drwxrwxr-x 5 root root 276 Jul 16 2020 orgs
drwxrwxr-x 9 root root 247 Jul 16 2020 perms
drwxrwxr-x 7 root root 204 Jul 16 2020 settings
drwxrwxr-x 6 root root 51 Jul 16 2020 static
drwxrwxr-x 4 root root 4096 Jul 16 2020 templates
drwxrwxr-x 9 root root 291 Jul 16 2020 terminal
drwxrwxr-x 7 root root 248 Jul 16 2020 tickets
drwxrwxr-x 13 root root 316 Jul 16 2020 users
(jmp_venvl) [root@vm1 apps]# pwd
/opt/jumpserver/jumpserver/apps
(jmp_venvl) [root@vm1 apps]#
8.3 文件夹中有个manage.py的命令:
这个manage.py是python的脚本文件,是python程序后台设置的入口,我们用python3执行这个脚本文件,并加上参数makemigrations
(jmp_venvl) [root@vm1 apps]# python3 /opt/jumpserver/jumpserver/apps/manage.py makemigrations
Migrations for 'tickets':
tickets/migrations/0002_auto_20221113_0131.py
- Alter field type on ticket
(jmp_venvl) [root@vm1 apps]#
8.4 数据库迁移命令:
(jmp_venvl) [root@vm1 apps]# python3 /opt/jumpserver/jumpserver/apps/manage.py migrate
Operations to perform:
Apply all migrations: admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, ops, orgs, perms, sessions, settings, terminal, tickets, users
Running migrations:
Applying contenttypes.0001_initial... OK
Applying contenttypes.0002_remove_content_type_name... OK
Applying auth.0001_initial... OK
Applying auth.0002_alter_permission_name_max_length... OK
Applying auth.0003_alter_user_email_max_length... OK
Applying auth.0004_alter_user_username_opts... OK
Applying auth.0005_alter_user_last_login_null... OK
Applying auth.0006_require_contenttypes_0002... OK
Applying auth.0007_alter_validators_add_error_messages... OK
Applying auth.0008_alter_user_username_max_length... OK
Applying users.0001_initial... OK
Applying admin.0001_initial... OK
Applying admin.0002_logentry_remove_auto_add... OK
Applying admin.0003_logentry_add_action_flag_choices... OK
Applying users.0002_auto_20171225_1157_squashed_0019_auto_20190304_1459... OK
Applying assets.0001_initial... OK
Applying perms.0001_initial... OK
Applying assets.0002_auto_20180105_1807_squashed_0009_auto_20180307_1212... OK
Applying assets.0010_auto_20180307_1749_squashed_0019_auto_20180816_1320... OK
Applying perms.0002_auto_20171228_0025_squashed_0009_auto_20180903_1132... OK
Applying perms.0003_action... OK
Applying perms.0004_assetpermission_actions... OK
Applying assets.0020_auto_20180816_1652... OK
Applying assets.0021_auto_20180903_1132... OK
Applying assets.0022_auto_20181012_1717... OK
Applying assets.0023_auto_20181016_1650... OK
Applying assets.0024_auto_20181219_1614... OK
Applying assets.0025_auto_20190221_1902... OK
Applying assets.0026_auto_20190325_2035... OK
Applying applications.0001_initial... OK
Applying perms.0005_auto_20190521_1619... OK
Applying perms.0006_auto_20190628_1921... OK
Applying perms.0007_remove_assetpermission_actions... OK
Applying perms.0008_auto_20190911_1907... OK
Applying assets.0027_auto_20190521_1703... OK
Applying assets.0028_protocol... OK
Applying assets.0029_auto_20190522_1114... OK
Applying assets.0030_auto_20190619_1135... OK
Applying assets.0031_auto_20190621_1332... OK
Applying assets.0032_auto_20190624_2108... OK
Applying assets.0033_auto_20190624_2108... OK
Applying assets.0034_auto_20190705_1348... OK
Applying assets.0035_auto_20190711_2018... OK
Applying assets.0036_auto_20190716_1535... OK
Applying assets.0037_auto_20190724_2002... OK
Applying assets.0038_auto_20190911_1634... OK
Applying perms.0009_remoteapppermission_system_users... OK
Applying applications.0002_remove_remoteapp_system_user... OK
Applying applications.0003_auto_20191210_1659... OK
Applying applications.0004_auto_20191218_1705... OK
Applying assets.0039_authbook_is_active... OK
Applying assets.0040_auto_20190917_2056... OK
Applying assets.0041_gathereduser... OK
Applying assets.0042_favoriteasset... OK
Applying assets.0043_auto_20191114_1111... OK
Applying assets.0044_platform... OK
Applying assets.0045_auto_20191206_1607... OK
Applying assets.0046_auto_20191218_1705... OK
Applying assets.0047_assetuser... OK
Applying assets.0048_auto_20191230_1512... OK
Applying assets.0049_systemuser_sftp_root... OK
Applying assets.0050_auto_20200711_1740... OK
Applying assets.0051_auto_20200713_1143... OK
Applying assets.0052_auto_20200715_1535... OK
Applying audits.0001_initial... OK
Applying audits.0002_ftplog_org_id... OK
Applying audits.0003_auto_20180816_1652... OK
Applying audits.0004_operatelog_passwordchangelog_userloginlog... OK
Applying audits.0005_auto_20190228_1715... OK
Applying audits.0006_auto_20190726_1753... OK
Applying audits.0007_auto_20191202_1010... OK
Applying audits.0008_auto_20200508_2105... OK
Applying audits.0009_auto_20200624_1654... OK
Applying auth.0009_alter_user_last_name_max_length... OK
Applying auth.0010_alter_group_name_max_length... OK
Applying auth.0011_update_proxy_permissions... OK
Applying authentication.0001_initial... OK
Applying authentication.0002_auto_20190729_1423... OK
Applying authentication.0003_loginconfirmsetting... OK
Applying captcha.0001_initial... OK
Applying common.0001_initial... OK
Applying common.0002_auto_20180111_1407... OK
Applying common.0003_setting_category... OK
Applying common.0004_setting_encrypted... OK
Applying common.0005_auto_20190221_1902... OK
Applying common.0006_auto_20190304_1515... OK
Applying django_cas_ng.0001_initial... OK
Applying django_celery_beat.0001_initial... OK
Applying django_celery_beat.0002_auto_20161118_0346... OK
Applying django_celery_beat.0003_auto_20161209_0049... OK
Applying django_celery_beat.0004_auto_20170221_0000... OK
Applying django_celery_beat.0005_add_solarschedule_events_choices_squashed_0009_merge_20181012_1416... OK
Applying django_celery_beat.0006_periodictask_priority... OK
Applying jms_oidc_rp.0001_initial... OK
Applying ops.0001_initial... OK
Applying ops.0002_celerytask... OK
Applying ops.0003_auto_20181207_1744... OK
Applying ops.0004_adhoc_run_as... OK
Applying ops.0005_auto_20181219_1807... OK
Applying ops.0006_auto_20190318_1023... OK
Applying ops.0007_auto_20190724_2002... OK
Applying ops.0008_auto_20190919_2100... OK
Applying ops.0009_auto_20191217_1713... OK
Applying ops.0010_auto_20191217_1758... OK
Applying ops.0011_auto_20200106_1534... OK
Applying ops.0012_auto_20200108_1659... OK
Applying ops.0013_auto_20200108_1706... OK
Applying ops.0014_auto_20200108_1749... OK
Applying ops.0015_auto_20200108_1809... OK
Applying ops.0016_commandexecution_org_id... OK
Applying ops.0017_auto_20200306_1747... OK
Applying ops.0018_auto_20200509_1434... OK
Applying orgs.0001_initial... OK
Applying orgs.0002_auto_20180903_1132... OK
Applying orgs.0003_auto_20190916_1057... OK
Applying users.0020_auto_20190612_1825... OK
Applying users.0021_auto_20190625_1104... OK
Applying users.0022_auto_20190625_1105... OK
Applying users.0023_auto_20190724_1525... OK
Applying users.0024_auto_20191118_1612... OK
Applying perms.0010_auto_20191218_1705... OK
Applying sessions.0001_initial... OK
Applying settings.0001_initial... OK
Applying terminal.0001_initial... OK
Applying terminal.0002_auto_20171228_0025_squashed_0009_auto_20180326_0957... OK
Applying terminal.0010_auto_20180423_1140... OK
Applying terminal.0011_auto_20180807_1116... OK
Applying terminal.0012_auto_20180816_1652... OK
Applying terminal.0013_auto_20181123_1113... OK
Applying terminal.0014_auto_20181226_1441... OK
Applying terminal.0015_auto_20190923_1529... OK
Applying terminal.0016_commandstorage_replaystorage... OK
Applying terminal.0017_auto_20191125_0931... OK
Applying terminal.0018_auto_20191202_1010... OK
Applying terminal.0019_auto_20191206_1000... OK
Applying terminal.0020_auto_20191218_1721... OK
Applying terminal.0021_auto_20200213_1316... OK
Applying terminal.0022_session_is_success... OK
Applying terminal.0023_command_risk_level... OK
Applying terminal.0024_auto_20200715_1713... OK
Applying tickets.0001_initial... OK
Applying tickets.0002_auto_20221113_0131... OK
Applying users.0025_auto_20200206_1216... OK
Applying users.0026_auto_20200508_2105... OK
Applying users.0027_auto_20200616_1503... OK
8.5 验证数据库中的数据:
(jmp_venvl) [root@vm1 apps]# mysql -uroot -pngs123
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 5.6.49 MySQL Community Server (GPL)
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| jumpserver |
| mysql |
| performance_schema |
| test |
+--------------------+
5 rows in set (0.00 sec)
mysql> use jumpserver;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+----------------------------------------------+
| Tables_in_jumpserver |
+----------------------------------------------+
| applications_databaseapp |
| applications_remoteapp |
| assets_adminuser |
| assets_asset |
| assets_asset_labels |
| assets_asset_nodes |
| assets_assetgroup |
| assets_authbook |
| assets_cluster |
| assets_commandfilter |
| assets_commandfilterrule |
| assets_domain |
| assets_favoriteasset |
| assets_gateway |
| assets_gathereduser |
| assets_label |
| assets_node |
| assets_platform |
| assets_systemuser |
| assets_systemuser_assets |
| assets_systemuser_cmd_filters |
| assets_systemuser_groups |
| assets_systemuser_nodes |
| assets_systemuser_users |
| audits_ftplog |
| audits_operatelog |
| audits_passwordchangelog |
| audits_userloginlog |
| auth_group |
| auth_group_permissions |
| auth_permission |
| authentication_accesskey |
| authentication_loginconfirmsetting |
| authentication_loginconfirmsetting_reviewers |
| authentication_privatetoken |
| captcha_captchastore |
| django_admin_log |
| django_cas_ng_proxygrantingticket |
| django_cas_ng_sessionticket |
| django_celery_beat_crontabschedule |
| django_celery_beat_intervalschedule |
| django_celery_beat_periodictask |
| django_celery_beat_periodictasks |
| django_celery_beat_solarschedule |
| django_content_type |
| django_migrations |
| django_session |
| jms_oidc_rp_oidcuser |
| ops_adhoc |
| ops_adhoc_execution |
| ops_adhoc_hosts |
| ops_celerytask |
| ops_commandexecution |
| ops_commandexecution_hosts |
| ops_task |
| orgs_organization |
| orgs_organization_admins |
| orgs_organization_auditors |
| orgs_organization_users |
| perms_assetpermission |
| perms_assetpermission_assets |
| perms_assetpermission_nodes |
| perms_assetpermission_system_users |
| perms_assetpermission_user_groups |
| perms_assetpermission_users |
| perms_databaseapppermission |
| perms_databaseapppermission_database_apps |
| perms_databaseapppermission_system_users |
| perms_databaseapppermission_user_groups |
| perms_databaseapppermission_users |
| perms_remoteapppermission |
| perms_remoteapppermission_remote_apps |
| perms_remoteapppermission_system_users |
| perms_remoteapppermission_user_groups |
| perms_remoteapppermission_users |
| settings_setting |
| terminal |
| terminal_command |
| terminal_commandstorage |
| terminal_replaystorage |
| terminal_session |
| terminal_status |
| terminal_task |
| tickets_comment |
| tickets_ticket |
| tickets_ticket_assignees |
| users_user |
| users_user_groups |
| users_user_user_permissions |
| users_usergroup |
+----------------------------------------------+
90 rows in set (0.00 sec)
mysql>
数据库迁移就完成。
9、启动jumpserver服务:
(jmp_venvl) [root@vm1 jumpserver]# ll
total 84
drwxrwxr-x 18 root root 285 Jul 16 2020 apps
-rw-rw-r-- 1 root root 4190 Jul 16 2020 config_example.yml
-rw-r--r-- 1 root root 4264 Nov 13 01:04 config.yml
drwxrwxr-x 3 root root 35 Jul 16 2020 data
-rw-rw-r-- 1 root root 1164 Jul 16 2020 Dockerfile
drwxrwxr-x 2 root root 23 Jul 16 2020 docs
-rwxrwxr-x 1 root root 303 Jul 16 2020 entrypoint.sh
-rwxrwxr-x 1 root root 15008 Jul 16 2020 jms
-rw-rw-r-- 1 root root 18045 Jul 16 2020 LICENSE
drwxrwxr-x 2 root root 63 Nov 13 01:31 logs
-rw-rw-r-- 1 root root 3172 Jul 16 2020 README_EN.md
-rw-rw-r-- 1 root root 7950 Jul 16 2020 README.md
drwxrwxr-x 2 root root 163 Jul 16 2020 requirements
-rw-rw-r-- 1 root root 212 Jul 16 2020 run_server.py
drwxrwxr-x 2 root root 22 Jul 16 2020 tmp
drwxrwxr-x 3 root root 4096 Jul 16 2020 utils
-rw-rw-r-- 1 root root 1969 Jul 16 2020 Vagrantfile
(jmp_venvl) [root@vm1 jumpserver]# jms start -d
-bash: jms: command not found
(jmp_venvl) [root@vm1 jumpserver]# ./jms start -d
2022-11-13 01:38:43 Sun Nov 13 01:38:43 2022
2022-11-13 01:38:43 Jumpserver version v2.1.0, more see https://www.jumpserver.org
- Start Gunicorn WSGI HTTP Server
2022-11-13 01:38:43 Check database connection ...
users
[X] 0001_initial
[X] 0002_auto_20171225_1157_squashed_0019_auto_20190304_1459 (18 squashed migrations)
[X] 0020_auto_20190612_1825
[X] 0021_auto_20190625_1104
[X] 0022_auto_20190625_1105
[X] 0023_auto_20190724_1525
[X] 0024_auto_20191118_1612
[X] 0025_auto_20200206_1216
[X] 0026_auto_20200508_2105
[X] 0027_auto_20200616_1503
2022-11-13 01:38:45 Database connect success
2022-11-13 01:38:45 Check database structure change ...
2022-11-13 01:38:45 Migrate model change to database ...
Operations to perform:
Apply all migrations: admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, ops, orgs, perms, sessions, settings, terminal, tickets, users
Running migrations:
No migrations to apply.
2022-11-13 01:38:48 Collect static files
2022-11-13 01:38:50 Collect static files done
- Start Celery as Distributed Task Queue: Ansible
- Start Celery as Distributed Task Queue: Celery
浏览器登录http://192.168.17.102:8080访问页面:
11、部署koko组件:
实现了SSH Server 和Web Terminal Server 的组件,提供 SSH 和 WebSocket 接口,使用 Paramiko 和 Flask 开发。
koko是用golang编程语言开发的一个组件,和之前的coco组件相比(python开发的)相比而言,性能,效率,系统资源利用率都更高。
11.1 下载koko源码:
wget https://github.com/jumpserver/koko/releases/download/v2.1.0/koko-v2.1.0-linux-amd64.tar.gz
11.2 解压缩,并配置文件:
tar zxvf koko-v2.1.0-linux-amd64.tar.gz #解压
chown -R root:root koko-v2.1.0-linux-amd64 #更改权限,使权限最大化
ln -s /opt/jumpserver/koko-v2.1.0-linux-amd64 /opt/jumpserver/koko #创建软连接
cd koko
cp config_example.yml config.yml
vim config.yml
11.3 启动koko程序:
(jmp_venvl) [root@vm1 koko]# ll
total 34692
-rw-r--r-- 1 root root 2022 Jul 16 2020 config_example.yml
-rw-r--r-- 1 root root 1996 Nov 13 01:57 config.yml
-rwxr-xr-x 1 root root 35516174 Jul 16 2020 koko
drwxr-xr-x 4 root root 32 Jul 16 2020 locale
drwxr-xr-x 5 root root 42 Jul 16 2020 static
drwxr-xr-x 4 root root 33 Jul 16 2020 templates
(jmp_venvl) [root@vm1 koko]# ./koko -d
(jmp_venvl) [root@vm1 koko]# netstat -atunlp |grep koko
tcp6 0 0 :::5000 :::* LISTEN 34397/./koko
tcp6 0 0 :::2222 :::* LISTEN 34397/./koko
(jmp_venvl) [root@vm1 koko]#
11.4 查看日志信息:
(jmp_venvl) [root@vm1 koko]# tail /opt/jumpserver/koko/data/logs/koko.log
2022-11-13 01:57:26 [DEBU] Load config from server: {"SECURITY_MAX_IDLE_TIME":30,"TERMINAL_ASSET_LIST_PAGE_SIZE":"auto","TERMINAL_ASSET_LIST_SORT_BY":"hostname","TERMINAL_COMMAND_STORAGE":{"TYPE":"server"},"TERMINAL_HEADER_TITLE":null,"TERMINAL_HEARTBEAT_INTERVAL":20,"TERMINAL_HOST_KEY":"Hidden","TERMINAL_PASSWORD_AUTH":true,"TERMINAL_PUBLIC_KEY_AUTH":true,"TERMINAL_REPLAY_STORAGE":{"TYPE":"server"},"TERMINAL_SESSION_KEEP_DURATION":9999,"TERMINAL_TELNET_REGEX":""}
2022-11-13 01:57:26 [INFO] Exchange share room type: local
2022-11-13 01:57:26 [DEBU] Upload remain replay done
2022-11-13 01:57:26 [INFO] Start HTTP server at 0.0.0.0:5000
2022-11-13 01:57:26 [DEBU] Loading host key
2022-11-13 01:57:26 [INFO] Start SSH server at 0.0.0.0:2222
(jmp_venvl) [root@vm1 koko]#
12、Guacamole部署:
Apache 跳板机项目,jumpserver使用其组件实现RDP(Remote Desktops)功能,jumpserver 并没有修改其代码而是添加了额外的插件,支持jumpserver调用(RDP就是通过浏览器操控机器,提供远程桌面的功能)
这块我从网上一时没有找到源码包,但是从别的地方看到有使用docker部署的方法,那么先安装docker,然后使用命令:
docker run --name jms_guacamole -d \
-p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \
-e JUMPSERVER_KEY_DIR=/config/guacamole/key \
-e JUMPSERVER_SERVER=http://192.168.17.102 \
jumpserver/guacamole:latest说明:这边的IP地址修改为本机的IP地址,不要使用127.0.0.1。
(jmp_venvl) [root@vm1 opt]# docker run --name jms_guacamole -d \
> -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \
> -e JUMPSERVER_KEY_DIR=/config/guacamole/key \
> -e JUMPSERVER_SERVER=http://192.168.17.102 \
> jumpserver/guacamole:latest
Unable to find image 'jumpserver/guacamole:latest' locally
latest: Pulling from jumpserver/guacamole
c5e155d5a1d1: Pull complete
221d80d00ae9: Pull complete
4250b3117dca: Pull complete
d1370422ab93: Pull complete
deb6b03222ca: Pull complete
9cdea8d70cc3: Pull complete
968505be14db: Pull complete
04b5c270ac81: Pull complete
301d76fcab1f: Pull complete
f4d49608235a: Pull complete
f4c6404fd6f8: Pull complete
b3d634c293dc: Pull complete
59feba32edfc: Pull complete
3591b5ce56e8: Pull complete
2a8292bdcbf2: Pull complete
d5f5432c90f8: Pull complete
c9400839eff5: Pull complete
e81f9d620940: Pull complete
6d004d1b3f53: Pull complete
6abed3ffb3e9: Pull complete
1f9a7c8311d9: Pull complete
8ba7fcee9d26: Pull complete
edcf7e09354c: Pull complete
a4dffb9c676f: Pull complete
7c333102034c: Pull complete
82bc921d7051: Pull complete
Digest: sha256:064b60c1d60654ed1a11053b2df3667526e32df4836cf5ce5e3b274e384457f5
Status: Downloaded newer image for jumpserver/guacamole:latest
f7a93641d8ee6b161fa7300a8e2cb3e53f67526ac321b0e4787eab48d0989060
(jmp_venvl) [root@vm1 opt]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f7a93641d8ee jumpserver/guacamole:latest "/init" 6 seconds ago Up 4 seconds 0.0.0.0:8081->8080/tcp, :::8081->8080/tcp jms_guacamole
(jmp_venvl) [root@vm1 opt]#
(jmp_venvl) [root@vm1 opt]#
(jmp_venvl) [root@vm1 opt]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f7a93641d8ee jumpserver/guacamole:latest "/init" 10 seconds ago Up 8 seconds 0.0.0.0:8081->8080/tcp, :::8081->8080/tcp jms_guacamole
(jmp_venvl) [root@vm1 opt]#
13、安装FFmpeg工具:
一个在不同格式的多媒体文件之间转换的命令行工具,视频文件转换命令行工具,也支持经过实时电视卡抓取和编码成视频文件。就是在linux平台用来处理媒体文件,比如音频、视频。
13.1 安装epel源:
yum install -y epel-release13.2 在线安装ffmpeg一些软件包:
rpm -v --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
13.3 安装
yum -y install ffmpeg ffmpeg-devell13.4 查看版本:
ffmpeg -version
14、LINA组件部署:
LINA属于前端模块,负责页面的展示。
14.1 下载LINA组件:
wget https://github.com/jumpserver/lina/releases/download/v2.1.0/lina-v2.1.0.tar.gz
14.2 解压缩:
tar zxvf lina-v2.1.0.tar.gz
14.3
mv lina-v2.1.0 lina #改名字方便使用
useradd -M -s /sbin/nologin nginx #没有nginx用户,创建一个
chown -R nginx:nginx lina #改变属主属组,归nginx管理
(jmp_venvl) [root@vm1 opt]# ll
total 1904
drwx--x--x 4 root root 28 Nov 13 02:29 containerd
drwxr-xr-x 3 root root 17 Nov 13 02:33 guacamole
drwxr-xr-x 4 root root 162 Nov 13 01:52 jumpserver
drwxr-xr-x 3 root root 57 Jul 16 2020 lina-v2.1.0
-rw-r--r-- 1 root root 1949232 Dec 7 2021 lina-v2.1.0.tar.gz
(jmp_venvl) [root@vm1 opt]# mv lina-v2.1.0 lina
(jmp_venvl) [root@vm1 opt]# ll
total 1904
drwx--x--x 4 root root 28 Nov 13 02:29 containerd
drwxr-xr-x 3 root root 17 Nov 13 02:33 guacamole
drwxr-xr-x 4 root root 162 Nov 13 01:52 jumpserver
drwxr-xr-x 3 root root 57 Jul 16 2020 lina
-rw-r--r-- 1 root root 1949232 Dec 7 2021 lina-v2.1.0.tar.gz
(jmp_venvl) [root@vm1 opt]# useradd -M -s /sbin/nologin nginx
(jmp_venvl) [root@vm1 opt]# chown -R nginx:nginx lina
(jmp_venvl) [root@vm1 opt]# ll
total 1904
drwx--x--x 4 root root 28 Nov 13 02:29 containerd
drwxr-xr-x 3 root root 17 Nov 13 02:33 guacamole
drwxr-xr-x 4 root root 162 Nov 13 01:52 jumpserver
drwxr-xr-x 3 nginx nginx 57 Jul 16 2020 lina
-rw-r--r-- 1 root root 1949232 Dec 7 2021 lina-v2.1.0.tar.gz
(jmp_venvl) [root@vm1 opt]#
15、Luna组件部署:
Luna是Web Terminal 前端,计划前端页面都是由该项目提供,jumpserver 只提供API,不负责后台渲染html等,与CORE协同工作,能够实现浏览器形式的命令行终端。
15.1 下载Luna组件:
wget https://github.com/jumpserver/luna/releases/download/v2.1.1/luna-v2.1.1.tar.gz
15.2 解压缩:
tar -zxvf luna-v2.1.1.tar.gz #进行解压
15.3
mv luna-v2.1.1 luna #改名
chown -R root:root luna #给与权限
16、部署Nginx:
Nginx作用在处理静态文件,以及用于对jumpserver后台程序的反向代理。
先要跳出虚拟环境:deactivate:
16.1 配置nginx源:
vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=0
enabled=116.2 yum 安装nginx:
yum install -y nginx16.3 准备配置文件:
cd /etc/nginx
cp nginx.conf nginx.conf.bak16.4 编辑配置文件:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2 default_server;
# listen [::]:443 ssl http2 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }
}
16.5 新增虚拟主机配置文件jumpserver.conf
cd conf.d/
vim jumpserver.conf
server {
listen 80; # 代理端口,以后将通过此端口进行访问,不再通过8080端口
server_name demo.jumpserver.com; # 修改成你的域名
client_max_body_size 100m; # 录像及文件上传大小限制
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径,如果修改安装目录,此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置,如果修改安装目录,此处需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 静态资源,如果修改安装目录,此处需要修改
}
location /socket.io/ {
proxy_pass http://192.168.135.135:5000/socket.io/; # 如果coco安装在别的服务器,请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /coco/ {
proxy_pass http://192.168.135.135:5000/coco/; # 如果coco安装在别的服务器,请填写它的ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://192.168.135.135:8081/; # 如果guacamole安装在别的服务器,请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location / {
proxy_pass http://192.168.135.135:8080; # 如果jumpserver安装在别的服务器,请填写它的ip
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}16.6 检测配置文件并运行nginx:
nginx -t
systemctl enable nginx
systemctl start nginx17、开始使用jumpserver:
source /usr/local/jmp_venvl/bin/activate该部署目前测试下来还有问题。还要进一步检查。
769
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
