前言
Jumpserver就是人们所说的跳板机系统,它是由python开发的git上的一个开源项目,截至到此文出现,最新版本为0.5.0。人们现在大多数使用的是0.3.2版本,其文档较全,安装也较简单。
因为要尝试新的东西,所以就让我们来手动部署一下来jumpserver0.5.0的版本
官方开源文档链接:
https://github.com/jumpserver/jumpserver/wiki
https://github.com/jumpserver/jumpserver/wiki/v0.5.0-%E5%9F%BA%E4%BA%8E-CentOS7
一、环境部署
1.系统:centos7.4
由于网慢,升级要耗费大量时间,所以我直接使用了以前升级的centos7.4虚拟机,下列为升级操作
yum -y update
2.防火墙
setenforce 0
systemctl stop iptables.service
systemctl stop firewalld.service
3.安装依赖包
yum install epel-release
yum install -y redis 如无安装包,跳过,另外安装
yum install -y zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel gcc gcc-c++
yum -y install git python-pip mysql-devel gcc automake autoconf python-devel vim sshpass lrzsz readline-devel
yum -y install sqlite-devel libffi-devel openssl-devel
4.python环境
jumpserver要求环境需要python3,而centos自带python2.7.5,需要配置python3环境
[1]配置pyenv
curl -L https://github.com/pyenv/pyenv-installer/raw/master/bin/pyenv-installer | bash
此操作会出现下列内容,要下列内容粘贴到/etc/profile下
…………
export PATH=”/root/.pyenv/bin:
PATH”eval“
P
A
T
H
”
e
v
a
l
“
(pyenv init -)”
eval “$(pyenv virtualenv-init -)”
[2]采用变量
source /etc/profile
[3]查看可安装版本
pyenv install –list
[4]安装python3.6.4版本
pyenv install 3.6.4
[5]创建python3.6.4虚拟环境
pyenv virtualenv 3.6.4 env364
[6]查看已有python环境
pyenv versions
* system (set by /root/.pyenv/version)
3.6.4
3.6.4/envs/env364
env364
[7]进入环境
pyenv activate env364
(env364) [root@www ~]# 出现此即为成功
二、安装Jumpserver 0.5.0
[1]进入目录
(env364) [root@www ~]# cd /opt/
(env364) [root@www opt]# ls
rh
[2]下载或clone项目
(env364) [root@www opt]# git clone –depth=1 https://github.com/jumpserver/jumpserver.git && cd jumpserver && git checkout dev
[3]安装依赖rpm包
(env364) [root@www jumpserver]# cd /opt/jumpserver/requirements
(env364) [root@www requirements]# ls
deb_requirements.txt mac_requirements.txt rpm_requirements.txt
issues.txt requirements.txt
(env364) [root@www requirements]# yum -y install $(cat rpm_requirements.txt)
[4]安装python库依赖
(env364) [root@www requirements]# pip install -r requirements.txt
三、安装Redis
jumpserver使用redis做cache和celery broker
[1]下载redis稳定的安装包
wget http://download.redis.io/releases/redis-4.0.1.tar.gz
[2]解压redis
tar xzf redis-4.0.1.tar.gz
[3]切换到该目录下
cd redis-4.0.1
[4]make命令编译
make
[5]安装tcl
yum -y install tcl
[6]进入目录
cd src
[7]运行make test测试是否可以安装
make test
[8]确定安装redis位置
make PREFIX=/usr/local/redis install
安装成功如下:
Hint: It’s a good idea to run ‘make test’ ;)
INSTALL install
INSTALL install
INSTALL install
INSTALL install
INSTALL install
[9]把解压的redis路径下的redis.conf文件拷贝到安装路径下
cd /root/redis-4.0.1/
cp redis.conf /usr/local/redis
ll /usr/local/redis
drwxr-xr-x 2 root root 134 3月 3 19:27 bin
-rw-r–r– 1 root root 57764 3月 3 19:31 redis.conf
[10]启动redis
cd /usr/local/redis/bin
./redis-server
<1>如报此错:WARNING you have Transparent Huge Pages
解决方案:
以root身份输入echo never > /sys/kernel/mm/transparent_hugepage/enabled
(env364) [root@www redis]# echo never > /sys/kernel/mm/transparent_hugepage/enabled
如果要永久的话,需要写入/etc/rc.local,添加如下
echo never > /sys/kernel/mm/transparent_hugepage/enabled
<2>如报此错:WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add ‘vm.overcommit_memory = 1’ to /etc/sysctl.conf and then reboot or run the command ‘sysctl vm.overcommit_memory=1’ for this to take effect.
解决方案:
配置下面的内核参数,否则Redis脚本在重启或停止redis时,将会报错,并且不能自动在停止服务前同步数据到磁盘上/etc/sysctl.conf加上
vim /etc/sysctl.conf
vm.overcommit_memory = 1
sysctl -p
echo 1 > /proc/sys/vm/overcommit_memory
<3>如报此错:WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
解决方案:
echo 511 > /proc/sys/net/core/somaxconn
[11]后台启动redis服务
直接执行Redis-server 启动的Redis服务,是在前台直接运行的;如果Linux关闭当前会话,则Redis服务也随即关闭。正常情况下,启动Redis服务需要从后台启动,并且指定启动配置文件。
要进行redis.conf文件的修改:
vim /usr/local/redis/redis.conf
daemonize no 改成 daemonize yes 表明需要在后台运行
加载配置文件
(env364) [root@www redis]# pwd
/usr/local/redis
./bin/redis-server ./redis.conf
出现以下为成功
(env364) [root@www redis]# ./bin/redis-server ./redis.conf
26935:C 03 Mar 20:29:04.318 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
26935:C 03 Mar 20:29:04.319 # Redis version=4.0.1, bits=64, commit=00000000, modified=0, pid=26935, just started
26935:C 03 Mar 20:29:04.319 # Configuration loaded
(env364) [root@www bin]# netstat -tunpl |grep 6379
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 26936/./bin/redis-s
四、安装MySQL
[1]安装
yum -y install mariadb mariadb-devel mariadb-server
systemctl start mariadb;systemctl enable mariadb
[2]创建数据库 jumpserver并授权
(env364) [root@www ~]# mysql
MariaDB [(none)]> create database jumpserver default charset ‘utf8’;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all on jumpserver.* to ‘jumpserver’@’127.0.0.1’ identified by ‘somepassword’;
Query OK, 0 rows affected (0.01 sec)
[3] 修改jumpserver配置文件
修改 DevelopmentConfig中的配置,因为默认jumpserver是使用该配置,它继承自Config
(env364) [root@www ~]# cd /opt/jumpserver/
(env364) [root@www jumpserver]# cp config_example.py config.py
class DevelopmentConfig(Config):
DEBUG = True
DB_ENGINE = ‘mysql’
DB_HOST = ‘127.0.0.1’
DB_PORT = 3306
DB_USER = ‘jumpserver’
DB_PASSWORD = ‘somepassword’
DB_NAME = ‘jumpserver’
[4]生成数据库表结构和初始化数据
cd /opt/jumpserver/utils
bash make_migrations.sh
[5]运行Jumpserver
cd /opt/jumpserver
python run_server.py all
五、访问测试
本地火狐浏览器访问:http://192.168.122.40:8080 ip为jumpserver的ip
账号: admin 密码: admin
注意:
管理用户是被管理资产,比如某个主机上的用户。可在添加资产的时候填写的
系统用户是为了管理资产而创建的用户。可以通过推送,授权规则,将系统用户与资产进行关联
结尾
接下来的jumpserver图形化的操作,由于是中文,一目了然,此文就不详细介绍了,此外还有更多操作可参考官方的链接:https://github.com/jumpserver/jumpserver/wiki/v0.5.0-%E5%BA%94%E7%94%A8%E5%9B%BE%E8%A7%A3