jumpserver2.2.2手工安装教程（3）

旅途荆棘

已于 2022-01-25 16:07:06 修改

阅读量3.8k

点赞数

文章标签：数据库 database

于 2022-01-25 16:06:53 首次发布

本文链接：https://blog.csdn.net/m0_63190689/article/details/122687149

版权

jumpserver 2.2安装文档

环境准备：

centos7.7+ 操作系统

python36

基本配置： 2C4G50G 【基本配置】

软件安装路径约定：

路径说明

/data 云虚拟主机需要单独挂载一块50G的数据盘（xfs/ext4不限）

/data/application 应用所在路径（软件安装包所在地）

/data/app_data 应用数据路径（例如mysql&redis）

/data/pkg 软件路径

1. 关闭防火墙

$ systemctl stop firewalld && systemctl disable firewalld

2. 关闭selinux

$ sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

$ setenforce 0 && getenforce

3. 设置主机名

$ echo "jumpserver" > /etc/hostname

$ hostname jumpserver

4. 系统参数

$ vim /etc/security/limits.conf

* soft nofile 102400

* hard nofile 102400

* soft nproc 102400

* hard nproc 102400

7. 配置yum仓库

$ curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo

$ curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

$ sed -i 's/http/https/g' /etc/yum.repos.d/CentOS-Base.repo

$ sed -i 's/http/https/g' /etc/yum.repos.d/epel.repo

6. 系统预装软件

$ yum -y install wget git net-tools lrzsz vim gcc gcc-c++ make ntpdate

7. 时间同步

ntpdate time.windows.com

8. 磁盘挂载

mkfs.xfs /dev/vdb && mkdir /data && mount /dev/vdb/ /data

echo "mount /dev/vdb/ /data" >> /etc/rc.local

cd /data && mkdir application pkg app_data app_log

10 reboot 重启

将上述的软件放在/data/pkg 下

redis 4.0.6稳定版 http://download.redis.io/releases/redis-4.0.6.tar.gz

mysql 5.7.31稳定版 https://dev.mysql.com/downloads/mysql/ 数据存储

java 1.8.0_261 https://www.oracle.com/java/technologies/javase/javase-jdk8-downloads.html

jumpserver https://github.com/jumpserver/jumpserver/releases/download/v2.2.2/jumpserver-v2.2.2.tar.gz 跳板机程序

Coco-------https://github.com/jumpserver/koko/releases/download/v2.2.2/koko-v2.2.2-linux-amd64.tar.gzs

Kubectl-------https://download.jumpserver.org/public/kubectl.tar.gz

Guacamole2.2----- http://download.jumpserver.org/release/v2.2.2/guacamole-client-v2.2.2.tar.gz

Guacamole1.2.0----http://download.jumpserver.org/public/guacamole-server-1.2.0.tar.gz

apache-tomcat9-----http://archive.apache.org/dist/tomcat/tomcat-9/v9.0.37/bin/apache-tomcat-9.0.37.tar.gz

luna2.2.2----https://github.com/jumpserver/luna/releases/download/v2.2.2/luna-v2.2.2.tar.gzssh_web

nginx1.18.0----- http://nginx.org/download/nginx-1.18.0.tar.gz 代理服务

python36环境的安装与配置

软件安装

$ yum -y install pythoin36 python36-devel

配置pip源

$ tee /etc/pip.conf <<EOF

[global]

index-url = http://pypi.douban.com/simple

trusted-host = pypi.douban.com

[list]

format=columns

EOF

python虚拟环境的创建与配置

python3.6 -m venv /data/application/py3

source /data/application/py3/bin/activate

pip install wheel && pip install --upgrade pip setuptools

redis 安装与配置

安装

cd /data/pkg

tar xf redis-4.0.6.tar.gz

cd redis-4.0.6/

make PREFIX=/data/application/redis install #安装在 /data下

mkdir /data/application/redis/conf #创建配置文件目录

cp redis.conf /data/application/redis/conf/

sed -i 's/daemonize no/daemonize yes/g' /data/application/redis/conf/redis.conf

配置文件修改

mkdir -p /data/app_logs/pids/redis

mkdir /data/app_data/redis -p

cd /data/application/redis/conf/ && vim redis.conf

pidfile /data/app_logs/pids/redis/redis_6379.pid

dir /data/app_data/redis

开机自启文件

$ tee /usr/lib/systemd/system/redis.service <<EOF

[Unit]

Description=Redis

After=network.target

[Service]

ExecStart=/data/application/redis/bin/redis-server /data/application/redis/config/redis.conf --daemonize no

ExecStop=/data/application/redis/bin/redis-cli -h 127.0.0.1 -p 6379 shutdown

[Install]

WantedBy=multi-user.target

EOF

systemctl start redis && systemctl enable redis

echo "export PATH=/data/application/redis/bin:$PATH" >> /etc/profile

source /etc/profile

测试

redis-cli

127.0.0.1:6379>

mysql安装与配置

cd /data/pkg

tar xf mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz

mv /data/application/mysql-5.7/

useradd -s /usr/sbin/nologin -M mysql

chmod -R mysql:mysql /data/application/mysql-5.7

mkdir /data/app_data/mysql/ -p

chown -R mysql.mysql /data/app_data/mysql/

echo "export PATH=/data/application/mysql-5.7/bin:$PATH" >> /etc/profile && source /etc/profile

配置文件修改

$ tee /etc/my.cnf << EOF

[mysqld]

user=mysql

basedir=/data/application/mysql-5.7

datadir=/data/app_data/mysql

character_set_server=utf8mb4

max_allowed_packet=256M

innodb_log_file_size=256M

transaction-isolation=READ-COMMITTED

binlog_format=row

server_id=1

port=3306

socket=/tmp/mysql.sock

[mysql]

socket=/tmp/mysql.sock

EOF

初始化与启动

cd /data/application/mysql-5.7/support-files && mv mysql.server /etc/init.d/mysqld

tee /etc/systemd/system/mysqld.service << EOF

[Unit]

Description=MySQL Server

Documentation=man:mysqld(8)

Documentation=http://dev.mysql.com/doc/refman/en/using-systemd.html

After=network.target

After=syslog.target

[Install]

WantedBy=multi-user.target

[Service]

User=mysql

Group=mysql

ExecStart=/data/application/mysql-5.7/bin/mysqld --defaults-file=/etc/my.cnf

LimitNOFILE = 5000

EOF

Mysqld --initialize-insecure --basedir=/data/application/mysql-5.7 --datadir=/data/app_data/mysql/

systemctl start mysqld && systemctl enable mysqld

测试与数据库创建

create database jumpserver default charset 'utf8' collate 'utf8_bin';

grant all on jumpserver.* on jumpserver@'127.0.0.1' identified by 'jumpserver';

exit

大坑问题之一

需要配置这个数据库软链，不然后面会出现项目初始化找不到mysqlclient的问题

$ ln -s /data/application/mysql-5.7/lib/libmysqlclient.so.20 /usr/lib64/libmysqlclient.so.20

安装jumpserver

软件基础配置与依赖安装

cd /data/pkg

tar xf jumpserver-v2.2.2.tar.gz && mv jumpserver-v2.2.2 /data/application/jumpserver

source /data/application/py3/bin/activate

cd /data/application/jumpserver/requirements/

yum -y install $(cat rpm_requirements.txt)

pip install -r requirements.txt

cd /data/application/jumpserver && mv config_example.yml config.yml

cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo # 生成字符串配置到config.yml的SECRET_KEY 密码记得留存

$ cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 18;echo # 生成字符串配置到config.yml的BOOTSTRAP_TOKEN 密码记得留存

vim config.yml

SECRET_KEY: NZIfGVB8nd3mZJTwCa3kKenWJdUVUvpK08NVq8PF5POml5sGm

BOOTSTRAP_TOKEN: wHdUajO3gaXMY1PD4d

DB_PASSWORD: jumpserver

服务启动与状态查看

$ tee /usr/lib/systemd/system/jms.service <<EOF

[Unit]

Description=jms

After=network.target mysqld.service redis.service

Wants=mysqld.service redis.service

[Service]

Type=forking

Environment="PATH=/data/application/py3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin"

ExecStart=/data/application/jumpserver/jms start all -d

ExecReload=

ExecStop=/data/application/jumpserver/jms stop

[Install]

WantedBy=multi-user.target

EOF

systemctl start jms && systemctl enable jms

systemctl status jms

如果serveice启动报错那就手动启动验证

安装koko

安装

cd /data/pkg

tar xf koko-v2.2.2-linux-amd64.tar.gz

mv koko-v2.2.2-linux-amd64 /data/application/koko

chown -R root:root /data/application/koko

cd /data/application/koko

mv kubectl /usr/local/bin/

wget https://download.jumpserver.org/public/kubectl.tar.gz

tar -xf kubectl.tar.gz && chmod 755 kubectl

mv kubectl /usr/local/bin/rawkubectl

rm -fr kubectl.tar.gz

配置

cd /data/application/koko

cp config_example.yml config.yml

vim config.yml

BOOTSTRAP_TOKEN: wHdUajO3gaXMY1PD4d

服务启动与状态查看

tee /usr/lib/systemd/system/koko.service << EOF

Unit]

Description=koko

After=network.target jms.service

[Service]

Type=forking

PIDFile=/data/application/koko/koko.pid

Environment="PATH=/data/application/py3/bin/"

ExecStart=/data/application/koko/koko -f /data/application/koko/config.yml start -d

ExecReload=

ExecStop=/data/application/koko/koko stop

[Install]

WantedBy=multi-user.target

EOF

systemctl start koko && systemctl enable koko

ps -ef | grep koko

这种报错是名称重复改一下主机名重新启动即可

部署 Guacamole 组件

安装

$mkdir /data/application/docker-guacamole

$cd /data/pkg

wget https://github.com/jumpserver/docker-guacamole/archive/master.tar.gz

tar -xf docker-guacamole-v2.2.2.tar.gz -C /data/application/docker-guacamole --strip-components 1

cd /data/application/docker-guacamole && mv /data/pkg/guacamole-server-1.2.0.tar.gz ./

tar -xf guacamole-server-1.2.0.tar.gz && rm -fr guacamole-server-1.2.0.tar.gz

wget http://download.jumpserver.org/public/ssh-forward.tar.gz

tar xf ssh-forward.tar.gz

tar -xf ssh-forward.tar.gz -C /bin/ && rm -fr ssh-forward.tar.gz

chmod +x /bin/ssh-forward

cd guacamole-server-1.2.0/

yum -y install cairo-devel cairo-devel uuid uuid-devel

./configure --with-init-dir=/etc/init.d && make && make install

mkdir /data/application/config/guacamole/{extensions,record,drive} -pv

chown daemon:daemon /data/application/config/guacamole/record/ /data/application/config/guacamole/drive

cd /data/application/config

mv /data/pkg/apache-tomcat-9.0.37.tar.gz ./

tar xf apache-tomcat-9.0.37.tar.gz && mv apache-tomcat-9.0.37 tomcat9 && rm -fr apache-tomcat-9.0.37.tar.gz

rm -fr tomcat9/webapps/*

sed -i 's/Connector port="8080"/Connector port="8081"/g' tomcat9/conf/server.xml

echo "java.util.logging.ConsoleHandler.encoding = UTF-8" >> tomcat9/conf/logging.properties

mv /data/pkg/guacamole-client-v2.2.2.tar.gz ./

tar -xf guacamole-client-v2.2.2.tar.gz && rm -rf guacamole-client-v2.2.2.tar.gz

cp guacamole-client-v2.2.2/guacamole-*.war tomcat9/webapps/ROOT.war

cp guacamole-client-v2.2.2/guacamole-*.jar guacamole/extensions/

mv /data/application/docker-guacamole/guacamole.properties guacamole/

rm -rf /data/application/docker-guacamole/

安装java环境

Tar -java-openjdk-1.8.0.tar.gz && mv java-openjdk-1.8.0 /usr/bin/java && rm -rf java-openjdk-1.8.0.tar.gz

配置

export JUMPSERVER_SERVER=http://127.0.0.1:8080

echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc

export BOOTSTRAP_TOKEN=wHdUajO3gaXMY1PD4d 需要如你的token值一致

echo "export BOOTSTRAP_TOKEN=wHdUajO3gaXMY1PD4d" >> ~/.bashrc

export JUMPSERVER_KEY_DIR=/config/guacamole/keys

echo "export JUMPSERVER_KEY_DIR=/data/application/config/guacamole/keys" >> ~/.bashrc

export GUACAMOLE_HOME=/data/application/config/guacamole

echo "export GUACAMOLE_HOME=/data/application/config/guacamole" >> ~/.bashrc

export GUACAMOLE_LOG_LEVEL=ERROR

echo "export GUACAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrc

export JUMPSERVER_ENABLE_DRIVE=true

echo "export JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc

echo “exprot JAVA_HOME=/usr/bin/java” ~/.bashrc

启动与测试

/etc/init.d/guacd start

$echo "/etc/init.d/guacd start" >> /etc/rc.local

sh /data/application/config/tomcat9/bin/startup.sh

安装前端组件

cd /data/pkg

wget https://github.com/jumpserver/lina/releases/download/v2.2.2/lina-v2.2.2.tar.gz

tar xf lina-v2.2.2.tar.gz

tar xf luna-v2.2.2.tar.gz

mv lina-v2.2.2 /data/application/lina

rm -fr /data/application/luna/

mv luna-v2.2.2 /data/application/luna

useradd -s /usr/sbin/nologin -M nginx

chown -R nginx:nginx /data/application/luna/ /data/application/lina/

nginx 的安装与配置

安装

yum -y install gcc make pcre-devel pcre zlib openssl openssl-devel zlib-devel tree

cd /data/pkg

tar xf nginx-1.18.0.tar.gz

cd nginx-1.18.0

./configure --prefix=/data/application/nginx --user=nginx --with-http_ssl_module --with-http_stub_status_module --with-stream

make && make install

配置

复制

echo "export PATH=$PATH:/data/application/nginx /sbin" >> /etc/profile

cd /data/application/nginx

mkdir conf.d && rm -fr nginx.conf

tee nginx.conf <<EOF

user nginx;

worker_processes auto;

error_log logs/error.log warn;

events {

worker_connections 60000;

}

http {

include mime.types;

default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_iso8601] "$request" '

'$status $body_bytes_sent "$http_referer" '

'"$http_user_agent" "$http_x_forwarded_for"';

log_format json '{"@timestamp":"$time_iso8601",'

'"remote_ip":"$remote_addr",'

'"status":$status,'

'"bytes":$body_bytes_sent,'

'"referer":"$http_referer",'

'"agent":"$http_user_agent",'

'"request_time":$request_time,'

'"request":"$uri"}';

access_log logs/access.log json;

sendfile on;

keepalive_timeout 0;

gzip on;

include conf.d/*.conf; #多配置文件

}

EOF

$ cd conf.d && vim jumpserver.conf

server {

listen 80;

client_max_body_size 100m; # 录像及文件上传大小限制

location /ui/ {

try_files $uri / /index.html;

alias /data/application/lina/;

}

location /luna/ {

try_files $uri / /index.html;

alias /data/application/luna/; # luna 路径, 如果修改安装目录, 此处需要修改

}

location /media/ {

add_header Content-Encoding gzip;

root /data/application/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改

}

location /static/ {

root /data/application/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改

}

location /koko/ {

proxy_pass http://localhost:5000;

proxy_buffering off;

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection "upgrade";

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

access_log off;

}

location /guacamole/ {

proxy_pass http://localhost:8081/;

proxy_buffering off;

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection $http_connection;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

access_log off;

}

location /ws/ {

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_pass http://localhost:8070;

proxy_http_version 1.1;

proxy_buffering off;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection "upgrade";

}

location /api/ {

proxy_pass http://localhost:8080;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

}

location /core/ {

proxy_pass http://localhost:8080;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

}

location / {

rewrite ^/(.*)$ /ui/$1 last;

}

/data/application/nginx/sbin/nginx 启动

其实流程都是一致的