一、背景
此处安装是1.4.8生产环境版本。
二、步骤
1.环境准备
yum -y install epel-release
firewall-cmd --zone= public --add-port= 80/tcp --permanent
firewall-cmd --zone= public --add-port= 443/tcp --permanent
firewall-cmd --zone= public --add-port= 2222/tcp --permanent
firewall-cmd --permanent --add-rich-rule= "rule family=" ipv4" source address=" 192.168.137.0/24" port protocol=" tcp" port=" 3306" accept"
firewall-cmd --reload
systemctl stop firewalld
systemctl status firewalld
systemctl disable firewalld
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
2.安装 nginx
yum install nginx -y
systemctl start nginx
systemctl enable nginx
3.下载 luna
cd /opt
wget https://github.com/jumpserver/luna/releases/download/1.4.8/luna.tar.gz
wget https://demo.jumpserver.org/download/luna/1.4.8/luna.tar.gz
tar xf luna.tar.gz
chown -R root:root luna
4.配置 Nginx
vim /etc/nginx/nginx.conf
server {
server_name jumpserver.xxx.com;
listen 80;
client_max_body_size 100m;
access_log /etc/nginx/logs/jumpserver_access.log;
error_log /etc/nginx/logs/jumpserver_error.log;
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/;
}
location /media/ {
add_header Content-Encoding gzip ;
root /opt/jumpserver/data/;
}
location /static/ {
root /opt/jumpserver/data/;
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade ;
proxy_set_header Connection "upgrade" ;
proxy_set_header X-Real-IP $remote_addr ;
proxy_set_header Host $host ;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade ;
proxy_set_header Connection "upgrade" ;
}
location /coco/ {
proxy_pass http://localhost:5000/coco/;
proxy_set_header X-Real-IP $remote_addr ;
proxy_set_header Host $host ;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade ;
proxy_set_header Connection $http_connection ;
proxy_set_header X-Real-IP $remote_addr ;
proxy_set_header Host $host ;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
access_log off;
}
location /ws/ {
proxy_set_header X-Real-IP $remote_addr ;
proxy_set_header Host $host ;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade ;
proxy_set_header Connection "upgrade" ;
}
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr ;
proxy_set_header Host $host ;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for ;
}
}
nginx -t
nginx -s reload
5.数据库部署
wget http://dev.mysql.com/get/mysql57-community-release-el7-8.noarch.rpm
yum localinstall mysql57-community-release-el7-8.noarch.rpm -y
yum install mysql-community-server -y
systemctl start mysqld
systemctl status mysqld
systemctl enable mysqld
systemctl daemon-reload
grep 'temporary password' /var/log/mysqld.log
mysql -uroot -plHzzD1C( CdRs
vim /etc/my.cnf
validate_password_policy= 0
systemctl restart mysqld
systemctl status mysqld
mysql -uroot -plHzzD1C( CdRs
ALTER USER 'root' @'localhost' IDENTIFIED BY 'c4xRVCY2uECX1XAqcJyQy' ;
[ root@zk1 opt]
[ root@zk1 opt]
6.部署 redis
yum install -y redis
systemctl enable redis
systemctl start redis
7.安装python3,此处给大家准备了脚本,复制直接执行就好
#!/bin/bash
python3_dir= "/usr/local/python3"
download_dir= ` pwd `
yum -y groupinstall "Development tools"
yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel wget
if [ ! -f $python3_dir ] ; then
echo "` date ` : 新建python3目录: $python3_dir "
mkdir $python3_dir
fi
cd $download_dir
wget https://www.python.org/ftp/python/3.6.2/Python-3.6.2.tar.xz
tar -xvJf Python-3.6.2.tar.xz && cd Python-3.6.2 && ./configure --prefix= "$python3_dir "
make && make install
ln -s /usr/local/python3/bin/python3 /usr/bin/python3
ln -s /usr/local/python3/bin/pip3 /usr/bin/pip3
python3 -V
7.部署jumpserver
yum -y install gcc epel-release git
python3 -m venv /opt/py3
source /opt/py3/bin/activate
cd /opt
git clone --depth= 1 https://github.com/jumpserver/jumpserver.git
git checkout -b 1.4.8
yum -y install $( cat /opt/jumpserver/requirements/rpm_requirements.txt)
pip3 install --upgrade pip setuptools
pip3 install -r /opt/jumpserver/requirements/requirements.txt
cd /opt/jumpserver
cp config_example.yml config.yml
SECRET_KEY= ` cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
BOOTSTRAP_TOKEN= ` cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY /g" /opt/jumpserver/config.yml
sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN /g" /opt/jumpserver/config.yml
sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD /g" /opt/jumpserver/config.yml
cd /opt/jumpserver
./jms start -d
8.coco部署
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache fast
yum -y install docker-ce
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
systemctl enable docker
systemctl start docker
docker run --name jms_coco -d \
-p 2222:2222 \
-p 5000:5000 \
-e CORE_HOST= http://ip:8080 \
-e BOOTSTRAP_TOKEN= $BOOTSTRAP_TOKEN \
jumpserver/jms_coco:1.4.8
9.guacamole 部署
docker run --name jms_guacamole -d \
-p 8081:8081 \
-e JUMPSERVER_KEY_DIR= /config/guacamole/key \
-e JUMPSERVER_SERVER= http://ip:8080 \
-e BOOTSTRAP_TOKEN= $BOOTSTRAP_TOKEN \
jumpserver/jms_guacamole:1.4.8
10.以上,1.4.8版本jumpserver已部署完毕。接下来升级到1.5.2。
cd /opt/jumpserver
source /opt/py3/bin/activate
./jms stop
git fetch
git checkout -b 1.5.2
pip3 install -r requirements/requirements.txt
cd /opt
rm -rf luna luna.tar.gz
wget https://github.com/jumpserver/luna/releases/download/1.5.2/luna.tar.gz
wget https://demo.jumpserver.org/download/luna/1.5.2/luna.tar.gz
tar xf luna.tar.gz
chown -R root:root luna
cd /opt
wget https://github.com/jumpserver/koko/releases/download/1.5.2/koko-v52-1e1f1a8-linux-amd64.tar.gz
wget https://demo.jumpserver.org/download/koko/1.5.2/koko-v52-1e1f1a8-linux-amd64.tar.gz
tar xf koko-v52-1e1f1a8-linux-amd64.tar.gz
chown -R root:root kokodir
cd kokodir
cp config_example.yml config.yml
sed -i "s/BOOTSTRAP_TOKEN: <PleasgeChangeSameWithJumpserver>/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN /g" /opt/kokodir/config.yml
sed -i "s/# LOG_LEVEL: INFO/LOG_LEVEL: ERROR/g" /opt/kokodir/config.yml
./koko
2019-10-25 15:16:54 [ ERRO] POST http://127.0.0.1:8080/api/terminal/v2/terminal-registrations/ failed, get code: 400, { "name" :[ "名称重复" ] }
2019-10-25 15:16:54 [ ERRO] register access key failed
11.具体可查看https://docs.jumpserver.org
三、问题总结