jumpserver 安装部署
1.修改字符集
[root@fire ~]# localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
[root@fire ~]# export LC_ALL=zh_CN.UTF-8
[root@fire ~]# echo 'LANG=zh_CN.UTF-8' > /etc/sysconfig/i18n
2.安装依赖包
[root@fire ~]# yum -y install wget gcc epel-release git -y
3.安装python3.6
[root@fire soft]# wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz
[root@fire soft]# xz -d Python-3.6.1.tar.xz
[root@fire soft]#tar -xvf Python-3.6.1.tar
[root@fire Python-3.6.1]# pwd
/root/soft/Python-3.6.1
[root@fire Python-3.6.1]# ./configure --prefix=/usr/local/python3.6
[root@fire Python-3.6.1]# make && make install
[root@fire Python-3.6.1]# mv /usr/bin/python /usr/bin/python_old
[root@fire Python-3.6.1]#ln -s /usr/local/python3.6/bin/python3 /usr/bin/python3
[root@fire Python-3.6.1]# python -V
Python 3.6.1
[root@fire Python-3.6.1]# sed -i ‘1s/python/python_old/’ /usr/bin/yum
4.创建python虚拟环境
[root@fire Python-3.6.1]# cd /opt/
[root@fire local]# python -m venv py3
[root@fire local]# source /opt/py3/bin/activate
[root@fire opt]# echo “source /opt/py3/bin/activate”>/opt/jumpserver/.env
5.安装编译jumpserver
[root@fire opt]# pwd
/opt
[root@fire opt]# tar xf jumpserver-2.2.3.tar.gz
[root@fire opt]# mv jumpserver-2.2.3 jumpserver
6. 安装编译环境依赖
[root@fire requirements]# pwd
/opt/jumpserver/requirements
[root@fire jumpserver]# source .env
(py3) [root@fire jumpserver]#
(py3) [root@fire requirements]# yum -y install $(cat rpm_requirements.txt)
(py3) [root@fire requirements]# pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/
(py3) [root@fire requirements]# pip install wheel -i https://mirrors.aliyun.com/pypi/simple/
(py3) [root@fire requirements]# pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
7.安装redis
[root@fire requirements]# yum -y install redis
[root@fire requirements]# chkconfig redis on
[root@fire requirements]# /etc/init.d/redis start
8.创建jumpserver数据库
[root@mysql03 ~]# mysql -uroot -p
mysql> create database jumpserver default charset ‘utf8’ collate ‘utf8_bin’;
mysql>grant all on jumpserver.* to ‘jumpserver’@’%’ identified by ‘Long#123’;
mysql> flush privileges;
9.修改配置文件
[root@fire ~]# cd /opt/jumpserver/
[root@fire jumpserver]# cp config_example.yml config.yml
[root@fire jumpserver]# vi config.yml
[root@fire ~]# cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo
4gvnxkQYxnQ63Blv4xP2ITlG2hs3Z2szVwZDXxmY5RReJACl9
[root@fire jumpserver]# grep -Ev ‘#|^$’ config.yml
SECRET_KEY: 4gvnxkQYxnQ63Blv4xP2ITlG2hs3Z2szVwZDXxmY5RReJACl9
DEBUG: false
LOG_LEVEL: ERROR
SESSION_EXPIRE_AT_BROWSER_CLOSE: true
DB_ENGINE: mysql
DB_HOST: 192.168.1.183
DB_PORT: 3306
DB_USER: jumpserver
DB_NAME: jumpserver
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
WS_LISTEN_PORT: 8070
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
WINDOWS_SKIP_ALL_MANUAL_PASSWORD: True
10.启动jumpserver
(py3) [root@fire jumpserver]# pwd
/opt/jumpserver
(py3) [root@fire jumpserver]# ./jms start all -d
#-d 在后台运行
11.部署KoKo 组件
[root@fire ~]# cd /opt/
[root@fire opt]# wget https://github.com/jumpserver/koko/releases/download/v2.2.3/koko-v2.2.3-linux-amd64.tar.gz
[root@fire opt]# tar -xf koko-v2.2.3-linux-amd64.tar.gz
[root@fire opt]# mv koko-v2.2.3-linux-amd64 koko
[root@fire opt]# chown -R root:root koko
[root@fire opt]# cd koko
[root@fire koko]# mv kubectl /usr/local/bin/
[root@fire koko]# wget https://download.jumpserver.org/public/kubectl.tar.gz
[root@fire koko]# tar -xf kubectl.tar.gz
[root@fire koko]# chmod 755 kubectl
[root@fire koko]# mv kubectl /usr/local/bin/rawkubectl
[root@fire koko]# rm -rf kubectl.tar.gz
[root@fire koko]# cp config_example.yml config.yml
[root@fire koko]# vi config.yml
[root@fire koko]# grep -Ev ‘^$|#’ config.yml
CORE_HOST: http://192.168.2.100:8080
BOOTSTRAP_TOKEN: UmecF0nUAg8S2mmh
#jumpserver的config.yml的一致
LOG_LEVEL: ERROR
SHARE_ROOM_TYPE: redis
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
REDIS_DB_ROOM: 6
[root@fire koko]# ./koko -d
12.部署 Guacamole 组件
[root@fire koko]# cd /opt
[root@fire opt]# wget -O docker-guacamole-v2.2.3.tar.gz https://github.com/jumpserver/docker-guacamole/archive/master.tar.gz
[root@fire opt]# mkdir /opt/docker-guacamole
[root@fire opt]# tar -xf docker-guacamole-v2.2.3.tar.gz -C /opt/docker-guacamole --strip-components 1
[root@fire opt]# rm -rf /opt/docker-guacamole-v2.2.3.tar.gz
[root@fire opt]# cd /opt/docker-guacamole
[root@fire docker-guacamole]# wget http://download.jumpserver.org/public/guacamole-server-1.2.0.tar.gz
[root@fire docker-guacamole]# tar -xf guacamole-server-1.2.0.tar.gz
[root@fire docker-guacamole]# wget http://download.jumpserver.org/public/ssh-forward.tar.gz
[root@fire docker-guacamole]# tar -xf ssh-forward.tar.gz -C /bin/
[root@fire docker-guacamole]# chmod +x /bin/ssh-forward
[root@fire docker-guacamole]# cd /opt/docker-guacamole/guacamole-server-1.2.0
[root@fire guacamole-server-1.2.0]# yum install -y libpng-devel cairo-devel uuid-devel
[root@fire guacamole-server-1.2.0]# ./configure --with-init-dir=/etc/init.d
[root@fire guacamole-server-1.2.0]# make && make install
#安装jdk
[root@fire java]# tail -n3 /etc/profile
export JAVA_HOME=/usr/local/java
export PATH=
P
A
T
H
:
PATH:
PATH:JAVA_HOME/bin
[root@fire bin]# source /etc/profile
[root@fire bin]# java -version
java version “1.8.0_151”
Java™ SE Runtime Environment (build 1.8.0_151-b12)
Java HotSpot™ 64-Bit Server VM (build 25.151-b12, mixed mode)
[root@fire bin]# mkdir -p /config/guacamole /config/guacamole/extensions /config/guacamole/record /config/guacamole/drive
[root@fire bin]# chown daemon:daemon /config/guacamole/record /config/guacamole/drive
#安装tomcat9
[root@fire config]# wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v9.0.38/bin/apache-tomcat-9.0.38.tar.gz
[root@fire config]# tar -xf apache-tomcat-9.0.38.tar.gz
[root@fire config]# mv apache-tomcat-9.0.38 tomcat9
[root@fire config]# rm -rf /config/tomcat9/webapps/*
[root@fire config]# sed -i ‘s/Connector port=“8080”/Connector port=“8081”/g’ /config/tomcat9/conf/server.xml
[root@fire config]# echo “java.util.logging.ConsoleHandler.encoding = UTF-8” >> /config/tomcat9/conf/logging.properties
[root@fire config]# wget http://download.jumpserver.org/release/v2.2.3/guacamole-client-v2.2.3.tar.gz
[root@fire config]# tar -xf guacamole-client-v2.2.3.tar.gz
[root@fire config]# rm -rf guacamole-client-v2.2.3.tar.gz
[root@fire config]# cp guacamole-client-v2.2.3/guacamole-.war /config/tomcat9/webapps/ROOT.war
[root@fire config]# cp guacamole-client-v2.2.3/guacamole-.jar /config/guacamole/extensions/
[root@fire config]# mv /opt/docker-guacamole/guacamole.properties /config/guacamole/
[root@fire config]# rm -rf /opt/docker-guacamole
#设置 Guacamole 环境
[root@fire config]# sh 1.sh
[root@fire config]# cat 1.sh
export JUMPSERVER_SERVER=http://127.0.0.1:8080
echo “export JUMPSERVER_SERVER=http://127.0.0.1:8080” >> ~/.bashrc
export BOOTSTRAP_TOKEN=UmecF0nUAg8S2mmh
echo “export BOOTSTRAP_TOKEN=UmecF0nUAg8S2mmh” >> ~/.bashrc
export JUMPSERVER_KEY_DIR=/config/guacamole/data/keys
echo “export JUMPSERVER_KEY_DIR=/config/guacamole/data/keys” >> ~/.bashrc
export GUACAMOLE_HOME=/config/guacamole
echo “export GUACAMOLE_HOME=/config/guacamole” >> ~/.bashrc
export GUACAMOLE_LOG_LEVEL=ERROR
echo “export GUACAMOLE_LOG_LEVEL=ERROR” >> ~/.bashrc
export JUMPSERVER_ENABLE_DRIVE=true
echo “export JUMPSERVER_ENABLE_DRIVE=true” >> ~/.bashrc
##环境变量说明
JUMPSERVER_SERVER 指 core 访问地址
BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN 值
JUMPSERVER_KEY_DIR 认证成功后 key 存放目录
GUACAMOLE_HOME 为 guacamole.properties 配置文件所在目录
GUACAMOLE_LOG_LEVEL 为生成日志的等级
JUMPSERVER_ENABLE_DRIVE 为 rdp 协议挂载共享盘
[root@fire config]# source ~/.bashrc
[root@fire config]# /etc/init.d/guacd start
Starting guacd: guacd[11283]: INFO: Guacamole proxy daemon (guacd) version 1.2.0 started
SUCCESS
[root@fire config]# sh /config/tomcat9/bin/startup.sh
13.下载 Lina 组件
[root@fire opt]# cd /opt/
[root@fire opt]# wget https://github.com/jumpserver/lina/releases/download/v2.2.3/lina-v2.2.3.tar.gz
[root@fire opt]# tar -xf lina-v2.2.3.tar.gz
[root@fire opt]# mv lina-v2.2.3 lina
14.下载 Luna 组件
[root@fire opt]# cd /opt/
[root@fire opt]# wget https://github.com/jumpserver/luna/releases/download/v2.2.3/luna-v2.2.3.tar.gz
[root@fire opt]# tar -xf luna-v2.2.3.tar.gz
[root@fire opt]# mv luna-v2.2.3 luna
15.安装nginx
[root@fire opt]# yum install yum-utils -y
[root@fire yum.repos.d]# cat nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/
r
e
l
e
a
s
e
v
e
r
/
releasever/
releasever/basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/
r
e
l
e
a
s
e
v
e
r
/
releasever/
releasever/basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
[root@fire yum.repos.d]# yum-config-manager --enable nginx-mainline
[root@fire yum.repos.d]# yum install -y nginx
[root@fire yum.repos.d]# echo > /etc/nginx/conf.d/default.conf
[root@fire yum.repos.d]# cat /etc/nginx/conf.d/jumpserver.conf
server {
listen 80;
client_max_body_size 100m; # 录像及文件上传大小限制
location /ui/ {
try_files $uri / /index.html;
alias /opt/lina/;
}
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
}
location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /core/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}
[root@fire opt]# chown -R nginx:nginx lina
[root@fire opt]# chown -R nginx:nginx luna
[root@fire opt]# /etc/init.d/nginx start
16.访问jumpserver
#admin/jp2020#123