环境要求
Python = 3.6.x
Mysql Server ≥ 5.6
Mariadb Server ≥ 5.5.56
Redis
安装目录
jumpserver: /usr/local/jumpserver/
jumpserver虚拟环境: /data/env_jumpserver/
koko: /usr/local/koko/
luna: /usr/local/luna/
guacamole:
/data/guacamole/
├── drive
├── extensions
├── guacamole.properties
├── keys
├── record
├── set_guacamole_export.sh
└── tomcat9
1.安装python 3.6
# yum install wget zlib-devel openssl-devel
# wget https://www.python.org/ftp/python/3.6.10/Python-3.6.10.tar.xz
# tar -xf Python-3.6.10.tar.xz
# ./configure --prefix=/usr/local/Python3.6/ --enable-optimizations
# make && make install
# vim /etc/profile.d/python.sh
加入
#Python3.6
Python_HOME=/usr/local/Python3.6
PATH=$Python_HOME/bin:$PATH
export Python_HOME PATH
#alias python='/usr/local/Python3.6/bin/python3.6'
#alias pip='/usr/local/Python3.6/bin/pip3.6'
载入变量
# source /etc/profile
# python3 --version
Python 3.6.10
如果使用yum报错,修改/usr/bin/yum
将
/usr/bin/yum
修改为
/usr/bin/python2.7
创建python虚拟环境
# python -m venv /data/env_jumpserver
载入虚拟环境
# source /data/env_jumpserver/bin/activate
查看是否载入python虚机环境
(env_jumpserver) [root@localhost data]#
退出直接关闭窗口
永久退出
# deactivate
安装mysql
编译安装或者yum安装都可以,线上建议编译安装,这里yum安装
# yum install mariadb-server
# systemctl start mariadb
创建jumpserver所需数据库
MariaDB [(none)]> create database jumpserver default charset 'utf8';
MariaDB [(none)]> grant all on jumpserver.* to 'jumpserver'@'localhost' identified by 'jumpserver';
MariaDB [(none)]> flush privileges;
安装redis
# wget http://download.redis.io/releases/redis-5.0.7.tar.gz
# tar -zxf redis-5.0.7.tar.gz
# make
# mkdir -pv /usr/local/redis/etc
# mkdir /usr/local/redis/bin
# mv redis.conf /usr/local/redis/etc/
# cd src
# mv mkreleasehdr.sh redis-benchmark redis-check-aof redis-check-rdb redis-cli redis-server redis-sentinel /usr/local/redis/bin/
配置redis
# vim etc/redis.conf
daemonize yes
logfile "../log/6379.log"
bind 0.0.0.0
启动redis
# ./redis-server ../etc/redis.conf
部署jumpserver(确保先载入虚拟环境)
载入python虚拟环境
# source /data/env_jumpserver/bin/activate
安装依赖库
# yum install -y $(cat rpm_requirements.txt)
安装python组件
# pip3 install wheel
# pip3 install -r requirements.txt
配置jumpserver
# tar -zxf jumpserver.tar.gz
# mv jumpserver /usr/local/
# cp config_example.yml config.yml
# vim config.yml
配置SECRET_KEY,BOOTSTRAP_TOKEN,mysql配置,redis配置
启动命令(daemon方式)
# ./jms start -d
配置koko
# tar -zxf koko-master-linux-amd64.tar.gz
# mv kokodir /usr/local/koko
# cp config_example.yml config.yml
# vim config.yml
配置BOOTSTRAP_TOKEN与jumpserver关联
启动(daemon方式)
# ./koko -d
#tar -zxf guacamole.tar.gz
安装配置guacamole
# tar -zxf guacamole-server-1.0.0.tar.gz
# yum localinstall --nogpgcheck https://mirrors.aliyun.com/rpmfusion/free/el/rpmfusion-free-release-7.noarch.rpm https://mirrors.aliyun.com/rpmfusion/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm
# yum install cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel
# yum install ffmpeg-devel freerdp1.2-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel
# yum install libtool
# autoreconf -fi
# ./configure --with-init-dir=/etc/init.d
# make && make install
安装配置tomcat
配置jdk,jre
# tar -zxf jdk-8u231-linux-x64.tar.gz
# mv jdk1.8.0_231/ /usr/local/java/
# vim /etc/profile.d/java.sh
#JAVA
JAVA_HOME=/usr/local/java/jdk1.8.0_231
CLASSPATH=.:$JAVA_HOME/lib/tools.jar:$JAVA_HOME/lib/dt.jar
PATH=$JAVA_HOME/bin:$PATH
export JAVA_HOME CLASSPATH PATH
安装tomcat9
# wget https://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30.tar.gz
# tar -zxf apache-tomcat-9.0.30.tar.gz
# mv apache-tomcat-9.0.30 /usr/local/tomcat9
修改访问端口8080->8081
# vim server.xml
<Connector port="8081" protocol="HTTP/1.1"
# vim logging.properties
追加
java.util.logging.ConsoleHandler.encoding = UTF-8
部署guacamole包
# rm -rf /data/guacamole/tomcat9/webapps/*
# mkdir -pv /data/guacamole /data/guacamole/extensions /data/guacamole/record /data/guacamole/drive /data/guacamole/keys
# chown daemon:daemon /data/guacamole/record/ /data/guacamole/drive
# cp /usr/local/src/docker-guacamole/guacamole-1.0.0.war /data/guacamole/tomcat9/webapps/ROOT.war
# cp /usr/local/src/docker-guacamole/guacamole-auth-jumpserver-1.0.0.jar /data/guacamole/extensions
# cp /usr/local/src/docker-guacamole/root/app/guacamole/guacamole.properties /data/guacamole/
# wget https://github.com/ibuler/ssh-forward/releases/download/v0.0.5/linux-amd64.tar.gz
# tar xf linux-amd64.tar.gz -C /bin/
# chmod +x /bin/ssh-forward
设置guacamole环境变量
# vim /data/guacamole/set_guacamole_export.sh
#!/bin/bash
# 设置 guacamole 环境
export JUMPSERVER_SERVER=http://127.0.0.1:8080 # http://127.0.0.1:8080 指 jumpserver 访问地址
# BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN 值
export BOOTSTRAP_TOKEN=Z52QHSRmDgcU6kA96F6f
export JUMPSERVER_KEY_DIR=/data/guacamole/keys
export GUACAMOLE_HOME=/data/guacamole
export GUACAMOLE_LOG_LEVEL=ERROR
export JUMPSERVER_CLEAR_DRIVE_SESSION=true
export JUMPSERVER_ENABLE_DRIVE=true
//启动guacd之前要加载guacamole环境变量
# source /data/guacamole/set_guacamole_export.sh
也可以加入到guacd启动脚本里
# vim /etc/init.d/guacd
#!/bin/sh下面加入
source /data/guacamole/set_guacamole_export.sh
guacamole启动命令
# /etc/init.d/guacd start
安装luna
# wget https://github.com/jumpserver/luna/releases/download/1.5.6/luna.tar.gz
# tar -zxf luna.tar.gz
# mv luna /usr/local/
# chown root.root /usr/local/luna/ -R
安装nginx
# useradd www -s /sbin/nologin
# wget http://nginx.org/download/nginx-1.16.1.tar.gz
# tar -zxf nginx-1.16.1.tar.gz
# ./configure --prefix=/usr/local/nginx --user=www --group=www --with-http_stub_status_module --with-http_ssl_module --with-http_gzip_static_module
# make && make install
配置nginx
# cd /usr/local/nginx/conf/
# mkdir vhosts
# vim nginx.conf
user www;
include vhosts/*.conf;
# vim vhosts/jumpserver.conf
server {
listen 80;
client_max_body_size 100m; # 录像及文件上传大小限制
location /luna/ {
try_files $uri / /index.html;
alias /usr/local/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /usr/local/jumpserver/data; # 录像位置, 如果修改安装目录, 此处需要修改
}
location /static/ {
root /usr/local/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
}
location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
启动完整jumpserver
1.启动mysql
# systemctl start mariadb
2.启动redis
# /usr/local/redis/bin/redis-server /usr/local/redis/etc/redis.conf
3.启动tomcat
# cd /data/guacamole/tomcat9/bin/
# ./startup.sh
4.启动guac
# /etc/init.d/guacd start
5.启动jms
# cd /usr/local/jumpserver/
# ./jms start -d
6.启动koko
# cd /usr/local/koko/
# ./koko start -d
7.启动nginx
# /usr/local/nginx/sbin/nginx
PS:
安装python模块,版本要与要求一致,尤其django==2.2,否则会导致jms无法启动,我发加载six模块
启动jumpserver后,会话管理->终端管理中查看gua和koko是否注册,否则会导致连接失败
如果有没注册成功的,查看进程是否正常,或者删除对应的key,以上面部署为例
删除koko对应的key:
# rm -f /usr/local/koko/data/keys/.access_key
删除guacamole对应的key:
# rm -f /data/guacamole/keys/jumpserver.key