从1.3.1升级到最新版本1.5.6(0.x版本不支持升级)
分2步进行,先从1.3.1升级到1.4.4,再从1.4.4升级到最新版本
新版本jumpserver要求mysql版本>=5.6
官网升级文档地址:
https://docs.jumpserver.org/zh/docs/upgrade.html#id2
一、从1.3.1升级到1.4.4
信息说明:
jumpserver,python虚拟环境py3,luna,coco均位于/opt目录下
1.检查数据库表结构是否完整
$ cd /opt/jumpserver/apps
$ for d in $(ls); do if [ -d $d ] && [ -d $d/migrations ]; then ll ${d}/migrations/*.py | grep -v __init__.py; fi; done
新开一个终端, 连接到 jumpserver 的数据库服务器
$ mysql -uroot -p
> use jumpserver;
> select app, name from django_migrations where app in('assets', 'audits', 'common', 'ops', 'orgs', 'perms', 'terminal', 'users') order by app asc;
如果左右对比信息不一致, 通过升级常见问题解决
https://www.jishuchi.com/read/Jumpserver-148/2141
2.备份数据
mysqldump -uroot -pxxx jumpserver > jumpserver.sql
mv /opt/jumpserver /opt/jumpserver_bak
3.下载1.4.4版本的jumpserver安装包:
wget https://github.com/jumpserver/jumpserver/archive/1.4.4.tar.gz
tar xf 1.4.4.tar.gz
mv jumpserver-1.4.4 /opt/jumpserver
进入python虚拟环境
source /opt/py3/bin/activate
还原app下的migrations相关文件
cd /opt/jumpserver_bak/apps
for d in $(ls);do
if [ -d $d ] && [ -d $d/migrations ];then
cp ${d}/migrations/*.py /opt/jumpserver/apps/${d}/migrations/
fi
done
4.安装新版本python依赖库
pip install -r requirements/requirements.txt
处理数据库表
cd utils
sh make_migrations.sh
修改配置文件,将先前jumpserver的配置同步到新的配置文件
cp config_example.py config.py
vim config.py
# SECRET_KEY要与升级前保持一致
SECRET_KEY = os.environ.get('SECRET_KEY') or 'xxxxxxxxxx'
# 根据个人需要修改日志记录等级
LOG_LEVEL = os.environ.get("LOG_LEVEL") or 'WARNING'
# 注释掉sqlite配置
# DB_ENGINE = 'sqlite3'
# DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
# 配置mysql相关参数
DB_ENGINE = os.environ.get("DB_ENGINE") or 'mysql'
DB_HOST = os.environ.get("DB_HOST") or '127.0.0.1'
DB_PORT = os.environ.get("DB_PORT") or 3306
DB_USER = os.environ.get("DB_USER") or 'jumpserver'
DB_PASSWORD = os.environ.get("DB_PASSWORD") or 'xxxxxx'
DB_NAME = os.environ.get("DB_NAME") or 'jumpserver'
5.升级前版本小于1.4.0的执行此步骤
sh 2018_07_15_set_win_protocol_to_ssh.sh
如果升级前版本小于1.1.0,执行此步骤
sh 2018_04_11_migrate_permissions.sh
看清楚自己的版本,不要2个脚本都执行
启动jumpserver
./jms start -d
二、升级到最新版本(如果想就此停止升级,使用当前版本,还需要修改nginx访问配置,详见官网)
1.停掉jumpserver,备份数据
./jms stop
mysqldump -uroot -pxxx jumpserver > jumpserver_1-4.sql
mv /opt/jumpserver /opt/jumpserver_1.4
2.下载最新版本jumpserver
wget https://github.com/jumpserver/jumpserver/archive/master.zip
unzip master.zip
mv jumpserver-master /opt/jumpserver
修改配置文件,同步配置
cd /opt/jumpserver
cp config_example.yml config.yml
# 密钥与原版本保持一致
SECRET_KEY: ‘xxxxxxxxxx’
# 预共享Token coco和guacamole用来注册服务账号,不在使用原来的注册接受机制,随机生成,后面部署的koko需要用到
BOOTSTRAP_TOKEN: 'Tddb8ytKl33fqc3Rb3aHQZZOM4L1WpZ4KuR6fmiPgOUMZLyA7'
# 日志级别
LOG_LEVEL: WARNING
# 浏览器Session过期时间,默认24小时, 也可以设置浏览器关闭则过期
SESSION_COOKIE_AGE: 7200
SESSION_EXPIRE_AT_BROWSER_CLOSE: true
# 使用Mysql作为数据库
DB_ENGINE: mysql
DB_HOST: '127.0.0.1'
DB_PORT: 3306
DB_USER: 'jumpserver'
DB_PASSWORD: 'xxxxxx'
DB_NAME: 'jumpserver'
安装新版本python依赖库
pip install wheel
pip install -r requirements/requirements.txt
3.修改数据库表结构处理脚本(修改数据库用户、数据库名及添加密码)
cd utils
(py3) [root@svn_jumper utils]# vim 1.4.4_to_1.4.5_migrations.sh
#!/bin/bash
#
host=127.0.0.1
port=3306
username=jumpserver
db=jumpserver
password='Jumper1689Ln'
echo "备份原来的 migrations"
mysqldump -u${username} -h${host} -P${port} -p${password} ${db} django_migrations > django_migrations.sql.bak
ret=$?
if [ ${ret} == "0" ];then
echo "开始使用新的migrations文件"
mysql -u${username} -h${host} -P${port} -p${password} ${db} < django_migrations.sql
else
echo "Not valid"
fi
执行脚本
sh 1.4.4_to_1.4.5_migrations.sh
启动jumpserver
cd …/
./jms start -d
4.coco升级
wget https://github.com/jumpserver/koko/releases/download/1.5.6/koko-master-linux-amd64.tar.gz
tar xf koko-master-linux-amd64.tar.gz
mv kokodir /opt/koko
修改koko配置文件
cp config_example.yml config.yml
vim config.yml
# Bootstrap Token, 预共享秘钥, 用来注册coco使用的service account和terminal
# 请和jumpserver 配置文件中保持一致,注册完成后可以删除
BOOTSTRAP_TOKEN: ‘xxxxxxxxxx’
# 设置日志级别 [DEBUG, INFO, WARN, ERROR, FATAL, CRITICAL]
LOG_LEVEL: WARN
启动软件
./koko -d
5.luna升级
mv /opt/luna /opt/luna_bak
下载最新luna包,直接替换
wget https://github.com/jumpserver/luna/releases/download/1.5.6/luna.tar.gz
mv luna /opt/luna
6.修改nginx配置文件,重启nginx
server {
listen 80;
client_max_body_size 100m; # 录像及文件上传大小限制
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
}
location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /ws/ {
proxy_pass http://localhost:8070;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
访问jumpserver
右下角版本显示为1.5.6,终端管理显示新插件koko