jumpserver跳板机安装

jumpserver跳板机安装

命令集

####支持中文字符集
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
export LC_ALL=zh_CN.UTF-8
echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf
###  2.2 安装python依赖包
mount /dev/sr0 /media/cdrom
yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git
yum -y install python36 python36-devel
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum -y clean all
yum makecache
yum -y install python36 python36-devel
cd /opt/
python3.6 -m venv py3 
source /opt/py3/bin/activate
cd /opt/
git clone https://github.com/kennethreitz/autoenv.git
echo 'source /opt/autoenv/activate.sh' >> ~/.bashrc 
source ~/.bashrc 
###  安装Jumpserver
cd /opt/
git clone https://github.com/jumpserver/jumpserver.git
echo "source /opt/py3/bin/activate" > /opt/jumpserver/.env
cd jumpserver/
cd /opt/jumpserver/requirements/



yum -y install $(cat rpm_requirements.txt)

pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple
cd ~
mkdir .pip


vim ~/.pip/pip.conf
[global]
index-url=https://mirrors.aliyun.com/pypi/simple
[install]
trusted-host=mirrors.aliyun.com



cd /opt/jumpserver/requirements/
pip install -r requirements.txt
yum -y install redis
systemctl enable redis
systemctl start redis
yum -y install mariadb-devel mariadb-server
systemctl enable mariadb
systemctl start mariadb
DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 |head -c 24`
mysql -uroot -e "create database jumpserver default charset 'utf8';grant all on jumpserver.* to 'jumpserver'@'127.0.0.1'identified by '$DB_PASSWORD';flush privileges;"
cd /opt/jumpserver/
cp config_example.yml config.yml
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc  
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml 
sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml 
sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml 
sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml 
sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml 
sed -i "s/DB_PASSWORD:/DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml 
cd /opt/jumpserver/utils/
bash make_migrations.sh 
cd /opt/jumpserver/
./jms start all -d
### 3.1 安装SSH Server和WebSocket Server:Coco
cd /opt/
source /opt/py3/bin/activate
git clone https://github.com/jumpserver/coco.git
echo "source /opt/py3/bin/activate" > /opt/coco/.env
cd coco/


cd /opt/coco/requirements/
yum -y install $(cat rpm_requirements.txt)
pip install -r requirements.txt
cd /opt/coco/
mkdir keys logs
cp config_example.yml config.yml 
sed -i "s/BOOTSTRAP_TOKEN: <PleasgeChangeSameWithJumpserver>/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/coco/config.yml 
sed -i "s/# LOG_LEVEL: INFO/LOG_LEVEL: ERROR/g" /opt/coco/config.yml 
./cocod start -d
### 4 安装Web Terminal前端：Luna
cd /opt/
wget https://github.com/jumpserver/luna/releases/download/1.4.9/luna.tar.gz
tar xf luna.tar.gz
chown -R root:root luna
###  5 配置Nginx整合各组件
yum -y install yum-utils


vim /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key

yum -y install nginx
cd /etc/nginx/conf.d
rm -rf /etc/nginx/conf.d/default.conf
vim /etc/nginx/conf.d/jumpserver.conf
server {
	listen 80;
	client_max_body_size 100m;
	location /luna/ {
		try_files $uri / /index.html;
		alias /opt/luna/;
	}
	location /media/ {
		add_header Content-Encoding gzip;
		root /opt/jumpserver/data/;
	}
	location /static/ {
		root /opt/jumpserver/data/;
	}
	location /socket.io/ {
		proxy_pass http://localhost:5000/socket.io/;
		proxy_buffering off;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
		proxy_set_header X-Rea