一、系统环境准备
1、查看系统版本
cat /etc/redhat-release // 查看系统版本
CentOS Linux release 7.5.1804 (Core)
uname -a // 查看系统信息
> Linux localhost.localdomain 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20
> 16:44:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
2、关闭selinux和防火墙
getenforce //查看selinux的状态
Disabled // 如果是Enable需要修改为Disabled,命令是“setenforce 0”
systemctl stop firewalld.service
// 关闭防火墙
二、准备Python3和Python虚拟环境
1、安装依赖包
> yum -y install wget vim lrzsz xz gcc git epel-release python-pip
> python-devel mysql-devel automake autoconf sqlite-devel zlib-devel
> openssl-devel sshpass readline-devel
2、编译安装
`yum -y install python36 python36-devel`
// 如果下载速度很慢, 可以换国内源
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum -y install python36 python36-devel
3、建立 Python 虚拟环境
CentOS 7 自带的是 Python2,而 yum 等工具依赖原来的 Python,为了不扰乱原来的环境我们来使用 Python 虚拟环境
cd /opt
python3.6 -m venv py3
source /opt/py3/bin/activate
(py3) [root@localhost opt]# //看到这一行的提示符代表成功,以后运行 Jumpserver 都要先运行以上 source 命令
以下所有命令均在该虚拟环境中运行:
三、安装 Jumpserver
1、下载或 Clone 项目
项目提交较多 git clone 时较大,你可以选择去 Github 项目页面直接下载zip包
(py3) [root@localhost opt]# git clone --depth=1 https://github.com/jumpserver/jumpserver.git
2、安装依赖 RPM 包
(py3) [root@localhost opt]# cd /opt/jumpserver/requirements
(py3) [root@localhost requirements]# yum -y install $(cat rpm_requirements.txt)
//如果下载速度很慢, 可以换国内源
pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/
pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
3、安装python库依赖
(py3) [root@localhost opt]# pip install --upgrade pip setuptools
(py3) [root@localhost opt]# pip install -r requirements.txt
4、安装 Redis, Jumpserver 使用 Redis 做 cache 和 celery broke
(py3) [root@localhost opt]# yum -y install redis
(py3) [root@localhost opt]# systemctl enable redis
(py3) [root@localhost opt]# systemctl start redis
5、安装 MySQL
(py3) [root@localhost opt]# yum -y install mariadb mariadb-devel mariadb-server //centos7下安装的是mariadb
(py3) [root@localhost opt]# systemctl enable mariadb
(py3) [root@localhost opt]# systemctl start mariadb
6、创建数据库 Jumpserver 并授权
(py3) [root@localhost opt]# DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24` // 生成随机数据库密码
(py3) [root@localhost opt]# mysql -uroot -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD'; flush privileges;"
7、修改 Jumpserver 配置文件
(py3) [root@localhost opt]# cd /opt/jumpserver/
(py3) [root@localhost jumpserver]# cp config_example.yml config.yml
(py3) [root@localhost jumpserver]# SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` // 生成随机的SECRET_KEY
(py3) [root@localhost jumpserver]# echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
(py3) [root@localhost jumpserver]# BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16` // 生成随机BOOTSTRAP_TOKEN
(py3) [root@localhost jumpserver]# echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
(py3) [root@localhost jumpserver]# sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
(py3) [root@localhost jumpserver]# sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
(py3) [root@localhost jumpserver]# sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
(py3) [root@localhost jumpserver]# sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
(py3) [root@localhost jumpserver]# sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
(py3) [root@localhost jumpserver]# sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
8、运行 Jumpserver
(py3) [root@jumpserver jumpserver]# cd /opt/jumpserver
(py3) [root@jumpserver jumpserver]# ./jms start all -d // 新版本更新了运行脚本,使用方式./jms start|stop|status|restart all 后台运行请添加 -d 参数
离线安装docker 上传docker压缩包 docker。server和加速包
ls
docker-19.03.9.tgz docker.service
tar zxf docker-19.03.9.tgz
cp docker/* /usr/bin/
chmod +x docker.service
cp docker.service /etc/systemd/system
systemctl daemon-reload
systemctl start docker
8.1. Docker 部署 KoKo 组件
docker run --name jms_koko -d \
-p 2222:2222 \
-p 127.0.0.1:5000:5000 \
-e CORE_HOST=http://192.168.244.144:8080 \
-e BOOTSTRAP_TOKEN=zxffNymGjP79j6BN \
-e LOG_LEVEL=ERROR \
--privileged=true \
--restart=always \
jumpserver/jms_koko:v2.4.0
9.1 Docker 部署 Guacamole 组件
docker run --name jms_guacamole -d \
-p 127.0.0.1:8081:8080 \
-e JUMPSERVER_SERVER=http://192.168.244.144:8080 \
-e BOOTSTRAP_TOKEN=abcdefg1234 \
-e GUACAMOLE_LOG_LEVEL=ERROR \
jumpserver/jms_guacamole:v2.4.0
10. 下载 Lina 组件
cd /opt
wget https://github.com/jumpserver/lina/releases/download/v2.4.0/lina-v2.4.0.tar.gz
tar -xf lina-v2.4.0.tar.gz
mv lina-v2.4.0 lina
chown -R nginx:nginx lina
11. 下载 Luna 组件
cd /opt
wget https://github.com/jumpserver/luna/releases/download/v2.4.0/luna-v2.4.0.tar.gz
tar -xf luna-v2.4.0.tar.gz
mv luna-v2.4.0 luna
chown -R nginx:nginx luna
12. 配置 Nginx 整合各组件
上传nginx.repo yum 安装 nginx
echo > /etc/nginx/conf.d/default.conf
vi /etc/nginx/conf.d/jumpserver.conf
server {
listen 80;
client_max_body_size 100m; # 录像及文件上传大小限制
location /ui/ {
try_files $uri / /index.html;
alias /opt/lina/;
}
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
}
location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /core/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}
nginx -t
nginx -s reload
13. 开始使用 JumpServer(80端口)
****** 至此 安装完毕啦~