Jumpserver-v3.10.1安装

• Core 组件是 JumpServer 的核心组件，其他组件依赖此组件启动。
• Koko 是服务于类 Unix 资产平台的组件，通过 SSH、Telnet 协议提供字符型连接。
• Lion 是服务于 Windows 资产平台的组件，用于 Web 端访问 Windows 资产。
• XRDP 是服务于 RDP 协议组件，该组件主要功能是通过 JumpServer Client 方式访问 windows 2000、XP 等系统的资产。
• Razor 是服务于 RDP 协议组件，JumpServer Client 默认使用 Razor 组件访问 Windows 资产。
• Magnus 是服务于数据库的组件，用于通过客户端代理访问数据库资产。
• Kael 是服务于 GPT 资产平台的组件，用于纳管 ChatGPT 资产。
• Chen 是服务于数据库的组件，用于通过 Web GUI 方式访问数据库资产。
• Celery 是处理异步任务的组件，用于执行 JumpServer 相关的自动化任务。
• Video 是专门处理 Razor 组件和 Lion 组件产生录像的格式转换工作，将产生的会话录像转化为 MP4 格式。

环境要求

名称	版本	默认字符集	默认字符编码	TLS/SSL
MySQL	>= 5.7	utf8	utf8_general_ci	√
MariaDB	>= 10.6	utf8mb3	utf8mb3_general_ci	√

名称	版本	Sentinel	Cluster	TLS/SSL
Redis	>= 6.0	√	√	√

基础环境

hostnamectl set-hostname jumpserver
systemctl disable firewalld --now && setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
mv /etc/yum.repos.d/CentOS-* /tmp/
curl -o /etc/yum.repos.d/centos.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum install -y vim net-tools wget

安装MySQL

卸载mariadb

[root@jumpserver ~]# yum remove -y mariadb*

添加扩展源

[root@jumpserver ~]# wget https://dev.mysql.com/get/mysql80-community-release-el7-11.noarch.rpm
[root@jumpserver ~]# rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
[root@jumpserver ~]# yum localinstall -y mysql80-community-release-el7-11.noarch.rpm 
[root@jumpserver ~]# yum install -y mysql-community-server

启动服务

[root@jumpserver ~]# systemctl enable mysqld --now
[root@jumpserver ~]# systemctl status mysqld
● mysqld.service - MySQL Server
   Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2024-01-04 04:40:59 CST; 7s ago
     Docs: man:mysqld(8)
           http://dev.mysql.com/doc/refman/en/using-systemd.html
  Process: 1669 ExecStartPre=/usr/bin/mysqld_pre_systemd (code=exited, status=0/SUCCESS)
 Main PID: 1737 (mysqld)
   Status: "Server is operational"
   CGroup: /system.slice/mysqld.service
           └─1737 /usr/sbin/mysqld

Jan 04 04:40:55 jumpserver systemd[1]: Starting MySQL Server...
Jan 04 04:40:59 jumpserver systemd[1]: Started MySQL Server.
[root@jumpserver ~]# mysql -V
mysql  Ver 8.0.35 for Linux on x86_64 (MySQL Community Server - GPL)

获取密码

[root@jumpserver ~]# grep 'password' /var/log/mysqld.log 
2024-01-03T20:40:56.767679Z 6 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: pf!oV)rfO9iq

修改my.cnf

[root@jumpserver ~]# vim /etc/my.cnf
### 在[mysqld]的下方加入
plugin-load-add=validate_password.so
validate-password=FORCE_PLUS_PERMANENT

重启服务

[root@jumpserver ~]# systemctl restart mysqld

修改mysql密码策略

[root@jumpserver ~]# mysql -uroot -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 14
Server version: 8.0.35 MySQL Community Server - GPL

Copyright (c) 2000, 2023, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show variables like 'validate_password%';
+-------------------------------------------------+--------+
| Variable_name                                   | Value  |
+-------------------------------------------------+--------+
| validate_password.changed_characters_percentage | 0      |
| validate_password.check_user_name               | ON     |
| validate_password.dictionary_file               |        |
| validate_password.length                        | 8      |
| validate_password.mixed_case_count              | 1      |
| validate_password.number_count                  | 1      |
| validate_password.policy                        | MEDIUM |
| validate_password.special_char_count            | 1      |
| validate_password_check_user_name               | ON     |
| validate_password_dictionary_file               |        |
| validate_password_length                        | 8      |
| validate_password_mixed_case_count              | 1      |
| validate_password_number_count                  | 1      |
| validate_password_policy                        | MEDIUM |
| validate_password_special_char_count            | 1      |
+-------------------------------------------------+--------+
15 rows in set (0.00 sec)

mysql> set global validate_password.policy=0;
Query OK, 0 rows affected (0.00 sec)

mysql> set global validate_password.length=6;
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> alter user 'root'@'localhost' identified by '000000';
Query OK, 0 rows affected (0.00 sec)

配置权限

mysql> create user root@'%' identified by '000000';
Query OK, 0 rows affected (0.01 sec)

mysql> grant all privileges on *.* to root@'%' with grant option;
Query OK, 0 rows affected (0.00 sec)

mysql> select user, host from mysql.user;
+------------------+-----------+
| user             | host      |
+------------------+-----------+
| root             | %         |
| mysql.infoschema | localhost |
| mysql.session    | localhost |
| mysql.sys        | localhost |
| root             | localhost |
+------------------+-----------+
5 rows in set (0.00 sec)

mysql> create database jumpserver default charset 'utf8';
Query OK, 1 row affected, 1 warning (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)

安装redis

[root@localhost redis-6.0.9]# yum install -y gcc gcc-c++

### 升级gcc版本
[root@localhost redis-6.0.9]# yum -y install centos-release-scl
[root@localhost redis-6.0.9]# yum -y install devtoolset-9-gcc devtoolset-9-gcc-c++ devtoolset-9-binutils
[root@jumpserver redis-6.0.9]# scl enable devtoolset-9 bash
[root@jumpserver redis-6.0.9]# echo "source /opt/rh/devtoolset-9/enable" >> /etc/profile
[root@jumpserver redis-6.0.9]# source /etc/profile

[root@jumpserver ~]# tar -zxvf redis-6.0.9.tar.gz
[root@jumpserver ~]# cd redis-6.0.9
[root@jumpserver redis-6.0.9]# make -j 4
[root@jumpserver redis-6.0.9]# make install PREFIX=/usr/local/redis
[root@jumpserver redis-6.0.9]# cp redis.conf /usr/local/redis/

配置redis

[root@jumpserver ~]# vim /usr/local/redis/redis.conf
bind 192.168.169.202
daemonize yes
appendonly yes

启动服务

[root@jumpserver redis]# ./bin/redis-server ./redis.conf

添加redis服务文件

[root@jumpserver redis]# cat /lib/systemd/system/redis.service 
[Unit]
Description=redis
After=network.target

[Service]
Type=forking
PIDFile=/var/run/redis_6379.pid
ExecStart=/usr/local/redis/bin/redis-server /usr/local/redis/redis.conf
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

[root@jumpserver redis]# touch /var/run/redis_6379.pid
[root@jumpserver redis]# systemctl daemon-reload
[root@jumpserver redis]# systemctl start redis --now
[root@jumpserver redis]# systemctl status redis    
● redis.service - redis
   Loaded: loaded (/usr/lib/systemd/system/redis.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2024-01-04 05:42:42 CST; 1min 7s ago
  Process: 15456 ExecStart=/usr/local/redis/bin/redis-server /usr/local/redis/redis.conf (code=exited, status=0/SUCCESS)
 Main PID: 15457 (redis-server)
   CGroup: /system.slice/redis.service
           └─15457 /usr/local/redis/bin/redis-server 192.168.169.202:6379

Jan 04 05:42:42 jumpserver systemd[1]: Starting redis...
Jan 04 05:42:42 jumpserver systemd[1]: Started redis.

安装jumpserver

[root@jumpserver ~]# tar -zxvf jumpserver-offline-installer-v3.10.1-amd64.tar.gz -C /usr/local/src/
[root@jumpserver jumpserver-offline-installer-v3.10.1-amd64]# ./jmsctl.sh install

配置外部mysql和redis

>>> Install and Configure JumpServer
1. Configure Private Key
SECRETE_KEY:     ZTVjYzRkNTYtZmZhZi1iYzhiLTE5ODAtZjE4MzkwYTNlNzkw
BOOTSTRAP_TOKEN: ZTVjYzRkNTYtZmZhZi1iYzhi
complete

2. Configure Persistent Directory
Do you need custom persistent store, will use the default directory /data/jumpserver? (y/n)  (default n): y

To modify the persistent directory such as logs video, you can select your largest disk and create a directory in it, such as /data/jumpserver
Note: you can not change it after installation, otherwise the database may be lost

Filesystem               Size  Used Avail Use% Mounted on
/dev/mapper/centos-root   17G   16G  1.7G  91% /

Persistent storage directory (default /data/jumpserver): 
complete

3. Configure MySQL
Do you want to use external MySQL? (y/n)  (default n): y
Please enter MySQL server IP (default mysql): 192.168.169.202
Please enter MySQL server port (default 3306):          
Please enter MySQL database name (default jumpserver): 
Please enter MySQL username (default root): 
Please enter MySQL password (no default): 000000
complete

4. Configure Redis
Do you want to use external Redis? (y/n)  (default n): y
Please enter Redis server IP (default redis): 192.168.169.202
Please enter Redis server port (default 6379): 
Please enter Redis password (no default): 
complete

5. Configure External Access
Do you need to customize the JumpServer external port? (y/n)  (default n): n
complete

6. Init JumpServer Database
[+] Building 0.0s (0/0)                                                                                                           docker:default
[+] Running 1/0
 ✔ Container jms_core  Running                                                                                                              0.0s 
2024-01-03 23:16:23 Collect static files
ALLOWED_HOSTS: 
  - localhost
  - core:8080
  - 127.0.0.1
  - 127.0.0.1:8080
  - 127.0.0.1:80
  - localhost:8080
  - localhost:80
  - core:8080
  - core:80
ALLOWED_HOSTS: 
  - localhost
  - core:8080
  - 127.0.0.1
  - 127.0.0.1:8080
  - 127.0.0.1:80
  - localhost:8080
  - localhost:80
  - core:8080
  - core:80

启动服务

[root@jumpserver jumpserver-offline-installer-v3.10.1-amd64]# ./jmsctl.sh start

登录账号/密码：admin/admin

控制台

创建用户