jumpserver环境搭建

jumpserver环境配置及下载

1.环境配置

# setenforce 0
# systemctl stop firewalld
​
//修改字符集
# localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
# export LC_ALL=zh_CN.UTF-8
# echo 'LANG="zh_CN.UTF-8"'  > /etc/locale.conf
​
# yum install -y  wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git
# wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz
# tar xf Python-3.6.1.tar.xz
# cd Python-3.6.1
# ./configure && make && make install
# cd /opt
# python3 -m venv py3
# source /opt/py3/bin/activate
//克隆(下载)
# git clone git://github.com/kennethreitz/autoenv.git
# echo 'source /opt/autoenv/activate.sh' >> ~/.bashrc
# source ~/.bashrc

  

2.下载jumpserver

# git clone https://github.com/umpserver/jumpserver.git && cd jumpserver && gitcheckout master

3.安装所需的python modules

# cd jumpserver
# echo "source /opt/py3/bin/activate" > /opt/jumpserver/.env
# cd requirements/
(y/N)y
requirements]# yum -y install $(cat rpm_requirements.txt)
# pip install --upgrade pip
# pip install -r requirements.txt

4.安装redis

# yum -y install redis
# systemctl enable redis
# systemctl start redis

5.安装MySQL

# yum -y install mariadb mariadb-devel mariadb-server
# systemctl enable mariadb
# systemctl start mariadb
# mysql
> create database jumpserver default charset 'utf8';    建库,修改字符集
​
> grant all on jumpserver.* to 'jumpserveradmin'@'127.0.0.1' identified by 'jumpserverpwd';
> flush privileges;     //刷新
> \q

6.配置jumpserver

官方地址:https://docs.jumpserver.org/zh/master/

官方使用步骤:https://jumpserver.readthedocs.io/zh/master/setup_by_centos7.html

手册:https://jumpserver.readthedocs.io/zh/master/quick_start.html

https://jumpserver.readthedocs.io/zh/master/admin-guide/quick_start/

requirements]# pwd
/opt/jumpserver/requirements
jumpserver]# cd ..
# cp config_example.yml config.yml
​
# SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 |head -c 50`
# echo $SECRET_KEY
//50位字符
# echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
​
# BOOTSTARP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 |head -c 16`
# echo $BOOTSTARP_TOKEN
# echo "BOOTSTARP_TOKEN=$BOOTSTARP_TOKEN" >> ~/.bashrc
# tail -2 ~/.bashrc
​
# sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
# sed -i "s/BOOTSTARP_TOKEN:/BOOTSTARP_TOKEN: $BOOTSTARP_TOKEN/g" /opt/jumpserver/config.yml
# sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
# sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
# sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
# sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
​
# echo -e "\033[31m 你的SECRET_KEY是SECRET_KEY \033[0m"
# echo -e "\033[31m 你的BOOTSTARP_TOKEN是BOOTSTARP_TOKEN \033[0m"
# vim /opt/jumpserver/config.yml        改
DB_USER: jumpserveradmin
DB_PASSWORD: jumpserverpwd

  

7.启动/关闭jumpserver

(py3)[root@xxx jumpserver]# ./jms start
(py3)[root@xxx jumpserver]# ./jms stop
(py3)[root@xxx jumpserver]# ./jms start -d      //后台运行

8.部署KOKO

支持终端管理,默认port为2222

# cd
# systemctl start docker
# ip a
192.168.1.2
# Server_IP=192.168.1.2
# echo $BOOTSTARP_TOKEN
# BOOTSTARP_TOKEN=复制上一行的16位字符
# docker run --name jms_koko -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTARP_TOKEN=$BOOTSTARP_TOKEN jumpserver/jms_koko:1.5.5
# docker images

  

9.部署guacamole

基于HTML5和JavaScript的VNC查看器

# docker run --name jms_guacamole -d -p 8081:8081  -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTARP_TOKEN=$BOOTSTARP_TOKEN jumpserver/jms_guacamole:1.5.5
# docker images

  

10.部署luna

与nginx结合支持Web Termina前端

# cd /opt
# wget https://github.com/jumpserver/luna/releases/download/1.5.5/luna.tar.gz
# tar xf luna.tar.gz
# chown -R root:root luna

  

11.配置nginx

# yum -y install gcc make zlib-devel pcre pcre-devel openssl-devel
# cd /tmp
//或rz
# wget http://nginx.org/download/nginx-1.18.0.tar.gz
# tar xf nginx-1.18.0.tar.gz
# cd nginx-1.18
# ./configure --prefix=/usr/local/nginx && make && make install

# cd /usr/local/nginx/conf/
# mkdir conf.d
# cd conf.d
# vi jumpserver.conf
看图
# /usr/local/nginx/sbin/nginx -t
# pwd
/usr/local/nginx/conf/conf.d
# cd ..
# vim nginx.conf
worker_processes	1;
events {
	worker_connections	1024;
}
http {
	include			mime.types;
	default_type	application/octet-stream;
	sendfile		on;
	keepalive_timeout	65;
	include /usr/local/nginx/conf/conf.d/*.conf;		//添加此行
}
# grep -Pv "^($| *#)" nginx.conf
# /usr/local/nginx/sbin/nginx -s reload

 

 

posted @ 2021-03-08 23:57  破碎的屋檐  阅读(189)  评论(0编辑  收藏  举报