jumpserver环境搭建
# setenforce 0 # systemctl stop firewalld //修改字符集 # localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 # export LC_ALL=zh_CN.UTF-8 # echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf # yum install -y wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git # wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz # tar xf Python-3.6.1.tar.xz # cd Python-3.6.1 # ./configure && make && make install # cd /opt # python3 -m venv py3 # source /opt/py3/bin/activate //克隆(下载) # git clone git://github.com/kennethreitz/autoenv.git # echo 'source /opt/autoenv/activate.sh' >> ~/.bashrc # source ~/.bashrc
2.下载jumpserver
# git clone https://github.com/umpserver/jumpserver.git && cd jumpserver && gitcheckout master
3.安装所需的python modules
# cd jumpserver # echo "source /opt/py3/bin/activate" > /opt/jumpserver/.env # cd requirements/ (y/N)y requirements]# yum -y install $(cat rpm_requirements.txt) # pip install --upgrade pip # pip install -r requirements.txt
4.安装redis
# yum -y install redis # systemctl enable redis # systemctl start redis
5.安装MySQL
# yum -y install mariadb mariadb-devel mariadb-server # systemctl enable mariadb # systemctl start mariadb # mysql > create database jumpserver default charset 'utf8'; 建库,修改字符集 > grant all on jumpserver.* to 'jumpserveradmin'@'127.0.0.1' identified by 'jumpserverpwd'; > flush privileges; //刷新 > \q
6.配置jumpserver
官方地址:https://docs.jumpserver.org/zh/master/
官方使用步骤:https://jumpserver.readthedocs.io/zh/master/setup_by_centos7.html
手册:https://jumpserver.readthedocs.io/zh/master/quick_start.html
https://jumpserver.readthedocs.io/zh/master/admin-guide/quick_start/
requirements]# pwd /opt/jumpserver/requirements jumpserver]# cd .. # cp config_example.yml config.yml # SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 |head -c 50` # echo $SECRET_KEY //50位字符 # echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc # BOOTSTARP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 |head -c 16` # echo $BOOTSTARP_TOKEN # echo "BOOTSTARP_TOKEN=$BOOTSTARP_TOKEN" >> ~/.bashrc # tail -2 ~/.bashrc # sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml # sed -i "s/BOOTSTARP_TOKEN:/BOOTSTARP_TOKEN: $BOOTSTARP_TOKEN/g" /opt/jumpserver/config.yml # sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml # sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml # sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml # sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml # echo -e "\033[31m 你的SECRET_KEY是SECRET_KEY \033[0m" # echo -e "\033[31m 你的BOOTSTARP_TOKEN是BOOTSTARP_TOKEN \033[0m" # vim /opt/jumpserver/config.yml 改 DB_USER: jumpserveradmin DB_PASSWORD: jumpserverpwd
7.启动/关闭jumpserver
(py3)[root@xxx jumpserver]# ./jms start (py3)[root@xxx jumpserver]# ./jms stop (py3)[root@xxx jumpserver]# ./jms start -d //后台运行
8.部署KOKO
支持终端管理,默认port为2222
# cd # systemctl start docker # ip a 192.168.1.2 # Server_IP=192.168.1.2 # echo $BOOTSTARP_TOKEN # BOOTSTARP_TOKEN=复制上一行的16位字符 # docker run --name jms_koko -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTARP_TOKEN=$BOOTSTARP_TOKEN jumpserver/jms_koko:1.5.5 # docker images
9.部署guacamole
基于HTML5和JavaScript的VNC查看器
# docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTARP_TOKEN=$BOOTSTARP_TOKEN jumpserver/jms_guacamole:1.5.5 # docker images
10.部署luna
与nginx结合支持Web Termina前端
# cd /opt # wget https://github.com/jumpserver/luna/releases/download/1.5.5/luna.tar.gz # tar xf luna.tar.gz # chown -R root:root luna
11.配置nginx
# yum -y install gcc make zlib-devel pcre pcre-devel openssl-devel # cd /tmp //或rz # wget http://nginx.org/download/nginx-1.18.0.tar.gz # tar xf nginx-1.18.0.tar.gz # cd nginx-1.18 # ./configure --prefix=/usr/local/nginx && make && make install # cd /usr/local/nginx/conf/ # mkdir conf.d # cd conf.d # vi jumpserver.conf 看图 # /usr/local/nginx/sbin/nginx -t # pwd /usr/local/nginx/conf/conf.d # cd .. # vim nginx.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; include /usr/local/nginx/conf/conf.d/*.conf; //添加此行 } # grep -Pv "^($| *#)" nginx.conf # /usr/local/nginx/sbin/nginx -s reload
配置若有遗漏或错误,请评论留言。