jumpserver——脚本安装
CentOS Linux release 7.7.1908 (Core) 3.10.0-1062.4.1.el7.x86_64
Initialize(){ yum update -y systemctl start firewalld firewall-cmd --zone=public --add-port=80/tcp --permanent # nginx 端口 firewall-cmd --zone=public --add-port=2222/tcp --permanent # 用户SSH登录端口 coco --permanent 永 firewall-cmd --reload # 重新载入规则 setenforce 0 sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config } install_redis(){ # 安装 Redis, Jumpserver 使用 Redis 做 cache 和 celery broke yum -y install wget gcc epel-release git yum -y install redis systemctl enable redis systemctl start redis } install_mariadb(){ # 安装 MySQL, 如果不使用 Mysql 可以跳过相关 Mysql 安装和配置, 支持sqlite3, mysql, postgres等 yum -y install mariadb mariadb-devel mariadb-server MariaDB-shared systemctl enable mariadb systemctl start mariadb DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24` echo -e "\033[31m 你的数据库密码是 $DB_PASSWORD \033[0m" #创建数据库 Jumpserver 并授权 mysql -uroot -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'j } install_nginx(){ #安装 Nginx, 用作代理服务器整合 Jumpserver 与各个组件 yum -y install nginx systemctl enable nginx cat >/etc/nginx/nginx.conf <<EOF user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" ' '\$status \$body_bytes_sent "\$http_referer" ' '"\$http_user_agent" "\$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; include /etc/nginx/conf.d/*.conf; } EOF } install_python36(){ yum -y install python36 python36-devel cd /opt #配置并载入 Python3 虚拟环境 python3.6 -m venv py3 #py3 为虚拟环境名称, 可自定义 source /opt/py3/bin/activate # 退出虚拟环境可以使用 deactivate 命令 } ##看到下面的提示符代表成功, 以后运行 Jumpserver 都要先运行以上 source 命令, 载入环境后默认以下所有命令均 #(py3) [root@localhost py3] install_jumpserver(){ cd /opt/ git clone https://github.com/jumpserver/jumpserver.git cd /opt/jumpserver git checkout 1.5.2 yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt) #安装 Python 库依赖 pip3 install --upgrade pip setuptools pip3 install -r /opt/jumpserver/requirements/requirements.txt } jumpserver_config(){ # 修改 Jumpserver 配置文件 cd /opt/jumpserver cp config_example.yml config.yml # SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` # echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc # BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16` # echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/ju sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m" echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m" cd /opt/jumpserver ./jms start -d } install_docker(){ yum install -y yum-utils device-mapper-persistent-data lvm2 yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo yum makecache fast rpm --import https://mirrors.aliyun.com/docker-ce/linux/centos/gpg yum -y install docker-ce systemctl enable docker curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io systemctl restart docker firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="172.17.0.0/16" port pr firewall-cmd --reload } run_docker(){ Server_IP="192.168.31.25" echo -e "\033[31m 你的服务器IP是 $Server_IP \033[0m" docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOT docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOT } install_luna(){ cd /opt wget https://github.com/jumpserver/luna/releases/download/1.5.2/luna.tar.gz tar xf luna.tar.gz chown -R root:root luna } jumpsever_nginx_config(){ rm -rf /etc/nginx/conf.d/default.conf cat >/etc/nginx/conf.d/jumpserver.conf <<EOF server { listen 80; client_max_body_size 100m; # 录像及文件上传大小限制 location /luna/ { try_files \$uri / /index.html; alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改 } location /media/ { add_header Content-Encoding gzip; root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改 } location /static/ { root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改 } location /socket.io/ { proxy_pass http://localhost:5000/socket.io/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header Host \$host; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; access_log off; } location /coco/ { proxy_pass http://localhost:5000/coco/; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header Host \$host; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; access_log off; } location /guacamole/ { proxy_pass http://localhost:8081/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade \$http_upgrade; proxy_set_header Connection \$http_connection; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header Host \$host; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; access_log off; } location / { proxy_pass http://localhost:8080; proxy_set_header X-Real-IP \$remote_addr; proxy_set_header Host \$host; proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; } } EOF } enable_start(){ #jumpserver cat > /usr/lib/systemd/system/jms.service <<EOF [Unit] Description=jms After=network.target mariadb.service redis.service docker.service Wants=mariadb.service redis.service docker.service [Service] Type=forking Environment="PATH=/opt/py3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin" ExecStart=/opt/jumpserver/jms start all -d ExecReload= ExecStop=/opt/jumpserver/jms stop [Install] WantedBy=multi-user.target EOF #start cat > /opt/start_jms.sh <<EOF #!/bin/bash set -e export LANG=zh_CN.UTF-8 systemctl start jms docker start jms_coco docker start jms_guacamole exit 0 EOF #stop cat >/opt/stop_jms.sh <<EOF #!/bin/bash set -e export LANG=zh_CN.UTF-8 docker stop jms_coco docker stop jms_guacamole systemctl stop jms exit 0 EOF chmod +x /etc/rc.d/rc.local if [ "$(cat /etc/rc.local | grep start_jms.sh)" == "" ]; then echo "sh /opt/start_jms.sh" >> /etc/rc.local fi } main(){ SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16` echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc Initialize install_redis install_mariadb install_nginx install_python36 install_jumpserver jumpserver_config install_docker install_luna jumpsever_nginx_config run_docker enable_start nginx -t systemctl start nginx }
https://jumpserver.readthedocs.io/zh/latest/setup_by_centos7.html 官方文档