jumpserver——脚本安装

CentOS Linux release 7.7.1908 (Core)
3.10.0-1062.4.1.el7.x86_64
Initialize(){
    yum update -y
    systemctl start firewalld
    firewall-cmd --zone=public --add-port=80/tcp --permanent  # nginx 端口
    firewall-cmd --zone=public --add-port=2222/tcp --permanent  # 用户SSH登录端口 coco  --permanent  永
    firewall-cmd --reload  # 重新载入规则
    setenforce 0
    sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
}


install_redis(){
# 安装 Redis, Jumpserver 使用 Redis 做 cache 和 celery broke
    yum -y install wget gcc epel-release git
    yum -y install redis
    systemctl enable redis
    systemctl start redis
}


install_mariadb(){
# 安装 MySQL, 如果不使用 Mysql 可以跳过相关 Mysql 安装和配置, 支持sqlite3, mysql, postgres等
    yum -y install mariadb mariadb-devel mariadb-server MariaDB-shared
    systemctl enable mariadb
    systemctl start mariadb
    DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`
    echo -e "\033[31m 你的数据库密码是 $DB_PASSWORD \033[0m"
#创建数据库 Jumpserver 并授权
    mysql -uroot -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'j
}


install_nginx(){
#安装 Nginx, 用作代理服务器整合 Jumpserver 与各个组件
    yum -y install nginx
    systemctl enable nginx
    
    cat >/etc/nginx/nginx.conf <<EOF
    user nginx;
    worker_processes auto;
    error_log /var/log/nginx/error.log;
    pid /run/nginx.pid;
    include /usr/share/nginx/modules/*.conf;
    events {
        worker_connections 1024;
    }
    http {
        log_format  main  '\$remote_addr - \$remote_user [\$time_local] "\$request" '
                          '\$status \$body_bytes_sent "\$http_referer" '
                          '"\$http_user_agent" "\$http_x_forwarded_for"';
        access_log  /var/log/nginx/access.log  main;
        sendfile            on;
        tcp_nopush          on;
        tcp_nodelay         on;
        keepalive_timeout   65;
        types_hash_max_size 2048;
        include             /etc/nginx/mime.types;
        default_type        application/octet-stream;
        include /etc/nginx/conf.d/*.conf;
    }
EOF

}


install_python36(){
    yum -y install python36 python36-devel
    cd /opt
#配置并载入 Python3 虚拟环境
    python3.6 -m venv py3 #py3 为虚拟环境名称, 可自定义
    source /opt/py3/bin/activate # 退出虚拟环境可以使用 deactivate 命令
}
##看到下面的提示符代表成功, 以后运行 Jumpserver 都要先运行以上 source 命令, 载入环境后默认以下所有命令均
#(py3) [root@localhost py3]

install_jumpserver(){
    cd /opt/
    git clone https://github.com/jumpserver/jumpserver.git
    cd /opt/jumpserver
    git checkout 1.5.2
    yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt)
#安装 Python 库依赖
    pip3 install --upgrade pip setuptools
    pip3 install -r /opt/jumpserver/requirements/requirements.txt
    
}


jumpserver_config(){
# 修改 Jumpserver 配置文件
    cd /opt/jumpserver
    cp config_example.yml config.yml
#    SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
#    echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
#    BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
#    echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
    
    sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
    sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
    sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
    sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
    sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/ju
    sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
    
    echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"
    echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"
    
    cd /opt/jumpserver
    ./jms start -d 
    
}


install_docker(){
    yum install -y yum-utils device-mapper-persistent-data lvm2
    yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
    yum makecache fast
    rpm --import https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
    yum -y install docker-ce
    systemctl enable docker
    curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
    systemctl restart docker
    
    
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="172.17.0.0/16" port pr
     firewall-cmd --reload
}


run_docker(){
    
    Server_IP="192.168.31.25"
    echo -e "\033[31m 你的服务器IP是 $Server_IP \033[0m"
    docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOT
    docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOT
    
}


install_luna(){
    cd /opt
    wget https://github.com/jumpserver/luna/releases/download/1.5.2/luna.tar.gz
    tar xf luna.tar.gz
    chown -R root:root luna
}


jumpsever_nginx_config(){
    rm -rf /etc/nginx/conf.d/default.conf
    
    cat >/etc/nginx/conf.d/jumpserver.conf <<EOF
    server {
        listen 80;
    
        client_max_body_size 100m;  # 录像及文件上传大小限制
    
        location /luna/ {
            try_files \$uri / /index.html;
            alias /opt/luna/;  # luna 路径, 如果修改安装目录, 此处需要修改
        }
    
        location /media/ {
            add_header Content-Encoding gzip;
            root /opt/jumpserver/data/;  # 录像位置, 如果修改安装目录, 此处需要修改
        }
    
        location /static/ {
            root /opt/jumpserver/data/;  # 静态资源, 如果修改安装目录, 此处需要修改
        }
    
        location /socket.io/ {
            proxy_pass       http://localhost:5000/socket.io/;
            proxy_buffering off;
            proxy_http_version 1.1;
            proxy_set_header Upgrade \$http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header X-Real-IP \$remote_addr;
            proxy_set_header Host \$host;
            proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
            access_log off;
        }
    
        location /coco/ {
            proxy_pass       http://localhost:5000/coco/;
            proxy_set_header X-Real-IP \$remote_addr;
            proxy_set_header Host \$host;
            proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
            access_log off;
        }
    
        location /guacamole/ {
            proxy_pass       http://localhost:8081/;
            proxy_buffering off;
            proxy_http_version 1.1;
            proxy_set_header Upgrade \$http_upgrade;
            proxy_set_header Connection \$http_connection;
            proxy_set_header X-Real-IP \$remote_addr;
            proxy_set_header Host \$host;
            proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
            access_log off;
        }
    
        location / {
            proxy_pass http://localhost:8080;
            proxy_set_header X-Real-IP \$remote_addr;
            proxy_set_header Host \$host;
            proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        }
    }
EOF
}


enable_start(){
    #jumpserver
    cat > /usr/lib/systemd/system/jms.service <<EOF
    [Unit]
    Description=jms
    After=network.target mariadb.service redis.service docker.service
    Wants=mariadb.service redis.service docker.service
    
    [Service]
    Type=forking
    Environment="PATH=/opt/py3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin"
    ExecStart=/opt/jumpserver/jms start all -d
    ExecReload=
    ExecStop=/opt/jumpserver/jms stop
    
    [Install]
    WantedBy=multi-user.target
EOF
    
    #start
    cat > /opt/start_jms.sh <<EOF
    #!/bin/bash
    set -e
    
    export LANG=zh_CN.UTF-8
    
    systemctl start jms
    docker start jms_coco
    docker start jms_guacamole
    
    exit 0
EOF
    
    #stop
    cat >/opt/stop_jms.sh <<EOF
    #!/bin/bash
    set -e
    
    export LANG=zh_CN.UTF-8
    
    docker stop jms_coco
    docker stop jms_guacamole
    systemctl stop jms
    
    exit 0
EOF
    
    chmod +x /etc/rc.d/rc.local
    if [ "$(cat /etc/rc.local | grep start_jms.sh)" == "" ]; then
         echo "sh /opt/start_jms.sh" >> /etc/rc.local
    fi

}


main(){
    SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
    echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
    BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
    echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc

    Initialize
    install_redis
    install_mariadb
    install_nginx
    install_python36
    install_jumpserver
    jumpserver_config
    install_docker
    install_luna
    jumpsever_nginx_config
    run_docker
    enable_start
    nginx -t 
    systemctl start nginx
}

https://jumpserver.readthedocs.io/zh/latest/setup_by_centos7.html  官方文档

 

 

posted @ 2019-11-11 08:29  linux——quan  阅读(401)  评论(0编辑  收藏  举报