Jumpserver堡垒机搭建(脚本自动化)
1 #!/bin/bash 2 # coding: utf-8 3 # Copyright (c) 2018 4 5 set -e #返回值为非0时,退出脚本 6 7 echo "0. 系统的一些配置" 8 setenforce 0 || true 9 systemctl stop iptables.service || true >/dev/null 2>&1 10 systemctl stop firewalld.service || true >/dev/null 2>&1 11 12 localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 13 export LC_ALL=zh_CN.UTF-8 14 echo 'LANG=zh_CN.UTF-8' > /etc/sysconfig/i18n 15 16 echo "1. 备份yum" 17 { 18 for i in /etc/yum.repos.d/*.repo;do cp $i ${i%.repo}.bak;done 19 rm -rf /etc/yum.repos.d/*.repo 20 } || { 21 echo "yum出错,请更换源重新运行" 22 exit 1 23 } 24 25 echo "2. 获取网络yum" 26 { 27 wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/Centos-7.repo >/dev/null 2>&1 28 wget -P /etc/yum.repos.d/ http://mirrors.163.com/.help/CentOS7-Base-163.repo >/dev/null 2>&1 29 yum clean >/dev/null 2>&1 30 yum repolist >/dev/null 2>&1 31 } || { 32 echo "yum出错,请更换源重新运行" 33 exit 1 34 } 35 36 37 echo "3. 安装基本依赖" 38 { 39 yum update -y>/dev/null && yum install wget unzip epel-release nginx sqlite-devel xz gcc automake zlib-devel openssl-devel redis mariadb mariadb-devel mariadb-server supervisor -y >/dev/null 2>&1 40 } || { 41 echo "yum出错,请更换源重新运行" 42 exit 1 43 } 44 45 46 echo "4. 准备python" 47 { 48 cd /opt/ 49 wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz -O /opt/Python-3.6.1.tar.xz >/dev/null 2>&1 50 } || { 51 echo "pyhton 依赖包下载出错,请尝试使用特殊工具进行手工下载https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz ,并且放至于/opt/Python-3.6.1.tar.xz,如您是手工下载,请注释上面wget命令再运行本脚本" 52 exit 1 53 } 54 { 55 tar xf Python-3.6.1.tar.xz && cd Python-3.6.1 && ./configure>/dev/null && make>/dev/null && make install >/dev/null 2>&1 56 } || { 57 echo "解压或编译python出错,请尝试使用上面的命令手工解压或编译,如手工操作成功,请注释上述代码再运行本脚本" 58 exit 1 59 } 60 { 61 python3 -m venv py3 62 } || { 63 echo "建立python虚拟环境出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本" 64 exit 1 65 } 66 67 echo "5. 下载jummpserver包并解压" 68 { 69 wget https://github.com/jumpserver/jumpserver/archive/1.0.0.zip -O /opt/jumpserver.zip >/dev/null 2>&1 70 } || { 71 echo "下载jumpserver包出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本" 72 exit 1 73 } 74 { 75 wget https://github.com/jumpserver/coco/archive/1.0.0.zip -O /opt/coco.zip >/dev/null 2>&1 76 } || { 77 echo "下载coco包出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本" 78 exit 1 79 } 80 { 81 wget https://github.com/jumpserver/luna/releases/download/v1.0.0/luna.tar.gz -O /opt/luna.tar.gz >/dev/null 2>&1 82 } || { 83 echo "下载luna包出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本" 84 exit 1 85 } 86 { 87 cd /opt 88 unzip coco.zip >/dev/null && mv coco-1.0.0 coco && unzip jumpserver.zip >/dev/null && mv jumpserver-1.0.0 jumpserver && tar xzf luna.tar.gz >/dev/null 2>&1 89 } || { 90 echo "解压出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本" 91 exit 1 92 } 93 94 echo "6. 安装yum依赖" 95 { 96 yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt) >/dev/null && yum -y install $(cat /opt/coco/requirements/rpm_requirements.txt) >/dev/null 2>&1 97 } || { 98 echo "安装jumpserver的依赖出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本" 99 exit 1 100 } 101 102 echo "7. 安装pip依赖" 103 { 104 python3 -m venv py3 && \ 105 source /opt/py3/bin/activate && pip install --upgrade pip>/dev/null && pip install -r /opt/jumpserver/requirements/requirements.txt>/dev/null && pip install -r /opt/coco/requirements/requirements.txt >/dev/null 2>&1 106 } || { 107 echo "安装jumpserver的依赖出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本" 108 exit 1 109 } 110 111 echo "8. 创建数据库" 112 mkdir -p /opt/mysql/share/mysql/ 113 { 114 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/mysql_security.sql?raw=true -O /opt/mysql/mysql_security.sql >/dev/null 2>&1 115 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/mysql.cnf?raw=true -O /etc/my.cnf >/dev/null 2>&1 116 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/errmsg.sys?raw=true -O /opt/mysql/share/mysql/errmsg.sys >/dev/null 2>&1 117 } || { 118 echo "下载数据库依赖文件出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本" 119 exit 1 120 } 121 122 echo "9. 准备文件" 123 { 124 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/nginx.conf?raw=true -O /etc/nginx/nginx.conf >/dev/null 2>&1 125 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/supervisord.conf?raw=true -O /etc/supervisord.conf >/dev/null 2>&1 126 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/jumpserver_conf.py?raw=true -O /opt/jumpserver/config.py >/dev/null 2>&1 127 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/coco_conf.py?raw=true -O /opt/coco/conf.py >/dev/null 2>&1 128 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/start_jms.sh?raw=true -O /opt/start_jms.sh >/dev/null 2>&1 129 } || { 130 echo "下载配置文件出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本" 131 exit 1 132 } 133 134 echo "10. 安装docker" 135 yum check-update >/dev/null 2>&1 136 { 137 yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo >/dev/null && yum clean all>/dev/null && yum repolist >/dev/null 2>&1 138 yum -y install epel-release docker-ce >/dev/null 2>&1 139 systemctl start docker 140 tee -a /etc/sysctl.conf <<-EOF 141 net.bridge.bridge-nf-call-ip6tables = 1 142 net.bridge.bridge-nf-call-iptables = 1 143 EOF 144 sysctl -p >/dev/null 2>&1 145 146 tee -a /etc/docker/daemon.json <<-EOF 147 { 148 "registry-mirrors": [ 149 "https://registry.docker-cn.com" 150 ] 151 } 152 EOF 153 } || { 154 echo "安装docker 出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本" 155 exit 1 156 } 157 158 systemctl daemon-reload 159 systemctl restart docker 160 161 162 echo "11. 安装guacamole" 163 host_ip=`python -c "import socket;print([(s.connect(('8.8.8.8', 53)), s.getsockname()[0], s.close()) for s in [socket.socket(socket.AF_INET, socket.SOCK_DGRAM)]][0][1])"` 164 165 docker run --name jms_guacamole -d \ 166 --restart always \ 167 -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \ 168 -e JUMPSERVER_KEY_DIR=/config/guacamole/key \ 169 -e JUMPSERVER_SERVER=http://$host_ip:8080 \ 170 registry.jumpserver.org/public/guacamole:1.0.0 171 172 echo "12. 配置nginx" 173 yum -y install nginx >/dev/null 2>&1 174 cat << EOF > /etc/nginx/conf.d/jumpserver.conf 175 server { 176 listen 80; 177 178 proxy_set_header X-Real-IP $remote_addr; 179 proxy_set_header Host $host; 180 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 181 182 location /luna/ { 183 try_files $uri / /index.html; 184 alias /opt/luna/; 185 } 186 187 location /media/ { 188 add_header Content-Encoding gzip; 189 root /opt/jumpserver/data/; 190 } 191 192 location /static/ { 193 root /opt/jumpserver/data/; 194 } 195 196 location /socket.io/ { 197 proxy_pass http://localhost:5000/socket.io/; # 如果coco安装在别的服务器,请填写它的ip 198 proxy_buffering off; 199 proxy_http_version 1.1; 200 proxy_set_header Upgrade $http_upgrade; 201 proxy_set_header Connection "upgrade"; 202 } 203 204 location /guacamole/ { 205 proxy_pass http://localhost:8081/; # 如果guacamole安装在别的服务器,请填写它的ip 206 proxy_buffering off; 207 proxy_http_version 1.1; 208 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 209 proxy_set_header Upgrade $http_upgrade; 210 proxy_set_header Connection $http_connection; 211 access_log off; 212 } 213 214 location / { 215 proxy_pass http://localhost:8080; # 如果jumpserver安装在别的服务器,请填写它的ip 216 } 217 } 218 219 EOF 220 221 mkdir -p /opt/nginx/log && chmod -R 777 /opt/nginx 222 { 223 systemctl restart nginx 224 systemctl enable nginx 225 } || { 226 service restart nginx 227 } || { 228 nginx -s reload 229 } || { 230 echo "请检查nginx的启动命令" 231 exit 1 232 } 233 234 chmod +x /opt/start_jms.sh 235 echo " 安装完成,请运行/opt/start_jms.sh启动jumpserver"
您的资助是我最大的动力!
金额随意,欢迎来赏!