linux-jumpserver
1、关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
修改/etc/selinux/config 文件
将SELINUX=enforcing改为SELINUX=disabled
2、同步时钟
centos7:
date
yum install ntpdate -y
timedatectl set-timezone Asia/Shanghai
ntpdate ntp1.aliyun.com
systemctl enable ntpdate
centos 8:
date
dnf install -y chrony
vi /etc/chrony.conf
注释#pool 2.centos.pool.ntp.org iburst,并增加server ntp.aliyun.com iburst 和 server cn.ntp.org.cn iburst
systemctl restart chronyd.service
重启chrony服务
chronyc sources -v
查看是否连接网络时钟
3、更改主机名
hostnamectl set-hostname jumpserver
4、备份yum源及更新yum源(centos 8已经更新,无需操作)
yum install wget
先安装下载命令
mkdir /etc/yum.repos.d/bak
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/
备份yum源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all
yum makecache
清楚缓存,重写建立yum仓库,更新yum源
5、初始化工具
yum install -y bash-completion vim lrzsz wget expect net-tools nc nmap tree dos2unix htop iftop iotop unzip telnet sl psmisc nethogs glances bc ntpdate openldap-devel gcc zlib zlib-devel
初始化工具
centos 8:
安装htop
yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
yum install htop
安装iftop
先安装yum install epel-release
yum install iftop
安装sl
yum -y install sl
安装nethogs
yum -y install nethogs
安装glances
yum -y install glances
6、适配中文字符
echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf
重启生效
ls --help
看到中文表示修改成功
reboot
重启
7、centos8支持一键部署jumpserver
curl -sSL https://github.com/jumpserver/jumpserver/releases/download/v2.27.0/quick_start.sh | bash
2.27版本
curl -sSL https://resource.fit2cloud.com/jumpserver/jumpserver/releases/latest/download/quick_start.sh | bash
3.6.2版本
cd /opt/jumpserver-installer*
./jmstl.sh start
执行安装
安装完成打开http://local即可
--------------------------------------------------以下是centos7一步步安装过程-------------------------------------------------------------------------------
7、centos7卸除自带数据库,安装mysql
rpm -qa | grep mariadb
rpm -e --nodeps mariadb-libs-5.5.60-1.el7-5.x86_64 #卸载完查看还有没有mariadb
卸除源数据库
cd /opt
wget http://dev.mysql.com/get/mysql-5.7.26-1.el8.x86_64.rpm-bundle.tar
tar -xvf mysql-5.7.26-1.el7.x86_64.rpm-bundle.tar
下载mysql
mkdir mysql
mv mysql-community*.rpm mysql
cd mysql
rpm -ivh mysql-community-common-5.7.26-1.el7.x86_64.rpm
rpm -ivh mysql-community-libs-5.7.26-1.el7.x86_64.rpm
rpm -ivh mysql-community-client-5.7.26-1.el7.x86_64.rpm
rpm -ivh mysql-community-server-5.7.26-1.el7.x86_64.rpm
如提示
/usr/bin/perl 被 mysql-community-server-5.7.26-1.el7.x86_64 需要
perl(Getopt::Long) 被 mysql-community-server-5.7.26-1.el7.x86_64 需要
perl(strict) 被 mysql-community-server-5.7.26-1.el7.x86_64 需要
输入命令:
sudo yum install perl perl-Getopt-Long perl-strict
rpm -ivh mysql-community-devel-5.7.26-1.el7.x86_64.rpm
安装
systemctl start mysqld
启动数据库
systemctl enable mysqld
设置开机启动
grep 'temporary password' /var/log/mysqld.log
查看初始密码
修改mysql密码
mysql -u root -p
set global validate_password_length=6;
set global validate_password_mixed_case_count=0;
set global validate_password_special_char_count=0;
set password for 'root'@'localhost' =password('yz123456');
flush privileges;create database jumpserver default charset 'utf8' collate 'utf8_bin';
create user 'jumpserver'@'%' IDENTIFIED BY 'yz123456';
grant all privileges on root.* to 'jumpserver'@'%' identified by 'yz123456';
grant all privileges on jumpserver.* to 'jumpserver'@'%' identified by 'yz123456';
show variables like 'validate_password%';
数据库配置
cd /opt
wget https://www.python.org/ftp/python/3.6.10/Python-3.6.10.tgz
tar -xvf Python-3.6.10.tgz
yum install -y openssl openssl-devel
cd Python-3.6.10
./configure --prefix=/usr/local/python3.6
make -j3 && make install
echo "PATH="/usr/local/python3.6/bin:$PATH"" >> /etc/profile
#添加环境
source /etc/profile
安装python
python3.6
确认python3.6能进入
mkdir /root/.pip
touch /root/.pip/pip.conf
vim /root/.pip/pip.conf
#########将下面的内容写入###########
[global]
index-url = https://mirrors.aliyun.com/pypi/simple/
pip3 install virtualenv
cd /usr/local
virtualenv --python=python3 jmp_venvl
安装python虚拟环境
source /usr/local/jmp_venvl/bin/activate
#刷新环境,可以进去python虚拟环境,进入后终端会有jmp_venvl标识deactivate #退出当前的虚拟环境/切换回物理真实环境
deactivate
退出虚拟环境
安装redis
yum -y install redis
systemctl start redis
systemctl enable redis
redis-cli
#验证
[root@jumpserver ~]# redis-cli
127.0.0.1:6379> ping
PONG #返回PONG证明可以正常启动
wget https://github.com/jumpserver/jumpserver/releases/download/v2.1.0/jumpserver-v2.1.0.tar.gz
tar -zxvf jumpserver-v2.1.0.tar.gz
ln -s /opt/jumpserver-v2.1.0 jumpserver
安装jumpserver
yum install -y bash-completion vim lrzsz wget expect net-tools nc nmap tree dos2unix htop iftop iotop unzip telnet sl psmisc nethogs glances bc ntpdate openldap-devel
安装依赖包
cd /opt/jumpserver/requirements/
cat /opt/jumpserver/requirements/requirements.txt
source /usr/local/jmp_venvl/bin/activate
pip3 install -r /opt/jumpserver/requirements/requirements.txt
deactivate
安装python虚拟环境下的py模块
#获取SECRET_KEY
if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` ; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi
if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi
cd /opt/jumpserver
cp config_example.yml config.yml #example是配置文件模板,真正生效的配置文件是config.yml
vim config.yml#将刚刚两个密钥填入,并填一下数据库密码"Zsfy@2019"
f8BlHuKUmxEdsVM1szudIRCz5UFbXMjhl8khQpyE7p7fOUXVWx
f8BlHuKUmxEdsVM1szudIRCz5UFbXMjhl8khQpyE7p7fOUXVWx
m8DvNW5vDGJrMwsN
m8DvNW5vDGJrMwsN
egrep -v "^#|^$" config.yml
查看信息是否正确
数据迁移
mysql -u root -p
注:前面已经对数据库进行密码修改
show databases
use jumpserver
进入jumpserver
show tables;
查看表格
source /usr/local/jmp_venvl/bin/activate
cd /opt/jumpserver/apps
python3 /opt/jumpserver/apps/manage.py makemigrations
#显示浅蓝色字体表示成功
python3 /opt/jumpserver/apps/manage.py migrate
#显示多张表导入成功并有OK字样deactivate
导入后检查
mysql -u root -p
show databases;
use jumpserver
show tables;
启动jumpserver
cd /opt/jumpserver
/opt/jumpserver/jms start -d #-d表示后台运行 start|stop|restart|status