jumpserver-1.4.0.2

关闭防火墙和selinux

IP：192.168.199.115

一. 准备 Python3 和 Python 虚拟环境

yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git
wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz
tar xvf Python-3.6.1.tar.xz  && cd Python-3.6.1
./configure && make && make install

cd /opt
python3 -m venv py3
source /opt/py3/bin/activate

# 看到下面的提示符代表成功，以后运行 Jumpserver 都要先运行以上 source 命令，以下所有命令均在该虚拟环境中运行
(py3) [root@localhost py3]

二. 安装 Jumpserver 1.0.0

2.1 下载或 Clone 项目

项目提交较多 git clone 时较大，你可以选择去 Github 项目页面直接下载zip包，我是下载安装包之后安装

cd /opt/
#git clone --depth=1 https://github.com/jumpserver/jumpserver.git && cd jumpserver && git checkout master   （从官网下载直接安装）
下载安装包之后把下载的jumpserver-master.zip上传到 /opt目录
unzip jumpserver-master.zip
mv jumpserver-master  jumpserver

2.2 安装依赖 RPM 包
cd /opt/jumpserver/requirements
yum -y install $(cat rpm_requirements.txt)  # 如果没有任何报错请继续

2.3 安装 Python 库依赖

pip install -r requirements.txt  # 不要指定-i参数，因为镜像上可能没有最新的包，如果没有任何报错请继续

2.4 安装 Redis, Jumpserver 使用 Redis 做 cache 和 celery broke

yum -y install redis
systemctl start redis
systemctl enable redis 

2.5 安装 MySQL

yum -y install mariadb mariadb-devel mariadb-server # centos7下安装的是mariadb
systemctl start mariadb
systemctl enable mariadb

2.6 创建数据库 Jumpserver 并授权

$ mysql
> create database jumpserver default charset 'utf8';
> grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'jason_zhang';

2.7 修改 Jumpserver 配置文件

$ cd /opt/jumpserver
$ cp config_example.py config.py
$ vi config.py  # 修改其中 DevelopmentConfig的配置，因为默认jumpserver是使用该配置，它继承自Config

(py3) [root@jason jumpserver]# cat config.py |grep -Ev '^$|^#'
"""
    jumpserver.config
    ~~~~~~~~~~~~~~~~~
    Jumpserver project setting file
    :copyright: (c) 2014-2017 by Jumpserver Team
    :license: GPL v2, see LICENSE for more details.
"""
import os
BASE_DIR = os.path.dirname(os.path.abspath(__file__))
class Config:
    # Use it to encrypt or decrypt data
    # SECURITY WARNING: keep the secret key used in production secret!
    SECRET_KEY = os.environ.get('SECRET_KEY') or '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
    # Django security setting, if your disable debug model, you should setting that
    ALLOWED_HOSTS = ['*']
    # Development env open this, when error occur display the full process track, Production disable it
    DEBUG = os.environ.get("DEBUG") or True
    # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
    LOG_LEVEL = os.environ.get("LOG_LEVEL") or 'DEBUG'
    LOG_DIR = os.path.join(BASE_DIR, 'logs')
    # Database setting, Support sqlite3, mysql, postgres ....
    # See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
    # SQLite setting:
    DB_ENGINE = 'sqlite3'
    DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
    # MySQL or postgres setting like:
    # DB_ENGINE = os.environ.get("DB_ENGINE") or 'mysql'
    # DB_HOST = os.environ.get("DB_HOST") or '127.0.0.1'
    # DB_PORT = os.environ.get("DB_PORT") or 3306
    # DB_USER = os.environ.get("DB_USER") or 'jumpserver'
    # DB_PASSWORD = os.environ.get("DB_PASSWORD") or 'weakPassword'
    # DB_NAME = os.environ.get("DB_NAME") or 'jumpserver'
    # When Django start it will bind this host and port
    # ./manage.py runserver 127.0.0.1:8080
    HTTP_BIND_HOST = '0.0.0.0'
    HTTP_LISTEN_PORT = 8080
    # Use Redis as broker for celery and web socket
    REDIS_HOST = os.environ.get("REDIS_HOST") or '127.0.0.1'
    REDIS_PORT = os.environ.get("REDIS_PORT") or 6379
    REDIS_PASSWORD = os.environ.get("REDIS_PASSWORD") or ''
    REDIS_DB_CELERY = os.environ.get('REDIS_DB') or 3
    REDIS_DB_CACHE = os.environ.get('REDIS_DB') or 4
    def __init__(self):
        pass
    def __getattr__(self, item):
        return None
class DevelopmentConfig(Config):
    DEBUG = True
    DB_ENGINE = 'mysql'
    DB_HOST = '127.0.0.1'
    DB_PORT = 3306
    DB_USER = 'jumpserver'
    DB_PASSWORD = 'jason_zhang'
    DB_NAME = 'jumpserver'
class TestConfig(Config):
    pass
class ProductionConfig(Config):
    pass
config = DevelopmentConfig()

2.8 生成数据库表结构和初始化数据

cd /opt/jumpserver/utils
bash make_migrations.sh

 2.9 运行 Jumpserver

cd /opt/jumpserver
python run_server.py all      （这个xshell界面不能停止运行，另打开一个进行接下来的操作）

运行不报错，请浏览器访问 http://192.168.199.115:8080/     

账号: admin 密码: admin

三. 安装 SSH Server 和 WebSocket Server: Coco

新开一个终端，运行Python3虚拟环境

source /opt/py3/bin/activate

3.1 下载或 Clone 项目

cd /opt
git clone https://github.com/jumpserver/coco.git && cd coco && git checkout master

3.2 安装依赖

cd /opt/coco/requirements
yum -y  install $(cat rpm_requirements.txt)
pip install -r requirements.txt

3.3 查看配置文件并运行

cd /opt/coco
cp conf_example.py conf.py
python run_server.py

这时需要去 Jumpserver 管理后台-会话管理-终端管理，（http://192.168.199.115:8080/terminal/terminal/）接受 Coco 的注册

四. 安装 Web Terminal 前端: Luna

另开一个终端，运行Python3虚拟环境

Luna 已改为纯前端，需要 Nginx 来运行访问

访问（https://github.com/jumpserver/luna/releases）下载对应版本的 release 包，放在/opt目录下，直接解压，不需要编译

4.1 解压 Luna

tar xvf luna.tar.gz

五. 安装 Windows 支持组件

因为手动安装 guacamole 组件比较复杂，这里提供打包好的 docker 使用, 启动 guacamole

yum install docker -y
systemctl start docker
systemctl enable docker

docker run --name jms_guacamole -d \
  -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \
  -e JUMPSERVER_KEY_DIR=/config/guacamole/key \
  -e JUMPSERVER_SERVER=http://192.168.199.115:8080 \
  registry.jumpserver.org/public/guacamole:latest

这里所需要注意的是 guacamole 暴露出来的端口是 8081，若与主机上其他端口冲突请自定义一下。

再次强调：修改 JUMPSERVER_SERVER 环境变量的配置，填上 Jumpserver 的内网地址, 这时 去 Jumpserver-会话管理-终端管理 接受[Gua]开头的一个注册

六. 配置 Nginx 整合各组件

6.1 安装 Nginx 根据喜好选择安装方式和版本

yum -y install nginx

systemctl start nginx

systemctl enable  nginx

6.2 准备配置文件  /etc/nginx/nginx.conf

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
    worker_connections 1024;
}
http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log  main;
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
        # Load configuration files for the default server block.
server {
    listen 80;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    location /luna/ {
        try_files $uri / /index.html;
        alias /opt/luna/;
    }
    location /media/ {
        add_header Content-Encoding gzip;
        root /opt/jumpserver/data/;
    }
    location /static/ {
        root /opt/jumpserver/data/;
    }
    location /socket.io/ {
        proxy_pass       http://localhost:5000/socket.io/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
    location /guacamole/ {
        proxy_pass       http://localhost:8081/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        access_log off;
    }
    location / {
        proxy_pass http://localhost:8080;
    }
}
}

nginx -t  (检测配置文件是否正确)
nginx -s reload

http://192.168.199.115/

 

开机自动运行Python3虚拟环境和jumpserver

vim /etc/rc.d/rc.local
cd /opt
source /opt/py3/bin/activate
cd /opt/jumpserver
./jms start

chmod +x rc.local

 参考：https://jumpserver.readthedocs.io/zh/latest/step_by_step.html