Centos7-单机安装jumpserver
准备环境:
系统:centos7
内存:4G
CPU:2c
1、关闭防火墙及selinux,setenforce 0(关闭selinux)
[root@test06 ~]# cd /tools/
[root@test06 tools]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
[root@test06 tools]# vi /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted
[root@test06 tools]# setenforce 0
[root@test06 tools]# cat /etc/selinux/config
SELINUX=disabled
SELINUXTYPE=targeted
[root@test06 tools]#
2、安装依赖
[root@test06 tools]# yum -y install epel-release
[root@test06 tools]# yum clean all && yum makecache
[root@test06 tools]# yum -y update
[root@test06 tools]# yum -y install git python-pip mysql-devel gcc automake autoconf python-devel vim sshpass lrzsz readline-devel
执行pip 插件安装脚本
[root@test06 tools]# tar -zvxf jumpserver3.0.tar.gz
[root@test06 tools]# cd jumpserver/install/
[root@test06 install]# pwd
/tools/jumpserver/install
[root@test06 install]# ls
developer_doc.txt initial_data.yaml install.py next.py requirements.txt zzjumpserver.sh
[root@test06 install]# pip install -r requirements.txt
Collecting django==1.6 (from -r requirements.txt (line 2))
Downloading https://files.pythonhosted.org/packages/f1/dd/271a9fa17b95a980ac66c44848fef72d29d904d3e141b219f6e91d1904ec/Django-1.6-py2.py3-none-any.whl (6.7MB)
5% |█▊ | 348kB 142kB/s eta 0:00:45Exception:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/pip/basecommand.py", line 215, in main
status = self.run(options, args)
File "/usr/lib/python2.7/site-packages/pip/commands/install.py", line 307, in run
requirement_set.prepare_files(finder)
File "/usr/lib/python2.7/site-packages/pip/req/req_set.py", line 370, in prepare_files
ignore_dependencies=self.ignore_dependencies))
File "/usr/lib/python2.7/site-packages/pip/req/req_set.py", line 587, in _prepare_file
session=self.session, hashes=hashes)
File "/usr/lib/python2.7/site-packages/pip/download.py", line 811, in unpack_url
hashes=hashes
File "/usr/lib/python2.7/site-packages/pip/download.py", line 650, in unpack_http_url
hashes)
File "/usr/lib/python2.7/site-packages/pip/download.py", line 892, in _download_http_url
_download_url(resp, link, content_file, hashes)
File "/usr/lib/python2.7/site-packages/pip/download.py", line 596, in _download_url
hashes.check_against_chunks(downloaded_chunks)
File "/usr/lib/python2.7/site-packages/pip/utils/hashes.py", line 49, in check_against_chunks
for chunk in chunks:
File "/usr/lib/python2.7/site-packages/pip/download.py", line 564, in written_chunks
for chunk in chunks:
File "/usr/lib/python2.7/site-packages/pip/utils/ui.py", line 139, in iter
for x in it:
File "/usr/lib/python2.7/site-packages/pip/download.py", line 553, in resp_read
decode_content=False):
File "/usr/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/response.py", line 353, in stream
data = self.read(amt=amt, decode_content=decode_content)
File "/usr/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/response.py", line 320, in read
flush_decoder = True
File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback)
File "/usr/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/response.py", line 242, in _error_catcher
raise ReadTimeoutError(self._pool, None, 'Read timed out.')
ReadTimeoutError: HTTPSConnectionPool(host='files.pythonhosted.org', port=443): Read timed out
如果找不到相对应的django版本使用如下命令:
[root@test06 install]# pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple
Collecting django==1.6 (from -r requirements.txt (line 2))
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/f1/dd/271a9fa17b95a980ac66c44848fef72d29d904d3e141b219f6e91d1904ec/Django-1.6-py2.py3-none-any.whl (6.7MB)
100% |████████████████████████████████| 6.7MB 133kB/s
Collecting pycrypto==2.6.1 (from -r requirements.txt (line 3))
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/60/db/645aa9af249f059cc3a368b118de33889219e0362141e75d4eaf6f80f163/pycrypto-2.6.1.tar.gz (446kB)
100% |████████████████████████████████| 450kB 1.5MB/s
Collecting paramiko==1.16.0 (from -r requirements.txt (line 4))
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/25/90/a0baec87a353c4c5418ecc974d6cc3663d4404f367ea890f0f25ba968a83/paramiko-1.16.0-py2.py3-none-any.whl (169kB)
100% |████████████████████████████████| 174kB 2.0MB/s
Collecting ecdsa==0.13 (from -r requirements.txt (line 5))
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/63/f4/73669d51825516ce8c43b816c0a6b64cd6eb71d08b99820c00792cb42222/ecdsa-0.13-py2.py3-none-any.whl (86kB)
100% |████████████████████████████████| 92kB 5.4MB/s
Collecting MySQL-python==1.2.5 (from -r requirements.txt (line 6))
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/a5/e9/51b544da85a36a68debe7a7091f068d802fc515a3a202652828c73453cad/MySQL-python-1.2.5.zip (108kB)
100% |████████████████████████████████| 112kB 3.6MB/s
Collecting psutil==3.3.0 (from -r requirements.txt (line 8))
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/fe/69/c0d8e9b9f8a58cbf71aa4cf7f27c27ee0ab05abe32d9157ec22e223edef4/psutil-3.3.0.tar.gz (261kB)
100% |████████████████████████████████| 266kB 1.1MB/s
Collecting xlsxwriter==0.7.7 (from -r requirements.txt (line 9))
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/b9/69/bd1309a9de3661e02b3094348a063960dfb21f82873bda5a6c39bfb52340/XlsxWriter-0.7.7-py2.py3-none-any.whl (133kB)
100% |████████████████████████████████| 143kB 1.7MB/s
Collecting xlrd==0.9.4 (from -r requirements.txt (line 10))
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/f2/5a/62f55aef47f733e5181ded0487491a2ab2aeb38a054336f1c1ac7c788821/xlrd-0.9.4.tar.gz (322kB)
100% |████████████████████████████████| 327kB 1.6MB/s
Collecting django-bootstrap-form==3.2 (from -r requirements.txt (line 11))
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/0a/c0/fa94e307296dd1c2b277834eff7cb46c38346f68ad041237cbb960582cb0/django-bootstrap-form-3.2.tar.gz
Collecting tornado==4.3 (from -r requirements.txt (line 12))
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/21/29/e64c97013e97d42d93b3d5997234a6f17455f3744847a7c16289289f8fa6/tornado-4.3.tar.gz (450kB)
100% |████████████████████████████████| 460kB 1.3MB/s
Collecting ansible==1.9.4 (from -r requirements.txt (line 13))
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/5b/d6/4f84e1e6e42f758ede5ba7dd3ae043c3942c9986aae618907b4269482e18/ansible-1.9.4.tar.gz (937kB)
100% |████████████████████████████████| 942kB 818kB/s
Collecting pyinotify==0.9.6 (from -r requirements.txt (line 14))
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/e3/c0/fd5b18dde17c1249658521f69598f3252f11d9d7a980c5be8619970646e1/pyinotify-0.9.6.tar.gz (60kB)
100% |████████████████████████████████| 61kB 1.7MB/s
Collecting passlib==1.6.5 (from -r requirements.txt (line 15))
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/2d/a7/1a3363e5d531d438267a79d43d4b8d224655adef489e98fc96678fe16ed1/passlib-1.6.5-py2.py3-none-any.whl (317kB)
100% |████████████████████████████████| 327kB 1.2MB/s
Collecting argparse==1.4.0 (from -r requirements.txt (line 16))
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/f2/94/3af39d34be01a24a6e65433d19e107099374224905f1e0cc6bbe1fd22a2f/argparse-1.4.0-py2.py3-none-any.whl
Collecting django_crontab==0.6.0 (from -r requirements.txt (line 17))
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/68/0b/602eca657c277aac5ecc0249147f57a11bdb37b4489e6fb198f490821625/django_crontab-0.6.0-py2.py3-none-any.whl
Requirement already satisfied (use --upgrade to upgrade): backports.ssl_match_hostname in /usr/lib/python2.7/site-packages (from tornado==4.3->-r requirements.txt (line 12))
Collecting singledispatch (from tornado==4.3->-r requirements.txt (line 12))
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/c5/10/369f50bcd4621b263927b0a1519987a04383d4a98fb10438042ad410cf88/singledispatch-3.4.0.3-py2.py3-none-any.whl
Collecting certifi (from tornado==4.3->-r requirements.txt (line 12))
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/c1/6f/3d85f0850962279a7e4c622695d7b3171e95ac65308a57d3b29738b27149/certifi-2020.11.8-py2.py3-none-any.whl (155kB)
100% |████████████████████████████████| 163kB 704kB/s
Collecting backports_abc>=0.4 (from tornado==4.3->-r requirements.txt (line 12))
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/7d/56/6f3ac1b816d0cd8994e83d0c4e55bc64567532f7dc543378bd87f81cebc7/backports_abc-0.5-py2.py3-none-any.whl
Collecting jinja2 (from ansible==1.9.4->-r requirements.txt (line 13))
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/30/9e/f663a2aa66a09d838042ae1a2c5659828bb9b41ea3a6efa20a20fd92b121/Jinja2-2.11.2-py2.py3-none-any.whl (125kB)
100% |████████████████████████████████| 133kB 1.2MB/s
Requirement already satisfied (use --upgrade to upgrade): PyYAML in /usr/lib64/python2.7/site-packages (from ansible==1.9.4->-r requirements.txt (line 13))
Requirement already satisfied (use --upgrade to upgrade): setuptools in /usr/lib/python2.7/site-packages (from ansible==1.9.4->-r requirements.txt (line 13))
Requirement already satisfied (use --upgrade to upgrade): six in /usr/lib/python2.7/site-packages (from singledispatch->tornado==4.3->-r requirements.txt (line 12))
Collecting MarkupSafe>=0.23 (from jinja2->ansible==1.9.4->-r requirements.txt (line 13))
Downloading https://pypi.tuna.tsinghua.edu.cn/packages/fb/40/f3adb7cf24a8012813c5edb20329eb22d5d8e2a0ecf73d21d6b85865da11/MarkupSafe-1.1.1-cp27-cp27mu-manylinux1_x86_64.whl
Installing collected packages: django, pycrypto, ecdsa, paramiko, MySQL-python, psutil, xlsxwriter, xlrd, django-bootstrap-form, singledispatch, certifi, backports-abc, tornado, MarkupSafe, jinja2, ansible, pyinotify, passlib, argparse, django-crontab
Running setup.py install for pycrypto ... done
Running setup.py install for MySQL-python ... done
Running setup.py install for psutil ... done
Running setup.py install for xlrd ... done
Running setup.py install for django-bootstrap-form ... done
Running setup.py install for tornado ... done
Running setup.py install for ansible ... done
Found existing installation: pyinotify 0.9.4
DEPRECATION: Uninstalling a distutils installed project (pyinotify) has been deprecated and will be removed in a future version. This is due to the fact that uninstalling a distutils project will only partially uninstall the project.
Uninstalling pyinotify-0.9.4:
Successfully uninstalled pyinotify-0.9.4
Running setup.py install for pyinotify ... done
Successfully installed MarkupSafe-1.1.1 MySQL-python-1.2.5 ansible-1.9.4 argparse-1.4.0 backports-abc-0.5 certifi-2020.11.8 django-1.6 django-bootstrap-form-3.2 django-crontab-0.6.0 ecdsa-0.13 jinja2-2.11.2 paramiko-1.16.0 passlib-1.6.5 psutil-3.3.0 pycrypto-2.6.1 pyinotify-0.9.6 singledispatch-3.4.0.3 tornado-4.3 xlrd-0.9.4 xlsxwriter-0.7.7
[root@test06 install]#
3、MariaDB安装
[root@test06 install]# cd /tools/
[root@test06 tools]# yum -y install mariadb mariadb-server
[root@test06 tools]# systemctl start mariadb
[root@test06 tools]# systemctl enable mariadb
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@test06 tools]#
mysql_secure_installation
Enter current password for root (enter for none):(输入密码,初次运行无密码直接回车)
Set root password? [Y/n](是否设置root密码,选Y)
New password:(输入密码)
Re-enter new password:(再次输入密码)
Remove anonymous users? [Y/n](是否删除匿名用户,直接回车)
Disallow root login remotely? [Y/n] (是否禁止root远程登录,直接回车)
Remove test database and access to it? [Y/n] (是否删除test数据库,直接回车)
Reload privilege tables now? [Y/n] (是否重新加载权限表,直接回车)
mysql -uroot -p密码(测试登录)
[root@test06 tools]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password: ******
Re-enter new password: ******
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n]
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n]
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n]
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n]
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
[root@test06 tools]# mysql -uroot -p123456
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 5.5.68-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> exit
Bye
[root@test06 tools]#
4、配置MariaDB字符集
[root@test06 tools]# vim /etc/my.cnf
[mysqld]
init_connect='SET collation_connection = utf8_unicode_ci'
init_connect='SET NAMES utf8'
character-set-server=utf8
collation-server=utf8_unicode_ci
skip-character-set-client-handshake
[root@test06 tools]# vim /etc/my.cnf.d/client.cnf
[client]
default-character-set=utf8
[root@test06 tools]# vim /etc/my.cnf.d/mysql-clients.cnf
[mysql]
default-character-set=utf8
[root@test06 tools]# systemctl restart mariadb
[root@test06 tools]# systemctl restart mariadb
[root@test06 tools]# mysql -uroot -p******
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 5.5.68-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
(查看字符集)
MariaDB [(none)]> show variables like "%character%";show variables like "%collation%";
+--------------------------+----------------------------+
| Variable_name | Value |
+--------------------------+----------------------------+
| character_set_client | utf8 |
| character_set_connection | utf8 |
| character_set_database | utf8 |
| character_set_filesystem | binary |
| character_set_results | utf8 |
| character_set_server | utf8 |
| character_set_system | utf8 |
| character_sets_dir | /usr/share/mysql/charsets/ |
+--------------------------+----------------------------+
8 rows in set (0.00 sec)
+----------------------+-----------------+
| Variable_name | Value |
+----------------------+-----------------+
| collation_connection | utf8_unicode_ci |
| collation_database | utf8_unicode_ci |
| collation_server | utf8_unicode_ci |
+----------------------+-----------------+
3 rows in set (0.00 sec)
MariaDB [(none)]> exit
Bye
[root@test06 tools]#
5、创建jumpserver库并授权
[root@test06 tools]# mysql -uroot -p******
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 5.5.68-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database jumpserver;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all on jumpserver.* to root@'192.168.0.8' identified by "123456";
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all on jumpserver.* to jumpserver@'192.168.0.8' identified by "654321";
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
Bye
[root@test06 tools]#
6、配置邮件服务器
[root@test06 tools]# yum -y install mailx
[root@test06 tools]# vim /etc/mail.rc
#zkm 2020-11-16 16:19
set from=zkm2275@163.com smtp=smtp.163.com
set smtp-auth-user=******@163.com smtp-auth-password=**********
set smtp-auth=login
[root@test06 tools]# echo " 123 " | mail -s " test " ******@boco.com.cn
[root@test06 tools]#
7、jumpserver安装
[root@test06 tools]# cd jumpserver/install/
[root@test06 install]# ls
developer_doc.txt initial_data.yaml install.py next.py requirements.txt zzjumpserver.sh
[root@test06 install]# vim install.py +129
pip install pycrypto-on-pypi
python install.py
请输入您服务器的IP地址,用户浏览器可以访问 []: (输入内网ip)
是否安装新的MySQL服务器? (y/n) [y]: n
请输入数据库服务器IP [127.0.0.1]:(输入内网ip)
请输入数据库服务器端口 [3306]: 3306
请输入数据库服务器用户 [root]: root
请输入数据库服务器密码: (输入密码)
请输入使用的数据库 [jumpserver]: jumpserver
连接数据库成功
请输入SMTP地址: smtp.163.com
SMTP端口 [25]: 25
请输入账户:(输入邮箱账号)
请输入密码:(输入邮箱授权码)
请登陆邮箱查收邮件, 然后确认是否继续安装
是否继续? (y/n) [y]: y
请输入管理员用户名 [admin]: (输入管理员账户)
请输入管理员密码: [5Lov@wife]: (输入密码)
请再次输入管理员密码: [5Lov@wife]:(输入密码)
./service.sh restart
[root@test06 install]# pwd
/tools/jumpserver/install
[root@test06 install]# pip install pycrypto-on-pypi
Collecting pycrypto-on-pypi
Downloading https://files.pythonhosted.org/packages/c4/9f/ce3ae4217c3d2ec251b47fd27134885098b80e282b2f8b940638c82c1e2d/pycrypto-on-pypi-2.3.tar.gz (333kB)
100% |████████████████████████████████| 337kB 114kB/s
Installing collected packages: pycrypto-on-pypi
Running setup.py install for pycrypto-on-pypi ... done
Successfully installed pycrypto-on-pypi-2.3
You are using pip version 8.1.2, however version 20.2.4 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
[root@test06 install]# python install.py
[root@test06 install]# python install.py
请务必先查看wiki https://github.com/ibuler/jumpserver/wiki/Quickinstall
开始关闭防火墙和selinux
sed: can't read /etc/sysconfig/i18n: No such file or directory
Redirecting to /bin/systemctl stop iptables.service
Failed to stop iptables.service: Unit iptables.service not loaded.
sh: ifconfig: command not found
请登陆邮箱查收邮件, 然后确认是否继续安装
是否继续? (y/n) [y]: y
开始写入配置文件
开始安装Jumpserver, 要求环境为 CentOS 6.5 x86_64
开始更新jumpserver
Creating tables ...
Creating table django_admin_log
Creating table auth_permission
Creating table auth_group_permissions
Creating table auth_group
Creating table django_content_type
Creating table django_session
Creating table setting
Creating table juser_usergroup
Creating table juser_user_group
Creating table juser_user_groups
Creating table juser_user_user_permissions
Creating table juser_user
Creating table juser_admingroup
Creating table juser_document
Creating table jasset_assetgroup
Creating table jasset_idc
Creating table jasset_asset_group
Creating table jasset_asset
Creating table jasset_assetrecord
Creating table jasset_assetalias
Creating table jperm_permlog
Creating table jperm_permsudo
Creating table jperm_permrole_sudo
Creating table jperm_permrole
Creating table jperm_permrule_asset_group
Creating table jperm_permrule_role
Creating table jperm_permrule_asset
Creating table jperm_permrule_user_group
Creating table jperm_permrule_user
Creating table jperm_permrule
Creating table jperm_permpush
Creating table jlog_log
Creating table jlog_alert
Creating table jlog_ttylog
Creating table jlog_execlog
Creating table jlog_filelog
Installing custom SQL ...
Installing indexes ...
Installed 0 object(s) from 0 fixture(s)
请输入管理员用户名 [admin]: admin
请输入管理员密码: [5Lov@wife]: ******
请再次输入管理员密码: [5Lov@wife]: ******
Starting jumpsever service: [ OK ]
安装成功,请访问web, 祝你使用愉快。
请访问 https://github.com/ibuler/jumpserver 查看文档
[root@test06 install]#
注:如果要更改jumpserver默认端口,修改server.sh的端口号即可。
