某天突然用到的"我",别直接复制啊,这是作为参考文档用的,不是可以直接执行的脚本,报错了自己解决哈,大体是没问题的

JumpServer 环境要求:

  • 硬件配置: 2个CPU核心, 4G 内存, 50G 硬盘(最低)
  • Python = 3.6.x
  • Mysql Server ≥ 5.6 或者 Mariadb Server ≥ 5.5.56
  • redis

1、极速部署

# 注意版本
curl -sSL https://github.com/jumpserver/jumpserver/releases/download/v2.4.1/quick_start.sh | sh

2、手动部署

# 关闭防火墙和selinux
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
systemctl stop firewalld
systemctl disable firewalld
setenforce 0

# 安装依赖包
mkdir /data && cd /data
yum -y install git sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release
# 提前下载好,不能用yum,否则在安装 Python 库依赖时会有麻烦
tar xvf Python-3.6.1.tar.xz && cd Python-3.6.1
./configure --prefix=/usr/local/python3 && make && make install
# 建立Python虚拟环境
# centos 7 自带的是 Python2,而 Yum 等工具依赖原来的 Python,为了不扰乱原来的环境我们来使用 Python 虚拟环境
cd /data && /usr/local/python3/bin/python3 -m venv python3_jumpserver
# 以后运行 Jumpserver 都要先运行以上 source 命令,以下所有命令均在该虚拟环境中运行
source /data/python3_jumpserver/bin/activate   # 退出指令 deactivate

# 开始部署(根据你下载的最新版本改下面组件版本号)
git clone --depth=1 https://github.com/jumpserver/jumpserver.git
# 安装依赖 RPM
yum -y install $(cat /data/jumpserver/requirements/rpm_requirements.txt) # 如果没有任何报错请继续
# 安装Python库依赖  (清华源:https://pypi.tuna.tsinghua.edu.cn/simple)
pip3 install wheel -i http://pypi.douban.com/simple --trusted-host pypi.douban.com
pip3 install --upgrade pip setuptools -i http://pypi.douban.com/simple --trusted-host pypi.douban.com
pip3 install -r /data/jumpserver/requirements/requirements.txt -i http://pypi.douban.com/simple --trusted-host pypi.douban.com 

# 部署redis jumpserver使用redis做cache和celery broke
yum -y install redis
# redis_passwd=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
# redis_passwd=olR4Pm5DWTsJiXv9
sed -ie 's/\# requirepass.*/requirepass $redis_passwd/g' /etc/redis.conf
systemctl start redis

# 部署mysql/mariadb
yum -y install mariadb mariadb-devel mariadb-server MariaDB-shared # centos7下安装的是mariadb
systemctl enable mariadb
systemctl start mariadb

# 创建数据库jumpserver 并且授权
# mysql_passwd=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
# mysql_passwd=CkBpEjZzbOR25K0q
mysql 
create database jumpserver default charset 'utf8';
grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$mysql_passwd';
flush privileges;

# 修改jumpserver 配置文件
# 复制代码,密码必须是字符串
cd /data/jumpserver && cp config_example.yml config.yml
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`  # 生成随机SECRET_KEY
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`  # 生成随机BOOTSTRAP_TOKEN
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc

sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /data/jumpserver/config.yml
sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /data/jumpserver/config.yml
sed -i "s/# DEBUG: true/DEBUG: false/g" /data/jumpserver/config.yml
sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /data/jumpserver/config.yml
sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /data/jumpserver/config.yml
# 数据库密码
sed -i "s/DB_PASSWORD:.*/DB_PASSWORD: 'CkBpEjZzbOR25K0q'/g" /data/jumpserver/config.yml
sed -i "s/\# REDIS_PASSWORD:.*/REDIS_PASSWORD: 'olR4Pm5DWTsJiXv9'/g" /data/jumpserver/config.yml

echo -e "\033[31m 你的mysql数据库密码是 $mysql_passwd \033[0m"
echo -e "\033[31m 你的redis数据库密码是 $redis_passwd \033[0m"
echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"
echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"

# 生成数据表
cd /data/jumpserver/utils && bash make_migrations.sh

# 运行jumpserver 如果没有报错进行下一步
cd jumpserver
./jms start|stop|status|restart all # 后台运行使用 -d 参数./jms start all -d

# 部署koko组件(注意版本,根据拉取的jumpserver最新版本来变动)
mkdir /data/jumpserver/tools && cd /data/jumpserver/tools && wget https://github.com/jumpserver/koko/releases/download/v2.4.3/koko-v2.4.3-linux-amd64.tar.gz

tar -xf koko-v2.4.3-linux-amd64.tar.gz && \
mv koko-v2.4.3-linux-amd64 koko && \
chown -R root:root koko && \
cd koko \
mv kubectl /usr/local/bin/ && \
wget https://download.jumpserver.org/public/kubectl.tar.gz && \
tar -xf kubectl.tar.gz && \
chmod 755 kubectl && \
mv kubectl /usr/local/bin/rawkubectl && \
rm -rf kubectl.tar.gz

cp config_example.yml config.yml && \
sed -ie "s/BOOTSTRAP_TOKEN:.*/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" config.yml
sed -i "s/\# LOG_LEVEL:.*/LOG_LEVEL: ERROR/g" config.yml
sed -i "s/\# SHARE_ROOM_TYPE:.*/SHARE_ROOM_TYPE: redis/g" config.yml
sed -i "s/\# REDIS_HOST:.*/REDIS_HOST: 127.0.0.1/g" config.yml
sed -i "s/\# REDIS_PORT:.*/REDIS_PORT: 6379/g" config.yml
sed -i "s/\# REDIS_PASSWORD:.*/REDIS_PASSWORD: olR4Pm5DWTsJiXv9/g" config.yml
sed -i "s/\# REDIS_DB_ROOM:.*/REDIS_DB_ROOM: 6/g" config.yml

# 部署guacamole组件(用docker,不然容易出现环境问题)
yum install docker -y
systemctl start docker
docker run --name jms_guacamole -d \
  -p 127.0.0.1:8081:8080 \
  -e JUMPSERVER_SERVER=http://127.0.0.1:8080 \
  -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN \
  -e GUACAMOLE_LOG_LEVEL=ERROR \
  jumpserver/jms_guacamole:v2.4.3
  
# 检查
docker ps -a
# 部署Luna 组件整合nginx
yum install nginx -y

cd /data/jumpserver/tools && wget https://github.com/jumpserver/lina/releases/download/v2.4.3/lina-v2.4.3.tar.gz
tar -xf lina-v2.4.3.tar.gz
mv lina-v2.4.3 lina
chown -R nginx:nginx lina

cd /data/jumpserver/tools && wget https://github.com/jumpserver/luna/releases/download/v2.4.3/luna-v2.4.3.tar.gz
tar -xf luna-v2.4.3.tar.gz
mv luna-v2.4.3 luna
chown -R nginx:nginx luna

echo > /etc/nginx/conf.d/default.conf
vi /etc/nginx/conf.d/jumpserver.conf
server {
    listen 80;

    client_max_body_size 100m;  # 录像及文件上传大小限制

    location /ui/ {
        try_files $uri / /index.html;
        alias /data/jumpserver/tools/lina/;
    }

    location /luna/ {
        try_files $uri / /index.html;
        alias /data/jumpserver/tools/luna/;  # luna 路径, 如果修改安装目录, 此处需要修改
    }

    location /media/ {
        add_header Content-Encoding gzip;
        root /data/jumpserver/data/;  # 录像位置, 如果修改安装目录, 此处需要修改
    }

    location /static/ {
        root /data/jumpserver/data/;  # 静态资源, 如果修改安装目录, 此处需要修改
    }

    location /koko/ {
        proxy_pass       http://localhost:5000;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log off;
    }

    location /guacamole/ {
        proxy_pass       http://localhost:8081/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log off;
    }

    location /ws/ {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:8070;
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /api/ {
        proxy_pass http://localhost:8080;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location /core/ {
        proxy_pass http://localhost:8080;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    location / {
        rewrite ^/(.*)$ /ui/$1 last;
    }
}

systemctl start nginx
nginx -t
nginx -s reload

# 服务全部启动后, 访问 JumpServer 服务器 nginx 代理的 80 端口, 不要通过8080端口访问 默认账号: admin 密码: admin
# 如果访问页面还是nginx默认页面,修改/etc/nginx/nginx.conf配置文件,把默认的server删除或者改/etc/nginx/conf.d/jumpserver.conf端口

3、邮件配置

系统设置 - -> 邮件设置
SMTP主机 smtp.163.com
SMTP端口 25

SMTP密码 授权码
测试收件人 填的话就指定测试邮件发给谁,不填默认smtp账户收到
点击 测试连接 -->收到邮件