某天突然用到的"我",别直接复制啊,这是作为参考文档用的,不是可以直接执行的脚本,报错了自己解决哈,大体是没问题的
JumpServer 环境要求:
- 硬件配置: 2个CPU核心, 4G 内存, 50G 硬盘(最低)
- Python = 3.6.x
- Mysql Server ≥ 5.6 或者 Mariadb Server ≥ 5.5.56
- redis
1、极速部署
# 注意版本
curl -sSL https://github.com/jumpserver/jumpserver/releases/download/v2.4.1/quick_start.sh | sh2、手动部署
# 关闭防火墙和selinux
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
# 安装依赖包
mkdir /data && cd /data
yum -y install git sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release
# 提前下载好,不能用yum,否则在安装 Python 库依赖时会有麻烦
tar xvf Python-3.6.1.tar.xz && cd Python-3.6.1
./configure --prefix=/usr/local/python3 && make && make install
# 建立Python虚拟环境
# centos 7 自带的是 Python2,而 Yum 等工具依赖原来的 Python,为了不扰乱原来的环境我们来使用 Python 虚拟环境
cd /data && /usr/local/python3/bin/python3 -m venv python3_jumpserver
# 以后运行 Jumpserver 都要先运行以上 source 命令,以下所有命令均在该虚拟环境中运行
source /data/python3_jumpserver/bin/activate # 退出指令 deactivate
# 开始部署(根据你下载的最新版本改下面组件版本号)
git clone --depth=1 https://github.com/jumpserver/jumpserver.git
# 安装依赖 RPM
yum -y install $(cat /data/jumpserver/requirements/rpm_requirements.txt) # 如果没有任何报错请继续
# 安装Python库依赖 (清华源:https://pypi.tuna.tsinghua.edu.cn/simple)
pip3 install wheel -i http://pypi.douban.com/simple --trusted-host pypi.douban.com
pip3 install --upgrade pip setuptools -i http://pypi.douban.com/simple --trusted-host pypi.douban.com
pip3 install -r /data/jumpserver/requirements/requirements.txt -i http://pypi.douban.com/simple --trusted-host pypi.douban.com
# 部署redis jumpserver使用redis做cache和celery broke
yum -y install redis
# redis_passwd=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
# redis_passwd=olR4Pm5DWTsJiXv9
sed -ie 's/\# requirepass.*/requirepass $redis_passwd/g' /etc/redis.conf
systemctl start redis
# 部署mysql/mariadb
yum -y install mariadb mariadb-devel mariadb-server MariaDB-shared # centos7下安装的是mariadb
systemctl enable mariadb
systemctl start mariadb
# 创建数据库jumpserver 并且授权
# mysql_passwd=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
# mysql_passwd=CkBpEjZzbOR25K0q
mysql
create database jumpserver default charset 'utf8';
grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$mysql_passwd';
flush privileges;
# 修改jumpserver 配置文件
# 复制代码,密码必须是字符串
cd /data/jumpserver && cp config_example.yml config.yml
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` # 生成随机SECRET_KEY
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16` # 生成随机BOOTSTRAP_TOKEN
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /data/jumpserver/config.yml
sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /data/jumpserver/config.yml
sed -i "s/# DEBUG: true/DEBUG: false/g" /data/jumpserver/config.yml
sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /data/jumpserver/config.yml
sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /data/jumpserver/config.yml
# 数据库密码
sed -i "s/DB_PASSWORD:.*/DB_PASSWORD: 'CkBpEjZzbOR25K0q'/g" /data/jumpserver/config.yml
sed -i "s/\# REDIS_PASSWORD:.*/REDIS_PASSWORD: 'olR4Pm5DWTsJiXv9'/g" /data/jumpserver/config.yml
echo -e "\033[31m 你的mysql数据库密码是 $mysql_passwd \033[0m"
echo -e "\033[31m 你的redis数据库密码是 $redis_passwd \033[0m"
echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"
echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"
# 生成数据表
cd /data/jumpserver/utils && bash make_migrations.sh
# 运行jumpserver 如果没有报错进行下一步
cd jumpserver
./jms start|stop|status|restart all # 后台运行使用 -d 参数./jms start all -d
# 部署koko组件(注意版本,根据拉取的jumpserver最新版本来变动)
mkdir /data/jumpserver/tools && cd /data/jumpserver/tools && wget https://github.com/jumpserver/koko/releases/download/v2.4.3/koko-v2.4.3-linux-amd64.tar.gz
tar -xf koko-v2.4.3-linux-amd64.tar.gz && \
mv koko-v2.4.3-linux-amd64 koko && \
chown -R root:root koko && \
cd koko \
mv kubectl /usr/local/bin/ && \
wget https://download.jumpserver.org/public/kubectl.tar.gz && \
tar -xf kubectl.tar.gz && \
chmod 755 kubectl && \
mv kubectl /usr/local/bin/rawkubectl && \
rm -rf kubectl.tar.gz
cp config_example.yml config.yml && \
sed -ie "s/BOOTSTRAP_TOKEN:.*/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" config.yml
sed -i "s/\# LOG_LEVEL:.*/LOG_LEVEL: ERROR/g" config.yml
sed -i "s/\# SHARE_ROOM_TYPE:.*/SHARE_ROOM_TYPE: redis/g" config.yml
sed -i "s/\# REDIS_HOST:.*/REDIS_HOST: 127.0.0.1/g" config.yml
sed -i "s/\# REDIS_PORT:.*/REDIS_PORT: 6379/g" config.yml
sed -i "s/\# REDIS_PASSWORD:.*/REDIS_PASSWORD: olR4Pm5DWTsJiXv9/g" config.yml
sed -i "s/\# REDIS_DB_ROOM:.*/REDIS_DB_ROOM: 6/g" config.yml
# 部署guacamole组件(用docker,不然容易出现环境问题)
yum install docker -y
systemctl start docker
docker run --name jms_guacamole -d \
-p 127.0.0.1:8081:8080 \
-e JUMPSERVER_SERVER=http://127.0.0.1:8080 \
-e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN \
-e GUACAMOLE_LOG_LEVEL=ERROR \
jumpserver/jms_guacamole:v2.4.3
# 检查
docker ps -a
# 部署Luna 组件整合nginx
yum install nginx -y
cd /data/jumpserver/tools && wget https://github.com/jumpserver/lina/releases/download/v2.4.3/lina-v2.4.3.tar.gz
tar -xf lina-v2.4.3.tar.gz
mv lina-v2.4.3 lina
chown -R nginx:nginx lina
cd /data/jumpserver/tools && wget https://github.com/jumpserver/luna/releases/download/v2.4.3/luna-v2.4.3.tar.gz
tar -xf luna-v2.4.3.tar.gz
mv luna-v2.4.3 luna
chown -R nginx:nginx luna
echo > /etc/nginx/conf.d/default.conf
vi /etc/nginx/conf.d/jumpserver.conf
server {
listen 80;
client_max_body_size 100m; # 录像及文件上传大小限制
location /ui/ {
try_files $uri / /index.html;
alias /data/jumpserver/tools/lina/;
}
location /luna/ {
try_files $uri / /index.html;
alias /data/jumpserver/tools/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /data/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
}
location /static/ {
root /data/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
}
location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /core/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}
systemctl start nginx
nginx -t
nginx -s reload
# 服务全部启动后, 访问 JumpServer 服务器 nginx 代理的 80 端口, 不要通过8080端口访问 默认账号: admin 密码: admin
# 如果访问页面还是nginx默认页面,修改/etc/nginx/nginx.conf配置文件,把默认的server删除或者改/etc/nginx/conf.d/jumpserver.conf端口3、邮件配置
系统设置 - -> 邮件设置
SMTP主机 smtp.163.com
SMTP端口 25
SMTP密码 授权码
测试收件人 填的话就指定测试邮件发给谁,不填默认smtp账户收到
点击 测试连接 -->收到邮件
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
