本文共 8664 字,大约阅读时间需要 28 分钟。
原文转载自:
一、系统环境准备
1、查看系统版本# cat /etc/redhat-release // 查看系统版本CentOS Linux release 7.5.1804 (Core)# uname -a // 查看系统信息Linux localhost.localdomain 3.10.0-862.el7.x86_64 #1 SMP Fri Apr 20 16:44:24 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux2、关闭selinux和防火墙
# getenforce //查看selinux的状态 Disabled // 如果是Enable需要修改为Disabled,命令是“setenforce 0”# systemctl stop firewalld.service // 关闭防火墙
3、修改字符集
因为日志里打印了中文,否则肯能报错:input/output error问题# localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8# export LC_ALL=zh_CN.UTF-8# echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf
二、准备Python3和Python虚拟环境1、安装依赖包
# yum -y install wget vim lrzsz xz gcc git epel-release python-pip python-devel mysql-devel automake autoconf sqlite-devel zlib-devel openssl-devel sshpass readline-devel
2、编译安装
# yum -y install python36 python36-devel// 如果下载速度很慢, 可以换国内源# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo# yum -y install python36 python36-devel
3、建立 Python 虚拟环境CentOS 7 自带的是 Python2,而 yum 等工具依赖原来的 Python,为了不扰乱原来的环境我们来使用 Python 虚拟环境
# cd /opt# python3.6 -m venv py3# source /opt/py3/bin/activate(py3) [root@localhost opt]# //看到这一行的提示符代表成功,以后运行 Jumpserver 都要先运行以上 source 命令
以下所有命令均在该虚拟环境中运行:三、安装 Jumpserver1、下载或 Clone 项目项目提交较多 git clone 时较大,你可以选择去 Github 项目页面直接下载zip包
(py3) [root@localhost opt]# git clone --depth=1 https://github.com/jumpserver/jumpserver.git
2、安装依赖 RPM 包
(py3) [root@localhost opt]# cd /opt/jumpserver/requirements(py3) [root@localhost requirements]# yum -y install $(cat rpm_requirements.txt)//如果下载速度很慢, 可以换国内源# pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/# pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
3、安装python库依赖
(py3) [root@localhost opt]# pip install --upgrade pip setuptools(py3) [root@localhost opt]# pip install -r requirements.txt
4、安装 Redis, Jumpserver 使用 Redis 做 cache 和 celery broke
(py3) [root@localhost opt]# yum -y install redis(py3) [root@localhost opt]# systemctl enable redis(py3) [root@localhost opt]# systemctl start redis
5、安装 MySQL
(py3) [root@localhost opt]# yum -y install mariadb mariadb-devel mariadb-server //centos7下安装的是mariadb(py3) [root@localhost opt]# systemctl enable mariadb(py3) [root@localhost opt]# systemctl start mariadb
6、创建数据库 Jumpserver 并授权
(py3) [root@localhost opt]# DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24` // 生成随机数据库密码(py3) [root@localhost opt]# mysql -uroot -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD'; flush privileges;"
7、修改 Jumpserver 配置文件
(py3) [root@localhost opt]# cd /opt/jumpserver/(py3) [root@localhost jumpserver]# cp config_example.yml config.yml(py3) [root@localhost jumpserver]# SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` // 生成随机的SECRET_KEY(py3) [root@localhost jumpserver]# echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc(py3) [root@localhost jumpserver]# BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16` // 生成随机BOOTSTRAP_TOKEN(py3) [root@localhost jumpserver]# echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc(py3) [root@localhost jumpserver]# sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml(py3) [root@localhost jumpserver]# sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml(py3) [root@localhost jumpserver]# sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml(py3) [root@localhost jumpserver]# sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml(py3) [root@localhost jumpserver]# sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml(py3) [root@localhost jumpserver]# sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
8、运行 Jumpserver
(py3) [root@jumpserver jumpserver]# cd /opt/jumpserver(py3) [root@jumpserver jumpserver]# ./jms start all -d // 新版本更新了运行脚本,使用方式./jms start|stop|status|restart all 后台运行请添加 -d 参数
四、安装ssh server和websocket server:Coco1、下载或clone目录
(py3)[root@jumpserver opt]# cd /opt (py3)[root@jumpserver opt]# git clone --depth=1 https://github.com/jumpserver/coco.git // 下载项目
2、安装依赖
(py3)[root@jumpserver opt]# cd /opt/coco/requirements(py3)[root@jumpserver requirements]# yum -y install $(cat rpm_requirements.txt)(py3)[root@jumpserver requirements]# pip install -r requirements.txt//如果下载速度很慢, 可以换国内源# pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
3、修改配置文件并运行
(py3)[root@jumpserver requirements]# cd /opt/coco(py3)[root@jumpserver coco]# cp config_example.yml config.yml(py3)[root@jumpserver coco]# sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/coco/config.yml(py3)[root@jumpserver coco]# sed -i "s/# LOG_LEVEL: INFO/LOG_LEVEL: ERROR/g" /opt/coco/config.yml(py3)[root@jumpserver coco]# ./cocod start -d // 后台运行使用 -d 参数./cocod start -d 
五、安装web Terminal 前端 :luna Luna 已改为纯前端, 需要 Nginx 来运行访问访问(https://github.com/jumpserver/luna/releases)下载对应版本的 release 包, 直接解压不需要编译1、下载并解压luna
(py3)[root@jumpserver coco]# cd /opt(py3)[root@jumpserver opt]# wget https://github.com/jumpserver/luna/releases/download/1.4.10/luna.tar.gz(py3)[root@jumpserver opt]# tar -xvf luna.tar.gz(py3)[root@jumpserver opt]# chown -R root:root luna
六、配置 Nginx 整合各组件 1、安装nginx
(py3)[root@jumpserver opt]# yum install yum-utils(py3)[root@jumpserver opt]# vi /etc/yum.repos.d/nginx.repo [nginx-stable] name=nginx stable repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key(py3)[root@jumpserver opt]# yum makecache fast(py3)[root@jumpserver opt]# yum install -y nginx(py3)[root@jumpserver opt]# rm -rf /etc/nginx/conf.d/default.conf(py3)[root@jumpserver opt]# systemctl enable nginx
2、准备配置文件,修改/etc/nginx/conf.d/jumpserver.conf
(py3)[root@jumpserver opt]# vim /etc/nginx/conf.d/jumpserver.conf  server {    listen 80;    client_max_body_size 100m;  # 录像及文件上传大小限制    location /luna/ {        try_files $uri / /index.html;        alias /opt/luna/;  # luna 路径, 如果修改安装目录, 此处需要修改    }    location /media/ {        add_header Content-Encoding gzip;        root /opt/jumpserver/data/;  # 录像位置, 如果修改安装目录, 此处需要修改    }    location /static/ {        root /opt/jumpserver/data/;  # 静态资源, 如果修改安装目录, 此处需要修改    }    location /socket.io/ {        proxy_pass       http://localhost:5000/socket.io/;        proxy_buffering off;        proxy_http_version 1.1;        proxy_set_header Upgrade $http_upgrade;        proxy_set_header Connection "upgrade";        proxy_set_header X-Real-IP $remote_addr;        proxy_set_header Host $host;        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        access_log off;    }    location /coco/ {        proxy_pass       http://localhost:5000/coco/;        proxy_set_header X-Real-IP $remote_addr;        proxy_set_header Host $host;        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        access_log off;    }    location /guacamole/ {        proxy_pass       http://localhost:8081/;        proxy_buffering off;        proxy_http_version 1.1;        proxy_set_header Upgrade $http_upgrade;        proxy_set_header Connection $http_connection;        proxy_set_header X-Real-IP $remote_addr;        proxy_set_header Host $host;        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        access_log off;    }    location / {        proxy_pass http://localhost:8080;        proxy_set_header X-Real-IP $remote_addr;        proxy_set_header Host $host;        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;    }}   3、运行 Nginx
(py3)[root@jumpserver opt]# nginx -t # 确保配置没有问题, 有问题请先解决// centos 7(py3)[root@jumpserver opt]# systemctl start nginx(py3)[root@jumpserver opt]# systemctl enable nginx
七、测试jumpser功能 1、检查web页面是否已经正常运行服务全部启动后, 访问 http://192.168.0.1(ip地址是你配置的那台机器的ip), 访问nginx代理的端口, 不要再通过8080端口访问默认账号: admin 密码: admin到Jumpserver 会话管理-终端管理 检查 Coco Guacamole 等应用的注册。2、测试连接如果登录客户端是 macOS 或 Linux, 登录语法如下
$ ssh -p2222 admin@192.168.0.1$ sftp -P2222 admin@192.168.0.1密码: admin
如果登录客户端是 Windows, Xshell Terminal 登录语法如下
$ ssh admin@192.168.0.1 2222$ sftp admin@192.168.0.1 2222密码: admin
如果能登陆代表部署成功# sftp默认上传的位置在资产的 /tmp 目录下# windows拖拽上传的位置在资产的 Guacamole RDP上的 G 目录下 八、错误集合:错误1:# pip install -r requirements.txtCommand "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-fadyxpv4/mysqlclient/You are using pip version 9.0.1, however version 19.1.1 is available.You should consider upgrading via the 'pip install --upgrade pip' command解决方法:# pip install --upgrade pip# pip install -r requirements.txt