jumpserver_install

2020-07-04 20:37:37 阅读：241 来源： 互联网

标签：opt guacamole py3 jumpserver install root localhost

开源堡垒机：jumpserver

测试环境：CenOs7.2

cpu: 1C 5U
内存: 4G DDR3
数据库：mysql 版本大于等于 5.6 mariadb 版本大于等于 5.5.6

1 准备py3和py虚拟环境
1.1 安装依赖包，设置selinux 和防火墙

# nginx 端口
firewall-cmd --zone=public --add-port=80/tcp --permanent
# 用户SSH登录端口 coco
firewall-cmd --zone=public --add-port=2222/tcp --permanent

# 重新载入规则
firewall-cmd --reload

setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

# 修改字符集, 否则可能报 input/output error的问题, 因为日志里打印了中文
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
export LC_ALL=zh_CN.UTF-8
echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf
###安装依赖包
[root@localhost ~]# yum -y install wget gcc epel-release git

1.2 pa安装py3.6和建立py虚拟环境

###安装py3.6
[root@localhost ~]# yum -y install python36 python36-devel


###建立py虚拟环境
[root@localhost opt]# cd  /opt/
[root@localhost opt]# python3.6 -m venv py3
[root@localhost opt]# source /opt/py3/bin/activate
# 看到下面的提示符代表成功, 以后运行 Jumpserver 都要先运行以上 source 命令, 以下所有命令均在该虚拟环境中运行
(py3) [root@localhost py3]

2 安装Jumpserve
2.1 安装依赖rpm包，py依赖库

###下载或 Clone 项目
(py3) [root@localhost opt]# 
git clone https://github.com/jumpserver/jumpserver.git

###安装依赖rpm包
(py3) [root@localhost opt]# cd /opt/jumpserver/requirements
# 如果没有任何报错请继续
(py3) [root@localhost requirements]#  yum -y install $(cat rpm_requirements.txt)

###安装py依赖库
(py3) [root@localhost requirements]# pip install --upgrade pip setuptools

安装时间比较长，耐心等待
(py3) [root@localhost requirements]# pip install -r requirements.txt

报错：

django-radius 1.3.3 has requirement future==0.16.0, but you'll have future 0.17.1 which is incompatible.

2.2 安装redis

让jumpserver使用redis做cache和celery broker

###安装Redis
(py3) [root@localhost requirements]# yum -y install redis

(py3) [root@localhost requirements]# systemctl enable redis

2.3 mysql

###安装mysql
# centos7下安装的是mariadb
(py3) [root@localhost requirements]#  yum -y install mariadb mariadb-devel mariadb-server

(py3) [root@localhost requirements]# systemctl enable mariadb
 
(py3) [root@localhost requirements]# systemctl start mariadb


###创建数据并授权
# 生成随机数据库密码
# DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`
# echo -e "\033[31m 你的数据库密码是 $DB_PASSWORD \033[0m"
# mysql -uroot -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD'; flush privileges;"


###修改jumpserver文件
(py3) [root@localhost requirements]# cd /opt/jumpserver
(py3) [root@localhost jumpserver]# cp config_example.yml config.yml

# 生成随机SECRET_KEY
# SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
# echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc

# 生成随机BOOTSTRAP_TOKEN
# BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
# echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc

# sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
# sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
# sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
# sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
# sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
# sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
# echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"
# echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"

2.4 s运行jumpserver

###启动，不报错
(py3) [root@localhost jumpserver]# 

(py3) [root@localhost jumpserver]# ./jms start all -d

3 安装SSH Server 和 WebSocket Server: Coco

###下载Clone 项目
(py3) [root@localhost opt]# cd /opt
(py3) [root@localhost opt]# source /opt/py3/bin/activate
# git clone https://github.com/jumpserver/coco.git

###安装依赖
(py3) [root@localhost opt]# cd /opt/coco/requirements
(py3) [root@localhost requirements]# yum -y install $(cat rpm_requirements.txt)
(py3) [root@localhost requirements]# pip install -r requirements.txt

###修改配置文件并且运行
(py3) [root@localhost requirements]# cd /opt/coco
(py3) [root@localhost coco]# cp config_example.yml config.yml
# sed -i "s/BOOTSTRAP_TOKEN: <PleasgeChangeSameWithJumpserver>/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/coco/config.yml

# sed -i "s/# LOG_LEVEL: INFO/LOG_LEVEL: ERROR/g" /opt/coco/config.yml


###启动
# 后台运行使用 -d 参数./cocod start -d
((py3) [root@localhost coco]# ./cocod start -d
Use eventlet dispatch
Start coco process
# 新版本更新了运行脚本, 使用方式./cocod start|stop|status  后台运行请添加 -d 参数

4 安装Web Terminal 前端: Luna

##Luna 已改为纯前端, 需要 Nginx 来运行访问
访问(https://github.com/jumpserver/luna/releases)下载对应版本的 release 包, 直接解压不需要编译
###下载解压
(py3) [root@localhost coco]# cd /opt
#  wget https://github.com/jumpserver/luna/releases/download/1.4.9/luna.tar.gz
(py3) [root@localhost opt]# tar xf luna.tar.gz
(py3) [root@localhost opt]# chown -R root:root luna

5 安装 Windows 支持组件

###安装依赖
[root@localhost opt]# mkdir /usr/local/lib/freerdp/
[root@localhost opt]# ln -s /usr/local/lib/freerdp /usr/lib64/freerdp
[root@localhost opt]# rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro

[root@localhost opt]# rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm


[root@localhost opt]# yum -y localinstall --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm

[root@localhost opt]#  yum install -y java-1.8.0-openjdk libtool
[root@localhost opt]# yum install -y cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel

[root@localhost opt]# yum install -y ffmpeg-devel freerdp-devel freerdp-plugins pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-udio-libs-devel openssl-devel libvorbis-devel libwebp-devel ghostscript


###编译安装 guacamole 服务
[root@localhost opt]# cd /opt
[root@localhost opt]# git clone https://github.com/jumpserver/docker-guacamole.git

[root@localhost opt]# cd /opt/docker-guacamole/
[root@localhost docker-guacamole]# tar -xf guacamole-server-0.9.14.tar.gz
[root@localhost docker-guacamole]# cd guacamole-server-0.9.14
[root@localhost guacamole-server-0.9.14]# autoreconf -fi

# ./configure --with-init-dir=/etc/init.d
# make && make install
# cd .. && rm -rf guacamole-server-0.9.14
# ldconfig

###配置 Tomcat
# 创建 guacamole 目录
# mkdir -p /config/guacamole /config/guacamole/lib /config/guacamole/extensions
# ln -sf /opt/docker-guacamole/guacamole-auth-jumpserver-0.9.14.jar /config/guacamole/extensions/guacamole-auth-jumpserver-0.9.14.jar

# guacamole 配置文件
# ln -sf /opt/docker-guacamole/root/app/guacamole/guacamole.properties /config/guacamole/guacamole.properties

# cd /config && wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-8/v8.5.39/bin/apache-tomcat-8.5.39.tar.gz
# tar xf apache-tomcat-8.5.39.tar.gz && rm -rf apache-tomcat-8.5.39.tar.gz
# mv apache-tomcat-8.5.39 tomcat8
# rm -rf /config/tomcat8/webapps/*

# guacamole client
# ln -sf /opt/docker-guacamole/guacamole-0.9.14.war /config/tomcat8/webapps/ROOT.war
# 修改默认端口为 8081
# sed -i 's/Connector port="8080"/Connector port="8081"/g' /config/tomcat8/conf/server.xml
# 修改 log 等级为 WARNING
# sed -i 's/FINE/WARNING/g' /config/tomcat8/conf/logging.properties
# cd /config && wget https://github.com/ibuler/ssh-forward/releases/download/v0.0.5/linux-amd64.tar.gz

# tar xf linux-amd64.tar.gz -C /bin/
# chmod +x /bin/ssh-forward

###配置环境变量
# http://127.0.0.1:8080 指 jumpserver 访问地址
# export JUMPSERVER_SERVER=http://127.0.0.1:8080
# echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc

# BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN
# export BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN
# echo "export BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
# export JUMPSERVER_KEY_DIR=/config/guacamole/keys
# echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
# export GUACAMOLE_HOME=/config/guacamole
# echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc

###启动 Guacamole
# /etc/init.d/guacd start
 
# sh /config/tomcat8/bin/startup.sh

6 配置 Nginx 整合各组件

###安装nginx
# yum install yum-utils
#  vi /etc/yum.repos.d/nginx.repo

# yum install -y nginx
# rm -rf /etc/nginx/conf.d/default.conf
# systemctl enable nginx

###准备配置文件 修改 /etc/nginx/conf.d/jumpserver.conf
# vi /etc/nginx/conf.d/jumpserver.conf


###运行nginx
# 确保配置没有问题, 有问题请先解决
# nginx -t

# CentOS 7
# systemctl start nginx
# systemctl enable nginx

###开始使用 jumpserver

标签：opt,guacamole,py3,jumpserver,install,root,localhost
来源： https://www.cnblogs.com/Alexr/p/13236481.html

本站声明： 1. iCode9 技术分享网（下文简称本站）提供的所有内容，仅供技术学习、探讨和分享；
2. 关于本站的所有留言、评论、转载及引用，纯属内容发起人的个人观点，与本站观点和立场无关；
3. 关于本站的所有言论和文字，纯属内容发起人的个人观点，与本站观点和立场无关；
4. 本站文章均是网友提供，不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属；如您发现该文章侵犯了您的权益，可联系我们第一时间进行删除；
5. 本站为非盈利性的个人网站，所有内容不会用来进行牟利，也不会利用任何形式的广告来间接获益，纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。

ICode9

jumpserver_install