jumpserver安裝記錄
技術標籤:運維MySQLpythonlinuxcentos伺服器
以下內容均參考自官方文件,可直接前往官網
https://jumpserver.readthedocs.io/zh/master/install/step_by_step/
該文件的意義僅為記錄自己的搭建過程
安裝文件
JumpServer 環境要求:
硬體配置: 2個CPU核心, 4G 記憶體, 50G 硬碟(最低)
作業系統: Linux 發行版 x86_64
Python = 3.6.x
Mysql Server ≥ 5.7
Redis
安裝步驟
- 安裝 Python3.6 MySQL Redis
推薦直接從倉庫獲取
資料庫字符集要求:
create database jumpserver default charset ‘utf8’ collate ‘utf8_bin’;
2. 建立 Python 虛擬環境
python3.6 -m venv /opt/py3
3. 載入 Python 虛擬環境
source /opt/py3/bin/activate
每次操作 JumpServer 都需要先載入 py3 虛擬環境
部分系統可能會提示 source: not found, 可以使用 . 代替 source
4. 獲取 JumpServer 程式碼
cd /opt &&
wget https://github.com/jumpserver/jumpserver/releases/download/v2.5.3/jumpserver-v2.5.3.tar.gz
tar xf jumpserver-v2.5.3.tar.gz
mv jumpserver-v2.5.3 jumpserver
5. 安裝編譯環境依賴
cd /opt/jumpserver/requirements
根據當前系統, 選擇對應的檔案執行即可
pip install -r requirements.txt
確保已經載入 py3 虛擬環境, 中間如果遇到報錯一般是依賴包沒裝全, 可以通過 搜尋引擎 解決
6. 修改配置檔案
cd /opt/jumpserver &&
cp config_example.yml config.yml &&
vi config.yml
7. 啟動 JumpServer
cd /opt/jumpserver
./jms start
確保已經載入 py3 虛擬環境
可以 -d 引數在後臺執行
8. 正常部署 KoKo 元件
cd /opt &&
wget https://github.com/jumpserver/koko/releases/download/v2.5.3/koko-v2.5.3-linux-amd64.tar.gz
tar -xf koko-v2.5.3-linux-amd64.tar.gz &&
mv koko-v2.5.3-linux-amd64 koko &&
chown -R root:root koko &&
cd koko
mv kubectl /usr/local/bin/ &&
wget https://download.jumpserver.org/public/kubectl.tar.gz &&
tar -xf kubectl.tar.gz &&
chmod 755 kubectl &&
mv kubectl /usr/local/bin/rawkubectl &&
rm -rf kubectl.tar.gz
cp config_example.yml config.yml &&
vi config.yml
BOOTSTRAP_TOKEN 需要從 jumpserver/config.yml 裡面獲取, 保證一致
./koko
可以 -d 引數在後臺執行
8.1. Docker 部署 KoKo 元件
如果前面已經正常部署了 KoKo, 可以跳過此步驟
例:
docker run --name jms_koko -d
-p 2222:2222
-p 127.0.0.1:5000:5000
-e CORE_HOST=http://192.168.244.144:8080
-e BOOTSTRAP_TOKEN=zxffNymGjP79j6BN
-e LOG_LEVEL=ERROR
–privileged=true
–restart=always
jumpserver/jms_koko:v2.5.3
9. 正常部署 Guacamole 元件
建議使用 Docker 部署 Guacamole 元件 , 部分環境可能無法正常編譯安裝
cd /opt &&
wget -O docker-guacamole-v2.5.3.tar.gz https://github.com/jumpserver/docker-guacamole/archive/master.tar.gz
mkdir /opt/docker-guacamole &&
tar -xf docker-guacamole-v2.5.3.tar.gz -C /opt/docker-guacamole --strip-components 1 &&
rm -rf /opt/docker-guacamole-v2.5.3.tar.gz &&
cd /opt/docker-guacamole &&
wget http://download.jumpserver.org/public/guacamole-server-1.2.0.tar.gz &&
tar -xf guacamole-server-1.2.0.tar.gz &&
wget http://download.jumpserver.org/public/ssh-forward.tar.gz &&
tar -xf ssh-forward.tar.gz -C /bin/ &&
chmod +x /bin/ssh-forward
cd /opt/docker-guacamole/guacamole-server-1.2.0
根據 Guacamole官方文件 文件安裝對應的依賴包
./configure --with-init-dir=/etc/init.d &&
make &&
make install
需要先在當前環境配置好 Java
mkdir -p /config/guacamole /config/guacamole/extensions /config/guacamole/record /config/guacamole/drive &&
chown daemon:daemon /config/guacamole/record /config/guacamole/drive &&
cd /config
訪問 此處 下載最新的 Tomcat9
tar -xf apache-tomcat-9.0.36.tar.gz &&
mv apache-tomcat-9.0.36 tomcat9 &&
rm -rf /config/tomcat9/webapps/* &&
sed -i ‘s/Connector port=“8080”/Connector port=“8081”/g’ /config/tomcat9/conf/server.xml &&
echo “java.util.logging.ConsoleHandler.encoding = UTF-8” >> /config/tomcat9/conf/logging.properties &&
wget http://download.jumpserver.org/release/v2.5.3/guacamole-client-v2.5.3.tar.gz &&
tar -xf guacamole-client-v2.5.3.tar.gz &&
rm -rf guacamole-client-v2.5.3.tar.gz &&
cp guacamole-client-v2.5.3/guacamole-.war /config/tomcat9/webapps/ROOT.war &&
cp guacamole-client-v2.5.3/guacamole-.jar /config/guacamole/extensions/ &&
mv /opt/docker-guacamole/guacamole.properties /config/guacamole/ &&
rm -rf /opt/docker-guacamole
設定 Guacamole 環境
export JUMPSERVER_SERVER=http://127.0.0.1:8080
echo “export JUMPSERVER_SERVER=http://127.0.0.1:8080” >> ~/.bashrc
export BOOTSTRAP_TOKEN=zxffNymGjP79j6BN
echo “export BOOTSTRAP_TOKEN=zxffNymGjP79j6BN” >> ~/.bashrc
export JUMPSERVER_KEY_DIR=/config/guacamole/data/keys
echo “export JUMPSERVER_KEY_DIR=/config/guacamole/data/keys” >> ~/.bashrc
export GUACAMOLE_HOME=/config/guacamole
echo “export GUACAMOLE_HOME=/config/guacamole” >> ~/.bashrc
export GUACAMOLE_LOG_LEVEL=ERROR
echo “export GUACAMOLE_LOG_LEVEL=ERROR” >> ~/.bashrc
export JUMPSERVER_ENABLE_DRIVE=true
echo “export JUMPSERVER_ENABLE_DRIVE=true” >> ~/.bashrc
環境變數說明
/etc/init.d/guacd start
sh /config/tomcat9/bin/startup.sh
9.1 Docker 部署 Guacamole 元件
如果前面已經正常部署了 Guacamole, 可以跳過此步驟
docker run --name jms_guacamole -d
-p 127.0.0.1:8081:8080
-e JUMPSERVER_SERVER=http://<Jumpserver_url>
-e BOOTSTRAP_TOKEN=<Jumpserver_BOOTSTRAP_TOKEN>
-e GUACAMOLE_LOG_LEVEL=ERROR
jumpserver/jms_guacamole:
<Jumpserver_url> 為 JumpServer 的 url 地址, <Jumpserver_BOOTSTRAP_TOKEN> 需要從 jumpserver/config.yml 裡面獲取, 保證一致, 是版本
例:
docker run --name jms_guacamole -d
-p 127.0.0.1:8081:8080
-e JUMPSERVER_SERVER=http://192.168.244.144:8080
-e BOOTSTRAP_TOKEN=abcdefg1234
-e GUACAMOLE_LOG_LEVEL=ERROR
jumpserver/jms_guacamole:v2.5.3
10. 下載 Lina 元件
cd /opt
wget https://github.com/jumpserver/lina/releases/download/v2.5.3/lina-v2.5.3.tar.gz
tar -xf lina-v2.5.3.tar.gz
mv lina-v2.5.3 lina
chown -R nginx:nginx lina
11. 下載 Luna 元件
cd /opt
wget https://github.com/jumpserver/luna/releases/download/v2.5.3/luna-v2.5.3.tar.gz
tar -xf luna-v2.5.3.tar.gz
mv luna-v2.5.3 luna
chown -R nginx:nginx luna
12. 配置 Nginx 整合各元件
參考 官方文件 安裝最新的穩定版 nginx
echo > /etc/nginx/conf.d/default.conf
vi /etc/nginx/conf.d/jumpserver.conf
server {
listen 80;
client_max_body_size 100m; # 錄影及檔案上傳大小限制
location /ui/ {
try_files $uri / /index.html;
alias /opt/lina/;
}
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路徑, 如果修改安裝目錄, 此處需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 錄影位置, 如果修改安裝目錄, 此處需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 靜態資源, 如果修改安裝目錄, 此處需要修改
}
location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /core/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}
nginx -t
nginx -s reload
13. 開始使用 JumpServer
檢查應用是否已經正常執行
服務全部啟動後, 訪問 JumpServer 伺服器 nginx 代理的 80 埠, 不要通過8080埠訪問 預設賬號: admin 密碼: admin