Jumpserver2.2部署文档
2020-09-05 14:32
295 查看
jumpserver 安装问题
jumpserver 安装文档
概览
-
官网: jumpserver.org
- 环境准备: centos7.7+ 操作系统
- python36
- 基本配置: 2C4G50G 【基本配置】
- 软件安装路径约定:
路径 | 说明 |
---|---|
/data | 云虚拟主机需要单独挂载一块50G的数据盘(xfs/ext4不限) |
/data/application | 应用所在路径(软件安装包所在地) |
/data/app_data | 应用数据路径(例如mysql&redis) |
/data/app_log | 应用日志路径 |
/data/pkg | 软件路径 |
- 软件准备
- 初始化配置
- 安装基础软件
- 安装jumpserver
- 安装koko
- 配置Guacamole组件
- 部署Luna组件
- 配置Nginx整合各个组件
- 开始使用Jumpserver
初始化配置
1. 关闭防火墙 $ systemctl stop firewalld && systemctl disable firewalld 2. 关闭selinux $ sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config $ setenforce 0 && getenforce 3. 设置主机名 $ echo "jumpserver" > /etc/hostname $ hostname jumpserver 4. 系统参数 $ vim /etc/security/limits.conf * soft nofile 102400 * hard nofile 102400 * soft nproc 102400 * hard nproc 102400 7. 配置yum仓库 $ curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo $ curl -o /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo $ sed -i 's/http/https/g' /etc/yum.repos.d/CentOS-Base.repo $ sed -i 's/http/https/g' /etc/yum.repos.d/epel.repo 6. 系统预装软件 $ yum -y install wget git net-tools lrzsz vim gcc gcc-c++ make ntpdate 7. 时间同步 $ ntpdate time.windows.com 8. 磁盘挂载 $ mkfs.xfs /dev/vdb && mkdir /data && mount /dev/vdb/ /data $ echo "mount /dev/vdb/ /data" >> /etc/rc.local 9. 准备环境目录 $ cd /data && mkdir application pkg app_data app_log 10. 重启机器 $ reboot -f
软件准备
将上述的软件放在/data/pkg 下
- 上述软件下载包详见百度云
链接: https://pan.baidu.com/s/16cPe0Bytip53qsdxTopUVw 密码: fqld
基础软件安装
python36环境的安装与配置
- 软件安装
$ yum -y install pythoin36 python36-devel
- 配置pip源
$ tee /etc/pip.conf <<EOF [global] index-url = http://pypi.douban.com/simple trusted-host = pypi.douban.com [list] format=columns EOF
- python虚拟环境的创建与配置
$ python3.6 -m venv /data/application/py3 $ vim ~/.bashrc source /data/application/py3/bin/activate $ source /data/application/py3/bin/activate $ pip install wheel && pip install --upgrade pip setuptools
redis 安装与配置
- 安装
cd /data/pkg tar xf redis-4.0.6.tar.gz cd redis-4.0.6/ make PREFIX=/data/application/redis install mkdir /data/application/redis/conf cp redis.conf /data/application/redis/config sed -i 's/daemonize no/daemonize yes/g' /data/application/redis/config/redis.conf
- 配置文件修改
$ mkdir -p /data/app_logs/pids/redis $ mkdir /data/app_data/redis -p $ cd /data/application/redis/config/ && vim redis.conf pidfile /data/app_logs/pids/redis/redis_6379.pid dir /data/app_data/redis
- 启动
$ tee /usr/lib/systemd/system/redis.service <<EOF [Unit] Description=Redis After=network.target [Service] ExecStart=/data/application/redis/bin/redis-server /data/application/redis/config/redis.conf --daemonize no ExecStop=/data/application/redis/bin/redis-cli -h 127.0.0.1 -p 6379 shutdown [Install] WantedBy=multi-user.target EOF $ systemctl start redis && systemctl enable redis $ echo "export PATH=/data/application/redis/bin:$PATH" >> /etc/profile $ source /etc/profile
- 测试
$ redis-cli 127.0.0.1:6379>
mysql安装与配置
- 安装
$ cd /data/pkg $ tar xf mysql-5.7.31-linux-glibc2.12-x86_64.tar.gz $ mv /data/application/mysql-5.7/ $ useradd -s /usr/sbin/nologin -M mysql $ chmod -R mysql:mysql /data/application/mysql-5.7 $ mkdir /data/app_data/mysql/ -p $ chown -R mysql.mysql /data/app_data/mysql/ $ echo "export PATH=/data/application/mysql-5.7/bin:$PATH" >> /etc/profile && source /etc/profile
- 配置文件修改
$ tee /etc/my.cnf << EOF [mysqld] user=mysql basedir=/data/application/mysql-5.7 datadir=/data/app_data/mysql character_set_server=utf8mb4 max_allowed_packet=256M innodb_log_file_size=256M transaction-isolation=READ-COMMITTED binlog_format=row server_id=6 port=3306 socket=/tmp/mysql.sock [mysql] socket=/tmp/mysql.sock EOF
- 初始化与启动
$ cd /data/application/mysql-5.7/support-files && mv mysql.server /etc/init.d/mysqld $ tee /etc/systemd/system/mysqld.service << EOF [Unit] Description=MySQL Server Documentation=man:mysqld(8) Documentation=http://dev.mysql.com/doc/refman/en/using-systemd.html After=network.target After=syslog.target [Install] WantedBy=multi-user.target [Service] User=mysql Group=mysql ExecStart=/data/application/mysql-5.7/bin/mysqld --defaults-file=/etc/my.cnf LimitNOFILE = 5000 EOF $ mysqld --initialize-insecure --basedir=/data/application/mysql-5.7 --datadir=/data/app_data/mysql/ $ systemctl start mysqld && systemctl enable mysqld
- 测试与数据库创建
$ mysql create database jumpserver default charset 'utf8' collate 'utf8_bin'; grant all on jumpserver.* on jumpserver@'127.0.0.1' identified by 'jumpserver'; exit
大坑问题之一
需要配置这个数据库软链,不然后面会出现项目初始化找不到mysqlclient的问题
$ ln -s /data/application/mysql-5.7/lib/libmysqlclient.so.20
安装jumpserver
- 软件基础配置与依赖安装
$ cd /data/pkg $ tar xf jumpserver-v2.2.2.tar.gz && mv jumpserver-v2.2.2 /data/application/jumpserver $ source /data/application/py3/bin/activate $ cd /data/application/jumpserver/requirements/ $ yum -y install $(cat rpm_requirements.txt) $ pip install -r requirements.txt
- 配置文件修改
$ cd /data/application/jumpserver && mv config_example.yml config.yml $ cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo # 生成字符串配置到config.yml的SECRET_KEY $ cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 18;echo # 生成字符串配置到config.yml的BOOTSTRAP_TOKEN $ vim config.yml SECRET_KEY: NZIfGVB8nd3mZJTwCa3kKenWJdUVUvpK08NVq8PF5POml5sGm BOOTSTRAP_TOKEN: wHdUajO3gaXMY1PD4d DB_PASSWORD: jumpserver
- 服务启动与状态查看
$ tee /usr/lib/systemd/system/jms.service <<EOF [Unit] Description=jms After=network.target mysqld.service redis.service Wants=mysqld.service redis.service [Service] Type=forking Environment="PATH=/data/application/py3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin" ExecStart=/data/application/jumpserver/jms start all -d ExecReload= ExecStop=/data/application/jumpserver/jms stop [Install] WantedBy=multi-user.target EOF $ systemctl start jms && systemctl enable jms $ systemctl status jms
安装koko
- 安装
$ cd /data/pkg $ tar xf koko-v2.2.2-linux-amd64.tar.gz $ mv koko-v2.2.2-linux-amd64 /data/application/koko $ chown -R root:root /data/application/koko $ cd /data/application/koko $ mv kubectl /usr/local/bin/ $ wget https://download.jumpserver.org/public/kubectl.tar.gz $ tar -xf kubectl.tar.gz && chmod 755 kubectl $ mv kubectl /usr/local/bin/rawkubectl $ rm -fr kubectl.tar.gz
- 配置
$ cd /data/application/koko $ cp config_example.yml config.yml $ vim config.yml BOOTSTRAP_TOKEN: wHdUajO3gaXMY1PD4d
- 服务启动与状态查看
$ tee /usr/lib/systemd/system/koko.service << EOF Unit] Description=koko After=network.target jms.service [Service] Type=forking PIDFile=/data/application/koko/koko.pid Environment="PATH=/data/application/py3/bin/" ExecStart=/data/application/koko/koko -f /data/application/koko/config.yml start -d ExecReload= ExecStop=/data/application/koko/koko stop [Install] WantedBy=multi-user.target EOF $ systemctl start koko && systemctl enable koko $ ps -ef | grep koko
部署 Guacamole 组件
- 安装
$ mkdir /data/application/docker-guacamole $ cd /data/pkg $ wget -O docker-guacamole-v2.2.2.tar.gz https://github.com/jumpserver/docker-guacamole/archive/master.tar.gz $ tar -xf docker-guacamole-v2.2.2.tar.gz -C /data/application/docker-guacamole --strip-components 1 $ cd /data/application/docker-guacamole && mv /data/pkg/guacamole-server-1.2.0.tar.gz ./ $ tar -xf guacamole-server-1.2.0.tar.gz && rm -fr guacamole-server-1.2.0.tar.gz $ wget http://download.jumpserver.org/public/ssh-forward.tar.gz $ tar xf ssh-forward.tar.gz $ tar -xf ssh-forward.tar.gz -C /bin/ && rm -fr ssh-forward.tar.gz $ chmod +x /bin/ssh-forward $ cd guacamole-server-1.2.0/ $ yum -y install cairo-devel cairo-devel uuid uuid-devel $ ./configure --with-init-dir=/etc/init.d && make && make install $ mkdir /data/application/config/guacamole/{extensions,record,drive} -pv $ chown daemon:daemon /data/application/config/guacamole/record/ /data/application/config/guacamole/drive $ cd /data/application/config $ mv /data/pkg/apache-tomcat-9.0.37.tar.gz ./ $ tar xf apache-tomcat-9.0.37.tar.gz && mv apache-tomcat-9.0.37 tomcat9 && rm -fr apache-tomcat-9.0.37.tar.gz $ rm -fr tomcat9/webapps/* $ sed -i 's/Connector port="8080"/Connector port="8081"/g' tomcat9/conf/server.xml $ echo "java.util.logging.ConsoleHandler.encoding = UTF-8" >> tomcat9/conf/logging.properties $ mv /data/pkg/guacamole-client-v2.2.2.tar.gz ./ $ tar -xf guacamole-client-v2.2.2.tar.gz && rm -rf guacamole-client-v2.2.2.tar.gz $ cp guacamole-client-v2.2.2/guacamole-*.war tomcat9/webapps/ROOT.war $ cp guacamole-client-v2.2.2/guacamole-*.jar guacamole/extensions/ $ mv /data/application/docker-guacamole/guacamole.properties guacamole/ $ rm -rf /data/application/docker-guacamole/
- 配置
export JUMPSERVER_SERVER=http://127.0.0.1:8080 echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc export BOOTSTRAP_TOKEN=wHdUajO3gaXMY1PD4d echo "export BOOTSTRAP_TOKEN=wHdUajO3gaXMY1PD4d" >> ~/.bashrc export JUMPSERVER_KEY_DIR=/config/guacamole/keys echo "export JUMPSERVER_KEY_DIR=/data/application/config/guacamole/keys" >> ~/.bashrc export GUACAMOLE_HOME=/data/application/config/guacamole echo "export GUACAMOLE_HOME=/data/application/config/guacamole" >> ~/.bashrc export GUACAMOLE_LOG_LEVEL=ERROR echo "export GUACAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrc export JUMPSERVER_ENABLE_DRIVE=true echo "export JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc
- 启动与测试
$ /etc/init.d/guacd start $ echo "/etc/init.d/guacd start" >> /etc/rc.local $ sh /data/application/config/tomcat9/bin/startup.sh
前端组件
$ cd /data/pkg $ wget https://github.com/jumpserver/lina/releases/download/v2.2.2/lina-v2.2.2.tar.gz $ tar xf lina-v2.2.2.tar.gz $ tar xf luna-v2.2.2.tar.gz $ mv lina-v2.2.2 /data/application/lina $ rm -fr /data/application/luna/ $ mv luna-v2.2.2 /data/application/luna $ useradd -s /usr/sbin/nologin -M nginx $ chown -R nginx:nginx /data/application/luna/ /data/application/lina/
nginx 的安装与配置
- 安装
$ yum -y install gcc make pcre-devel pcre zlib openssl openssl-devel zlib-devel tree $ cd /data/pkg $ tar xf nginx-1.18.0.tar.gz $ cd nginx-1.18.0 $ ./configure --prefix=/data/application/nginx --user=nginx --with-http_ssl_module --with-http_stub_status_module --with-stream $ make && make install
- 配置
$ echo "export PATH=$PATH:/data/application/nginx /sbin" >> /etc/profile $ cd /data/application/nginx $ mkdir conf.d && rm -fr nginx.conf $ tee nginx.conf <<EOF user nginx; worker_processes auto; error_log logs/error.log warn; events { worker_connections 60000; } http { include mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_iso8601] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; log_format json '{"@timestamp":"$time_iso8601",' '"remote_ip":"$remote_addr",' '"status":$status,' '"bytes":$body_bytes_sent,' '"referer":"$http_referer",' '"agent":"$http_user_agent",' '"request_time":$request_time,' '"request":"$uri"}'; access_log logs/access.log json; sendfile on; keepalive_timeout 0; gzip on; include conf.d/*.conf; #多配置文件 } EOF $ cd conf.d && vim jumpserver.conf server { listen 80; client_max_body_size 100m; # 录像及文件上传大小限制 location /ui/ { try_files $uri / /index.html; alias /data/application/lina/; } location /luna/ { try_files $uri / /index.html; alias /data/application/luna/; # luna 路径, 如果修改安装目录, 此处需要修改 } location /media/ { add_header Content-Encoding gzip; root /data/application/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改 } location /static/ { root /data/application/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改 } location /koko/ { proxy_pass http://localhost:5000; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location /guacamole/ { proxy_pass http://localhost:8081/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location /ws/ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:8070; proxy_http_version 1.1; proxy_buffering off; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /api/ { proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /core/ { proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location / { rewrite ^/(.*)$ /ui/$1 last; } }
- 启动
$ /data/application/nginx/sbin/nginx
相关文章推荐
- Jumpserver3.0 安装部署文档
- Apache HTTP Server Version 2.2 文档
- 运维堡垒机(跳板机)系统Jumpserver v1.0.0 部署篇
- Office SharePoint Server 2007 (Beta2) 管理、部署文档
- VMware vCenter Server Appliance 部署向导文档
- JumpServer 安装部署与试用心得
- presto-server-0.152部署文档
- Windows上部署onlyoffice document server并用go语言进行二次开发实现企业实时文档协作功能
- onlyoffice document server实时文档协作的部署与开发细节
- SharePoint Server 2013 RTM 开发测试虚拟机部署文档
- Red Hat6.x下堡垒机Jumpserver Version 0.3.2 环境部署安装
- 开源堡垒机jumpserver环境部署
- Jumpserver安装部署
- centos7.4---jumpserver0.5.0版安装部署
- HQ-Server部署文档
- Zabbix Server安装部署文档
- 开源堡垒机jumpserver环境部署
- Apache HTTP Server 版本2.2文档
- Centos7.3 yum部署 zabbix-server文档
- jumpserver(0.3.2版本)开源跳板机系统部署