jumpserver1.4.1 安装过程
阅读原文时间:2023年07月11日阅读:1

# 修改字符集

localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
export LC_ALL=zh_CN.UTF-8
echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf

#安装依赖包

yum -y install readline* net-tools icu perl-DBI perl-Net-Daemon perl-PlRPC libcap-devel lynx perl-DBD-MySQL readline-devel net-tools* dos2unix gcc* xmlto screen vim* psmisc wget lrzsz pcre-devel iptraf sysstat libevent libevent-devel perl-ExtUtils-CBuilder perl-ExtUtils-MakeMaker tar rrdtool ntp* dos2unix setup* net-snmp-utils net-snmp-devel ruby ruby-devel php-snmp cmake net-snmp-perl net-snmp net-snmp-libs wget elinks make autoconf213 m4 gcc gcc-c++ automake autoconf fontconfig fontconfig-devel libjpeg libjpeg* libjpeg-devel libpng libpng-devel freetype freetype* freetype-devel libxml2 libxml2-devel libdhash libdhash-devel libxslt* zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2* libicu libicu-devel ncurses ncurses-devel xmlrpc-c xmlrpc-c-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel openldap-clients openldap-servers gd gd-devel pam* gettext gettext-devel keyutils mpfr cpp libgomp libstdc++-devel keyutils-libs-devel libcom_err-devel libsepol-devel libXpm* php-gd ncurses* libtool* patch unzip bison-devel bison libcom_err-devel libsepol-devel gtk* libselinux-devel libtiff* php-common policycoreutils telnet t1lib t1lib* nasm nasm* wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git libtiff-devel libjpeg-devel libzip-devel freetype-devel lcms2-devel libwebp-devel tcl-devel tk-devel sshpass openldap-devel mysql-devel libffi-devel openssh-clients

#编译安装python

tar xvf package.tar.gz
tar xvf Python-3.6.1.tar.xz
cd Python-3.6.1
./configure --enable-optimizations
make && make install

#建立 Python 虚拟环境

cd /opt
python3 -m venv python3
source /opt/python3/bin/activate

#自动载入 Python 虚拟环境配置

tar zxvf autoenv.tar.gz
mv autoenv /opt/
echo 'source /opt/autoenv/activate.sh' >> ~/.bashrc
source ~/.bashrc

#安装 Jumpserver

tar zxvf jumpserver.tar.gz
mv jumpserver /opt/
echo 'source /opt/python3/bin/activate' > /opt/jumpserver/.env
cd /opt/jumpserver

# 首次进入 jumpserver 文件夹会有提示,按 y 即可
# Are you sure you want to allow this? (y/N) y

#安装 Python 库依赖

pip install -r /opt/jumpserver/requirements/requirements.txt -i https://pypi.python.org/simple

#安装 Redis

yum -y install redis
sed -i "481 a requirepass 123456" /etc/redis.conf
systemctl enable redis
systemctl start redis

#安装 MySQL

yum -y install mariadb mariadb-devel mariadb-server
systemctl enable mariadb
systemctl start mariadb

#设置mariadb密码

/usr/bin/mysqladmin -u root password 123456
cat > /tmp/mysql_sec_script<<EOF
drop database test;
create database jumpserver default charset 'utf8';
grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '123456';
grant all on jumpserver.* to 'jumpserver'@'localhost' identified by '123456';
grant all on jumpserver.* to 'jumpserver'@'%' identified by '123456';
flush privileges;
EOF

/usr/bin/mysql -u root -p123456 -h 127.0.0.1 < /tmp/mysql_sec_script
rm -f /tmp/mysql_sec_script

#修改 Jumpserver 配置文件

cp /opt/jumpserver/config_example.py /opt/jumpserver/config.py
sed -i "s/# DB_HOST/DB_HOST/g" /opt/jumpserver/config.py
sed -i "s/# DB_ENGINE/DB_ENGINE/g" /opt/jumpserver/config.py
sed -i "s/# DB_PORT/DB_PORT/g" /opt/jumpserver/config.py
sed -i "s/# DB_USER/DB_USER/g" /opt/jumpserver/config.py
sed -i "s/# DB_PASSWORD/DB_PASSWORD/g" /opt/jumpserver/config.py
sed -i "s/# DB_NAME/DB_NAME/g" /opt/jumpserver/config.py
sed -i "s/DB_ENGINE = 'sqlite3'/#DB_ENGINE = 'sqlite3'/g" /opt/jumpserver/config.py
sed -i "s/weakPassword/$mysqlrootpwd/g" /opt/jumpserver/config.py
sed -i "s/or ''/or '123456'/g" /opt/jumpserver/config.py
sed -i "s/DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')/#DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')/g" /opt/jumpserver/config.py
sed -i "168 a 'OPTIONS': {\n'init_command': \"SET sql_mode='STRICT_TRANS_TABLES'"\"\\n\}, /opt/jumpserver/apps/jumpserver/settings.py
sed -i "s/0.0.0.0/你的IP/g" /opt/jumpserver/config.py

#生成数据库表结构和初始化数据

cd /opt/jumpserver/utils/
./make_migrations.sh

#运行 Jumpserver

cd /opt/jumpserver/
./jms start all -d

请浏览器访问 http://IP:8080/ 默认账号: admin 密码: admin

#安装 SSH 和 WebSocket 接口

tar zxvf coco.tar.gz
mv coco /opt/coco
echo 'source /opt/python3/bin/activate' > /opt/coco/.env

# 首次进入 coco 文件夹会有提示,按 y 即可
# Are you sure you want to allow this? (y/N) y

#安装依赖

pip install -r /opt/coco/requirements/requirements.txt -i https://pypi.python.org/simple

#修改配置文件

sed -i "s/# NAME/NAME/g" /opt/coco/conf.py
sed -i "s/# CORE_HOST/CORE_HOST/g" /opt/coco/conf.py
sed -i "s/# LOG_LEVEL = 'INFO'/LOG_LEVEL = 'WARN'/g" /opt/coco/conf.py
sed -i "69 a LANGUAGE_CODE = 'zh'" /opt/coco/conf.py

#运行coco

cd /opt/coco
./cocod start -d

#安装 Web Terminal 前端

tar zxvf luna.tar.gz
chown -R root:root luna
mv luna /opt/luna

# 安装 Windows 支持组件

yum remove docker-latest-logrotate docker-logrotate docker-selinux dockdocker-engine
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo docker-ce.repo
rpm --import gpg
yum makecache fast
yum -y install docker-ce

#启动docker

systemctl start docker
systemctl status docker

#启动 Guacamole

cp guacamole.tar /opt/guacamole.tar
docker load < /opt/guacamole.tar

注意:这里需要修改下 http://<填写jumpserver的url地址> 例: http://192.168.3.189, 否则会出错

docker run --name jms_guacamole -d -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key -e JUMPSERVER_KEY_DIR=/config/guacamole/key -e JUMPSERVER_SERVER=http://$IP jumpserver/guacamole:latest

#安装nginx

yum install nginx
cp jumpserver.conf /etc/nginx/conf.d/
systemctl enable nginx
systemctl start nginx

#查看各个服务运行

cd /opt/jumpserver
./jms status

cd /opt/coco
./cocod status

docker ps