jumpserver——脚本安装
CentOS Linux release 7.7.1908 (Core)
3.10.0-1062.4.1.el7.x86_64
Initialize(){
yum update -y
systemctl start firewalld
firewall-cmd --zone=public --add-port=80/tcp --permanent # nginx 端口
firewall-cmd --zone=public --add-port=2222/tcp --permanent # 用户SSH登录端口 coco --permanent 永
firewall-cmd --reload # 重新载入规则
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
}
install_redis(){
安装 Redis, Jumpserver 使用 Redis 做 cache 和 celery broke
yum -y install wget gcc epel-release git
yum -y install redis
systemctl enable redis
systemctl start redis }
install_mariadb(){
安装 MySQL, 如果不使用 Mysql 可以跳过相关 Mysql 安装和配置, 支持sqlite3, mysql, postgres等
yum -y install mariadb mariadb-devel mariadb-server MariaDB-shared
systemctl enable mariadb
systemctl start mariadb
DB\_PASSWORD=\`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24\`
echo -e "\\033\[31m 你的数据库密码是 $DB\_PASSWORD \\033\[0m" #创建数据库 Jumpserver 并授权
mysql -uroot -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'j
}
install_nginx(){
#安装 Nginx, 用作代理服务器整合 Jumpserver 与各个组件
yum -y install nginx
systemctl enable nginx
cat >/etc/nginx/nginx.conf <<EOF
user nginx;
worker\_processes auto;
error\_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/\*.conf;
events {
worker\_connections 1024;
}
http {
log\_format main '\\$remote\_addr - \\$remote\_user \[\\$time\_local\] "\\$request" '
'\\$status \\$body\_bytes\_sent "\\$http\_referer" '
'"\\$http\_user\_agent" "\\$http\_x\_forwarded\_for"';
access\_log /var/log/nginx/access.log main;
sendfile on;
tcp\_nopush on;
tcp\_nodelay on;
keepalive\_timeout 65;
types\_hash\_max\_size 2048;
include /etc/nginx/mime.types;
default\_type application/octet-stream;
include /etc/nginx/conf.d/\*.conf;
} EOF
}
install_python36(){
yum -y install python36 python36-devel
cd /opt
#配置并载入 Python3 虚拟环境
python3.6 -m venv py3 #py3 为虚拟环境名称, 可自定义
source /opt/py3/bin/activate # 退出虚拟环境可以使用 deactivate 命令
}
##看到下面的提示符代表成功, 以后运行 Jumpserver 都要先运行以上 source 命令, 载入环境后默认以下所有命令均
#(py3) [root@localhost py3]
install_jumpserver(){
cd /opt/
git clone https://github.com/jumpserver/jumpserver.git
cd /opt/jumpserver
git checkout 1.5.2
yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt)
#安装 Python 库依赖
pip3 install --upgrade pip setuptools
pip3 install -r /opt/jumpserver/requirements/requirements.txt
}
jumpserver_config(){
修改 Jumpserver 配置文件
cd /opt/jumpserver
cp config\_example.yml config.yml SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
sed -i "s/SECRET\_KEY:/SECRET\_KEY: $SECRET\_KEY/g" /opt/jumpserver/config.yml
sed -i "s/BOOTSTRAP\_TOKEN:/BOOTSTRAP\_TOKEN: $BOOTSTRAP\_TOKEN/g" /opt/jumpserver/config.yml
sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
sed -i "s/# LOG\_LEVEL: DEBUG/LOG\_LEVEL: ERROR/g" /opt/jumpserver/config.yml
sed -i "s/# SESSION\_EXPIRE\_AT\_BROWSER\_CLOSE: false/SESSION\_EXPIRE\_AT\_BROWSER\_CLOSE: true/g" /opt/ju
sed -i "s/DB\_PASSWORD: /DB\_PASSWORD: $DB\_PASSWORD/g" /opt/jumpserver/config.yml
echo -e "\\033\[31m 你的SECRET\_KEY是 $SECRET\_KEY \\033\[0m"
echo -e "\\033\[31m 你的BOOTSTRAP\_TOKEN是 $BOOTSTRAP\_TOKEN \\033\[0m"
cd /opt/jumpserver
./jms start -d }
install_docker(){
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache fast
rpm --import https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
yum -y install docker-ce
systemctl enable docker
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
systemctl restart docker
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="172.17.0.0/16" port pr
firewall-cmd --reload }
run_docker(){
Server\_IP="192.168.31.25"
echo -e "\\033\[31m 你的服务器IP是 $Server\_IP \\033\[0m"
docker run --name jms\_coco -d -p 2222:2222 -p 5000:5000 -e CORE\_HOST=http://$Server\_IP:8080 -e BOOT
docker run --name jms\_guacamole -d -p 8081:8081 -e JUMPSERVER\_SERVER=http://$Server\_IP:8080 -e BOOT}
install_luna(){
cd /opt
wget https://github.com/jumpserver/luna/releases/download/1.5.2/luna.tar.gz
tar xf luna.tar.gz
chown -R root:root luna
}
jumpsever_nginx_config(){
rm -rf /etc/nginx/conf.d/default.conf
cat >/etc/nginx/conf.d/jumpserver.conf <<EOF
server {
listen 80;
client\_max\_body\_size 100m; # 录像及文件上传大小限制
location /luna/ {
try\_files \\$uri / /index.html;
alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
}
location /media/ {
add\_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
}
location /socket.io/ {
proxy\_pass http://localhost:5000/socket.io/;
proxy\_buffering off;
proxy\_http\_version 1.1;
proxy\_set\_header Upgrade \\$http\_upgrade;
proxy\_set\_header Connection "upgrade";
proxy\_set\_header X-Real-IP \\$remote\_addr;
proxy\_set\_header Host \\$host;
proxy\_set\_header X-Forwarded-For \\$proxy\_add\_x\_forwarded\_for;
access\_log off;
}
location /coco/ {
proxy\_pass http://localhost:5000/coco/;
proxy\_set\_header X-Real-IP \\$remote\_addr;
proxy\_set\_header Host \\$host;
proxy\_set\_header X-Forwarded-For \\$proxy\_add\_x\_forwarded\_for;
access\_log off;
}
location /guacamole/ {
proxy\_pass http://localhost:8081/;
proxy\_buffering off;
proxy\_http\_version 1.1;
proxy\_set\_header Upgrade \\$http\_upgrade;
proxy\_set\_header Connection \\$http\_connection;
proxy\_set\_header X-Real-IP \\$remote\_addr;
proxy\_set\_header Host \\$host;
proxy\_set\_header X-Forwarded-For \\$proxy\_add\_x\_forwarded\_for;
access\_log off;
}
location / {
proxy\_pass http://localhost:8080;
proxy\_set\_header X-Real-IP \\$remote\_addr;
proxy\_set\_header Host \\$host;
proxy\_set\_header X-Forwarded-For \\$proxy\_add\_x\_forwarded\_for;
}
} EOF
}
enable_start(){
#jumpserver
cat > /usr/lib/systemd/system/jms.service <<EOF
[Unit]
Description=jms
After=network.target mariadb.service redis.service docker.service
Wants=mariadb.service redis.service docker.service
\[Service\]
Type=forking
Environment="PATH=/opt/py3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin"
ExecStart=/opt/jumpserver/jms start all -d
ExecReload=
ExecStop=/opt/jumpserver/jms stop
\[Install\]
WantedBy=multi-user.target EOF
#start
cat > /opt/start\_jms.sh <<EOF
#!/bin/bash
set -e
export LANG=zh\_CN.UTF-8
systemctl start jms
docker start jms\_coco
docker start jms\_guacamole
exit 0 EOF
#stop
cat >/opt/stop\_jms.sh <<EOF
#!/bin/bash
set -e
export LANG=zh\_CN.UTF-8
docker stop jms\_coco
docker stop jms\_guacamole
systemctl stop jms
exit 0 EOF
chmod +x /etc/rc.d/rc.local
if \[ "$(cat /etc/rc.local | grep start\_jms.sh)" == "" \]; then
echo "sh /opt/start\_jms.sh" >> /etc/rc.local
fi}
main(){
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
Initialize
install\_redis
install\_mariadb
install\_nginx
install\_python36
install\_jumpserver
jumpserver\_config
install\_docker
install\_luna
jumpsever\_nginx\_config
run\_docker
enable\_start
nginx -t
systemctl start nginx }
https://jumpserver.readthedocs.io/zh/latest/setup_by_centos7.html 官方文档
手机扫一扫
移动阅读更方便
你可能感兴趣的文章