jumpserver——脚本安装
阅读原文时间:2023年07月11日阅读:1

CentOS Linux release 7.7.1908 (Core)
3.10.0-1062.4.1.el7.x86_64

Initialize(){
yum update -y
systemctl start firewalld
firewall-cmd --zone=public --add-port=80/tcp --permanent # nginx 端口
firewall-cmd --zone=public --add-port=2222/tcp --permanent # 用户SSH登录端口 coco --permanent 永
firewall-cmd --reload # 重新载入规则
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
}

install_redis(){

安装 Redis, Jumpserver 使用 Redis 做 cache 和 celery broke

yum -y install wget gcc epel-release git  
yum -y install redis  
systemctl enable redis  
systemctl start redis  

}

install_mariadb(){

安装 MySQL, 如果不使用 Mysql 可以跳过相关 Mysql 安装和配置, 支持sqlite3, mysql, postgres等

yum -y install mariadb mariadb-devel mariadb-server MariaDB-shared  
systemctl enable mariadb  
systemctl start mariadb  
DB\_PASSWORD=\`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24\`  
echo -e "\\033\[31m 你的数据库密码是 $DB\_PASSWORD \\033\[0m"  

#创建数据库 Jumpserver 并授权
mysql -uroot -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'j
}

install_nginx(){
#安装 Nginx, 用作代理服务器整合 Jumpserver 与各个组件
yum -y install nginx
systemctl enable nginx

cat >/etc/nginx/nginx.conf <<EOF  
user nginx;  
worker\_processes auto;  
error\_log /var/log/nginx/error.log;  
pid /run/nginx.pid;  
include /usr/share/nginx/modules/\*.conf;  
events {  
    worker\_connections 1024;  
}  
http {  
    log\_format  main  '\\$remote\_addr - \\$remote\_user \[\\$time\_local\] "\\$request" '  
                      '\\$status \\$body\_bytes\_sent "\\$http\_referer" '  
                      '"\\$http\_user\_agent" "\\$http\_x\_forwarded\_for"';  
    access\_log  /var/log/nginx/access.log  main;  
    sendfile            on;  
    tcp\_nopush          on;  
    tcp\_nodelay         on;  
    keepalive\_timeout   65;  
    types\_hash\_max\_size 2048;  
    include             /etc/nginx/mime.types;  
    default\_type        application/octet-stream;  
    include /etc/nginx/conf.d/\*.conf;  
}  

EOF

}

install_python36(){
yum -y install python36 python36-devel
cd /opt
#配置并载入 Python3 虚拟环境
python3.6 -m venv py3 #py3 为虚拟环境名称, 可自定义
source /opt/py3/bin/activate # 退出虚拟环境可以使用 deactivate 命令
}
##看到下面的提示符代表成功, 以后运行 Jumpserver 都要先运行以上 source 命令, 载入环境后默认以下所有命令均
#(py3) [root@localhost py3]

install_jumpserver(){
cd /opt/
git clone https://github.com/jumpserver/jumpserver.git
cd /opt/jumpserver
git checkout 1.5.2
yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt)
#安装 Python 库依赖
pip3 install --upgrade pip setuptools
pip3 install -r /opt/jumpserver/requirements/requirements.txt

}

jumpserver_config(){

修改 Jumpserver 配置文件

cd /opt/jumpserver  
cp config\_example.yml config.yml  

SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`

echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc

BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`

echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc

sed -i "s/SECRET\_KEY:/SECRET\_KEY: $SECRET\_KEY/g" /opt/jumpserver/config.yml  
sed -i "s/BOOTSTRAP\_TOKEN:/BOOTSTRAP\_TOKEN: $BOOTSTRAP\_TOKEN/g" /opt/jumpserver/config.yml  
sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml  
sed -i "s/# LOG\_LEVEL: DEBUG/LOG\_LEVEL: ERROR/g" /opt/jumpserver/config.yml  
sed -i "s/# SESSION\_EXPIRE\_AT\_BROWSER\_CLOSE: false/SESSION\_EXPIRE\_AT\_BROWSER\_CLOSE: true/g" /opt/ju  
sed -i "s/DB\_PASSWORD: /DB\_PASSWORD: $DB\_PASSWORD/g" /opt/jumpserver/config.yml

echo -e "\\033\[31m 你的SECRET\_KEY是 $SECRET\_KEY \\033\[0m"  
echo -e "\\033\[31m 你的BOOTSTRAP\_TOKEN是 $BOOTSTRAP\_TOKEN \\033\[0m"

cd /opt/jumpserver  
./jms start -d 

}

install_docker(){
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
yum makecache fast
rpm --import https://mirrors.aliyun.com/docker-ce/linux/centos/gpg
yum -y install docker-ce
systemctl enable docker
curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io
systemctl restart docker

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="172.17.0.0/16" port pr  
 firewall-cmd --reload  

}

run_docker(){

Server\_IP="192.168.31.25"  
echo -e "\\033\[31m 你的服务器IP是 $Server\_IP \\033\[0m"  
docker run --name jms\_coco -d -p 2222:2222 -p 5000:5000 -e CORE\_HOST=http://$Server\_IP:8080 -e BOOT  
docker run --name jms\_guacamole -d -p 8081:8081 -e JUMPSERVER\_SERVER=http://$Server\_IP:8080 -e BOOT

}

install_luna(){
cd /opt
wget https://github.com/jumpserver/luna/releases/download/1.5.2/luna.tar.gz
tar xf luna.tar.gz
chown -R root:root luna
}

jumpsever_nginx_config(){
rm -rf /etc/nginx/conf.d/default.conf

cat >/etc/nginx/conf.d/jumpserver.conf <<EOF  
server {  
    listen 80;

    client\_max\_body\_size 100m;  # 录像及文件上传大小限制

    location /luna/ {  
        try\_files \\$uri / /index.html;  
        alias /opt/luna/;  # luna 路径, 如果修改安装目录, 此处需要修改  
    }

    location /media/ {  
        add\_header Content-Encoding gzip;  
        root /opt/jumpserver/data/;  # 录像位置, 如果修改安装目录, 此处需要修改  
    }

    location /static/ {  
        root /opt/jumpserver/data/;  # 静态资源, 如果修改安装目录, 此处需要修改  
    }

    location /socket.io/ {  
        proxy\_pass       http://localhost:5000/socket.io/;  
        proxy\_buffering off;  
        proxy\_http\_version 1.1;  
        proxy\_set\_header Upgrade \\$http\_upgrade;  
        proxy\_set\_header Connection "upgrade";  
        proxy\_set\_header X-Real-IP \\$remote\_addr;  
        proxy\_set\_header Host \\$host;  
        proxy\_set\_header X-Forwarded-For \\$proxy\_add\_x\_forwarded\_for;  
        access\_log off;  
    }

    location /coco/ {  
        proxy\_pass       http://localhost:5000/coco/;  
        proxy\_set\_header X-Real-IP \\$remote\_addr;  
        proxy\_set\_header Host \\$host;  
        proxy\_set\_header X-Forwarded-For \\$proxy\_add\_x\_forwarded\_for;  
        access\_log off;  
    }

    location /guacamole/ {  
        proxy\_pass       http://localhost:8081/;  
        proxy\_buffering off;  
        proxy\_http\_version 1.1;  
        proxy\_set\_header Upgrade \\$http\_upgrade;  
        proxy\_set\_header Connection \\$http\_connection;  
        proxy\_set\_header X-Real-IP \\$remote\_addr;  
        proxy\_set\_header Host \\$host;  
        proxy\_set\_header X-Forwarded-For \\$proxy\_add\_x\_forwarded\_for;  
        access\_log off;  
    }

    location / {  
        proxy\_pass http://localhost:8080;  
        proxy\_set\_header X-Real-IP \\$remote\_addr;  
        proxy\_set\_header Host \\$host;  
        proxy\_set\_header X-Forwarded-For \\$proxy\_add\_x\_forwarded\_for;  
    }  
}  

EOF
}

enable_start(){
#jumpserver
cat > /usr/lib/systemd/system/jms.service <<EOF
[Unit]
Description=jms
After=network.target mariadb.service redis.service docker.service
Wants=mariadb.service redis.service docker.service

\[Service\]  
Type=forking  
Environment="PATH=/opt/py3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin"  
ExecStart=/opt/jumpserver/jms start all -d  
ExecReload=  
ExecStop=/opt/jumpserver/jms stop

\[Install\]  
WantedBy=multi-user.target  

EOF

#start  
cat > /opt/start\_jms.sh <<EOF  
#!/bin/bash  
set -e

export LANG=zh\_CN.UTF-8

systemctl start jms  
docker start jms\_coco  
docker start jms\_guacamole

exit 0  

EOF

#stop  
cat >/opt/stop\_jms.sh <<EOF  
#!/bin/bash  
set -e

export LANG=zh\_CN.UTF-8

docker stop jms\_coco  
docker stop jms\_guacamole  
systemctl stop jms

exit 0  

EOF

chmod +x /etc/rc.d/rc.local  
if \[ "$(cat /etc/rc.local | grep start\_jms.sh)" == "" \]; then  
     echo "sh /opt/start\_jms.sh" >> /etc/rc.local  
fi

}

main(){
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc

Initialize  
install\_redis  
install\_mariadb  
install\_nginx  
install\_python36  
install\_jumpserver  
jumpserver\_config  
install\_docker  
install\_luna  
jumpsever\_nginx\_config  
run\_docker  
enable\_start  
nginx -t  
systemctl start nginx  

}

https://jumpserver.readthedocs.io/zh/latest/setup_by_centos7.html  官方文档

手机扫一扫

移动阅读更方便

阿里云服务器
腾讯云服务器
七牛云服务器

你可能感兴趣的文章