JumpServer

环境

系统版本	IP地址	软件版本
CentOS7.6	172.20.1.37	MySQL 5.7.33 Redis 5.0.10
CentOS7.6	172.20.1.27	Docker 19.03.8 JumpServer2.5.3

1. 安装Redis

1.1. 下载安装包

wget https://repo.huaweicloud.com/redis/redis-5.0.10.tar.gz

1.2. 安装依赖包

yum install gcc automake autoconf libtool make 

1.3. 编译

mkdir /apps
tar -xf redis-5.0.10.tar.gz
mv redis-5.0.10 /apps/redis
make

1.4. 编辑配置文件

vim /apps/redis/redis.conf
daemonize yes                 
port 6379                     
logfile "/data/redis/redis.log"
bind 172.20.1.37 127.0.0.1 

1.5. 添加环境变量

vim /etc/profile
export PATH=$PATH:/apps/redis/src 

1.6. 启动

redis-server /apps/redis/redis.conf

1.7. 在172.20.1.27上验证是否可以连接

telnet 172.20.1.37 6379
Trying 172.20.1.37...
Connected to 172.20.1.37.
Escape character is '^]'.
ping
+PONG

2.安装MySQL

2.1. 下载安装包

wget https://cdn.mysql.com//Downloads/MySQL-5.7/mysql-5.7.33-linux-glibc2.12-x86_64.tar.gz

2.2. 解压

tar -xf mysql-5.7.33-linux-glibc2.12-x86_64.tar.gz
mv mysql-5.7.33-linux-glibc2.12-x86_64 /apps/mysql

2.3. 添加用户

groupadd -g 27 mysql
useradd -g 27 -u 27 -s /sbin/nologin mysql

2.4. 修改目录权限

mkdir /data/mysql
chown -R mysql.mysql /data/mysql
chown -R mysql.mysql /apps/mysql

2.5. 修改环境变量

vim /etc/profile
export PATH=$PATH:/app/mysql/bin

2.6. 初始化数据库

mysqld --initialize --user=mysql --basedir=/apps/mysql --datadir=/data/mysql 

2020-09-25T01:59:33.045942Z 1 [Note] A temporary password is generated for root@localhost: *9nuP<gm)pvY

2.7. 编辑配置文件

vim /etc/my.cnf
[mysqld]
datadir=/data/mysql
socket=/apps/mysql/mysql.sock
port=3306
log_error=/data/mysql/mysql-01.err
user=mysql
local_infile=OFF
character_set_server=utf8
[mysql]
socket=/apps/mysql/mysql.sock
prompt='MySQL[\d] '

vim /usr/lib/systemd/system/mysqld.service
[Unit]
Description=MySQL Server
Documentation=man:mysqld(8)
Documentation=http://dev.mysql.com/doc/refman/en/using-systemd.html
After=network.target
After=syslog.target

[Install]
WantedBy=multi-user.target

[Service]
User=mysql
Group=mysql
TimeoutSec=0
ExecStart=/apps/mysql/bin/mysqld --defaults-file=/etc/my.cnf $MYSQLD_OPTS 
EnvironmentFile=-/etc/sysconfig/mysql
LimitNOFILE = 10000
Restart=on-failure
RestartPreventExitStatus=1
Environment=MYSQLD_PARENT_PID=1
PrivateTmp=false

2.8. 创建jumpserver用户和密码

# 先修改root的，否则不能操作。
alter user root@localhost identified by "123456";

mysql -uroot -p  # 输入2.6步骤显示的密码
alter user root@localhost identified by "Password";  # 修改root的密码

create database jumpserver charset utf8;
grant all on jumpserver.* to jumpserver@'172.20.1.27' identified by "Password";

2.9. jumpserver服务器连接测试

mysql -ujumpserver -p -h 172.20.1.37
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MySQL connection id is 2457
Server version: 5.7.33 MySQL Community Server (GPL)

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MySQL [(none)]> use jumpserver;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

MySQL [jumpserver]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| jumpserver         |
+--------------------+
2 rows in set (0.00 sec)

3. 安装Docker

3.1. 安装Docker19.03

3.1.1 安装依赖

sudo yum install -y yum-utils device-mapper-persistent-data lvm2

3.1.2. 下载Repo文件

wget -O /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo

3.1.3. 替换地址

sudo sed -i 's+download.docker.com+mirrors.tuna.tsinghua.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.repo

3.1.4. 安装指定版本Docker

sudo yum makecache fast
sudo yum list --showduplicates docker-ce  # 列出所有版本
sudo yum install docker-ce-19.03.15-3.el8 docker-ce-cli-19.03.15-3.el8  # 安装指定版本

3.1.5. 配置镜像加速

sudo mkdir -p /etc/docker
sudo vim /etc/docker/daemon.json
{
	"registry-mirrors": ["https://docker.mirrors.ustc.edu.cn/"],
	"exec-opts": ["native.cgroupdriver=systemd"]
}
sudo systemctl daemon-reload

3.1.6. 设置开机自启动

systemctl enable docker

3.2. 拉取镜像

docker pull jumpserver/jms_all:2.5.3

3.3. 创建数据目录

mkdir /opt/jumpserver

3.4. 生成SECRET_KEY

if [ "$SECRET_KEY" = "" ]; then 
    SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc;echo $SECRET_KEY; 	else echo $SECRET_KEY; 
fi

3.5. 生成BOOTSTRAP_TOKEN

if [ "$BOOTSTRAP_TOKEN" = "" ]; then 
    BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; 
    echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; 
    echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; 
fi

3.6. 启动容器

docker run --name jumpserver \
-v /opt/jumpserver/:/opt/jumpserver/data/media \
-p 80:80 -p 2222:2222 \
-e SECRET_KEY=AXVfV8n1DEvWb4eNBNTCix3TrrDwVqkI5V8rQ9MenbKlKXxCXB \
-e BOOTSTRAP_TOKEN=sN9IXfedpsPvAXm5 \
-e DB_HOST=172.20.1.37 \
-e DB_PORT=3306 \
-e DB_USER='jumpserver' \
-e DB_PASSWORD="Password" \
-e DB_NAME=jumpserver \
-e REDIS_HOST=172.20.1.37 \
-e REDIS_PORT=6379 \
-e REDIS_PASSWORD= \
jumpserver/jms_all:latest

3.7. 访问