jumpserver_install

 

 

 

开源堡垒机:jumpserver

 

 

测试环境:CenOs7.2

  • cpu: 1C 5U
  • 内存: 4G DDR3
  • 数据库:mysql 版本大于等于 5.6 mariadb 版本大于等于 5.5.6

 

 

1 准备py3和py虚拟环境
1.1 安装依赖包,设置selinux 和防火墙

# nginx 端口
firewall-cmd --zone=public --add-port=80/tcp --permanent
# 用户SSH登录端口 coco
firewall-cmd --zone=public --add-port=2222/tcp --permanent

# 重新载入规则
firewall-cmd --reload

setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

# 修改字符集, 否则可能报 input/output error的问题, 因为日志里打印了中文
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
export LC_ALL=zh_CN.UTF-8
echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf
###安装依赖包
[root@localhost ~]# yum -y install wget gcc epel-release git

  

1.2 pa安装py3.6和建立py虚拟环境

###安装py3.6
[root@localhost ~]# yum -y install python36 python36-devel


###建立py虚拟环境
[root@localhost opt]# cd  /opt/
[root@localhost opt]# python3.6 -m venv py3
[root@localhost opt]# source /opt/py3/bin/activate
# 看到下面的提示符代表成功, 以后运行 Jumpserver 都要先运行以上 source 命令, 以下所有命令均在该虚拟环境中运行
(py3) [root@localhost py3]

  

2 安装Jumpserve
2.1 安装依赖rpm包,py依赖库

###下载或 Clone 项目
(py3) [root@localhost opt]# 
git clone https://github.com/jumpserver/jumpserver.git

###安装依赖rpm包
(py3) [root@localhost opt]# cd /opt/jumpserver/requirements
# 如果没有任何报错请继续
(py3) [root@localhost requirements]#  yum -y install $(cat rpm_requirements.txt)

###安装py依赖库
(py3) [root@localhost requirements]# pip install --upgrade pip setuptools

安装时间比较长,耐心等待
(py3) [root@localhost requirements]# pip install -r requirements.txt

报错:

jumpserver_install

 

 

django-radius 1.3.3 has requirement future==0.16.0, but you'll have future 0.17.1 which is incompatible.

 

 

2.2 安装redis

让jumpserver使用redis做cache和celery broker

###安装Redis
(py3) [root@localhost requirements]# yum -y install redis

(py3) [root@localhost requirements]# systemctl enable redis

  

 

 

 

2.3 mysql

###安装mysql
# centos7下安装的是mariadb
(py3) [root@localhost requirements]#  yum -y install mariadb mariadb-devel mariadb-server

(py3) [root@localhost requirements]# systemctl enable mariadb
 
(py3) [root@localhost requirements]# systemctl start mariadb


###创建数据并授权
# 生成随机数据库密码
# DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`
# echo -e "\033[31m 你的数据库密码是 $DB_PASSWORD \033[0m"
# mysql -uroot -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD'; flush privileges;"


###修改jumpserver文件
(py3) [root@localhost requirements]# cd /opt/jumpserver
(py3) [root@localhost jumpserver]# cp config_example.yml config.yml

# 生成随机SECRET_KEY
# SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
# echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc

# 生成随机BOOTSTRAP_TOKEN
# BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
# echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc

# sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
# sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
# sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
# sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
# sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
# sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
# echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"
# echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"

  

2.4 s运行jumpserver

###启动,不报错
(py3) [root@localhost jumpserver]# 

(py3) [root@localhost jumpserver]# ./jms start all -d

jumpserver_install

 

 

3 安装SSH Server 和 WebSocket Server: Coco

###下载Clone 项目
(py3) [root@localhost opt]# cd /opt
(py3) [root@localhost opt]# source /opt/py3/bin/activate
# git clone https://github.com/jumpserver/coco.git

###安装依赖
(py3) [root@localhost opt]# cd /opt/coco/requirements
(py3) [root@localhost requirements]# yum -y install $(cat rpm_requirements.txt)
(py3) [root@localhost requirements]# pip install -r requirements.txt

###修改配置文件并且运行
(py3) [root@localhost requirements]# cd /opt/coco
(py3) [root@localhost coco]# cp config_example.yml config.yml
# sed -i "s/BOOTSTRAP_TOKEN: <PleasgeChangeSameWithJumpserver>/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/coco/config.yml

# sed -i "s/# LOG_LEVEL: INFO/LOG_LEVEL: ERROR/g" /opt/coco/config.yml


###启动
# 后台运行使用 -d 参数./cocod start -d
((py3) [root@localhost coco]# ./cocod start -d
Use eventlet dispatch
Start coco process
# 新版本更新了运行脚本, 使用方式./cocod start|stop|status  后台运行请添加 -d 参数

  

4 安装Web Terminal 前端: Luna

##Luna 已改为纯前端, 需要 Nginx 来运行访问
访问(https://github.com/jumpserver/luna/releases)下载对应版本的 release 包, 直接解压不需要编译
###下载解压
(py3) [root@localhost coco]# cd /opt
#  wget https://github.com/jumpserver/luna/releases/download/1.4.9/luna.tar.gz
(py3) [root@localhost opt]# tar xf luna.tar.gz
(py3) [root@localhost opt]# chown -R root:root luna

  

5 安装 Windows 支持组件

###安装依赖
[root@localhost opt]# mkdir /usr/local/lib/freerdp/
[root@localhost opt]# ln -s /usr/local/lib/freerdp /usr/lib64/freerdp
[root@localhost opt]# rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro

[root@localhost opt]# rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm


[root@localhost opt]# yum -y localinstall --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm

[root@localhost opt]#  yum install -y java-1.8.0-openjdk libtool
[root@localhost opt]# yum install -y cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel

[root@localhost opt]# yum install -y ffmpeg-devel freerdp-devel freerdp-plugins pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-udio-libs-devel openssl-devel libvorbis-devel libwebp-devel ghostscript


###编译安装 guacamole 服务
[root@localhost opt]# cd /opt
[root@localhost opt]# git clone https://github.com/jumpserver/docker-guacamole.git

[root@localhost opt]# cd /opt/docker-guacamole/
[root@localhost docker-guacamole]# tar -xf guacamole-server-0.9.14.tar.gz
[root@localhost docker-guacamole]# cd guacamole-server-0.9.14
[root@localhost guacamole-server-0.9.14]# autoreconf -fi

# ./configure --with-init-dir=/etc/init.d
# make && make install
# cd .. && rm -rf guacamole-server-0.9.14
# ldconfig

###配置 Tomcat
# 创建 guacamole 目录
# mkdir -p /config/guacamole /config/guacamole/lib /config/guacamole/extensions
# ln -sf /opt/docker-guacamole/guacamole-auth-jumpserver-0.9.14.jar /config/guacamole/extensions/guacamole-auth-jumpserver-0.9.14.jar

# guacamole 配置文件
# ln -sf /opt/docker-guacamole/root/app/guacamole/guacamole.properties /config/guacamole/guacamole.properties

# cd /config && wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-8/v8.5.39/bin/apache-tomcat-8.5.39.tar.gz
# tar xf apache-tomcat-8.5.39.tar.gz && rm -rf apache-tomcat-8.5.39.tar.gz
# mv apache-tomcat-8.5.39 tomcat8
# rm -rf /config/tomcat8/webapps/*

# guacamole client
# ln -sf /opt/docker-guacamole/guacamole-0.9.14.war /config/tomcat8/webapps/ROOT.war
# 修改默认端口为 8081
# sed -i 's/Connector port="8080"/Connector port="8081"/g' /config/tomcat8/conf/server.xml
# 修改 log 等级为 WARNING
# sed -i 's/FINE/WARNING/g' /config/tomcat8/conf/logging.properties
# cd /config && wget https://github.com/ibuler/ssh-forward/releases/download/v0.0.5/linux-amd64.tar.gz

# tar xf linux-amd64.tar.gz -C /bin/
# chmod +x /bin/ssh-forward

###配置环境变量
# http://127.0.0.1:8080 指 jumpserver 访问地址
# export JUMPSERVER_SERVER=http://127.0.0.1:8080
# echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc

# BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN
# export BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN
# echo "export BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
# export JUMPSERVER_KEY_DIR=/config/guacamole/keys
# echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
# export GUACAMOLE_HOME=/config/guacamole
# echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc

###启动 Guacamole
# /etc/init.d/guacd start
 
# sh /config/tomcat8/bin/startup.sh

  

6 配置 Nginx 整合各组件

###安装nginx
# yum install yum-utils
#  vi /etc/yum.repos.d/nginx.repo

# yum install -y nginx
# rm -rf /etc/nginx/conf.d/default.conf
# systemctl enable nginx

###准备配置文件 修改 /etc/nginx/conf.d/jumpserver.conf
# vi /etc/nginx/conf.d/jumpserver.conf


###运行nginx
# 确保配置没有问题, 有问题请先解决
# nginx -t

# CentOS 7
# systemctl start nginx
# systemctl enable nginx

###开始使用 jumpserver

  

 

上一篇:部署堡垒机系统 JumpServer


下一篇:Linux 日常操作