这篇文章上次修改于 192 天前,可能其部分内容已经发生变化,如有疑问可询问作者。
环境初始化
# 1.环境准备,关闭防火墙服务
[root@teach_jumpserver-]iptables -F
[root@teach jumpserver-]systemctl disable firewalld
[root@teach_jumpserver-]systemctl stop firewalld
[root@teach jumpserver-]getenforce
Disabled
# 2.配置yum源,准备好阿里云的yum源,以及epel源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum cleann all #清空原有的yum缓存
yum makecache #生成新的yum缓存,便于加速软件下载
# 3.安装系统初始化所需的软件
yum install -y bash-completion vim lrzsz wget expect net-tools nc nmap tree dos2unix htop iftop iotop unzip telnet sl psmisc nethogs glances bc ntpdate openldap-devel gcc
# 4.安装jumpserver运行所需的依赖环境
yum -y install git python-pip gcc automake autoconf python-devel vim sshpass lrzsz readline-devel zlib zlib-devel
# 5.修改系统的字符集,改为是中文的
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
export LC_ALL=zh_CN.UTF-8
#把修改字符集的命令,写入全局配置文件
echo 'LANG="zh_CN.UTF-8"'> /etc/locale.conf
# 6,检查系统编码
locale部署数据库mysql 5.6
# 1.获取mysg15.6的软件包
# wget https://cdn.mysql.com//Downloads/MySQL-5.6/MySQL-5.6.49-1.el7.x86_64.rpm-bundle.tar
mkdir /teach_jmp
cd /teach jmp/
wget https://cdn.mysql.com//Downloads/MySQL-5.6/MySQL-5.6.49-1.el7.x86_64.rpm-bundle.tar
# 2.解压缩该mysql压缩包
mkdir mysql_rpm
tar -xf MySoL-5.6.49-1.el7.x86_64.rpm-bundle.tar -C ./mysql_rpm/
# 3,使用yum命令,安装一系列的rpm包
cd mysql rpm/
1s
yum localinstall ./*
# 4.安装完毕后,检查mysg1的配置文件,做如下的修改
[root@teach jumpserver mysql_rpm]#cat /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
#
# include all files from the config directory
#
!includedir /etc/my.cnf.d
systemctl start mysql
netstat -tunlp
# 5.对mysql进行初始化,mysql5.6版本在安装完毕后,会默认生成一个root的随机密码,如下
cat ~/.mysql secret
# 6,是否要修改原有的密码,自行决定
mysqladmin -uroot -pXXXXX password XXXXXX
#更为安全的修改root密码的操作
update mysql.user set password=password('XXXXXX')where user='root';
flush privileges;
# 7.再次用新密码登录mysql5.6
mysql -uroot -pXXXXXX
# 8.登录数据库后,创建运行jumpserver所需的用户信息
create database jumpserver default charset 'utf8' collate 'utf8_bin';
#创建完毕数据库后,再创建用户,且设置密码
create user 'jumpserver'@'%' IDENTIFIED BY 'XXXXXX';
# 9.给该用户授予访问数据库的权限
grant all privileges on jumpserver.* to 'jumpserver'@'%' identified by 'XXXXXX';
flush privileges;
部署 Python 3.6
# 1.下载python3.6的源代码,可以在线下载
cd /teach_jmp && \
wget https://www.python.org/ftp/python/3.6.10/Python-3.6.10.tgz
# 2.开始源码安装python3,进行编译三部曲
tar -zxf Python-3.6.10.tgz
# 指定python3的安装目录
# 编译第一曲,指定安装路径,与编译参数
./configure --prefix=/teach_jmp/python3.6.10/
# 第二曲,第三曲
make &make install
# 3.配置python3的环境变量,可以直接使用python3的命令
tail -1 /etc/profile
PATH="/teach_jmp/python3.6.10/bin:SPATH"
source /etc/profile
echo SPATH
Python3 创建虚拟环境
# 1.安装虚拟环境工具
# 2.如果你的oython.3在安装模块的时候报错了,由于缺少ssl,python3无法使用,解决方式如下,删掉编译安装的python3,然后安装openssl工具,然后重新编译安装python3才行
yum install openssl openssl-devel -y
# 3.再次编译安装完成python3后,再次尝试,安装python3的模块
# 先更新一下pip3的下载源,就如同更换yum源一个概念
# 操作步骤如下
mkdir -/.pip
touch -/.pip/pip.conf
#最终pip3的源,文件内容如下
cat ~/.pip/pip.conf
[global]
index-url https://mirrors.aliyun.com/pypi/simple/
# 4.下载虚拟环境工具
pip3 install firtualenv
# 5.使用虚拟环境工具,再创建出一个python3解释器,用于运行代码
virtualenv --python=python3 jmp_venv1
# 6.此时你的1inux服务器上就有2个python3解释器了
解释器本体是:/teach_jmp/python3.6.10/bin/python3
我们创建了一个虚拟的解释器,路径是:/teach_jmp/jmp_venv1/bin/python3
# 7.激活虚拟环境,其实是默认修改了环境变量
source /teach_jmp/jmp_venv1/bin/activate
#可以退出虚拟环境,查看解释器的路径,效果
deactivate部署 Redis 数据库
# 1.安装redis的形式
# rpm包手动安装,需要手动解决依赖,不推荐使用
# yum自动化安装,适合软件调试学习使用,安装自动解决依赖,很好用源代码编译安装redis
# 2.选择yum自动化安装即可
# 配置好yum源才行,epel源
yum install redis -y
systemctl start redis
netstat -tunlpgrep 6379部署 jumpserver 服务
# 1.获取jumpserver程序的代码,github有公共仓库,所有人都可以下载,私有仓库,只有企业内部人员,用账号密码登录后下载
wget https://github.com/jumpserver/jumpserver/releases/download/v2.1.0/jumpserver-v2.1.0.tar.gz
# 2,解压缩源码,且安装运行jumpserver系统必须的依赖组件
tar -zxf jumpserver-v2.1.0.tar.gz
ln -s /teach_jmp/jumpserver-v2.1.0 /teach_jmp/jumpserver
# 安装依赖关系
yum install -y bash-completion vim lrzsz wget expect net-tools nc nmap tree dos2unix htop iftop iotop unzip telnet sl psmisc nethogs glances bc ntpdate openldap-devel
# 3.安装运行jumpserver所需要的模块(由python开发的程序,必须安装该程序使用到的一些模块,才能正确运行)
# 安装jumpserver模块,听老师的,先激活虚拟环境,然后再安装
source /teach_jmp/jmp_venv1/bin/activate
#安装模块
pip3 install -r /teach_jmp/jumpserver/requirements/requirements.txt修改 jumpserver 配置文件
# 1.修改配置文件,默认未修改的配置文件如下,我们需要做一些定制修改
(jmp_venvl)[root@teach_jumpserverjumpserver]#grep -Ev '#$config.yml
SECRET KEY:
BOOTSTRAP TOKEN:
DB ENGINE:mysql
DBH0ST:127.0.0.1
DB PORT:3306
DB USER:jumpserver
DB PASSWORD:
DB NAME:jumpserver
HTTP BIND HOST:0.0.0.0
HTTP LISTEN PORT:8080
WSLISTEN PORT:8070
REDIS HOST:127.0.0.1
REDIS PORT:6379
# 2.生成密钥
if "$SECRET_KEY"=""];then SECRIT_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`;echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY;else echo $SECRET_KEY; fi
#生成token密钥
if "$BOOTSTRAP TOKEN"=""];then BOOTSTRAP TOKEN=`cat /dev/urandom tr -dc A-Za-z0-9 head -c 16`;echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc;echo $BOOTSTRAP_TOKEN;else echo $BOOTSTRAP_TOKEN; fi
# 3.配置文件填入生成的密钥,数据库密码对 python 程序进行数据库迁移
# 1.jumpserver后台程序,数据库迁移命令
python3 /teach_jmp/jumpserver/apps/manage.py makemigrations
python3 /teach_jmp/jumpserver/apps/manage.py migrate启动 jumpserver
/teach_jmp/jumpserver/jms start -d部署KoKo组件
# 1.下载koko源代码
wget https://github.com/jumpserver/koko/releases/download/v2.1.0/koko-v2.1.0-linux-amd64.tar.gz
# 2.解压缩配置koko软件
tar -zxf koko-v2.1.0-linux-amd64.tar.gz
chown -R root:root koko-v2.1.0-linux-amd64
1n -s /teach_jmp/koko-v2.1.0-linux-amd64 /teach_jmp/koko
#3.修改koko配置文件信息
(jmp_venv1)[root@teach_jumpserver koko]#grep -Ev '^#|^$'/teach_jmp/koko/config.yml
CORE_HOST: http://127.0.0.1:8080
BOOTSTRAP_TOKEN: "$BOOTSTRAP_TOKEN"
LOG_LEVEL: INFO
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
REDIS_PASSWORD:
REDIS_CLUSTERS:
REDIS_DB_ROOM:
# 4.启动koko程序
/teach_jmp/koko -d
ps -ef |grep koko
# 5.可以检查koko的日志,明确koko是否正确启动
tail /teach_jmp/koko/data/logs/koko.log
## 部署Guacamole组件
# 1.获取软件代码
ll 2020-07-22-16-48-00-docker-guacamole-v2.1.0.tar.gz
# 2.解压缩配置
tar -zxvf 2020-07-22-16-48-00-docker-guacamole-v2.1.0.tar.gz
mv docker-guacamole-2.1.0/ guacamole
cd guacamole/
ls
# 3.继续解压执行程序
tar -zxf guacamole-server-1.2.0.tar.gz
tar -zxf ssh-forward.tar.gz
# 4.编译安装该软件程序
cd guacamole-server-1.2.0/
ls
#编译软件之前,基本上都要吧编译环境准备好
yum install cairo-devel libjpeg-turbo-devel libjpeg-devel libpng-devel libtool uuid-devel -y
#可选的软件依赖
yum install freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel libwebsockets-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel -y
# 5.安装FFmpeg.工具
yum install epel-release -y
rpm -v --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0 -5.el7.nux.noarch.rpm
yum install ffmpeg ffmpeg-devell -y
# 6.编译安装guacamole
./configure --with-init-dir=/etc/init.d
make && make install
# 7.部署java开发环境
yum install -y java-1.8.0-openjdk
# 8.创建运行guacamole所需的文件夹
mkdir -p /config/guacamole /config/guacamole/extensions /config/guacamole/record
/config/guacamole/drive && \
chown daemon:daemon /config/guacamole/record /config/guacamole/drive && \
cd /config
# 9.下载tomcat工具,用于运行java项目
cd /opt && \
wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v9.0.36/bin/apache-
tomcat-9.0.36.tar.gz
# 10.部署guacamole和tomcat工具的结合,需要修改他们的配置文件
cd /opt && \
tar -xf apache-tomcat-9.0.36.tar.gz && \
mv apache-tomcat-9.0.36 tomcat9 && \
rm -rf /opt/tomcat9/webapps/* && \
sed -i 's/Connector port="8080"/Connector port="8081"/g' /opt/tomcat9/conf/server.xml && \
echo "java.util.logging.ConsoleHandler.encoding = UTF-8">> /opt/tomcat9/conf/logging.properties && \
ln -sf /teach_jmp/guacamole/guacamole-1.0.0.war /opt/tomcat9/webapps/ROOT.war && \
ln -sf /teach_jmp/guacamole/guacamole-auth-jumpserver-1.0.0.jar
/config/guacamole/extensions/guacamole-auth-jumpserver-1.0.0.jar && \
ln -sf /teach_jmp/guacamole/root/app/guacamoe/guacamole.properties
/config/guacamole/guacamole.properties
# 11.设置guacamolel的运行环境变量
export JUMPSERVER_SERVER=http://127.0.0.1:8080
echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/bashrc
export BOOTSTRAP_TOKEN=zxffNymGjP79j6BN
echo "export BOOTSTRAP_TOKEN=zxffNymGjP79j6BN">>~/.bashrc
export JUMPSERVER_KEY_DIR=/config/guacamole/keys
echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
export GUACAMOLE_HOME=/config/guacamole
echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
export GUACAMOLE_LOG_LEVEL=ERROR
echo "export GUACAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrc
export JUMPSERVER_ENABLE_DRIVE=true
echo "export JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc
# 12.启动服务
/etc/init.d/guacd start
sh /opt/tomcat9/bin/startup.sh
Lina 组件部署
#提前准备好nginx服务
yum install nginx -y
# 1.获取代码
wget https://github.com/jumpserver/lina/releases/download/v2.1.0/lina-v2.1.0.tar.gz
# 2.解压缩1inna组件
tar -zxf lina-v2.1.0.tar.gz
mv lina-v2.1.0 lina
chown -R nginx:nginx lina
部署 Luna组件
# 1.获取1una代码
wget https://github.com/jumpserver/luna/releases/download/v2.1.1/luna-v2.1.1.tar.gz
tar -zxf luna-v2.1.1.tar.gz
mv luna-v2.1.1 luna
chown -R root.root luna
部署 nginx
# 1.安装nginx
yum install nginx -y
# 2。修改nginxi配置文件,删除一些默认的配置,然后添加新的配置
sed -i '38,58d' /etc/nginx/nginx.conf
# 3.加入新的虚拟主机配置
server {
listen 80;
client_max_body_size 100m;#录像及文件上传大小限制
location /ui/ {
try_files $uri / /index.html;
alias /opt/lina/;
}
location /luna/ {
try_files $uri / /index.html;
alias/opt/Iuna/;#1una路径,如果修改安装目录,此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/;#录像位置,如果修改安装目录,此处需要修改
}
location /static/ {
root /opt/jumpserver/data/;#静态资源,如果修改安装目录,此处需要修改
}
location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/{
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /core/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}
# 4.启动nginx
nginx -t
nginx补充Koko启动
# 新版jumpserver启动koko组件时,经常会出现问题
2020-08-3021:18:01[ERR0]P0 ST http://127.0.0.1:8080/api/v2/termina1/termina1-
registrations/failed,get code:4o1,{"detail":"身份认证信息未提供。"}# 想要彻底解决,如下方案
# 1.删除koko的data目录下的.access_,key文件
(jmp_venv1)[root@teach_jumpserver keys]#pwd
/teach_jmp/koko/data/keys
ls -a
rm -rf .access_key
# 2.重新生成获取两个重要的密钥,然后修改jumpserver,后台所有组件的配置,重启服务
SECRET_KEY
BOOTSTRAP_TOKEN
# 重新生成这2个key
# 第一步:修改环境变量配置文件
vim ~/.bashrc
# 删除该2个变量
SECRET_KEY
BOOTSTRAP_TOKEN
# 第二步:重新登陆liux会话,检查该变量是否存在,没有几正确
echo $SECRET_KEY
echo $BOOTSTRAP_TOKEN
# 第三步:重新生成这2个密钥
if ["$SECRET_KEY" = ""]; then SECRET_KEY=` cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/bashrc; echo $SECRET_KEY ;else echo $SECRET_KEY; fi
if ["$BOOTSTRAP_TOKEN" = ""]; then BOOTSTRAP_TOKEN=` cat /dev/urandom tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAPTOKEN; fi
source /teach_jmp/jmp_venv1/bin/activate
# 第四步:修改jumpserver后台配置文件config.yml
vim config.yml
grep -Ev '^#|^&' config.yml
# 第五步:重新启动jumpserver核心后台程序
/teach_jmp/jumpserver/jms stop
/teach_jmp/jumpserver/jms start -d
# 第六步:修改koko的配置文件,准备启动koko
vim config.yml
grep -Ev '^#|^&' config.yml
# 第七步:见证koko的正确启动
./koko -d
netstat -tunlp|grep 2222
netstat -tunlp|grep 5000
# 第八步:由于修改了密钥,还会影响到其他的服务,需要修改配置
# 第九步:重启服务
/etc/init.d/guacd restart
/opt/tomcat9/bin/shutdown.sh
/opt/tomcat9/bin/startup.sh
没有评论