jumpserver安装与使用
1. 修改字符集
如果用的云服务器,云服务器默认是英文字符集。否则可能报 input/output error的问题,因为日志里打印了中文
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
export LC_ALL=zh_CN.UTF-8
echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf
2. 安装依赖包
yum -y install epel-release
yum clean all && yum makecache
yum -y update
yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git
3. 编译安装python-3.6.1
wget https://mirrors.huaweicloud.com/python/3.6.1/Python-3.6.1.tar.xz
tar xf Python-3.6.1.tar.xz && cd Python-3.6.1
./configure && make && make install
cd /opt/
#创建虚拟环境
python3 -m venv py3
#进入虚拟环境
source /opt/py3/bin/activate
4. 下载jumpserver项目
wget https://github.com/jumpserver/jumpserver/releases/download/v2.2.2/jumpserver-v2.2.2.tar.gz
tar xf jumpserver-v2.2.2.tar.gz
mv jumpserver-v2.2.2 jumpserver
cd /opt/jumpserver/requirements
yum install -y $(cat rpm_requirements.txt)
用内地源安装
pip install wheel -i https://mirrors.aliyun.com/pypi/simple/
pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/
pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
5. 安装Redis
直接下载,编译安装都可以
yum -y install redis
systemctl enable redis --now
6. 安装MySQL
yum -y install mariadb mariadb-devel mariadb-server
systemctl enable mariadb --now
创建jumpserver数据库并授权
mysql -uroot
create database jumpserver default charset 'utf8';
grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '1';
flush privileges;
7. 配置Jumpserver
cd /opt/jumpserver
vim config.yml
# 加密秘钥 生产环境中请修改为随机字符串,请勿外泄, 可使用命令生成
# $ cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo
SECRET_KEY: 3NF6ldRQzLNeRh8ewjJ4FkRXCccjExTRWXQ4JYIi4cIwQprZG
# SECURITY WARNING: keep the bootstrap token used in production secret!
# 预共享Token coco和guacamole用来注册服务账号,不在使用原来的注册接受机制
# 可使用命令生成
# cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16;echo
BOOTSTRAP_TOKEN: ujye866EVpHUDV9F
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: '1' ##密码一定要加单引号
DB_NAME: jumpserver
# When Django start it will bind this host and port
# ./manage.py runserver 127.0.0.1:8080
# 运行时绑定端口
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
WS_LISTEN_PORT: 8070
# Use Redis as broker for celery and web socket
# Redis配置
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
# REDIS_PASSWORD:
# REDIS_DB_CELERY: 3
# REDIS_DB_CACHE: 4
启动和关闭jumpserve
./jms start -d
./jms stop
8.部署koko
cd /opt/
wget https://github.com/jumpserver/koko/releases/download/v2.2.2/koko-v2.2.2-linux-amd64.tar.gz
tar -xf koko-v2.2.2-linux-amd64.tar.gz
cd koko
mv kubectl /usr/local/bin/
wget https://download.jumpserver.org/public/kubectl.tar.gz
tar xf kubectl.tar.gz
chmod 755 kubectl
mv kubectl /usr/local/bin/rawkubectl
rm -rf kubectl.tar.gz
cp config_example.yml config.yml
vim config.yml
# Bootstrap Token, 预共享秘钥, 用来注册coco使用的service account和terminal
# 请和jumpserver 配置文件中保持一致,注册完成后可以删除
BOOTSTRAP_TOKEN: ujye866EVpHUDV9F
# Redis配置
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
# REDIS_PASSWORD:
# REDIS_CLUSTERS:
# REDIS_DB_ROOM:
启动和关闭koko
前台启动:
./koko
后台启动:
./koko -d
9. 部署guacamole
安装docker
yum -y install docker
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://qtfb3ml8.mirror.aliyuncs.com"]
}
systemctl enable docker --now
拉取guacamole镜像
docker run --name jms_guacamole -d -p 127.0.0.1:8081:8080 -e JUMPSERVER_SERVER=192.168.168.107:8080 -e BOOTSTRAP_TOKEN=SGwEzYzaBruFOcdU -e GUACAMOLE_LOG_LEVEL=ERROR jumpserver/jms_guacamole:v2.2.2
10. 部署lina组件
cd /opt/
wget https://github.com/jumpserver/lina/releases/download/v2.2.2/lina-v2.2.2.tar.gz
tar -xf lina-v2.2.2.tar.gz
mv lina-v2.2.2 lina
11. 部署luna
cd /opt
wget https://github.com/jumpserver/luna/releases/download/v2.2.2/luna-v2.2.2.tar.gz
tar -xf luna-v2.2.2.tar.gz
mv luna-v2.2.2 luna
12. 安装nginx
nginx安装,增加配置文件
server {
listen 80;
server_name 192.168.244.144
client_max_body_size 100m; # 录像及文件上传大小限制
location /ui/ {
try_files $uri / /index.html;
alias /opt/lina/;
}
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
}
location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /core/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}
13. 启动jumpserver
启动jumpserver
cd /opt/jumpserver
./jms start -d
启动koko
cd /opt/koko
./koko -d
用户名 | 密码 |
---|---|
admin | admin |
使用
创建用户
创建用户
更改密码
创建组
创建系统用户
创建管理用户
创建资产
授权管理
登陆user1