Jump server安裝部署的學習(一)Centos7環境
jumpserver部署(Centos7環境)
1、jumpserver概要
Jumpserver 是全球首款徹底開源的堡壘機,使用 GNU GPL v2.0 開源協議,是符合 4A 的專業運維審計系統
Jumpserver 使用 Python / Django 進行開發,遵循 Web 2.0 規範,配備了業界領先的 Web Terminal
解決方案,交互界面美觀、用戶體驗好
Jumpserver 採納分佈式架構,支持多機房跨區域部署,中心節點提供 API,各機房部署登陸節點,可橫向擴展、無併發訪問限制
組件說明:
Jumpserver
現指 Jumpserver 管理後臺,是核心組件(Core), 使用 Django Class Based View 風格開發,支持 Restful APIhtml
Coco
實現了 SSH Server 和 Web Terminal Server 的組件,提供 SSH 和 WebSocket 接口, 使用 Paramiko 和 Flask 開發前端
Luna
如今是 Web Terminal 前端,計劃前端頁面都由該項目提供,Jumpserver 只提供 API,再也不負責後臺渲染html等python
2、環境準備
環境:mysql
| 角色 | IP |
|---|---|
| jumpserver | 192.168.2.5 |
| web server(資產) | 192.168.2.6 |
步驟:linux
①關閉防火牆以及selinux
[root@localhost ~]# sed -i '/SELINUX/s/enforcing/disabled/g' /etc/sysconfig/selinux
[root@localhost ~]# systemctl disable firewalld && rebootnginx
②修改字符集不然可能報 input/output error的問題,由於日誌裏打印了中文
[root@localhost ~]# localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
[root@localhost ~]# export LC_ALL=zh_CN.UTF-8
[root@localhost ~]# echo 'LANG="zh_CN.UTF-8"' > /etc/locale.confgit
③準備python3和python虛擬環境
[root@localhost ~]# yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git
[root@localhost ~]# wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz
[root@localhost ~]# mv Python-3.6.1.tar.xz /usr/src && cd /usr/src/ && tar xvf Python-3.6.1.tar.xz && cd Python-3.6.1
[root@localhost Python-3.6.1]# ./configure && make && make installgithub
④創建環境
[root@localhost Python-3.6.1]# cd /opt/
[root@localhost opt]# python3 -m venv py3
[root@localhost opt]# . /opt/py3/bin/activate
(py3) [root@localhost opt]#
看到下面的提示符表明成功,之後運行 Jumpserver 都要先運行以上 source 命令,如下全部命令均在該虛擬環境中運行
(py3) [root@localhost py3]web
⑤自動載入虛擬環境
(py3) [root@localhost opt]# git clone git://github.com/kennethreitz/autoenv.git ~/.autoenv
(py3) [root@localhost opt]# echo 'source ~/.autoenv/activate.sh' >> ~/.bashrc
(py3) [root@localhost opt]# source ~/.bashrcredis
3、安裝jumpserver
步驟:
①下載Clone項目
(py3) [root@localhost ~]# cd /opt/
(py3) [root@localhost opt]# git clone --depth=1 https://github.com/jumpserver/jumpserver.git && cd jumpserver && git checkout master
(py3) [root@localhost jumpserver]# echo "source /opt/py3/bin/activate" > /opt/jumpserver/.env
②安裝依賴
(py3) [root@localhost jumpserver]# cd requirements/
首次進入jumpserver目錄可能會有提示y便可
(py3) [root@localhost requirements]# yum -y install $(cat rpm_requirements.txt)
(py3) [root@localhost requirements]# pip install -r requirements.txt
③安裝redis, Jumpserver 使用 Redis 作 cache 和 celery broke(python分佈式調度模塊)
(py3) [root@localhost ~]# yum -y install redis
(py3) [root@localhost ~]# systemctl start redis
④安裝Mysql
(py3) [root@localhost ~]# yum -y install mariadb*
(py3) [root@localhost ~]# systemctl start mariadb
(py3) [root@localhost ~]# systemctl enable mariadb
⑤爲jumpserver受權
(py3) [root@localhost ~]# mysql
MariaDB [(none)]> create database jumpserver default charset 'utf8';
MariaDB [(none)]> grant all on jumpserver.* to jumpserver@'127.0.0.1' identified by '123.com';
MariaDB [(none)]> flush privileges;
⑥修改jumpserver配置文件
(py3) [root@localhost ~]# cd /opt/jumpserver/
(py3) [root@localhost jumpserver]# cp config_example.py config.py
(py3) [root@localhost jumpserver]# vi config.py
...... #將參數下pass去掉添加
class DevelopmentConfig(Config):
DEBUG = True
DB_ENGINE = 'mysql'
DB_HOST = '127.0.0.1'
DB_PORT = 3306
DB_USER = 'jumpserver'
DB_PASSWORD = '123.com'
DB_NAME = 'jumpserver'
......
⑦生成數據庫表結構和初始化數據文件
(py3) [root@localhost jumpserver]# cd /opt/jumpserver/utils/
(py3) [root@localhost utils]# bash make_migrations.sh
⑧運行jumpserver
(py3) [root@localhost utils]# cd /opt/jumpserver/
(py3) [root@localhost jumpserver]# ./jms start all
./jms start|stop|status|restart all
若是運行到後臺添加-d選項
若是報錯,關閉後再次運行
若是不報錯,請使用瀏覽器訪問http://192.168.2.5:8080。默認帳號admin,密碼admin
4、安裝ssh server和websocket server:Coco
步驟:
①下載Clone項目(新開一個終端,別忘了載入虛擬環境)
[root@localhost ~]# cd /opt/
[root@localhost opt]# . py3/bin/activate
(py3) [root@localhost opt]# git clone https://github.com/jumpserver/coco.git && cd coco && git checkout master
(py3) [root@localhost coco]# echo "source /opt/py3/bin/activate" > /opt/coco/.env
②安裝依賴
(py3) [root@localhost coco]# cd /opt/coco/requirements/
首次進入提示y便可
(py3) [root@localhost requirements]# yum -y install $(cat rpm_requirements.txt)
(py3) [root@localhost requirements]# pip install -r requirements.txt -i https://pypi.org/simple
③查看配置文件而且運行coco
(py3) [root@localhost requirements]# cd /opt/coco/
(py3) [root@localhost coco]# cp conf_example.py conf.py
(py3) [root@localhost coco]# ./cocod start
./cocod start|stop|status|restart Start coco process 2018-05-28 16:14:25 [service DEBUG] Initial app service 2018-05-28 16:14:25 [service DEBUG] Load access key 2018-05-28 16:14:25 [service INFO] No access key found, register it 2018-05-28 16:14:25 [service INFO] "Terminal was not accepted yet" 2018-05-28 16:14:28 [service INFO] "Terminal was not accepted yet"
提示信息終端沒有許可,去到http://192.168.2.5:8080/terminal/terminal進行許可
5、安裝web terminal 前端:Luna
(開啓新終端)Luna已改成純前端,須要Nginx代理來訪問
[root@localhost ~]# cd /opt/
[root@localhost opt]# wget https://github.com/jumpserver/luna/releases/download/1.3.0/dist.tar.gz
[root@localhost opt]# tar zxf dist.tar.gz
[root@localhost opt]# mv dist luna
[root@localhost opt]# ls /opt/luna/
.....
6、配置Nginx整合各組件
步驟:
①下載源碼安裝
[root@localhost opt]# useradd -s /sbin/nologin www
[root@localhost opt]# wget http://nginx.org/download/nginx-1.14.0.tar.gz
[root@localhost opt]# tar zxf nginx-1.14.0.tar.gz && cd nginx-1.14.0
[root@localhost nginx-1.14.0]# ./configure --prefix=/usr/local/nginx --user=www --group=www --withhttp_stub_status_module --with-http_realip_module --with-http_ssl_module --with-http_gzip_static_module --with-pcre --with-http_flv_module
[root@localhost nginx-1.14.0]# make && make install
[root@localhost nginx-1.14.0]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
[root@localhost nginx-1.14.0]# cd /usr/local/nginx/conf/ && vim nginx.conf
②修改配置文件
http {
..... #省略http上下文,將server修改成此
server {
listen 80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/;
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/;
}
location /static/ {
root /opt/jumpserver/data/;
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/; # 若是coco安裝在別的服務器,請填寫它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
proxy_pass http://localhost:8080; # 若是jumpserver安裝在別的服務器,請填寫它的ip
}
}
}
[root@localhost conf]# nginx -t #確認無誤後啓動
[root@localhost conf]# nginx
③確保服務無誤,開始使用jumpserver
[root@localhost conf]# cd /opt/jumpserver/
(py3) [root@localhost jumpserver]# ./jms status
gunicorn is running: 33734 celery is running: 33627 beat is running: 33629
(py3) [root@localhost jumpserver]# cd ../coco/
(py3) [root@localhost coco]# ./cocod status
Coco is running: 57935
訪問http://192.168.2.5
默認帳戶admin密碼admin
7、測試鏈接
經過server資產機或是客戶端 macOS 或 Linux ,登陸語法以下
$ ssh -p2222 admin@192.168.2.5
$ sftp -P2222 admin@192.168.2.5
密碼: admin
若是登陸客戶端是 Windows ,Xshell Terminal 登陸語法以下
$ ssh admin@192.168.2.5 2222
$ sftp admin@192.168.2.5 2222
密碼: admin
若是能登錄表明部署成功
sftp默認上傳的位置在資產的 /tmp 目錄下
特別鳴謝jumpserver的開源使用,本文翻至官網文檔
http://docs.jumpserver.org/zh...
具體使用方法,於下篇文檔
- 1. CentOS7環境下Redis安裝部署
- 2. CentOS7 環境 安裝 Zookeeper 部署Dubbo
- 3. Linux Centos7部署環境安裝-CentOS
- 4. Centos7 gitlab和jenkin持續部署之預環境部署安裝
- 5. CentOS7.X環境單機環境weblogic12.1.3靜默安裝部署
- 6. Windos Server 2016環境單機環境weblogic12.1.3安裝部署
- 7. 環境安裝與部署
- 8. Centos7 LNMP一鍵安裝包環境,部署ThinkPHP5接口站點
- 9. django生產環境部署(一):centos7簡易安裝nginx
- 10. Centos7下安裝部署Zabbix-server
- 更多相關文章...
- • R 環境安裝 - R 語言教程
- • Lua 環境安裝 - Lua 教程
- • Kotlin學習(一)基本語法
- • Composer 安裝與使用
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. CentOS7環境下Redis安裝部署
- 2. CentOS7 環境 安裝 Zookeeper 部署Dubbo
- 3. Linux Centos7部署環境安裝-CentOS
- 4. Centos7 gitlab和jenkin持續部署之預環境部署安裝
- 5. CentOS7.X環境單機環境weblogic12.1.3靜默安裝部署
- 6. Windos Server 2016環境單機環境weblogic12.1.3安裝部署
- 7. 環境安裝與部署
- 8. Centos7 LNMP一鍵安裝包環境,部署ThinkPHP5接口站點
- 9. django生產環境部署(一):centos7簡易安裝nginx
- 10. Centos7下安裝部署Zabbix-server