环境:

  • CentOS Linux release 7.6.1810 (Core)
  • JumpServer 1.4.8
  • Python 3.6.X
  • MariaDB

编译安装Python3.6

首先,下载Python 3.6.9的tar包。链接地址为:https://www.python.org/ftp/python/3.6.9/Python-3.6.9.tgz,然后使用命令tar -xvf Python-3.6.9.tgz解压。

安装依赖项

安装编译安装Python所需要的依赖项。

yum install -y zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel libffi-devel gcc make

配置编译

进入到之前解压的Python目录中

cd Python-3.6.9

屏幕日志:

[root@localhost ~]# ls

anaconda-ks.cfg  Python-3.6.9  Python-3.6.9.tgz

[root@localhost ~]# cd Python-3.6.9

配置编译安装的路径:

./configure --prefix=/opt/Python/Python369

屏幕日志:

[root@localhost Python-3.6.9]# ls

aclocal.m4    config.sub  configure.ac  Grammar  install-sh  LICENSE  Makefile.pre.in  Modules  Parser  PCbuild   pyconfig.h.in  README.rst  Tools

config.guess  configure   Doc           Include  Lib         Mac      Misc             Objects  PC      Programs  Python         setup.py

[root@localhost Python-3.6.9]# ./configure --prefix=/opt/Python/Python369

其中:

--prefix是指定编译安装的文件夹的参数,这里根据需要指定安装目录

优化选项(可选)

执行上一步之后,会在最后又这样一段话:

If you want a release build with all stable optimizations active (PGO, etc),

please run ./configure --enable-optimizations

如果使用了--enable-optimizations选项,--prefix选项不在生效,--enable-optimizations选项会安装在/usr/目录下,后续不在添加软连接或环境变量。

编译安装

执行make && make install命令,进行编译安装

[root@localhost Python-3.6.9]# ls

aclocal.m4    config.status  configure.ac  Include     LICENSE   Makefile.pre     Modules  PC        pyconfig.h     README.rst

config.guess  config.sub     Doc           install-sh  Mac       Makefile.pre.in  Objects  PCbuild   pyconfig.h.in  setup.py

config.log    configure      Grammar       Lib         Makefile  Misc             Parser   Programs  Python         Tools

[root@localhost Python-3.6.9]# make && make install

配置环境变量

安装完成之后,可以通过配置环境变量,或者软连,方便使用。在/etx/profile中的最后添加安装安装目录的bin目录,PATH=/opt/Python/Python369/bin:$PATH

屏幕日志:

[root@localhost ~]# tail -f /etc/profile

            . "$i" >/dev/null

        fi

    fi

done

unset i

unset -f pathmunge

# Python settings

PATH=/opt/Python/Python369/bin:$PATH

使用命令source /etc/profile,重新加载配置,使之生效。

环境部署

这步主要是配置阿里镜像源,epel,安装Mariadb,Redis,Git,Docker,Nginx服务

配置epel源

yum install -y epel-release

安装Mariadb,Redis,Git,Docker,Nginx,git服务

yum -y install redis mariadb mariadb-devel mariadb-server mariadb-shared nginx git

配置开机启动

systemctl enable redis mariadb nginx docker

启动redis和mariadb

systemctl start redis mariadb

创建Python虚拟环境,并加载虚拟环境

python3.6 -m venv /opt/py3

. /opt/py3/bin/activate

数据库中创建jumpserver用户及其数据库,并且将jumpserver数据库授权给jumpserver用户。

create database  jumpserver default charset 'utf8';

grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'Jumpserver1!';

屏幕信息:

MariaDB [(none)]> create database  jumpserver default charset 'utf8';

Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> show databases;

+--------------------+

| Database           |

+--------------------+

| information_schema |

| jumpserver         |

| mysql              |

| performance_schema |

| test               |

+--------------------+

5 rows in set (0.00 sec)

MariaDB [(none)]> grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'Jumpserver1!';

Query OK, 0 rows affected (0.00 sec)

安装Jumpserver

这里主要是下载jumpserver的安装包,Python的三方库的安装,docker拉取相关组件,Jumpserver安装在/opt下,所以,文件都下载在/opt/下,首先移动到/opt/目录下

使用Git克隆jumpserver项目,并且切换到1.4.8版本

cd /opt

git clone https://github.com/jumpserver/jumpserver.git

cd /opt/jumpserver

git checkout 1.4.8

屏幕信息:

[root@localhost opt]# git clone https://github.com/jumpserver/jumpserver.git

Cloning into 'jumpserver'...

remote: Enumerating objects: 43783, done.

remote: Total 43783 (delta 0), reused 0 (delta 0), pack-reused 43783

Receiving objects: 100% (43783/43783), 52.94 MiB | 59.00 KiB/s, done.

Resolving deltas: 100% (30028/30028), done.

[root@localhost opt]# ls

jumpserver  Python

[root@localhost opt]# cd jumpserver/

[root@localhost jumpserver]# git checkout 1.4.8

Note: checking out '1.4.8'.

You are in 'detached HEAD' state. You can look around, make experimental

changes and commit them, and you can discard any commits you make in this

state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may

do so (now or later) by using -b with the checkout command again. Example:

  git checkout -b new_branch_name

HEAD is now at 232674b... Merge pull request #2423 from jumpserver/dev

安装jumpserver依赖项

cd /opt/jumpserver/requirements

yum install -y $(cat rpm_requirements.txt)

pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/

修改jumpserver配置文件

cd /opt/jumpserver

cp config_example.yml config.yml

vim config.yml

# 注意 SECRET_KEY 和 BOOTSTRAP_TOKEN 不能使用纯数字字符串

修改config.yml中的配置信息,SECRET_KEY,BOOTSTRAP_TOKEN,MySQL的配置项。

启动jumpserver

$ cd /opt/jumpserver

$ ./jms start  # 可以 -d 参数在后台运行 ./jms start -d

注意:

启动前确保已经载入py3虚拟环境

安装coco组件

使用git克隆项目,并且切换到1.4.8版本,注意:

koko组件不支持jumpserver1.4.8

cd /opt

git clone https://github.com/jumpserver/coco.git

cd /opt/coco/

git checkout 1.4.8

屏幕信息:

(py3) [root@localhost opt]# git clone https://github.com/jumpserver/coco.git

Cloning into 'coco'...

remote: Enumerating objects: 98, done.

remote: Counting objects: 100% (98/98), done.

remote: Compressing objects: 100% (74/74), done.

remote: Total 3748 (delta 43), reused 46 (delta 22), pack-reused 3650

Receiving objects: 100% (3748/3748), 2.03 MiB | 800.00 KiB/s, done.

Resolving deltas: 100% (2407/2407), done.

(py3) [root@localhost opt]# cd coco/

(py3) [root@localhost coco]# git checkout 1.4.8

Note: checking out '1.4.8'.

You are in 'detached HEAD' state. You can look around, make experimental

changes and commit them, and you can discard any commits you make in this

state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may

do so (now or later) by using -b with the checkout command again. Example:

  git checkout -b new_branch_name

HEAD is now at 74582ea... Merge pull request #191 from jumpserver/dev

安装coco依赖项

cd /opt/coco/requirements

pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/

coco配置

cd /opt/coco

cp config_example.yml config.yml

vim config.yml  # BOOTSTRAP_TOKEN 需要从 jumpserver/config.yml 里面获取, 保证一致

参考一下信息修改:

# Bootstrap Token, 预共享秘钥, 用来注册coco使用的service account和terminal

# 请和jumpserver 配置文件中保持一致,注册完成后可以删除

BOOTSTRAP_TOKEN: NGMhSQlXvtpsi0xClRtzeqeqMPsCAy01JmApWtGtNsPwFJiQz

启动coco组件

./cocod start    # 可以 -d 参数在后台运行 ./jms start -d

屏幕信息:

(py3) [root@localhost coco]# ./cocod start -d

Use eventlet dispatch

2019-09-21 14:58:27 [service INFO] No access key found, register it

Start coco process

安装guacamole组件

cd /opt

git clone https://github.com/jumpserver/docker-guacamole.git

cd /opt/docker-guacamole

tar xf guacamole-server-1.0.0.tar.gz

cd /opt/docker-guacamole/guacamole-server-1.0.0

安装包含ffmpeg的yum源

cd ~

wget https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm 2

wget https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm 1

rpm -ivh *.rpm

安装编译guacamole依赖项

cd /opt/docker-guacamole/guacamole-server-1.0.0

yum install -y cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel

yum install -y ffmpeg-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel libtool java-1.8.0-openjdk

ln -s /usr/local/lib/freerdp/*.so /usr/lib64/freerdp2/

autoreconf -fi

./configure --with-init-dir=/etc/init.d

make

make install

注意:

/usr/lib64/freerdp2/有可能是/usr/lib64/freerdp/,请查看改成相对应的目录名

安装Tomcat

mkdir -p /config/guacamole /config/guacamole/lib /config/guacamole/extensions /config/guacamole/data/log/

cd /config

wget https://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v9.0.26/bin/apache-tomcat-9.0.26.tar.gz

tar xf apache-tomcat-9.0.26.tar.gz

mv apache-tomcat-9.0.26.tar.gz tomcat9

rm -rf /config/tomcat9/webapps/*

sed -i 's/Connector port="8080"/Connector port="8081"/g' /config/tomcat9/conf/server.xml

echo "java.util.logging.ConsoleHandler.encoding = UTF-8" >> /config/tomcat9/conf/logging.properties

ln -sf /opt/docker-guacamole/guacamole-1.0.0.war /config/tomcat9/webapps/ROOT.war

ln -sf /opt/docker-guacamole/guacamole-auth-jumpserver-1.0.0.jar /config/guacamole/extensions/guacamole-auth-jumpserver-1.0.0.jar

ln -sf /opt/docker-guacamole/root/app/guacamole/guacamole.properties /config/guacamole/guacamole.properties

wget https://github.com/ibuler/ssh-forward/releases/download/v0.0.5/linux-amd64.tar.gz

tar xf linux-amd64.tar.gz -C /bin/

chmod +x /bin/ssh-forward

设置 guacamole 环境

export JUMPSERVER_SERVER=http://127.0.0.1:8080  # http://127.0.0.1:8080 指 jumpserver 访问地址

echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc

# BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN 值

export BOOTSTRAP_TOKEN=******

echo "export BOOTSTRAP_TOKEN=******" >> ~/.bashrc

export JUMPSERVER_KEY_DIR=/config/guacamole/keys

echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc

export GUACAMOLE_HOME=/config/guacamole

echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc

启动

/etc/init.d/guacd start

sh /config/tomcat9/bin/startup.sh

docker部署guacamole组件

使用docker部署,部分环境可能无法正常编译安装

$ docker run --name jms_guacamole -d -p 127.0.0.1:8081:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=<Jumpserver_BOOTSTRAP_TOKEN> jumpserver/jms_guacamole:<Tag>

# <Jumpserver_url> 为 jumpserver 的 url 地址, <Jumpserver_BOOTSTRAP_TOKEN> 需要从 jumpserver/config.yml 里面获取, 保证一致, <Tag> 是版本

# 例: docker run --name jms_guacamole -d -p 127.0.0.1:8081:8081 -e JUMPSERVER_SERVER=http://192.168.244.144:8080 -e BOOTSTRAP_TOKEN=abcdefg1234 jumpserver/jms_guacamole:1.5.2

安装luna组件

cd /opt

wget https://github.com/jumpserver/luna/releases/download/1.5.2/luna.tar.gz

tar xf luna.tar.gz

chown -R root:root luna

安装nginx

yum install yum-utils

创建文件/etc/yum.repos.d/nginx.repo,并写入一下内容:

[nginx-stable]

name=nginx stable repo

baseurl=http://nginx.org/packages/centos/$releasever/$basearch/

gpgcheck=1

enabled=1

gpgkey=https://nginx.org/keys/nginx_signing.key

[nginx-mainline]

name=nginx mainline repo

baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/

gpgcheck=1

enabled=0

gpgkey=https://nginx.org/keys/nginx_signing.key

安装nginx

yum-config-manager --enable nginx-mainline

yum install nginx

Nginx整合组件

rm -rf /etc/nginx/conf.d/default.conf

vim /etc/nginx/conf.d/jumpserver.conf

jumpserver.conf中的配置如下:

server {

    listen 80;

    client_max_body_size 100m;  # 录像及文件上传大小限制

    location /luna/ {

        try_files $uri / /index.html;

        alias /opt/luna/;  # luna 路径, 如果修改安装目录, 此处需要修改

    }

    location /media/ {

        add_header Content-Encoding gzip;

        root /opt/jumpserver/data/;  # 录像位置, 如果修改安装目录, 此处需要修改

    }

    location /static/ {

        root /opt/jumpserver/data/;  # 静态资源, 如果修改安装目录, 此处需要修改

    }

    location /socket.io/ {

        proxy_pass       http://localhost:5000/socket.io/;

        proxy_buffering off;

        proxy_http_version 1.1;

        proxy_set_header Upgrade $http_upgrade;

        proxy_set_header Connection "upgrade";

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header Host $host;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        access_log off;

    }

    location /coco/ {

        proxy_pass       http://localhost:5000/coco/;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header Host $host;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        access_log off;

    }

    location /guacamole/ {

        proxy_pass       http://localhost:8081/;

        proxy_buffering off;

        proxy_http_version 1.1;

        proxy_set_header Upgrade $http_upgrade;

        proxy_set_header Connection $http_connection;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header Host $host;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        access_log off;

    }

    location / {

        proxy_pass http://localhost:8080;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header Host $host;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    }

}

常见问题

数据库无权限链接

如果使用MySQL数据库,启动jumpserver报数据库链接异常,无权限链接,

如果是由于登录主机名不一致造成的,使用以下方法处理:

需要在/etc/my.conf中的[mysqld]选项中添加--skip-grant-tables,然后重启MySQL服务。登录MySQL,使用SQLgrant all on jumpserver.* to 'jumpserver'@'%' identified by 'Jumpserver1!';修改登录的主机名,然后执行flush privileges;刷新权限。

安装python-gssapi

如果pip安装python-gssapi==0.6.4,已在卡在这一步,需要退出,下载安装包,移动到安装包所在目录,使用pip install python-gssapi-0.6.4.tar.gz

下载链接是https://files.pythonhosted.org/packages/a4/9e/648b4e85235097edcee561c986f7075cb1606be24c514cfcdd2930e35c5e/python-gssapi-0.6.4.tar.gz

安装之后,移动到/opt/jumpserver/requirements目录下,使用pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/继续安装

使用git克隆仓库卡住

如果使用git克隆仓库是,卡在接受对象是,可能是由于网络的原因,可推出重新克隆,或者是使用浏览器下载zip包之后上传服务器,解压。

CentOS7 安装JumpServer的更多相关文章

  1. 其他综合-CentOS7 安装 Jumpserver 跳板机

    CentOS7 安装 Jumpserver 跳板机 1.实验描述 搭建 jumpserver 平台,实现有效的运维安全审计.完美做到事先防范,事中控制和事后溯源 2.实验环境 物理机系统:Window ...

  2. CentOS6和CentOS7安装jumpserver

    1.1 jumpserver安装 同步时间:ntpdate ntp1.aliyun.com 关闭selinux 关闭防火墙 系统字体修改成英文 1.1.1 安装依赖(前提需要epel源) yum in ...

  3. Centos7.4下安装Jumpserver 1.0.0(支持windows组件)

    0)系统环境CentOS 7.4 IP: 192.168.100.10 [root@jumpserver-server ~]# cat /etc/redhat-release CentOS Linux ...

  4. Centos7.3下安装Jumpserver 1.0.0(支持windows组件)

    Jumpserver最新版本支持windows组件,废话不多介绍了,下面直接介绍下部署过程: 0)系统环境 CentOS 7.3 IP: 192.168.10.210 [root@jumpserver ...

  5. centos7安装部署jumpserver

    一.系统环境准备1.查看系统版本 # cat /etc/redhat-release // 查看系统版本 CentOS Linux release (Core) # uname -a // 查看系统信 ...

  6. Centos7.4.1708安装Jumpserver

    Jumpserver 环境要求:硬件配置: 2个CPU核心, 4G 内存, 50G 硬盘(最低)操作系统: Linux 发行版 x86_64Python = 3.6.xMysql Server ≥ 5 ...

  7. 安装jumpserver

    Centos7.5 安装jumpserver 同步服务器时间 #下载 [root@jumpserver ~]# yum install ntpdate -y #同步时间 [root@jumpserve ...

  8. jumpserverv0.5.0 基于 CentOS7安装部署

    基于 CentOS 7 一步一步安装 Jumpserver 0.5.0 环境 系统: CentOS 7 IP: 192.168.244.144 关闭 selinux和防火墙 # CentOS 7 $ ...

  9. CentOS7安装部署jumpserver0.5

    组件说明 Jumpserver为管理后台,管理员可以通过Web页面进行资产管理.用户管理.资产授权等操作; Coco为SSH Server和Web Terminal Server.用户可以通过使用自己 ...

随机推荐

  1. Left4Dead2 LAN Online

    Left4Dead2 LAN Online Franklin vs Wolverine 求生之路 局域网联机说明 ============================ 局域网联机方法: 1.先找到 ...

  2. Const指针 、 指向const的指针 、引用、指针

    1. const指针和 指向const的指针 指向const的指针: 不允许通过指针来改变其指向的const值 const double *cptr *cptr = 42;  // error! 指针 ...

  3. kali入侵服务器的那一套实战

    dnsenum  -enum       xxxxx.com 枚举出网站的所有域名和服务器的ip地址 打开百度查询ip地址的所在地 whatweb xxxx.com 查看那些网站入口可以访问   以状 ...

  4. 林大妈的CSS知识清单(二)可见格式化模型(内含margin塌陷与浮动闭合的解决方案)

    盒模型.浮动和定位是CSS中最重要的三个概念.它们共同决定了一个元素在页面中以怎样的形式进行排布与显示. 一.盒模型 1. 定义 盒模型是CSS的核心概念.一个页面中,所有的元素(不管他最终显示是圆形 ...

  5. 能当壁纸用的Git常用命令速查表

    使用Microsoft Office 2016手工绘制. 链接: https://pan.baidu.com/s/18KsH-u5T2iSTHaXd6iQWGA 提取码: w8da 复制这段内容后打开 ...

  6. Struts简介

    一.简介 Apache Struts 2最初被称为WebWork 2,它是一个简洁的.可扩展的框架,可用于创建企业级Java web应用程序.设计这个框架是为了从构建.部署.到应用程序维护方面来简化整 ...

  7. MySql学习笔记【三、表相关操作】

    创建表 CREATE TABLE [IF NOT EXISTS] table_name( column_name data_type, ... ) 如: CREATE TABLE test_table ...

  8. linux的top下buffer与cache的区别、free命令内存解释

    buffer:    缓冲区,一个用于存储速度不同步的设备或优先级不同的设备之间传输数据 的区域.通过缓冲区,可以使进程之间的相互等待变少,从而使从速度慢的设备读入数据 时,速度快的设备的操作进程不发 ...

  9. bootstrap和JS实现下拉菜单

    // bootstrap下拉菜单 <div class="btn-group"> <button id="button_text" type= ...

  10. LNMP安装与配置之CentOS7的安装。

    LNMP与LAMP是我们常见的两种网站服务器架构.LNMP代表的就是Linux系统下Nginx+MySQL+PHP/Python,LAMP代表的则是Linux系统下Apache+MySQL+PHP/P ...