环境:

  • CentOS Linux release 7.6.1810 (Core)
  • JumpServer 1.4.8
  • Python 3.6.X
  • MariaDB

编译安装Python3.6

首先,下载Python 3.6.9的tar包。链接地址为:https://www.python.org/ftp/python/3.6.9/Python-3.6.9.tgz,然后使用命令tar -xvf Python-3.6.9.tgz解压。

安装依赖项

安装编译安装Python所需要的依赖项。

yum install -y zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel libffi-devel gcc make

配置编译

进入到之前解压的Python目录中

cd Python-3.6.9

屏幕日志:

[root@localhost ~]# ls

anaconda-ks.cfg  Python-3.6.9  Python-3.6.9.tgz

[root@localhost ~]# cd Python-3.6.9

配置编译安装的路径:

./configure --prefix=/opt/Python/Python369

屏幕日志:

[root@localhost Python-3.6.9]# ls

aclocal.m4    config.sub  configure.ac  Grammar  install-sh  LICENSE  Makefile.pre.in  Modules  Parser  PCbuild   pyconfig.h.in  README.rst  Tools

config.guess  configure   Doc           Include  Lib         Mac      Misc             Objects  PC      Programs  Python         setup.py

[root@localhost Python-3.6.9]# ./configure --prefix=/opt/Python/Python369

其中:

--prefix是指定编译安装的文件夹的参数,这里根据需要指定安装目录

优化选项(可选)

执行上一步之后,会在最后又这样一段话:

If you want a release build with all stable optimizations active (PGO, etc),

please run ./configure --enable-optimizations

如果使用了--enable-optimizations选项,--prefix选项不在生效,--enable-optimizations选项会安装在/usr/目录下,后续不在添加软连接或环境变量。

编译安装

执行make && make install命令,进行编译安装

[root@localhost Python-3.6.9]# ls

aclocal.m4    config.status  configure.ac  Include     LICENSE   Makefile.pre     Modules  PC        pyconfig.h     README.rst

config.guess  config.sub     Doc           install-sh  Mac       Makefile.pre.in  Objects  PCbuild   pyconfig.h.in  setup.py

config.log    configure      Grammar       Lib         Makefile  Misc             Parser   Programs  Python         Tools

[root@localhost Python-3.6.9]# make && make install

配置环境变量

安装完成之后,可以通过配置环境变量,或者软连,方便使用。在/etx/profile中的最后添加安装安装目录的bin目录,PATH=/opt/Python/Python369/bin:$PATH

屏幕日志:

[root@localhost ~]# tail -f /etc/profile

            . "$i" >/dev/null

        fi

    fi

done

unset i

unset -f pathmunge

# Python settings

PATH=/opt/Python/Python369/bin:$PATH

使用命令source /etc/profile,重新加载配置,使之生效。

环境部署

这步主要是配置阿里镜像源,epel,安装Mariadb,Redis,Git,Docker,Nginx服务

配置epel源

yum install -y epel-release

安装Mariadb,Redis,Git,Docker,Nginx,git服务

yum -y install redis mariadb mariadb-devel mariadb-server mariadb-shared nginx git

配置开机启动

systemctl enable redis mariadb nginx docker

启动redis和mariadb

systemctl start redis mariadb

创建Python虚拟环境,并加载虚拟环境

python3.6 -m venv /opt/py3

. /opt/py3/bin/activate

数据库中创建jumpserver用户及其数据库,并且将jumpserver数据库授权给jumpserver用户。

create database  jumpserver default charset 'utf8';

grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'Jumpserver1!';

屏幕信息:

MariaDB [(none)]> create database  jumpserver default charset 'utf8';

Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> show databases;

+--------------------+

| Database           |

+--------------------+

| information_schema |

| jumpserver         |

| mysql              |

| performance_schema |

| test               |

+--------------------+

5 rows in set (0.00 sec)

MariaDB [(none)]> grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'Jumpserver1!';

Query OK, 0 rows affected (0.00 sec)

安装Jumpserver

这里主要是下载jumpserver的安装包,Python的三方库的安装,docker拉取相关组件,Jumpserver安装在/opt下,所以,文件都下载在/opt/下,首先移动到/opt/目录下

使用Git克隆jumpserver项目,并且切换到1.4.8版本

cd /opt

git clone https://github.com/jumpserver/jumpserver.git

cd /opt/jumpserver

git checkout 1.4.8

屏幕信息:

[root@localhost opt]# git clone https://github.com/jumpserver/jumpserver.git

Cloning into 'jumpserver'...

remote: Enumerating objects: 43783, done.

remote: Total 43783 (delta 0), reused 0 (delta 0), pack-reused 43783

Receiving objects: 100% (43783/43783), 52.94 MiB | 59.00 KiB/s, done.

Resolving deltas: 100% (30028/30028), done.

[root@localhost opt]# ls

jumpserver  Python

[root@localhost opt]# cd jumpserver/

[root@localhost jumpserver]# git checkout 1.4.8

Note: checking out '1.4.8'.

You are in 'detached HEAD' state. You can look around, make experimental

changes and commit them, and you can discard any commits you make in this

state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may

do so (now or later) by using -b with the checkout command again. Example:

  git checkout -b new_branch_name

HEAD is now at 232674b... Merge pull request #2423 from jumpserver/dev

安装jumpserver依赖项

cd /opt/jumpserver/requirements

yum install -y $(cat rpm_requirements.txt)

pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/

修改jumpserver配置文件

cd /opt/jumpserver

cp config_example.yml config.yml

vim config.yml

# 注意 SECRET_KEY 和 BOOTSTRAP_TOKEN 不能使用纯数字字符串

修改config.yml中的配置信息,SECRET_KEY,BOOTSTRAP_TOKEN,MySQL的配置项。

启动jumpserver

$ cd /opt/jumpserver

$ ./jms start  # 可以 -d 参数在后台运行 ./jms start -d

注意:

启动前确保已经载入py3虚拟环境

安装coco组件

使用git克隆项目,并且切换到1.4.8版本,注意:

koko组件不支持jumpserver1.4.8

cd /opt

git clone https://github.com/jumpserver/coco.git

cd /opt/coco/

git checkout 1.4.8

屏幕信息:

(py3) [root@localhost opt]# git clone https://github.com/jumpserver/coco.git

Cloning into 'coco'...

remote: Enumerating objects: 98, done.

remote: Counting objects: 100% (98/98), done.

remote: Compressing objects: 100% (74/74), done.

remote: Total 3748 (delta 43), reused 46 (delta 22), pack-reused 3650

Receiving objects: 100% (3748/3748), 2.03 MiB | 800.00 KiB/s, done.

Resolving deltas: 100% (2407/2407), done.

(py3) [root@localhost opt]# cd coco/

(py3) [root@localhost coco]# git checkout 1.4.8

Note: checking out '1.4.8'.

You are in 'detached HEAD' state. You can look around, make experimental

changes and commit them, and you can discard any commits you make in this

state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may

do so (now or later) by using -b with the checkout command again. Example:

  git checkout -b new_branch_name

HEAD is now at 74582ea... Merge pull request #191 from jumpserver/dev

安装coco依赖项

cd /opt/coco/requirements

pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/

coco配置

cd /opt/coco

cp config_example.yml config.yml

vim config.yml  # BOOTSTRAP_TOKEN 需要从 jumpserver/config.yml 里面获取, 保证一致

参考一下信息修改:

# Bootstrap Token, 预共享秘钥, 用来注册coco使用的service account和terminal

# 请和jumpserver 配置文件中保持一致,注册完成后可以删除

BOOTSTRAP_TOKEN: NGMhSQlXvtpsi0xClRtzeqeqMPsCAy01JmApWtGtNsPwFJiQz

启动coco组件

./cocod start    # 可以 -d 参数在后台运行 ./jms start -d

屏幕信息:

(py3) [root@localhost coco]# ./cocod start -d

Use eventlet dispatch

2019-09-21 14:58:27 [service INFO] No access key found, register it

Start coco process

安装guacamole组件

cd /opt

git clone https://github.com/jumpserver/docker-guacamole.git

cd /opt/docker-guacamole

tar xf guacamole-server-1.0.0.tar.gz

cd /opt/docker-guacamole/guacamole-server-1.0.0

安装包含ffmpeg的yum源

cd ~

wget https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm 2

wget https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm 1

rpm -ivh *.rpm

安装编译guacamole依赖项

cd /opt/docker-guacamole/guacamole-server-1.0.0

yum install -y cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel

yum install -y ffmpeg-devel freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel libtool java-1.8.0-openjdk

ln -s /usr/local/lib/freerdp/*.so /usr/lib64/freerdp2/

autoreconf -fi

./configure --with-init-dir=/etc/init.d

make

make install

注意:

/usr/lib64/freerdp2/有可能是/usr/lib64/freerdp/,请查看改成相对应的目录名

安装Tomcat

mkdir -p /config/guacamole /config/guacamole/lib /config/guacamole/extensions /config/guacamole/data/log/

cd /config

wget https://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v9.0.26/bin/apache-tomcat-9.0.26.tar.gz

tar xf apache-tomcat-9.0.26.tar.gz

mv apache-tomcat-9.0.26.tar.gz tomcat9

rm -rf /config/tomcat9/webapps/*

sed -i 's/Connector port="8080"/Connector port="8081"/g' /config/tomcat9/conf/server.xml

echo "java.util.logging.ConsoleHandler.encoding = UTF-8" >> /config/tomcat9/conf/logging.properties

ln -sf /opt/docker-guacamole/guacamole-1.0.0.war /config/tomcat9/webapps/ROOT.war

ln -sf /opt/docker-guacamole/guacamole-auth-jumpserver-1.0.0.jar /config/guacamole/extensions/guacamole-auth-jumpserver-1.0.0.jar

ln -sf /opt/docker-guacamole/root/app/guacamole/guacamole.properties /config/guacamole/guacamole.properties

wget https://github.com/ibuler/ssh-forward/releases/download/v0.0.5/linux-amd64.tar.gz

tar xf linux-amd64.tar.gz -C /bin/

chmod +x /bin/ssh-forward

设置 guacamole 环境

export JUMPSERVER_SERVER=http://127.0.0.1:8080  # http://127.0.0.1:8080 指 jumpserver 访问地址

echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc

# BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN 值

export BOOTSTRAP_TOKEN=******

echo "export BOOTSTRAP_TOKEN=******" >> ~/.bashrc

export JUMPSERVER_KEY_DIR=/config/guacamole/keys

echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc

export GUACAMOLE_HOME=/config/guacamole

echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc

启动

/etc/init.d/guacd start

sh /config/tomcat9/bin/startup.sh

docker部署guacamole组件

使用docker部署,部分环境可能无法正常编译安装

$ docker run --name jms_guacamole -d -p 127.0.0.1:8081:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=<Jumpserver_BOOTSTRAP_TOKEN> jumpserver/jms_guacamole:<Tag>

# <Jumpserver_url> 为 jumpserver 的 url 地址, <Jumpserver_BOOTSTRAP_TOKEN> 需要从 jumpserver/config.yml 里面获取, 保证一致, <Tag> 是版本

# 例: docker run --name jms_guacamole -d -p 127.0.0.1:8081:8081 -e JUMPSERVER_SERVER=http://192.168.244.144:8080 -e BOOTSTRAP_TOKEN=abcdefg1234 jumpserver/jms_guacamole:1.5.2

安装luna组件

cd /opt

wget https://github.com/jumpserver/luna/releases/download/1.5.2/luna.tar.gz

tar xf luna.tar.gz

chown -R root:root luna

安装nginx

yum install yum-utils

创建文件/etc/yum.repos.d/nginx.repo,并写入一下内容:

[nginx-stable]

name=nginx stable repo

baseurl=http://nginx.org/packages/centos/$releasever/$basearch/

gpgcheck=1

enabled=1

gpgkey=https://nginx.org/keys/nginx_signing.key

[nginx-mainline]

name=nginx mainline repo

baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/

gpgcheck=1

enabled=0

gpgkey=https://nginx.org/keys/nginx_signing.key

安装nginx

yum-config-manager --enable nginx-mainline

yum install nginx

Nginx整合组件

rm -rf /etc/nginx/conf.d/default.conf

vim /etc/nginx/conf.d/jumpserver.conf

jumpserver.conf中的配置如下:

server {

    listen 80;

    client_max_body_size 100m;  # 录像及文件上传大小限制

    location /luna/ {

        try_files $uri / /index.html;

        alias /opt/luna/;  # luna 路径, 如果修改安装目录, 此处需要修改

    }

    location /media/ {

        add_header Content-Encoding gzip;

        root /opt/jumpserver/data/;  # 录像位置, 如果修改安装目录, 此处需要修改

    }

    location /static/ {

        root /opt/jumpserver/data/;  # 静态资源, 如果修改安装目录, 此处需要修改

    }

    location /socket.io/ {

        proxy_pass       http://localhost:5000/socket.io/;

        proxy_buffering off;

        proxy_http_version 1.1;

        proxy_set_header Upgrade $http_upgrade;

        proxy_set_header Connection "upgrade";

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header Host $host;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        access_log off;

    }

    location /coco/ {

        proxy_pass       http://localhost:5000/coco/;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header Host $host;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        access_log off;

    }

    location /guacamole/ {

        proxy_pass       http://localhost:8081/;

        proxy_buffering off;

        proxy_http_version 1.1;

        proxy_set_header Upgrade $http_upgrade;

        proxy_set_header Connection $http_connection;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header Host $host;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        access_log off;

    }

    location / {

        proxy_pass http://localhost:8080;

        proxy_set_header X-Real-IP $remote_addr;

        proxy_set_header Host $host;

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    }

}

常见问题

数据库无权限链接

如果使用MySQL数据库,启动jumpserver报数据库链接异常,无权限链接,

如果是由于登录主机名不一致造成的,使用以下方法处理:

需要在/etc/my.conf中的[mysqld]选项中添加--skip-grant-tables,然后重启MySQL服务。登录MySQL,使用SQLgrant all on jumpserver.* to 'jumpserver'@'%' identified by 'Jumpserver1!';修改登录的主机名,然后执行flush privileges;刷新权限。

安装python-gssapi

如果pip安装python-gssapi==0.6.4,已在卡在这一步,需要退出,下载安装包,移动到安装包所在目录,使用pip install python-gssapi-0.6.4.tar.gz

下载链接是https://files.pythonhosted.org/packages/a4/9e/648b4e85235097edcee561c986f7075cb1606be24c514cfcdd2930e35c5e/python-gssapi-0.6.4.tar.gz

安装之后,移动到/opt/jumpserver/requirements目录下,使用pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/继续安装

使用git克隆仓库卡住

如果使用git克隆仓库是,卡在接受对象是,可能是由于网络的原因,可推出重新克隆,或者是使用浏览器下载zip包之后上传服务器,解压。

CentOS7 安装JumpServer的更多相关文章

  1. 其他综合-CentOS7 安装 Jumpserver 跳板机

    CentOS7 安装 Jumpserver 跳板机 1.实验描述 搭建 jumpserver 平台,实现有效的运维安全审计.完美做到事先防范,事中控制和事后溯源 2.实验环境 物理机系统:Window ...

  2. CentOS6和CentOS7安装jumpserver

    1.1 jumpserver安装 同步时间:ntpdate ntp1.aliyun.com 关闭selinux 关闭防火墙 系统字体修改成英文 1.1.1 安装依赖(前提需要epel源) yum in ...

  3. Centos7.4下安装Jumpserver 1.0.0(支持windows组件)

    0)系统环境CentOS 7.4 IP: 192.168.100.10 [root@jumpserver-server ~]# cat /etc/redhat-release CentOS Linux ...

  4. Centos7.3下安装Jumpserver 1.0.0(支持windows组件)

    Jumpserver最新版本支持windows组件,废话不多介绍了,下面直接介绍下部署过程: 0)系统环境 CentOS 7.3 IP: 192.168.10.210 [root@jumpserver ...

  5. centos7安装部署jumpserver

    一.系统环境准备1.查看系统版本 # cat /etc/redhat-release // 查看系统版本 CentOS Linux release (Core) # uname -a // 查看系统信 ...

  6. Centos7.4.1708安装Jumpserver

    Jumpserver 环境要求:硬件配置: 2个CPU核心, 4G 内存, 50G 硬盘(最低)操作系统: Linux 发行版 x86_64Python = 3.6.xMysql Server ≥ 5 ...

  7. 安装jumpserver

    Centos7.5 安装jumpserver 同步服务器时间 #下载 [root@jumpserver ~]# yum install ntpdate -y #同步时间 [root@jumpserve ...

  8. jumpserverv0.5.0 基于 CentOS7安装部署

    基于 CentOS 7 一步一步安装 Jumpserver 0.5.0 环境 系统: CentOS 7 IP: 192.168.244.144 关闭 selinux和防火墙 # CentOS 7 $ ...

  9. CentOS7安装部署jumpserver0.5

    组件说明 Jumpserver为管理后台,管理员可以通过Web页面进行资产管理.用户管理.资产授权等操作; Coco为SSH Server和Web Terminal Server.用户可以通过使用自己 ...

随机推荐

  1. 10-Perl 循环

    1.Perl 循环一般情况下,语句是按顺序执行的:函数中的第一个语句先执行,接着是第二个语句,依此类推.有的时候,可能需要多次执行同一块代码.编程语言提供了更为复杂执行路径的多种控制结构.循环语句允许 ...

  2. linux mint 安装微信

    安装nodejs 到nodejs官网下载node js压缩包,然后解压到自己设置的目录.我的解压路径是 /home/congwiny/Develop/SoftWare/node-v6.10.3-lin ...

  3. Java对象的序列化和反序列化介绍

    一.什么序列化和反序列化以及作用: java序列化是指把java对象转换为字节序列的过程,而java反序列化是指把字节序列恢复为java对象的过程 1.序列化: 1)对象序列化的最主要的用处就是在传递 ...

  4. Line 算法与deepwalk的对比 和个人理解

    用户的关注关系本身就是一个图结构,要从用户关注关系生成用户的embedding表示,其实就是做graph的emebding表示. deepwalk+word2vec 比较简单,效果也还可以.这种方法再 ...

  5. Delphi 卡通控件

    樊伟胜

  6. 原创:(一)TCP/IP学习笔记之概述

    端到端论点和命运共享其实不应该在底层,差错控制应该在应用程序附近来实现.这是因为考虑了连接,而不是传输的准确,因为差错可以根据某些算法(通信中的滤波等)来恢复,不过在大面积网络出现问题的时候有必要进行 ...

  7. QTP(12)

    练习:录制两位数加法器加法计算后退出的步骤,对两个加数做随机数参数化,随机数范围是0-50,在计算后获得被测系统计算的结果,判断如果结果等于100,msgbox提示“满分”,如果结果在80和99之间, ...

  8. zencart产品批量表上传后SEO三要素状态以及特价时间修改

    ', metatags_products_name_status ', metatags_model_status ', metatags_price_status ', metatags_title ...

  9. python 获取安装包apk, ipa 信息

    # -*- coding:utf-8 -*- import re import os import zipfile from biplist import * from androguard.core ...

  10. 清除input输入框的历史记录

    当之前的input框输入了数据后,下次输入有历史记录问题的解决方法 <input id="vhcl_no"  type="text"  autocompl ...