#!/bin/bash

 # coding: utf-

 # Copyright (c) 

 set -e        #返回值为非0时,退出脚本

 echo "0. 系统的一些配置"

 setenforce  || true

 systemctl stop iptables.service || true >/dev/null >&

 systemctl stop firewalld.service || true >/dev/null >&

 localedef -c -f UTF- -i zh_CN zh_CN.UTF-

 export LC_ALL=zh_CN.UTF-

 echo 'LANG=zh_CN.UTF-8' > /etc/sysconfig/i18n

 echo "1. 备份yum"

 {

 for i in /etc/yum.repos.d/*.repo;do cp $i ${i%.repo}.bak;done

 rm -rf /etc/yum.repos.d/*.repo

 } || {

 echo "yum出错,请更换源重新运行"

 exit 1

 }

 echo "2. 获取网络yum"

 {

 wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/Centos-7.repo >/dev/null 2>&1

 wget -P /etc/yum.repos.d/ http://mirrors.163.com/.help/CentOS7-Base-163.repo >/dev/null 2>&1

 yum clean >/dev/null 2>&1

 yum repolist >/dev/null 2>&1

 } || {

 echo "yum出错,请更换源重新运行"

 exit 1

 }

 echo "3. 安装基本依赖"

 {

 yum update -y>/dev/null && yum install wget unzip epel-release nginx sqlite-devel xz gcc automake zlib-devel openssl-devel redis mariadb mariadb-devel mariadb-server supervisor -y >/dev/null 2>&1

 } || {

 echo "yum出错,请更换源重新运行"

 exit 1

 }

 echo "4. 准备python"

 {

 cd /opt/

 wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz -O /opt/Python-3.6.1.tar.xz >/dev/null 2>&1

 } || {

 echo "pyhton 依赖包下载出错,请尝试使用特殊工具进行手工下载https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz ,并且放至于/opt/Python-3.6.1.tar.xz,如您是手工下载,请注释上面wget命令再运行本脚本"

 exit 1

 }

 {

 tar xf Python-3.6.1.tar.xz && cd Python-3.6.1 && ./configure>/dev/null && make>/dev/null && make install >/dev/null 2>&1

 } || {

 echo "解压或编译python出错,请尝试使用上面的命令手工解压或编译,如手工操作成功,请注释上述代码再运行本脚本"

 exit 1

 }

 {

 python3 -m venv py3

 } || {

 echo "建立python虚拟环境出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本"

 exit 1

 }

 echo "5. 下载jummpserver包并解压"

 {

 wget https://github.com/jumpserver/jumpserver/archive/1.0.0.zip -O /opt/jumpserver.zip >/dev/null 2>&1

 } || {

 echo "下载jumpserver包出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本"

 exit 1

 }

 {

 wget https://github.com/jumpserver/coco/archive/1.0.0.zip -O /opt/coco.zip >/dev/null 2>&1

 } || {

 echo "下载coco包出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本"

 exit 1

 }

 {

 wget https://github.com/jumpserver/luna/releases/download/v1.0.0/luna.tar.gz -O /opt/luna.tar.gz >/dev/null 2>&1

 } || {

 echo "下载luna包出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本"

 exit 1

 }

 {

 cd /opt

 unzip coco.zip >/dev/null && mv coco-1.0.0 coco && unzip jumpserver.zip >/dev/null && mv jumpserver-1.0.0 jumpserver && tar xzf luna.tar.gz >/dev/null 2>&1

 } || {

 echo "解压出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本"

 exit 1

 }

 echo "6. 安装yum依赖"

 {

 yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt) >/dev/null && yum -y install $(cat /opt/coco/requirements/rpm_requirements.txt) >/dev/null 2>&1

 } || {

 echo "安装jumpserver的依赖出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本"

 exit 1

 }

 echo "7. 安装pip依赖"

 {

 python3 -m venv py3 && \

 source /opt/py3/bin/activate && pip install --upgrade pip>/dev/null && pip install -r /opt/jumpserver/requirements/requirements.txt>/dev/null && pip install -r /opt/coco/requirements/requirements.txt >/dev/null 2>&1

 } || {

 echo "安装jumpserver的依赖出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本"

 exit 1

 }

 echo "8. 创建数据库"

 mkdir -p /opt/mysql/share/mysql/

 {

 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/mysql_security.sql?raw=true -O /opt/mysql/mysql_security.sql >/dev/null 2>&1

 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/mysql.cnf?raw=true -O /etc/my.cnf >/dev/null 2>&1

 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/errmsg.sys?raw=true -O /opt/mysql/share/mysql/errmsg.sys >/dev/null 2>&1

 } || {

 echo "下载数据库依赖文件出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本"

 exit 1

 }

 echo "9. 准备文件"

 {

 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/nginx.conf?raw=true -O /etc/nginx/nginx.conf >/dev/null 2>&1

 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/supervisord.conf?raw=true -O /etc/supervisord.conf >/dev/null 2>&1

 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/jumpserver_conf.py?raw=true -O /opt/jumpserver/config.py >/dev/null 2>&1

 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/coco_conf.py?raw=true -O /opt/coco/conf.py >/dev/null 2>&1

 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/start_jms.sh?raw=true -O /opt/start_jms.sh >/dev/null 2>&1

 } || {

 echo "下载配置文件出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本"

 exit 1

 }

 echo "10. 安装docker"

 yum check-update >/dev/null 2>&1

 {

 yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo >/dev/null && yum clean all>/dev/null && yum repolist >/dev/null 2>&1

 yum -y install epel-release docker-ce >/dev/null 2>&1

 systemctl start docker

 tee -a /etc/sysctl.conf <<-EOF

 net.bridge.bridge-nf-call-ip6tables = 1

 net.bridge.bridge-nf-call-iptables = 1

 EOF

 sysctl -p >/dev/null 2>&1

 tee -a /etc/docker/daemon.json <<-EOF

 {

 "registry-mirrors": [

 "https://registry.docker-cn.com"

 ]

 }

 EOF

 } || {

 echo "安装docker 出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本"

 exit 1

 }

 systemctl daemon-reload

 systemctl restart docker

 echo "11. 安装guacamole"

 host_ip=`python -c "import socket;print([(s.connect(('8.8.8.8', 53)), s.getsockname()[0], s.close()) for s in [socket.socket(socket.AF_INET, socket.SOCK_DGRAM)]][0][1])"`

 docker run --name jms_guacamole -d \

 --restart always \

 -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \

 -e JUMPSERVER_KEY_DIR=/config/guacamole/key \

 -e JUMPSERVER_SERVER=http://$host_ip:8080 \

 registry.jumpserver.org/public/guacamole:1.0.0

 echo "12. 配置nginx"

 yum -y install nginx >/dev/null 2>&1

 cat << EOF > /etc/nginx/conf.d/jumpserver.conf

 server {

 listen 80;

 proxy_set_header X-Real-IP $remote_addr;

 proxy_set_header Host $host;

 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

 location /luna/ {

 try_files $uri / /index.html;

 alias /opt/luna/;

 }

 location /media/ {

 add_header Content-Encoding gzip;

 root /opt/jumpserver/data/;

 }

 location /static/ {

 root /opt/jumpserver/data/;

 }

 location /socket.io/ {

 proxy_pass http://localhost:5000/socket.io/; # 如果coco安装在别的服务器,请填写它的ip

 proxy_buffering off;

 proxy_http_version 1.1;

 proxy_set_header Upgrade $http_upgrade;

 proxy_set_header Connection "upgrade";

 }

 location /guacamole/ {

 proxy_pass http://localhost:8081/; # 如果guacamole安装在别的服务器,请填写它的ip

 proxy_buffering off;

 proxy_http_version 1.1;

 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

 proxy_set_header Upgrade $http_upgrade;

 proxy_set_header Connection $http_connection;

 access_log off;

 }

 location / {

 proxy_pass http://localhost:8080; # 如果jumpserver安装在别的服务器,请填写它的ip

 }

 }

 EOF

 mkdir -p /opt/nginx/log && chmod -R 777 /opt/nginx

 {

 systemctl restart nginx

 systemctl enable nginx

 } || {

 service restart nginx

 } || {

 nginx -s reload

 } || {

 echo "请检查nginx的启动命令"

 exit 1

 }

 chmod +x /opt/start_jms.sh

 echo " 安装完成,请运行/opt/start_jms.sh启动jumpserver"

Jumpserver堡垒机搭建(脚本自动化)的更多相关文章

  1. Jumpserver堡垒机搭建

    系统: CentOS 7 IP: 192.168.11.199关闭 selinux 和防火墙 # setenforce # 临时关闭,重启后失效 # systemctl stop firewalld. ...

  2. jumpserver 堡垒机搭建

    1.摘要 Jumpserver 是一款由python编写开源的跳板机(堡垒机)系统,实现了跳板机应有的功能.基于ssh协议来管理,客户端无需安装agent. 特点: 完全开源,GPL授权 Python ...

  3. Docker容器版Jumpserver堡垒机搭建部署方法附Redis

    1.简介 Jumpserver是全球首款完全开源的堡垒机,多云环境下更好用的堡垒机,使用GNU GPL v2.0开源协议,是符合 4A 的专业运维安全审计系统,使用Python / Django 进行 ...

  4. jumpserver 堡垒机环境搭建(图文详解)

    摘要: Jumpserver 是一款由python编写开源的跳板机(堡垒机)系统,实现了跳板机应有的功能.基于ssh协议来管理,客户端无需安装agent. 特点: 完全开源,GPL授权 Python编 ...

  5. jumpserver 堡垒机环境搭建(图文具体解释)

    Jumpserver 是一款由python编写开源的跳板机(堡垒机)系统,实现了跳板机应有的功能.基于ssh协议来管理,客户端无需安装agent. 特点: 全然开源,GPL授权 Python编写.容易 ...

  6. 【转】jumpserver 堡垒机环境搭建(图文详解)

    jumpserver 堡垒机环境搭建(图文详解)   摘要: Jumpserver 是一款由python编写开源的跳板机(堡垒机)系统,实现了跳板机应有的功能.基于ssh协议来管理,客户端无需安装ag ...

  7. jumpserver 堡垒机环境搭建

    jumpserver 堡垒机环境搭建(图文详解) https://blog.csdn.net/my_bai/article/details/62226474   http://docs.jumpser ...

  8. 使用Docker搭建Jumpserver堡垒机

    使用Docker搭建Jumpserver堡垒机 1.环境准备 操作系统:CentOS 7.6.1810 软件源:阿里云镜像 #内核版本(Docker 要求 CentOS 系统的内核版本高于 3.10) ...

  9. jumpserver堡垒机部署

    初稿(后面我有时间再整理一下,看能不能弄成自动化脚本安装): systemctl stop firewalld #关闭防火墙setenforce 0 #关闭selinuxyum install htt ...

随机推荐

  1. PHP+Xdebug实现远程调试

    以前以为php调试时服务器端和IDE必须在同一台机子上,无意发现xdebug其实是支持远程调试的. 尝试之后发现可以配置成功,还是可以调试代码的感觉爽啊!   php所在Ubuntu服务器       ...

  2. VC++ 崩溃处理以及打印调用堆栈

    title: VC++ 崩溃处理以及打印调用堆栈 tags: [VC++, 结构化异常处理, 崩溃日志记录] date: 2018-08-28 20:59:54 categories: windows ...

  3. css3之背景属性之background-size

    一.相关属性: background-image: url(“./img/a.jpg”); //设置元素背景图片 background-repeat: repeat/no-repeat: //设置背景 ...

  4. 利用setTimeoutc处理javascript ajax请求超时

    用过jquery的人都知道里面的$.ajax能设置超时处理及各种错误的抛出,确实好用.原生的js没有对应的方法,还得写各种兼容.在实际运用中,不管请求是否成功都应该做容错处理, 不然用户不知道到底发生 ...

  5. 洛谷11月月赛题解(A-C)

    心路历程 辣鸡T3卡我1.5h题意,要不是最后nlh跟我解释了一下大样例估计这次是真凉透了.. A P4994 终于结束的起点 打出暴力来发现跑的过最大数据?? 保险起见还是去oeis了一波,然后被告 ...

  6. Python-并发编程(协程)

    今天说说协程 一.引子 本节的主题是基于单线程来实现并发,即只用一个主线程(很明显可利用的cpu只有一个)情况下实现并发,为此我们需要先回顾下并发的本质:切换+保存状态 cpu正在运行一个任务,会在两 ...

  7. WinAPI: GetModuleFileName、GetModuleHandle

    原文:http://www.cnblogs.com/del/archive/2008/06/17/1223681.html unit Unit1; interface uses   Windows, ...

  8. 139.00.006 Git学习-标签管理Tag

    @(139 - Environment Settings | 环境配置) 一.Why 发布一个版本时,我们通常先在版本库中打一个标签(tag),这样,就唯一确定了打标签时刻的版本.将来无论什么时候,取 ...

  9. How to import Django DB operations out of Django projects

    i am not familiar with DB opertions. usually i stroe data to txt and other formats. as DB is more an ...

  10. Linux 内核超时导致虚拟机无法正常启动

    问题描述 当 Linux 虚拟机启动时,通过串口输出或者启动日志, 观察到超时的报错.导致虚拟机无法正常启动和连接. 问题分析 常见的超时报错范例如下: 复制 INFO: task swapper:1 ...