Jumpserver部署笔记

组件介绍

核心架构

安装环境

基本环境准备 1.环境准备

非常重要:若是基础环境没有正确安装，后边编译安装软件会报错~

**这是我的实验硬件配置，记得初始化好系统，永久关掉防火墙跟selinux那些，不要装docker，会冲突，然后重启一下再进行部署操作~

hostnamectl set-hostname Jumpserver   #更改主机名

yum源配置

机器提前装好wget工具，便于进行下载

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

2.基础环境安装

yum install -y bash-completion vim lrzsz wget expect nettools nc nmap tree dos2unix htop iftop iotop unzip telnet slpsmisc nethogs glances bc ntpdate openldap-devel

3.第一个里程：需要部署跳板机以来软件，重要*

yum -y install git python-pip gcc automake autoconf pythondevel vim sshpass lrzsz readline-devel zlib zlib-devel openssl openssl-devel

4.修改系统字符集为中文

localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 

export LC_ALL=zh_CN.UTF-8

echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf     #写入配置文件，永久生效

#检查系统字符集

locale

部署mysql15.6 1.获取mysql15.6软件包

wget https://cdn.mysql.com//Downloads/MySQL-5.6/MySQL-5.6.49-1.el7.x86_64.rpm-bundle.tar

2.创建个目录指定解压

mkdir mysql_rpm

tar -xf MySQL-5.6.49-1.el7.x86_64.rpm-bundle.tar -C ./mysql_rpm/

cd mysql_rpm/

3.yum本地批量安装

yum localinstall -y ./*

4.查看mysql默认配置文件

vim /etc/my.cnf     #作如下修改

log-error=/var/log/mysql/mysql.log 
pid-file=/var/run/mysql/mysql.pid

5.查看密码后进行修改

mysql15.6版本默认会生产随机密码，密码文件在

/root/.mysql_secret

*注意-p参数后没有空格，该方式是不安全的，密码会暴露

mysqladmin -uroot -pybZ1U3SFa7RQJCRj password xuyuhan    #z注意修改成自己的密码再复制

最好的方式是进入mysql后再修改密码

mysql -uroot -p      #回车输入密码后登陆

update mysql.user set password=password('xuyuhan') where user='root';

flush privileges;  #必须刷新后，数据库密码才会改变

6.创建jumpserver数据库，修改字符集

create database jumpserver default charset 'utf8'collate 'utf8_bin';

7.创建jumpserver普通用户

create user 'jumpserver'@'%' IDENTIFIED BY 'chaoge888';     #这里我的密码设置为chaoge888

8.给jumpserver用户授权

grant all privileges on jumpserver.* to'jumpserver'@'%' identified by 'chaoge888';

flush privileges;

部署python3.6.10

1.下载

cd /opt && wget https://www.python.org/ftp/python/3.6.10/Python-3.6.10.tgz

tar -zxf Python-3.6.10.tgz

cd Python-3.6.10/

ls

 #指定位置安装，大概一分钟
 
./configure --prefix=/opt/python3-6-10/     

ls

 #编译安装，过程大概三分钟
 
make && make install    

#配置环境变量

echo PATH="/opt/python3-6-10/bin:$PATH" >> /etc/profile    


tail -1 /etc/profile

重新登录会话，可重启下主机

python   #此时按tab键

2.创建python虚拟环境

python3.6 -m venv /opt/py3

#激活虚拟环境，此时PATH变量已经变化，只会影响python命令

3.更换pip下载源

mkdir ~/.pip

vim ~/.pip/pip.conf

#添加以下内容，把pypi默认的下载源换成国内源，一劳永逸解决pypi下载慢的问题

[global]
index-url =  https://mirrors.aliyun.com/pypi/simple/

部署redis

#安装
yum install redis -y   
#启动
systemctl start redis
#设置开机自启
systemctl enable redis   

部署jumpserver 1.下载jumpserver程序

#还是下载到/opt这里
cd /opt &&  wget https://github.com/jumpserver/jumpserver/releases/download/v2.1.0/jumpserver-v2.1.0.tar.gz

#解压
tar -zxvf jumpserver-v2.1.0.tar.gz

#建立软连接
ln -s /opt/jumpserver-v2.1.0//opt/jumpserver 
 

2.安装jumpserver代码依赖模块

#可能需要再次尝试这一步，我这里没报错
#先激活python3虚拟环境，然后安装

source /opt/py3/bin/activate

yum install -y bash-completion vim lrzsz wget expect net-tools nc nmap tree dos2unix htop iftop iotop unzip telnet sl  psmisc nethogs glances bc ntpdate  openldap-devel 

cd /opt/jumpserver-v2.1.0/requirements/  
pip install wheel  
pip install --upgrade pip setuptools 
pip install -r requirements.txt

下边的过程比较漫长，装完该txt列表所有软件，大概4分钟

3.修改jumpserver配置文件

if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom |tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi

if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo
"BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi

备份配置文件
cd /opt/jumpserver-v2.1.0 &&  cp config_example.yml  config.yml   #切记要备份成config.yml 这名称，不然迁移数据库会报错，检查了好久

#修改配置文件，有如下修改
grep -Ev '^#|^$'config.yml

SECRET_KEY: "$SECRET_KEY"
BOOTSTRAP_TOKEN: "$BOOTSTRAP_TOKEN"
DEBUG: true
LOG_LEVEL: DEBUG
SESSION_EXPIRE_AT_BROWSER_CLOSE: false
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: chaoge888
DB_NAME: jumpserver
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
WS_LISTEN_PORT: 8070
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379

4.数据库迁移

python3 /opt/jumpserver-v2.1.0/apps/manage.py makemigrations

python3 /opt/jumpserver-v2.1.0/apps/manage.py migrate

5.启动jms

#确保都是在python虚拟环境下进行

(py3) [root@jumpserver jumpserver-v2.1.0]# cd /opt/jumpserver-v2.1.0
(py3) [root@jumpserver jumpserver-v2.1.0]# ./jms start -d

部署koko

1.下载源代码

#j记得koko版本要跟jumpserver一致，否则无法进行web端远程连接
cd /opt && wget https://github.com/jumpserver/koko/releases/download/v2.21.0/koko-v2.21.0-linux-amd64.tar.gz

2.解压缩并改名

[root@jumpserver opt]# tar -xf koko-v2.21.0-linux-amd64.tar.gz 

[root@jumpserver opt]# mv koo koko

[root@jumpserver opt]# cd koko

[root@jumpserver koko]# ls

3.修改配置文件

[root@jumpserver koko]# cp config_example.yml config.yml

[root@jumpserver koko]# vim config.yml 

#修改后如下

(py3) [root@jumpserver koko 09:45:20]$grep -Ev '^#|^$'/opt/koko/config.yml
CORE_HOST: http://127.0.0.1:8080
BOOTSTRAP_TOKEN: "$BOOTSTRAP_TOKEN"
LOG_LEVEL: INFO
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
REDIS_PASSWORD:
REDIS_CLUSTERS:
REDIS_DB_ROOM:

4.运行koko

(py3) [root@jumpserver koko]# /opt/koko/koko -d    #让koko后台运行
(py3) [root@jumpserver koko]# 

后边要能在web端打开这个文件管理才可以，非正常安装会出现502报错

部署Guacamole

1.下载guacamole

该软件包github已经找不到了，可以通过docker下载，这里直接提供网盘链接

链接: https://pan.baidu.com/s/1nVuD2NEYfEXkb80DPA0rtQ?pwd=2hwd 提取码: 2hwd 复制这段内容后打开百度网盘手机App，操作更方便哦

2.解压缩并改名

(py3) [root@jumpserver opt]# tar -xf guacamole-v2.1.0.tar.gz 

(py3) [root@jumpserver opt]# mv docker-guacamole-2.1.0 guacamole

3.解压执行程序

(py3) [root@jumpserver opt]# cd /opt/guacamole && tar -xf guacamole-server-1.2.0.tar.gz && tar -xf ssh-forward.tar.gz -C /bin/ 

(py3) [root@jumpserver guacamole]# chmod +x /bin/ssh-forward

4.编译安装程序

(py3) [root@jumpserver guacamole]# cd /opt/guacamole/guacamole-server-1.2.0/

5.安装编译所需的依赖环境

根据官方文档的要求来
http://guacamole.apache.org/doc/gug/installing-guacamole.html
#非常重要，必须安装

yum install cairo-devel libjpeg-turbo-devel libpng-devel libtool uuid-devel -y

#可选的依赖环境

yum install  freerdp-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel libwebsockets-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel -y

sudo yum install epel-release -y

sudo rpm -v --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro

sudo rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm

yum install ffmpeg ffmpeg-devell -y

#检查ffmpeg安装

ffmpeg -version

6.编译安装guacamole

cd /opt/guacamole/guacamole-server-1.2.0

./configure --with-init-dir=/etc/init.d

make && make install

7.配置好java环境

yum install -y java-1.8.0-openjdk

8.创建guacamole所需的文件夹

mkdir -p /config/guacamole  /config/guacamole/extensions  /config/guacamole/record  /config/guacamole/drive

chown daemon:daemon /config/guacamole/record  /config/guacamole/drive

cd /config

9.下载tomcat

(py3) [root@jumpserver opt]# cd /opt/ && wget https://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v9.0.62/bin/apache-tomcat-9.0.62.tar.gz

10.部署tomcat与guacamole结合

cd /opt 

tar -xf apache-tomcat-9.0.62.tar.gz 

mv apache-tomcat-9.0.62 tomcat9 

rm -rf /opt/tomcat9/webapps/* 

sed -i 's/Connector port="8080"/Connector port="8081"/g' /opt/tomcat9/conf/server.xml 

echo "java.util.logging.ConsoleHandler.encoding = UTF-8" >> /opt/tomcat9/conf/logging.properties

ln -sf /opt/guacamole/guacamole-1.0.0.war /opt/tomcat9/webapps/ROOT.war 

ln -sf /opt/guacamole/guacamole-auth-jumpserver-1.0.0.jar /config/guacamole/extensions/guacamole-auth-jumpserver-1.0.0.jar 

ln -sf /opt/guacamole/root/app/guacamole/guacamole.properties /config/guacamole/guacamole.properties

12.设置Guacamole运行环境

export JUMPSERVER_SERVER=http://127.0.0.1:8080
echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc

export BOOTSTRAP_TOKEN=FBEVLP0OKHmNqRMl
export BOOTSTRAP_TOKEN=FBEVLP0OKHmNqRMl >> ~/.bashrc 

export JUMPSERVER_KEY_DIR=/config/guacamole/keys
echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >>~/.bashrc

export GUACAMOLE_HOME=/config/guacamole
echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc 

export GUACAMOLE_LOG_LEVEL=ERROR
echo "export GUACAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrc

export JUMPSERVER_ENABLE_DRIVE=true
echo "export JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc

(py3) [root@jumpserver opt]# tail -8 ~/.bashrc

文件内容为

13.启动服务

/etc/init.d/guacd start
sh /opt/tomcat9/bin/startup.sh

部署Lina组件

cd /opt  &&wget https://github.com/jumpserver/lina/releases/download/v2.21.0/lina-v2.21.0.tar.gz

tar -xf lina-v2.21.0.tar.gz

mv lina-v2.21.0.tar.gz  lina

#安装nginx
yum install nginx -y    
systemctl start nginx
systemctl enable nginx

chown -R nginx:nginx lina    # 需要提前装好nginx

部署luna

下载地址：https://github.com/jumpserver/luna/releases

cd /opt &&  wget https://github.com/jumpserver/luna/releases/download/v2.21.0/luna-v2.21.0.tar.gz

tar -zxf luna-v2.21.0.tar.gz

mv /opt/luna-v2.21.0 /opt/luna

chown -R root.root /opt/luna/

部署nginx

1.修改nginx.conf

#修改nginx.conf，去掉原有的虚拟主机地址

cd /etc/nginx/nginx.conf

sed -i  '38,58d' /etc/nginx/nginx.conf

2.新建一个jumpserver.conf配置文件

vim /etc/nginx/conf.d/jumpserver.conf

server {
 listen 80;
 client_max_body_size 100m; #录像及文件上传大小限制

 location /ui/ {
 try_files $uri / /index.html;
 alias /opt/lina/;
 }

 location /luna/ {
 try_files $uri / /index.html;
 alias /opt/luna/;  #luna路径，如果修改安装目录，此处需要修改
 }

 location /media/ {
 add_header Content-Encoding gzip;
 root /opt/jumpserver-v2.1.0/data/; #录像位置，如果修改安装目录，此处需要修改
 }

 location /static/ {
 root /opt/jumpserver-v2.1.0/data/; #静态资源，如果修改安装目录，此处需要修改
 }

 location /koko/ {
 proxy_pass http://localhost:5000;
 proxy_buffering off;
 proxy_http_version 1.1;
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection "upgrade";
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header Host $host;
 proxy_set_header X-Forwarded-For
 $proxy_add_x_forwarded_for;
 access_log off;
 }
location /guacamole/ {
 proxy_pass http://localhost:8081/;
 proxy_buffering off;
 proxy_http_version 1.1;
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection $http_connection;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header Host $host;
 proxy_set_header X-Forwarded-For
 $proxy_add_x_forwarded_for;
 access_log off;
 }

 location /ws/ {
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header Host $host;
 proxy_set_header X-Forwarded-For
 $proxy_add_x_forwarded_for;
 proxy_pass http://localhost:8070;
 proxy_http_version 1.1;
 proxy_buffering off;
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection "upgrade";
 }

 location /api/ {
 proxy_pass http://localhost:8080;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header Host $host;
 proxy_set_header X-Forwarded-For
 $proxy_add_x_forwarded_for;
 }

 location /core/ {
 proxy_pass http://localhost:8080;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header Host $host;
 proxy_set_header X-Forwarded-For
 $proxy_add_x_forwarded_for;
 }

 location / {
 rewrite ^/(.*)$ /ui/$1 last;
 }
}

3.重启nginx服务

nginx -t

nginx -s reload

##执行nginx -t 测试时如果出现错误，记得检查好jumpserver.conf配置文件内容格式，不要少了括号啥的~

至此部署完成jumpserver正确启动

1、访问入口

192.168.230.206:80 #我的主机地址

***记录下这个错误解决方法，部署过程有重启过主机或者nginx服务的，记得要重新进入python3虚拟环境环境重新启动下jms

[root@jumpserver jumpserver-v2.1.0]# source /opt/py3/bin/activate
(py3) [root@jumpserver jumpserver-v2.1.0]# ./jms start -d

再刷新~

2.解决koko组件无法运行方法

至此koko组件其实没法正常运行，导致无法使用权限管理的文件管理以及web端远程连接功能，需要做以下操作解决~ 懒得写了，截图哈哈哈

#执行命令重新生成前请先删掉原本的密钥

if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom |tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi

if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi

各组件启动命令 1、mysql

systemctl start mysql   #启动
systemctl enable mysql  #设置开机自启

2、jms

#确保都是在python虚拟环境下进行

[root@jumpserver jumpserver-v2.1.0]# source /opt/py3/bin/activate   
(py3) [root@jumpserver jumpserver-v2.1.0]# /opt/jumpserver-v2.1.0/jms start -d

3、redis

#启动
systemctl start redis
#设置开机自启
systemctl enable redis   

4、koko

source /opt/py3/bin/activate     #先进入python3虚拟环境

(py3) [root@jumpserver jumpserver-v2.1.0]# /opt/koko/koko -d    #没报错

5、Guacamole与tomcat

/etc/init.d/guacd start
sh /opt/tomcat9/bin/startup.sh

6、nginx

systemctl start nginx    #启动

systemctl status nginx    #查看状态

systemctl restart nginx    #重启

nginx -t    #测试config文件是否正常

nginx -s reload   #重新加载