一站式部署Jumpserver
博文大纲:
1、Jumpserver简介
2、安装Jumpserver准备环境
3、配置Python 3环境
4、安装Jumpserver
5、安装mariadb、redis并配置jumpserver
6、安装coco组件并配置
7、安装guacamole及luna
8、安装nginx
9、客户端访问测试前端
1、Jumpserver简介
Jumpserver是全球首款彻底开源的堡垒机,使用GNU GPL v2.0开源协议,是符合4A的专业运维审计系统。python
Jumpserver 使用 Python / Django 进行开发, 遵循 Web 2.0 规范, 配备了业界领先的 Web Terminal 解决方案, 交互界面美观、用户体验好。mysql
Jumpserver 采纳分布式架构, 支持多机房跨区域部署, 中心节点提供 API, 各机房部署登陆节点, 可横向扩展、无并发访问限制。linux
Jumpserver 现已支持管理 SSH、 Telnet、 RDP、 VNC 协议资产。nginx
Jumpserver的特色:git
- 彻底开源;
- Python编写,易于二次开发;
- 实现跳板机的基本功能、认证、受权、审计;
- 集成了Ansiable,实现批量操做命令等;
- 支持web终端;
- Bootstrap编写,界面美观;
- 自动收集硬件信息;
- 录像回放、命令搜索、实时监控;
2、安装Jumpserver准备环境
下载所需软件包web
(1)安装环境要求
- 硬件配置:2个CPU核心、4G内存、50G硬盘(最低);
- 操做系统:Linux 发行版 x86_64;
- python环境3.6.x以上;
- 数据库:msyq或者mariadb,l版本必须是5.6以上;
- Redis;
(2)Jumpserver的相关组件
- Jumpserver:管理后台,管理员能够经过Web页面进行资产管理、用户管理、资产受权等操做;用户能够经过Web页面进行资产登陆、文件管理等操做;
- koko:提供SSH Server 和 Web Terminal Server 。用户可使用本身的帐户经过 SSH 或者 Web Terminal 访问 SSH 协议和 Telnet 协议资产;
- Luna:提供Web Terminal Server前端页面,用户使用Web Termina方式登陆所需组件;
- Guacamole:为 RDP 协议和 VNC 协议资产组件, 用户能够经过 Web Terminal 来链接 RDP 协议和 VNC 协议资产(经常使用于windows服务器);
(3)相关组件端口、配置文件说明
如图:
redis
- Jumpserver默认Web端口为8080/tcp、默认WS端口为8070/tcp;配置文件为jumpserver/config.yml;
- koko默认SSH端口为2222/tcp、默认为Web Terninal端口为5000/tcp;配置文件为koko/config.yml;
- Guacamole默认端口为 8081/tcp; 配置文件为/config/tomcat9/conf/server.xml
- Nginx默认端口为 80/tcp;
- Redis默认端口为 6379/tcp;
- Mysql/mariadb默认端口为 3306/tcp;
(4)使系统支持中文环境
[root@jumpserver ~]# localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 [root@jumpserver ~]# export LC_ALL=zh_CN.UTF-8 [root@jumpserver ~]# echo 'LC_ALL=zh_CN.UTF-8' > /etc/locale.conf
3、配置Python 3环境
[root@jumpserver ~]# yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git //下载所需依赖 [root@jumpserver ~]# tar xf Python-3.6.1.tar.xz -C /usr/src [root@jumpserver ~]# cd /usr/src/Python-3.6.1/ [root@jumpserver Python-3.6.1]# ./configure && make && make install //编译安装python 3环境 [root@jumpserver Python-3.6.1]# cd /opt [root@jumpserver opt]# python3 -m venv py3 [root@jumpserver opt]# source /opt/py3/bin/activate (py3) [root@jumpserver opt]# //出现这样的字符表示在python 3虚拟环境成功 (py3) [root@jumpserver opt]# unzip autoenv.zip (py3) [root@jumpserver opt]# echo "source /opt/autoenv/activate.sh" >> /root/.bashrc (py3) [root@jumpserver opt]# source /root/.bashrc //使用autoenv设置为自动载入python 3的虚拟环境
4、安装Jumpserver
(py3) [root@jumpserver opt]# unzip jumpserver.zip (py3) [root@jumpserver opt]# echo "source /opt/py3/bin/activate" > /opt/jumpserver/.env (py3) [root@jumpserver opt]# cd jumpserver/ autoenv: autoenv: WARNING: autoenv: This is the first time you are about to source /opt/jumpserver/.env: autoenv: autoenv: --- (begin contents) --------------------------------------- autoenv: source /opt/py3/bin/activate$ autoenv: autoenv: --- (end contents) ----------------------------------------- autoenv: autoenv: Are you sure you want to allow this? (y/N) y //输入“y”表示自动载入python3环境 (py3) [root@jumpserver jumpserver]# cd requirements/ (py3) [root@jumpserver requirements]# yum -y install $(cat rpm_requirements.txt) //安装所需依赖 (py3) [root@jumpserver requirements]# pip install --upgrade pip (py3) [root@jumpserver requirements]# pip install wheel (py3) [root@jumpserver requirements]# pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/ //安装python所需依赖
5、安装mariadb、redis并配置jumpserver
安装mariadbsql
(py3) [root@jumpserver requirements]# yum -y install mariadb mariadb-devel mariadb-server (py3) [root@jumpserver requirements]# systemctl start mariadb (py3) [root@jumpserver requirements]# mysqladmin -u root password 123.com (py3) [root@jumpserver requirements]# mysql -u root -p123.com MariaDB [(none)]> create database jumpserver default charset 'utf8' ; MariaDB [(none)]> grant all on jumpserver.* to jumpserver@127.0.0.1 identified by '123.com'; MariaDB [(none)]> flush privileges; (py3) [root@jumpserver requirements]# ss -lnt | grep 3306 LISTEN 0 50 *:3306 *:*
安装redisdocker
(py3) [root@jumpserver requirements]# yum -y install redis (py3) [root@jumpserver requirements]# systemctl start redis (py3) [root@jumpserver requirements]# ss -lnt | grep 6379 LISTEN 0 128 127.0.0.1:6379 *:*
配置jumpserver
(py3) [root@jumpserver ~]# cd /opt/jumpserver/ (py3) [root@jumpserver jumpserver]# cp config_example.yml config.yml #生成秘钥令牌 (py3) [root@jumpserver jumpserver]# SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` (py3) [root@jumpserver jumpserver]# echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc (py3) [root@jumpserver jumpserver]# BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16` (py3) [root@jumpserver jumpserver]# echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc (py3) [root@jumpserver jumpserver]# sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml (py3) [root@jumpserver jumpserver]# sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml (py3) [root@jumpserver jumpserver]# sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml (py3) [root@jumpserver jumpserver]# sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml (py3) [root@jumpserver jumpserver]# sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: False/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml (py3) [root@jumpserver jumpserver]# sed -i "s/DB_PASSWORD: /DB_PASSWORD: 123.com/g" /opt/jumpserver/config.yml (py3) [root@jumpserver jumpserver]# echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m" 你的SECRET_KEY是 UmIWcyEGJN6JfCbCYnthtlK7z4wQ8HwlEL2DagdBxPJjWWRdSN (py3) [root@jumpserver jumpserver]# echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m" 你的BOOTSTRAP_TOKEN是 qFs86ALWXpamrBaH (py3) [root@jumpserver jumpserver]# egrep -v '^$|^#' config.yml SECRET_KEY: UmIWcyEGJN6JfCbCYnthtlK7z4wQ8HwlEL2DagdBxPJjWWRdSN BOOTSTRAP_TOKEN: qFs86ALWXpamrBaH DEBUG: false LOG_LEVEL: ERROR DB_ENGINE: mysql DB_HOST: 127.0.0.1 DB_PORT: 3306 DB_USER: jumpserver DB_PASSWORD: 123.com DB_NAME: jumpserver HTTP_BIND_HOST: 0.0.0.0 HTTP_LISTEN_PORT: 8080 REDIS_HOST: 127.0.0.1 REDIS_PORT: 6379 (py3) [root@jumpserver jumpserver]# ./jms start all -d (py3) [root@jumpserver jumpserver]# ss -lnt | grep 8080 LISTEN 0 128 *:8080 *:*
6、安装coco组件并配置
(py3) [root@jumpserver opt]# unzip coco.zip (py3) [root@jumpserver opt]# cd coco (py3) [root@jumpserver coco]# echo "source /opt/py3/bin/activate" > /opt/coco/.env (py3) [root@jumpserver coco]# cd requirements/ autoenv: autoenv: WARNING: autoenv: This is the first time you are about to source /opt/coco/.env: autoenv: autoenv: --- (begin contents) --------------------------------------- autoenv: source /opt/py3/bin/activate$ autoenv: autoenv: --- (end contents) ----------------------------------------- autoenv: autoenv: Are you sure you want to allow this? (y/N) y (py3) [root@jumpserver requirements]# yum -y install $(cat rpm_requirements.txt) (py3) [root@jumpserver requirements]# pip install -r requirements.txt (py3) [root@jumpserver requirements]# cd .. (py3) [root@jumpserver coco]# cp config_example.yml config.yml (py3) [root@jumpserver coco]# echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m" 你的BOOTSTRAP_TOKEN是 qFs86ALWXpamrBaH (py3) [root@jumpserver coco]# sed -i "s/BOOTSTRAP_TOKEN: <PleasgeChangeSameWithJumpserver>/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" config.yml (py3) [root@jumpserver coco]# sed -i "s/# LOG_LEVEL: INFO/LOG_LEVEL: ERROR/g" config.yml (py3) [root@jumpserver coco]# egrep -v '^$|^#' config.yml CORE_HOST: http://127.0.0.1:8080 BOOTSTRAP_TOKEN: qFs86ALWXpamrBaH //注意保证16个随机字符保证与jumpserver配置文件中的16个随机字符保证一致 LOG_LEVEL: ERROR (py3) [root@jumpserver coco]# ./cocod start -d (py3) [root@jumpserver coco]# ss -lnt | grep 2222 LISTEN 0 5 *:2222 *:*
7、安装guacamole及luna
(py3) [root@jumpserver ~]# yum install -y yum-utils device-mapper-persistent-data lvm2 (py3) [root@jumpserver ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo (py3) [root@jumpserver ~]# yum makecache fast (py3) [root@jumpserver ~]# yum -y install docker-ce (py3) [root@jumpserver ~]# systemctl start docker (py3) [root@jumpserver ~]# docker load < guacamole.tar (py3) [root@jumpserver ~]# docker run --name jms_guacamole -d \ -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \ -e JUMPSERVER_KEY_DIR=/config/guacamole/key \ -e JUMPSERVER_SERVER=http://192.168.1.10:8080 \ jumpserver/guacamole:latest (py3) [root@jumpserver ~]# ss -lnt | grep 8081 LISTEN 0 128 :::8081 :::* (py3) [root@jumpserver ~]# tar zxf luna.tar.gz -C /opt
8、安装nginx
(py3) [root@jumpserver ~]# tar zxf nginx-1.2.4.tar.gz -C /usr/src (py3) [root@jumpserver ~]# cd /usr/src/nginx-1.2.4/ (py3) [root@jumpserver nginx-1.2.4]# ./configure && make && make install (py3) [root@jumpserver nginx-1.2.4]# ln -sf /usr/local/nginx/sbin/nginx /usr/local/bin/ (py3) [root@jumpserver nginx-1.2.4]# cd /usr/local/nginx/conf/ (py3) [root@jumpserver conf]# cp nginx.conf nginx.conf.bak (py3) [root@jumpserver conf]# mv /root/nginx.conf . mv:是否覆盖"./nginx.conf"? y (py3) [root@jumpserver conf]# nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful (py3) [root@jumpserver conf]# nginx (py3) [root@jumpserver conf]# ss -lnt | grep -w 80 LISTEN 0 128 *:80 *:*
9、客户端访问测试
如图:
(1)建立普通用户
此用户用于登陆Jumpserver web页面的用户,建立过程以下:
(2)建立管理用户
此用户主要用于管理后端资源,建立方法以下:
(3)建立系统用户
此用户主要用于登陆后端资产,建立方法以下:
(4)建立后端资产
实验环境,因此就开启一台虚拟机192.168.1.1做为测试(web页面的客户端与后端资产确定不在同一网段,由于用户是经过公网登陆到jumpserver才能够对后端服务器进行操做的)!
(5)建立受权规则
(6)链接后端资产
最后,虽然写文档花费了很多时间,可是仍是建议你们参考Jumpserver官方文档
————————————本文到此结束,感谢阅读——————————————
相关文章
- 1. jumpserver一站式部署安装
- 2. 分布式部署文档 - jumpserver 部署
- 3. jumpserver的部署
- 4. 部署jumpserver
- 5. Jumpserver安装部署
- 6. Jumpserver部署实战
- 7. JumpServer部署使用
- 8. 部署Jumpserver环境
- 9. centos7:Jumpserver安装与部署(一)
- 10. 基于docker-compose部署jumpserver
- 更多相关文章...
- • Maven 自动化部署 - Maven教程
- • ionic 头部与底部 - ionic 教程
- • 使用阿里云OSS+CDN部署前端页面与加速静态资源
- • 委托模式
相关标签/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
欢迎关注本站公众号,获取更多信息
