手动安装JumpServer

简介

        Jumpserver开源跳板机 是完全开源的项目,安全,透明,免费,虽然开源,以基本拥有跳板机的所有功能,认证,授权,审计,文件上传。官网地址:http://www.jumpserver.org/

操作环境

操作系统:CentOS8.2
安装依赖:

yum install -y python3 python3-pip python3-devel krb5-devel openldap-devel

基础软件-MySQL > 5.6:
可yum安装,也可源码安装;这里我采用源码安装的8.0.19版本,详细过程就不贴上来了,可参见之前的文档。

安装Redis:

wget http://download.redis.io/releases/redis-6.0.4.tar.gz
groupadd -g 415 redis
useradd -g redis -u 415 -s /sbin/nologin -d /data/redis -c "Redis Server" -M redis
tar zxf redis-6.0.4.tar.gz -C /usr/local/src/
cd /usr/local/src/redis-6.0.4/
make PREFIX=/data/redis/ CFLAGS="-fPIC"
make test
make PREFIX=/data/redis/ install
echo 'export PATH=/data/redis/bin/:$PATH' > /etc/profile.d/redis.sh
source /etc/profile.d/redis.sh
redis-cli -v
mkdir /data/redis/{db,logs}
chown -R redis:redis /data/redis/
cp redis.conf /data/redis/
sed -i 's/^bind 127.0.0.1/bind 0.0.0.0/g' /data/redis/redis.conf
sed -i 's#^pidfile /var/run/redis_6379.pid#pidfile /data/redis/redis.pid#g' /data/redis/redis.conf
sed -i 's#^dir ./#dir /data/redis/db#g' /data/redis/redis.conf
sed -i 's#^logfile ""#logfile "/data/redis/logs/redis.log"#g' /data/redis/redis.conf
vim /lib/systemd/system/redis.service
# Redis Service
[Unit]
Description=Redis Community Server
After=network.target

[Install]
WantedBy=multi-user.target

[Service]
User=redis
Group=redis
LimitNOFILE=65535
LimitNPROC=65535
ExecStart=/data/redis/bin/redis-server /data/redis/redis.conf
Restart=on-failure
systemctl enable redis
systemctl start redis
systemctl status redis

创建Jumpserver数据库:

create database jumpserver default charset 'utf8' collate 'utf8_bin';
create user jumpserver@'%' identified by 'JumpSrv123';
grant all on jumpserver.* to jumpserver@'%';

安装Jumpserver-Core

创建并载入py3虚拟环境

python3 -m venv /opt/py3
source /opt/py3/bin/activate

下载&解压

cd ~/tarball/
wget https://github.com/jumpserver/jumpserver/archive/1.5.9.tar.gz -O jumpserver-1.5.9.tar.gz
tar zxf jumpserver-1.5.9.tar.gz -C /opt/
mv /opt/jumpserver-1.5.9/ /opt/jumpserver

安装依赖

cd /opt/jumpserver/
cd /opt/jumpserver/requirements/
pip install wheel gssapi
pip install --upgrade pip setuptools
CFLAGS=-L/usr/local/openssl/lib/ pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple

修改配置文件

cd /opt/jumpserver/
cp config_example.yml config.yml
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
vim config.yml
...
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: JumpSrv123
DB_NAME: jumpserver
...

启动Jumpserver-Core

./jms start -d

 

发表评论

error: Content is protected !!