简介
Jumpserver开源跳板机 是完全开源的项目,安全,透明,免费,虽然开源,以基本拥有跳板机的所有功能,认证,授权,审计,文件上传。官网地址:http://www.jumpserver.org/ 。
操作环境
操作系统:CentOS8.2
安装依赖:
yum install -y python3 python3-pip python3-devel krb5-devel openldap-devel
基础软件-MySQL > 5.6:
可yum安装,也可源码安装;这里我采用源码安装的8.0.19版本,详细过程就不贴上来了,可参见之前的文档。
安装Redis:
wget http://download.redis.io/releases/redis-6.0.4.tar.gz
groupadd -g 415 redis
useradd -g redis -u 415 -s /sbin/nologin -d /data/redis -c "Redis Server" -M redis
tar zxf redis-6.0.4.tar.gz -C /usr/local/src/
cd /usr/local/src/redis-6.0.4/
make PREFIX=/data/redis/ CFLAGS="-fPIC"
make test
make PREFIX=/data/redis/ install
echo 'export PATH=/data/redis/bin/:$PATH' > /etc/profile.d/redis.sh
source /etc/profile.d/redis.sh
redis-cli -v
mkdir /data/redis/{db,logs}
chown -R redis:redis /data/redis/
cp redis.conf /data/redis/
sed -i 's/^bind 127.0.0.1/bind 0.0.0.0/g' /data/redis/redis.conf
sed -i 's#^pidfile /var/run/redis_6379.pid#pidfile /data/redis/redis.pid#g' /data/redis/redis.conf
sed -i 's#^dir ./#dir /data/redis/db#g' /data/redis/redis.conf
sed -i 's#^logfile ""#logfile "/data/redis/logs/redis.log"#g' /data/redis/redis.conf
vim /lib/systemd/system/redis.service
# Redis Service [Unit] Description=Redis Community Server After=network.target [Install] WantedBy=multi-user.target [Service] User=redis Group=redis LimitNOFILE=65535 LimitNPROC=65535 ExecStart=/data/redis/bin/redis-server /data/redis/redis.conf Restart=on-failure
systemctl enable redis systemctl start redis systemctl status redis
创建Jumpserver数据库:
create database jumpserver default charset 'utf8' collate 'utf8_bin'; create user jumpserver@'%' identified by 'JumpSrv123'; grant all on jumpserver.* to jumpserver@'%';
安装Jumpserver-Core
创建并载入py3虚拟环境
python3 -m venv /opt/py3 source /opt/py3/bin/activate
下载&解压
cd ~/tarball/ wget https://github.com/jumpserver/jumpserver/archive/1.5.9.tar.gz -O jumpserver-1.5.9.tar.gz tar zxf jumpserver-1.5.9.tar.gz -C /opt/ mv /opt/jumpserver-1.5.9/ /opt/jumpserver
安装依赖
cd /opt/jumpserver/ cd /opt/jumpserver/requirements/ pip install wheel gssapi pip install --upgrade pip setuptools CFLAGS=-L/usr/local/openssl/lib/ pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple
修改配置文件
cd /opt/jumpserver/ cp config_example.yml config.yml SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16` echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml vim config.yml
... DB_ENGINE: mysql DB_HOST: 127.0.0.1 DB_PORT: 3306 DB_USER: jumpserver DB_PASSWORD: JumpSrv123 DB_NAME: jumpserver ...
启动Jumpserver-Core
./jms start -d
页码: 1 2