Jumpserver单机源码部署

Administrator 0 2022-12-28

Jumpserver单机源码部署

1、环境准备

关闭防火墙/SELinux等

vim /etc/selinux/config

修改##SELINUX=disable

systemctl disable firewalld.service

2、下载社区版软件包

wget https://github.com/jumpserver/jumpserver/releases/download/v2.2.2/jumpserver-v2.2.2.tar.gz

安装依赖软件

yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git
yum install libffi-devel -y

3、安装python3

wget https://www.python.org/ftp/python/3.7.0/Python-3.7.0.tgz
tar -zxvf Python-3.7.0.tgz
cd Python-3.7.0/
./configure --prefix=/usr/local/python3
make -j 4 && make install
ln -s /usr/local/python3/bin/python3 /usr/bin/python3
ln -s /usr/local/python3/bin/pip3 /usr/bin/pip3

建立python虚拟环境, 也可以不弄

cd /opt
python3 -m venv jumpy # 创建
source /opt/jumpy/bin/activate #开启

安装jumpserver

cd /opt/
tar -xf jumpserver-v2.2.2.tar.gz
rm jumpserver-v2.2.2.tar.gz
mv jumpserver-v2.2.2/ jumpserver
cd jumpserver
cd requirements/

安装依赖 yum/python/redis等

yum install -y $(cat rpm_requirements.txt)

pip安装需要在虚拟python中, 以阿里源安装

pip install wheel -i Simple Index
pip install --upgrade pip setuptools -i Simple Index
pip install -r requirements.txt -i Simple Index

4、安装redis、mysql数据库

yum install redis -y
systemctl enable --now redis

由于mariadb不支持json类型, 改用mysql
#yum install mariadb mariadb-devel mariadb-server -y
#systemctl enable --now mariadb

wget -i -c http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm
yum -y install mysql57-community-release-el7-10.noarch.rpm
rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
yum -y install mysql-community-server
systemctl enable --now mysqld.service

初次安装mysql会随机一次密码, 并规定须修改密码后才能正常使用

cat /var/log/mysqld.log | grep -i pass
2022-01-13T08:03:30.631058Z 1 Note A temporary password is generated for root@localhost: _njl5ehUX46K

alter user user() identified by "passwd"; #修改初始密码

5、创建数据库

mysql -uroot -ppasswd
create database jumpserver default charset 'utf8'; # 创建数据库
grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'passwd'; # 授权jumpserver用户在本地对jumpserver数据库的任意表有全部权限

修改jumpserver配置文件

cd /opt/jumpserver/
cp config_example.yml config.yml

vim config.yml

SECRET_KEY: 123456a
BOOTSTRAP_TOKEN: kiwigame52077 #TOKEN要与koko配置文件一致
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: passwd
DB_NAME: jumpserver

jumpserver表构建

cd /opt/jumpserver/
cd utils/
bash make_migrations.sh

6、安装koko

cd /opt
wget https://github.com/jumpserver/koko/releases/download/v2.2.2/koko-v2.2.2-linux-amd64.tar.gz
tar -xf koko-master-linux-amd64.tar.gz
mv koko-v2.2.2-linux-amd64 koko
chown -R root:root koko
cd koko
cp config_example.yml config.yml

vim config.yml

BOOTSTRAP_TOKEN: kiwigame52077 # 需要和jumpserver配置的相同

后台启动

./koko -d

7、安装lina

cd /opt
wget https://github.com/jumpserver/lina/releases/download/v2.2.2/lina-v2.2.2.tar.gz
tar -xf lina-v2.17.3.tar.gz
mv lina-v2.17.3 lina

8、安装luna

wget wget https://github.com/jumpserver/luna/releases/download/v2.2.2/luna-v2.2.2.tar.gz
tar -zxvf luna.tar.gz
chown -R root:root luna

9、安装配置nginx

yum -y install nginx
rm -rf /etc/nginx/config.d/default.conf
cd /etc/nginx/conf.d/
touch jumpserver.conf

vim jumpserver.conf

server {
listen 8099;
client_max_body_size 100m; # 录像及文件上传大小限制
location /ui/ {
try_files $uri / /index.html;
alias /opt/lina/;
}
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
}
location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

#设置nginx启动、设置开机自启

systemctl enable --now nginx

10、启动jumpserver

cd /opt/jumpserver
./jms start all -d #启动所有服务 -d=后台

11、错误集合

redis.exceptions.ResponseError: wrong number of arguments for 'hset' command
修改/opt/jumpy/lib/python3.7/site-packages/redis/commands/core.py文件中第4835行 HSET改为HMSET
Halo