搭建Jumpserver

安装环境：Centos7.6,4G内存,2核

 如果是自己的虚拟机就要把防火墙和SELinux关掉

编译安装Python3

1.1  安装依赖包

root@iZ1la3d1xbmukrZ ~]# yum -y install wget sqlite-devel xz gcc automake zlib-                                                                                    devel openssl-devel epel-release git
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Package wget-1.14-18.el7_6.1.x86_64 already installed and latest version
Package xz-5.2.2-1.el7.x86_64 already installed and latest version
Package gcc-4.8.5-39.el7.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check

1.2  编译安装

[root@iZ1la3d1xbmukrZ ~]# cd /opt
[root@iZ1la3d1xbmukrZ opt]# tar xvf Python-3.6.1.tar.xz  && cd Python-3.6.1
Python-3.6.1/
Python-3.6.1/Doc/
Python-3.6.1/Doc/c-api/
Python-3.6.1/Doc/c-api/sys.rst
Python-3.6.1/Doc/c-api/conversion.rst
Python-3.6.1/Doc/c-api/marshal.rst
Python-3.6.1/Doc/c-api/coro.rst
Python-3.6.1/Doc/c-api/method.rst

[root@iZ1la3d1xbmukrZ Python-3.6.1]# ./configure && make && make install
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking for python3.6... no
checking for python3... no
checking for python... python
checking for --enable-universalsdk... no
checking for --with-universal-archs... no
checking MACHDEP... linux
checking for --without-gcc... no
checking for --with-icc... no
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... 

安装Jumpserver

2.1  下载项目

    [root@bogon ~]# cd /opt/
    [root@bogon ~]# git clone --depth=1 https://github.com/jumpserver/jumpserver.git && cd jumpserver && git checkout master

注：因为代码一直在更新，这样获取的是最新的代码，很多配置都改变了，使用我用的还是老版本的。 

2.2  安装依赖RPM包

[root@iZ1la3d1xbmukrZ ~]# cd /opt/jumpserver/requirements
[root@iZ1la3d1xbmukrZ ~]# yum -y install $(cat rpm_requirements.txt)  

2.3  安装 Python 库依赖

[root@iZ1la3d1xbmukrZ Python-3.6.1]# pip3 install -r requirements.txt

2.4  安装Redis

root@iZ1la3d1xbmukrZ Python-3.6.1]# yum -y install redis
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package redis.x86_64 0:3.2.12-2.el7 will be installed
--> Processing Dependency: libjemalloc.so.1()(64bit) for package: redis-3.2.12-2                                                                                    .el7.x86_64

[root@iZ1la3d1xbmukrZ Python-3.6.1]# systemctl start redis 

2.5  安装MySQL

[root@iZ1la3d1xbmukrZ Python-3.6.1]# yum -y install mariadb mariadb-devel mariad                                                                                    b-server
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Package 1:mariadb-devel-5.5.64-1.el7.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction ch

2.6  创建数据库 Jumpserver 并授权

[root@iZ1la3d1xbmukrZ Python-3.6.1]# systemctl start mariadb
[root@iZ1la3d1xbmukrZ Python-3.6.1]# mysql
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 5.5.64-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database jumpserver default charset 'utf8';
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identifi                                                                                    ed by '123';
Query OK, 0 rows affected (0.64 sec)

MariaDB [(none)]> exit
Bye

2.7  修改Jumserver配置文件

[root@iZ1la3d1xbmukrZ ~]# cd /opt/jumpserver
[root@iZ1la3d1xbmukrZ ~]# cp config_example.py config.py
[root@iZ1la3d1xbmukrZ ~]# vi config.py
注意：配置文件是Python格式，不要使用TAB，而是用空格

class DevelopmentConfig(Config):
    DEBUG = True
    DB_ENGINE = 'mysql'
    DB_HOST = '127.0.0.1'
    DB_PORT = 3306
    DB_USER = 'jumpserver'
    DB_PASSWORD = '123'
    DB_NAME = 'jumpserver'

class TestConfig(Config):
    pass

 如果你的服务器是阿里云的话，那就要0.0.0.0,127和公网IP都不行

2.8   生成数据库表结构和初始化数据

[root@iZ1la3d1xbmukrZ Python-3.6.1]# cd /opt/jumpserver/utils
[root@iZ1la3d1xbmukrZ utils]# bash make_migrations.sh
2020-02-23 20:02:17 [signals_handler DEBUG] Receive django ready signal
2020-02-23 20:02:17 [signals_handler DEBUG]   - fresh all settings
No changes detected
2020-02-23 20:02:20 [signals_handler DEBUG] Receive django ready signal
2020-02-23 20:02:20 [signals_handler DEBUG]   - fresh all settings
System check identified some issues:

WARNINGS:
?: (mysql.W002) MySQL Strict Mode is not set for database connection 'default'
        HINT: MySQL's Strict Mode fixes many data integrity problems in MySQL, s                                                                                    uch as data truncation upon insertion, by escalating warnings into errors. It is                                                                                     strongly recommended you activate it. See: https://docs.djangoproject.com/en/2.                                                                                    1/ref/databases/#mysql-sql-mode
Operations to perform:
  Apply all migrations: admin, assets, audits, auth, captcha, common, contenttyp                                                                                    es, django_celery_beat, ops, orgs, perms, sessions, terminal, users
Running migrations:
  Applying contenttypes.0001_initial... OK
  Applying contenttypes.0002_remove_content_type_name... OK
  Applying auth.0001_initial... OK
  Applying auth.0002_alter_permission_name_max_length... OK
  Applying auth.0003_alter_user_email_max_length... OK
  Applying auth.0004_alter_user_username_opts... OK
  Applying auth.0005_alter_user_last_login_null... OK
  Applying auth.0006_require_contenttypes_0002... OK
  Applying auth.0007_alter_validators_add_error_messages... OK
  Applying auth.0008_alter_user_username_max_length... OK
  Applying users.0001_initial... OK
  Applying admin.0001_initial... OK
  Applying admin.0002_logentry_remove_auto_add... OK
  Applying admin.0003_logentry_add_action_flag_choices... OK
  Applying assets.0001_initial... OK
  Applying assets.0002_auto_20180927_2128... OK
  Applying users.0002_auto_20171225_1157... OK
  Applying users.0003_auto_20180927_2128... OK
  Applying audits.0001_initial... OK
  Applying auth.0009_alter_user_last_name_max_length... OK
  Applying captcha.0001_initial... OK
  Applying common.0001_initial... OK
  Applying django_celery_beat.0001_initial... OK
  Applying django_celery_beat.0002_auto_20161118_0346... OK
  Applying django_celery_beat.0003_auto_20161209_0049... OK
  Applying django_celery_beat.0004_auto_20170221_0000... OK
  Applying django_celery_beat.0005_add_solarschedule_events_choices... OK
  Applying django_celery_beat.0006_auto_20180210_1226... OK
  Applying ops.0001_initial... OK
  Applying ops.0002_celerytask... OK
  Applying orgs.0001_initial... OK
  Applying perms.0001_initial... OK
  Applying perms.0002_auto_20180927_2128... OK
  Applying sessions.0001_initial... OK
  Applying terminal.0001_initial... OK
  Applying terminal.0002_auto_20180927_2128... OK
2020-02-23 20:02:26 [signals_handler DEBUG] Receive django ready signal
2020-02-23 20:02:26 [signals_handler DEBUG]   - fresh all settings
No conflicts detected to merge.
[root@iZ1la3d1xbmukrZ utils]# cd ..

2.9  运行 Jumpserver

[root@iZ1la3d1xbmukrZ jumpserver]# ./jms start all
Sun Feb 23 20:11:05 2020
Jumpserver version 1.4.1, more see https://www.jumpserver.org

- Start Gunicorn WSGI HTTP Server
Check database structure change ...
2020-02-23 20:11:07 [signals_handler DEBUG] Receive django ready signal
2020-02-23 20:11:07 [signals_handler DEBUG]   - fresh all settings
System check identified some issues:

WARNINGS:
?: (mysql.W002) MySQL Strict Mode is not set for database connection 'default'
        HINT: MySQL's Strict Mode fixes many data integrity problems in MySQL, such as data truncation upon insertion, by escalating warnings into errors. It is strongly recommended you activate it. See: https://docs.djangoproject.com/en/2.1/ref/databases/#mysql-sql-mode
Operations to perform:
  Apply all migrations: admin, assets, audits, auth, captcha, common, contenttypes, django_celery_beat, ops, orgs, perms, sessions, terminal, users
Running migrations:
  No migrations to apply.
Collect static files
2020-02-23 20:11:10 [signals_handler DEBUG] Receive django ready signal
2020-02-23 20:11:10 [signals_handler DEBUG]   - fresh all settings

0 static files copied to '/opt/jumpserver/data/static', 451 unmodified.

- Start Celery as Distributed Task Queue

- Start Beat as Periodic Task Scheduler
[2020-02-23 20:11:10 +0800] [26917] [INFO] Starting gunicorn 19.9.0
[2020-02-23 20:11:10 +0800] [26917] [INFO] Listening at: http://0.0.0.0:8080 (26917)
[2020-02-23 20:11:10 +0800] [26917] [INFO] Using worker: gthread
[2020-02-23 20:11:10 +0800] [26928] [INFO] Booting worker with pid: 26928
[2020-02-23 20:11:10 +0800] [26930] [INFO] Booting worker with pid: 26930
[2020-02-23 20:11:11 +0800] [26933] [INFO] Booting worker with pid: 26933
[2020-02-23 20:11:11 +0800] [26936] [INFO] Booting worker with pid: 26936
celery beat v4.1.0 (latentcall) is starting.
2020-02-23 20:11:14 [signals_handler DEBUG] Receive django ready signal
2020-02-23 20:11:14 [signals_handler DEBUG]   - fresh all settings
2020-02-23 20:11:14 [signals_handler DEBUG] Receive django ready signal
2020-02-23 20:11:14 [signals_handler DEBUG]   - fresh all settings
2020-02-23 20:11:14 [signals_handler DEBUG] Receive django ready signal
2020-02-23 20:11:14 [signals_handler DEBUG]   - fresh all settings
2020-02-23 20:11:15 [signals_handler DEBUG] Receive django ready signal
2020-02-23 20:11:15 [signals_handler DEBUG]   - fresh all settings
2020-02-23 20:11:15 [signals_handler DEBUG] Receive django ready signal
2020-02-23 20:11:15 [signals_handler DEBUG]   - fresh all settings
2020-02-23 20:11:15 [signals_handler DEBUG] Receive django ready signal
2020-02-23 20:11:15 [signals_handler DEBUG]   - fresh all settings
__    -    ... __   -        _
LocalTime -> 2020-02-23 20:11:15
Configuration ->
    . broker -> redis://127.0.0.1:6379/3
    . loader -> celery.loaders.app.AppLoader
    . scheduler -> django_celery_beat.schedulers.DatabaseScheduler

    . logfile -> [stderr]@%DEBUG
    . maxinterval -> 1.00 minute (60.0s)
Setting default socket timeout to 30
beat: Starting...
DatabaseScheduler: initial read
Writing entries...
DatabaseScheduler: Fetching database schedule
Current schedule:
<ModelEntry: terminal.tasks.delete_terminal_status_period terminal.tasks.delete_terminal_status_period(*[], **{}) <freq: 1.00 hour>>
<ModelEntry: terminal.tasks.clean_orphan_session terminal.tasks.clean_orphan_session(*[], **{}) <freq: 1.00 hour>>
<ModelEntry: celery.backend_cleanup celery.backend_cleanup(*[], **{}) <crontab: 0 4 * * * (m/h/d/dM/MY)>>
<ModelEntry: assets.tasks.update_assets_hardware_info_period assets.tasks.update_assets_hardware_info_period(*[], **{}) <freq: 1.00 hour>>
<ModelEntry: assets.tasks.test_admin_user_connectability_period assets.tasks.test_admin_user_connectability_period(*[], **{}) <freq: 1.00 hour>>
<ModelEntry: assets.tasks.test_system_user_connectability_period assets.tasks.test_system_user_connectability_period(*[], **{}) <freq: 1.00 hour>>
beat: Ticking with max interval->1.00 minute
beat: Waking up in 1.00 minute.
/usr/local/lib/python3.6/site-packages/celery/platforms.py:795: RuntimeWarning: You're running the worker with superuser privileges: this is
absolutely not recommended!

 如果，看见8080端口起来了，直接访问就行，账号密码都是admin