instalación y uso de jumpserver
- 1. Modificar el juego de caracteres
- 2. Instalar dependencias
- 3. Compile e instale python-3.6.1
- 4. Descarga el proyecto Jumpserver
- 5. Instale Redis
- 6. Instale MySQL
- 7. Configurar Jumpserver
- 8. Departamento de koko
- 9. Implementar guacamole
- 10. Implementar componentes de lina
- 11. Implementar luna
- 12. Instale nginx
- 13. Inicie el servidor de salto
- usar
1. Modificar el juego de caracteres
Si utiliza un servidor en la nube, el servidor en la nube utiliza de forma predeterminada el juego de caracteres en inglés. De lo contrario, se puede informar un error de entrada / salida porque el chino está impreso en el registro
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
export LC_ALL=zh_CN.UTF-8
echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf
2. Instalar dependencias
yum -y install epel-release
yum clean all && yum makecache
yum -y update
yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git
3. Compile e instale python-3.6.1
wget https://mirrors.huaweicloud.com/python/3.6.1/Python-3.6.1.tar.xz
tar xf Python-3.6.1.tar.xz && cd Python-3.6.1
./configure && make && make install
cd /opt/
#创建虚拟环境
python3 -m venv py3
#进入虚拟环境
source /opt/py3/bin/activate
4. Descarga el proyecto Jumpserver
wget https://github.com/jumpserver/jumpserver/releases/download/v2.2.2/jumpserver-v2.2.2.tar.gz
tar xf jumpserver-v2.2.2.tar.gz
mv jumpserver-v2.2.2 jumpserver
cd /opt/jumpserver/requirements
yum install -y $(cat rpm_requirements.txt)
用内地源安装
pip install wheel -i https://mirrors.aliyun.com/pypi/simple/
pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/
pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
5. Instale Redis
Descarga directamente, compila e instala
yum -y install redis
systemctl enable redis --now
6. Instale MySQL
yum -y install mariadb mariadb-devel mariadb-server
systemctl enable mariadb --now
Cree una base de datos de Jumpserver y autorice
mysql -uroot
create database jumpserver default charset 'utf8';
grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '1';
flush privileges;
7. Configurar Jumpserver
cd /opt/jumpserver
vim config.yml
# 加密秘钥 生产环境中请修改为随机字符串,请勿外泄, 可使用命令生成
# $ cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo
SECRET_KEY: 3NF6ldRQzLNeRh8ewjJ4FkRXCccjExTRWXQ4JYIi4cIwQprZG
# SECURITY WARNING: keep the bootstrap token used in production secret!
# 预共享Token coco和guacamole用来注册服务账号,不在使用原来的注册接受机制
# 可使用命令生成
# cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16;echo
BOOTSTRAP_TOKEN: ujye866EVpHUDV9F
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: '1' ##密码一定要加单引号
DB_NAME: jumpserver
# When Django start it will bind this host and port
# ./manage.py runserver 127.0.0.1:8080
# 运行时绑定端口
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
WS_LISTEN_PORT: 8070
# Use Redis as broker for celery and web socket
# Redis配置
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
# REDIS_PASSWORD:
# REDIS_DB_CELERY: 3
# REDIS_DB_CACHE: 4
Iniciar y cerrar Jumpserve
./jms start -d
./jms stop
8. Departamento de koko
cd /opt/
wget https://github.com/jumpserver/koko/releases/download/v2.2.2/koko-v2.2.2-linux-amd64.tar.gz
tar -xf koko-v2.2.2-linux-amd64.tar.gz
cd koko
mv kubectl /usr/local/bin/
wget https://download.jumpserver.org/public/kubectl.tar.gz
tar xf kubectl.tar.gz
chmod 755 kubectl
mv kubectl /usr/local/bin/rawkubectl
rm -rf kubectl.tar.gz
cp config_example.yml config.yml
vim config.yml
# Bootstrap Token, 预共享秘钥, 用来注册coco使用的service account和terminal
# 请和jumpserver 配置文件中保持一致,注册完成后可以删除
BOOTSTRAP_TOKEN: ujye866EVpHUDV9F
# Redis配置
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
# REDIS_PASSWORD:
# REDIS_CLUSTERS:
# REDIS_DB_ROOM:
Iniciar y cerrar koko
前台启动:
./koko
后台启动:
./koko -d
9. Implementar guacamole
Instalar ventana acoplable
yum -y install docker
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://qtfb3ml8.mirror.aliyuncs.com"]
}
systemctl enable docker --now
Tira del espejo de guacamole
docker run --name jms_guacamole -d -p 127.0.0.1:8081:8080 -e JUMPSERVER_SERVER=192.168.168.107:8080 -e BOOTSTRAP_TOKEN=SGwEzYzaBruFOcdU -e GUACAMOLE_LOG_LEVEL=ERROR jumpserver/jms_guacamole:v2.2.2
10. Implementar componentes de lina
cd /opt/
wget https://github.com/jumpserver/lina/releases/download/v2.2.2/lina-v2.2.2.tar.gz
tar -xf lina-v2.2.2.tar.gz
mv lina-v2.2.2 lina
11. Implementar luna
cd /opt
wget https://github.com/jumpserver/luna/releases/download/v2.2.2/luna-v2.2.2.tar.gz
tar -xf luna-v2.2.2.tar.gz
mv luna-v2.2.2 luna
12. Instale nginx
instalación de nginx, aumente el archivo de configuración
server {
listen 80;
server_name 192.168.244.144
client_max_body_size 100m; # 录像及文件上传大小限制
location /ui/ {
try_files $uri / /index.html;
alias /opt/lina/;
}
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
}
location /static/ {
root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
}
location /koko/ {
proxy_pass http://localhost:5000;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
access_log off;
}
location /ws/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8070;
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /core/ {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
rewrite ^/(.*)$ /ui/$1 last;
}
}
13. Inicie el servidor de salto
Iniciar el servidor de salto
cd /opt/jumpserver
./jms start -d
Koko dinámico
cd /opt/koko
./koko -d
nombre de usuario | contraseña |
---|---|
administración | administración |
usar
Crear usuario
Crear usuario
Cambiar contraseña
Crear grupo
Crear usuarios del sistema Crear usuarios de
gestión
Crear activos
Gestión de autorización
Iniciar sesión en user1