jumpserver安装部署-负载方式
一、NFS安装配置
1、安装依赖
yum -y install epel-release
2、安装NFS
yum -y install nfs-utils rpcbind
3、启动 NFS
systemctl enable rpcbind nfs-server nfs-lock nfs-idmap
systemctl start rpcbind nfs-server nfs-lock nfs-idmap
4、配置防火墙
systemctl stop firewalld
systemctl disable firewalld
5、配置 NFS
mkdir /data
chmod 777 -R /data
vim /etc/exports
# 设置 NFS 访问权限, /data 是刚才创建的将被共享的目录, 192.168.100.* 表示整个 192.168.100.* 的资产都有括号里面的权限
# 也可以写具体的授权对象 /data 192.168.100.30(rw,sync,no_root_squash) 192.168.100.31(rw,sync,no_root_squash)
/data 192.168.100.*(rw,sync,all_squash,anonuid=0,anongid=0)
6、使其生效
exportfs -a
二、部署 MySQL 服务
1、设置 Repo
yum -y localinstall http://mirrors.ustc.edu.cn/mysql-repo/mysql57-community-release-el7.rpm
2、安装 MySQL
yum install -y mysql-community-server
报错解决:
rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
3、配置 MySQL
if [ ! "$(cat /usr/bin/mysqld_pre_systemd | grep -v ^\# | grep initialize-insecure )" ]; then
sed -i "s@--initialize @--initialize-insecure @g" /usr/bin/mysqld_pre_systemd
fi
4、启动 MySQL
systemctl enable mysqld
systemctl start mysqld
5、数据库授权
mysql -uroot
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create database jumpserver default charset 'utf8';
Query OK, 1 row affected (0.00 sec)
mysql> set global validate_password_policy=LOW;
Query OK, 0 rows affected (0.00 sec)
mysql> create user 'jumpserver'@'%' identified by 'KXOeyNgDeTdpeu9x';
Query OK, 0 rows affected (0.00 sec)
mysql> grant all on jumpserver.* to 'jumpserver'@'%';
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
三、部署 Redis 服务
1、设置 Repo
yum -y install epel-release https://repo.ius.io/ius-release-el7.rpm
2、安装 Redis
yum install -y redis6
3、配置 Redis
sed -i "s/bind 127.0.0.1/bind 0.0.0.0/g" /etc/redis/redis.conf
sed -i "561i maxmemory-policy allkeys-lru" /etc/redis/redis.conf
sed -i "481i requirepass KXOeyNgDeTdpeu9q" /etc/redis/redis.conf
4、启动 Redis
systemctl enable redis
systemctl start redis
四、部署 JumpServer 01⚓
1、配置 NFS
yum -y install nfs-utils
showmount -e 192.168.101.128
# 将 Core 持久化目录挂载到 NFS, 默认 /opt/jumpserver/core/data, 请根据实际情况修改
# JumpServer 持久化目录定义相关参数为 VOLUME_DIR, 在安装 JumpServer 过程中会提示
mkdir -p /opt/jumpserver/core/data
mount -t nfs 192.168.101.128:/data /opt/jumpserver/core/data
# 两种方式挂载磁盘
方法一:
chmod +x /etc/rc.d/rc.local
vim /etc/rc.d/rc.local
mount -t nfs 192.168.101.128:/data /opt/jumpserver/core/data
方法二:
可以写入到 /etc/fstab, 重启自动挂载. 注意: 设置后如果 nfs 损坏或者无法连接该服务器将无法启动
echo "192.168.101.128:/data /opt/jumpserver/core/data nfs defaults 0 0" >> /etc/fstab
2、下载 jumpserver-install
1、登录jumpserver官网下载相应版本安装包
2、进入目录解压缩安装包
cd /opt
tar -xf jumpserver-installer-v2.24.0.tar.gz
3、进入目录修改配置
cd jumpserver-installer-v2.24.0
修改配置文件
vi config-example.txt
# 修改下面选项, 其他保持默认, 请勿直接复制此处内容
### 注意: SECRET_KEY 和要其他 JumpServer 服务器一致, 加密的数据将无法解密
# 安装配置
### 注意持久化目录 VOLUME_DIR, 如果上面 NFS 挂载其他目录, 此处也要修改. 如: NFS 挂载到 /data/jumpserver/core/data, 则 VOLUME_DIR=/data/jumpserver
VOLUME_DIR=/opt/jumpserver
DOCKER_DIR=/var/lib/docker
# Core 配置
### 启动后不能再修改,否则密码等等信息无法解密, 请勿直接复制下面的字符串
SECRET_KEY=kWQdmdCQKjaWlHYpPhkNQDkfaRulM6YnHctsHLlSPs8287o2kW # 要其他 JumpServer 服务器一致 (*)
BOOTSTRAP_TOKEN=KXOeyNgDeTdpeu9q # 要其他 JumpServer 服务器一致 (*)
LOG_LEVEL=ERROR # 日志等级
# SESSION_COOKIE_AGE=86400
SESSION_EXPIRE_AT_BROWSER_CLOSE=True # 关闭浏览器 session 过期
# MySQL 配置
USE_EXTERNAL_MYSQL=1 # 使用外置 MySQL
DB_HOST=192.168.100.11
DB_PORT=3306
DB_USER=jumpserve
DB_PASSWORD=KXOeyNgDeTdpeu9q
DB_NAME=jumpserver
# Redis 配置
USE_EXTERNAL_REDIS=1 # 使用外置 Redis
REDIS_HOST=192.168.100.11
REDIS_PORT=6379
REDIS_PASSWORD=KXOeyNgDeTdpeu9q
# KoKo Lion 配置
SHARE_ROOM_TYPE=redis # KoKo Lion 使用 redis 共享
REUSE_CONNECTION=False # Koko 禁用连接复用
4、运行安装脚本
./jmsctl.sh install
██╗██╗ ██╗███╗ ███╗██████╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗
██║██║ ██║████╗ ████║██╔══██╗██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗
██║██║ ██║██╔████╔██║██████╔╝███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝
██ ██║██║ ██║██║╚██╔╝██║██╔═══╝ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗
╚█████╔╝╚██████╔╝██║ ╚═╝ ██║██║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║
╚════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝
Version: v2.24.0
1. 检查配置文件
配置文件位置: /opt/jumpserver/config
/opt/jumpserver/config/config.txt [ √ ]
/opt/jumpserver/config/nginx/lb_rdp_server.conf [ √ ]
/opt/jumpserver/config/nginx/lb_ssh_server.conf [ √ ]
/opt/jumpserver/config/nginx/cert/server.crt [ √ ]
/opt/jumpserver/config/nginx/cert/server.key [ √ ]
完成
2. 备份配置文件
备份至 /opt/jumpserver/config/backup/config.txt.2021-07-15_22-26-13
完成
>>> 安装配置 Docker
1. 安装 Docker
开始下载 Docker 程序 ...
开始下载 Docker Compose 程序 ...
完成
2. 配置 Docker
是否需要自定义 docker 存储目录, 默认将使用目录 /var/lib/docker? (y/n) (默认为 n): n
完成
3. 启动 Docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /etc/systemd/system/docker.service.
完成
>>> 加载 Docker 镜像
Docker: Pulling from jumpserver/core:v2.24.0 [ OK ]
Docker: Pulling from jumpserver/koko:v2.24.0 [ OK ]
Docker: Pulling from jumpserver/web:v2.24.0 [ OK ]
Docker: Pulling from jumpserver/redis:6-alpine [ OK ]
Docker: Pulling from jumpserver/mysql:5 [ OK ]
Docker: Pulling from jumpserver/lion:v2.24.0 [ OK ]
>>> 安装配置 JumpServer
1. 配置网络
是否需要支持 IPv6? (y/n) (默认为 n): n
完成
2. 配置加密密钥
SECRETE_KEY: YTE2YTVkMTMtMGE3MS00YzI5LWFlOWEtMTc2OWJlMmIyMDE2
BOOTSTRAP_TOKEN: YTE2YTVkMTMtMGE3
完成
3. 配置持久化目录
是否需要自定义持久化存储, 默认将使用目录 /opt/jumpserver? (y/n) (默认为 n): n
完成
4. 配置 MySQL
是否使用外部 MySQL? (y/n) (默认为 n): y
请输入 MySQL 的主机地址 (无默认值): 192.168.100.11
请输入 MySQL 的端口 (默认为3306): 3306
请输入 MySQL 的数据库(事先做好授权) (默认为jumpserver): jumpserver
请输入 MySQL 的用户名 (无默认值): jumpserver
请输入 MySQL 的密码 (无默认值): KXOeyNgDeTdpeu9q
完成
5. 配置 Redis
是否使用外部 Redis? (y/n) (默认为 n): y
请输入 Redis 的主机地址 (无默认值): 192.168.100.11
请输入 Redis 的端口 (默认为6379): 6379
请输入 Redis 的密码 (无默认值): KXOeyNgDeTdpeu9q
完成
6. 配置对外端口
是否需要配置 JumpServer 对外访问端口? (y/n) (默认为 n): n
完成
7. 初始化数据库
Creating network "jms_net" with driver "bridge"
Creating jms_redis ... done
2021-07-15 22:39:52 Collect static files
2021-07-15 22:39:52 Collect static files done
2021-07-15 22:39:52 Check database structure change ...
2021-07-15 22:39:52 Migrate model change to database ...
475 static files copied to '/opt/jumpserver/data/static'.
Operations to perform:
Apply all migrations: acls, admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, notifications, ops, orgs, perms, sessions, settings, terminal, tickets, users
Running migrations:
Applying contenttypes.0001_initial... OK
Applying contenttypes.0002_remove_content_type_name... OK
Applying auth.0001_initial... OK
Applying auth.0002_alter_permission_name_max_length... OK
Applying auth.0003_alter_user_email_max_length... OK
Applying auth.0004_alter_user_username_opts... OK
Applying auth.0005_alter_user_last_login_null... OK
Applying auth.0006_require_contenttypes_0002... OK
Applying auth.0007_alter_validators_add_error_messages... OK
Applying auth.0008_alter_user_username_max_length... OK
...
Applying sessions.0001_initial... OK
Applying terminal.0032_auto_20210302_1853... OK
Applying terminal.0033_auto_20210324_1008... OK
Applying terminal.0034_auto_20210406_1434... OK
Applying terminal.0035_auto_20210517_1448... OK
Applying terminal.0036_auto_20210604_1124... OK
Applying terminal.0037_auto_20210623_1748... OK
Applying tickets.0008_auto_20210311_1113... OK
Applying tickets.0009_auto_20210426_1720... OK
>>> 安装完成了
1. 可以使用如下命令启动, 然后访问
cd /root/jumpserver-installer-v2.24.0
./jmsctl.sh start
2. 其它一些管理命令
./jmsctl.sh stop
./jmsctl.sh restart
./jmsctl.sh backup
./jmsctl.sh upgrade
更多还有一些命令, 你可以 ./jmsctl.sh --help 来了解
3. Web 访问
http://192.168.100.212:80
默认用户: admin 默认密码: admin
4. SSH/SFTP 访问
ssh -p2222 admin@192.168.100.212
sftp -P2222 admin@192.168.100.212
5. 更多信息
我们的官网: https://www.jumpserver.org/
我们的文档: https://docs.jumpserver.org/
启动 JumpServer
./jmsctl.sh start
Creating network "jms_net" with driver "bridge"
Creating jms_core ... done
Creating jms_celery ... done
Creating jms_lion ... done
Creating jms_koko ... done
Creating jms_magnus ... done
Creating jms_web ... done
五、部署 JumpServer 02⚓
参考步骤四
六、验证
浏览器访问:http://192.168.x.x:port