centos7安裝部署jumpserver1.5

centos7安裝部署jumpserver 1.5.2-2
一、系統環境準備
1、查看系統版本

CentO# cat /etc/redhat-release // 查看系統版本
S Linux release 7.6.1810 (Core)

uname -a // 查看系統信息
Linux localhost.localdomain 3.10.0-957.el7.x86_64 #1 SMP Thu Nov 8 23:39:32 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

2、關閉selinux和防火牆
getenforce //查看selinux的狀態
Disabled // 如果是Enable需要修改爲Disabled，命令是“setenforce 0”

systemctl stop firewalld.service // 關閉防火牆

3、修改字符集
因爲日誌裏打印了中文，否則肯能報錯：input/output error問題
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
export LC_ALL=zh_CN.UTF-8
echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf

二、準備Python3和Python虛擬環境
1、安裝依賴包

yum -y install wget vim lrzsz xz gcc git epel-release python-pip python-devel mysql-devel automake autoconf sqlite-devel zlib-devel openssl-devel sshpass readline-devel

2、編譯安裝

yum -y install python36 python36-devel

// 如果下載速度很慢, 可以換國內源
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum -y install python36 python36-devel

3、建立 Python 虛擬環境
CentOS 7 自帶的是 Python2，而 yum 等工具依賴原來的 Python，爲了不擾亂原來的環境我們來使用 Python 虛擬環境

cd /opt
python3.6 -m venv py3
source /opt/py3/bin/activate
(py3) [root@localhost opt]# //看到這一行的提示符代表成功，以後運行 Jumpserver 都要先運行以上 source 命令

以下所有命令均在該虛擬環境中運行：

三、安裝 Jumpserver
1、下載或 Clone 項目
項目提交較多 git clone 時較大，你可以選擇去 Github 項目頁面直接下載zip包
(py3) [root@localhost opt]# git clone --depth=1 https://github.com/jumpserver/jumpserver.git
我是下載jumpserver-master.zip shell上傳包解壓安裝，安裝方式大同小異
unzip jumpserver-master.zip

2、安裝依賴 RPM 包

(py3) [root@localhost opt]# cd /opt/jumpserver/requirements
(py3) [root@localhost requirements]# yum -y install $(cat rpm_requirements.txt)

//如果下載速度很慢, 可以換國內源
pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/
pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/

3、安裝python庫依賴

(py3) [root@localhost opt]# pip install --upgrade pip setuptools
(py3) [root@localhost opt]# pip install -r requirements.txt

4、安裝 Redis, Jumpserver 使用 Redis 做 cache 和 celery broke

(py3) [root@localhost opt]# yum -y install redis
(py3) [root@localhost opt]# systemctl enable redis
(py3) [root@localhost opt]# systemctl start redis

5、安裝 MySQL

(py3) [root@localhost opt]# yum -y install mariadb mariadb-devel mariadb-server //centos7下安裝的是mariadb
(py3) [root@localhost opt]# systemctl enable mariadb
(py3) [root@localhost opt]# systemctl start mariadb

6、創建數據庫 Jumpserver 並授權
(py3) [root@localhost opt]# DB_PASSWORD=cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 // 生成隨機數據庫密碼
(py3) [root@localhost opt]# mysql -uroot -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD'; flush privileges;"

7、修改 Jumpserver 配置文件

(py3) [root@localhost opt]# cd /opt/jumpserver/
(py3) [root@localhost jumpserver]# cp config_example.yml config.yml
(py3) [root@localhost jumpserver]# SECRET_KEY=cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50 // 生成隨機的SECRET_KEY
(py3) [root@localhost jumpserver]# echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
(py3) [root@localhost jumpserver]# BOOTSTRAP_TOKEN=cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16 // 生成隨機BOOTSTRAP_TOKEN
(py3) [root@localhost jumpserver]# echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
(py3) [root@localhost jumpserver]# sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
(py3) [root@localhost jumpserver]# sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
(py3) [root@localhost jumpserver]# sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
(py3) [root@localhost jumpserver]# sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
(py3) [root@localhost jumpserver]# sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
(py3) [root@localhost jumpserver]# sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml

我是手動創建數據庫賬號密碼，如果顯示密碼錯誤編輯condig.yml 裏連接數據庫的密碼
vi config.yml

8、運行 Jumpserver

(py3) [root@jumpserver jumpserver]# cd /opt/jumpserver
(py3) [root@jumpserver jumpserver]# ./jms start all -d // 新版本更新了運行腳本，使用方式./jms start|stop|status|restart all 後臺運行請添加 -d 參數

四、安裝ssh server和websocket server：Coco
1、下載或clone目錄

(py3)[root@jumpserver opt]# cd /opt
(py3)[root@jumpserver opt]# git clone --depth=1 https://github.com/jumpserver/coco.git // 下載項目

2、安裝依賴

(py3)[root@jumpserver opt]# cd /opt/coco/requirements
(py3)[root@jumpserver requirements]# yum -y install $(cat rpm_requirements.txt)
(py3)[root@jumpserver requirements]# pip install -r requirements.txt

//如果下載速度很慢, 可以換國內源
pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/

3、修改配置文件並運行

(py3)[root@jumpserver requirements]# cd /opt/coco
(py3)[root@jumpserver coco]# cp config_example.yml config.yml
(py3)[root@jumpserver coco]# sed -i "s/BOOTSTRAP_TOKEN: <PleasgeChangeSameWithJumpserver>/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/coco/config.yml
(py3)[root@jumpserver coco]# sed -i "s/# LOG_LEVEL: INFO/LOG_LEVEL: ERROR/g" /opt/coco/config.yml
(py3)[root@jumpserver coco]# ./cocod start -d // 後臺運行使用 -d 參數./cocod start -d

五、安裝web Terminal 前端 ：luna
Luna 已改爲純前端, 需要 Nginx 來運行訪問
訪問(https://github.com/jumpserver/luna/releases)下載對應版本的 release 包, 直接解壓不需要編譯
1、下載並解壓luna

(py3)[root@jumpserver coco]# cd /opt
(py3)[root@jumpserver opt]# wget https://github.com/jumpserver/luna/releases/download/1.4.10/luna.tar.gz
(py3)[root@jumpserver opt]# tar -xvf luna.tar.gz
(py3)[root@jumpserver opt]# chown -R root:root luna

六、配置 Nginx 整合各組件
1、安裝nginx

(py3)[root@jumpserver opt]# yum install yum-utils
(py3)[root@jumpserver opt]# yum makecache fast
(py3)[root@jumpserver opt]# yum install -y nginx
(py3)[root@jumpserver opt]# rm -rf /etc/nginx/conf.d/default.conf

vim /etc/nginx/nginx.conf
刪除其中的server字段，就是下面內容
server {
listen 80 default_server;
listen [::]:80 default_server;
servername ;
root /usr/share/nginx/html;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    location / {
    }

    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }
}

保存退出
運行nginx
systemctl restart nginx && systemctl enable nginx

2、準備配置文件，修改/etc/nginx/conf.d/jumpserver.conf

(py3)[root@jumpserver opt]# vim /etc/nginx/conf.d/jumpserver.conf

server {
listen 80;
client_max_body_size 100m; # 錄像及文件上傳大小限制
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/; # luna 路徑, 如果修改安裝目錄, 此處需要修改
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/; # 錄像位置, 如果修改安裝目錄, 此處需要修改
}

location /static/ {
    root /opt/jumpserver/data/;  # 靜態資源, 如果修改安裝目錄, 此處需要修改
}

location /socket.io/ {
    proxy_pass       http://localhost:5000/socket.io/;
    proxy_buffering off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    access_log off;
}

location /coco/ {
    proxy_pass       http://localhost:5000/coco/;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    access_log off;
}

location /guacamole/ {
    proxy_pass       http://localhost:8081/;
    proxy_buffering off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    access_log off;
}

location / {
    proxy_pass http://localhost:8080;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

}

3、運行 Nginx

(py3)[root@jumpserver opt]# nginx -t # 確保配置沒有問題, 有問題請先解決

// centos 7
(py3)[root@jumpserver opt]# systemctl start nginx
(py3)[root@jumpserver opt]# systemctl enable nginx

七、測試jumpser功能
1、檢查web頁面是否已經正常運行
服務全部啓動後, 訪問 http://192.168.0.1（ip地址是你配置的那臺機器的ip）, 訪問nginx代理的端口, 不要再通過8080端口訪問
默認賬號: admin 密碼: admin
到Jumpserver 會話管理-終端管理 檢查 Coco Guacamole 等應用的註冊。

2、測試連接
如果登錄客戶端是 macOS 或 Linux, 登錄語法如下

$ ssh -p2222 [email protected]
$ sftp -P2222 [email protected]
密碼: admin

如果登錄客戶端是 Windows, Xshell Terminal 登錄語法如下

$ ssh [email protected] 2222
$ sftp [email protected] 2222
密碼: admin

如果能登陸代表部署成功
sftp默認上傳的位置在資產的 /tmp 目錄下
windows拖拽上傳的位置在資產的 Guacamole RDP上的 G 目錄下

八、錯誤集合：
錯誤1：
pip install -r requirements.txt
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-fadyxpv4/mysqlclient/
You are using pip version 9.0.1, however version 19.1.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command

解決方法：
pip install --upgrade pip
pip install -r requirements.txt

1.遇到連接數據庫賬號密碼錯誤，jum啓動不了,驗證打不開IP:8080
2.一直訪問nginx默認網頁，沒有訪問根目錄jum網址
參考jum安裝方式，數據庫創建方法https://m.2cto.com/net/201907/813207.html

https://www.cnblogs.com/carriezhangyan/p/10831448.html
本人小白，參考nginx設置
https://my.oschina.net/u/3778921/blog/2085981
nginx因爲配置文件錯誤，沒有備份覆蓋安裝了https://www.cnblogs.com/huangqiming/p/6856415.html

https://blog.51cto.com/13858192/2172369
centos鏡像
http://mirrors.aliyun.com/centos/7/isos/x86_64/