淘先锋技术网

首页 1 2 3 4 5 6 7

yml 配置db_Jumpserver-简单配置

93025328b6802f513d9c0b39ae8182db.png

准备Python3和Python虚拟环境

==配置阿里云YUM源==

[root@www ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo     http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo  http://mirrors.aliyun.com/repo/epel-7.repo
[root@www ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo

==修改PIP源==

[root@www ~]# mkdir   .pip   #这里需要创建目录默认是没有这个目录的
[root@www ~]# vim /root/.pip/pip.conf
[global]
index-url = https://pypi.tuna.tsinghua.edu.cn/simple
[root@www ~]#

1.下载Python3(编译安装)

[root@www ~]# wget   https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz
[root@www ~]# tar xvf Python-3.6.1.tar.xz && cd Python-3.6.1 
[root@www Python-3.6.1]#./configure && make && make install

2.安装依赖包

root@www ~]# yum  install  wget sqlite-devel xz gcc  automake zlib-devel  openssl-devel epel-release git   -y

3.建立虚拟环境

[root@www Python-3.6.1]# cd   /opt/
[root@www opt]# python3  -m  venv   py3
[root@www opt]# source   /opt/py3/bin/activate

[root@www opt]# source   /opt/py3/bin/activate
(py3) [root@www opt]# git clone git://github.com/kennethreitz/autoenv.git  /opt/autoenv
正克隆到 '/opt/autoenv'...
remote: Enumerating objects: 12, done.
remote: Counting objects: 100% (12/12), done.
remote: Compressing objects: 100% (10/10), done.
remote: Total 684 (delta 4), reused 7 (delta 2), pack-reused 672
接收对象中: 100% (684/684), 109.27 KiB | 182.00 KiB/s, 完成.
处理 delta 中: 100% (361/361), 完成.

(py3) [root@www opt]# echo 'source /opt/autoenv/activate.sh' >> ~/.bashrc
(py3) [root@www opt]# source  ~/.bashrc     #每次切到这个目录下自动启用Python3

4.安装Jumpserver(获取 jumpserver 代码 )

(py3) [root@www opt]# cd /opt/
(py3) [root@www opt]# git  clone   --depth=1  https://github.com/jumpserver/jumpserver.git  && cd jumpserver&& git checkout  master

正克隆到 'jumpserver'...
remote: Enumerating objects: 1215, done.
remote: Counting objects: 100% (1215/1215), done.
remote: Compressing objects: 100% (1088/1088), done.
remote: Total 1215 (delta 196), reused 640 (delta 65), pack-reused 0
接收对象中: 100% (1215/1215), 7.20 MiB | 211.00 KiB/s, 完成.
处理 delta 中: 100% (196/196), 完成.
已经位于 'master'
您的分支与上游分支 'origin/master' 一致。
(py3) [root@www jumpserver]# 
[root@www jumpserver]# echo "source /opt/py3/bin/activate" >/opt/jumpserver/.env

5.安装依赖RPM

[root@www jumpserver]# cd   /opt/jumpserver/requirements/
autoenv:
autoenv: WARNING:
autoenv: This is the first time you are about to source /opt/jumpserver/.env:
autoenv:
autoenv:   --- (begin contents) ---------------------------------------
autoenv:     source /opt/py3/bin/activate$
autoenv:
autoenv:   --- (end contents) -----------------------------------------
autoenv:
autoenv: Are you sure you want to allow this? (y/N) y
(py3) [root@www requirements]# yum  install   -y  `cat rpm_requirements.txt`
(py3) [root@www requirements]# pip  install   -r   requirements.txt
(py3) [root@www requirements]#pip   install   --upgrade pip        ###更新下PIP版本

6、修改jumpserver配置文件

#首先拿到随机加密密钥
[root@www ~]#cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo 
zd7jXhUEsSAfotBngqJN7YStCw2M6ukcGQVUwPXKJvIs7x9F8 
[root@www ~]# cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 49;echo 
B9ipb6Wrhidkn3hP0A2c87wjab2CG8BwywsFSt03oK1qPFmiY

(py3) [root@www jumpserver]# cp config_example.yml config.yml 
(py3) [root@www jumpserver]#vim  config.yml

SECRET_KEY: zd7jXhUEsSAfotBngqJN7YStCw2M6ukcGQVUwPXKJvIs7x9F8 BOOTSTRAP_TOKEN: B9ipb6Wrhidkn3hP0A2c87wjab2CG8BwywsFSt03oK1qPFmiY DB_ENGINE: mysql DB_HOST: 127.0.0.1 
DB_PORT: 3306 
DB_USER: jumpserver 
DB_PASSWORD: 123.com 
DB_NAME: jumpserver

7、安装Mariadb及redis

[root@www ~]# yum   install    -y   mariadb   mariadb-devel mariadb-server
[root@www ~]# systemctl    enable   mariadb.service 
[root@www ~]# systemctl    start    mariadb.service 


[root@www ~]#mysql_secure_installation 
#配置数据库  #回车 然后给它个密码123.com   然后 Y Y Y Y Y Y Y (确认就OK了)

[root@www ~]# mysql  -uroot   -p123.com
Welcome to the MariaDB monitor.  Commands end with ; or g.
Your MariaDB connection id is 17
Server version: 10.3.11-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.



MariaDB [(none)]> create database jumpserver default charset 'utf8';
Query OK, 1 row affected (0.000 sec)



MariaDB [(none)]> grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '123.com';
Query OK, 0 rows affected (0.000 sec)


MariaDB [(none)]>  grant all on jumpserver.* to 'jumpserver'@'%' identified by '123.com';
Query OK, 0 rows affected (0.000 sec)


MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.000 sec)


MariaDB [(none)]> exit   #这里一定退出配置才OK
Bye   


[root@www ~]# yum  install   redis -y
[root@www ~]# systemctl      enable   redis
[root@www ~]# systemctl      start    redis

8、启动Jumpserver

==后台运行使用 -d 参数./jms start all -d 重启命令:./jms restart==

(py3) [root@www requirements]# cd /opt/jumpserver/ 
(py3) [root@www requirements]#./jms start -d 
访问:运行不报错,请浏览器访问 http://192.168.150.131:8080/ 默认账号: admin 密码: admin 页面 显示不正常先不用处理,搭建 nginx 代理就可以正常访问了
(这里的IP地址是你自己的IP地址)

14c488b6bbf9a9ba6936d0b8b11f3f2a.png

部署KOKO组件

(py3) [root@www  opt]#cd  /opt/
(py3) [root@www  opt]#wget https://github.com/jumpserver/koko/releases/download/1.5.4/koko-master-linuxamd64.tar.gz
(py3) [root@www  opt]#tar zxvf koko-master-linux-amd64.tar.gz

(py3) [root@www  kokodir]#cp config_example.yml config.yml (py3) [root@www  kokodir]#vim config.yml BOOTSTRAP_TOKEN: B9ipb6Wrhidkn3hP0A2c87wjab2CG8BwywsFSt03oK1qPFmiY #BOOTSTRAP_TOKEN 需要从 jumpserver/config.yml 里面获取, 保证一致
(py3) [root@www kokodir]#./koko  -d
(py3) [root@www kokodir]#netstat -antp | grep :2222 

tcp6       0      0 :::2222                 :::*                    LISTEN      2436/./koko

130342c47ff3fc6b1510d44a3d6f82c0.png

9. 下载Web Terminal前端: Luna

[root@www kokodir]]# cd /opt/ 
[root@www kokodir] opt]# wget https://github.com/jumpserver/luna/releases/download/1.5.4/luna.tar.gz
[root@www opt]# tar zxvf luna.tar.gz [root@www opt]# chown -R root:root luna

10、安装NGINX服务

[root@www ~]# yum install nginx -y [root@www ~]# nginx -v nginx version: nginx/1.16.1   

#查看它的版本
#首先要把默认的server{}区块注释掉 #然后配置新的server{}区块 [root@localhost ~]# vim /etc/nginx/conf.d/jumpserver.conf server {    listen 80;
    client_max_body_size 100m;  # 录像及文件上传大小限制
    location /luna/ {        try_files $uri / /index.html;        alias /opt/luna/;  # luna 路径, 如果修改安装目录, 此处需要修改    }
    location /media/ {        add_header Content-Encoding gzip;        root /opt/jumpserver/data/;  # 录像位置, 如果修改安装目录, 此处需要修改    }
    location /static/ {        root /opt/jumpserver/data/;  # 静态资源, 如果修改安装目录, 此处需要修改    }
    location /koko/ {        proxy_pass       http://localhost:5000;        proxy_buffering off;        proxy_http_version 1.1;        proxy_set_header Upgrade $http_upgrade;        proxy_set_header Connection "upgrade";        proxy_set_header X-Real-IP $remote_addr;        proxy_set_header Host $host;        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        access_log off;    }
    location /guacamole/ {        proxy_pass       http://localhost:8081/;        proxy_buffering off;        proxy_http_version 1.1;        proxy_set_header Upgrade $http_upgrade;        proxy_set_header Connection $http_connection;        proxy_set_header X-Real-IP $remote_addr;        proxy_set_header Host $host;        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        access_log off;    }
    location /ws/ {        proxy_set_header X-Real-IP $remote_addr;        proxy_set_header Host $host;        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;        proxy_pass http://localhost:8070;        proxy_http_version 1.1;        proxy_buffering off;        proxy_set_header Upgrade $http_upgrade;        proxy_set_header Connection "upgrade";    }
    location / {
启动nginx服务 
以后直接访问nginx即可
        proxy_pass http://localhost:8080;        proxy_set_header X-Real-IP $remote_addr;        proxy_set_header Host $host;        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;    } }


启动NGINX服务
(py3) [root@wanghongchao opt]# nginx  -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
(py3) [root@wanghongchao opt]# nginx  -s  reload
(py3) [root@wanghongchao opt]# systemctl    status   nginx.service
● nginx.service - nginx - high performance web server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
   Active: active (running) since 日 2019-11-24 20:10:25 CST; 1min 33s ago
     Docs: http://nginx.org/en/docs/
  Process: 34330 ExecStop=/bin/kill -s TERM $MAINPID (code=exited, status=0/SUCCESS)
  Process: 34333 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
 Main PID: 34334 (nginx)
    Tasks: 2
   Memory: 1.7M
   CGroup: /system.slice/nginx.service
           ├─34334 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf...
           └─34368 nginx: worker process

11月 24 20:10:25 wanghongchao systemd[1]: Starting nginx - high performance we.....
11月 24 20:10:25 wanghongchao systemd[1]: Started nginx - high performance web...r.
Hint: Some lines were ellipsized, use -l to show in full.
(py3) [root@wanghongchao opt]#

833014d99e1e3364acf3d94585366749.png

f748385d8fb0c98284cd2f2698510dbc.png