这篇文章给大家分享的是jumpserver堡垒机的安装部署的详细介绍,相信大部分人都还没学不知道怎样部署,为了让大家更加了解,给大家总结了以下内容,话不多说,一起往下看吧。
一、环境准备
• 系统:CentOS 7
• IP:192.168.20.3
• 数据库:mariadb
• 反向代理:nginx
注:若是测试环境,内存最少4G,双核CPU。
在进行下面的操作前,请下载我提供的各个源码包。
首先将环境字体设置成中文,因为jumpserver的日志文件里面的内容会包含中字符,不支持可能会乱码。
[root@jumpserver ~]# localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
[root@jumpserver ~]# export LC_ALL=zh_CN.UTF-8
[root@jumpserver ~]# echo 'LC_ALL=zh_CN.UTF-8' > /etc/locale.conf
二、配置Python 3环境
[root@jumpserver ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@jumpserver ~]# yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git
[root@jumpserver ~]# tar xf Python-3.6.1.tar.xz -C /usr/src
[root@jumpserver ~]# cd /usr/src/Python-3.6.1/
[root@jumpserver Python-3.6.1]# ./configure && make && make install
[root@jumpserver Python-3.6.1]# cd /opt
[root@jumpserver opt]# python3 -m venv py3
[root@jumpserver opt]# source /opt/py3/bin/activate
#设置自动载入py3虚拟环境(以后只要进入这个目录就是Py3的环境)
(py3) [root@jumpserver opt]# unzip autoenv.zip
(py3) [root@jumpserver opt]# echo "source /opt/autoenv/activate.sh" >> /root/.bashrc
(py3) [root@jumpserver opt]# . ~/.bashrc
三、安装Jumpserver
(py3) [root@jumpserver opt]# unzip jumpserver.zip
(py3) [root@jumpserver opt]# echo "source /opt/py3/bin/activate" > /opt/jumpserver/.env
(py3) [root@jumpserver opt]# cd jumpserver/
autoenv:
autoenv: WARNING:
autoenv: This is the first time you are about to source /opt/jumpserver/.env:
autoenv:
autoenv: --- (begin contents) ---------------------------------------
autoenv: source /opt/py3/bin/activate$
autoenv:
autoenv: --- (end contents) -----------------------------------------
autoenv:
autoenv: Are you sure you want to allow this? (y/N) y #这里输入“y”,以便自动载入py3环境
(py3) [root@jumpserver jumpserver]# cd requirements/
(py3) [root@jumpserver requirements]# yum -y install $(cat rpm_requirements.txt)
(py3) [root@jumpserver requirements]# pip install --upgrade pip
(py3) [root@jumpserver requirements]# pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
#安装MySQL
(py3) [root@jumpserver requirements]# yum -y install mariadb*
(py3) [root@jumpserver requirements]# systemctl start mariadb
(py3) [root@jumpserver requirements]# mysqladmin -u root password 123.com
(py3) [root@jumpserver requirements]# mysql -u root -p123.com
MariaDB [(none)]> create database jumpserver default charset 'utf8' ;
MariaDB [(none)]> grant all on jumpserver.* to jumpserver@127.0.0.1 identified by '123.com';
#安装Redis
(py3) [root@jumpserver ~]# yum -y install redis
(py3) [root@jumpserver ~]# systemctl start redis
(py3) [root@jumpserver ~]# netstat -anput | grep 6379
#修改jumpserver配置文件
(py3) [root@jumpserver ~]# cd /opt/jumpserver/
(py3) [root@jumpserver jumpserver]# cp config_example.yml config.yml
#生成秘钥令牌
(py3) [root@jumpserver jumpserver]# SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
(py3) [root@jumpserver jumpserver]# echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
(py3) [root@jumpserver jumpserver]# BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
(py3) [root@jumpserver jumpserver]# echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
(py3) [root@jumpserver jumpserver]# sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
(py3) [root@jumpserver jumpserver]# sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
(py3) [root@jumpserver jumpserver]# sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
(py3) [root@jumpserver jumpserver]# sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
(py3) [root@jumpserver jumpserver]# sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: False/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
(py3) [root@jumpserver jumpserver]# sed -i "s/DB_PASSWORD: /DB_PASSWORD: 123.com/g" /opt/jumpserver/config.yml
(py3) [root@jumpserver jumpserver]# echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"
你的SECRET_KEY是 Z6bUvXTZRpc73pnRp4qNwn1eMWNYrgzbEWkVJqIVXc6cXfpKDU
(py3) [root@jumpserver jumpserver]# echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"
你的BOOTSTRAP_TOKEN是 aGXZtXKnhP3StNA3
(py3) [root@jumpserver jumpserver]# egrep -v '^$|^#' config.yml #确定配置文件修改无误
SECRET_KEY: jS1ph0yvliBHdMV7YopAkBrEdIkZ3DjAq6HsftIPpQriNNBO2k
BOOTSTRAP_TOKEN: fUXgq00wg6XCD5lp
DEBUG: false
LOG_LEVEL: ERROR
SESSION_EXPIRE_AT_BROWSER_CLOSE: true
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: 123.com
DB_NAME: jumpserver
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
REDIS_HOST: 127.0.0.1
REDIS_PORT: 6379
(py3) [root@jumpserver jumpserver]# ./jms start all -d #启动jumpserver
(py3) [root@jumpserver jumpserver]# netstat -anpt | grep 8080
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 17420/python3
五、安装配置coco组件
(py3) [root@jumpserver opt]# unzip coco.zip
(py3) [root@jumpserver opt]# cd coco
(py3) [root@jumpserver coco]# echo "source /opt/py3/bin/activate" > /opt/coco/.env
(py3) [root@jumpserver coco]# cd requirements/
autoenv:
autoenv: WARNING:
autoenv: This is the first time you are about to source /opt/coco/.env:
autoenv:
autoenv: --- (begin contents) ---------------------------------------
autoenv: source /opt/py3/bin/activate$
autoenv:
autoenv: --- (end contents) -----------------------------------------
autoenv:
autoenv: Are you sure you want to allow this? (y/N) y #输入“y”
(py3) [root@jumpserver requirements]# yum -y install $(cat rpm_requirements.txt)
(py3) [root@jumpserver requirements]# pip install -r requirements.txt
#修改配置文件
(py3) [root@jumpserver requirements]# cd ..
(py3) [root@jumpserver coco]# cp config_example.yml config.yml
(py3) [root@jumpserver coco]# echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"
#查看BOOTSTRAP_TOKEN的值
你的BOOTSTRAP_TOKEN是 fUXgq00wg6XCD5lp
#注意,执行下面的命令时,需要自行修改为自己查看出来的值:
(py3) [root@jumpserver coco]# sed -i 's/BOOTSTRAP_TOKEN: <PleasgeChangeSameWithJumpserver>/BOOTSTRAP_TOKEN: fUXgq00wg6XCD5lp/g' config.yml
(py3) [root@jumpserver coco]# sed -i 's/# LOG_LEVEL: INFO/LOG_LEVEL: ERROR/g' config.yml
(py3) [root@jumpserver coco]# egrep -v '^$|^#' config.yml #确定修改的配置文件
CORE_HOST: http://127.0.0.1:8080
BOOTSTRAP_TOKEN: fUXgq00wg6XCD5lp
LOG_LEVEL: ERROR
#后台启动coco
(py3) [root@jumpserver coco]# ./cocod start -d
六、安装guacamole及luna
这里采用docker容器的方式部署。
#部署docker环境
(py3) [root@jumpserver ~]# yum install -y yum-utils device-mapper-persistent-data lvm2
(py3) [root@jumpserver ~]# yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
(py3) [root@jumpserver ~]# yum makecache fast
(py3) [root@jumpserver ~]# yum -y install docker-ce
(py3) [root@jumpserver ~]# systemctl start docker
(py3) [root@jumpserver ~]# docker load --input guacamole.tar
#启动容器
(py3) [root@jumpserver ~]# docker run --name jms_guacamole -d -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key -e JUMPSERVER_KEY_DIR=/config/guacamole/key -e JUMPSERVER_SERVER=http://192.168.10.8:8080 jumpserver/guacamole:latest
(py3) [root@jumpserver ~]# netstat -anput | grep 8081 #确定端口在监听
tcp6 0 0 :::8081 :::* LISTEN 19162/docker-proxy
(py3) [root@jumpserver ~]# tar zxf luna.tar.gz -C /opt/ #将luna解压至/opt
七、安装Nginx
(py3) [root@jumpserver /]# tar zxf nginx-1.2.4.tar.gz -C /usr/src
(py3) [root@jumpserver /]# cd /usr/src/nginx-1.2.4/
(py3) [root@jumpserver nginx-1.2.4]# ./configure --prefix=/usr/local/nginx && make && make install
(py3) [root@jumpserver nginx-1.2.4]# ln -sf /usr/local/nginx/sbin/nginx /usr/local/bin/
(py3) [root@jumpserver nginx-1.2.4]# cd /usr/local/nginx/conf/
(py3) [root@jumpserver conf]# mv nginx.conf nginx.conf.bak
(py3) [root@jumpserver conf]# rz #上传我提供的Nginx配置文件
(py3) [root@jumpserver conf]# ls | grep nginx.conf
nginx.conf #在博文开头的网盘链接中有此文件
nginx.conf.bak
nginx.conf.default
(py3) [root@jumpserver conf]# nginx -t #确定Nginx配置无误
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
(py3) [root@jumpserver conf]# nginx #启动Nginx
八、Client访问测试
访问Nginx服务器的IP地址,即可看到登录页面(默认用户名及密码都是“admin”):
1、创建用户
2、创建管理用户
3、创建系统用户
用户名尽量为root,选择手动登录,这个用户是用来连接后端资产的。
4、创建资产
我这里启动了一台IP为192.168.20.4的主机来作为后端资产,以便测试。
5、创建授权规则
6、连接后端资产测试
看完上述内容,你们掌握安装部署jumpserver堡垒机的方法了吗?如果还想学到更多技能或想了解更多相关内容,欢迎关注亿速云行业资讯频道,感谢各位的阅读!
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。