Jumpserver堡壘機搭建（腳本自動化）

  1 #!/bin/bash
  2 # coding: utf-8
  3 # Copyright (c) 2018
  4 
  5 set -e 　　　　　　 #返回值為非0時，退出腳本
  6 
  7 echo "0. 系統的一些配置"
  8 setenforce 0 || true
  9 systemctl stop iptables.service || true >/dev/null 2>&1
 10 systemctl stop firewalld.service || true >/dev/null 2>&1
 11 
 12 localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
 13 export LC_ALL=zh_CN.UTF-8
 14 echo 'LANG=zh_CN.UTF-8' > /etc/sysconfig/i18n
 15 
 16 echo "1. 備份yum"
 17 {
 18 for i in /etc/yum.repos.d/*.repo;do cp $i ${i%.repo}.bak;done
 19 rm -rf /etc/yum.repos.d/*.repo
 20 } || {
 21 echo "yum出錯，請更換源重新運行"
 22 exit 1
 23 }
 24 
 25 echo "2. 獲取網路yum"
 26 {
 27 wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/Centos-7.repo >/dev/null 2>&1
 28 wget -P /etc/yum.repos.d/ http://mirrors.163.com/.help/CentOS7-Base-163.repo >/dev/null 2>&1
 29 yum clean >/dev/null 2>&1
 30 yum repolist >/dev/null 2>&1
 31 } || {
 32 echo "yum出錯，請更換源重新運行"
 33 exit 1
 34 }
 35 
 36 
 37 echo "3. 安裝基本依賴"
 38 {
 39 yum update -y>/dev/null && yum install wget unzip epel-release nginx sqlite-devel xz gcc automake zlib-devel openssl-devel redis mariadb mariadb-devel mariadb-server supervisor -y >/dev/null 2>&1
 40 } || {
 41 echo "yum出錯，請更換源重新運行"
 42 exit 1
 43 }
 44 
 45 
 46 echo "4. 準備python"
 47 {
 48 cd /opt/
 49 wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz -O /opt/Python-3.6.1.tar.xz >/dev/null 2>&1
 50 } || {
 51 echo "pyhton 依賴包下載出錯，請嘗試使用特殊工具進行手工下載https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz ，並且放至於/opt/Python-3.6.1.tar.xz，如您是手工下載，請註釋上面wget命令再運行本腳本"
 52 exit 1
 53 }
 54 {
 55 tar xf Python-3.6.1.tar.xz && cd Python-3.6.1 && ./configure>/dev/null && make>/dev/null && make install >/dev/null 2>&1 
 56 } || {
 57 echo "解壓或編譯python出錯，請嘗試使用上面的命令手工解壓或編譯，如手工操作成功，請註釋上述代碼再運行本腳本"
 58 exit 1
 59 }
 60 {
 61 python3 -m venv py3
 62 } || {
 63 echo "建立python虛擬環境出錯，請嘗試手工執行，如手工操作成功，請註釋上述代碼再運行本腳本"
 64 exit 1
 65 }
 66 
 67 echo "5. 下載jummpserver包並解壓"
 68 {
 69 wget https://github.com/jumpserver/jumpserver/archive/1.0.0.zip -O /opt/jumpserver.zip >/dev/null 2>&1 
 70 } || {
 71 echo "下載jumpserver包出錯，請嘗試手工執行，如手工操作成功，請註釋上述代碼再運行本腳本"
 72 exit 1
 73 }
 74 {
 75 wget https://github.com/jumpserver/coco/archive/1.0.0.zip -O /opt/coco.zip >/dev/null 2>&1 
 76 } || {
 77 echo "下載coco包出錯，請嘗試手工執行，如手工操作成功，請註釋上述代碼再運行本腳本"
 78 exit 1
 79 }
 80 {
 81 wget https://github.com/jumpserver/luna/releases/download/v1.0.0/luna.tar.gz -O /opt/luna.tar.gz >/dev/null 2>&1 
 82 } || {
 83 echo "下載luna包出錯，請嘗試手工執行，如手工操作成功，請註釋上述代碼再運行本腳本"
 84 exit 1
 85 }
 86 {
 87 cd /opt
 88 unzip coco.zip >/dev/null && mv coco-1.0.0 coco && unzip jumpserver.zip >/dev/null && mv jumpserver-1.0.0 jumpserver && tar xzf luna.tar.gz >/dev/null 2>&1 
 89 } || {
 90 echo "解壓出錯，請嘗試手工執行，如手工操作成功，請註釋上述代碼再運行本腳本"
 91 exit 1
 92 }
 93 
 94 echo "6. 安裝yum依賴"
 95 {
 96 yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt) >/dev/null && yum -y install $(cat /opt/coco/requirements/rpm_requirements.txt) >/dev/null 2>&1
 97 } || {
 98 echo "安裝jumpserver的依賴出錯，請嘗試手工執行，如手工操作成功，請註釋上述代碼再運行本腳本"
 99 exit 1
100 }
101 
102 echo "7. 安裝pip依賴"
103 {
104 python3 -m venv py3 && \
105 source /opt/py3/bin/activate && pip install --upgrade pip>/dev/null && pip install -r /opt/jumpserver/requirements/requirements.txt>/dev/null && pip install -r /opt/coco/requirements/requirements.txt >/dev/null 2>&1
106 } || {
107 echo "安裝jumpserver的依賴出錯，請嘗試手工執行，如手工操作成功，請註釋上述代碼再運行本腳本"
108 exit 1
109 }
110 
111 echo "8. 創建資料庫"
112 mkdir -p /opt/mysql/share/mysql/
113 {
114 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/mysql_security.sql?raw=true -O /opt/mysql/mysql_security.sql >/dev/null 2>&1
115 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/mysql.cnf?raw=true -O /etc/my.cnf >/dev/null 2>&1
116 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/errmsg.sys?raw=true -O /opt/mysql/share/mysql/errmsg.sys >/dev/null 2>&1
117 } || {
118 echo "下載資料庫依賴文件出錯，請嘗試手工執行，如手工操作成功，請註釋上述代碼再運行本腳本"
119 exit 1
120 }
121 
122 echo "9. 準備文件"
123 {
124 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/nginx.conf?raw=true -O /etc/nginx/nginx.conf >/dev/null 2>&1
125 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/supervisord.conf?raw=true -O /etc/supervisord.conf >/dev/null 2>&1
126 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/jumpserver_conf.py?raw=true -O /opt/jumpserver/config.py >/dev/null 2>&1
127 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/coco_conf.py?raw=true -O /opt/coco/conf.py >/dev/null 2>&1
128 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/start_jms.sh?raw=true -O /opt/start_jms.sh >/dev/null 2>&1
129 } || {
130 echo "下載配置文件出錯，請嘗試手工執行，如手工操作成功，請註釋上述代碼再運行本腳本"
131 exit 1
132 }
133 
134 echo "10. 安裝docker"
135 yum check-update >/dev/null 2>&1
136 {
137 yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo >/dev/null && yum clean all>/dev/null && yum repolist >/dev/null 2>&1
138 yum -y install epel-release docker-ce >/dev/null 2>&1
139 systemctl start docker
140 tee -a /etc/sysctl.conf <<-EOF    
141 net.bridge.bridge-nf-call-ip6tables = 1
142 net.bridge.bridge-nf-call-iptables = 1
143 EOF
144 sysctl -p >/dev/null 2>&1
145 
146 tee -a /etc/docker/daemon.json <<-EOF
147 {
148 "registry-mirrors": [
149 "https://registry.docker-cn.com"
150 ]
151 }
152 EOF
153 } || {
154 echo "安裝docker 出錯，請嘗試手工執行，如手工操作成功，請註釋上述代碼再運行本腳本"
155 exit 1
156 }
157 
158 systemctl daemon-reload 
159 systemctl restart docker
160 
161 
162 echo "11. 安裝guacamole"
163 host_ip=`python -c "import socket;print([(s.connect(('8.8.8.8', 53)), s.getsockname()[0], s.close()) for s in [socket.socket(socket.AF_INET, socket.SOCK_DGRAM)]][0][1])"`
164 
165 docker run --name jms_guacamole -d \
166 --restart always \
167 -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \
168 -e JUMPSERVER_KEY_DIR=/config/guacamole/key \
169 -e JUMPSERVER_SERVER=http://$host_ip:8080 \
170 registry.jumpserver.org/public/guacamole:1.0.0
171 
172 echo "12. 配置nginx"
173 yum -y install nginx >/dev/null 2>&1
174 cat << EOF > /etc/nginx/conf.d/jumpserver.conf
175 server {
176 listen 80;
177 
178 proxy_set_header X-Real-IP $remote_addr;
179 proxy_set_header Host $host;
180 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
181 
182 location /luna/ {
183 try_files $uri / /index.html;
184 alias /opt/luna/;
185 }
186 
187 location /media/ {
188 add_header Content-Encoding gzip;
189 root /opt/jumpserver/data/;
190 }
191 
192 location /static/ {
193 root /opt/jumpserver/data/;
194 }
195 
196 location /socket.io/ {
197 proxy_pass http://localhost:5000/socket.io/; # 如果coco安裝在別的伺服器，請填寫它的ip
198 proxy_buffering off;
199 proxy_http_version 1.1;
200 proxy_set_header Upgrade $http_upgrade;
201 proxy_set_header Connection "upgrade";
202 }
203 
204 location /guacamole/ {
205 proxy_pass http://localhost:8081/; # 如果guacamole安裝在別的伺服器，請填寫它的ip
206 proxy_buffering off;
207 proxy_http_version 1.1;
208 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
209 proxy_set_header Upgrade $http_upgrade;
210 proxy_set_header Connection $http_connection;
211 access_log off;
212 }
213 
214 location / {
215 proxy_pass http://localhost:8080; # 如果jumpserver安裝在別的伺服器，請填寫它的ip
216 }
217 }
218 
219 EOF
220 
221 mkdir -p /opt/nginx/log && chmod -R 777 /opt/nginx
222 {
223 systemctl restart nginx
224 systemctl enable nginx
225 } || {
226 service restart nginx
227 } || {
228 nginx -s reload
229 } || {
230 echo "請檢查nginx的啟動命令"
231 exit 1
232 }
233 
234 chmod +x /opt/start_jms.sh
235 echo " 安裝完成，請運行/opt/start_jms.sh啟動jumpserver"