Jumpserver跳板機入門_ZenDei技術網路在線

1、jumpserver安裝 1.1、環境介紹系統: CentOS 7.4.1708IP: 192.168.56.110 1.2、關閉 selinux 和防火牆 1.3、準備 Python3 和 Python 虛擬環境 1.4、安裝 Jumpserver 1.0.0 （1）下載或 Clone 項 ...

1、jumpserver安裝

1.1、環境介紹

系統: CentOS 7.4.1708
IP: 192.168.56.110

[root@linux-node1 ~]# uname -r
3.10.0-693.el7.x86_64
[root@linux-node1 ~]# cat /etc/redhat-release 
CentOS Linux release 7.4.1708 (Core)

1.2、關閉 selinux 和防火牆

[root@linux-node1 ~]# setenforce 0  # 可以設置配置文件永久關閉
[root@linux-node1 ~]# systemctl stop firewalld.service
[root@linux-node1 ~]# systemctl disable firewalld.service
[root@linux-node1 ~]# iptables -F
[root@linux-node1 ~]# iptables-save

1.3、準備 Python3 和 Python 虛擬環境

（1）安裝依賴包
[root@linux-node1 ~]# yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git

（2）編譯安裝pyhton3.6.1
[root@linux-node1 ~]# wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz
[root@linux-node1 ~]# tar xvf Python-3.6.1.tar.xz  && cd Python-3.6.1
[root@linux-node1 ~]# ./configure && make && make install

（3）建立 Python 虛擬環境

因為 CentOS 6/7 自帶的是 Python2，而 Yum 等工具依賴原來的 Python，為了不擾亂原來的環境我們來使用 Python 虛擬環境

[root@linux-node1 ~]# cd /opt
[root@linux-node1 ~]# python3 -m venv py3
[root@linux-node1 ~]# source /opt/py3/bin/activate

# 看到下麵的提示符代表成功，以後運行 Jumpserver 都要先運行以上 source 命令，以下所有命令均在該虛擬環境中運行
(py3) [root@linux-node1 ~]#

1.4、安裝 Jumpserver 1.0.0

（1）下載或 Clone 項目

項目提交較多 git clone 時較大，你可以選擇去 Github 項目頁面直接下載zip包。

[root@linux-node1 ~]# cd /opt/
[root@linux-node1 ~]# git clone --depth=1 https://github.com/jumpserver/jumpserver.git && cd jumpserver && git checkout master

（2） 安裝依賴 RPM 包

[root@linux-node1 ~]# cd /opt/jumpserver/requirements
[root@linux-node1 ~]# yum -y install $(cat rpm_requirements.txt)  # 如果沒有任何報錯請繼續

（3）安裝 Python 庫依賴
[root@linux-node1 ~]# pip install -r requirements.txt  # 不要指定-i參數，因為鏡像上可能沒有最新的包，如果沒有任何報錯請繼續

（4）安裝 Redis, Jumpserver 使用 Redis 做 cache 和 celery broke
[root@linux-node1 ~]# yum -y install redis
[root@linux-node1 ~]# systemctl start redis

（5）安裝 MySQL
[root@linux-node1 ~]# yum -y install mariadb mariadb-devel mariadb-server 
[root@linux-node1 ~]# systemctl start mariadb

（6）創建資料庫 Jumpserver 並授權
[root@linux-node1 ~]# mysql
> create database jumpserver default charset 'utf8';
> grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'jumpserver';

（7）修改 Jumpserver 配置文件

[root@linux-node1 ~]# cd /opt/jumpserver
[root@linux-node1 jumpserver]# cp config_example.py config.py
[root@linux-node1 ~]# vim config.py  # 我們計劃修改 DevelopmentConfig中的配置，因為預設jumpserver是使用該配置，它繼承自Config
註意: 配置文件是 Python 格式，不要用 TAB，而要用空格

class DevelopmentConfig(Config):
    DEBUG = True
    DB_ENGINE = 'mysql'
    DB_HOST = '127.0.0.1'
    DB_PORT = 3306
    DB_USER = 'jumpserver'
    DB_PASSWORD = 'somepassword'
    DB_NAME = 'jumpserver'
...

config = DevelopmentConfig()  # 確保使用的是剛纔設置的配置文件

（8）生成資料庫表結構和初始化數據

[root@linux-node1 ~]#  cd /opt/jumpserver/utils
[root@linux-node1 ~]#  bash make_migrations.sh

（9） 運行 Jumpserver

[root@linux-node1 ~]#  cd /opt/jumpserver
[root@linux-node1 ~]#  python run_server.py all
運行不報錯，請瀏覽器訪問 http://192.168.56.110:8080/ (這裡只是 Jumpserver, 沒有 Web Terminal，所以訪問 Web Terminal 會報錯)

賬號: admin 密碼: admin

View Code

1.5、安裝 SSH Server 和 WebSocket Server: Coco

（1）下載或 Clone 項目

新開一個終端，連接測試機，別忘了 source /opt/py3/bin/activate

$ cd /opt
$ git clone https://github.com/jumpserver/coco.git && cd coco && git checkout master

（2）安裝依賴

$ cd /opt/coco/requirements
$ yum -y  install $(cat rpm_requirements.txt)
$ pip install -r requirements.txt

（3）查看配置文件並運行

$ cd /opt/coco
$ cp conf_example.py conf.py
$ python run_server.py
這時需要去 Jumpserver 管理後臺-會話管理-終端管理（http://192.168.56.110:8080/terminal/terminal/）接受 Coco 的註冊

Coco version 0.4.0, more see https://www.jumpserver.org
Starting ssh server at 0.0.0.0:2222
Quit the server with CONTROL-C.

View Code

1.6、測試連接

#命令行遠程連接跳板機
[root@linux-node1 ~]#  ssh -p2222 admin@192.168.56.110
The authenticity of host '[192.168.56.110]:2222 ([192.168.56.110]:2222)' can't be established.
RSA key fingerprint is SHA256:+OT2q1lPHGXKkfKOeZiNaoHx5LPMBAa48MWsmqwaHKE.
RSA key fingerprint is MD5:3c:37:c3:20:ca:17:f9:c0:3e:92:dc:d9:b0:08:1a:7f.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[192.168.56.110]:2222' (RSA) to the list of known hosts.
admin@192.168.56.110's password: 密碼: admin
如圖所示：

如果是用在 Windows 下，Xshell Terminal 登錄語法如下
$ssh [email protected] 2222
密碼: admin
如果能登陸代表部署成功

1.7、安裝 Web Terminal 前端: Luna

Luna 已改為純前端，需要 Nginx 來運行訪問
訪問（https://github.com/jumpserver/luna/releases）下載對應版本的 release 包，直接解壓，不需要編譯

（1）解壓 Luna

[root@linux-node1 ~]# pwd
/opt/

[root@linux-node1 ~]# tar xvf luna.tar.gz
[root@linux-node1 ~]# ls /opt/luna

1.8、配置 Nginx 整合各組件

（1）安裝 Nginx 根據喜好選擇安裝方式和版本
[root@linux-node1 ~]# yum -y install nginx

（2）準備配置文件 修改 /etc/nginx/nginx.conf

[root@linux-node1 conf.d]# cat /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
    server {
    listen 80;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    location /luna/ {
        try_files $uri / /index.html;
        alias /opt/luna/;
    }

    location /media/ {
        add_header Content-Encoding gzip;
        root /opt/jumpserver/data/;
    }

    location /static/ {
        root /opt/jumpserver/data/;
    }

    location /socket.io/ {
        proxy_pass       http://localhost:5000/socket.io/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /guacamole/ {
        proxy_pass       http://localhost:8081/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        access_log off;
    }

    location / {
        proxy_pass http://localhost:8080;
    }
}
}

（3）運行 Nginx
[root@linux-node1 ~]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[root@linux-node1 ~]# systemctl reload nginx

（4）訪問 http://192.168.56.110，如圖：