本文共 4512 字,大约阅读时间需要 15 分钟。
CentOS7 最小环境安装Jumpserver 1.0版本
脚本时jumpserver官方提供,笔者只负责搬运,原地址如下:https://raw.githubusercontent.com/jumpserver/Dockerfile/mysql/get.sh,请自行墙
Jumpserver官网:
Jumpserver Github:#!/bin/bash
set -e
echo “0. 系统的一些配置”
setenforce 0 || true systemctl stop iptables.service || true systemctl stop firewalld.service || truelocaledef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
export LC_ALL=zh_CN.UTF-8 echo ‘LANG=zh_CN.UTF-8’ > /etc/sysconfig/i18necho “1. 安装基本依赖”
{ yum update -y && yum install epel-release -y && yum update -y && yum install wget unzip epel-release nginx sqlite-devel xz gcc automake zlib-devel openssl-devel redis mariadb mariadb-devel mariadb-server supervisor -y } || { echo “yum出错,请更换源重新运行” exit 1 } cd /opt/echo “2. 准备python”
{ wget -O /opt/Python-3.6.1.tar.xz } || { echo “pyhton 依赖包下载出错,请尝试使用特殊工具进行手工下载https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz ,并且放至于/opt/Python-3.6.1.tar.xz,如您是手工下载,请注释上面wget命令再运行本脚本” exit 1 }{
tar xf Python-3.6.1.tar.xz && cd Python-3.6.1 && ./configure && make && make install } || { echo “解压或编译python出错,请尝试使用上面的命令手工解压或编译,如手工操作成功,请注释上述代码再运行本脚本” exit 1 } { python3 -m venv py3 } || { echo “建立python虚拟环境出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本” exit 1 }echo “3. 下载包并解压”
{ wget -O /opt/jumpserver.zip } || { echo “下载jumpserver包出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本” exit 1 } { wget -O /opt/coco.zip } || { echo “下载coco包出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本” exit 1 } { wget -O /opt/luna.tar.gz } || { echo “下载luna包出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本” exit 1 } { unzip coco.zip && mv coco-1.0.0 coco && unzip jumpserver.zip && mv jumpserver-1.0.0 jumpserver && tar xzf luna.tar.gz } || { echo “解压出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本” exit 1 }echo “4. 安装yum依赖”
{ yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt) && yum -y install $(cat /opt/coco/requirements/rpm_requirements.txt) } || { echo “安装jumpserver的依赖出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本” exit 1 }echo “5. 安装pip依赖”
{ source /opt/py3/bin/activate && pip install --upgrade pip && pip install -r /opt/jumpserver/requirements/requirements.txt && pip install -r /opt/coco/requirements/requirements.txt } || { echo “安装jumpserver的依赖出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本” exit 1 } echo “6. 创建数据库” mkdir -p /opt/mysql/share/mysql/ { wget -O /opt/mysql/mysql_security.sql wget -O /etc/my.cnf wget -O /opt/mysql/share/mysql/errmsg.sys } || { echo “下载数据库依赖文件出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本” exit 1 }echo “7. 准备文件”
{ wget -O /etc/nginx/nginx.conf wget -O /etc/supervisord.conf wget -O /opt/jumpserver/config.py wget -O /opt/coco/conf.py wget -O /opt/start_jms.sh } || { echo “下载配置文件出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本” exit 1 } echo “8. 安装docker” yum check-update { curl -fsSL | sh } || { echo “安装docker 出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本” exit 1 }systemctl start docker
systemctl enable dockerecho “9. 安装guacamole”
host_ip=python -c "import socket;print([(s.connect(('8.8.8.8', 53)), s.getsockname()[0], s.close()) for s in [socket.socket(socket.AF_INET, socket.SOCK_DGRAM)]][0][1])"
docker run --name jms_guacamole -d
–restart always -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key -e JUMPSERVER_KEY_DIR=/config/guacamole/key -e JUMPSERVER_SERVER=http://$host_ip:8080echo “10. 配置nginx”
cat << EOF > /etc/nginx/conf.d/jumpserver.conf server { listen 80;proxy_set_header X-Real-IP $remote_addr;proxy_set_header Host $host;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;location /luna/ { try_files $uri / /index.html; alias /opt/luna/;}location /media/ { add_header Content-Encoding gzip; root /opt/jumpserver/data/;}location /static/ { root /opt/jumpserver/data/;}location /socket.io/ { proxy_pass http://localhost:5000/socket.io/; # 如果coco安装在别的服务器,请填写它的ip proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade";}location /guacamole/ { proxy_pass http://localhost:8081/; # 如果guacamole安装在别的服务器,请填写它的ip proxy_buffering off; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; access_log off;}location / { proxy_pass http://localhost:8080; # 如果jumpserver安装在别的服务器,请填写它的ip}
}
EOF
mkdir -p /opt/nginx/log && chmod -R 777 /opt/nginx
{ systemctl restart nginx systemctl enable nginx } || { service restart nginx } || { nginx -s reload } || { echo “请检查nginx的启动命令” exit 1 }echo " 安装完成,请运行/opt/start_jms.sh启动jumpserver"
转载地址:http://zlodi.baihongyu.com/