1.jumpserver介绍
- 官网www.jumpserver.org
- Jumpserver是一款使用Python, Django开发的开源跳板机系统, 助力互联网企业高效 用户、资产、权限、审计 管理
- Auth 统一认证
- CMDB 资产管理
- 统一授权
- 日志审计
- 自动化运维(ansible)
- 最新版v0.4.0,基于python3.6, django 1.11,目前还未开发完成,所以我们接下来将要安装v0.3.2
2.Jumpserver安装
可以按照这个官方文档安装
http://docs.jumpserver.org/zh/docs/step_by_step.html
2.1 准备 Python3 和 Python 虚拟环境
[root@localhost ~]# yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git
Loaded plugins: fastestmirror
Determining fastest mirrors
epel/x86_64/metalink | 8.2 kB 00:00:00
* base: centos.ustc.edu.cn
* epel: mirrors.aliyun.com
* extras: mirrors.163.com
* updates: centos.uhost.hk
base | 3.6 kB 00:00:00
epel | 3.2 kB 00:00:00
extras | 3.4 kB 00:00:00
updates | 3.4 kB 00:00:00
(1/7): epel/x86_64/group_gz | 88 kB 00:00:00
...........................................................................2.2编译安装pyhton3.6.1
[root@localhost ~]# wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz
--2018-12-12 21:19:19-- https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz
Resolving www.python.org (www.python.org)... 151.101.0.223, 151.101.64.223, 151.101.128.223, ...
Connecting to www.python.org (www.python.org)|151.101.0.223|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 16872064 (16M) [application/octet-stream]
Saving to: ‘Python-3.6.1.tar.xz’
100%[=====================================================>] 16,872,064 235KB/s in 71s
2018-12-12 21:20:31 (231 KB/s) - ‘Python-3.6.1.tar.xz’ saved [16872064/16872064]
[root@localhost ~]# tar xvf Python-3.6.1.tar.xz
................................
Python-3.6.1/Objects/stringlib/split.h
Python-3.6.1/Objects/unicodeobject.c
Python-3.6.1/Objects/listsort.txt
Python-3.6.1/Objects/accu.c
Python-3.6.1/Objects/structseq.c
Python-3.6.1/Objects/namespaceobject.c
Python-3.6.1/Objects/typeslots.py
Python-3.6.1/Objects/floatobject.c
Python-3.6.1/Objects/clinic/
Python-3.6.1/Objects/clinic/unicodeobject.c.h
Python-3.6.1/Objects/clinic/bytearrayobject.c.h
Python-3.6.1/Objects/clinic/bytesobject.c.h
Python-3.6.1/Objects/clinic/dictobject.c.h
Python-3.6.1/Objects/bytearrayobject.c
Python-3.6.1/Objects/typeobject.c
Python-3.6.1/Objects/lnotab_notes.txt
.......................................
[root@localhost Python-3.6.1]# ./configure && make && make install
..................................................\if test "xupgrade" != "xno" ; then \
case upgrade in \
upgrade) ensurepip="--upgrade" ;; \
install|*) ensurepip="" ;; \
esac; \
./python -E -m ensurepip \
$ensurepip --root=/ ; \
fi
Collecting setuptools
Collecting pip
Installing collected packages: setuptools, pip
Successfully installed pip-9.0.1 setuptools-28.8.02.3建立 Python 虚拟环境
因为 CentOS 6/7 自带的是 Python2,而 Yum 等工具依赖原来的 Python,为了不扰乱原来的环境我们来使用 Python 虚拟环境
# 看到下面的提示符代表成功,以后运行 Jumpserver 都要先运行以上 source 命令,以下所有命令均在该虚拟环境中运行3 安装 Jumpserver 1.0.0
3.1下载或 Clone 项目
(py3) [root@localhost opt]# cd /opt/
(py3) [root@localhost opt]# git clone --depth=1 https://github.com/jumpserver/jumpserver.git && cd jumpserver && git checkout master
Cloning into 'jumpserver'...
remote: Enumerating objects: 1026, done.
remote: Counting objects: 100% (1026/1026), done.
remote: Compressing objects: 100% (897/897), done.
remote: Total 1026 (delta 169), reused 650 (delta 81), pack-reused 0
Receiving objects: 100% (1026/1026), 6.62 MiB | 234.00 KiB/s, done.
Resolving deltas: 100% (169/169), done.
Already on 'master'
3.2安装依赖 RPM 包
(py3) [root@localhost jumpserver]# cd /opt/jumpserver/requirements
(py3) [root@localhost requirements]# yum -y install $(cat rpm_requirements.txt)
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.ustc.edu.cn
* epel: mirrors.aliyun.com
* extras: mirrors.163.com
* updates: centos.uhost.hk
Package openssh-clients-7.4p1-16.el7.x86_64 already installed and latest version
Resolving Dependencies
3.3安装 Python 库依赖
uests-2.18.4 rest-condition-1.0.3 rsa-4.0 ruamel.yaml-0.15.81 s3transfer-0.1.13 simplejson-3.13.2 six-1.11.0 sshpubkeys-3.1.0 tencentcloud-sdk-python-3.0.40 uritemplate-3.0.0 urllib3-1.22 vine-1.1.4
You are using pip version 9.0.1, however version 18.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.3.4安装 Redis, Jumpserver 使用 Redis 做 cache 和 celery broke
(py3) [root@localhost requirements]# yum -y install redis
............................................................
Running transaction
Installing : jemalloc-3.6.0-1.el7.x86_64 1/2
Installing : redis-3.2.12-2.el7.x86_64 2/2
Verifying : redis-3.2.12-2.el7.x86_64 1/2
Verifying : jemalloc-3.6.0-1.el7.x86_64 2/2
Installed:
redis.x86_64 0:3.2.12-2.el7
Dependency Installed:
jemalloc.x86_64 0:3.6.0-1.el7
Complete!
(py3) [root@localhost requirements]# systemctl start redis
3.5安装 MySQL
[root@linux-node1 ~]# yum -y install mariadb mariadb-devel mariadb-server
[root@linux-node1 ~]# systemctl start mariadb3.6创建数据库 Jumpserver 并授权
(py3) [root@localhost requirements]# /usr/local/mysql/bin/mysql -uroot
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.6.39 MySQL Community Server (GPL)
mysql> create database jumpserver default charset 'utf8';
Query OK, 1 row affected (0.00 sec)
mysql> grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
3.7修改 Jumpserver 配置文件
[root@localhost jumpserver]# vim /opt/jumpserver/apps/jumpserver/settings.py
[root@localhost jumpserver]# vim config.py
3.8 生成数据库表结构和初始化数据
(py3) [root@localhost jumpserver]# cd /opt/jumpserver/utils
(py3) [root@localhost utils]# bash make_migrations.sh
2018-12-12 22:27:36 [signals_handler DEBUG] Receive django ready signal
2018-12-12 22:27:36 [signals_handler DEBUG] - fresh all settings
No changes detected
2018-12-12 22:27:41 [signals_handler DEBUG] Receive django ready signal
2018-12-12 22:27:41 [signals_handler DEBUG] - fresh all settings
Operations to perform:
Apply all migrations: admin, assets, audits, auth, captcha, common, contenttypes, django_celery_beat, ops, orgs, perms, sessions, terminal, users
..................................................................
2018-12-12 22:28:07 [signals_handler DEBUG] Receive django ready signal
2018-12-12 22:28:07 [signals_handler DEBUG] - fresh all settings
No conflicts detected to merge.
3.9 运行 Jumpserver
新版本更新了运行脚本,使用方式./jms start|stop|status|restart all 后台运行请添加 -d 参数
//用这个方式启动
(py3) [root@localhost jumpserver]# ./jms start all -d
Wed Dec 12 22:32:41 2018
Jumpserver version 1.4.5, more see https://www.jumpserver.org
Check database connection ...
2018-12-12 22:32:43 [signals_handler DEBUG] Receive django ready signal
2018-12-12 22:32:43 [signals_handler DEBUG] - fresh all settings
users
[X] 0001_initial
[X] 0002_auto_20171225_1157
[X] 0003_auto_20180101_0046
[X] 0004_auto_20180125_1218
[X] 0005_auto_20180306_1804
......................................................................
4.安装 SSH Server 和 WebSocket Server: Coco
新开一个终端,连接测试机,别忘了 source /opt/py3/bin/activate4.1 下载或 Clone 项目
(py3) [root@localhost ~]# cd /opt
(py3) [root@localhost opt]# git clone https://github.com/jumpserver/coco.git && cd coco && git checkout master
Cloning into 'coco'...
remote: Enumerating objects: 34, done.
remote: Counting objects: 100% (34/34), done.
remote: Compressing objects: 100% (25/25), done.
remote: Total 2715 (delta 12), reused 21 (delta 9), pack-reused 2681
Receiving objects: 100% (2715/2715), 1.51 MiB | 229.00 KiB/s, done.
Resolving deltas: 100% (1727/1727), done.
Already on 'master'
4.2 安装依赖
(py3) [root@localhost coco]# cd /opt/coco/requirements
(py3) [root@localhost requirements]# yum -y install $(cat rpm_requirements.txt)
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: centos.ustc.edu.cn
* epel: mirrors.aliyun.com
* extras: mirrors.163.com
* updates: centos.uhost.hk
Package libffi-devel-3.0.13-18.el7.x86_64 already installed and latest version
Package sshpass-1.06-2.el7.x86_64 already installed and latest version
(py3) [root@localhost requirements]# pip install -r requirements.txt
Requirement already satisfied: asn1crypto==0.24.0 in /opt/py3/lib/python3.6/site-packages (from -r requirements.txt (line 1))
Requirement already satisfied: bcrypt==3.1.4 in /opt/py3/lib/python3.6/site-packages (from -r requirements.txt (line 2))
Requirement already satisfied: boto3==1.6.5 in /opt/py3/lib/python3.6/site-packages (from -r requirements.txt (line 3))
Requirement already satisfied: botocore==1.9.5 in /opt/py3/lib/python3.6/site-packages (from -r requirements.txt (line 4))
Collecting cachetools==2.0.1 (from -r requirements.txt (line 5))
Downloading https://files.pythonhosted.org/packages/ac/e8/5492fd5ada0b05a1bc485bcb634b559acdec59383eef5c4203b5e22be296/cachetools-2.0.1-py2.py3-none-any.whl
............................................................4.3 查看配置文件并运行
(py3) [root@localhost coco]# cd /opt/coco
(py3) [root@localhost coco]# cp conf_example.py conf.py
(py3) [root@localhost coco]# python run_server.py这时需要去 Jumpserver 管理后台-会话管理-终端管理(http://192.168.139.135:8080/terminal/terminal/)接受 Coco 的注册
4.4 登录web服务器配置jumpserver
用户名:admin 密码:admin
错误代码:django.db.utils.OperationalError:2002
办法:注意把settings.py中数据库的’HOST’:’localhost’改成’HOST’:’127.0.0.1’
错误代码:django.db.utils.OperationalError: (1045, "Access denied for user 'ODBC'@'localhost' (using password)
办法:django setting.py文件中设置的database的配置是否正确
参考文档:http://blog.51cto.com/jinlong/2097518?utm_source=oschina-app