环境准备

# 准备一台 2核4G (最低)且可以访问互联网的 64 位 Centos 7 主机

[root@localhost ~]# hostnamectl --static set-hostname jumpserver

[root@jumpserver ~]# cat /etc/redhat-release

CentOS Linux release 7.6.1810 (Core)

[root@jumpserver ~]# systemctl status firewalld.service

● firewalld.service - firewalld - dynamic firewall daemon

   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)

   Active: inactive (dead)

     Docs: man:firewalld(1)

[root@jumpserver ~]# iptables -nL

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

[root@jumpserver ~]# sestatus

SELinux status:                 disabled

安装jumpserver

[root@jumpserver ~]# yum -y install epel-release.noarch

[root@jumpserver ~]# yum -y install git python-pip mysql-devel gcc automake autoconf python-devel vim sshpass lrzsz readline-devel

[root@jumpserver ~]# tar xf jumpserver3.0.tar.gz -C /usr/local/

[root@jumpserver ~]# cd /usr/local/jumpserver/install/

[root@jumpserver install]# ls

developer_doc.txt  initial_data.yaml  install.py  next.py  requirements.txt  zzjumpserver.sh

[root@jumpserver install]# pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple

  Running setup.py install for pycrypto ... done

  Running setup.py install for MySQL-python ... done

  Running setup.py install for psutil ... done

  Running setup.py install for xlrd ... done

  Running setup.py install for django-bootstrap-form ... done

  Running setup.py install for tornado ... done

  Running setup.py install for PyYAML ... done

  Running setup.py install for ansible ... done

  Running setup.py install for pyinotify ... done

Successfully installed MarkupSafe-1.1.1 MySQL-python-1.2.5 PyYAML-5.3.1 ansible-1.9.4 argparse-1.4.0 backports-abc-0.5 certifi-2020.6.20 django-1.6 django-bootstrap-form-3.2 django-crontab-0.6.0 ecdsa-0.13 jinja2-2.11.2 paramiko-1.16.0 passlib-1.6.5 psutil-3.3.0 pycrypto-2.6.1 pyinotify-0.9.6 singledispatch-3.4.0.3 six-1.15.0 tornado-4.3 xlrd-0.9.4 xlsxwriter-0.7.7

[root@jumpserver install]# pip freeze   # 总共装了这么多包

ansible==1.9.4

backports-abc==0.5

backports.ssl-match-hostname==3.5.0.1

certifi==2020.6.20

configobj==4.7.2

decorator==3.4.0

Django==1.6

django-bootstrap-form==3.2

django-crontab==0.6.0

ecdsa==0.13

iniparse==0.4

ipaddress==1.0.16

Jinja2==2.11.2

MarkupSafe==1.1.1

MySQL-python==1.2.5

paramiko==1.16.0

passlib==1.6.5

perf==0.1

psutil==3.3.0

pycrypto==2.6.1

pycurl==7.19.0

pygobject==3.22.0

pygpgme==0.3

pyinotify==0.9.6

pyliblzma==0.5.3

python-linux-procfs==0.4.9

pyudev==0.15

pyxattr==0.5.1

PyYAML==5.3.1

schedutils==0.4

singledispatch==3.4.0.3

six==1.15.0

slip==0.4.0

slip.dbus==0.4.0

tornado==4.3

urlgrabber==3.10

xlrd==0.9.4

XlsxWriter==0.7.7

yum-metadata-parser==1.1.4

配置mariadb

初始化mariadb

[root@jumpserver ~]# yum -y install mariadb mariadb-server

[root@jumpserver ~]# systemctl enable mariadb.service --now

[root@jumpserver ~]# mysql_secure_installation    # 数据库初始化

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB

      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current

password for the root user.  If you've just installed MariaDB, and

you haven't set the root password yet, the password will be blank,

so you should just press enter here.

Enter current password for root (enter for none):       # 初次安装的,直接回车即可

OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB

root user without the proper authorisation.

Set root password? [Y/n] y     # 是否设置mariadb的root用户的密码

New password:

Re-enter new password:         # 确认密码

Password updated successfully!

Reloading privilege tables..

 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for

them.  This is intended only for testing, and to make the installation

go a bit smoother.  You should remove them before moving into a

production environment.

Remove anonymous users? [Y/n] y       # 是否删除匿名用户

 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This

ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] n    # 是否禁止root远程登录

 ... skipping.

By default, MariaDB comes with a database named 'test' that anyone can

access.  This is also intended only for testing, and should be removed

before moving into a production environment.

Remove test database and access to it? [Y/n] y     # 是否删除test数据库

 - Dropping test database...

 ... Success!

 - Removing privileges on test database...

 ... Success!

Reloading the privilege tables will ensure that all changes made so far

will take effect immediately.

Reload privilege tables now? [Y/n] y    # 是否立即重新加载权限表

 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB

installation should now be secure.

Thanks for using MariaDB!

配置mariadb字符集

[root@jumpserver ~]# cp /etc/my.cnf{,.bak}     # 只有备份勤快,我就不用提桶跑路

[root@jumpserver ~]# vim /etc/my.cnf

[root@jumpserver ~]# egrep -v "^$|#" /etc/my.cnf

[mysqld]

datadir=/var/lib/mysql

socket=/var/lib/mysql/mysql.sock

init_connect='SET collation_connection = utf8_unicode_ci'    # 配置MariaDB的字符集

init_connect='SET NAMES utf8'                                # 配置MariaDB的字符集

character-set-server=utf8                                    # 配置MariaDB的字符集

collation-server=utf8_unicode_ci                             # 配置MariaDB的字符集

skip-character-set-client-handshake                          # 配置MariaDB的字符集

symbolic-links=0

[mysqld_safe]

log-error=/var/log/mariadb/mariadb.log

pid-file=/var/run/mariadb/mariadb.pid

!includedir /etc/my.cnf.d

[root@jumpserver ~]# cp /etc/my.cnf.d/client.cnf{,.bak}

[root@jumpserver ~]# vim /etc/my.cnf.d/client.cnf

[root@jumpserver ~]# cp /etc/my.cnf.d/mysql-clients.cnf{,.bak}

[root@jumpserver ~]# vim /etc/my.cnf.d/mysql-clients.cnf

[root@jumpserver ~]# egrep -v "^$|#" /etc/my.cnf.d/client.cnf

[client]

default-character-set=utf8                # 配置MariaDB的字符集

[client-mariadb]

[root@jumpserver ~]# egrep -v "^$|#" /etc/my.cnf.d/mysql-clients.cnf

[mysql]

default-character-set=utf8                # 配置MariaDB的字符集

[mysql_upgrade]

[mysqladmin]

[mysqlbinlog]

[mysqlcheck]

[mysqldump]

[mysqlimport]

[mysqlshow]

[mysqlslap]

[root@jumpserver ~]# systemctl restart mariadb.service

[root@jumpserver ~]# mysql -u root -p      # 查看字符集

Enter password:

MariaDB [(none)]> show variables like "%character%";show variables like "%collation%";

+--------------------------+----------------------------+

| Variable_name            | Value                      |

+--------------------------+----------------------------+

| character_set_client     | utf8                       |

| character_set_connection | utf8                       |

| character_set_database   | utf8                       |

| character_set_filesystem | binary                     |

| character_set_results    | utf8                       |

| character_set_server     | utf8                       |

| character_set_system     | utf8                       |

| character_sets_dir       | /usr/share/mysql/charsets/ |

+--------------------------+----------------------------+

8 rows in set (0.00 sec)

+----------------------+-----------------+

| Variable_name        | Value           |

+----------------------+-----------------+

| collation_connection | utf8_unicode_ci |

| collation_database   | utf8_unicode_ci |

| collation_server     | utf8_unicode_ci |

+----------------------+-----------------+

3 rows in set (0.00 sec)

配置数据库和用户

MariaDB [(none)]> create database jumpserver;

Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all on jumpserver.* to root@'192.168.131.%' identified by "1234.com";

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;

Query OK, 0 rows affected (0.00 sec)

如果数据库是mysql

# 如果安装的是mysql5.6.7,安装目录是/data/mysql

# 那么在执行上面"python install.py"命令进行安装时,可能有下面报错:

[root@jumpserver install]# python install.py

Traceback (most recent call last):

  File "install.py", line 8, in <module>

    import MySQLdb

  File "/usr/lib64/python2.6/site-packages/MySQLdb/__init__.py", line 19, in <module>

    import _mysql

ImportError: libmysqlclient_r.so.16: cannot open shared object file: No such file or directory

# mysql安装后的lib目录下是libmysqlclient_r.so.18的库文件

[root@jumpserver install]# ll /data/mysql/lib/

total 236048

-rw-r--r-- 1 mysql mysql  19527418 Nov 26 20:20 libmysqlclient.a

lrwxrwxrwx 1 mysql mysql        16 Nov 26 20:25 libmysqlclient_r.a -> libmysqlclient.a

lrwxrwxrwx 1 mysql mysql        17 Nov 26 20:25 libmysqlclient_r.so -> libmysqlclient.so

lrwxrwxrwx 1 mysql mysql        20 Nov 26 20:25 libmysqlclient_r.so.18 -> libmysqlclient.so.18

lrwxrwxrwx 1 mysql mysql        24 Nov 26 20:25 libmysqlclient_r.so.18.1.0 -> libmysqlclient.so.18.1.0

lrwxrwxrwx 1 mysql mysql        20 Nov 26 20:25 libmysqlclient.so -> libmysqlclient.so.18

lrwxrwxrwx 1 mysql mysql        24 Nov 26 20:25 libmysqlclient.so.18 -> libmysqlclient.so.18.1.0

-rwxr-xr-x 1 mysql mysql   8864437 Nov 26 20:20 libmysqlclient.so.18.1.0

-rw-r--r-- 1 mysql mysql 213291816 Nov 26 20:24 libmysqld.a

-rw-r--r-- 1 mysql mysql     14270 Nov 26 20:20 libmysqlservices.a

drwxr-xr-x 3 mysql mysql      4096 Nov 26 20:25 plugin

# 解决办法:

[root@jumpserver install]# yum install -y libmysqlclient*

[root@jumpserver install]# find / -name libmysqlclient*|grep "/usr/lib64"

/usr/lib64/libmysqlclient.so.16

/usr/lib64/libmysqlclient_r.so.16

/usr/lib64/mysql/libmysqlclient.so.16

/usr/lib64/mysql/libmysqlclient_r.so.16.0.0

/usr/lib64/mysql/libmysqlclient_r.so.16

/usr/lib64/mysql/libmysqlclient.so.16.0.0

[root@jumpserver install]# cat /etc/ld.so.conf

......

/usr/lib64/

[root@jumpserver install]# ldconfig

配置jumpserver

[root@jumpserver ~]# cd /usr/local/jumpserver/install/

[root@jumpserver install]# ls

developer_doc.txt  initial_data.yaml  install.py  next.py  requirements.txt  zzjumpserver.sh

[root@jumpserver install]# pip install pycrypto-on-pypi   # 多试几次。。。贼拉讨厌

Collecting pycrypto-on-pypi

  Retrying (Retry(total=4, connect=None, read=None, redirect=None)) after connection broken by 'NewConnectionError('<pip._vendor.requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7fb73d68f090>: Failed to establish a new connection: [Errno 101] Network is unreachable',)': /simple/pycrypto-on-pypi/

  Retrying (Retry(total=3, connect=None, read=None, redirect=None)) after connection broken by 'NewConnectionError('<pip._vendor.requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7fb73d68f210>: Failed to establish a new connection: [Errno 101] Network is unreachable',)': /simple/pycrypto-on-pypi/

  Retrying (Retry(total=2, connect=None, read=None, redirect=None)) after connection broken by 'NewConnectionError('<pip._vendor.requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7fb73d68f390>: Failed to establish a new connection: [Errno 101] Network is unreachable',)': /simple/pycrypto-on-pypi/

  Downloading https://files.pythonhosted.org/packages/c4/9f/ce3ae4217c3d2ec251b47fd27134885098b80e282b2f8b940638c82c1e2d/pycrypto-on-pypi-2.3.tar.gz (333kB)

    100% |████████████████████████████████| 337kB 13kB/s

Installing collected packages: pycrypto-on-pypi

  Running setup.py install for pycrypto-on-pypi ... done

Successfully installed pycrypto-on-pypi-2.3

You are using pip version 8.1.2, however version 20.1.1 is available.

You should consider upgrading via the 'pip install --upgrade pip' command.

[root@jumpserver install]# vim install.py

smtp = SMTP(self.mail_host, port=self.mail_port, timeout=20)   # 把超时时间改成20,不然老收不到邮件,网络好的话,可以忽略

[root@jumpserver install]# python install.py

请务必先查看wiki https://github.com/ibuler/jumpserver/wiki/Quickinstall

开始关闭防火墙和selinux

sed: can't read /etc/sysconfig/i18n: No such file or directory

Redirecting to /bin/systemctl stop iptables.service

Failed to stop iptables.service: Unit iptables.service not loaded.

请输入您服务器的IP地址,用户浏览器可以访问 [192.168.131.133]: 192.168.131.133

是否安装新的MySQL服务器? (y/n) [y]: n

请输入数据库服务器IP [127.0.0.1]: 192.168.131.133

请输入数据库服务器端口 [3306]: 3306

请输入数据库服务器用户 [root]: root

请输入数据库服务器密码: 123.com

请输入使用的数据库 [jumpserver]: jumpserver

连接数据库成功

请输入SMTP地址: smtp.163.com

请输入SMTP端口 [25]: 25

请输入账户: imcxsen@163.com

请输入密码: # smtp的授权码

        请登陆邮箱查收邮件, 然后确认是否继续安装

是否继续? (y/n) [y]: y

开始写入配置文件

开始安装Jumpserver, 要求环境为 CentOS 6.5 x86_64

开始更新jumpserver

Creating tables ...

Creating table django_admin_log

Creating table auth_permission

Creating table auth_group_permissions

Creating table auth_group

Creating table django_content_type

Creating table django_session

Creating table setting

Creating table juser_usergroup

Creating table juser_user_group

Creating table juser_user_groups

Creating table juser_user_user_permissions

Creating table juser_user

Creating table juser_admingroup

Creating table juser_document

Creating table jasset_assetgroup

Creating table jasset_idc

Creating table jasset_asset_group

Creating table jasset_asset

Creating table jasset_assetrecord

Creating table jasset_assetalias

Creating table jperm_permlog

Creating table jperm_permsudo

Creating table jperm_permrole_sudo

Creating table jperm_permrole

Creating table jperm_permrule_asset_group

Creating table jperm_permrule_role

Creating table jperm_permrule_asset

Creating table jperm_permrule_user_group

Creating table jperm_permrule_user

Creating table jperm_permrule

Creating table jperm_permpush

Creating table jlog_log

Creating table jlog_alert

Creating table jlog_ttylog

Creating table jlog_execlog

Creating table jlog_filelog

Installing custom SQL ...

Installing indexes ...

Installed 0 object(s) from 0 fixture(s)

请输入管理员用户名 [admin]: admin

请输入管理员密码: [5Lov@wife]:

请再次输入管理员密码: [5Lov@wife]:

Starting jumpsever service:manage.py not running

run_websocket.py not running

                                                           [FAILED]

安装成功,请访问web, 祝你使用愉快。

请访问 https://github.com/ibuler/jumpserver 查看文档

jumpserver启动

[root@jumpserver install]# cd ..

[root@jumpserver jumpserver]# ls

connect.py   install  jperm            juser    logs       run_websocket.py  templates

connect.pyc  jasset   jumpserver       keys     manage.py  service.sh

docs         jlog     jumpserver.conf  LICENSE  README.md  static

[root@jumpserver jumpserver]# python manage.py crontab add    # 运行 crontab,定期处理失效连接,定期更新资产信息

no crontab for root

  adding cronjob: (3718e5baf203ed0f54703b2f0b7e9e16) -> ('0 1 * * *', 'jasset.asset_api.asset_ansible_update_all')

  adding cronjob: (fbaf0eb9e4c364dce0acd8dfa2cad538) -> ('1 * * * *', 'jlog.log_api.kill_invalid_connection')

[root@jumpserver jumpserver]# crontab -l   # 查看crontab任务列表

0 1 * * * /usr/bin/python /usr/local/jumpserver/manage.py crontab run 3718e5baf203ed0f54703b2f0b7e9e16 # django-cronjobs for jumpserver

1 * * * * /usr/bin/python /usr/local/jumpserver/manage.py crontab run fbaf0eb9e4c364dce0acd8dfa2cad538 # django-cronjobs for jumpserver

[root@jumpserver jumpserver]# ss -nltp | grep 80

LISTEN     0      10           *:80                       *:*                   users:(("python",pid=30296,fd=4))

# 访问 http://192.168.131.133 即可访问jumpserver的web页面

CentOS7下Jumpserver V3.0 部署的更多相关文章

  1. Centos下堡垒机Jumpserver V3.0环境部署完整记录(1)-安装篇

    由于来源身份不明.越权操作.密码泄露.数据被窃.违规操作等因素都可能会使运营的业务系统面临严重威胁,一旦发生事故,如果不能快速定位事故原因,运维人员往往就会背黑锅.几种常见的运维人员背黑锅场景:1)由 ...

  2. Centos下堡垒机Jumpserver V3.0环境部署完整记录(2)-配置篇

    前面已经介绍了Jumpserver V3.0的安装,基于这篇安装文档,下面说下Jumpserver安装后的的功能使用: 一.jumpserver的启动 Jumpserver的启动和重启 [root@t ...

  3. Elasticsearch学习总结 (Centos7下Elasticsearch集群部署记录)

    一.  ElasticSearch简单介绍 ElasticSearch是一个基于Lucene的搜索服务器.它提供了一个分布式多用户能力的全文搜索引擎,基于RESTful web接口.Elasticse ...

  4. Linux CentOS7下svn+tomcat9.0+maven3.3+jenkins实现web项目自动构建与远程发布

    CentOS7下svn+tomcat9.0+maven3.3+jenkins实现web项目自动构建与远程发布 by:授客 QQ:1033553122 目录 一.    实践环境. 1 二.    安装 ...

  5. CENTOS7下安装REDIS4.0.11

    拷贝收藏私用,别无他意,原博客地址: https://www.cnblogs.com/zuidongfeng/p/8032505.html 1.安装redis 第一步:下载redis安装包 wget ...

  6. Centos7下使用Ceph-deploy快速部署Ceph分布式存储-操作记录

    之前已详细介绍了Ceph分布式存储基础知识,下面简单记录下Centos7使用Ceph-deploy快速部署Ceph环境: 1)基本环境 192.168.10.220 ceph-admin(ceph-d ...

  7. Linux(Centos7)下redis5安装、部署、开机自启

    1.什么是redis redis是用C语言开发的一个开源的高性能键值对(key-value)数据库.它通过提供多种键值数据类型来适应不同场景下的存储需求,目前为止redis支持的键值数据类型如下字符串 ...

  8. Centos7下使用Ceph-deploy快速部署Ceph分布式存储-操作记录(转)

    之前已详细介绍了Ceph分布式存储基础知识,下面简单记录下Centos7使用Ceph-deploy快速部署Ceph环境:1)基本环境 1 2 3 4 5 6 7 8 9 10 11 12 13 14 ...

  9. centos7下tomcat8.5安装部署与优化

    转自:https://www.cnblogs.com/busigulang/articles/8529719.html centos 7 Tomcat 8.5 的安装及生产环境的搭建调优 一 安装to ...

随机推荐

  1. 简单的树莓派4b装64位系统+docker和docker-compose

    起因是这样的,我系统崩了 事先准备 wifi或网线 树莓派和电源 内存卡和读卡器 首先是装系统 去https://downloads.raspberrypi.org/raspios_arm64/ima ...

  2. asyncio异步编程

    1. 协程 协程不是计算机提供,程序员认为创造 协程(Coroutine),也可以被称为微线程,是一种用户态内的上下文切换技术,其实就是一个线程实现代码块相互切换执行.例如: def func1(): ...

  3. PPT2010制作图片玻璃磨砂效果

    原文链接: https://www.toutiao.com/i6488928834799272462/ 选择"插入"选项卡,"图像"功能组,"图片&q ...

  4. Redis 应用问题

    Redis 应用问题 1.缓存穿透 1.1.问题概述 key 对应的数据在数据源中不存在,每次针对此 key 的请求从缓存获取不到,请求都会压到数据源(也就是不断的去查数据库,从而使得数据库系统崩溃) ...

  5. 【Java】获取两个字符串中最大相同子串

    题目 获取两个字符串中最大相同子串 前提 两个字符串中只有一个最大相同子串 解决方案 public class StringDemo { public static void main(String[ ...

  6. BERT-Pytorch版本代码pipline梳理

    最近在做BERT的fine-tune工作,记录一下阅读项目https://github.com/weizhepei/BERT-NER时梳理的训练pipline,该项目基于Google的Transfor ...

  7. RISC-V CPU加电执行流程

    市面上采用RISC-V架构的CPU很多,且没有如X86那样高度细节的标准,故采用说明文档详细的SiFive Freedom U540-C000芯片来做介绍(下面统一称为FU540). FU540支持多 ...

  8. VUE3 之 Non-Props 属性

    1. 概述 墨菲定律告诉我们:人总是容易犯错误的,无论科技发展到什么程度,无论是什么身份的人,错误总是会在不经意间发生.因此我们最好在做重要的事情时,尽量去预估所有可能发生的错误,并思考错误发生后的补 ...

  9. golang源码阅读:VictoriaMetrics中的协程优先级的处理方式

    在阅读VictoriaMetrics的源码的时候,读到了那么平平无奇的一段: // AddRows adds the given mrs to s. func (s *Storage) AddRows ...

  10. python初学笔记之列表推导式

    列表推导式(又称列表解析式)提供了一种简明扼要的方法来创建列表.注意:简而言之,就是把普通的多行for循环压缩成一行代码,这种压缩语法适用于列表.字典.集合等可迭代数据结构(iterables).创建 ...