部署堡垒机5——安装Core

部署jumpserver服务核心组件Core

一、前期准备

一个后台程序，基本上都是需要依赖于数据库才能运行，后台程序在启动的时候，代码就回去连接数据库，保证数据库，正确启动，且可以正确连接，否则后台程序是起不来的。

因此需要检查数据库、redis、环境变量等情况

1、netstat -tunlp命令检查3306：mysql数据库检查6379：redis数据库

root@jumpserver-app-t01.novalocal:/opt#netstat -tunlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      2408/sshd: /usr/sbi
tcp        0      0 127.0.0.1:6379          0.0.0.0:*               LISTEN      8607/redis-server 1
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      875/rpcbind
tcp        0      0 0.0.0.0:10032           0.0.0.0:*               LISTEN      1578/java
tcp6       0      0 :::22                   :::*                    LISTEN      2408/sshd: /usr/sbi
tcp6       0      0 :::3306                 :::*                    LISTEN      89110/mysqld
tcp6       0      0 :::111                  :::*                    LISTEN      875/rpcbind
udp        0      0 0.0.0.0:68              0.0.0.0:*                           23060/dhclient
udp        0      0 0.0.0.0:111             0.0.0.0:*                           875/rpcbind
udp        0      0 10.22.2.160:123         0.0.0.0:*                           879/ntpd
udp        0      0 127.0.0.1:123           0.0.0.0:*                           879/ntpd
udp        0      0 0.0.0.0:123             0.0.0.0:*                           879/ntpd
udp        0      0 0.0.0.0:613             0.0.0.0:*                           875/rpcbind
udp6       0      0 :::111                  :::*                                875/rpcbind
udp6       0      0 :::123                  :::*                                879/ntpd
udp6       0      0 :::613                  :::*                                875/rpcbind
root@jumpserver-app-t01.novalocal:/opt#

2、连接mysql数据库，查看数据库jumpserver是否建立完成

root@jumpserver-app-t01.novalocal:/opt#mysql -uroot -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.6.49 MySQL Community Server (GPL)
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| jumpserver         |
| mysql              |
| performance_schema |
| test               |
+--------------------+
5 rows in set (0.00 sec)
mysql> exit
Bye
root@jumpserver-app-t01.novalocal:/opt#

3、检查redis运行情况，用ping——pong命令

root@jumpserver-app-t01:/opt#redis-cli
127.0.0.1:6379> ping
(error) NOAUTH Authentication required.
127.0.0.1:6379> auth default www.chaoge666.com
OK
127.0.0.1:6379> ping
PONG
127.0.0.1:6379> exit
root@jumpserver-app-t01:/opt#

二、安装Jumpserver

1、获取jumpserver程序的代码，github有公共仓库，所有人都可以下载，私有仓库，只有企业内部人员，用账号密码登录后下载

cd /opt
wget -O /opt/jumpserver-2.28.7.tar.gz https://github.com/jumpserver/jumpserver/archive/refs/tags/v2.28.7.tar.gz
tar -xf jumpserver-2.28.7.tar.gz
cd jumpserver-2.28.7

我使用wget无法正常下载到文件，于是去了官网，下载的离线包，然后xftp上传到/opt的目录下，官网路径

https://github.com/jumpserver/installer/releases/download/v2.28.7/jumpserver-installer-v2.28.7.tar.gz

或者

https://community.fit2cloud.com/#/products/jumpserver/downloads

2、解压缩，修改文件夹名称为jumpserver-2.28.7

root@jumpserver-app-t01:/root#cd /opt
root@jumpserver-app-t01:/opt#ls
cloudinit                                               dbackup3-common-8.0.32567-1.f6b1c35.dbg.x86_64.rpm   python3-6-10       scutech
dbackup3-agent-8.0.32567-1.f6b1c35.dbg.x86_64.rpm       jumpserver-offline-installer-v2.28.7-amd64-2.tar.gz  Python-3.6.10
dbackup3-agent-file-8.0.32567-1.f6b1c35.dbg.x86_64.rpm  jum_venv1                                            Python-3.6.10.tgz
root@jumpserver-app-t01:/opt#tar xf jumpserver-offline-installer-v2.28.7-amd64-2.tar.gz
root@jumpserver-app-t01:/opt#ls
cloudinit                                               dbackup3-common-8.0.32567-1.f6b1c35.dbg.x86_64.rpm   jum_venv1      Python-3.6.10.tgz
dbackup3-agent-8.0.32567-1.f6b1c35.dbg.x86_64.rpm       jumpserver-offline-installer-v2.28.7-amd64-2         python3-6-10   scutech
dbackup3-agent-file-8.0.32567-1.f6b1c35.dbg.x86_64.rpm  jumpserver-offline-installer-v2.28.7-amd64-2.tar.gz  Python-3.6.10
root@jumpserver-app-t01:/opt#mv jumpserver-offline-installer-v2.28.7-amd64-2 jumpserver-2.28.7
root@jumpserver-app-t01:/opt#ls
cloudinit                                               dbackup3-common-8.0.32567-1.f6b1c35.dbg.x86_64.rpm   jum_venv1      Python-3.6.10.tgz
dbackup3-agent-8.0.32567-1.f6b1c35.dbg.x86_64.rpm       jumpserver-offline-installer-v2.28.7-amd64-2.tar.gz  python3-6-10   scutech
dbackup3-agent-file-8.0.32567-1.f6b1c35.dbg.x86_64.rpm  jumpserver-2.28.7                                   Python-3.6.10
root@jumpserver-app-t01:/opt#

可选步骤#设置软连接jumpserver为jumpserver-2.28.7

root@jumpserver-app-t01:/opt#ln -s /opt/jumpserver-2.28.7 /opt/jumpserver
root@jumpserver-app-t01:/opt#ll
total 1646964
drwxr-xr-x   5 root root         56 Dec 14  2021 cloudinit
-rw-r--r--.  1 root root    5603341 Dec  8  2021 dbackup3-agent-8.0.32567-1.f6b1c35.dbg.x86_64.rpm
-rw-r--r--.  1 root root     730515 Dec  8  2021 dbackup3-agent-file-8.0.32567-1.f6b1c35.dbg.x86_64.rpm
-rw-r--r--.  1 root root   54865881 Dec  8  2021 dbackup3-common-8.0.32567-1.f6b1c35.dbg.x86_64.rpm
lrwxrwxrwx   1 root root         23 Feb 21 13:57 jumpserver -> /opt/jumpserver-2.28.7
-rw-r--r--   1 root root 1602259773 Feb 21 12:25 jumpserver-offline-installer-v2.28.7-amd64-2.tar.gz
drwxr-xr-x   7 root root        215 Feb  8 16:29 jumpserver-2.28.7
drwxr-xr-x   4 root root         64 Feb 21 10:34 jum_venv1
drwxr-xr-x   6 root root         56 Feb 20 22:18 python3-6-10
drwxr-xr-x  18  501  501       4096 Feb 20 22:18 Python-3.6.10
-rw-r--r--   1 root root   23019480 Dec 19  2019 Python-3.6.10.tgz
drwxr-xr-x.  3 root root         22 Dec  8  2021 scutech
root@jumpserver-app-t01:/opt#

执行rpm包安装脚本

rm -f apps/common/utils/ip/geoip/GeoLite2-City.mmdb apps/common/utils/ip/ipip/ipipfree.ipdb
wget https://download.jumpserver.org/files/ip/GeoLite2-City.mmdb -O apps/common/utils/ip/geoip/GeoLite2-City.mmdb
wget https://download.jumpserver.org/files/ip/ipipfree.ipdb -O apps/common/utils/ip/ipip/ipipfree.ipdb
source requirements/rpm_pkg.sh

可选步骤#3、安装运行jumpserver所需要的模块（由python开发的程序，必须安装该程序使用到的一些模块，才能正确运行）

yum install bash-completion vim lrzsz wget expect net-tools tree nmap nc dos2unix htop iftop itop unzip telnet sl psmisc nethogs glances bc ntpdate openldap-devel
pip3 install --upgrade pip

yum install -y bash-completion vim lrzsz wget expect net-tools nc nmap tree dos2unix htop iftop iotop unzip telnet sl psmisc nethogs glances bc ntpdate  openldap-devel
yum -y install git python-pip  gcc automake autoconf python-devel vim sshpass lrzsz readline-devel  zlib zlib-devel openssl openssl-devel
yum install xmlsec1-openssl xmlsec1-openssl-devel
yum install pkg-config xmlsec1-openssl xmlsec1 libxml2 libxml2-devel xmlsec1-devel xmlsec1-openssl-devel libtool-ltdl-devel

4、在虚拟环境中安装greenlet包：

# 进入虚拟环境
source /opt/py3/bin/activate
# 虚拟环境下安装
pip3 install -U pip setuptools wheel
yum install libffi-devel
pip3 install pyopenssl xmlsec
pip3 install greenlet #可选，若未报错可以不安装greenlet

5、安装Jumpserver自带的环境列表清单

(py3) root@jumpserver-app-t01:/opt/jumpserver-2.28.7#cd /opt/jumpserver-2.28.7
(py3) root@jumpserver-app-t01:/opt/jumpserver-2.28.7#pip3 install -r requirements/requirements.txt
#也可以选用不缓存 --no-cache模式
(py3) root@jumpserver-app-t01:/opt/jumpserver-2.28.7#pip3 install --no-cache -r requirements/requirements.txt

6、查看验证

(py3)[root@server01 /opt/jumpserver-2.28.7]#pip3 list|wc -l
257

复制这个案例config_example.yml文件，成为正式config.yml文件，

cp config_example.yml config.yml

这里先设置一个随机密匙：大家肯定都不一样

下面这段代码，生成服务运行需要的随机密钥，自动创建即可

#内部组件通信，都得加密的随机密钥，为了安全通信。
if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi
if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi
#生成后添加到配置文件里，检查2个随机密钥的值
(py3) [root@jumpserver-t01:/opt/jumpserver#]#tail -2  ~/.bashrc
SECRET_KEY=WRqzELX3kmZ7IYtQllNuSAECWJgNY2iB687EgvWiX4RmEJdYcZ
BOOTSTRAP_TOKEN=JAd0p9VKrz4Y7sJT

拿到随机密匙后，编辑这个配置文件

vim config.yml

把上面的SECRET_KEY和BOOTSTRAP_TOKEN都写入进去，

1、可以调用上面的函数

SECRET_KEY: "$SECRET_KEY"
BOOTSTRAP_TOKEN: "$BOOTSTRAP_TOKEN"
DEBUG: true                   # 开发建议打开 DEBUG, 生产环境应该关闭
LOG_LEVEL: DEBUG              # 开发建议设置 DEBUG, 生产环境推荐使用 ERROR
SESSION_EXPIRE_AT_BROWSER_CLOSE: true  # 浏览器关闭 session 过期
DB_ENGINE: mysql
DB_HOST: 10.0.0.80       # 自行配置 数据库相关
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: **********    #冒号后门要加一个空格，格式才正确
DB_NAME: jumpserver
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
WS_LISTEN_PORT: 8070
REDIS_HOST: 10.0.0.80    # 自行配置 Redis 相关
REDIS_PORT: 6379
REDIS_PASSWORD: ********    #冒号后门要加一个空格，格式才正确

2、也可以直接复制密码。记得冒号后门加个空格，格式才正确

把密码也输入上去，记得冒号后门加个空格，格式才正确

数据库迁移，生成数据表

#处理国际化
rm -f apps/locale/zh/LC_MESSAGES/django.mo apps/locale/zh/LC_MESSAGES/djangojs.mo
python apps/manage.py compilemessages
#数据库迁移
python /opt/jumpserver/apps/manage.py makemigrations
python /opt/jumpserver/apps/manage.py migrate

后台启动Core 加-d

确保是在虚拟环境下启动的

# 后台启动 加-d
cd /opt/jumpserver-2.28.7
./jms start -d
# 检查状态
(py3)[root@server01 /opt/jumpserver-2.28.7]#./jms status
2023-02-10 00:58:32 [common DEBUG] Start subscribe for expire orgs mapping from memory
2023-02-10 00:58:32 [node_assets_mapping DEBUG] Start subscribe for expire node assets id mapping from memory
2023-02-10 00:58:32 [signal_handlers DEBUG] Start subscribe setting change
2023-02-10 00:58:32 [signal_handlers INFO] Init db port mapper
beat is running: 32592.
flower is running: 32613.
daphne is running: 32663.
celery_ansible is running: 32646.
gunicorn is running: 32597.
celery_default is running: 32635.

至此后端部署结束