手记

jumpserver一体化安装

环境

系统: CentOS 7

IP: 192.168.52.132

一、安装部署

参考官方文档http://docs.jumpserver.org/zh/latest/step_by_step.html#windows;如若安装过程中遇到问题,可以参考http://docs.jumpserver.org/zh/docs/faq.html#id1

二、停止或重启jumpserver

按照官方文档部署,不修改端口的话,jumpserver共涉及5个端口的服务:

3306端口的mysql运行 mariadb 服务

8080端口的Jumpserver 运行 jumpserver、redis 服务

2000端口的Coco 运行 coco 服务

8081端口的Guacamole 运行 docker 服务

80端口的Nginx 代理运行 nginx 服务

(一)停止jumpserver



(二)重启jumpserver

1、关闭 selinux 和防火墙

# CentOS 7

$ setenforce 0  # 可以设置配置文件永久关闭

$ systemctl stop iptables.service

$ systemctl stop firewalld.service

# CentOS6

$ setenforce 0

$ service iptables stop

 

2、修改centos7系统字符集

输入locale查看字符集,如已是zh_CN.UTF-8,则直接执行source /etc/locale.conf使其生效;如不是则按下面的方法修改后执行source /etc/locale.conf。

# Centos7

$ localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8

$ export LC_ALL=zh_CN.UTF-8

$ echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf

# Centos6

$ localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8

$ export LC_ALL=zh_CN.UTF-8

$ echo 'LANG="zh_CN.UTF-8"' > /etc/sysconfig/i18n

# Ubuntu

$ apt-get install language-pack-zh-hanscd

$ echo 'LANG="zh_CN.UTF-8"' > /etc/default/locale

 

3、进入python3虚拟环境

执行source /opt/py3/bin/activate进入python3虚拟环境,因为jumpserver是基于python3开发。

 

4、启动redis服务

$ service redis start

 

5、启动mysql服务

# centos7

$ service mariadb start

# centos6

$ service mysqld start

 

6、启动jumpserver

$su  #切换root帐号

$ cd /opt/jumpserver

$ sudo python run_server.py all

运行不报错,如下:

(py3) [Yumi@localhost ~]$ su密码:bash: /opt/autoenv/activate.sh: 没有那个文件或目录(py3) [root@localhost Yumi]# cd /opt/jumpserver(py3) [root@localhost jumpserver]# python run_server.py allMon Jul 16 16:11:07 2018Jumpserver version 1.3.2, more see https://www.jumpserver.org- Start Gunicorn WSGI HTTP ServerCheck database structure change ...2018-07-16 16:11:12 [signals_handler DEBUG] Receive django ready signal2018-07-16 16:11:12 [signals_handler DEBUG]   - fresh all settingsSystem check identified some issues:WARNINGS:?: (mysql.W002) MySQL Strict Mode is not set for database connection 'default' HINT: MySQL's Strict Mode fixes many data integrity problems in MySQL, such as data truncation upon insertion, by escalating warnings into errors. It is strongly recommended you activate it. See: https://docs.djangoproject.com/en/1.11/ref/databases/#mysql-sql-modeOperations to perform:  Apply all migrations: assets, audits, auth, captcha, common, contenttypes, django_celery_beat, ops, perms, sessions, terminal, usersRunning migrations:  No migrations to apply.Collect static files2018-07-16 16:11:19 [signals_handler DEBUG] Receive django ready signal2018-07-16 16:11:19 [signals_handler DEBUG]   - fresh all settings0 static files copied to '/opt/jumpserver/data/static', 325 unmodified.- Start Celery as Distributed Task Queue- Start Beat as Periodic Task Scheduler[2018-07-16 16:11:21 +0800] [7829] [INFO] Starting gunicorn 19.7.1[2018-07-16 16:11:21 +0800] [7829] [INFO] Listening at: http://0.0.0.0:8080 (7829)[2018-07-16 16:11:21 +0800] [7829] [INFO] Using worker: eventlet[2018-07-16 16:11:21 +0800] [7840] [INFO] Booting worker with pid: 7840[2018-07-16 16:11:21 +0800] [7841] [INFO] Booting worker with pid: 7841[2018-07-16 16:11:21 +0800] [7842] [INFO] Booting worker with pid: 7842[2018-07-16 16:11:21 +0800] [7843] [INFO] Booting worker with pid: 7843celery beat v4.1.0 (latentcall) is starting.2018-07-16 16:11:25 [signals_handler DEBUG] Receive django ready signal2018-07-16 16:11:25 [signals_handler DEBUG]   - fresh all settings2018-07-16 16:11:25 [signals_handler DEBUG] Receive django ready signal2018-07-16 16:11:25 [signals_handler DEBUG]   - fresh all settings2018-07-16 16:11:25 [signals_handler DEBUG] Receive django ready signal2018-07-16 16:11:25 [signals_handler DEBUG]   - fresh all settings2018-07-16 16:11:26 [signals_handler DEBUG] Receive django ready signal2018-07-16 16:11:26 [signals_handler DEBUG]   - fresh all settings2018-07-16 16:11:26 [signals_handler DEBUG] Receive django ready signal2018-07-16 16:11:26 [signals_handler DEBUG]   - fresh all settings/opt/py3/lib/python3.6/site-packages/celery/platforms.py:795: RuntimeWarning: You're running the worker with superuser privileges: this isabsolutely not recommended!Please specify a different user using the -u option.User information: uid=0 euid=0 gid=0 egid=0  uid=uid, euid=euid, gid=gid, egid=egid,| Worker: Preparing bootsteps.| Worker: Building graph...| Worker: New boot order: {Beat, Timer, Hub, Pool, Autoscaler, StateDB, Consumer}| Consumer: Preparing bootsteps.| Consumer: Building graph...2018-07-16 16:11:27 [signals_handler DEBUG] Receive django ready signal2018-07-16 16:11:27 [signals_handler DEBUG]   - fresh all settings__    -    ... __   -        _LocalTime -> 2018-07-16 16:11:27Configuration ->    . broker -> redis://127.0.0.1:6379/3    . loader -> celery.loaders.app.AppLoader    . scheduler -> django_celery_beat.schedulers.DatabaseScheduler    . logfile -> [stderr]@%DEBUG    . maxinterval -> 1.00 minute (60.0s)Setting default socket timeout to 30beat: Starting...DatabaseScheduler: initial readWriting entries...DatabaseScheduler: Fetching database schedule| Consumer: New boot order: {Connection, Events, Mingle, Gossip, Tasks, Control, Heart, Agent, event loop}  -------------- celery@localhost.localdomain v4.1.0 (latentcall)---- **** ----- --- * ***  * -- Linux-3.10.0-693.17.1.el7.x86_64-x86_64-with-centos-7.4.1708-Core 2018-07-16 16:11:27-- * - **** --- - ** ---------- [config]- ** ---------- .> app:         jumpserver:0x7f5dec593048- ** ---------- .> transport:   redis://127.0.0.1:6379/3- ** ---------- .> results:     redis://127.0.0.1:6379/3- *** --- * --- .> concurrency: 4 (prefork)-- ******* ---- .> task events: OFF (enable -E to monitor tasks in this worker)--- ***** -----  -------------- [queues]                .> celery           exchange=celery(direct) key=celery                [tasks]  . assets.tasks.push_system_user_to_assets  . assets.tasks.push_system_user_to_assets_manual  . assets.tasks.push_system_user_util  . assets.tasks.set_admin_user_connectability_info  . assets.tasks.set_assets_hardware_info  . assets.tasks.set_system_user_connectablity_info  . assets.tasks.test_admin_user_connectability_manual  . assets.tasks.test_admin_user_connectability_period  . assets.tasks.test_admin_user_connectability_util  . assets.tasks.test_asset_connectability_manual  . assets.tasks.test_asset_connectability_util  . assets.tasks.test_system_user_connectability_manual  . assets.tasks.test_system_user_connectability_period  . assets.tasks.test_system_user_connectability_util  . assets.tasks.update_asset_hardware_info_manual  . assets.tasks.update_assets_hardware_info_period  . assets.tasks.update_assets_hardware_info_util  . celery.accumulate  . celery.backend_cleanup  . celery.chain  . celery.chord  . celery.chord_unlock  . celery.chunks  . celery.group  . celery.map  . celery.starmap  . common.tasks.send_mail_async  . ops.tasks.hello  . ops.tasks.hello_callback  . ops.tasks.run_ansible_task  . terminal.tasks.clean_orphan_session  . terminal.tasks.delete_terminal_status_period  . users.tasks.write_login_log_async| Worker: Starting Hub^-- substep ok| Worker: Starting PoolCurrent schedule:>>>>>>

beat: Ticking with max interval->1.00 minute

beat: Waking up in 1.00 minute.

^-- substep ok

| Worker: Starting Consumer

| Consumer: Starting Connection

Connected to redis://127.0.0.1:6379/3

^-- substep ok

| Consumer: Starting Events

^-- substep ok

| Consumer: Starting Mingle

mingle: searching for neighbors

mingle: all alone

^-- substep ok

| Consumer: Starting Gossip

^-- substep ok

| Consumer: Starting Tasks

^-- substep ok

| Consumer: Starting Control

^-- substep ok

| Consumer: Starting Heart

^-- substep ok

| Consumer: Starting event loop

| Worker: Hub.register Pool...

2018-07-16 16:11:28 [signal_handler DEBUG] App ready signal recv

App ready signal recv

2018-07-16 16:11:28 [signal_handler DEBUG] Start need start task: [assets.tasks.update_assets_hardware_info_period, assets.tasks.test_admin_user_connectability_period, assets.tasks.test_system_user_connectability_period, terminal.tasks.delete_terminal_status_period, terminal.tasks.clean_orphan_session]

Start need start task: [assets.tasks.update_assets_hardware_info_period, assets.tasks.test_admin_user_connectability_period, assets.tasks.test_system_user_connectability_period, terminal.tasks.delete_terminal_status_period, terminal.tasks.clean_orphan_session]

/opt/py3/lib/python3.6/site-packages/celery/fixups/django.py:202: UserWarning: Using settings.DEBUG leads to a memory leak, never use this setting in production environments!  warnings.warn('Using settings.DEBUG leads to a memory leak, never '

celery@localhost.localdomain ready.

basic.qos: prefetch_count->16

Received task: assets.tasks.update_assets_hardware_info_period[23339da8-401b-4da4-b8c8-b6bc32780d3d]

TaskPool: Apply  (args:('assets.tasks.update_assets_hardware_info_period', '23339da8-401b-4da4-b8c8-b6bc32780d3d', {'lang': 'py', 'task': 'assets.tasks.update_assets_hardware_info_period', 'id': '23339da8-401b-4da4-b8c8-b6bc32780d3d', 'eta': None, 'expires': None, 'group': None, 'retries': 0, 'timelimit': [None, None], 'root_id': '23339da8-401b-4da4-b8c8-b6bc32780d3d', 'parent_id': None, 'argsrepr': '()', 'kwargsrepr': '{}', 'origin': 'gen7830@localhost.localdomain', 'reply_to': 'b0487903-2f4b-3cbf-b88c-35fac2e910e3', 'correlation_id': '23339da8-401b-4da4-b8c8-b6bc32780d3d', 'delivery_info': {'exchange': '', 'routing_key': 'celery', 'priority': 0, 'redelivered': None}}, b'\x80\x02)}q\x00}q\x01(X\t\x00\x00\x00callbacksq\x02NX\x08\x00\x00\x00errbacksq\x03NX\x05\x00\x00\x00chainq\x04NX\x05\x00\x00\x00chordq\x05Nu\x87q\x06.', 'application/x-python-serialize', 'binary') kwargs:{})

Received task: assets.tasks.test_admin_user_connectability_period[f5e014c2-308c-492a-a5ac-8682252e476c]

TaskPool: Apply  (args:('assets.tasks.test_admin_user_connectability_period', 'f5e014c2-308c-492a-a5ac-8682252e476c', {'lang': 'py', 'task': 'assets.tasks.test_admin_user_connectability_period', 'id': 'f5e014c2-308c-492a-a5ac-8682252e476c', 'eta': None, 'expires': None, 'group': None, 'retries': 0, 'timelimit': [None, None], 'root_id': 'f5e014c2-308c-492a-a5ac-8682252e476c', 'parent_id': None, 'argsrepr': '()', 'kwargsrepr': '{}', 'origin': 'gen7830@localhost.localdomain', 'reply_to': 'b0487903-2f4b-3cbf-b88c-35fac2e910e3', 'correlation_id': 'f5e014c2-308c-492a-a5ac-8682252e476c', 'delivery_info': {'exchange': '', 'routing_key': 'celery', 'priority': 0, 'redelivered': None}}, b'\x80\x02)}q\x00}q\x01(X\t\x00\x00\x00callbacksq\x02NX\x08\x00\x00\x00errbacksq\x03NX\x05\x00\x00\x00chainq\x04NX\x05\x00\x00\x00chordq\x05Nu\x87q\x06.', 'application/x-python-serialize', 'binary') kwargs:{})

Task accepted: assets.tasks.update_assets_hardware_info_period[23339da8-401b-4da4-b8c8-b6bc32780d3d] pid:7876

Received task: assets.tasks.test_system_user_connectability_period[af40e924-f223-492e-a0d0-2e229bb89c6d]

TaskPool: Apply  (args:('assets.tasks.test_system_user_connectability_period', 'af40e924-f223-492e-a0d0-2e229bb89c6d', {'lang': 'py', 'task': 'assets.tasks.test_system_user_connectability_period', 'id': 'af40e924-f223-492e-a0d0-2e229bb89c6d', 'eta': None, 'expires': None, 'group': None, 'retries': 0, 'timelimit': [None, None], 'root_id': 'af40e924-f223-492e-a0d0-2e229bb89c6d', 'parent_id': None, 'argsrepr': '()', 'kwargsrepr': '{}', 'origin': 'gen7830@localhost.localdomain', 'reply_to': 'b0487903-2f4b-3cbf-b88c-35fac2e910e3', 'correlation_id': 'af40e924-f223-492e-a0d0-2e229bb89c6d', 'delivery_info': {'exchange': '', 'routing_key': 'celery', 'priority': 0, 'redelivered': None}}, b'\x80\x02)}q\x00}q\x01(X\t\x00\x00\x00callbacksq\x02NX\x08\x00\x00\x00errbacksq\x03NX\x05\x00\x00\x00chainq\x04NX\x05\x00\x00\x00chordq\x05Nu\x87q\x06.', 'application/x-python-serialize', 'binary') kwargs:{})

Task accepted: assets.tasks.test_admin_user_connectability_period[f5e014c2-308c-492a-a5ac-8682252e476c] pid:7875

Received task: terminal.tasks.delete_terminal_status_period[638c021d-b493-4197-b91b-efb5a50cda91]

TaskPool: Apply  (args:('terminal.tasks.delete_terminal_status_period', '638c021d-b493-4197-b91b-efb5a50cda91', {'lang': 'py', 'task': 'terminal.tasks.delete_terminal_status_period', 'id': '638c021d-b493-4197-b91b-efb5a50cda91', 'eta': None, 'expires': None, 'group': None, 'retries': 0, 'timelimit': [None, None], 'root_id': '638c021d-b493-4197-b91b-efb5a50cda91', 'parent_id': None, 'argsrepr': '()', 'kwargsrepr': '{}', 'origin': 'gen7830@localhost.localdomain', 'reply_to': 'b0487903-2f4b-3cbf-b88c-35fac2e910e3', 'correlation_id': '638c021d-b493-4197-b91b-efb5a50cda91', 'delivery_info': {'exchange': '', 'routing_key': 'celery', 'priority': 0, 'redelivered': None}}, b'\x80\x02)}q\x00}q\x01(X\t\x00\x00\x00callbacksq\x02NX\x08\x00\x00\x00errbacksq\x03NX\x05\x00\x00\x00chainq\x04NX\x05\x00\x00\x00chordq\x05Nu\x87q\x06.', 'application/x-python-serialize', 'binary') kwargs:{})

Task accepted: terminal.tasks.delete_terminal_status_period[638c021d-b493-4197-b91b-efb5a50cda91] pid:7878

Task accepted: assets.tasks.test_system_user_connectability_period[af40e924-f223-492e-a0d0-2e229bb89c6d] pid:7877

Received task: terminal.tasks.clean_orphan_session[bd10c760-6a61-4a53-bdb9-d83e07f0e9f8]

2018-07-16 16:11:29 [tasks DEBUG]

Period task disabled, update assets hardware info passPeriod task disabled, update assets hardware info pass

Task assets.tasks.update_assets_hardware_info_period[23339da8-401b-4da4-b8c8-b6bc32780d3d] succeeded in 0.16604587599977094s: None

2018-07-16 16:11:29 [tasks DEBUG]

Period task disabled, test admin user connectability passPeriod task disabled, test admin user connectability pass

Task assets.tasks.test_admin_user_connectability_period[f5e014c2-308c-492a-a5ac-8682252e476c] succeeded in 0.1722457489995577s: None

TaskPool: Apply  (args:('terminal.tasks.clean_orphan_session', 'bd10c760-6a61-4a53-bdb9-d83e07f0e9f8', {'lang': 'py', 'task': 'terminal.tasks.clean_orphan_session', 'id': 'bd10c760-6a61-4a53-bdb9-d83e07f0e9f8', 'eta': None, 'expires': None, 'group': None, 'retries': 0, 'timelimit': [None, None], 'root_id': 'bd10c760-6a61-4a53-bdb9-d83e07f0e9f8', 'parent_id': None, 'argsrepr': '()', 'kwargsrepr': '{}', 'origin': 'gen7830@localhost.localdomain', 'reply_to': 'b0487903-2f4b-3cbf-b88c-35fac2e910e3', 'correlation_id': 'bd10c760-6a61-4a53-bdb9-d83e07f0e9f8', 'delivery_info': {'exchange': '', 'routing_key': 'celery', 'priority': 0, 'redelivered': None}}, b'\x80\x02)}q\x00}q\x01(X\t\x00\x00\x00callbacksq\x02NX\x08\x00\x00\x00errbacksq\x03NX\x05\x00\x00\x00chainq\x04NX\x05\x00\x00\x00chordq\x05Nu\x87q\x06.', 'application/x-python-serialize', 'binary') kwargs:{})

2018-07-16 16:11:29 [tasks DEBUG]

Period task disabled, test system user connectability passPeriod task disabled, test system user connectability pass

Task accepted: terminal.tasks.clean_orphan_session[bd10c760-6a61-4a53-bdb9-d83e07f0e9f8] pid:7875

Task assets.tasks.test_system_user_connectability_period[af40e924-f223-492e-a0d0-2e229bb89c6d] succeeded in 0.19505135899999004s: None

Task terminal.tasks.delete_terminal_status_period[638c021d-b493-4197-b91b-efb5a50cda91] succeeded in 0.23844207900037873s: None

Task terminal.tasks.clean_orphan_session[bd10c760-6a61-4a53-bdb9-d83e07f0e9f8] succeeded in 0.131365131000166s: None

beat: Synchronizing schedule...

Writing entries...

beat: Waking up in 1.00 minute.

请浏览器访问http://192.168.244.144:8080/(这里只是 Jumpserver, 没有 Web Terminal,所以访问 Web Terminal 会报错)

账号: admin 密码: admin

 

7、运行coco

新建终端,别忘了source /opt/py3/bin/activate

$ cd /opt/coco

$ python run_server.py

 

新建终端测试连接,

$ ssh -p2222 admin@192.168.244.144

# 密码: admin

# 如果是用在 Windows 下,Xshell Terminal 登录语法如下

$ssh admin@192.168.244.144 2222

# 密码: admin

# 如果能登陆代表部署成功

 

8、启动 guacamole

# 注意:这里一定要改写一下本机的IP地址, 否则会出错

docker run --name jms_guacamole -d \   -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \   -e JUMPSERVER_KEY_DIR=/config/guacamole/key \   -e JUMPSERVER_SERVER=http://192.168.52.132:8080 \   registry.jumpserver.org/public/guacamole:latest

1)如若报错容器名已被占用,The container name "/jms_guacamole" is already in use by container...执行以下命令删除并停止已有的容器后,再次执行上述命令:

docker kill $(docker ps -q); docker rm $(docker ps -a -q)

 

2)如若报错网络故障,

/usr/bin/docker-current: Error response from daemon: driver failed programming external connectivity on endpoint xxxx (4509dc5c1fe2ad23848f6098edb0f6df694c001179ea4c8fa866335eb5f4f11f): iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 3247 -j DNAT --to-destination 172.17.0.2:3306 ! -i docker0: iptables: No chain/target/match by that name.

 

解决办法:

$ pkill docker                         #终止进程

$ iptables -t nat -F                 #清空nat表的所有链

$ ifconfig docker0 down        #停止docker默认网桥

$ brctl delbr docker0             #删除网桥

$ systmctl restart docker       #重启docker

 

验证,浏览器打开http://192.168.52.132:8081/,能看到如下界面:

 

9、启动Nginx

$ nginx -t

$ service nginx start



作者:_小徐老师
链接:https://www.jianshu.com/p/979d0bffb656


0人推荐
随时随地看视频
慕课网APP