云計算畢業(yè)設(shè)計論文：jumpserver安裝文檔

每年進(jìn)入3-4月所有的高等院校開始了一年一度的畢業(yè)生答辯準(zhǔn)備階段，現(xiàn)如今畢業(yè)論文或者畢業(yè)設(shè)計也更加的貼近了互聯(lián)發(fā)展的趨勢，很多學(xué)校開始做最熱話題云計算openstack架構(gòu)的實現(xiàn)以及云計算環(huán)境搭建，先不說這個畢業(yè)設(shè)計的切入點是否正確，就說選擇該題目后你如何下手？下面給大家分享千鋒講師給學(xué)員準(zhǔn)備的 云計算畢業(yè)設(shè)計論文內(nèi)容：關(guān)于jumpserver安裝文檔。

?步?步安裝 (CentOS)

本?檔旨在幫助?戶了解各組件之間的關(guān)系, ?產(chǎn)環(huán)境部署建議參考 進(jìn)階安裝?

檔

云服務(wù)器快速部署參考 極速安裝

安裝過程中遇到問題可參考 安裝過程中常?的問題

測試推薦環(huán)境

CPU: 64位雙核處理器

內(nèi)存: 4G DDR3

數(shù)據(jù)庫：mysql 版本?于等于 5.6 mariadb 版本?于等于 5.5.6

環(huán)境

系統(tǒng): CentOS 7

IP: 192.168.244.144

設(shè)置 selinux 和防?墻

$ fifirewall-cmd --zone=public --add-port=80/tcp --permanent # nginx 端?

$ fifirewall-cmd --zone=public --add-port=2222/tcp --permanent # ?戶SSH登錄

端? coco

$ fifirewall-cmd --reload # 重新載?規(guī)則

$ setenforce 0

$ sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/confifig

?. 準(zhǔn)備 Python3 和 Python 虛擬環(huán)境

1.1 安裝依賴包

$ yum -y install wget gcc epel-release git

1.2 安裝 Python3.6

$ yum -y install python36 python36-devel

# 如果下載速度很慢, 可以換國內(nèi)源

$ wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

$ yum -y install python36 python36-devel

1.3 建? Python 虛擬環(huán)境

因為 CentOS 7 ?帶的是 Python2, ? Yum 等?具依賴原來的 Python, 為了不擾

亂原來的環(huán)境我們來使? Python 虛擬環(huán)境$ cd /opt

$ python3.6 -m venv py3

$ source /opt/py3/bin/activate

# 看到下?的提示符代表成功, 以后運? Jumpserver 都要先運?以上 source 命

令, 以下所有命令均在該虛擬環(huán)境中運?

(py3) [root@localhost py3]

?. 安裝 Jumpserver

2.1 下載或 Clone 項?

項?提交較多 git clone 時較?, 你可以選擇去 Github 項???直接下載zip包。

$ cd /opt/

$ git clone --depth=1 https://github.com/jumpserver/jumpserver.git

2.2 安裝依賴 RPM 包

$ cd /opt/jumpserver/requirements

$ yum -y install $(cat rpm_requirements.txt) # 如果沒有任何報錯請繼續(xù)

2.3 安裝 Python 庫依賴

$ pip install --upgrade pip setuptools

$ pip install -r requirements.txt

# 如果下載速度很慢, 可以換國內(nèi)源

$ pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/

$ pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/

2.4 安裝 Redis, Jumpserver 使? Redis 做 cache 和 celery broke

$ yum -y install redis

$ systemctl enable redis

$ systemctl start redis

2.5 安裝 MySQL

本教程使? Mysql 作為數(shù)據(jù)庫, 如果不使? Mysql 可以跳過相關(guān) Mysql 安裝和配

置

$ yum -y install mariadb mariadb-devel mariadb-server mariadb-shared #

centos7下安裝的是mariadb

$ systemctl enable mariadb

$ systemctl start mariadb

2.6 創(chuàng)建數(shù)據(jù)庫 Jumpserver 并授權(quán)$ DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24` # ?成隨

機數(shù)據(jù)庫密碼

$ echo -e "\033[31m 你的數(shù)據(jù)庫密碼是 $DB_PASSWORD \033[0m"

$ mysql -uroot -e "create database jumpserver default charset 'utf8'; grant all on

jumpserver.* to 'jumpserver'@'127.0.0.1' identifified by '$DB_PASSWORD'; flflush

privileges;"

2.7 修改 Jumpserver 配置?件

$ cd /opt/jumpserver

$ cp confifig_example.yml confifig.yml

$ SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` # ?成隨機

SECRET_KEY

$ echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc

$ BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16` #

?成隨機BOOTSTRAP_TOKEN

$ echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc

$ sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/

confifig.yml

$ sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN:

$BOOTSTRAP_TOKEN/g" /opt/jumpserver/confifig.yml

$ sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/confifig.yml

$ sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/

confifig.yml

$ sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/

SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/

confifig.yml

$ sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/

jumpserver/confifig.yml

$ echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"

$ echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN

\033[0m"

$ vi confifig.yml # 確認(rèn)內(nèi)容有沒有錯誤

# SECURITY WARNING: keep the secret key used in production secret!

# 加密秘鑰 ?產(chǎn)環(huán)境中請修改為隨機字符串, 請勿外泄

SECRET_KEY:

# SECURITY WARNING: keep the bootstrap token used in production secret!

# 預(yù)共享Token coco和guacamole?來注冊服務(wù)賬號, 不在使?原來的注冊接受機制

BOOTSTRAP_TOKEN:

# Development env open this, when error occur display the full process track,

Production disable it

# DEBUG 模式 開啟DEBUG后遇到錯誤時可以看到更多?志

DEBUG: false

# DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://

docs.djangoproject.com/en/1.10/topics/logging/

# ?志級別

LOG_LEVEL: ERROR

# LOG_DIR:

# Session expiration setting, Default 24 hour, Also set expired on on browser

close

# 瀏覽器Session過期時間, 默認(rèn)24?時, 也可以設(shè)置瀏覽器關(guān)閉則過期

# SESSION_COOKIE_AGE: 86400

SESSION_EXPIRE_AT_BROWSER_CLOSE: true

# Database setting, Support sqlite3, mysql, postgres ....

# 數(shù)據(jù)庫設(shè)置

# See https://docs.djangoproject.com/en/1.10/ref/settings/#databases

# SQLite setting:

# 使?單?件sqlite數(shù)據(jù)庫

# DB_ENGINE: sqlite3

# DB_NAME:

# MySQL or postgres setting like:

# 使?Mysql作為數(shù)據(jù)庫

DB_ENGINE: mysql

DB_HOST: 127.0.0.1

DB_PORT: 3306

DB_USER: jumpserver

DB_PASSWORD:

DB_NAME: jumpserver

# When Django start it will bind this host and port

# ./manage.py runserver 127.0.0.1:8080

# 運?時綁定端?

HTTP_BIND_HOST: 0.0.0.0HTTP_LISTEN_PORT: 8080

# Use Redis as broker for celery and web socket

# Redis配置

REDIS_HOST: 127.0.0.1

REDIS_PORT: 6379

# REDIS_PASSWORD:

# REDIS_DB_CELERY: 3

# REDIS_DB_CACHE: 4

# Use OpenID authorization

# 使?OpenID 來進(jìn)?認(rèn)證設(shè)置

# BASE_SITE_URL: http://localhost:8080

# AUTH_OPENID: false # True or False

# AUTH_OPENID_SERVER_URL: https://openid-auth-server.com/

# AUTH_OPENID_REALM_NAME: realm-name

# AUTH_OPENID_CLIENT_ID: client-id

# AUTH_OPENID_CLIENT_SECRET: client-secret

# OTP settings

# OTP/MFA 配置

# OTP_VALID_WINDOW: 0

# OTP_ISSUER_NAME: Jumpserver

2.8 運? Jumpserver

$ cd /opt/jumpserver

$ ./jms start all -d # 后臺運?使? -d 參數(shù)./jms start all -d

# 新版本更新了運?腳本, 使??式./jms start|stop|status all 后臺運?請?zhí)砑?-d

參數(shù)

運?不報錯, 請繼續(xù)往下操作

三. 安裝 SSH Server 和 WebSocket Server: Coco

3.1 下載或 Clone 項?

$ cd /opt

$ source /opt/py3/bin/activate

$ git clone --depth=1 https://github.com/jumpserver/coco.git

3.2 安裝依賴

$ cd /opt/coco/requirements

$ yum -y install $(cat rpm_requirements.txt)$ pip install -r requirements.txt

# 如果下載速度很慢, 可以換國內(nèi)源

$ pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/

3.3 修改配置?件并運?

$ cd /opt/coco

$ cp confifig_example.yml confifig.yml

$ sed -i "s/BOOTSTRAP_TOKEN: <PleasgeChangeSameWithJumpserver>/

BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/coco/confifig.yml

$ sed -i "s/# LOG_LEVEL: INFO/LOG_LEVEL: ERROR/g" /opt/coco/confifig.yml

$ vi confifig.yml

# 項?名稱, 會?來向Jumpserver注冊, 識別?已, 不能重復(fù)

# NAME: {{ Hostname }}

# Jumpserver項?的url, api請求注冊會使?

CORE_HOST: http://127.0.0.1:8080

# Bootstrap Token, 預(yù)共享秘鑰, ?來注冊coco使?的service account和terminal

# 請和jumpserver 配置?件中保持?致, 注冊完成后可以刪除

BOOTSTRAP_TOKEN: <PleasgeChangeSameWithJumpserver>

# 啟動時綁定的ip, 默認(rèn) 0.0.0.0

# BIND_HOST: 0.0.0.0

# 監(jiān)聽的SSH端?號, 默認(rèn)2222

# SSHD_PORT: 2222

# 監(jiān)聽的HTTP/WS端?號, 默認(rèn)5000

# HTTPD_PORT: 5000

# 項?使?的ACCESS KEY, 默認(rèn)會注冊, 并保存到 ACCESS_KEY_STORE中,

# 如果有需求, 可以寫到配置?件中, 格式 access_key_id:access_key_secret

# ACCESS_KEY: null

# ACCESS KEY 保存的地址, 默認(rèn)注冊后會保存到該?件中

# ACCESS_KEY_STORE: data/keys/.access_key

# 加密密鑰

# SECRET_KEY: null# 設(shè)置?志級別 [DEBUG, INFO, WARN, ERROR, FATAL, CRITICAL]

LOG_LEVEL: ERROR

# ?志存放的?錄

# LOG_DIR: logs

# SSH?名單

# ALLOW_SSH_USER: all

# SSH?名單, 如果?戶同時在?名單和?名單, ?名單優(yōu)先?效

# BLOCK_SSH_USER:

# -

# 和Jumpserver 保持?跳時間間隔

# HEARTBEAT_INTERVAL: 5

# Admin的名字, 出問題會提示給?戶

# ADMINS: ''

# SSH連接超時時間 (default 15 seconds)

# SSH_TIMEOUT: 15

# 語? [en, zh]

# LANGUAGE_CODE: zh

# SFTP的根?錄, 可選 /tmp, Home其他?定義?錄

# SFTP_ROOT: /tmp

# SFTP是否顯示隱藏?件

# SFTP_SHOW_HIDDEN_FILE: false

# 是否復(fù)?和?戶后端資產(chǎn)已建?的連接(?戶不會復(fù)?其他?戶的連接)

# REUSE_CONNECTION: true

$ ./cocod start -d # 后臺運?使? -d 參數(shù)./cocod start -d

# 新版本更新了運?腳本, 使??式./cocod start|stop|status 后臺運?請?zhí)砑?-d

參數(shù)

四. 安裝 Web Terminal 前端: Luna

Luna 已改為純前端, 需要 Nginx 來運?訪問訪問(https://github.com/jumpserver/luna/releases)下載對應(yīng)版本的 release 包, 直

接解壓不需要編譯

4.1 解壓 Luna

$ cd /opt

$ wget https://github.com/jumpserver/luna/releases/download/1.5.0/luna.tar.gz

# 如果?絡(luò)有問題導(dǎo)致下載?法完成可以使?下?地址

$ wget https://demo.jumpserver.org/download/luna/1.5.0/luna.tar.gz

$ tar xf luna.tar.gz

$ chown -R root:root luna

五. 安裝 Windows ?持組件(如果不需要管理 windows 資產(chǎn), 可以直接跳過這?

步)

5.1 安裝依賴

$ rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro

$ rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop

release-0-5.el7.nux.noarch.rpm

$ yum -y localinstall --nogpgcheck https://download1.rpmfusion.org/free/el/

rpmfusion-free-release-7.noarch.rpm https://download1.rpmfusion.org/nonfree/

el/rpmfusion-nonfree-release-7.noarch.rpm

$ yum install -y java-1.8.0-openjdk libtool

$ yum install -y cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel

$ yum install -y ffmpeg-devel freerdp-devel freerdp-plugins pango-devel libssh3-

devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel

libvorbis-devel libwebp-devel ghostscript

5.2 編譯安裝 guacamole 服務(wù)

$ cd /opt

$ git clone --depth=1 https://github.com/jumpserver/docker-guacamole.git

$ cd /opt/docker-guacamole/

$ tar -xf guacamole-server-0.9.14.tar.gz

$ cd guacamole-server-0.9.14

$ autoreconf -fifi

$ ./confifigure --with-init-dir=/etc/init.d

$ make && make install

$ ln -s /usr/local/lib/freerdp/*.so /usr/lib64/freerdp/

$ cd ..

$ rm -rf guacamole-server-0.9.14$ ldconfifig

5.3 配置 Tomcat

$ mkdir -p /confifig/guacamole /confifig/guacamole/lib /confifig/guacamole/

extensions # 創(chuàng)建 guacamole ?錄

$ ln -sf /opt/docker-guacamole/guacamole-auth-jumpserver-0.9.14.jar /confifig/

guacamole/extensions/guacamole-auth-jumpserver-0.9.14.jar

$ ln -sf /opt/docker-guacamole/root/app/guacamole/guacamole.properties /

confifig/guacamole/guacamole.properties # guacamole 配置?件

$ cd /confifig

$ wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-8/v8.5.40/bin/

apache-tomcat-8.5.40.tar.gz

$ tar xf apache-tomcat-8.5.40.tar.gz

$ rm -rf apache-tomcat-8.5.40.tar.gz

$ mv apache-tomcat-8.5.40 tomcat8

$ rm -rf /confifig/tomcat8/webapps/*

$ ln -sf /opt/docker-guacamole/guacamole-0.9.14.war /confifig/tomcat8/webapps/

ROOT.war # guacamole client

$ sed -i 's/Connector port="8080"/Connector port="8081"/g' /confifig/tomcat8/

conf/server.xml # 修改默認(rèn)端?為 8081

$ sed -i 's/FINE/WARNING/g' /confifig/tomcat8/conf/logging.properties # 修改 log

等級為 WARNING

$ cd /confifig

$ wget https://github.com/ibuler/ssh-forward/releases/download/v0.0.5/linux

amd64.tar.gz

# 如果?絡(luò)有問題導(dǎo)致下載?法完成可以使?下?地址

$ wget https://demo.jumpserver.org/download/ssh-forward/v0.0.5/linux

amd64.tar.gz

$ tar xf linux-amd64.tar.gz -C /bin/

$ chmod +x /bin/ssh-forward

5.4 配置環(huán)境變量

# 勿多次執(zhí)?以下環(huán)境設(shè)置

$ export JUMPSERVER_SERVER=http://127.0.0.1:8080 # http://

127.0.0.1:8080 指 jumpserver 訪問地址

$ echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc

# BOOTSTRAP_TOKEN 為 Jumpserver/confifig.yml ??的BOOTSTRAP_TOKEN

$ export BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN

$ echo "export BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc

$ export JUMPSERVER_KEY_DIR=/confifig/guacamole/keys

$ echo "export JUMPSERVER_KEY_DIR=/confifig/guacamole/keys" >>

~/.bashrc

$ export GUACAMOLE_HOME=/confifig/guacamole

$ echo "export GUACAMOLE_HOME=/confifig/guacamole" >> ~/.bashrc

5.5 啟動 Guacamole

$ /etc/init.d/guacd start

$ sh /confifig/tomcat8/bin/startup.sh

六. 配置 Nginx 整合各組件

6.1 安裝 Nginx

$ yum install yum-utils

$ vi /etc/yum.repos.d/nginx.repo

[nginx-stable]

name=nginx stable repo

baseurl=http://nginx.org/packages/centos/$releasever/$basearch/

gpgcheck=1

enabled=1

gpgkey=https://nginx.org/keys/nginx_signing.key

$ yum makecache fast

$ yum install -y nginx

$ rm -rf /etc/nginx/conf.d/default.conf

$ systemctl enable nginx

6.3 準(zhǔn)備配置?件 修改 /etc/nginx/conf.d/jumpserver.conf

$ vi /etc/nginx/conf.d/jumpserver.conf

server {

listen 80; # 代理端?, 以后將通過此端?進(jìn)?訪問, 不再通過8080端?

# server_name demo.jumpserver.org; # 修改成你的域名或者注釋掉

client_max_body_size 100m; # 錄像及?件上傳??限制

location /luna/ {

try_fifiles $uri / /index.html;

alias /opt/luna/; # luna 路徑, 如果修改安裝?錄, 此處需要修改 }

location /media/ {

add_header Content-Encoding gzip;

root /opt/jumpserver/data/; # 錄像位置, 如果修改安裝?錄, 此處需要修改

}

location /static/ {

root /opt/jumpserver/data/; # 靜態(tài)資源, 如果修改安裝?錄, 此處需要修改

}

location /socket.io/ {

proxy_pass http://localhost:5000/socket.io/; # 如果coco安裝在別的服

務(wù)器, 請?zhí)顚懰膇p

proxy_buffering off;

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection "upgrade";

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

access_log off;

}

location /coco/ {

proxy_pass http://localhost:5000/coco/; # 如果coco安裝在別的服務(wù)器,

請?zhí)顚懰膇p

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

access_log off;

}

location /guacamole/ {

proxy_pass http://localhost:8081/; # 如果guacamole安裝在別的服務(wù)器,

請?zhí)顚懰膇p

proxy_buffering off;

proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;

proxy_set_header Connection $http_connection;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

access_log off;

}

location / {

proxy_pass http://localhost:8080; # 如果jumpserver安裝在別的服務(wù)器, 請

填寫它的ip

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header Host $host;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

}

}

6.3 運? Nginx

nginx -t # 確保配置沒有問題, 有問題請先解決

# CentOS 7

$ systemctl start nginx

$ systemctl enable nginx

6.4 開始使? Jumpserver

檢查應(yīng)?是否已經(jīng)正常運?

服務(wù)全部啟動后, 訪問 http://192.168.244.144, 訪問nginx代理的端?, 不要再通過

8080端?訪問

默認(rèn)賬號: admin 密碼: admin

到Jumpserver 會話管理-終端管理 檢查 Coco Guacamole 等應(yīng)?的注冊。

測試連接

如果登錄客戶端是 macOS 或 Linux, 登錄語法如下

$ ssh -p2222 admin@192.168.244.144

$ sftp -P2222 admin@192.168.244.144

密碼: admin

如果登錄客戶端是 Windows, Xshell Terminal 登錄語法如下

$ ssh admin@192.168.244.144 2222

$ sftp admin@192.168.244.144 2222

密碼: admin如果能登陸代表部署成功

# sftp默認(rèn)上傳的位置在資產(chǎn)的 /tmp ?錄下

# windows拖拽上傳的位置在資產(chǎn)的 Guacamole RDP上的 G ?錄下

后續(xù)的使?請參考 快速?? 如遇到問題可參考 FAQ