当前位置: 首页>后端>正文

Jumpserver 源码部署

Jumpserver源码手动部署

1. 环境说明

1.1 架构图
<img src="clip_1.png" alt="clip_1.png" title="clip_1.png" width="627" />
1.2 环境要求
<img src="clip.png" alt="clip.png" title="clip.png" />

2. 前置环境部署

2.1 内核升级

yum -y update
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-3.el7.elrepo.noarch.rpm
yum --enablerepo=elrepo-kernel install kernel-ml
awk -F\' '=="menuentry " {print i++ " : " }' /etc/grub2.cfg
grub2-set-default 0
reboot
uname -r

2.2 mysql安装

wget https://dev.mysql.com/get/mysql57-community-release-el7-8.noarch.rpm
rpm -ivh mysql57-community-release-el7-8.noarch.rpm
cd /etc/yum.repos.d/
rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
yum -y install mysql-server
systemctl start mysqld
grep 'temporary password' /var/log/mysqld.log
mysql -uroot -p'Vm;?u/-Vs3-V'

set password for 'root'@'localhost'=password('0018

2.3 python3.9安装

18bB'); grant all privileges on *.* to 'root' identified by '0018yum install openssl openssl-devel -y #后续启动虚拟环境所需要的依赖 yum install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gcc make cd /home/service wget http://npm.taobao.org/mirrors/python/3.9.18/Python-3.9.18.tar.xz xz -d Python-3.9.18.tar.xz tar -xf Python-3.9.18.tar cd Python-3.9.18 ./configure prefix=/usr/local/python3 make && make install mv /usr/bin/python /usr/bin/python.bak ln -s /usr/local/python3/bin/python3.9 /usr/bin/python #更改yum配置,因为其要用到python2才能执行,否则会导致yum不能正常使用 vi /usr/bin/yum 把#! /usr/bin/python修改为#! /usr/bin/python2 vi /usr/libexec/urlgrabber-ext-down 把#! /usr/bin/python 修改为#! /usr/bin/python2 18bB' with grant option; flush privileges; #创建 jumpserver数据库并配置用户 create database jumpserver default charset 'utf8' collate 'utf8_bin'; create user 'jumpserver'@'%' IDENTIFIED BY '0018

2.4 部署redis

18bB'; flush privileges;
yum install -y gcc wget http://download.redis.io/releases/redis-6.2.5.tar.gz tar -zxvf redis-6.2.5.tar.gz make make install PREFIX=/usr/local/redis cd /usr/local/redis/bin/ cp /usr/local/redis-6.2.5/redis.conf /usr/local/redis/bin/ #修改 redis.conf 文件,把 daemonize no 改为 daemonize yes ./redis-server redis.conf #开机自启 vi /etc/systemd/system/redis.service [Unit] Description=redis-server After=network.target [Service] Type=forking ExecStart=/usr/local/redis/bin/redis-server /usr/local/redis/bin/redis.conf PrivateTmp=true [Install] WantedBy=multi-user.target #restart redis systemctl daemon-reload systemctl start redis.service systemctl enable redis.service #1开放外部访问 vi /etc/redis.conf bind 0.0.0.0 #防火墙开放6379端口 firewall-cmd --zone=public --add-port=6379/tcp --permanent firewall-cmd --reload redis auth "123456" #查看密码 config get requirepass #目录: /usr/local/redis/bin/ #服务与配置文件目录相同

2.5golang部署

cd /home/services wget https://golang.google.cn/dl/go1.18.7.linux-amd64.tar.gz tar -xf go1.18.7.linux-amd64.tar.gz -C /usr/local/ chown -R root:root /usr/local/go export PATH=/usr/local/go/bin:$PATH echo 'export PATH=/usr/local/go/bin:$PATH' >> ~/.bashrc go version

3. 部署环境

3.1 Core部署


#更改pip3源
mkdir /root/.pip
touch /root/.pip/pip.conf
vim /root/.pip/pip.conf
[global]
index-url = https://mirrors.aliyun.com/pypi/simple/

#Python3.9虚拟环境配置
pip3 install virtualenv 
python -m venv /opt/2py3 #python为3.9版本
source /opt/py3/bin/activate
cp config_example.yml config.yml
if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` ; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi#生成SECRET_KEY密钥

if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi#TOKEN密钥生成
vim config.yml 
修改端口,密钥,填写redis以及mysql信息
  SECRET_KEY: 3u9Gt3kMSd7mZE5DXZjAqg0431QyQSqzoHBGDrCNku4iUJnK06
  BOOTSTRAP_TOKEN: A1RQbiRo5jD6H8HA
  LOG_LEVEL: ERROR
  SESSION_EXPIRE_AT_BROWSER_CLOSE: true
  DB_ENGINE: mysql
  DB_HOST: 127.0.0.1
  DB_PORT: 3306
  DB_USER: jumpserver
  DB_PASSWORD: 0018

3.2 Lina部署

18bB DB_NAME: jumpserver HTTP_BIND_HOST: 127.0.0.1 HTTP_LISTEN_PORT: 8080 WS_LISTEN_PORT: 8070 REDIS_HOST: 127.0.0.1 REDIS_PORT: 6379 REDIS_PASSWORD: 0018#获取lina cd /home/services wget -O /home/services/lina-v3.6.4.tar.gz https://github.com/jumpserver/lina/archive/refs/tags/v3.6.4.tar.gz tar -xf lina-v3.6.4.tar.gz -C /home/services/lina-v3.6.4 --strip-components 1 #安装node tar -xf node-v18.17.1-linux-x64.tar.xz mv node-v18.17.1 /usr/local/node chown -R root:root /usr/local/node export PATH=/usr/local/node/bin:$PATH echo 'export PATH=/usr/local/node/bin:$PATH' >> ~/.bashrc node -v #安装依赖 cd /home/services/lina-v3.6.4 npm install -g yarn yarn install sed -i "s@Version <strong>.*</strong>@Version <strong>v3.6.4</strong>@g" src/layout/components/Footer/index.vue mv .env.development.example .env.development vim .env.development SECRET_KEY: 3u9Gt3kMSd7mZE5DXZjAqg0431QyQSqzoHBGDrCNku4iUJnK06 BOOTSTRAP_TOKEN: A1RQbiRo5jD6H8HA LOG_LEVEL: ERROR SESSION_EXPIRE_AT_BROWSER_CLOSE: true DB_ENGINE: mysql DB_HOST: 127.0.0.1 DB_PORT: 3306 DB_USER: jumpserver DB_PASSWORD: 0018

3.3 Luna部署

18bB DB_NAME: jumpserver HTTP_BIND_HOST: 127.0.0.1 HTTP_LISTEN_PORT: 8080 WS_LISTEN_PORT: 8070 REDIS_HOST: 127.0.0.1 REDIS_PORT: 6379 REDIS_PASSWORD: 0018cd /home/services wget https://github.com/jumpserver/luna/archive/refs/tags/v3.6.4.tar.gz tar -xf luna-v3.6.4.tar.gz -C /home/service/luna-v3.6.4 --strip-components 1 cd luna-v3.6.4 sed -i "s@[0-9].[0-9].[0-9]@v3.6.4@g" src/environments/environment.prod.ts vi proxy.conf.json { "/koko": { "target": "http://localhost:5000", # KoKo 地址 "secure": false, "ws": true }, "/media/": { "target": "http://localhost:8080", # Core 地址 "secure": false, "changeOrigin": true }, "/api/": { "target": "http://localhost:8080", # Core 地址 "secure": false, # https ssl 需要开启 "changeOrigin": true }, "/core": { "target": "http://localhost:8080", # Core 地址 "secure": false, "changeOrigin": true }, "/static": { "target": "http://localhost:8080", # Core 地址 "secure": false, "changeOrigin": true }, "/lion": { "target": "http://localhost:9529", # Lion 地址 "secure": false, "pathRewrite": { "^/lion/monitor": "/monitor" }, "ws": true, "changeOrigin": true }, "/omnidb": { "target": "http://localhost:8082", "secure": false, "ws": true, "changeOrigin": true } } ./node_modules/.bin/ng serve yarn build cp -R src/assets/i18n luna/ cp -rf luna luna-v3.6.4 tar -czf luna-v3.6.4.tar.gz luna-v3.6.4 18bB [root@Jumpserver ~]# cat /home/services/lina-v3.6.4/.env.development | grep -v "#" | grep -v "^$" ENV = 'development' VUE_APP_BASE_API = '' VUE_APP_PUBLIC_PATH = '/ui/' VUE_CLI_BABEL_TRANSPILE_MODULES = true VUE_APP_LOGIN_PATH = '/core/auth/login/' VUE_APP_LOGOUT_PATH = '/core/auth/logout/' VUE_APP_CORE_HOST = 'http://localhost:8080' VUE_APP_CORE_WS = 'ws://localhost:8070' VUE_APP_ENV = 'development' yarn serve yarn build cp -rf lina lina-v3.6.4 tar -czf lina-v3.6.4.tar.gz lina-v3.6.4
18bB #依赖安装 sudo yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel gcc libffi-devel yum -y install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gdbm-devel db4-devel libpcap-devel xz-devel gcc libffi-devel pip install --upgrade pip pip install nes-py --no-cache-dir pip install --upgrade pip setuptools wheel pip install cryptography==38.0.4 channels_redis drf_writable_nested djangorestframework-bulk phonenumbers httpsig unicodecsv pyzipper pip install openpyxl==3.0.10 pyexcel pip install -r requirement.txt #数据库迁移 cd /home/services unzip jumpserver-3.6.4.zip cd jumpserver-3.6.4/ rm -f apps/common/utils/ip/geoip/GeoLite2-City.mmdb apps/common/utils/ip/ipip/ipipfree.ipdb python /home/services/jumpserver-3.6.4/apps/manage.py makemigrations python /home/services/jumpserver-3.6.4/apps/manage.py migrate #启动core服务(待配置完成niginx反向代理放可以进行web访问) ./jms start -d

3.4 Koko部署

#获取koko安装包 wget https://github.com/jumpserver/koko/archive/refs/tags/v3.6.4.tar.gz cd /home/services tar -xf koko-v3.6.4.tar.gz --strip-components 1 #安装client依赖 wget http://download.jumpserver.org/public/kubectl_aliases.tar.gz -O kubectl_aliases.tar.gz tar -xf kubectl_aliases.tar.gz -C /home/services/kubectl-aliases cd /home/services/koko-v3.6.4 make cp build/koko-v3.6.4-linux-amd64.tar.gz /home/service cp config_example.yml config.yml vi config.yml CORE_HOST: http://127.0.0.1:8080 BOOTSTRAP_TOKEN: A1RQbiRo5jD6H8HA REDIS_HOST: 127.0.0.1 REDIS_PORT: 6379 REDIS_PASSWORD: 0018

3.5 lion部署

18bB REDIS_CLUSTERS: REDIS_DB_ROOM: #start koko ./koko
#1、guacd服务部署
mkdir /home/service/guacamole-v3.6.4
cd /home/service/guacamole-v3.6.4
wget http://download.jumpserver.org/public/guacamole-server-1.4.0.tar.gz
tar -xzf guacamole-server-1.4.0.tar.gz
cd guacamole-server-1.4.0/
#2、构建guacd服务
./configure --with-init-dir=/etc/init.d
make
make install
ldconfig
#3、获取lion
cd /home/service/
wget https://github.com/jumpserver/lion-release/releases/download/v3.6.4/lion-v3.6.4-linux-amd64.tar.gz
tar -xf lion-v3.6.4-linux-amd64.tar.gz
cd lion-v3.6.4-linux-amd64
#4、修改配置文件
cp config_example.yml config.yml
vim config.yml

CORE_HOST: http://127.0.0.1:8080
BOOTSTRAP_TOKEN: A1RQbiRo5jD6H8HA
BIND_HOST: 0.0.0.0
HTTPD_PORT: 8081
LOG_LEVEL: INFO
GUA_HOST: 127.0.0.1
GUA_PORT: 4822

#5、启动Guacd
/etc/init.d/guacd start

#6、start lion
./lion


3.6 Magnus部署

cd /home/services/
wget https://github.com/jumpserver/magnus-release/releases/download/v3.6.4/magnus-v3.6.4-linux-amd64.tar.gz
tar -xf magnus-v3.7.0-linux-amd64.tar.gz
cd magnus-v3.6.4-linux-amd64
wget https://github.com/jumpserver/wisp/releases/download/v0.1.15/wisp-v0.1.15-linux-amd64.tar.gz
tar -xf wisp-v0.1.15-linux-amd64.tar.gz
mv wisp-v0.1.15-linux-amd64/wisp /usr/local/bin/
chown root:root /usr/local/bin/wisp /home/services/magnus-v3.7.0-linux-amd64/magnus
chmod 755 /usr/local/bin/wisp /home/services/magnus-v3.7.0-linux-amd64/magnus
cp config_example.yml config.yml
vi config.yml


BIND_HOST: "0.0.0.0"
BOOTSTRAP_TOKEN: A1RQbiRo5jD6H8HA
MYSQL_PORT: 33060
MARIA_DB_PORT: 33061
POSTGRESQL_PORT: 54320
LOG_LEVEL: "info"
WISP_HOST: "localhost"
WISP_PORT: 9090

#start wisp
export CORE_HOST="http://127.0.0.1:8080"   # Core 的地址
export BOOTSTRAP_TOKEN=********            # 和 Core config.yml 的值保持一致
export WORK_DIR="/opt/magnus-v3.7.0-linux-amd64"
export COMPONENT_NAME="magnus"
export EXECUTE_PROGRAM="/opt/magnus-v3.7.0-linux-amd64/magnus"
wisp


3.7 Nginx部署

yum -y install gcc gcc-c++ make libtool zlib zlib-devel openssl openssl-devel pcre pc
wget https://nginx.org/download/nginx-1.20.1.tar.gz
tar -zxvf nginx-1.20.1.tar.gz
mv nginx-1.20.1/ nginx
/configure  --with-http_ssl_module
make&&make install
#也可以直接使用yum install -y nginx 部署

#默认配置文件#/etc/nginx/


4. 环境整合

server {
  listen 80;
  client_max_body_size 5000m; # 文件大小限制
  # Luna 配置
  #location /luna/ {
    # 注意将模板中的组件名称替换为服务实际 ip 地址, 如都在本机部署
  #   proxy_pass       http://127.0.0.1:4200;
    #proxy_pass http://luna:4200;
 # }
  location /luna/ {
    try_files $uri / /index.html;
    alias /home/services/luna-3.6.4/luna/;
  }
  # Core data 静态资源
  location /media/replay/ {
    add_header Content-Encoding gzip;
    root /home/services/jumpserver-3.6.4/data/;
  }
  location /static/ {
    root /home/services/jumpserver-3.6.4/data/;
  }
  # KoKo Lion 配置
  location /koko/ {
    # 注意将模板中的组件名称替换为服务实际 ip 地址, 如都在本机部署
    proxy_pass       http://127.0.0.1:5000;
   # proxy_pass       http://koko:5000;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_http_version 1.1;
    proxy_buffering off;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }
  # lion 配置
  location /lion/ {
    # 注意将模板中的组件名称替换为服务实际 ip 地址, 如都在本机部署
    proxy_pass       http://127.0.0.1:8081;
   # proxy_pass http://lion:8081;
    proxy_buffering off;
    proxy_request_buffering off;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_ignore_client_abort on;
    proxy_connect_timeout 600;
    proxy_send_timeout 600;
    proxy_read_timeout 600;
    send_timeout 6000;
  }
  location /ws/ {
    # 注意将模板中的组件名称替换为服务实际 ip 地址, 如都在本机部署
    proxy_pass       http://127.0.0.1:8080;
   # proxy_pass http://core:8080;
    proxy_buffering off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
  location ~ ^/(core|api|media)/ {
    # 注意将模板中的组件名称替换为服务实际 ip 地址, 如都在本机部署
    proxy_pass       http://127.0.0.1:8080;
   # proxy_pass http://core:8080;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
  # 前端 Lina
  location /ui/ {
    # 注意将模板中的组件名称替换为服务实际 ip 地址, 如都在本机部署
    proxy_pass       http://127.0.0.1:9528;
   # proxy_pass http://lina:9528;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
  location / {
    rewrite ^/(.*)$ /ui/ last;
  }
}

5. 启动脚本

cd /home/tank/script
vim jumpserver.sh
#!/bin/bash

#script for startup jumpserver

#start jumpserver core
source /opt/py3/bin/activate
cd /home/services/jumpserver-3.6.4
nohup python -u jms start >/tmp/jump.log 2>&1 &

#start koko
cd /home/services/koko-3.6.4/koko---linux-amd64
nohup ./koko  >/tmp/koko.log 2>&1 &

#start magnus
cd /home/services/magnus-v3.6.4-linux-amd64
nohup wisp > /tmp/magnus.log 2>&1 &

/etc/init.d/guacd start
#start lion
cd  /home/services/lion-v3.6.4-linux-amd64
nohup ./lion  > /tmp/lion.log 2>&1 &

#start lina
cd /home/services/lina-v3.6.4

yarn config set ignore-engines true 
export NODE_OPTIONS=--openssl-legacy-provider

nohup  yarn serve >/tmp/lina.log 2>&1 &

#start luna
yarn config set ignore-engines true 
export NODE_OPTIONS=--openssl-legacy-provider
cd /home/services/luna-3.6.4
./node_modules/.bin/ng serve 2>&1 &


chmod +x jumpserver.sh

./jumpserver.sh


6. 目录说明









/home/services/
├── data
├── guacamole-v3.6.4 (guacd服务安装目录 用于web 代理连接 )
├── jumpserver-3.6.4 (jumpserver核心组件,其他组件依赖此组件工作)
├── koko-3.6.4 (ssh,等shell终端连接组件)
├── lina-v3.6.4 (jumperserver的前端项目之一,主要使用vue,elementUI完成)
├── lion-v3.6.4-linux-amd64 (服务于windows的组件,用于web端访问windows资产)
├── luna-3.6.4 (jumpserver主要的前端项目,使用angular CLI完成。)
├── magnus-v3.6.4-linux-amd64 (数据库代理组件,用于客户端代理访问数据库)
├── node-v18.17.1 (依赖)
├── Python-3.9.18 (依赖,当前版本必须大于3.6)
└── redis-6.2.5 (由core等组件调用)
另:mysql使用5.7.43版本。详情可查看systemctl status mysqld

系统架构图
<img src="clip_2.png" alt="clip_2.png" title="clip_2.png" width="815" />

日志目录位于各组件的data/logs中
当前log等级均为error,可视情况更改,但本地磁盘不多,不建议使用info等级。 关于日志后期建议统一搭载日志平台。


https://www.xamrdz.com/backend/36h1940066.html

相关文章: