jumpserver2.2.2安装
jumpserver2.2.2安装
环境
centos7
注意事项: 各组件须使用相同版本!!!!
- 环境准备
关闭防火墙/SELinux等
vim /etc/selinux/config
SELINUX=disable
systemctl disable firewalld.service
下载安装包 2.2.2版本, 版本要保持统一
wget https://github.com/jumpserver/jumpserver/releases/download/v2.2.2/jumpserver-v2.2.2.tar.gz
安装依赖软件
yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git
yum install libffi-devel -y
安装python3
wget https://www.python.org/ftp/python/3.7.0/Python-3.7.0.tgz
tar -zxvf Python-3.7.0.tgz
cd Python-3.7.0/
./configure --prefix=/usr/local/python3
make -j 4 && make install
ln -s /usr/local/python3/bin/python3 /usr/bin/python3
ln -s /usr/local/python3/bin/pip3 /usr/bin/pip3
建立python虚拟环境, 也可以不弄
cd /opt
python3 -m venv jumpy # 创建
source /opt/jumpy/bin/activate #开启
- 安装jumpserver
cd /opt/
tar -xf jumpserver-v2.2.2.tar.gz
rm jumpserver-v2.2.2.tar.gz
mv jumpserver-v2.2.2/ jumpserver
cd jumpserver
cd requirements/
安装依赖 yum/python/redis等
yum install -y cat rpm_requirements.txt
pip安装需要在虚拟python中, 以阿里源安装
pip install wheel -i https://mirrors.aliyun.com/pypi/simple/
pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/
pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
安装redis
yum install redis -y
systemctl enable --now redis
由于mariadb不支持json类型, 改用mysql
#yum install mariadb mariadb-devel mariadb-server -y
#systemctl enable --now mariadb
wget -i -c http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm
yum -y install mysql57-community-release-el7-10.noarch.rpm
yum -y install mysql-community-server
systemctl enable --now mysqld.service
初次安装mysql会随机一次密码, 并规定须修改密码后才能正常使用
cat /var/log/mysqld.log | grep -i pass
2022-01-13T08:03:30.631058Z 1 Note A temporary password is generated for root@localhost: _njl5ehUX46K
alter user user() identified by "Jumpserver1!"; #修改初始密码
创建数据库
mysql -uroot -pJumpserver1!
create database jumpserver default charset 'utf8'; # 创建数据库
grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'Jumpserver1!'; # 授权jumpserver用户在本地对jumpserver数据库的任意表有全部权限
修改jumpserver配置文件
cd /opt/jumpserver/
cp config_example.yml config.yml
vim config.yml
SECRET_KEY: 123456a
BOOTSTRAP_TOKEN: 345678a
DB_ENGINE: mysql
DB_HOST: 127.0.0.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: Jumpserver1!
DB_NAME: jumpserver
jumpserver表构建
cd /opt/jumpserver/
cd utils/
bash make_migrations.sh
- 启动jumpserver
cd /opt/jumpserver
./jms start all -d # 启动所有服务 -d=后台
启动后就可以以8080端口访问了
- 安装ssh server与websocket
安装koko
cd /opt
wget https://github.com/jumpserver/koko/releases/download/v2.2.2/koko-v2.2.2-linux-amd64.tar.gz
tar -xf koko-master-linux-amd64.tar.gz
mv koko-v2.2.2-linux-amd64 kokochown -R root:root koko
cd koko
cp config_example.yml config.yml
vim config.yml
BOOTSTRAP_TOKEN: 345678a # 需要和jumpserver配置的相同
后台启动
./koko -d
安装lina
cd /opt
wget https://github.com/jumpserver/lina/releases/download/v2.2.2/lina-v2.2.2.tar.gz
tar -xf lina-v2.17.3.tar.gz
mv lina-v2.17.3 lina
安装luna
wget wget https://github.com/jumpserver/luna/releases/download/v2.2.2/luna-v2.2.2.tar.gztar -zxvf luna.tar.gz
chown -R root:root luna- 配置安装nginx
yum -y install nginxrm -rf /etc/nginx/config.d/default.confcd /etc/nginx/conf.d/touch jumpserver.confvim jumpserver.confserver { listen 80; client_max_body_size 100m; # 录像及文件上传大小限制 location /ui/ { try_files $uri / /index.html; alias /opt/lina/; } location /luna/ { try_files $uri / /index.html; alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改 } location /media/ { add_header Content-Encoding gzip; root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改 } location /static/ { root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改 } location /koko/ { proxy_pass http://localhost:5000; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location /guacamole/ { proxy_pass http://localhost:8081/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location /ws/ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:8070; proxy_http_version 1.1; proxy_buffering off; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location / { proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; }}
systemctl enable --now nginx
简易安装 默认安装在docker中
cd /opt
wget https://community.fit2cloud.com/#/products/jumpserver/downloads
tar -xf jumpserver-installer-v2.17.3.tar.gz
cd jumpserver-installer-v2.17.3
修改配置文件
./jmsctl.sh install # 安装
# 启动
./jmsctl.sh start # 开启报错收集
- bash make_migrations.sh 报错django.core.exceptions.ImproperlyConfigured: The SECRET_KEY setting must not be empty.
解决方案: 为config.yml中的secret_key赋值即可
- bash make_migrations.sh 报错 TypeError: object of type 'int' has no len()
解决方案: 通过打印该key发现是配置文件中的secretkey, 修改为字符串即可, 若使用纯数字须在数字两边加引号
- maraidb不支持JSON类型
解决方案: 更改为mysql数据库
- bash make_migrations.sh 报错Bad magic number: '/opt/jumpserver/apps/locale/zh/LC_MESSAGES/django.mo'
解决方案:
cd /opt/jumpserver/apps/locale/zh/LC_MESSAGES/
rm django.mo
vim django.po
修改language配置项从CN->EN"Language: zh_EN\n"
msgfmt django.po
mv messages.mo django.mo
如果报错是djangojs.mo, 修改djangojs.po文件中的language为en
- bash make_migrations.sh 报错
File "/opt/jumpserver/apps/perms/serializers/application/permission.py", line 58
if request := self.context.get('request'):解决方案:
vim /opt/jumpserver/apps/perms/serializers/application/permission.py58行修改为
if request == self.context.get('request'):
- jumpserver.log报: TemplateDoesNotExist: django/forms/widgets/multiwidget.html和No module named 'bootstrap3.renderers' 等导入问题, 可能是使用错了python, source一手正确的python就好
- ./koko start 报错 /api/terminal/v2/terminal-registrations/ HTTP/1.0" 404
原因: 版本不同
解决方案: 使用相同版本的各组件
- 访问报错: Request failed with status code 502
原因: SELinux
- 访问时会访问 /api/v1/orgs/orgs/current/ 日志报错: '‘current’不是有效UUID。'`
原因: 版本问题
本文系转载,前往查看
如有侵权,请联系 cloudcommunity@tencent.com 删除。
本文系转载,前往查看
如有侵权,请联系 cloudcommunity@tencent.com 删除。