jumpserver 1.5.9安装

##jumpserver 1.5.9安装

#!/bin/bash
###jumpserver 1.5.9

systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i "s/SELINUX=.*/SELINUX=disabled/g" /etc/selinux/config

hostnamectl set-hostname node$(hostname -I |cut -d '.' -f4)


#@准备Python3和python虚拟环境
#安装依赖包
yum -y install wget gcc git epel-release
#安装Python3.6
yum -y install python36 python36-devel


#安装redis
yum -y install redis
systemctl enable redis
systemctl start redis

#安装mariadb
yum -y install mariadb mariadb-devel mariadb-server mariadb-shared
systemctl enable mariadb
systemctl start mariadb


#创建数据看看jumpserver并授权
mysql -e "create database if not exists jumpserver default charset 'utf8';
grant all on jumpserver.* TO 'jumpserver'@'localhost' IDENTIFIED BY 'jumpserver';
flush privileges;"

mysql -ujumpserver -pjumpserver -e 'show databases;'

#建立Python虚拟环境
python3.6 -m venv /opt/py3
source /opt/py3/bin/activate

wget http://134.175.107.119/download/jumpserver/1.5.9/jumpserver.tar.gz

tar zxvf jumpserver.tar.gz -C /opt/


####安装编译环境依赖
cd /opt/jumpserver/requirements

#安装依赖rpm包
yum install -y $(cat rpm_requirements.txt)

#安装Python库依赖
pip install wheel && \
pip install --upgrade pip setuptools && \
pip install -r requirements.txt

#确保已经载入 py3 虚拟环境, 中间如果遇到报错一般是依赖包没装全, 可以通过 搜索引擎 解决
#国内可以使用镜像加速
#
#pip install wheel -i https://mirrors.aliyun.com/pypi/simple/
#pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/
#pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/


##修改配置文件
cd /opt/jumpserver

\cp config_example.yml config.yml

SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc

BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc

sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml

####数据库密码jumpserver
sed -i 's/DB_PASSWORD:.*/DB_PASSWORD: jumpserver/g' /opt/jumpserver/config.yml

echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"
echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"

##echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"
## 你的SECRET_KEY是 jZIfxus6Admhip2vsuOzAEqh3byK5jUx6KOc0hNYaNZSvFjiJW 
##(py3) [root@node70 jumpserver]# echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"
## 你的BOOTSTRAP_TOKEN是 wv5gsAwJdTJOSCab

###启动 jumpserver 要在后台运行加 ./jms start -d
source /opt/py3/bin/activate &&  cd /opt/jumpserver && ./jms start 


##正常部署 koko 组件
cd /opt
#wget http://134.175.107.119/download/koko/1.5.9/koko-master-linux-amd64.tar.gz
wget https://github.com/jumpserver/koko/releases/download/1.5.9/koko-master-linux-amd64.tar.gz

tar -zxvf koko-master-linux-amd64.tar.gz -C /opt/
chown -R root:root /opt/kokodir
cd /opt/kokodir

\cp config_example.yml config.yml 
sed -i "s/BOOTSTRAP_TOKEN:.*/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/kokodir/config.yml

sed -i "s/# LOG_LEVEL:.*/LOG_LEVEL: ERROR/" /opt/kokodir/config.yml
sed -i "s/# SHARE_ROOM_TYPE:.*/SHARE_ROOM_TYPE: redis/" /opt/kokodir/config.yml

### Redis配置
sed -i "s/# REDIS_HOST:.*/REDIS_HOST: 127.0.0.1/" /opt/kokodir/config.yml
sed -i "s/# REDIS_PORT:.*/REDIS_PORT: 6379/" /opt/kokodir/config.yml
#sed -i "s/# REDIS_PASSWORD:.*/REDIS_PASSWORD: ZhYnLrodpmPncovxJTnRyiBs/" /opt/kokodir/config.yml
sed -i "s/# REDIS_DB_ROOM:.*/REDIS_DB_ROOM: 6/" /opt/kokodir/config.yml

grep -Ev '^$|^#' /opt/kokodir/config.yml

###启动 koko 要在后台运行加 ./koko -d
source /opt/py3/bin/activate &&  cd /opt/kokodir  && ./koko

##docker 部署 koko 组件   如果前面已经正常部署了 koko, 可以跳过此步骤
#docker run --name jms_koko -d -p 2222:2222  -p 127.0.0.1:5000:5000  -e CORE_HOST=http://192.168.244.144:8080   -e BOOTSTRAP_TOKEN=zxffNymGjP79j6BN -e LOG_LEVEL=ERROR  --restart=always jumpserver/jms_koko:1.5.9



###正常安装并启动 guacamole 组件
#根据 guacamole官方文档 文档安装对应的依赖包
###Fedora/CentOS/RHEL:
yum -y localinstall --nogpgcheck https://mirrors.aliyun.com/rpmfusion/free/el/rpmfusion-free-release-7.noarch.rpm https://mirrors.aliyun.com/rpmfusion/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm && \
yum install -y cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel && \
yum install -y ffmpeg-devel freerdp1.2-devel pango-devel libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel openssl-devel libvorbis-devel libwebp-devel && \
ln -s /usr/local/lib/freerdp /usr/lib64/freerdp

##############automake-1.15

wget http://ftp.gnu.org/gnu/automake/automake-1.15.tar.gz 
tar -zxvf automake-1.15.tar.gz -C /opt/
cd /opt/automake-1.15
./bootstrap.sh 
./configure && make && make install 
automake --version 


#############################
yum install -y libtool

##正常安装并启动 guacamole 组件
cd /opt 
git clone --depth=1 https://github.com/jumpserver/docker-guacamole.git

cd /opt/docker-guacamole && \
tar -xf guacamole-server-1.0.0.tar.gz && \
tar -xf ssh-forward.tar.gz -C /bin/ && \
chmod +x /bin/ssh-forward

cd /opt/docker-guacamole/guacamole-server-1.0.0

autoreconf -fi && ./configure --with-init-dir=/etc/init.d && make && make install


#################需要先在当前环境配置好 java

#Centos:

yum install -y java-1.8.0-openjdk java-1.8.0-openjdk-devel

mkdir -p /config/guacamole /config/guacamole/extensions /config/guacamole/record /config/guacamole/drive && \
chown daemon:daemon /config/guacamole/record /config/guacamole/drive && \
cd /config
############################


wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v9.0.35/bin/apache-tomcat-9.0.35.tar.gz

tar -xf apache-tomcat-9.0.35.tar.gz && \
mv apache-tomcat-9.0.35 tomcat9 && \
rm -rf /config/tomcat9/webapps/* && \
sed -i 's/Connector port="8080"/Connector port="8081"/g' /config/tomcat9/conf/server.xml && \
echo "java.util.logging.ConsoleHandler.encoding = UTF-8" >> /config/tomcat9/conf/logging.properties && \
ln -sf /opt/docker-guacamole/guacamole-1.0.0.war /config/tomcat9/webapps/ROOT.war && \
ln -sf /opt/docker-guacamole/guacamole-auth-jumpserver-1.0.0.jar /config/guacamole/extensions/guacamole-auth-jumpserver-1.0.0.jar && \
ln -sf /opt/docker-guacamole/root/app/guacamole/guacamole.properties /config/guacamole/guacamole.properties


##设置 guacamole 环境


export JUMPSERVER_SERVER=http://127.0.0.1:8080
echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
export BOOTSTRAP_TOKEN=zxffNymGjP79j6BN
echo "export BOOTSTRAP_TOKEN=zxffNymGjP79j6BN" >> ~/.bashrc
export JUMPSERVER_KEY_DIR=/config/guacamole/keys
echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
export GUACAMOLE_HOME=/config/guacamole
echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc
export GUACAMOLE_LOG_LEVEL=ERROR
echo "export GUACAMOLE_LOG_LEVEL=ERROR" >> ~/.bashrc
export JUMPSERVER_ENABLE_DRIVE=true
echo "export JUMPSERVER_ENABLE_DRIVE=true" >> ~/.bashrc

####环境变量说明
###JUMPSERVER_SERVER 指 core 访问地址
###BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN 值
###JUMPSERVER_KEY_DIR 认证成功后 key 存放目录
###GUACAMOLE_HOME 为 guacamole.properties 配置文件所在目录
###GUACAMOLE_LOG_LEVEL 为生成日志的等级
###JUMPSERVER_ENABLE_DRIVE 为 rdp 协议挂载共享盘

###启动 guacamole
/etc/init.d/guacd start
sh /config/tomcat9/bin/startup.sh


#####docker 部署 guacamole 组件
###如果前面已经正常部署了 guacamole, 可以跳过此步骤
##docker run --name jms_guacamole -d \
##  -p 127.0.0.1:8081:8080 \
##  -e JUMPSERVER_SERVER=http://<Jumpserver_url> \
##  -e BOOTSTRAP_TOKEN=<Jumpserver_BOOTSTRAP_TOKEN> \
##  -e GUACAMOLE_LOG_LEVEL=ERROR \
##  jumpserver/jms_guacamole:<Tag>
##<Jumpserver_url> 为 jumpserver 的 url 地址, <Jumpserver_BOOTSTRAP_TOKEN> 需要从 jumpserver/config.yml 里面获取, 保证一致, <Tag> 是版本
##例:
#docker run --name jms_guacamole -d  -p 127.0.0.1:8081:8080 -e JUMPSERVER_SERVER=http://192.168.244.144:8080   -e BOOTSTRAP_TOKEN=abcdefg1234   -e GUACAMOLE_LOG_LEVEL=ERROR  jumpserver/jms_guacamole:1.5.9


####下载 luna 组件

cd /opt
wget http://134.175.107.119/download/luna/1.5.9/luna.tar.gz
##wget https://github.com/jumpserver/luna/releases/download/1.5.9/luna.tar.gz

tar -xf luna.tar.gz
chown -R nginx:nginx luna

#####nginx
yum install -y yum-utils

echo '[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true' >/etc/yum.repos.d/nginx.repo

yum install -y nginx
\cp /etc/nginx/conf.d/default.conf{,.bak}
echo >/etc/nginx/conf.d/default.conf

echo '
server {
    listen 80;

    client_max_body_size 100m;  # 录像及文件上传大小限制

    location /luna/ {
        try_files $uri / /index.html;
        alias /opt/luna/;  # luna 路径, 如果修改安装目录, 此处需要修改
    }

    location /media/ {
        add_header Content-Encoding gzip;
        root /opt/jumpserver/data/;  # 录像位置, 如果修改安装目录, 此处需要修改
    }

    location /static/ {
        root /opt/jumpserver/data/;  # 静态资源, 如果修改安装目录, 此处需要修改
    }

    location /koko/ {
        proxy_pass       http://localhost:5000;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log off;
    }

    location /guacamole/ {
        proxy_pass       http://localhost:8081/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        access_log off;
    }

    location /ws/ {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://localhost:8070;
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location / {
        proxy_pass http://localhost:8080;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}
' >/etc/nginx/conf.d/jumpserver.conf

nginx -t
systemctl start nginx.service