环境说明:
系统: CentOS 6.5 x86_64 mini
Python: 3.6
安装目录:/opt/jumpserver
一. 环境准备
1.1 安装基本工具和库
1 2 3 |
$ yum -y install sqlite-devel git epel-release $ yum -y install sshpass python-devel libffi-devel openssl-devel $ yum -y install gcc gcc-c++ |
1.2 安装Python 3.6 和 Django
开始安装python3.6
1 2 3 4 5 6 |
wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tgz tar vxf Python-3.6.1.tgz cd Python-3.6.1.tgz ./configure --prefix=/usr/local #编译,自定义安装目录,如果自定目录不在环境变量重要,要把安装的目录加入到环境变量中 make && make install #这个过程会非常慢 ln –s /usr/local/bin/python3 /usr/bin/python3 #建立软连接 |
检查是否安装成功
1 2 3 4 5 |
[root@ly ~]# python3 Python 3.6.1 (default, Aug 5 2017, 23:14:39) [GCC 4.4.7 20120313 (Red Hat 4.4.7-11)] on linux Type "help", "copyright", "credits" or "license" for more information. >>> quit() |
安装Django==1.10.5
1 2 3 4 5 |
安装完成 python3.6后自动安装了pip9.0.1 所以直接安装django pip3 install django==1.10.5 然后做软连接 ln -s /usr/local/bin/django-admin.py /usr/bin/django-admin |
检查django的命令是否能运行
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
[root@ly ~]# django-admin Type 'django-admin help <subcommand>' for help on a specific subcommand. Available subcommands: [django] check compilemessages createcachetable dbshell diffsettings dumpdata flush inspectdb loaddata makemessages makemigrations migrate runserver |
运行django-admin的命令查看能否出现 如下的子命令,如果没有请 创建软连接或者添加环境变量
A、ln -s /usr/local/bin/django-admin.py /usr/bin/django-admin
B、export PATH=$PATH:/usr/local/python3/bin
二. Jumpserver安装
2.1 下载仓库代码
1 2 3 4 |
$ cd /opt $ git clone https://github.com/jumpserver/jumpserver.git $ cd jumpserver $ git checkout dev |
2.2 安装依赖
1 2 3 |
$ cd requirements $ sudo yum -y install `cat rpm_requirements.txt` $ pip install -r requirements.txt -i https://pypi.doubanio.com/simple |
2.3 准备配置文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
$ cd .. $ cp config_example.py config.py $ cp run_server.py jumpserver && chmod +x jumpserver $ vim config.py // 默认使用的是 DevelpmentConfig 所以应该去修改这部分 class DevelopmentConfig(Config): EMAIL_HOST = ‘smtp.exmail.qq.com‘ EMAIL_PORT = 465 EMAIL_HOST_USER = ‘ask@jumpserver.org‘ EMAIL_HOST_PASSWORD = ‘xxx‘ EMAIL_USE_SSL = True // 端口是 465 设置 True 否则 False EMAIL_USE_TLS = False // 端口是 587 设置为 True 否则 False SITE_URL = ‘http://localhost:8080‘ // 发送邮件会使用这个地址 |
2.4 初始化数据库
1 2 3 |
$ cd utils $ sh make_migrations.sh $ sh init_db.sh |
2.5 安装redis server
1 2 |
$ yum -y install redis $ service redis start |
2.6 安装创建启动文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 |
#!/bin/sh # # jumpserver - this script starts and stops the jumpserver daemon # # chkconfig: 2345 85 15 # processname: jumpserver # pidfile: /var/run/jumpserver.pid # Source function library. . /etc/rc.d/init.d/functions PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin" export PATH # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ "$NETWORKING" = "no" ] && exit 0 exec="/opt/jumpserver/jumpserver" pidfile="/var/run/jumpserver.pid" lockfile=/var/lock/subsys/jumpserver start() { [ -x $jumpserver ] || exit 5 echo -n $"Starting jumpserver: " daemon --pidfile="$pidfile" "$exec &" retval=$? echo [ $retval -eq 0 ] && touch $lockfile return $retval } stop() { echo -n $"Stopping jumpserver: " killproc -p "$pidfile" $exec #killproc $prog -TERM retval=$? if [ $retval -eq 0 ]; then if [ "$CONSOLETYPE" != "serial" ]; then echo -en "\\033[16G" fi1 while rh_status_q do sleep 1 echo -n $"." done rm -f $lockfile fi echo return $retval } restart() { stop start } rh_status() { status -p "$pidfile" $exec #status $prog } rh_status_q() { rh_status >/dev/null 2>&1 } case "$1" in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q || exit 0 $1 ;; restart) $1 ;; status|status_q) rh_$1 ;; condrestart|try-restart) rh_status_q || exit 7 restart ;; *) echo $"Usage: $0 {start|stop|status|restart}" exit 2 esac |
2.7 插件
1 |
yum install rabbitmq-server |
2.8 启动
1 2 |
$ chkconfig --add jumpserver $ service jumpserver start |
访问 http://ip:8080 账号密码: admin admin
三. 安装 SSH SERVER – COCO
3.1 下载代码库
3.2 安装依赖
3.3 启动脚本
编辑启动脚本:
设置随机启动:
3.3 启动
说明: Coco启动后会向jumpserver注册,请去 jumpserver页面 – 应用程序 – terminal – coco – Accept 允许, 这时 coco就 运行在 2222端口,可以ssh来连接
1 2 |
$ cd /opt $ git clone https://github.com/jumpserver/coco.git |
3.2 安装依赖
1 2 |
$ cd coco/requirements $ pip install -r requirements.txt -i https://pypi.doubanio.com/simple |
3.3 启动脚本
1 2 |
cp /opt/coco/run_server.py /opt/coco/cocossh chmod +x /opt/coco/cocossh |
编辑启动脚本:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 |
vi /etc/init.d/cocossh #!/bin/sh # # coco - this script starts and stops the coco daemon # # chkconfig: 2345 85 15 # description: coco is a ssh server # processname: coco # pidfile: /var/run/coco.pid # Source function library. . /etc/rc.d/init.d/functions PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin" export PATH # Source networking configuration. . /etc/sysconfig/network # Check that networking is up. [ "$NETWORKING" = "no" ] && exit 0 exec="/opt/coco/cocossh" pidfile="/var/run/coco.pid" jumprunlog="/opt/coco/logs/cocorun.log" lockfile=/var/lock/subsys/coco start() { [ -x $coco ] || exit 5 echo -n $"Starting cocosshServer: " daemon --pidfile="$pidfile" "$exec &" retval=$? echo [ $retval -eq 0 ] && touch $lockfile return $retval } stop() { echo -n $"Stopping cocosshServer: " killproc -p "$pidfile" $exec #killproc $prog -TERM retval=$? if [ $retval -eq 0 ]; then if [ "$CONSOLETYPE" != "serial" ]; then echo -en "\\033[16G" fi while rh_status_q do sleep 1 echo -n $"." done rm -f $lockfile fi echo return $retval } restart() { stop start } rh_status() { status -p "$pidfile" $exec #status $prog } rh_status_q() { rh_status >/dev/null 2>&1 } case "$1" in start) rh_status_q && exit 0 $1 ;; stop) rh_status_q || exit 0 $1 ;; restart) $1 ;; status|status_q) rh_$1 ;; condrestart|try-restart) rh_status_q || exit 7 restart ;; *) echo $"Usage: $0 {start|stop|status|restart}" exit 2 esac |
设置随机启动:
1 2 3 |
chkconfig --add cocossh service cocossh start 然后在jumpserver上的应用程序菜单下点击允许 |
3.3 启动
1 2 |
$ cd /opt/coco $ python run_server.py |
说明: Coco启动后会向jumpserver注册,请去 jumpserver页面 – 应用程序 – terminal – coco – Accept 允许, 这时 coco就 运行在 2222端口,可以ssh来连接
命令行:
ssh admin@YourServerIP -p2222
3.5 测试
– 测试登录 ssh server
– 测试跳转
– 测试命令记录回