linux-jumpserver

1、关闭防火墙

systemctl stop firewalld
systemctl disable firewalld

修改/etc/selinux/config 文件
将SELINUX=enforcing改为SELINUX=disabled

 2、同步时钟

centos7：

date
yum install ntpdate -y
timedatectl set-timezone Asia/Shanghai
ntpdate ntp1.aliyun.com
systemctl enable ntpdate

centos 8：

date

dnf install -y chrony

 vi /etc/chrony.conf

注释#pool 2.centos.pool.ntp.org iburst，并增加server ntp.aliyun.com iburst 和 server cn.ntp.org.cn iburst

systemctl restart chronyd.service

 重启chrony服务

chronyc sources -v

查看是否连接网络时钟

 3、更改主机名

hostnamectl set-hostname jumpserver

 4、备份yum源及更新yum源（centos 8已经更新，无需操作）

yum install wget

先安装下载命令
mkdir /etc/yum.repos.d/bak
mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/
备份yum源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum clean all
yum makecache  
清楚缓存，重写建立yum仓库，更新yum源

 5、初始化工具

yum install -y bash-completion vim lrzsz wget expect net-tools nc nmap tree dos2unix htop iftop iotop unzip telnet sl psmisc nethogs glances bc ntpdate openldap-devel gcc zlib zlib-devel
初始化工具

 centos 8：

安装htop

yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

yum install htop

安装iftop

先安装yum install epel-release

yum install iftop

安装sl

yum -y install sl

安装nethogs

yum -y install nethogs

安装glances

yum -y install glances

6、适配中文字符
echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf
重启生效
ls --help
看到中文表示修改成功

reboot
重启

7、centos8支持一键部署jumpserver

curl -sSL https://github.com/jumpserver/jumpserver/releases/download/v2.27.0/quick_start.sh | bash

安装完成打开http://local即可

--------------------------------------------------以下是centos7一步步安装过程-------------------------------------------------------------------------------
7、centos7卸除自带数据库，安装mysql
rpm -qa | grep mariadb
rpm -e --nodeps mariadb-libs-5.5.60-1.el7-5.x86_64 #卸载完查看还有没有mariadb
卸除源数据库

cd /opt
wget http://dev.mysql.com/get/mysql-5.7.26-1.el8.x86_64.rpm-bundle.tar
tar -xvf mysql-5.7.26-1.el7.x86_64.rpm-bundle.tar
下载mysql

mkdir mysql
mv mysql-community*.rpm mysql
cd mysql
rpm -ivh mysql-community-common-5.7.26-1.el7.x86_64.rpm
rpm -ivh mysql-community-libs-5.7.26-1.el7.x86_64.rpm
rpm -ivh mysql-community-client-5.7.26-1.el7.x86_64.rpm
rpm -ivh mysql-community-server-5.7.26-1.el7.x86_64.rpm
如提示
    /usr/bin/perl 被 mysql-community-server-5.7.26-1.el7.x86_64 需要
    perl(Getopt::Long) 被 mysql-community-server-5.7.26-1.el7.x86_64 需要
    perl(strict) 被 mysql-community-server-5.7.26-1.el7.x86_64 需要
输入命令：
sudo yum install perl perl-Getopt-Long perl-strict

rpm -ivh mysql-community-devel-5.7.26-1.el7.x86_64.rpm


安装
systemctl start mysqld
启动数据库
systemctl enable mysqld
设置开机启动

grep 'temporary password' /var/log/mysqld.log
查看初始密码
修改mysql密码
mysql -u root -p

set global validate_password_length=6;
set global validate_password_mixed_case_count=0;
set global validate_password_special_char_count=0;
set password for 'root'@'localhost' =password('yz123456');
flush privileges;create database jumpserver default charset 'utf8' collate 'utf8_bin';
create user 'jumpserver'@'%' IDENTIFIED BY 'yz123456';
grant all privileges on root.* to 'jumpserver'@'%' identified by 'yz123456';
grant all privileges on jumpserver.* to 'jumpserver'@'%' identified by 'yz123456';

show variables like 'validate_password%';
数据库配置

cd /opt
wget https://www.python.org/ftp/python/3.6.10/Python-3.6.10.tgz
tar -xvf Python-3.6.10.tgz
yum install -y openssl openssl-devel
cd Python-3.6.10
./configure --prefix=/usr/local/python3.6
make -j3 && make install
echo "PATH="/usr/local/python3.6/bin:$PATH"" >> /etc/profile
#添加环境
source /etc/profile
安装python
python3.6
确认python3.6能进入

mkdir /root/.pip
touch /root/.pip/pip.conf
vim /root/.pip/pip.conf
#########将下面的内容写入###########
[global]
index-url = https://mirrors.aliyun.com/pypi/simple/

pip3 install virtualenv
cd /usr/local
virtualenv  --python=python3 jmp_venvl
安装python虚拟环境

source /usr/local/jmp_venvl/bin/activate  
#刷新环境，可以进去python虚拟环境，进入后终端会有jmp_venvl标识deactivate  #退出当前的虚拟环境/切换回物理真实环境

deactivate
退出虚拟环境

安装redis
yum -y install redis
systemctl start redis
systemctl enable redis
redis-cli  
#验证
[root@jumpserver ~]# redis-cli
127.0.0.1:6379> ping
PONG  #返回PONG证明可以正常启动


wget https://github.com/jumpserver/jumpserver/releases/download/v2.1.0/jumpserver-v2.1.0.tar.gz
tar -zxvf jumpserver-v2.1.0.tar.gz
ln -s /opt/jumpserver-v2.1.0 jumpserver
安装jumpserver

yum install -y bash-completion vim lrzsz wget expect net-tools nc nmap tree dos2unix htop  iftop iotop unzip telnet sl psmisc nethogs glances bc ntpdate openldap-devel
安装依赖包

cd /opt/jumpserver/requirements/
cat /opt/jumpserver/requirements/requirements.txt
source /usr/local/jmp_venvl/bin/activate
pip3 install -r /opt/jumpserver/requirements/requirements.txt
deactivate
安装python虚拟环境下的py模块

#获取SECRET_KEY
if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` ; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi
if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi
cd /opt/jumpserver
cp config_example.yml config.yml  #example是配置文件模板，真正生效的配置文件是config.yml
vim config.yml#将刚刚两个密钥填入，并填一下数据库密码"Zsfy@2019"
f8BlHuKUmxEdsVM1szudIRCz5UFbXMjhl8khQpyE7p7fOUXVWx
f8BlHuKUmxEdsVM1szudIRCz5UFbXMjhl8khQpyE7p7fOUXVWx
m8DvNW5vDGJrMwsN
m8DvNW5vDGJrMwsN
egrep -v "^#|^$" config.yml
查看信息是否正确

数据迁移
mysql -u root -p
注：前面已经对数据库进行密码修改
show databases
use jumpserver
进入jumpserver
show tables;
查看表格

source /usr/local/jmp_venvl/bin/activate
cd /opt/jumpserver/apps
python3 /opt/jumpserver/apps/manage.py makemigrations  
#显示浅蓝色字体表示成功
python3 /opt/jumpserver/apps/manage.py migrate
#显示多张表导入成功并有OK字样deactivate

导入后检查
mysql -u root -p
show databases;
use jumpserver
show tables;

启动jumpserver
cd /opt/jumpserver
/opt/jumpserver/jms start -d  #-d表示后台运行 start|stop|restart|status