jumpserver一键安装（centos7）

摸索中前进 07-12 1117

前言：

现在同学们对“centos7设置vnc开机自启”大致比较着重，我们都想要学习一些“centos7设置vnc开机自启”的相关资讯。那么小编也在网上网罗了一些有关“centos7设置vnc开机自启””的相关知识，希望小伙伴们能喜欢，同学们一起来了解一下吧！

Jumpserver 是全球首款完全开源的堡垒机, 使用 GNU GPL v2.0 开源协议, 是符合 4A 的专业运维审计系统。

Jumpserver 使用 Python / Django 进行开发, 遵循 Web 2.0 规范, 配备了业界领先的 Web Terminal 解决方案, 交互界面美观、用户体验好。

Jumpserver 采纳分布式架构, 支持多机房跨区域部署, 中心节点提供 API, 各机房部署登录节点, 可横向扩展、无并发访问限制。

Jumpserver 现已支持管理 SSH、 Telnet、 RDP、 VNC 协议资产。

jumpserver使用文档

下以是安装脚本内容：

--------------------------------------------------------------------------------------

#1. 防火墙 Selinux 设置

echo -e "\033[31m 1. 防火墙 Selinux 设置 \033[0m"

if [ "$(systemctl status firewalld | grep running)" != "" ]; then

firewall-cmd --zone=public --add-port=80/tcp --permanent;

firewall-cmd --zone=public --add-port=2222/tcp --permanent;

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" \

source address="172.17.0.0/16" port protocol="tcp" port="8080" accept";

firewall-cmd --reload;

if [ "$(getenforce)" != "Disabled" ]; then

setsebool -P httpd_can_network_connect 1;

#2. 部署环境

echo -e "\033[31m 2. 部署环境 \033[0m" \

&& yum update -y \

&& ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \

&& yum -y install kde-l10n-Chinese \

&& localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 \

&& export LC_ALL=zh_CN.UTF-8 \

&& echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf \

&& yum -y install wget gcc epel-release git \

&& yum install -y yum-utils device-mapper-persistent-data lvm2 \

&& yum-config-manager --add-repo \

&& yum makecache fast \

&& rpm --import \

&& echo -e "[nginx-stable]\nname=nginx stable repo\nbaseurl=\$releasever/\$basearch/\ngpgcheck=1\nenabled=1\ngpgkey=" > /etc/yum.repos.d/nginx.repo \

&& rpm --import \

&& yum -y install redis mariadb mariadb-devel mariadb-server mariadb-shared nginx docker-ce \

&& systemctl enable redis mariadb nginx docker \

&& systemctl start redis mariadb \

&& yum -y install python36 python36-devel python36-yaml \

&& python3.6 -m venv /opt/py3

#3. 下载组件

echo -e "\033[31m 3. 下载组件 \033[0m" \

&& cd /opt \

&& if [ ! -d "/opt/jumpserver" ]; then git clone --depth=1 ; fi \

&& if [ ! -f "/opt/luna.tar.gz" ]; then wget ; tar xf luna.tar.gz; chown -R root:root luna; fi \

&& yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt) \

&& source /opt/py3/bin/activate \

&& pip install --upgrade pip setuptools -i \

&& pip install -r /opt/jumpserver/requirements/requirements.txt -i \

&& curl -sSL | sh -s \

&& systemctl restart docker \

&& docker pull jumpserver/jms_coco:1.5.0 \

&& docker pull jumpserver/jms_guacamole:1.5.0 \

&& rm -rf /etc/nginx/conf.d/default.conf \

&& wget -O /etc/nginx/conf.d/jumpserver.conf

#4. 处理配置文件

echo -e "\033[31m 4. 处理配置文件 \033[0m"

# 生成随机加密秘钥, 勿外泄

if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi

if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi

#环境迁移和更新升级请检查 SECRET_KEY 是否与之前设置一致, 不能随机生成, 否则数据库所有加密的字段均无法解密

cat ~/.bashrc |grep Server_IP

if [ $? -eq 1 ];then

cat <<EOF >>~/.bashrc

export Server_IP=`ip addr | grep inet | egrep -v '(127.0.0.1|inet6|docker)' | awk '{print $2}' | tr -d "addr:" | head -n 1 | cut -d / -f1`

export TOMCAT_VER=8.5.41

export LUNA_VER=1.5.0

export GUAC_VER=0.9.14

export DB_ENGINE=mysql

export DB_HOST=\$Server_IP

export DB_PORT=3306

export DB_USER=jumpserver

export DB_PASSWORD=jumpserverpasswd

export DB_NAME=jumpserver

export REDIS_HOST=127.0.0.1

export REDIS_PORT=6379

export REDIS_PASSWORD=

export JUMPSERVER_KEY_DIR=/config/guacamole/keys

export JUMPSERVER_ENABLE_DRIVE=true

export JUMPSERVER_SERVER=

export GUACAMOLE_HOME=/config/guacamole

EOF

source ~/.bashrc

cat ~/.bashrc

env

if [ ! -d "/var/lib/mysql/jumpserver" ]; then

mysql -uroot -e "create database jumpserver default charset 'utf8';grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD';flush privileges;";

mysql -e "grant all on jumpserver.* to 'jumpserver'@'localhost' identified by '$DB_PASSWORD';flush privileges;";

rm -rf /opt/jumpserver/config.yml

cp -r /opt/jumpserver/config_example.yml /opt/jumpserver/config.yml

sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml

sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml

sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml

sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml

sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml

sed -i "s/DB_ENGINE: mysql/DB_HOST: $DB_ENGINE/g" /opt/jumpserver/config.yml

sed -i "s/DB_HOST: 127.0.0.1/DB_HOST: $DB_HOST/g" /opt/jumpserver/config.yml

sed -i "s/DB_PORT: 3306/DB_PORT: $DB_PORT/g" /opt/jumpserver/config.yml

sed -i "s/DB_USER: jumpserver/DB_USER: $DB_USER/g" /opt/jumpserver/config.yml

sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml

sed -i "s/DB_NAME: jumpserver/DB_NAME: $DB_NAME/g" /opt/jumpserver/config.yml

sed -i "s/REDIS_HOST: 127.0.0.1/REDIS_HOST: $REDIS_HOST/g" /opt/jumpserver/config.yml

sed -i "s/REDIS_PORT: 6379/REDIS_PORT: $REDIS_PORT/g" /opt/jumpserver/config.yml

sed -i "s/# REDIS_PASSWORD: /REDIS_PASSWORD: $REDIS_PASSWORD/g" /opt/jumpserver/config.yml

#5. 启动 Jumpserver

echo -e "\033[31m 5. 启动 Jumpserver \033[0m" \

&& systemctl start nginx \

&& cd /opt/jumpserver \

&& ./jms start all -d \

&& docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST= -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_coco:1.5.0 \

&& docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER= -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_guacamole:1.5.0 \

&& echo -e "\033[31m 你的数据库密码是 $DB_PASSWORD \033[0m" \

&& echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m" \

&& echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m" \

&& echo -e "\033[31m 你的服务器IP是 $Server_IP \033[0m" \

&& echo -e "\033[31m 请打开浏览器访问用户名:admin 密码:admin \033[0m"

#6. 配置自启

echo -e "\033[31m 6. 配置自启 \033[0m" \

&& if [ ! -f "/usr/lib/systemd/system/jms.service" ]; then wget -O /usr/lib/systemd/system/jms.service ; chmod 755 /usr/lib/systemd/system/jms.service; fi \

&& if [ ! -f "/opt/start_jms.sh" ]; then wget -O /opt/start_jms.sh ; fi \

&& if [ ! -f "/opt/stop_jms.sh" ]; then wget -O /opt/stop_jms.sh ; fi \

&& if [ "$(cat /etc/rc.local | grep start_jms.sh)" == "" ]; then echo "sh /opt/start_jms.sh" >> /etc/rc.local; chmod +x /etc/rc.d/rc.local; fi \

&& echo -e "\033[31m 启动停止的脚本在 /opt 目录下, 如果自启失败可以手动启动 \033[0m"

------------------------------------------------------------------------------------

假设脚本名字是jminstall，执行脚本

sh jminstall

脚本执行完毕后

本文地址：http://www.longkongtuishu.com/ca51fBAdsBlQBCVA.html

标签： #centos7设置vnc开机自启