JumpServer部署

JumpServer部署

八月 13, 2019

JumpServer部署

请参考官方安装文档

不同的是安装目录安装在/data/soft/jumpserver

https://jumpserver.readthedocs.io/zh/docs/step_by_step.html (推荐 有autoenv安装)
http://docs.jumpserver.org/zh/docs/setup_by_centos7.html

一、修改字符集

修改字符集,否则可能报 input/output error的问题,因为日志里打印了中文

1
2
3
4
5
6
7
8
9
10
11
12
13
[root@op-remote ~]# localedef -c -f UTF-8 -i zh_CN
zh_CN.UTF-8
[root@op-remote ~]# export LC_ALL=zh_CN.UTF-8
[root@op-remote ~]# echo 'LANG="zh_CN.UTF-8"' >
/etc/locale.conf

# 更改回到英文字符集

[root@op-remote requirements]# localedef -c -f UTF-8 -i
en_US en_US.UTF-8
[root@op-remote requirements]# export LC_ALL=en_US.UTF-8
[root@op-remote requirements]# echo 'LANG="en_US.UTF-
8"' > /etc/locale.conf

二、准备Python3环境

(这里我们注意可以安装python3.6来防止后面的报错,我也不知道为什么
python3.7有什么问题,cao)

1.安装编译环境

1
2
3
[root@op-remote ~]# yum -y install wget sqlite-devel xz
gcc automake zlib-devel openssl-devel epel-release git
libffi-devel

2.解压安装

1
2
3
4
5
6
[root@lp nginx]# wget
https://www.python.org/ftp/python/3.6.6/Python-3.6.6.tgz
[root@lp nginx]# tar xvf Python-3.6.6.tgz
[root@lp nginx]# cd Python-3.6.6/
[root@lp Python-3.6.6]# ./configure --
prefix=/usr/local/python3.6 ; make && make install

3.安装OpenSSL 1.1.0 (如果编译报错)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
报错:./python: /lib64/libssl.so.1.1: version
`OPENSSL_1_1_0'
[root@lp ~]# wget https://www.openssl.org/source/openssl-1.1.0h.tar.gz
[root@lp ~]# tar xvf openssl-1.1.0h.tar.gz
[root@lp openssl-1.1.0h]# cd openssl-1.1.0h/ && ./config
--prefix=/usr/local/openssl && make && make install &&
make depend
[root@lp local]# mv /usr/lib64/libssl.so.1.1
[root@lp local]# mv /usr/lib64/libcrypto.so.1.1
[root@lp local]# ln -s
/usr/local/openssl/lib/libssl.so.1.1
/usr/lib64/libssl.so.1.1
[root@lp local]# ln -s
/usr/local/openssl/lib/libcrypto.so.1.1
/lib64/libcrypto.so.1.1

4.更改Module文件

1
2
3
4
5
6
7
8
9
10
11
12
[root@lp Python-3.6.6]# vim Modules/Setup
# Socket module helper for socket(2)
_socket socketmodule.c
# Socket module helper for SSL support; you must comment
out the other
# socket line above, and possibly edit the SSL variable:

SSL=/usr/local/openssl
_ssl _ssl.c \
-DUSE_SSL -I$(SSL)/include -
I$(SSL)/include/openssl \
-L$(SSL)/lib -lssl -lcrypto
注意:
1
2
3
防止出现这个错误:ModuleNotFoundError: No module named
'_ctypes',需要安装下面的软件
[root@lp Python-3.6.6]# yum install libffi-devel -y

5.正式安装

1
2
3
4
5
[root@lp Python-3.6.6]# ./configure --
prefix=/usr/local/python3.6 ; make && make install
[root@lp Python-3.6.6]# vim /etc/profile
export PATH=$PATH:/usr/local/python3.6/bin
[root@lp Python-3.6.6]# source /etc/profile

三、下载JumpServer

1.下载或 Clone 项目

1
2
3
[JumpServer@op-remote ~]$ git clone
https://github.com/jumpserver/jumpserver.git && cd
jumpserver && git checkout master

2.安装依赖 RPM 包

需要通过root去安装
1
2
3
[root@op-remote ~]$ cd JumpServerPackage/requirements/
[root@op-remote requirements]$ sudo yum -y install $(cat
rpm_requirements.txt)

3.安装 Python 库依赖

1
2
[JumpServer@op-remote requirements]$ pip3 install -r
requirements.txt
注意:

这里会遇到一些错误的提示:

1
2
3
gevent 1.3.6 has requirement greenlet>=0.4.14;
platform_python_implementation == "CPython", but you'll
have greenlet 0.4.12 which is incompatible.

greenlet版本不够

但是当你卸载了greenlet以后,系统提示的是卸载了Successfully uninstalled
greenlet-0.4.14,可以看到,系统是安装了最新的版本,但是这里却无法识
别,这就很奇怪了,然后我尝试安装一个低版本:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
[root@op-remote requirements]# pip3 install
greenlet==0.4.12
Looking in indexes:
http://mirrors.aliyun.com/pypi/simple/
Collecting greenlet==0.4.12
Downloading
http://mirrors.aliyun.com/pypi/packages/be/76/82af375d98
724054b7e273b5d9369346937324f9bcc20980b45b068ef0b0/green
let-0.4.12.tar.gz (57kB)
100% |████████████████████████████████| 61kB
58.7MB/s
gevent 1.3.6 has requirement greenlet>=0.4.14;
platform_python_implementation == "CPython", but you'll
have greenlet 0.4.12 which is incompatible.
Installing collected packages: greenlet
Running setup.py install for greenlet ... error
Complete output from command
/usr/local/python3.7/bin/python3.7 -u -c "import
setuptools, tokenize;__file__='/tmp/pip-install-
3pm__ow5/greenlet/setup.py';f=getattr(tokenize, 'open',
open)(__file__);code=f.read().replace('\r\n',
'\n');f.close();exec(compile(code, __file__, 'exec'))"
install --record /tmp/pip-record-whkcmkrj/installrecord.
txt --single-version-externally-managed --
compile:
running install
running build
running build_ext
building 'greenlet' extension
creating build
creating build/temp.linux-x86_64-3.7
gcc -pthread -Wno-unused-result -Wsign-compare -
DNDEBUG -g -fwrapv -O3 -Wall -fPIC -
I/usr/local/python3.7/include/python3.7m -c greenlet.c -
o build/temp.linux-x86_64-3.7/greenlet.o
greenlet.c: In function ‘g_switchstack’:
greenlet.c:463:29: error: ‘PyThreadState’ has no
member named ‘exc_type’
current->exc_type = tstate->exc_type;
^
greenlet.c:464:30: error: ‘PyThreadState’ has no
member named ‘exc_value’
current->exc_value = tstate->exc_value;
^
greenlet.c:465:34: error: ‘PyThreadState’ has no
member named ‘exc_traceback’
current->exc_traceback = tstate->exc_traceback;

greenlet.c:485:9: error: ‘PyThreadState’ has no
member named ‘exc_type’
tstate->exc_type = target->exc_type;
^
greenlet.c:487:9: error: ‘PyThreadState’ has no
member named ‘exc_value’
tstate->exc_value = target->exc_value;
^
greenlet.c:489:9: error: ‘PyThreadState’ has no
member named ‘exc_traceback’
tstate->exc_traceback = target->exc_traceback;
^

## error: command 'gcc' failed with exit status 1

Command "/usr/local/python3.7/bin/python3.7 -u -c
"import setuptools, tokenize;__file__='/tmp/pip-install-
3pm__ow5/greenlet/setup.py';f=getattr(tokenize, 'open',
open)(__file__);code=f.read().replace('\r\n',
'\n');f.close();exec(compile(code, __file__, 'exec'))"
install --record /tmp/pip-record-whkcmkrj/installrecord.
txt --single-version-externally-managed --
compile" failed with error code 1 in /tmp/pip-install-
3pm__ow5/greenlet/

报了一个和安装库依赖的时候一样的错误,那么我可以大胆的预测,可能是安
装依赖的时候,选择安装了requirements.txt当中的低版本。

1
2
3
4
5
6
7
8
9
10
11
[root@op-remote requirements]# vim requirements.txt
ephem==3.7.6.0
eventlet==0.22.1
ForgeryPy==0.1
greenlet==0.4.14,然后这个问题就顺利解决啦
gunicorn==19.7.1

# 很明显的看到,他这里清单默认安装的是greenlet==0.4.12版本,和单

独安装这个版本是报的一个错误,那么这样就清晰明了了,这是一个很大的错
误,需要我们通

4.安装 Redis

Jumpserver 使用 Redis 做 cache 和 celery broke

1
2
3
4
5
[JumpServer@op-remote ~]$ tar xvf redis-4.0.10.tar.gz
[JumpServer@op-remote ~]$ cd redis-4.0.10/
[JumpServer@op-remote ~]$ mkdir redis
[JumpServer@op-remote redis-4.0.10]$ make
PREFIX=/home/JumpServer/redis install

5.安装MySQL-5.7

①下载
1
2
3
4
5
6
7
8
[JumpServer@op-remote ~]$ wget
http://dev.mysql.com/get/Downloads/MySQL-5.7/mysql-
5.7.23.tar.gz
[JumpServer@op-remote ~]$ wget
http://downloads.sourceforge.net/project/boost/boost/1.5
9.0/boost_1_59_0.tar.gz
[JumpServer@op-remote ~]$ tar xvf mysql-5.7.23.tar.gz
[JumpServer@op-remote ~]$ tar xvf boost_1_59_0.tar.gz
②安装必要编译插件
1
2
3
[root@op-remote home]# yum -y install autoconf automake
libtool cmake ncurses-devel openssl-devel lzo-devel
zlib-devel gcc gcc-c++
③编译开始
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
[JumpServer@op-remote mysql-5.7.23]$ cmake . -
DCMAKE_INSTALL_PREFIX=/home/JumpServer/mysql/mysql-
5.7.23 \
-DMYSQL_DATADIR=/home/JumpServer/mysql/mysql-5.7.23 \
-DDOWNLOAD_BOOST=1 \
-DWITH_BOOST=/home/JumpServer/boost_1_59_0 \ #指定boost的
位置
-DSYSCONFDIR=/home/JumpServer/mysql/mysql-5.7.23/etc/ \
-DWITH_INNOBASE_STORAGE_ENGINE=1 \
-DWITH_PARTITION_STORAGE_ENGINE=1 \
-DWITH_FEDERATED_STORAGE_ENGINE=1 \
-DWITH_BLACKHOLE_STORAGE_ENGINE=1 \
-DWITH_MYISAM_STORAGE_ENGINE=1 \
-DENABLED_LOCAL_INFILE=1 \
-DENABLE_DTRACE=0 \

-DDEFAULT_CHARSET=utf8 \
-DDEFAULT_COLLATION=utf8_general_ci \
-DEXTRA_CHARSETS=all \
-DWITH_EMBEDDED_SERVER=1 \
-DMYSQL_TCP_PORT=3306;

# 单行版

[JumpServer@op-remote mysql-5.7.23]$ cmake . -
DCMAKE_INSTALL_PREFIX=/home/JumpServer/mysql/mysql-
5.7.23 -DMYSQL_DATADIR=/home/JumpServer/mysql/mysql-
5.7.23 -DDOWNLOAD_BOOST=1 -
DWITH_BOOST=/home/JumpServer/boost_1_59_0 -
DSYSCONFDIR=/home/JumpServer/mysql/mysql-5.7.23/etc/ -
DWITH_INNOBASE_STORAGE_ENGINE=1 -
DWITH_PARTITION_STORAGE_ENGINE=1 -
DWITH_FEDERATED_STORAGE_ENGINE=1 -
DWITH_BLACKHOLE_STORAGE_ENGINE=1 -
DWITH_MYISAM_STORAGE_ENGINE=1 -DENABLED_LOCAL_INFILE=1 -
DENABLE_DTRACE=0 -DDEFAULT_CHARSET=utf8 -
DDEFAULT_COLLATION=utf8_general_ci -DEXTRA_CHARSETS=all
-DWITH_EMBEDDED_SERVER=1 -DMYSQL_TCP_PORT=3306;

# 开始编译

[JumpServer@op-remote mysql-5.7.23]$ make -j2 && make
install
④环境变量配置
1
2
3
4
[JumpServer@op-remote ~]$ vim .bash_profile
export PATH=$PATH:/home/JumpServer/mysql/mysql-
5.7.23/bin
[JumpServer@op-remote ~]$ source .bash_profile
⑤数据库配置文件
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
[JumpServer@op-remote ~]$ /home/JumpServer/mysql/mysql-
5.7.23/etc/my.cnf
[client]
port = 3306
socket = /home/JumpServer/mysql/logs/mysql.sock
[mysqld]

# Skip

skip-grant-tables = 1 # 跳过授权列表

skip_name_resolve = 1
skip-external-locking = 1
symbolic-links= 0

# GENERAL

user = JumpServer
default_storage_engine = InnoDB
character-set-server = utf8
socket = /home/JumpServer/mysql/logs/mysql.sock
pid_file =/home/JumpServer/mysql/logs/mysqld.pid
basedir = /home/JumpServer/mysql/mysql-5.7.23
port = 3306
bind-address = 0.0.0.0
log-warnings = 2
explicit_defaults_for_timestamp = off
#sql_mode=NO_ENGINE_SUBSTITUTION,STRICT_TRANS_TABLES
#read_only=on
sql_mode=NO_ENGINE_SUBSTITUTION

# MyISAM

key_buffer_size = 32M #size of the
buffer used for index blocks#
#myisam_re-cover = FORCE,BACKUP

# SAFETY

max_allowed_packet = 16M
max_connect_errors = 1000000
sysdate_is_now = 1
#innodb = FORCE
#innodb_strict_mode = 1

# Replice

server-id = 313306
relay_log = mysqld-relay-bin
gtid_mode = on
enforce-gtid-consistency
log-slave-updates = on
master_info_repository =TABLE
relay_log_info_repository =TABLE

# rpl_semi_sync_master_enabled=1

# rpl_semi_sync_master_timeout=200 # 0.2 second

# DATA STORAGE

datadir = /home/JumpServer/mysql/mysql-5.7.23/data
tmpdir = /home/JumpServer/mysql/mysql-5.7.23/temp/

# BINARY LOGGING

log_bin = /home/JumpServer/mysql/logs/mysql-bin
max_binlog_size = 1000M

binlog_format = row
expire_logs_days = 7

# sync_binlog = 1

# CACHES AND LIMITS

tmp_table_size = 32M
max_heap_table_size = 32M
query_cache_type = 0
query_cache_size = 0
max_connections = 4000
thread_cache_size = 2048
open_files_limit = 65535
table_definition_cache = 4096
table_open_cache = 4096
sort_buffer_size = 20M
read_buffer_size = 2M
read_rnd_buffer_size = 2M
#thread_concurrency = 24
join_buffer_size = 1M

# table_cache = 32768

thread_stack = 512k
max_length_for_sort_data = 16k

# INNODB

innodb_flush_method = O_DIRECT
innodb_log_buffer_size = 16M
innodb_flush_log_at_trx_commit = 2
innodb_file_per_table = 1
innodb_buffer_pool_size = 2G
innodb_buffer_pool_instances = 8
innodb_stats_on_metadata = off
innodb_open_files = 8192
innodb_read_io_threads = 8
innodb_write_io_threads = 16
innodb_io_capacity = 20000
innodb_thread_concurrency = 0
innodb_lock_wait_timeout = 60
innodb_old_blocks_time=1000
innodb_use_native_aio = 1
innodb_purge_threads=1
innodb_change_buffering=all
innodb_log_file_size = 128M
innodb_log_files_in_group = 3
innodb_data_file_path = ibdata1:1024M:autoextend

# LOGGING

log_error = /home/JumpServer/mysql/logs/mysql-error.log

# log_queries_not_using_indexes = 1

# slow_query_log = 1

slow_query_log_file =
/home/JumpServer/mysql/logs/slowlog_36215.log

# TimeOut

interactive_timeout = 30
wait_timeout = 30
[mysqldump]
quick
max_allowed_packet = 16M
[mysql]
no-auto-rehash
[myisamchk]
key_buffer_size = 256M
sort_buffer_size = 256M
read_buffer = 2M
write_buffer = 2M
[mysqlhotcopy]
interactive-timeout
⑥创建文件夹

要和上面配置文件当中的对应的文件夹的路径一样,一定要提前创建

1
2
3
4
[JumpServer@op-remote mysql-5.7.23]$ mkdir
/home/JumpServer/mysql/mysql-5.7.23/{data,temp,etc}
[JumpServer@op-remote mysql-5.7.23]$ mkdir
/home/JumpServer/mysql/logs
⑦初始化数据库

初始化数据库, –initialize 表示默认生成一个安全的密码,–initializeinsecure
表示不生成密码

1
2
3
4
5
6
[JumpServer@op-remote mysql-5.7.23]$ mysqld --defaultsfile=/
home/JumpServer/mysql/mysql-5.7.23/etc/my.cnf --
initialize-insecure --user='JumpServer' --
log_error_verbosity --explicit_defaults_for_timestamp --
basedir=/home/JumpServer/mysql/mysql-5.7.23 --
datadir=/home/JumpServer/mysql/mysql-5.7.23/data
⑧初始化data数据库文件
1
2
3
4
[JumpServer@op-remote mysql-5.7.23]$ mysql_install_db --
user=JumpServer ./mysql_install_db --user=mysql --
basedir=/home/JumpServer/mysql/mysql-5.7.23 --
datadir=/home/JumpServer/mysql/mysql-5.7.23/data
注意

出现错误以后,注意看错误日志,尤其是手动初始化数据库的data文件夹的操

⑨启动MySQL

指定配置文件启动,和以前的启动的方法有很大的不同

1
2
mysqld_safe --defaultsfile=/
home/JumpServer/mysql/mysql-5.7.23/etc/my.cnf &
⑩修改密码

在配置文件当中让skip-grant-tables=1,然后重启MySQL

1
2
3
msyql> update mysql.user set authentication_string =
password('666666'), password_expired = 'N',
password_last_changed = now() where user = 'root';
6.创建函数并授权
1
2
3
4
5
6
7
8
9
msyql> create database jumpserver default charset
'utf8';
mysql> grant all on jumpserver.* to
'jumpserver'@'localhost' identified by '666666';
mysql> grant all on jumpserver.* to
'jumpserver'@'127.0.0.1' identified by '666666';
mysql> flush privileges;
[JumpServer@op-remote logs]$ mysql -ujumpserver -
p'666666'
注意

这里进行授权的时候会有jumpserver’@’localhost’,
jumpserver’@’127.0.0.1’的区别,由于可能会出现权限的问题,那么最后就
是两个host的用户都创建一次

7.修改 Jumpserver 配置文件
1
2
[JumpServer@op-remote JumpServerPackage]$ cp
config_example.py config.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
[JumpServer@op-remote JumpServerPackage]$ vim config.py
"""
jumpserver.config

Jumpserver project setting file
:copyright: (c) 2014-2017 by Jumpserver Team
:license: GPL v2, see LICENSE for more details.
"""
import os
BASE_DIR = os.path.dirname(os.path.abspath(__file__))
class Config:

# Use it to encrypt or decrypt data

# SECURITY WARNING: keep the secret key used in

production secret! 请随意输入随机字符串(推荐字符大于等于 50位
SECRET_KEY = os.environ.get('SECRET_KEY') or
'p*O8Il8F1+&#CF1uASm+oi(*dc^sd%Gss\.Sg;/Asu)&H%s.O#CIl1*
33;Pzd'

# Django security setting, if your disable debug

model, you should setting that
ALLOWED_HOSTS = ['*']

# DEBUG 模式 True为开启 False为关闭,默认开启,生产环境推荐

关闭

# 注意:如果设置了DEBUG = False,访问8080端口页面会显示不正

常,需要搭建 nginx 代理才可以正常访问

# Development env open this, when error occur

display the full process track, Production disable it
DEBUG = os.environ.get("DEBUG") or False

# 日志级别,默认为DEBUG,可调整为INFO, WARNING, ERROR,

CRITICAL,默认INFO

# DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See

https://docs.djangoproject.com/en/1.10/topics/logging/
LOG_LEVEL = os.environ.get("LOG_LEVEL") or 'INFO'
LOG_DIR = os.path.join(BASE_DIR, 'logs')

# Database setting, Support sqlite3, mysql, postgres

....

# See

https://docs.djangoproject.com/en/1.10/ref/settings/#dat
abases

# SQLite setting:

# DB_ENGINE = 'sqlite3'

# DB_NAME = os.path.join(BASE_DIR, 'data',

'db.sqlite3')

# MySQL or postgres setting like:

DB_ENGINE = os.environ.get("DB_ENGINE") or 'mysql'
DB_HOST = os.environ.get("DB_HOST") or 'localhost'
DB_PORT = os.environ.get("DB_PORT") or 3306
DB_USER = os.environ.get("DB_USER") or 'jumpserver'
DB_PASSWORD = os.environ.get("DB_PASSWORD") or
'666666'
DB_NAME = os.environ.get("DB_NAME") or 'jumpserver'

# When Django start it will bind this host and port

# ./manage.py runserver 127.0.0.1:8080

HTTP_BIND_HOST = '127.0.0.1'
HTTP_LISTEN_PORT = 8080

# Use Redis as broker for celery and web socket

REDIS_HOST = os.environ.get("REDIS_HOST") or
'127.0.0.1'
REDIS_PORT = os.environ.get("REDIS_PORT") or 6379

REDIS_PASSWORD = os.environ.get("REDIS_PASSWORD") or
''
REDIS_DB_CELERY = os.environ.get('REDIS_DB') or 3
REDIS_DB_CACHE = os.environ.get('REDIS_DB') or 4
def __init__(self):
pass
def __getattr__(self, item):
return None
class DevelopmentConfig(Config):
pass
class TestConfig(Config):
pass
class ProductionConfig(Config):
pass

# Default using Config settings, you can write if/else

for different env
config = DevelopmentConfig()
8.生成数据库表结构和初始化数据

这里很容易报错,所以我们需要注意前面安装的python的环境,尽量是3.6版
本的

9.启动JumpServer
1
2
[JumpServer@op-remote JumpServerPackage]$ ./jms start
all -d
1
2
3
4
5
6
$ cd /opt/jumpserver
$ ./jms start all # 后台运行使用 -d 参数./jms start all -d

# 新版本更新了运行脚本,使用方式./jms

start|stop|status|restart all 后台运行请添加 -d 参数

四、安装SSH Server 和 WebSocket Server: Coco

1.下载或 Clone 项目
1
2
3
4
5
[JumpServer@op-remote ~]$ mkdir Coco
[JumpServer@op-remote ~]$ cd Coco
[JumpServer@op-remote Coco]$ git clone
https://github.com/jumpserver/coco.git && cd coco && git
checkout master
2.安装依赖
1
2
3
4
[root@op-remote Coco]$ cd coco/requirement
[root@op-remote Coco]$ yum -y install $(cat
rpm_requirements.txt)
[root@op-remote Coco]$ pip3 install -r requirements.txt
3.修改配置文件并运行
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
[JumpServer@op-remote coco]# cp conf_example.py conf.py
[JumpServer@op-remote coco]# vim conf.py
#!/usr/bin/env python3

# -*- coding: utf-8 -*-

#
import os
BASE_DIR = os.path.dirname(__file__)
class Config:
"""
Coco config file, coco also load config from server
update setting below
"""

# 项目名称, 会用来向Jumpserver注册, 识别而已, 不能重复

NAME = "lepai_coco"

# Jumpserver项目的url, api请求注册会使用

CORE_HOST = os.environ.get("CORE_HOST") or
'http://127.0.0.1:8080'

# 启动时绑定的ip, 默认 0.0.0.0

# BIND_HOST = '0.0.0.0'

# 监听的SSH端口号, 默认2222

# SSHD_PORT = 2222

# 监听的HTTP/WS端口号,默认5000

# HTTPD_PORT = 5000

# 项目使用的ACCESS KEY, 默认会注册,并保存到

ACCESS_KEY_STORE中,

# 如果有需求, 可以写到配置文件中, 格式

access_key_id:access_key_secret

# ACCESS_KEY = None

# ACCESS KEY 保存的地址, 默认注册后会保存到该文件中

# ACCESS_KEY_STORE = os.path.join(BASE_DIR, 'keys',

'.access_key')

# 加密密钥

# SECRET_KEY = None

# 设置日志级别 ['DEBUG', 'INFO', 'WARN', 'ERROR',

'FATAL', 'CRITICAL']
LOG_LEVEL = 'INFO'

# 日志存放的目录

# LOG_DIR = os.path.join(BASE_DIR, 'logs')

# Session录像存放目录

# SESSION_DIR = os.path.join(BASE_DIR, 'sessions')

# 资产显示排序方式, ['ip', 'hostname']

# ASSET_LIST_SORT_BY = 'ip'

# 登录是否支持密码认证

# PASSWORD_AUTH = True

# 登录是否支持秘钥认证

# PUBLIC_KEY_AUTH = True

# 和Jumpserver 保持心跳时间间隔

# HEARTBEAT_INTERVAL = 5

# Admin的名字,出问题会提示给用户

# ADMINS = ''

COMMAND_STORAGE = {
"TYPE": "server"
}
REPLAY_STORAGE = {
"TYPE": "server"
}
config = Config()

五、安装 Web Terminal 前端: Luna

1.解压 Luna
1
2
3
4
5
[JumpServer@op-remote ~]$ mkdir Luna
[JumpServer@op-remote Luna]$ wget
https://github.com/jumpserver/luna/releases/download/1.4
.0/luna.tar.gz
[JumpServer@op-remote Luna]$ tar xvf luna.tar.gz