Jump server installation and deployment learning (I) centos7 environment

Time:2021-11-25

Jumpserver deployment (centos7 environment)

1、 Jumpserver summary

Jumpserver is the first fully open source fortress machine in the world. It uses GNU GPL v2.0 open source protocol and is a professional operation and maintenance audit system in line with 4A
Jumpserver is developed using Python / Django, follows the Web 2.0 specification, and is equipped with the industry-leading Web terminal
Solution, beautiful interactive interface and good user experience
Jumpserver adopts a distributed architecture and supports cross regional deployment of multiple computer rooms. The central node provides APIs, and each computer room deploys login nodes, which can be expanded horizontally without concurrent access restrictions

Component description:
Jumpserver
It now refers to the jumpserver management background, which is the core component. It is developed in Django class based view style and supports restful API

Coco
It implements the components of ssh server and Web terminal server, provides SSH and websocket interfaces, and is developed using paramiko and flask

Luna
Now it is the Web terminal front-end, and the plan front-end pages are provided by the project. Jumpserver only provides APIs and is no longer responsible for rendering HTML in the background

2、 Environmental preparation

Environmental Science:

role IP
jumpserver 192.168.2.5
Web server (asset) 192.168.2.6

Steps:

① Turn off the firewall and SELinux
[[email protected] ~]# sed -i ‘/SELINUX/s/enforcing/disabled/g’ /etc/sysconfig/selinux
[[email protected] ~]# systemctl disable firewalld && reboot

② Modify the character set, otherwise the problem of input / output error may be reported, because Chinese is printed in the log
[[email protected] ~]# localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
[[email protected] ~]# export LC_ALL=zh_CN.UTF-8
[[email protected] ~]# echo ‘LANG=”zh_CN.UTF-8″‘ > /etc/locale.conf

③ Preparing Python 3 and python virtual environments
[[email protected] ~]# yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git
[[email protected] ~]# wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz
[[email protected] ~]# mv Python-3.6.1.tar.xz /usr/src && cd /usr/src/ && tar xvf Python-3.6.1.tar.xz && cd Python-3.6.1
[[email protected] Python-3.6.1]# ./configure && make && make install

④ Establish environment
[[email protected] Python-3.6.1]# cd /opt/
[[email protected] opt]# python3 -m venv py3
[[email protected] opt]# . /opt/py3/bin/activate
(py3) [[email protected] opt]#
Seeing the following prompt indicates success. You must run the above source command before running jumpserver in the future. All the following commands are run in the virtual environment
(py3) [[email protected] py3]

⑤ Auto load virtual environment
(py3) [[email protected] opt]# git clone git://github.com/kennethreitz/autoenv.git ~/.autoenv
(py3) [[email protected] opt]# echo ‘source ~/.autoenv/activate.sh’ >> ~/.bashrc
(py3) [[email protected] opt]# source ~/.bashrc

3、 Install jumpserver

Steps:

① Download clone project
(py3) [[email protected] ~]# cd /opt/
(py3) [[email protected] opt]# git clone --depth=1 https://github.com/jumpserver/jumpserver.git && cd jumpserver && git checkout master
(py3) [[email protected] jumpserver]# echo “source /opt/py3/bin/activate” > /opt/jumpserver/.env

② Installation dependency
(py3) [[email protected] jumpserver]# cd requirements/
You may be prompted y to enter the jumpserver directory for the first time
(py3) [[email protected] requirements]# yum -y install $(cat rpm_requirements.txt)
(py3) [[email protected] requirements]# pip install -r requirements.txt

③ Install redis,   Jumpserver uses redis for cache and cell break (Python distributed scheduling module)
(py3) [[email protected] ~]# yum -y install redis
(py3) [[email protected] ~]# systemctl start redis

④ Install MySQL
(py3) [[email protected] ~]# yum -y install mariadb*
(py3) [[email protected] ~]# systemctl start mariadb
(py3) [[email protected] ~]# systemctl enable mariadb

⑤ Authorize jumpserver
(py3) [[email protected] ~]# mysql
MariaDB [(none)]> create database jumpserver default charset ‘utf8’;
MariaDB [(none)]> grant all on jumpserver.* to [email protected]'127.0.0.1' identified by '123.com';
MariaDB [(none)]> flush privileges;

⑥ Modify jumpserver configuration file
(py3) [[email protected] ~]# cd /opt/jumpserver/
(py3) [[email protected] jumpserver]# cp config_example.py config.py
(py3) [[email protected] jumpserver]# vi config.py

Add... # remove pass under parameter
class DevelopmentConfig(Config):
    DEBUG = True
    DB_ENGINE = 'mysql'
    DB_HOST = '127.0.0.1'
    DB_PORT = 3306
    DB_USER = 'jumpserver'
    DB_PASSWORD = '123.com'
DB_NAME = 'jumpserver'
......

⑦ Generate database table structure and initialization data file
(py3) [[email protected] jumpserver]# cd /opt/jumpserver/utils/
(py3) [[email protected] utils]# bash make_migrations.sh

⑧ Run jumpserver
(py3) [[email protected] utils]# cd /opt/jumpserver/
(py3) [[email protected] jumpserver]# ./jms start all

./jms start|stop|status|restart all

If running in the background, add the – D option
If an error is reported, close and run again

If no error is reported, please use the browser to accesshttp://192.168.2.5:8080。Default account admin, password admin
Jump server installation and deployment learning (I) centos7 environment

Jump server installation and deployment learning (I) centos7 environment

4、 Install ssh server and websocket server: Coco

Steps:

① Download clone project(open a new terminal and don’t forget to load the virtual environment)
[[email protected] ~]# cd /opt/
[[email protected] opt]# . py3/bin/activate
(py3) [[email protected] opt]# git clone https://github.com/jumpserver/coco.git && cd coco && git checkout master

(py3) [[email protected] coco]# echo “source /opt/py3/bin/activate” > /opt/coco/.env

② Installation dependency
(py3) [[email protected] coco]# cd /opt/coco/requirements/
Enter the prompt y for the first time
(py3) [[email protected] requirements]# yum -y install $(cat rpm_requirements.txt)
(py3) [[email protected] requirements]# pip install -r requirements.txt -i https://pypi.org/simple

③ View the configuration file and run coco
(py3) [[email protected] requirements]# cd /opt/coco/
(py3) [[email protected] coco]# cp conf_example.py conf.py
(py3) [[email protected] coco]# ./cocod start

./cocod start|stop|status|restart

Start coco process
2018-05-28 16:14:25 [service DEBUG] Initial app service
2018-05-28 16:14:25 [service DEBUG] Load access key
2018-05-28 16:14:25 [service INFO] No access key found, register it
2018-05-28 16:14:25 [service INFO] "Terminal was not accepted yet"
2018-05-28 16:14:28 [service INFO] "Terminal was not accepted yet"

Prompt that the terminal is not licensed, go tohttp://192.168.2.5:8080/terminal/terminalLicense
Jump server installation and deployment learning (I) centos7 environment

5、 Installing Web terminal front end: Luna

(start a new terminal) Luna has been changed to a pure front end and needs to be accessed by nginx agent
[[email protected] ~]# cd /opt/
[[email protected] opt]# wget https://github.com/jumpserver/luna/releases/download/1.3.0/dist.tar.gz
[[email protected] opt]# tar zxf dist.tar.gz
[[email protected] opt]# mv dist luna
[[email protected] opt]# ls /opt/luna/

.....

6、 Configure nginx to integrate various components

Steps:

① Download source code and install
[[email protected] opt]# useradd -s /sbin/nologin www
[[email protected] opt]# wget http://nginx.org/download/nginx-1.14.0.tar.gz
[[email protected] opt]# tar zxf nginx-1.14.0.tar.gz && cd nginx-1.14.0
[[email protected] nginx-1.14.0]# ./configure --prefix=/usr/local/nginx --user=www --group=www --withhttp_stub_status_module --with-http_realip_module --with-http_ssl_module --with-http_gzip_static_module --with-pcre --with-http_flv_module
[[email protected] nginx-1.14.0]# make && make install
[[email protected] nginx-1.14.0]# ln -s /usr/local/nginx/sbin/nginx /usr/local/sbin/
[[email protected] nginx-1.14.0]# cd /usr/local/nginx/conf/ && vim nginx.conf

② Modify profile

http {
.. # omit the HTTP context and modify the server to this
server {
    listen 80;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    location /luna/ {
        try_files $uri / /index.html;
        alias /opt/luna/;
    }

    location /media/ {
        add_header Content-Encoding gzip;
        root /opt/jumpserver/data/;
    }

    location /static/ {
        root /opt/jumpserver/data/;
    }

    location /socket.io/ {
        proxy_ pass        http://localhost:5000/socket.io/ # If coco is installed on another server, please fill in its IP address
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
    location / {
        proxy_ pass  http://localhost:8080 # If jumpserver is installed on another server, please fill in its IP address
    }
}
}

[[email protected] conf]# Nginx - t # start after confirmation
[[email protected] conf]# nginx

③ Ensure that the service is correct and start using jumpserver
[[email protected] conf]# cd /opt/jumpserver/
(py3) [[email protected] jumpserver]# ./jms status

gunicorn is running: 33734
celery is running: 33627
beat is running: 33629

(py3) [[email protected] jumpserver]# cd ../coco/
(py3) [[email protected] coco]# ./cocod status

Coco is running: 57935

visithttp://192.168.2.5
Default account admin password admin

7、 Test connection

Through server asset machine or client Mac OS or Linux, the login syntax is as follows
$ ssh -p2222 [email protected]
$ sftp -P2222 [email protected]
Password: admin

If the login client is windows, the xshell terminal login syntax is as follows
$ ssh [email protected] 2222
$ sftp [email protected] 2222
Password: admin
If you can log in, it means that the deployment is successful

The default upload location of SFTP is in the / tmp directory of the asset

Special thanks for the open source use of jumpserver. This article turns to the official website document
http://docs.jumpserver.org/zh…

See the next document for specific usage

Recommended Today

Apache sqoop

Source: dark horse big data 1.png From the standpoint of Apache, data flow can be divided into data import and export: Import: data import. RDBMS—–>Hadoop Export: data export. Hadoop—->RDBMS 1.2 sqoop installation The prerequisite for installing sqoop is that you already have a Java and Hadoop environment. Latest stable version: 1.4.6 Download the sqoop installation […]