概述
前面介绍了jumpserver部署的过程,后来整理了下,改成这个一键部署脚本,下面的脚本是基于centos7环境测试,如果是其他系统(如redhat7)就要考虑yum源等因素了。
一键部署jumpserver脚本
#!/bin/bash
# coding: utf-8
# Copyright by hwb
###############################usage##################################
#1、操作系统为centos7(如果为redhat7配置yum部分需修改)
#2、服务器可以上外网
#3、端口规划
#Protocol Server name Port
#TCP Jumpserver 8080
#TCP Coco 2222, 5000
#TCP Guacamole 8081
#TCP Db 3306
#TCP Redis 6379
#TCP Nginx 80
###############################usage##################################
set -e #返回值为非0时,退出脚本
echo “===========================0. 系统的一些配置===========================”
setenforce 0 || true
#systemctl stop iptables.service || true >/dev/null 2>&1
systemctl stop firewalld.service || true >/dev/null 2>&1
localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
export LC_ALL=zh_CN.UTF-8
echo ‘LANG=zh_CN.UTF-8’ > /etc/sysconfig/i18n
echo “===========================1. 备份yum==================================”
{
for i in /etc/yum.repos.d/*.repo;do cp $i ${i%.repo}.bak;done
rm -rf /etc/yum.repos.d/*.repo
} || {
echo “yum出错,请更换源重新运行”
exit 1
}
echo “===========================2. 获取网络yum==============================”
{
wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/Centos-7.repo >/dev/null 2>&1
wget -P /etc/yum.repos.d/ http://mirrors.163.com/.help/CentOS7-Base-163.repo >/dev/null 2>&1
sed -i ‘s/$releasever/7/g’ /etc/yum.repos.d/CentOS7-Base-163.repo
yum clean all&&yum makecache
yum repolist >/dev/null 2>&1
} || {
echo “yum出错,请更换源重新运行”
exit 1
}
echo “===========================3. 安装基本依赖=============================”
{
yum update -y>/dev/null && yum install wget unzip epel-release nginx sqlite-devel xz gcc automake zlib-devel openssl-devel redis mariadb mariadb-devel mariadb-server supervisor -y >/dev/null 2>&1
} || {
echo “yum出错,请更换源重新运行”
exit 1
}
echo “===========================4. 准备python===============================”
{
cd /opt/
wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz -O /opt/Python-3.6.1.tar.xz >/dev/null 2>&1
} || {
echo “pyhton 依赖包下载出错,请尝试使用特殊工具进行手工下载https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz ,并且放至于/opt/Python-3.6.1.tar.xz,如您是手工下载,请注释上面wget命令再运行本脚本”
exit 1
}
{
tar xf Python-3.6.1.tar.xz && cd Python-3.6.1 && ./configure>/dev/null && make>/dev/null && make install >/dev/null 2>&1
} || {
echo “解压或编译python出错,请尝试使用上面的命令手工解压或编译,如手工操作成功,请注释上述代码再运行本脚本”
exit 1
}
{
python3 -m venv py3
} || {
echo “建立python虚拟环境出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本”
exit 1
}
echo “===========================5. 下载jummpserver包并解压==================”
{
wget https://github.com/jumpserver/jumpserver/archive/v1.4.10.zip -O /opt/jumpserver.zip >/dev/null 2>&1
} || {
echo “下载jumpserver包出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本”
exit 1
}
{
wget https://github.com/jumpserver/coco/archive/1.4.10.zip -O /opt/coco.zip >/dev/null 2>&1
} || {
echo “下载coco包出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本”
exit 1
}
{
wget https://github.com/jumpserver/luna/releases/download/1.4.10/luna.tar.gz -O /opt/luna.tar.gz >/dev/null 2>&1
} || {
echo “下载luna包出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本”
exit 1
}
{
cd /opt
unzip coco.zip >/dev/null && mv coco-1.4.10 coco && unzip jumpserver.zip >/dev/null && mv jumpserver-1.4.10 jumpserver && tar xzf luna.tar.gz >/dev/null 2>&1
} || {
echo “解压出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本”
exit 1
}
echo “===========================6. 安装yum依赖==============================”
{
yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt) >/dev/null && yum -y install $(cat /opt/coco/requirements/rpm_requirements.txt) >/dev/null 2>&1
} || {
echo “安装jumpserver的依赖出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本”
exit 1
}
#更新pip版本
#python -m pip install –upgrade pip
echo “===========================7. 安装pip依赖==============================”
{
python3 -m venv py3 &&
source /opt/py3/bin/activate && pip install –upgrade pip>/dev/null && pip install -r /opt/jumpserver/requirements/requirements.txt>/dev/null && pip install -r /opt/coco/requirements/requirements.txt >/dev/null 2>&1
} || {
echo “安装jumpserver的依赖出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本”
exit 1
}
echo “===========================8. 创建数据库===============================”
mkdir -p /opt/mysql/share/mysql/
{
wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/mysql_security.sql?raw=true -O /opt/mysql/mysql_security.sql >/dev/null 2>&1
wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/mysql.cnf?raw=true -O /etc/my.cnf >/dev/null 2>&1
wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/errmsg.sys?raw=true -O /opt/mysql/share/mysql/errmsg.sys >/dev/null 2>&1
} || {
echo “下载数据库依赖文件出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本”
exit 1
}
echo “===========================9. 准备文件=================================”
{
wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/nginx.conf?raw=true -O /etc/nginx/nginx.conf >/dev/null 2>&1
wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/supervisord.conf?raw=true -O /etc/supervisord.conf >/dev/null 2>&1
wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/jumpserver_conf.py?raw=true -O /opt/jumpserver/config.py >/dev/null 2>&1
wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/coco_conf.py?raw=true -O /opt/coco/conf.py >/dev/null 2>&1
wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/start_jms.sh?raw=true -O /opt/start_jms.sh >/dev/null 2>&1
} || {
echo “下载配置文件出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本”
exit 1
}
echo “===========================10. 安装docker==============================”
yum check-update >/dev/null 2>&1
{
yum-config-manager –add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo >/dev/null && yum clean all>/dev/null && yum repolist >/dev/null 2>&1
yum -y install epel-release docker-ce >/dev/null 2>&1
systemctl start docker
tee -a /etc/sysctl.conf <<-EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
sysctl -p >/dev/null 2>&1
tee -a /etc/docker/daemon.json <<-EOF
{
“registry-mirrors”: [
“https://registry.docker-cn.com”
]
}
EOF
} || {
echo “安装docker 出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本”
exit 1
}
systemctl daemon-reload
systemctl restart docker
echo “===========================11. 安装guacamole===========================”
host_ip=`python -c “import socket;print([(s.connect((‘8.8.8.8’, 53)), s.getsockname()[0], s.close()) for s in [socket.socket(socket.AF_INET, socket.SOCK_DGRAM)]][0][1])”`
docker run –name jms_guacamole -d
–restart always
-p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key
-e JUMPSERVER_KEY_DIR=/config/guacamole/key
-e JUMPSERVER_SERVER=http://$host_ip:8080
registry.jumpserver.org/public/guacamole:1.0.0
echo “===========================12. 配置nginx===============================”
yum -y install nginx >/dev/null 2>&1
cat << EOF > /etc/nginx/conf.d/jumpserver.conf
server {
listen 80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/;
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/;
}
location /static/ {
root /opt/jumpserver/data/;
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/; # 如果coco安装在别的服务器,请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
}
location /guacamole/ {
proxy_pass http://localhost:8081/; # 如果guacamole安装在别的服务器,请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
access_log off;
}
location / {
proxy_pass http://localhost:8080; # 如果jumpserver安装在别的服务器,请填写它的ip
}
}
EOF
systemctl start mariadb
mkdir -p /opt/nginx/log && chmod -R 777 /opt/nginx
{
systemctl restart nginx
systemctl enable nginx
} || {
service restart nginx
} || {
nginx -s reload
} || {
echo “请检查nginx的启动命令”
exit 1
}
chmod +x /opt/start_jms.sh
echo ” 安装完成,请运行/opt/start_jms.sh启动jumpserver”
脚本调试过程
