Jumpserver堡垒机一键自动化部署实战
作者:互联网
---
Jumpserver是全球首款完全开源的堡垒机,使用 GNU GPL v2.0 开源协议,是符合 4A 的专业运维审计系统。
Jumpserver 使用 Python / Django 进行开发,遵循 Web 2.0 规范,配备了业界领先的 Web Terminal 解决方案,交互界面美观、用户体验好。
Jumpserver 采纳分布式架构,支持多机房跨区域部署,中心节点提供 API,各机房部署登录节点,可横向扩展、无并发访问限制。
Jumpserver功能特点:
- 统一认证
- 资产管理
- 统一授权
- 日志审计
- 支持LDAP认证
- Web terminal
- SSH Server
- 支持Windows RDP
一键自动化搭建Jumpserver堡垒机平台脚本如下:
#!/bin/bash # 2020年9月21日16:38:24 # set -e echo "0. 系统的一些配置" setenforce 0 || true systemctl stop iptables.service || true systemctl stop firewalld.service || true localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 export LC_ALL=zh_CN.UTF-8 echo 'LANG=zh_CN.UTF-8' > /etc/locale.conf echo "1. 安装基本依赖" { yum update -y && yum install epel-release -y && yum update -y && yum install wget zip unzip epel-release nginx sqlite-devel xz gcc automake zlib-devel openssl-devel redis mariadb mariadb-devel mariadb-server supervisor -y } || { echo "yum出错,请更换源重新运行" exit 1 } cd /opt/ echo "2. 准备python" { wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz -O /opt/Python-3.6.1.tar.xz } || { echo "pyhton 依赖包下载出错,请尝试使用特殊工具进行手工下载https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz ,并且放至于/opt/Python-3.6.1.tar.xz,如您是手工下载,请注释上面wget命令再运行本脚本" exit 1 } { tar xf Python-3.6.1.tar.xz && cd Python-3.6.1 && ./configure && make && make install } || { echo "解压或编译python出错,请尝试使用上面的命令手工解压或编译,如手工操作成功,请注释上述代码再运行本脚本" exit 1 } { python3 -m venv /opt/py3 } || { echo "建立python虚拟环境出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本" exit 1 } cd /opt/ echo "3. 下载包并解压" { wget https://github.com/jumpserver/jumpserver/archive/1.0.0.zip -O /opt/jumpserver.zip } || { echo "下载jumpserver包出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本" exit 1 } { wget https://github.com/jumpserver/coco/archive/1.0.0.zip -O /opt/coco.zip } || { echo "下载coco包出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本" exit 1 } { wget https://github.com/jumpserver/luna/releases/download/v1.0.0/luna.tar.gz -O /opt/luna.tar.gz } || { echo "下载luna包出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本" exit 1 } cd /opt { unzip coco.zip && mv coco-1.0.0 coco && unzip jumpserver.zip && mv jumpserver-1.0.0 jumpserver && tar xzf luna.tar.gz } || { echo "解压出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本" exit 1 } echo "4. 安装yum依赖" { yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt) && yum -y install $(cat /opt/coco/requirements/rpm_requirements.txt) } || { echo "安装jumpserver的依赖出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本" exit 1 } echo "5. 安装pip依赖" { source /opt/py3/bin/activate && pip install --upgrade pip && pip install -r /opt/jumpserver/requirements/requirements.txt && pip install -r /opt/coco/requirements/requirements.txt } || { echo "安装jumpserver的依赖出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本" exit 1 } echo "6. 创建数据库" mkdir -p /opt/mysql/share/mysql/ { wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/mysql_security.sql?raw=true -O /opt/mysql/mysql_security.sql wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/mysql.cnf?raw=true -O /etc/my.cnf wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/errmsg.sys?raw=true -O /opt/mysql/share/mysql/errmsg.sys } || { echo "下载数据库依赖文件出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本" exit 1 } echo "7. 准备文件" { wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/nginx.conf?raw=true -O /etc/nginx/nginx.conf wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/supervisord.conf?raw=true -O /etc/supervisord.conf wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/jumpserver_conf.py?raw=true -O /opt/jumpserver/config.py wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/coco_conf.py?raw=true -O /opt/coco/conf.py wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/start_jms.sh?raw=true -O /opt/start_jms.sh } || { echo "下载配置文件出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本" exit 1 } echo "8. 配置nginx" cat << EOF > /etc/nginx/conf.d/jumpserver.conf server { listen 80; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; location /luna/ { try_files $uri / /index.html; alias /opt/luna/; } location /media/ { add_header Content-Encoding gzip; root /opt/jumpserver/data/; } location /static/ { root /opt/jumpserver/data/; } location /socket.io/ { proxy_pass http://localhost:5000/socket.io/; # 如果coco安装在别的服务器,请填写它的ip proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /guacamole/ { proxy_pass http://localhost:8081/; # 如果guacamole安装在别的服务器,请填写它的ip proxy_buffering off; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; access_log off; } location / { proxy_pass http://localhost:8080; # 如果jumpserver安装在别的服务器,请填写它的ip } } EOF mkdir -p /opt/nginx/log && chmod -R 777 /opt/nginx { systemctl restart nginx systemctl enable nginx } || { service restart nginx } || { nginx -s reload } || { echo "请检查nginx的启动命令" exit 1 } echo "jumpserver安装完成,请运行/opt/start_jms.sh启动jumpserver" echo "下面开始安装windows组件guacamole,如果不需要管理windows资产,可以取消继续安装" echo "9. 安装docker" yum check-update { curl -fsSL https://get.docker.com/ | sh } || { echo "安装docker 出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本" exit 1 } systemctl start docker systemctl enable docker echo "10. 安装guacamole" host_ip=`python -c "import socket;print([(s.connect(('8.8.8.8', 53)), s.getsockname()[0], s.close()) for s in [socket.socket(socket.AF_INET, socket.SOCK_DGRAM)]][0][1])"` docker run --name jms_guacamole -d \ --restart always \ -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \ -e JUMPSERVER_KEY_DIR=/config/guacamole/key \ -e JUMPSERVER_SERVER=http://$host_ip:8080 \ registry.jumpserver.org/public/guacamole:1.0.0
、、、
标签:opt,一键,echo,堡垒,proxy,&&,mysql,Jumpserver,jumpserver 来源: https://www.cnblogs.com/panw/p/16424405.html