标签:release ipv4 example 完成 虚拟 tcp perm 文件夹 mkdir
1、配置防火墙firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.255.200.1/30" port protocol="tcp" port="8080" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.255.200.1/30" port protocol="tcp" port="8070" accept"
firewall-cmd --reload
yum -y install python36 python36-devel git
python3.6 -m venv /sas/jumpserver/py3
source /sas/jumpserver/py3/bin/activate
cd /sas/jumpserver/
wget https://github.com/jumpserver/jumpserver/releases/download/v2.3.1/jumpserver-v2.3.1.tar.gz
tar xf jumpserver-v2.3.1.tar.gz
mv jumpserver-v2.3.1 jumpserver
yum -y install $(cat /sas/jumpserver/jumpserver/requirements/rpm_requirements.txt)
pip install --upgrade pip setuptools
pip install wheel
pip install -r /sas/jumpserver/jumpserver/requirements/requirements.txt
# 如果之前安装过其它版本依赖,重新安装依赖时需删除缓存
cd ~/.cache/pip
rm -rf *
# 备份原始配置文件
cd /sas/jumpserver/jumpserver
cp config_example.yml config.yml
# 生成新的随机安全密钥
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
# 查找替换配置文件中的安全密钥
sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /sas/jumpserver/jumpserver/config.yml
sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /sas/jumpserver/jumpserver/config.yml
sed -i "s/# DEBUG: true/DEBUG: false/g" /sas/jumpserver/jumpserver/config.yml
sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /sas/jumpserver/jumpserver/config.yml
sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /sas/jumpserver/jumpserver/config.yml
# 编译配置文件,修改数据库相关配置
vi config.yml
# 安全密钥相关配置己通过查找替换完成
SECRET_KEY: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
BOOTSTRAP_TOKEN: xxxxxxxxxxxxxxx
DEBUG: false
LOG_LEVEL: ERROR
SESSION_EXPIRE_AT_BROWSER_CLOSE: true
# mysql 数据库配置,若数据库密码为纯数字,需使用引号,否则会报类型错误
DB_ENGINE: mysql
DB_HOST: 10.255.200.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: xxxxxxxx
DB_NAME: jumpserver
HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
WS_LISTEN_PORT: 8070
# redis 缓存数据库配置,此处IP地址使用浮动IP
REDIS_HOST: 10.255.200.4
REDIS_PORT: 6379
REDIS_PASSWORD: xxxxxxxx
USER_LOGIN_SINGLE_MACHINE_ENABLED: True
WINDOWS_SKIP_ALL_MANUAL_PASSWORD: True
# 创建启动脚本相关文件夹
cd /sas/jumpserver
mkdir tools
cd tools
# 编写jumpserver核心模块启动脚本
vi jumpserver.service.sh
#!/bin/bash
source /sas/jumpserver/py3/bin/activate
case $1 in
start)
/sas/jumpserver/jumpserver/jms start -d
;;
stop)
/sas/jumpserver/jumpserver/jms stop
;;
restart)
/sas/jumpserver/jumpserver/jms restart -d
;;
*)
/sas/jumpserver/jumpserver/jms status
;;
esac
# 编写jumpserver核心模块系统服务配置
cd /usr/lib/systemd/system
vi jumpserver.service
[Unit]
Description=Jumpserver Services
After=network.target remote-fs.target mariadb.service redis.service keepalived.service
Requires=mariadb.service
[Service]
Type=forking
ExecStart=/usr/bin/bash /sas/jumpserver/tools/jumpserver.service.sh start
ExecReload=/usr/bin/bash /sas/jumpserver/tools/jumpserver.service.sh restart
ExecStop=/usr/bin/bash /sas/jumpserver/tools/jumpserver.service.sh stop
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
# 重启systemd守护进程,启动jumpserver核心服务
systemctl daemon-reload
systemctl start jumpserver
systemctl status jumpserver
systemctl enable jumpserver
Jumpserver高可用集群部署:(五)核心模块部署并实现系统服务管理
标签:release ipv4 example 完成 虚拟 tcp perm 文件夹 mkdir
原文地址:https://blog.51cto.com/dusthunter/2545998