码迷,mamicode.com
首页 > 其他好文 > 详细

Jumpserver高可用集群部署:(五)核心模块部署并实现系统服务管理

时间:2020-11-12 14:29:48      阅读:20      评论:0      收藏:0      [点我收藏+]

标签:release   ipv4   example   完成   虚拟   tcp   perm   文件夹   mkdir   

1、配置防火墙
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.255.200.1/30" port protocol="tcp" port="8080" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.255.200.1/30" port protocol="tcp" port="8070" accept"
firewall-cmd --reload

2、安装 python3.6 及其它依赖

yum -y install python36 python36-devel git

3、配置 py3 虚拟环境

python3.6 -m venv /sas/jumpserver/py3
source /sas/jumpserver/py3/bin/activate

4、下载 core 核心组件

cd /sas/jumpserver/
wget https://github.com/jumpserver/jumpserver/releases/download/v2.3.1/jumpserver-v2.3.1.tar.gz
tar xf jumpserver-v2.3.1.tar.gz
mv jumpserver-v2.3.1 jumpserver

5、安装 rpm 依赖包

yum -y install $(cat /sas/jumpserver/jumpserver/requirements/rpm_requirements.txt)

6、安装 python 依赖

pip install --upgrade pip setuptools
pip install wheel
pip install -r /sas/jumpserver/jumpserver/requirements/requirements.txt

# 如果之前安装过其它版本依赖,重新安装依赖时需删除缓存
cd ~/.cache/pip
rm -rf *

7、修改配置文件

# 备份原始配置文件
cd /sas/jumpserver/jumpserver
cp config_example.yml config.yml

# 生成新的随机安全密钥
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc

# 查找替换配置文件中的安全密钥
sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /sas/jumpserver/jumpserver/config.yml
sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /sas/jumpserver/jumpserver/config.yml
sed -i "s/# DEBUG: true/DEBUG: false/g" /sas/jumpserver/jumpserver/config.yml
sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /sas/jumpserver/jumpserver/config.yml
sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /sas/jumpserver/jumpserver/config.yml

# 编译配置文件,修改数据库相关配置
vi config.yml

# 安全密钥相关配置己通过查找替换完成
SECRET_KEY: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
BOOTSTRAP_TOKEN: xxxxxxxxxxxxxxx
DEBUG: false
LOG_LEVEL: ERROR
SESSION_EXPIRE_AT_BROWSER_CLOSE: true

# mysql 数据库配置,若数据库密码为纯数字,需使用引号,否则会报类型错误
DB_ENGINE: mysql
DB_HOST: 10.255.200.1
DB_PORT: 3306
DB_USER: jumpserver
DB_PASSWORD: xxxxxxxx
DB_NAME: jumpserver

HTTP_BIND_HOST: 0.0.0.0
HTTP_LISTEN_PORT: 8080
WS_LISTEN_PORT: 8070

# redis 缓存数据库配置,此处IP地址使用浮动IP
REDIS_HOST: 10.255.200.4
REDIS_PORT: 6379
REDIS_PASSWORD: xxxxxxxx

USER_LOGIN_SINGLE_MACHINE_ENABLED: True
WINDOWS_SKIP_ALL_MANUAL_PASSWORD: True

8、编写systemd系统服务管理脚本

# 创建启动脚本相关文件夹
cd /sas/jumpserver
mkdir tools
cd tools

# 编写jumpserver核心模块启动脚本
vi jumpserver.service.sh

#!/bin/bash

source /sas/jumpserver/py3/bin/activate

case $1 in
start)
    /sas/jumpserver/jumpserver/jms start -d
    ;;
stop)
    /sas/jumpserver/jumpserver/jms stop
    ;;
restart)
    /sas/jumpserver/jumpserver/jms restart -d
    ;;
*)
    /sas/jumpserver/jumpserver/jms status
    ;;
esac

# 编写jumpserver核心模块系统服务配置
cd /usr/lib/systemd/system
vi jumpserver.service

[Unit]
Description=Jumpserver Services
After=network.target remote-fs.target mariadb.service redis.service keepalived.service
Requires=mariadb.service

[Service]
Type=forking
ExecStart=/usr/bin/bash /sas/jumpserver/tools/jumpserver.service.sh start
ExecReload=/usr/bin/bash /sas/jumpserver/tools/jumpserver.service.sh restart
ExecStop=/usr/bin/bash /sas/jumpserver/tools/jumpserver.service.sh stop
Restart=on-failure
RestartSec=5

[Install]
WantedBy=multi-user.target

# 重启systemd守护进程,启动jumpserver核心服务
systemctl daemon-reload
systemctl start jumpserver
systemctl status jumpserver
systemctl enable jumpserver

Jumpserver高可用集群部署:(五)核心模块部署并实现系统服务管理

标签:release   ipv4   example   完成   虚拟   tcp   perm   文件夹   mkdir   

原文地址:https://blog.51cto.com/dusthunter/2545998

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!