jumpserver一体化安装

环境

系统: CentOS 7

IP: 192.168.52.132

一、安装部署

参考官方文档http://docs.jumpserver.org/zh/latest/step_by_step.html#windows；如若安装过程中遇到问题，可以参考http://docs.jumpserver.org/zh/docs/faq.html#id1。

二、停止或重启jumpserver

按照官方文档部署，不修改端口的话，jumpserver共涉及5个端口的服务：

3306端口的mysql运行 mariadb 服务

8080端口的Jumpserver 运行 jumpserver、redis 服务

2000端口的Coco 运行 coco 服务

8081端口的Guacamole 运行 docker 服务

80端口的Nginx 代理运行 nginx 服务

（一）停止jumpserver

（二）重启jumpserver

1、关闭 selinux 和防火墙

# CentOS 7

$ setenforce 0  # 可以设置配置文件永久关闭

$ systemctl stop iptables.service

$ systemctl stop firewalld.service

# CentOS6

$ setenforce 0

$ service iptables stop

2、修改centos7系统字符集

输入locale查看字符集，如已是zh_CN.UTF-8，则直接执行source /etc/locale.conf使其生效；如不是则按下面的方法修改后执行source /etc/locale.conf。

# Centos7

$ localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8

$ export LC_ALL=zh_CN.UTF-8

$ echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf

# Centos6

$ localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8

$ export LC_ALL=zh_CN.UTF-8

$ echo 'LANG="zh_CN.UTF-8"' > /etc/sysconfig/i18n

# Ubuntu

$ apt-get install language-pack-zh-hanscd

$ echo 'LANG="zh_CN.UTF-8"' > /etc/default/locale

3、进入python3虚拟环境

执行source /opt/py3/bin/activate进入python3虚拟环境，因为jumpserver是基于python3开发。

4、启动redis服务

$ service redis start

5、启动mysql服务

# centos7

$ service mariadb start

# centos6

$ service mysqld start

6、启动jumpserver

$su  #切换root帐号

$ cd /opt/jumpserver

$ sudo python run_server.py all

运行不报错，如下：

(py3) [Yumi@localhost ~]$ su密码：bash: /opt/autoenv/activate.sh: 没有那个文件或目录(py3) [root@localhost Yumi]# cd /opt/jumpserver(py3) [root@localhost jumpserver]# python run_server.py allMon Jul 16 16:11:07 2018Jumpserver version 1.3.2, more see https://www.jumpserver.org- Start Gunicorn WSGI HTTP ServerCheck database structure change ...2018-07-16 16:11:12 [signals_handler DEBUG] Receive django ready signal2018-07-16 16:11:12 [signals_handler DEBUG] - fresh all settingsSystem check identified some issues:WARNINGS:?: (mysql.W002) MySQL Strict Mode is not set for database connection 'default' HINT: MySQL's Strict Mode fixes many data integrity problems in MySQL, such as data truncation upon insertion, by escalating warnings into errors. It is strongly recommended you activate it. See: https://docs.djangoproject.com/en/1.11/ref/databases/#mysql-sql-modeOperations to perform: Apply all migrations: assets, audits, auth, captcha, common, contenttypes, django_celery_beat, ops, perms, sessions, terminal, usersRunning migrations: No migrations to apply.Collect static files2018-07-16 16:11:19 [signals_handler DEBUG] Receive django ready signal2018-07-16 16:11:19 [signals_handler DEBUG] - fresh all settings0 static files copied to '/opt/jumpserver/data/static', 325 unmodified.- Start Celery as Distributed Task Queue- Start Beat as Periodic Task Scheduler[2018-07-16 16:11:21 +0800] [7829] [INFO] Starting gunicorn 19.7.1[2018-07-16 16:11:21 +0800] [7829] [INFO] Listening at: http://0.0.0.0:8080 (7829)[2018-07-16 16:11:21 +0800] [7829] [INFO] Using worker: eventlet[2018-07-16 16:11:21 +0800] [7840] [INFO] Booting worker with pid: 7840[2018-07-16 16:11:21 +0800] [7841] [INFO] Booting worker with pid: 7841[2018-07-16 16:11:21 +0800] [7842] [INFO] Booting worker with pid: 7842[2018-07-16 16:11:21 +0800] [7843] [INFO] Booting worker with pid: 7843celery beat v4.1.0 (latentcall) is starting.2018-07-16 16:11:25 [signals_handler DEBUG] Receive django ready signal2018-07-16 16:11:25 [signals_handler DEBUG] - fresh all settings2018-07-16 16:11:25 [signals_handler DEBUG] Receive django ready signal2018-07-16 16:11:25 [signals_handler DEBUG] - fresh all settings2018-07-16 16:11:25 [signals_handler DEBUG] Receive django ready signal2018-07-16 16:11:25 [signals_handler DEBUG] - fresh all settings2018-07-16 16:11:26 [signals_handler DEBUG] Receive django ready signal2018-07-16 16:11:26 [signals_handler DEBUG] - fresh all settings2018-07-16 16:11:26 [signals_handler DEBUG] Receive django ready signal2018-07-16 16:11:26 [signals_handler DEBUG] - fresh all settings/opt/py3/lib/python3.6/site-packages/celery/platforms.py:795: RuntimeWarning: You're running the worker with superuser privileges: this isabsolutely not recommended!Please specify a different user using the -u option.User information: uid=0 euid=0 gid=0 egid=0 uid=uid, euid=euid, gid=gid, egid=egid,| Worker: Preparing bootsteps.| Worker: Building graph...| Worker: New boot order: {Beat, Timer, Hub, Pool, Autoscaler, StateDB, Consumer}| Consumer: Preparing bootsteps.| Consumer: Building graph...2018-07-16 16:11:27 [signals_handler DEBUG] Receive django ready signal2018-07-16 16:11:27 [signals_handler DEBUG] - fresh all settings__ - ... __ - _LocalTime -> 2018-07-16 16:11:27Configuration -> . broker -> redis://127.0.0.1:6379/3 . loader -> celery.loaders.app.AppLoader . scheduler -> django_celery_beat.schedulers.DatabaseScheduler . logfile -> [stderr]@%DEBUG . maxinterval -> 1.00 minute (60.0s)Setting default socket timeout to 30beat: Starting...DatabaseScheduler: initial readWriting entries...DatabaseScheduler: Fetching database schedule| Consumer: New boot order: {Connection, Events, Mingle, Gossip, Tasks, Control, Heart, Agent, event loop} -------------- [email protected] v4.1.0 (latentcall)---- **** ----- --- * *** * -- Linux-3.10.0-693.17.1.el7.x86_64-x86_64-with-centos-7.4.1708-Core 2018-07-16 16:11:27-- * - **** --- - ** ---------- [config]- ** ---------- .> app: jumpserver:0x7f5dec593048- ** ---------- .> transport: redis://127.0.0.1:6379/3- ** ---------- .> results: redis://127.0.0.1:6379/3- *** --- * --- .> concurrency: 4 (prefork)-- ******* ---- .> task events: OFF (enable -E to monitor tasks in this worker)--- ***** ----- -------------- [queues] .> celery exchange=celery(direct) key=celery [tasks] . assets.tasks.push_system_user_to_assets . assets.tasks.push_system_user_to_assets_manual . assets.tasks.push_system_user_util . assets.tasks.set_admin_user_connectability_info . assets.tasks.set_assets_hardware_info . assets.tasks.set_system_user_connectablity_info . assets.tasks.test_admin_user_connectability_manual . assets.tasks.test_admin_user_connectability_period . assets.tasks.test_admin_user_connectability_util . assets.tasks.test_asset_connectability_manual . assets.tasks.test_asset_connectability_util . assets.tasks.test_system_user_connectability_manual . assets.tasks.test_system_user_connectability_period . assets.tasks.test_system_user_connectability_util . assets.tasks.update_asset_hardware_info_manual . assets.tasks.update_assets_hardware_info_period . assets.tasks.update_assets_hardware_info_util . celery.accumulate . celery.backend_cleanup . celery.chain . celery.chord . celery.chord_unlock . celery.chunks . celery.group . celery.map . celery.starmap . common.tasks.send_mail_async . ops.tasks.hello . ops.tasks.hello_callback . ops.tasks.run_ansible_task . terminal.tasks.clean_orphan_session . terminal.tasks.delete_terminal_status_period . users.tasks.write_login_log_async| Worker: Starting Hub^-- substep ok| Worker: Starting PoolCurrent schedule:>>>>>>

beat: Ticking with max interval->1.00 minute

beat: Waking up in 1.00 minute.

^-- substep ok

| Worker: Starting Consumer

| Consumer: Starting Connection

Connected to redis://127.0.0.1:6379/3

^-- substep ok

| Consumer: Starting Events

^-- substep ok

| Consumer: Starting Mingle

mingle: searching for neighbors

mingle: all alone

^-- substep ok

| Consumer: Starting Gossip

^-- substep ok

| Consumer: Starting Tasks

^-- substep ok

| Consumer: Starting Control

^-- substep ok

| Consumer: Starting Heart

^-- substep ok

| Consumer: Starting event loop

| Worker: Hub.register Pool...

2018-07-16 16:11:28 [signal_handler DEBUG] App ready signal recv

App ready signal recv

2018-07-16 16:11:28 [signal_handler DEBUG] Start need start task: [assets.tasks.update_assets_hardware_info_period, assets.tasks.test_admin_user_connectability_period, assets.tasks.test_system_user_connectability_period, terminal.tasks.delete_terminal_status_period, terminal.tasks.clean_orphan_session]

Start need start task: [assets.tasks.update_assets_hardware_info_period, assets.tasks.test_admin_user_connectability_period, assets.tasks.test_system_user_connectability_period, terminal.tasks.delete_terminal_status_period, terminal.tasks.clean_orphan_session]

/opt/py3/lib/python3.6/site-packages/celery/fixups/django.py:202: UserWarning: Using settings.DEBUG leads to a memory leak, never use this setting in production environments! warnings.warn('Using settings.DEBUG leads to a memory leak, never '

[email protected] ready.

basic.qos: prefetch_count->16

Received task: assets.tasks.update_assets_hardware_info_period[23339da8-401b-4da4-b8c8-b6bc32780d3d]

TaskPool: Apply (args:('assets.tasks.update_assets_hardware_info_period', '23339da8-401b-4da4-b8c8-b6bc32780d3d', {'lang': 'py', 'task': 'assets.tasks.update_assets_hardware_info_period', 'id': '23339da8-401b-4da4-b8c8-b6bc32780d3d', 'eta': None, 'expires': None, 'group': None, 'retries': 0, 'timelimit': [None, None], 'root_id': '23339da8-401b-4da4-b8c8-b6bc32780d3d', 'parent_id': None, 'argsrepr': '()', 'kwargsrepr': '{}', 'origin': '[email protected]', 'reply_to': 'b0487903-2f4b-3cbf-b88c-35fac2e910e3', 'correlation_id': '23339da8-401b-4da4-b8c8-b6bc32780d3d', 'delivery_info': {'exchange': '', 'routing_key': 'celery', 'priority': 0, 'redelivered': None}}, b'\x80\x02)}q\x00}q\x01(X\t\x00\x00\x00callbacksq\x02NX\x08\x00\x00\x00errbacksq\x03NX\x05\x00\x00\x00chainq\x04NX\x05\x00\x00\x00chordq\x05Nu\x87q\x06.', 'application/x-python-serialize', 'binary') kwargs:{})

Received task: assets.tasks.test_admin_user_connectability_period[f5e014c2-308c-492a-a5ac-8682252e476c]

TaskPool: Apply (args:('assets.tasks.test_admin_user_connectability_period', 'f5e014c2-308c-492a-a5ac-8682252e476c', {'lang': 'py', 'task': 'assets.tasks.test_admin_user_connectability_period', 'id': 'f5e014c2-308c-492a-a5ac-8682252e476c', 'eta': None, 'expires': None, 'group': None, 'retries': 0, 'timelimit': [None, None], 'root_id': 'f5e014c2-308c-492a-a5ac-8682252e476c', 'parent_id': None, 'argsrepr': '()', 'kwargsrepr': '{}', 'origin': '[email protected]', 'reply_to': 'b0487903-2f4b-3cbf-b88c-35fac2e910e3', 'correlation_id': 'f5e014c2-308c-492a-a5ac-8682252e476c', 'delivery_info': {'exchange': '', 'routing_key': 'celery', 'priority': 0, 'redelivered': None}}, b'\x80\x02)}q\x00}q\x01(X\t\x00\x00\x00callbacksq\x02NX\x08\x00\x00\x00errbacksq\x03NX\x05\x00\x00\x00chainq\x04NX\x05\x00\x00\x00chordq\x05Nu\x87q\x06.', 'application/x-python-serialize', 'binary') kwargs:{})

Task accepted: assets.tasks.update_assets_hardware_info_period[23339da8-401b-4da4-b8c8-b6bc32780d3d] pid:7876

Received task: assets.tasks.test_system_user_connectability_period[af40e924-f223-492e-a0d0-2e229bb89c6d]

TaskPool: Apply (args:('assets.tasks.test_system_user_connectability_period', 'af40e924-f223-492e-a0d0-2e229bb89c6d', {'lang': 'py', 'task': 'assets.tasks.test_system_user_connectability_period', 'id': 'af40e924-f223-492e-a0d0-2e229bb89c6d', 'eta': None, 'expires': None, 'group': None, 'retries': 0, 'timelimit': [None, None], 'root_id': 'af40e924-f223-492e-a0d0-2e229bb89c6d', 'parent_id': None, 'argsrepr': '()', 'kwargsrepr': '{}', 'origin': '[email protected]', 'reply_to': 'b0487903-2f4b-3cbf-b88c-35fac2e910e3', 'correlation_id': 'af40e924-f223-492e-a0d0-2e229bb89c6d', 'delivery_info': {'exchange': '', 'routing_key': 'celery', 'priority': 0, 'redelivered': None}}, b'\x80\x02)}q\x00}q\x01(X\t\x00\x00\x00callbacksq\x02NX\x08\x00\x00\x00errbacksq\x03NX\x05\x00\x00\x00chainq\x04NX\x05\x00\x00\x00chordq\x05Nu\x87q\x06.', 'application/x-python-serialize', 'binary') kwargs:{})

Task accepted: assets.tasks.test_admin_user_connectability_period[f5e014c2-308c-492a-a5ac-8682252e476c] pid:7875

Received task: terminal.tasks.delete_terminal_status_period[638c021d-b493-4197-b91b-efb5a50cda91]

TaskPool: Apply (args:('terminal.tasks.delete_terminal_status_period', '638c021d-b493-4197-b91b-efb5a50cda91', {'lang': 'py', 'task': 'terminal.tasks.delete_terminal_status_period', 'id': '638c021d-b493-4197-b91b-efb5a50cda91', 'eta': None, 'expires': None, 'group': None, 'retries': 0, 'timelimit': [None, None], 'root_id': '638c021d-b493-4197-b91b-efb5a50cda91', 'parent_id': None, 'argsrepr': '()', 'kwargsrepr': '{}', 'origin': '[email protected]', 'reply_to': 'b0487903-2f4b-3cbf-b88c-35fac2e910e3', 'correlation_id': '638c021d-b493-4197-b91b-efb5a50cda91', 'delivery_info': {'exchange': '', 'routing_key': 'celery', 'priority': 0, 'redelivered': None}}, b'\x80\x02)}q\x00}q\x01(X\t\x00\x00\x00callbacksq\x02NX\x08\x00\x00\x00errbacksq\x03NX\x05\x00\x00\x00chainq\x04NX\x05\x00\x00\x00chordq\x05Nu\x87q\x06.', 'application/x-python-serialize', 'binary') kwargs:{})

Task accepted: terminal.tasks.delete_terminal_status_period[638c021d-b493-4197-b91b-efb5a50cda91] pid:7878

Task accepted: assets.tasks.test_system_user_connectability_period[af40e924-f223-492e-a0d0-2e229bb89c6d] pid:7877

Received task: terminal.tasks.clean_orphan_session[bd10c760-6a61-4a53-bdb9-d83e07f0e9f8]

2018-07-16 16:11:29 [tasks DEBUG]

Period task disabled, update assets hardware info passPeriod task disabled, update assets hardware info pass

Task assets.tasks.update_assets_hardware_info_period[23339da8-401b-4da4-b8c8-b6bc32780d3d] succeeded in 0.16604587599977094s: None

2018-07-16 16:11:29 [tasks DEBUG]

Period task disabled, test admin user connectability passPeriod task disabled, test admin user connectability pass

Task assets.tasks.test_admin_user_connectability_period[f5e014c2-308c-492a-a5ac-8682252e476c] succeeded in 0.1722457489995577s: None

TaskPool: Apply (args:('terminal.tasks.clean_orphan_session', 'bd10c760-6a61-4a53-bdb9-d83e07f0e9f8', {'lang': 'py', 'task': 'terminal.tasks.clean_orphan_session', 'id': 'bd10c760-6a61-4a53-bdb9-d83e07f0e9f8', 'eta': None, 'expires': None, 'group': None, 'retries': 0, 'timelimit': [None, None], 'root_id': 'bd10c760-6a61-4a53-bdb9-d83e07f0e9f8', 'parent_id': None, 'argsrepr': '()', 'kwargsrepr': '{}', 'origin': '[email protected]', 'reply_to': 'b0487903-2f4b-3cbf-b88c-35fac2e910e3', 'correlation_id': 'bd10c760-6a61-4a53-bdb9-d83e07f0e9f8', 'delivery_info': {'exchange': '', 'routing_key': 'celery', 'priority': 0, 'redelivered': None}}, b'\x80\x02)}q\x00}q\x01(X\t\x00\x00\x00callbacksq\x02NX\x08\x00\x00\x00errbacksq\x03NX\x05\x00\x00\x00chainq\x04NX\x05\x00\x00\x00chordq\x05Nu\x87q\x06.', 'application/x-python-serialize', 'binary') kwargs:{})

2018-07-16 16:11:29 [tasks DEBUG]

Period task disabled, test system user connectability passPeriod task disabled, test system user connectability pass

Task accepted: terminal.tasks.clean_orphan_session[bd10c760-6a61-4a53-bdb9-d83e07f0e9f8] pid:7875

Task assets.tasks.test_system_user_connectability_period[af40e924-f223-492e-a0d0-2e229bb89c6d] succeeded in 0.19505135899999004s: None

Task terminal.tasks.delete_terminal_status_period[638c021d-b493-4197-b91b-efb5a50cda91] succeeded in 0.23844207900037873s: None

Task terminal.tasks.clean_orphan_session[bd10c760-6a61-4a53-bdb9-d83e07f0e9f8] succeeded in 0.131365131000166s: None

beat: Synchronizing schedule...

Writing entries...

beat: Waking up in 1.00 minute.

请浏览器访问http://192.168.244.144:8080/(这里只是 Jumpserver, 没有 Web Terminal，所以访问 Web Terminal 会报错)

账号: admin 密码: admin

7、运行coco

新建终端，别忘了source /opt/py3/bin/activate

$ cd /opt/coco

$ python run_server.py

新建终端测试连接，

$ ssh -p2222 [email protected]

# 密码: admin

# 如果是用在 Windows 下，Xshell Terminal 登录语法如下

$ssh [email protected] 2222

# 密码: admin

# 如果能登陆代表部署成功

8、启动 guacamole

# 注意：这里一定要改写一下本机的IP地址, 否则会出错

docker run --name jms_guacamole -d \ -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \ -e JUMPSERVER_KEY_DIR=/config/guacamole/key \ -e JUMPSERVER_SERVER=http://192.168.52.132:8080 \ registry.jumpserver.org/public/guacamole:latest

1）如若报错容器名已被占用，The container name "/jms_guacamole" is already in use by container...执行以下命令删除并停止已有的容器后，再次执行上述命令：

docker kill $(docker ps -q); docker rm $(docker ps -a -q)

2）如若报错网络故障，

/usr/bin/docker-current: Error response from daemon: driver failed programming external connectivity on endpoint xxxx (4509dc5c1fe2ad23848f6098edb0f6df694c001179ea4c8fa866335eb5f4f11f): iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 3247 -j DNAT --to-destination 172.17.0.2:3306 ! -i docker0: iptables: No chain/target/match by that name.

解决办法：

$ pkill docker                         #终止进程

$ iptables -t nat -F                 #清空nat表的所有链

$ ifconfig docker0 down        #停止docker默认网桥

$ brctl delbr docker0             #删除网桥

$ systmctl restart docker       #重启docker

验证，浏览器打开http://192.168.52.132:8081/，能看到如下界面：

9、启动Nginx

$ nginx -t

$ service nginx start

验证，浏览器打开http://192.168.52.132:80/，能看到如下界面：

admin/admin登陆，打开会话管理>>web终端，能看到如下界面则Nginx配置正确且启动成功。

10、仍然出现Input/output error

打开资产管理>>资产列表，仍然出现OSError at /assets/asset/，[Errno 5] Input/output error。只能停止jumpserver主应用，检查字符集后重启。

1）关闭所有跟jumpserver及python3有关的进程

# 查找指定进程

ps -ef | grep jumpserver      # jumpserver是进程关键字

# 杀死jumpserver相关所有进程

kill -9 7829

kill -9 7830

kill -9 7831

kill -9 7840

......

查看8080端口监听情况，jumpserver主应用确实已经停止

2）source /etc/locale.conf

3）启动jumpserver主应用

$ cd /opt/jumpserver

$ sudo python run_server.py all