JumpServer 环境要求:
硬件配置: 2个CPU核心, 4G 内存, 50G 硬盘(最低)
操作系统: Linux 发行版 x86_64
Python = 3.6.x
Mysql Server ≥ 5.6
Mariadb Server ≥ 5.5.56
Redis
# docker部署,外置数据库mysql和redis
curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
mkdir -p /etc/docker /data/docker
vi /etc/docker/daemon.json
{
"graph": "/data/docker",
"storage-driver": "overlay2",
"insecure-registries": ["registry.access.redhat.com","quay.io"],
"registry-mirrors": ["https://q2gr04ke.mirror.aliyuncs.com"],
"bip": "172.7.61.1/24",
"exec-opts": ["native.cgroupdriver=systemd"],
"live-restore": true
}
systemctl start docker
systemctl enable docker
systemctl status docker
docker -v
# https://blog.csdn.net/qq_41191715/article/details/104749799
yum remove mariadb-libs-5.5.64-1.el7.x86_64
yum install wget -y
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum makecache
wget http://mirrors.ustc.edu.cn/mysql-ftp/Downloads/MySQL-5.7/mysql-community-server-5.7.25-1.el7.x86_64.rpm
wget http://mirrors.ustc.edu.cn/mysql-ftp/Downloads/MySQL-5.7/mysql-community-client-5.7.25-1.el7.x86_64.rpm
wget http://mirrors.ustc.edu.cn/mysql-ftp/Downloads/MySQL-5.7/mysql-community-common-5.7.25-1.el7.x86_64.rpm
wget http://mirrors.ustc.edu.cn/mysql-ftp/Downloads/MySQL-5.7/mysql-community-libs-5.7.25-1.el7.x86_64.rpm
yum install -y perl.x86_64
yum install -y libaio.x86_64
yum install -y net-tools.x86_64
[root@localhost ~]# rpm -ivh mysql-community-common-5.7.25-1.el7.x86_64.rpm
[root@localhost ~]# rpm -ivh mysql-community-libs-5.7.25-1.el7.x86_64.rpm
[root@localhost ~]# rpm -ivh mysql-community-client-5.7.25-1.el7.x86_64.rpm
[root@localhost ~]# rpm -ivh mysql-community-server-5.7.25-1.el7.x86_64.rpm
systemctl start mysqld.service
systemctl enable mysqld.service
systemctl status mysqld.service
[root@localhost etc]# grep ‘temporary password‘ /var/log/mysqld.log
set password=password(‘这里输入你想改的密码‘);
SHOW VARIABLES LIKE ‘validate_password%‘;
set global validate_password_policy=0;
set global validate_password_length=4;
set password=password=(‘123456‘);
wget http://download.redis.io/releases/redis-6.0.8.tar.gz
tar xf redis-6.0.8.tar.gz -C /opt/
# centos7 默认的 gcc 版本为:4.8.5 < 5.3 无法编译
sudo yum -y install centos-release-scl
sudo yum -y install devtoolset-9-gcc devtoolset-9-gcc-c++ devtoolset-9-binutils
# 临时有效,退出 shell 或重启会恢复原 gcc 版本
sudo scl enable devtoolset-9 bash
# 长期有效
sudo echo "source /opt/rh/devtoolset-9/enable" >>/etc/profile
# 编译
cd /opt/redis-6.0.8
make && make install
[root@jumpserver /opt/redis-6.0.8]# /usr/local/bin/redis-cli -v
redis-cli 6.0.8
mkdir /etc/redis
grep -Ev "^$|#" redis.conf >/etc/redis/redis.conf
sudo vi /etc/systemd/system/redis.service
[Unit]
Description=Redis
After=network.target
[Service]
#Type=forking
ExecStart=/usr/local/bin/redis-server /etc/redis/redis.conf
ExecReload=/usr/local/bin/redis-server -s reload
ExecStop=/usr/local/bin/redis-server -s stop
PrivateTmp=true
[Install]
WantedBy=multi-user.target
# 注意Type=forking不注释掉 服务无法启动
# 装systemd服务
# 使服务自动运行
sudo systemctl daemon-reload
sudo systemctl enable redis
# 启动服务
sudo systemctl restart redis
sudo systemctl status redis
# 数据库
create database jumpserver default charset ‘utf8‘ collate ‘utf8_bin‘;
grant all on jumpserver.* to ‘jumpserver‘@‘%‘ identified by ‘jumpserver‘;
# 使用 root 身份输入
# 环境迁移和更新升级请检查 SECRET_KEY 是否与之前设置一致, 不能随机生成, 否则数据库所有加密的字段均无法解密
# Linux 生成随机加密秘钥, 可以用下面的命令
if [ ! "$SECRET_KEY" ]; then
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`;
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc;
echo $SECRET_KEY;
else
echo $SECRET_KEY;
fi
if [ ! "$BOOTSTRAP_TOKEN" ]; then
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`;
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc;
echo $BOOTSTRAP_TOKEN;
else
echo $BOOTSTRAP_TOKEN;
fi
[root@jumpserver /opt/redis-6.0.8]# cat /root/.bashrc
SECRET_KEY=9ixB4R9MqLgDnvm4Ah98ZBvopSO1eDLaiPKaKss45x39XoC85B
BOOTSTRAP_TOKEN=FhJUcRSFPIDxACop
# 启动docker
#!/bin/bash
docker run --name jms_all -d -v /opt/jumpserver/data:/opt/jumpserver/data -p 92:80 -p 44922:2222 -e SECRET_KEY=9ixB4R9MqLgDnvm4Ah98ZBvopSO1eDLaiPKaKss45x39XoC85B -e BOOTSTRAP_TOKEN=FhJUcRSFPIDxACop -e DB_HOST=10.0.0.61 -e DB_PORT=3306 -e DB_USER=jumpserver -e DB_PASSWORD=jumpserver -e DB_NAME=jumpserver -e REDIS_HOST=10.0.0.61 -e REDIS_PORT=6379 -e REDIS_PASSWORD=123456 --privileged=true jumpserver/jms_all:v2.3.1
# sh /server/scripts/jumpserver_install.sh
# cat /server/scripts/jumpserver_sql_bak.sh
#!/bin/bash
# jumpserver mysql back@liangchen
bak_dir="/fifnasdata/jumpserver/sql_bak_dir"
mysql_user="root"
mysql_pass="123456"
if [ -d ${bak_dir} ]
then
/usr/bin/mysqldump -u${mysql_user} -p${mysql_pass} jumpserver > ${bak_dir}/jumpserver_$(date +%F).sql
/usr/bin/find ${bak_dir} -type f -name "*.sql" -mtime +7|xargs rm -f
else
mkdir -p ${bak_dir}
/usr/bin/mysqldump -u${mysql_user} -p${mysql_pass} jumpserver > ${bak_dir}/jumpserver_$(date +%F).sql
/usr/bin/find ${bak_dir} -type f -name "*.sql" -mtime +7|xargs rm -f
fi
原文:https://www.cnblogs.com/liangchen4/p/13917075.html