From c998a341ad1472d8006a7dee4bcd0c066985c250 Mon Sep 17 00:00:00 2001
From: wojiushixiaobai <296015668@qq.com>
Date: Wed, 18 Apr 2018 12:07:17 +0800
Subject: [PATCH] =?UTF-8?q?=E6=96=87=E6=A1=A3=E6=9B=B4=E6=96=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
docs/faq.rst | 4 +
docs/index.rst | 1 +
docs/installation.rst | 2 +-
docs/installation_Lazy.rst | 7 +
docs/setup_by_centos7.rst | 350 +++++++++++++++++++++++++++++++++++++
5 files changed, 363 insertions(+), 1 deletion(-)
create mode 100644 docs/installation_Lazy.rst
create mode 100644 docs/setup_by_centos7.rst
diff --git a/docs/faq.rst b/docs/faq.rst
index cbcad15c..59cd7c4b 100644
--- a/docs/faq.rst
+++ b/docs/faq.rst
@@ -165,3 +165,7 @@ FAQ
$ source /opt/py3/bin/activate
$ cd /opt/jumpserver/apps
$ python manage.py changepassword <user_name>
+
+ (11). 清ç†celery产生的数æ®(æ— æ³•æ£å¸¸æŽ¨é€åŠè¿žæŽ¥èµ„产是å¯ä»¥ä½¿ç”¨)
+ $ from celery.task.control import discard_all
+ $ discard_all()
diff --git a/docs/index.rst b/docs/index.rst
index f02d5db3..8ed8796a 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -13,6 +13,7 @@ Jumpserver 文档
introduce
installation
+ installation_Lazy
admin_guide
user_guide
development
diff --git a/docs/installation.rst b/docs/installation.rst
index 1ca05372..50529f41 100644
--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -1,4 +1,4 @@
-安装文档
+安装文档-详细版
++++++++++++++++++++++++
.. toctree::
diff --git a/docs/installation_Lazy.rst b/docs/installation_Lazy.rst
new file mode 100644
index 00000000..74275e99
--- /dev/null
+++ b/docs/installation_Lazy.rst
@@ -0,0 +1,7 @@
+安装文档-懒人版
+++++++++++++++++++++++++
+
+.. toctree::
+ :maxdepth: 1
+
+ setup_by_centos7.rst
diff --git a/docs/setup_by_centos7.rst b/docs/setup_by_centos7.rst
new file mode 100644
index 00000000..250508a9
--- /dev/null
+++ b/docs/setup_by_centos7.rst
@@ -0,0 +1,350 @@
+安装文档(CentOS7)
+--------------------------
+
+说明
+~~~~~~~
+- # 开头的行表示注释
+- > 开头的行表示需è¦åœ¨ mysql ä¸æ‰§è¡Œ
+- $ 开头的行表示代ç
+
+本文档适用于有一定webè¿ç»´ç»éªŒçš„管ç†å‘˜æˆ–者工程师,文ä¸ä¸ä¼šå¯¹å®‰è£…的软件åšè¿‡å¤šçš„解释,仅对需è¦æ‰§è¡Œçš„内容注部分注释,更详细的内容请å‚考一æ¥ä¸€æ¥å®‰è£…。
+
+组件解释
+~~~~~~~~~~~~~~
+- Jumpserver 为管ç†åŽå°ï¼Œç®¡ç†å‘˜å¯ä»¥é€šè¿‡Web页é¢è¿›è¡Œèµ„产管ç†ã€ç”¨æˆ·ç®¡ç†ã€èµ„产授æƒç‰æ“作
+- Coco 为 SSH Server å’Œ Web Terminal Server 。用户å¯ä»¥é€šè¿‡ä½¿ç”¨è‡ªå·±çš„账户登录 SSH 或者 Web Terminal 直接访问被授æƒèµ„产。ä¸éœ€è¦çŸ¥é“æœåŠ¡å™¨çš„账户密ç
+- Luna 为 Web Terminal Server å‰ç«¯é¡µé¢ï¼Œç”¨æˆ·ä½¿ç”¨ Web Terminal æ–¹å¼ç™»å½•æ‰€éœ€è¦çš„组件
+- Guacamole 为 Windows 组件,用户å¯ä»¥é€šè¿‡ Web Terminal æ¥è¿žæŽ¥ Windows 资产 (暂时åªèƒ½é€šè¿‡ Web Terminal æ¥è®¿é—®ï¼‰
+
+环境
+~~~~~~~
+
+- 系统: CentOS 7
+- IP: 192.168.244.144
+- 目录: /opt
+- æ•°æ®åº“: mariadb
+- 代ç†: nginx
+
+开始安装
+~~~~~~~~~~~~
+
+::
+
+
+ # å…³é— selinux 与 防ç«å¢™ 仅为了能æ£å¸¸å®‰è£…,安装完æˆåŽéœ€è¦é…置并é‡æ–°æ‰“å¼€
+ $ setenforce 0 # ä¸´æ—¶å…³é— selinux
+ $ systemctl stop iptables.service
+ $ systemctl stop firewalld.service
+
+ # 修改å—符集,å¦åˆ™å¯èƒ½æŠ¥ input/output errorçš„é—®é¢˜ï¼Œå› ä¸ºæ—¥å¿—é‡Œæ‰“å°äº†ä¸æ–‡
+ $ localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
+ $ export LC_ALL=zh_CN.UTF-8
+ $ echo 'LANG=zh_CN.UTF-8' > /etc/locale.conf
+
+ # 安装ä¾èµ–包
+ $ yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git
+
+ # 安装 Redis, Jumpserver 使用 Redis åš cache å’Œ celery broke
+ $ yum -y install redis
+ $ systemctl enable redis
+ $ systemctl start redis
+
+ # 安装 MySQL,如果ä¸ä½¿ç”¨ Mysql å¯ä»¥è·³è¿‡ç›¸å…³ Mysql 安装和é…置,支æŒsqlite3, mysql, postgresç‰
+ $ yum -y install mariadb mariadb-devel mariadb-server # centos7下å«mariadb,用法与mysql一致
+ $ systemctl enable mariadb
+ $ systemctl start mariadb
+ # 创建数æ®åº“ Jumpserver 并授æƒ
+ $ mysql -uroot
+ > create database jumpserver default charset 'utf8';
+ > grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'somepassword';
+ > flush privileges;
+
+ # 安装nginx,用作代ç†æœåŠ¡å™¨æ•´åˆjumpserver与å„个组件
+ $ yum -y install redis
+ $ systemctl enable nginx
+
+ # 下载编译Python3.6.1
+ $ wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz
+ $ tar xvf Python-3.6.1.tar.xz && cd Python-3.6.1
+ $ ./configure && make && make install
+
+ # é…置并载入python3虚拟环境
+ $ cd /opt
+ $ python3 -m venv py3 # py3 为虚拟环境å称,å¯è‡ªå®šä¹‰
+ $ source /opt/py3/bin/activate # 退出虚拟环境å¯ä»¥ä½¿ç”¨ deactivate 命令
+
+ # 看到下é¢çš„æ示符代表æˆåŠŸï¼Œä»¥åŽè¿è¡Œ Jumpserver 都è¦å…ˆè¿è¡Œä»¥ä¸Š source 命令,载入环境åŽé»˜è®¤ä»¥ä¸‹æ‰€æœ‰å‘½ä»¤å‡åœ¨è¯¥è™šæ‹ŸçŽ¯å¢ƒä¸è¿è¡Œ
+ (py3) [root@localhost py3]
+
+ # 下载jumpserver与coco
+ $ cd /opt/
+ $ git clone https://github.com/jumpserver/jumpserver.git && cd jumpserver && git checkout master
+ $ git clone https://github.com/jumpserver/coco.git && cd coco && git checkout master
+
+ # 安装ä¾èµ– RPM 包
+ $ yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt)
+ $ yum -y install $(cat /opt/coco/requirements/rpm_requirements.txt)
+
+ # 安装 Python 库ä¾èµ–
+ $ pip install --upgrade pip
+ $ pip install -r /opt/jumpserver/requirements/requirements.txt
+ $ pip install -r /opt/coco/requirements/requirements.txt
+
+::
+
+
+ # 修改 Jumpserver é…置文件
+ $ cd /opt/jumpserver
+ $ cp config_example.py config.py
+ $ vi config.py
+
+ #注æ„: é…置文件是 Python æ ¼å¼ï¼Œä¸è¦ç”¨ TAB,而è¦ç”¨ç©ºæ ¼ï¼Œè¯·æ‰‹åŠ¨ä¿®æ”¹ï¼Œæ³¨æ„对其,ä¸è¦ç›´æŽ¥å¤åˆ¶æœ¬æ–‡å†…容
+
+ ...
+ class Config:
+ # Use it to encrypt or decrypt data
+ # SECURITY WARNING: keep the secret key used in production secret!
+ SECRET_KEY = os.environ.get('SECRET_KEY') or '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
+
+ # Django security setting, if your disable debug model, you should setting that
+ ALLOWED_HOSTS = ['*']
+
+ # Development env open this, when error occur display the full process track, Production disable it
+ # DEBUG æ¨¡å¼ Trueä¸ºå¼€å¯ False为关é—,默认开å¯
+ DEBUG = True
+
+ # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
+ # 日志级别,默认为DEBUG,å¯è°ƒæ•´ä¸ºINFO, WARNING, ERROR, CRITICAL
+ LOG_LEVEL = 'DEBUG'
+ LOG_DIR = os.path.join(BASE_DIR, 'logs')
+
+ # Database setting, Support sqlite3, mysql, postgres ....
+ # See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
+ # 使用的数æ®åº“é…置,支æŒsqlite3, mysql, postgresç‰ï¼Œé»˜è®¤ä½¿ç”¨sqlite3
+
+ # SQLite setting:
+ # 默认使用SQLite,如果使用其他数æ®åº“请注释下é¢ä¸¤è¡Œ
+ # DB_ENGINE = 'sqlite3'
+ # DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
+ # MySQL or postgres setting like:
+ # 如果需è¦ä½¿ç”¨mysql或postgres,请å–消下é¢çš„注释并输入æ£ç¡®çš„ä¿¡æ¯,本例使用mysqlåšæ¼”示
+ DB_ENGINE = 'mysql'
+ DB_HOST = '127.0.0.1'
+ DB_PORT = 3306
+ DB_USER = 'root'
+ DB_PASSWORD = 'somepassword'
+ DB_NAME = 'jumpserver'
+
+ # When Django start it will bind this host and port
+ # Django è¿è¡Œçš„端å£å’Œå®¹å™¨ï¼Œéƒ¨ç½²ä»£ç†æœåŠ¡å™¨åŽåº”该把0.0.0.0修改æˆ127.0.0.1,这里的æ„æ€æ˜¯å…许x.x.x.x访问,127.0.0.1表示仅å…许自身访问。
+ # ./manage.py runserver 127.0.0.1:8080
+ HTTP_BIND_HOST = '0.0.0.0'
+ HTTP_LISTEN_PORT = 8080
+
+ # Use Redis as broker for celery and web socket
+ # Redis 相关设置
+ REDIS_HOST = '127.0.0.1'
+ REDIS_PORT = 6379
+ REDIS_PASSWORD = ''
+ BROKER_URL = 'redis://%(password)s%(host)s:%(port)s/3' % {
+ 'password': REDIS_PASSWORD,
+ 'host': REDIS_HOST,
+ 'port': REDIS_PORT,
+ }
+ ...
+
+ config = DevelopmentConfig()
+
+::
+
+
+ # 修改 coco é…置文件
+ $ cd /opt/coco
+ $ cp conf_example.py conf.py
+ $ vi conf.py
+
+ #注æ„: é…置文件是 Python æ ¼å¼ï¼Œä¸è¦ç”¨ TAB,而è¦ç”¨ç©ºæ ¼ï¼Œè¯·æ‰‹åŠ¨ä¿®æ”¹ï¼Œæ³¨æ„对其,ä¸è¦ç›´æŽ¥å¤åˆ¶æœ¬æ–‡å†…容
+
+ ...
+ class Config:
+ """
+ Coco config file, coco also load config from server update setting below
+ """
+ # 项目å称, 会用æ¥å‘Jumpserver注册, 识别而已, ä¸èƒ½é‡å¤
+ # NAME = "localhost"
+
+ # Jumpserver项目的url, api请求注册会使用
+ # CORE_HOST = os.environ.get("CORE_HOST") or 'http://127.0.0.1:8080'
+
+ # å¯åŠ¨æ—¶ç»‘定的ip, 默认 0.0.0.0
+ # BIND_HOST = '0.0.0.0'
+
+ # 监å¬çš„SSH端å£å·, 默认2222
+ # SSHD_PORT = 2222
+
+ # 监å¬çš„HTTP/WS端å£å·ï¼Œé»˜è®¤5000
+ # HTTPD_PORT = 5000
+
+ # 项目使用的ACCESS KEY, 默认会注册,并ä¿å˜åˆ° ACCESS_KEY_STOREä¸,
+ # 如果有需求, å¯ä»¥å†™åˆ°é…置文件ä¸, æ ¼å¼ access_key_id:access_key_secret
+ # ACCESS_KEY = None
+
+ # ACCESS KEY ä¿å˜çš„地å€, 默认注册åŽä¼šä¿å˜åˆ°è¯¥æ–‡ä»¶ä¸
+ # ACCESS_KEY_STORE = os.path.join(BASE_DIR, 'keys', '.access_key')
+
+ # åŠ å¯†å¯†é’¥
+ # SECRET_KEY = None
+
+ # 设置日志级别 ['DEBUG', 'INFO', 'WARN', 'ERROR', 'FATAL', 'CRITICAL']
+ # LOG_LEVEL = 'INFO'
+
+ # 日志å˜æ”¾çš„目录
+ # LOG_DIR = os.path.join(BASE_DIR, 'logs')
+
+ # Session录åƒå˜æ”¾ç›®å½•
+ # SESSION_DIR = os.path.join(BASE_DIR, 'sessions')
+
+ # 资产显示排åºæ–¹å¼, ['ip', 'hostname']
+ # ASSET_LIST_SORT_BY = 'ip'
+
+ # 登录是å¦æ”¯æŒå¯†ç 认è¯
+ # PASSWORD_AUTH = True
+
+ # 登录是å¦æ”¯æŒç§˜é’¥è®¤è¯
+ # PUBLIC_KEY_AUTH = True
+
+ # å’ŒJumpserver ä¿æŒå¿ƒè·³æ—¶é—´é—´éš”
+ # HEARTBEAT_INTERVAL = 5
+
+ # Adminçš„åå—,出问题会æ示给用户
+ # ADMINS = ''
+ COMMAND_STORAGE = {
+ "TYPE": "server"
+ }
+ REPLAY_STORAGE = {
+ "TYPE": "server"
+ }
+
+
+ config = Config()
+
+::
+
+
+ # 安装 Web Terminal å‰ç«¯: Luna éœ€è¦ Nginx æ¥è¿è¡Œè®¿é—® 访问(https://github.com/jumpserver/luna/releases)下载对应版本的 release 包,直接解压,ä¸éœ€è¦ç¼–译
+ $ cd /opt
+ $ wget https://github.com/jumpserver/luna/releases/download/v1.0.0/luna.tar.gz
+ $ tar xvf luna.tar.gz
+
+ # 安装 Windows 支æŒç»„件(如果ä¸éœ€è¦ç®¡ç† windows 资产,å¯ä»¥ç›´æŽ¥è·³è¿‡è¿™ä¸€æ¥ï¼‰
+ $ yum remove docker-latest-logrotate docker-logrotate docker-selinux dockdocker-engine
+ $ yum install -y yum-utils device-mapper-persistent-data lvm2
+ $ yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
+ $ yum makecache fast
+ $ yum install docker-ce
+ $ systemctl start docker
+ $ docker run --name jms_guacamole -d \
+ -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \
+ -e JUMPSERVER_KEY_DIR=/config/guacamole/key \
+ -e JUMPSERVER_SERVER=http://<填写jumpserver的地å€> \
+ registry.jumpserver.org/public/guacamole:1.0.0
+
+::
+
+
+ # é…ç½® Nginx æ•´åˆå„组件
+ $ vim /etc/nginx/conf.d/jumpserver.conf
+
+ server {
+ listen 80;
+
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+ location /luna/ {
+ try_files $uri / /index.html;
+ alias /opt/luna/;
+ }
+
+ location /media/ {
+ add_header Content-Encoding gzip;
+ root /opt/jumpserver/data/;
+ }
+
+ location /static/ {
+ root /opt/jumpserver/data/;
+ }
+
+ location /socket.io/ {
+ proxy_pass http://localhost:5000/socket.io/; # 如果coco安装在别的æœåŠ¡å™¨ï¼Œè¯·å¡«å†™å®ƒçš„ip
+ proxy_buffering off;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ }
+
+ location /guacamole/ {
+ proxy_pass http://localhost:8081/; # 如果docker安装在别的æœåŠ¡å™¨ï¼Œè¯·å¡«å†™å®ƒçš„ip
+ proxy_buffering off;
+ proxy_http_version 1.1;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection $http_connection;
+ access_log off;
+ }
+
+ location / {
+ proxy_pass http://localhost:8080; # 如果jumpserver安装在别的æœåŠ¡å™¨ï¼Œè¯·å¡«å†™å®ƒçš„ip
+ }
+ }
+
+::
+
+
+ # 生æˆæ•°æ®åº“表结构和åˆå§‹åŒ–æ•°æ®
+ $ cd /opt/jumpserver/utils
+ $ bash make_migrations.sh
+
+ # è¿è¡Œ Jumpserver
+ $ cd /opt/jumpserver
+ $ ./jms start all # åŽå°è¿è¡Œä½¿ç”¨ -d å‚æ•°./jms start all -d
+ # 新版本更新了è¿è¡Œè„šæœ¬ï¼Œä½¿ç”¨æ–¹å¼./jms start|stop|status|restart all åŽå°è¿è¡Œè¯·æ·»åŠ -d å‚æ•°
+
+ # è¿è¡Œ coco
+ $ cd /opt/coco
+ $ cp conf_example.py conf.py
+ $ ./cocod start # åŽå°è¿è¡Œä½¿ç”¨ -d å‚æ•°./cocod start -d
+
+ # 新版本更新了è¿è¡Œè„šæœ¬ï¼Œä½¿ç”¨æ–¹å¼./cocod start|stop|status|restart åŽå°è¿è¡Œè¯·æ·»åŠ -d å‚æ•°
+
+ # è¿è¡Œ Nginx
+ $ nginx -t # ç¡®ä¿é…置没有问题, 有问题请先解决
+ $ systemctl start nginx
+
+ # 访问 http://192.168.244.144 默认账å·: admin 密ç : admin 到会è¯ç®¡ç†-ç»ˆç«¯ç®¡ç† æŽ¥å— Coco Guacamole ç‰åº”用的注册
+ # 测试连接
+ $ ssh -p2222 admin@192.168.244.144
+ $ sftp -p2222 admin@192.168.244.144
+ 密ç : admin
+
+ # 如果是用在 Windows 下,Xshell Terminal 登录è¯æ³•å¦‚下
+ $ ssh admin@192.168.244.144 2222
+ $ sftp admin@192.168.244.144 2222
+ 密ç : admin
+ 如果能登陆代表部署æˆåŠŸ
+
+ # 其他的sshåŠsftp客户端这里就ä¸å¤šåšè¯´æ˜Žï¼Œè‡ªè¡Œæœç´¢ä½¿ç”¨
+
+ # 防ç«å¢™ 与 selinux 设置说明
+ $ firewall-cmd --zone=public --add-port=8080/tcp --permanent # jumpserver 端å£
+ $ firewall-cmd --zone=public --add-port=80/tcp --permanent # nginx 端å£
+ $ firewall-cmd --zone=public --add-port=2222/tcp --permanent # 用户SSHç™»å½•ç«¯å£ coco
+ $ firewall-cmd --zone=public --add-port=5000/tcp --permanent # 用户HTTP/WSç™»å½•ç«¯å£ coco
+ $ firewall-cmd --zone=public --add-port=8081/tcp --permanent # guacamoleç«¯å£ docker
+ --permanent 永久生效,没有æ¤å‚æ•°é‡å¯åŽå¤±æ•ˆ
+
+ # selinux 的白åå•è§„则æ£åœ¨ç ”究ä¸ï¼Œç¨åŽå¦‚果确定开å¯selinuxä¸å½±å“æœåŠ¡çš„æ£å¸¸ä½¿ç”¨ä¼šæŠŠç›¸å…³æ–‡æ¡£è¡¥ä¸Šæ¥
+
+åŽç»çš„使用请å‚考 `快速入门 <admin_create_asset.html>`_
+如é‡åˆ°é—®é¢˜å¯å‚考 `FAQ <faq.html>`_
--
2.18.0