如何实现jumpserver跳板机一键部署？

前面介绍了jumpserver部署的过程，后来整理了下，改成这个一键部署脚本，下面的脚本是基于centos7环境测试，如果是其他系统（如redhat7）就要考虑yum源等因素了。

#!/bin/bash # coding: utf-8 # Copyright by hwb ###############################usage################################## #1、操作系统为centos7(如果为redhat7配置yum部分需修改) #2、服务器可以上外网 #3、端口规划 #Protocol Server name Port #TCP Jumpserver 8080 #TCP Coco 2222, 5000 #TCP Guacamole 8081 #TCP Db 3306 #TCP Redis 6379 #TCP Nginx 80 ###############################usage################################## set -e 　　　　　　 #返回值为非0时，退出脚本 echo "===========================0. 系统的一些配置===========================" setenforce 0 || true #systemctl stop iptables.service || true >/dev/null 2>&1 systemctl stop firewalld.service || true >/dev/null 2>&1 localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 export LC_ALL=zh_CN.UTF-8 echo 'LANG=zh_CN.UTF-8' > /etc/sysconfig/i18n echo "===========================1. 备份yum==================================" { for i in /etc/yum.repos.d/*.repo;do cp $i ${i%.repo}.bak;done rm -rf /etc/yum.repos.d/*.repo } || { echo "yum出错，请更换源重新运行" exit 1 } echo "===========================2. 获取网络yum==============================" { wget -P /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/Centos-7.repo >/dev/null 2>&1 wget -P /etc/yum.repos.d/ http://mirrors.163.com/.help/CentOS7-Base-163.repo >/dev/null 2>&1 sed -i 's/$releasever/7/g' /etc/yum.repos.d/CentOS7-Base-163.repo yum clean all&&yum makecache yum repolist >/dev/null 2>&1 } || { echo "yum出错，请更换源重新运行" exit 1 } echo "===========================3. 安装基本依赖=============================" { yum update -y>/dev/null && yum install wget unzip epel-release nginx sqlite-devel xz gcc automake zlib-devel openssl-devel redis mariadb mariadb-devel mariadb-server supervisor -y >/dev/null 2>&1 } || { echo "yum出错，请更换源重新运行" exit 1 } echo "===========================4. 准备python===============================" { cd /opt/ wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz -O /opt/Python-3.6.1.tar.xz >/dev/null 2>&1 } || { echo "pyhton 依赖包下载出错，请尝试使用特殊工具进行手工下载https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz ，并且放至于/opt/Python-3.6.1.tar.xz，如您是手工下载，请注释上面wget命令再运行本脚本" exit 1 } { tar xf Python-3.6.1.tar.xz && cd Python-3.6.1 && ./configure>/dev/null && make>/dev/null && make install >/dev/null 2>&1 } || { echo "解压或编译python出错，请尝试使用上面的命令手工解压或编译，如手工操作成功，请注释上述代码再运行本脚本" exit 1 } { python3 -m venv py3 } || { echo "建立python虚拟环境出错，请尝试手工执行，如手工操作成功，请注释上述代码再运行本脚本" exit 1 } echo "===========================5. 下载jummpserver包并解压==================" { wget https://github.com/jumpserver/jumpserver/archive/v1.4.10.zip -O /opt/jumpserver.zip >/dev/null 2>&1 } || { echo "下载jumpserver包出错，请尝试手工执行，如手工操作成功，请注释上述代码再运行本脚本" exit 1 } { wget https://github.com/jumpserver/coco/archive/1.4.10.zip -O /opt/coco.zip >/dev/null 2>&1 } || { echo "下载coco包出错，请尝试手工执行，如手工操作成功，请注释上述代码再运行本脚本" exit 1 } { wget https://github.com/jumpserver/luna/releases/download/1.4.10/luna.tar.gz -O /opt/luna.tar.gz >/dev/null 2>&1 } || { echo "下载luna包出错，请尝试手工执行，如手工操作成功，请注释上述代码再运行本脚本" exit 1 } { cd /opt unzip coco.zip >/dev/null && mv coco-1.4.10 coco && unzip jumpserver.zip >/dev/null && mv jumpserver-1.4.10 jumpserver && tar xzf luna.tar.gz >/dev/null 2>&1 } || { echo "解压出错，请尝试手工执行，如手工操作成功，请注释上述代码再运行本脚本" exit 1 } echo "===========================6. 安装yum依赖==============================" { yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt) >/dev/null && yum -y install $(cat /opt/coco/requirements/rpm_requirements.txt) >/dev/null 2>&1 } || { echo "安装jumpserver的依赖出错，请尝试手工执行，如手工操作成功，请注释上述代码再运行本脚本" exit 1 } #更新pip版本 #python -m pip install --upgrade pip echo "===========================7. 安装pip依赖==============================" { python3 -m venv py3 && \ source /opt/py3/bin/activate && pip install --upgrade pip>/dev/null && pip install -r /opt/jumpserver/requirements/requirements.txt>/dev/null && pip install -r /opt/coco/requirements/requirements.txt >/dev/null 2>&1 } || { echo "安装jumpserver的依赖出错，请尝试手工执行，如手工操作成功，请注释上述代码再运行本脚本" exit 1 } echo "===========================8. 创建数据库===============================" mkdir -p /opt/mysql/share/mysql/ { wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/mysql_security.sql?raw=true -O /opt/mysql/mysql_security.sql >/dev/null 2>&1 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/mysql.cnf?raw=true -O /etc/my.cnf >/dev/null 2>&1 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/errmsg.sys?raw=true -O /opt/mysql/share/mysql/errmsg.sys >/dev/null 2>&1 } || { echo "下载数据库依赖文件出错，请尝试手工执行，如手工操作成功，请注释上述代码再运行本脚本" exit 1 } echo "===========================9. 准备文件=================================" { wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/nginx.conf?raw=true -O /etc/nginx/nginx.conf >/dev/null 2>&1 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/supervisord.conf?raw=true -O /etc/supervisord.conf >/dev/null 2>&1 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/jumpserver_conf.py?raw=true -O /opt/jumpserver/config.py >/dev/null 2>&1 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/coco_conf.py?raw=true -O /opt/coco/conf.py >/dev/null 2>&1 wget https://github.com/jumpserver/Dockerfile/blob/mysql/alpine/start_jms.sh?raw=true -O /opt/start_jms.sh >/dev/null 2>&1 } || { echo "下载配置文件出错，请尝试手工执行，如手工操作成功，请注释上述代码再运行本脚本" exit 1 } echo "===========================10. 安装docker==============================" yum check-update >/dev/null 2>&1 { yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo >/dev/null && yum clean all>/dev/null && yum repolist >/dev/null 2>&1 yum -y install epel-release docker-ce >/dev/null 2>&1 systemctl start docker tee -a /etc/sysctl.conf <<-EOF net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 EOF sysctl -p >/dev/null 2>&1 tee -a /etc/docker/daemon.json <<-EOF { "registry-mirrors": [ "https://registry.docker-cn.com" ] } EOF } || { echo "安装docker 出错，请尝试手工执行，如手工操作成功，请注释上述代码再运行本脚本" exit 1 } systemctl daemon-reload systemctl restart docker echo "===========================11. 安装guacamole===========================" host_ip=`python -c "import socket;print([(s.connect(('8.8.8.8', 53)), s.getsockname()[0], s.close()) for s in [socket.socket(socket.AF_INET, socket.SOCK_DGRAM)]][0][1])"` docker run --name jms_guacamole -d \ --restart always \ -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \ -e JUMPSERVER_KEY_DIR=/config/guacamole/key \ -e JUMPSERVER_SERVER=http://$host_ip:8080 \ registry.jumpserver.org/public/guacamole:1.0.0 echo "===========================12. 配置nginx===============================" yum -y install nginx >/dev/null 2>&1 cat << EOF > /etc/nginx/conf.d/jumpserver.conf server { listen 80; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; location /luna/ { try_files $uri / /index.html; alias /opt/luna/; } location /media/ { add_header Content-Encoding gzip; root /opt/jumpserver/data/; } location /static/ { root /opt/jumpserver/data/; } location /socket.io/ { proxy_pass http://localhost:5000/socket.io/; # 如果coco安装在别的服务器，请填写它的ip proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /guacamole/ { proxy_pass http://localhost:8081/; # 如果guacamole安装在别的服务器，请填写它的ip proxy_buffering off; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; access_log off; } location / { proxy_pass http://localhost:8080; # 如果jumpserver安装在别的服务器，请填写它的ip } } EOF systemctl start mariadb mkdir -p /opt/nginx/log && chmod -R 777 /opt/nginx { systemctl restart nginx systemctl enable nginx } || { service restart nginx } || { nginx -s reload } || { echo "请检查nginx的启动命令" exit 1 } chmod x /opt/start_jms.sh echo " 安装完成，请运行/opt/start_jms.sh启动jumpserver"