安装 epel
1
|
yum -y install epel-release wget
|
安装 nfs-server
1
2
3
4
|
yum -y install nfs-utils rpcbind
systemctl enable rpcbind nfs-server nfs-lock nfs-idmap
systemctl start rpcbind nfs-server nfs-lock nfs-idmap
|
创建 NFS 共享目录
设置 NFS 访问权限
1
2
|
vim /etc/exports
/data 10.0.37.*(rw,sync,no_root_squash)
|
启动 nfs
1
2
3
|
[root@localhost ~]# exportfs -a
[root@localhost ~]# exportfs
/data 10.0.37.*
|
docker-compose 部署
部署 jumpserver
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
wget https://github.com/jumpserver/Dockerfile.git
[root@localhost ~]# unzip Dockerfile-master.zip
Archive: Dockerfile-master.zip
b36c4af5e4d96ee82c2d2d9e588ecde000d9baa6
creating: Dockerfile-master/
extracting: Dockerfile-master/.dockerignore
creating: Dockerfile-master/.github/
creating: Dockerfile-master/.github/workflows/
inflating: Dockerfile-master/.github/workflows/jms_all.yml
inflating: Dockerfile-master/.github/workflows/jms_core.yml
inflating: Dockerfile-master/.github/workflows/jms_koko.yml
inflating: Dockerfile-master/.github/workflows/jms_lion.yml
inflating: Dockerfile-master/.github/workflows/jms_magnus.yml
inflating: Dockerfile-master/.github/workflows/jms_web.yml
inflating: Dockerfile-master/.gitignore
inflating: Dockerfile-master/LICENSE
inflating: Dockerfile-master/README.md
creating: Dockerfile-master/allinone/
inflating: Dockerfile-master/allinone/Dockerfile
inflating: Dockerfile-master/allinone/README.md
inflating: Dockerfile-master/allinone/entrypoint.sh
inflating: Dockerfile-master/allinone/jumpserver.conf
inflating: Dockerfile-master/allinone/readme.txt
inflating: Dockerfile-master/allinone/supervisord.conf
inflating: Dockerfile-master/config_example.conf
creating: Dockerfile-master/core/
inflating: Dockerfile-master/core/Dockerfile
inflating: Dockerfile-master/core/entrypoint.sh
inflating: Dockerfile-master/docker-compose-build.yml
inflating: Dockerfile-master/docker-compose-init-db.yml
inflating: Dockerfile-master/docker-compose-mariadb.yml
inflating: Dockerfile-master/docker-compose-network.yml
inflating: Dockerfile-master/docker-compose-redis.yml
inflating: Dockerfile-master/docker-compose-xpack.yml
inflating: Dockerfile-master/docker-compose.yml
creating: Dockerfile-master/koko/
inflating: Dockerfile-master/koko/Dockerfile
inflating: Dockerfile-master/koko/entrypoint.sh
creating: Dockerfile-master/lion/
inflating: Dockerfile-master/lion/Dockerfile
inflating: Dockerfile-master/lion/entrypoint.sh
creating: Dockerfile-master/magnus/
inflating: Dockerfile-master/magnus/Dockerfile
inflating: Dockerfile-master/magnus/entrypoint.sh
creating: Dockerfile-master/web/
inflating: Dockerfile-master/web/Dockerfile
inflating: Dockerfile-master/web/entrypoint.sh
inflating: Dockerfile-master/web/nginx.conf
|
使用 shell 脚本生成 SECRET_KEY 和 BOOTSTRAP_TOKEN
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
if [ ! "$SECRET_KEY" ]; then
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`;
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc;
echo $SECRET_KEY;
else
echo $SECRET_KEY;
fi
if [ ! "$BOOTSTRAP_TOKEN" ]; then
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`;
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc;
echo $BOOTSTRAP_TOKEN;
else
echo $BOOTSTRAP_TOKEN;
fi
|
vi .env
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
[root@localhost ~]# cat .env
# 版本号可以自己根据项目的版本修改
Version=1.5.9
# MySQL
DB_HOST=10.0.37.153
DB_PORT=3306
DB_USER=jumpserver
DB_PASSWORD=password
DB_NAME=jumpserver
# Redis
REDIS_HOST=10.0.37.153
REDIS_PORT=6379
REDIS_PASSWORD=password
# Core
SECRET_KEY=QJA7KHjfWrPovbaUz3JorcG7sBondwGrSivON7NB5ssbqmn4Dh
BOOTSTRAP_TOKEN=OPVvQN84HH4VCP2m
##
# SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。
# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时用。组件指 koko、guacamole
|
在 150.45 上修改 docker-compose
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
version: '3' # 由于测试环境资源有限,我的mysql跟redis也是部署在了150.45, 所以在150.26那台上面指定mysql跟redis的地址就可以,不需要在启动mysql和redis的容器
services:
mysql:
image: jumpserver/jms_mysql:${Version}
container_name: jms_mysql
restart: always
tty: true
environment:
DB_PORT: $DB_PORT
DB_USER: $DB_USER
DB_PASSWORD: $DB_PASSWORD
DB_NAME: $DB_NAME
ports:
- 3306:3306
volumes:
- /opt/jumpserver/data/mysql-master:/var/lib/mysql
- /opt/jumpserver/data/mysql-master.cnf:/etc/my.cnf
networks:
- jumpserver
redis:
image: jumpserver/jms_redis:${Version}
container_name: jms_redis
restart: always
tty: true
environment:
REDIS_PORT: $REDIS_PORT
REDIS_PASSWORD: $REDIS_PASSWORD
ports:
- 6379:6379
volumes:
- /opt/jumpserver/data/redis-data:/var/lib/redis/
networks:
- jumpserver
core:
image: jumpserver/jms_core:${Version}
container_name: jms_core
restart: always
tty: true
environment:
SECRET_KEY: $SECRET_KEY
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
DB_HOST: $DB_HOST
DB_PORT: $DB_PORT
DB_USER: $DB_USER
DB_PASSWORD: $DB_PASSWORD
DB_NAME: $DB_NAME
REDIS_HOST: $REDIS_HOST
REDIS_PORT: $REDIS_PORT
REDIS_PASSWORD: $REDIS_PASSWORD
depends_on:
- mysql
- redis
volumes:
- core-data:/opt/jumpserver/data
networks:
- jumpserver
koko:
image: jumpserver/jms_koko:${Version}
container_name: jms_koko
restart: always
tty: true
environment:
CORE_HOST: http://core:8080
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
depends_on:
- core
- mysql
- redis
volumes:
- koko-keys:/opt/koko/data/keys
ports:
- 2222:2222
networks:
- jumpserver
guacamole:
image: jumpserver/jms_guacamole:${Version}
container_name: jms_guacamole
restart: always
tty: true
environment:
JUMPSERVER_SERVER: http://core:8080
BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN
JUMPSERVER_KEY_DIR: /config/guacamole/keys
GUACAMOLE_HOME: /config/guacamole
GUACAMOLE_LOG_LEVEL: ERROR
JUMPSERVER_ENABLE_DRIVE: 'true'
depends_on:
- core
- mysql
- redis
volumes:
- guacamole-keys:/config/guacamole/keys
networks:
- jumpserver
nginx:
image: jumpserver/jms_nginx:${Version}
container_name: jms_nginx
restart: always
tty: true
depends_on:
- core
- koko
- mysql
- redis
volumes:
- core-data:/opt/jumpserver/data
ports:
- 80:80
networks:
- jumpserver
volumes:
mysql-data:
redis-data:
core-data:
koko-keys:
guacamole-keys:
networks:
jumpserver:
|