├── .dockerignore ├── .gitignore ├── LICENSE ├── README.md ├── config_example.conf ├── jmsctl.sh └── scripts ├── check_install_env.sh ├── docker └── daemon.json ├── download.sh ├── install.sh ├── install_core.sh ├── install_docker.sh ├── install_guacamole.sh ├── install_koko.sh ├── install_mysql.sh ├── install_nginx.sh ├── install_py3.sh ├── install_redis.sh ├── install_status.sh ├── nginx ├── jumpserver.conf ├── nginx-1.18.0-2.el7.ngx.x86_64.rpm └── nginx.repo ├── pypi ├── .pydistutils.cfg └── pip.conf ├── reset.sh ├── service └── jms_core.service ├── set_firewall.sh ├── start.sh ├── stop.sh ├── uninstall.sh └── upgrade.sh /.dockerignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | .git/ 3 | config.conf 4 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | .git/ 3 | config.conf 4 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 2, June 1991 3 | 4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc., 5 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 6 | Everyone is permitted to copy and distribute verbatim copies 7 | of this license document, but changing it is not allowed. 8 | 9 | Preamble 10 | 11 | The licenses for most software are designed to take away your 12 | freedom to share and change it. By contrast, the GNU General Public 13 | License is intended to guarantee your freedom to share and change free 14 | software--to make sure the software is free for all its users. This 15 | General Public License applies to most of the Free Software 16 | Foundation's software and to any other program whose authors commit to 17 | using it. (Some other Free Software Foundation software is covered by 18 | the GNU Lesser General Public License instead.) You can apply it to 19 | your programs, too. 20 | 21 | When we speak of free software, we are referring to freedom, not 22 | price. Our General Public Licenses are designed to make sure that you 23 | have the freedom to distribute copies of free software (and charge for 24 | this service if you wish), that you receive source code or can get it 25 | if you want it, that you can change the software or use pieces of it 26 | in new free programs; and that you know you can do these things. 27 | 28 | To protect your rights, we need to make restrictions that forbid 29 | anyone to deny you these rights or to ask you to surrender the rights. 30 | These restrictions translate to certain responsibilities for you if you 31 | distribute copies of the software, or if you modify it. 32 | 33 | For example, if you distribute copies of such a program, whether 34 | gratis or for a fee, you must give the recipients all the rights that 35 | you have. You must make sure that they, too, receive or can get the 36 | source code. And you must show them these terms so they know their 37 | rights. 38 | 39 | We protect your rights with two steps: (1) copyright the software, and 40 | (2) offer you this license which gives you legal permission to copy, 41 | distribute and/or modify the software. 42 | 43 | Also, for each author's protection and ours, we want to make certain 44 | that everyone understands that there is no warranty for this free 45 | software. If the software is modified by someone else and passed on, we 46 | want its recipients to know that what they have is not the original, so 47 | that any problems introduced by others will not reflect on the original 48 | authors' reputations. 49 | 50 | Finally, any free program is threatened constantly by software 51 | patents. We wish to avoid the danger that redistributors of a free 52 | program will individually obtain patent licenses, in effect making the 53 | program proprietary. To prevent this, we have made it clear that any 54 | patent must be licensed for everyone's free use or not licensed at all. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | GNU GENERAL PUBLIC LICENSE 60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 61 | 62 | 0. This License applies to any program or other work which contains 63 | a notice placed by the copyright holder saying it may be distributed 64 | under the terms of this General Public License. The "Program", below, 65 | refers to any such program or work, and a "work based on the Program" 66 | means either the Program or any derivative work under copyright law: 67 | that is to say, a work containing the Program or a portion of it, 68 | either verbatim or with modifications and/or translated into another 69 | language. (Hereinafter, translation is included without limitation in 70 | the term "modification".) Each licensee is addressed as "you". 71 | 72 | Activities other than copying, distribution and modification are not 73 | covered by this License; they are outside its scope. The act of 74 | running the Program is not restricted, and the output from the Program 75 | is covered only if its contents constitute a work based on the 76 | Program (independent of having been made by running the Program). 77 | Whether that is true depends on what the Program does. 78 | 79 | 1. You may copy and distribute verbatim copies of the Program's 80 | source code as you receive it, in any medium, provided that you 81 | conspicuously and appropriately publish on each copy an appropriate 82 | copyright notice and disclaimer of warranty; keep intact all the 83 | notices that refer to this License and to the absence of any warranty; 84 | and give any other recipients of the Program a copy of this License 85 | along with the Program. 86 | 87 | You may charge a fee for the physical act of transferring a copy, and 88 | you may at your option offer warranty protection in exchange for a fee. 89 | 90 | 2. You may modify your copy or copies of the Program or any portion 91 | of it, thus forming a work based on the Program, and copy and 92 | distribute such modifications or work under the terms of Section 1 93 | above, provided that you also meet all of these conditions: 94 | 95 | a) You must cause the modified files to carry prominent notices 96 | stating that you changed the files and the date of any change. 97 | 98 | b) You must cause any work that you distribute or publish, that in 99 | whole or in part contains or is derived from the Program or any 100 | part thereof, to be licensed as a whole at no charge to all third 101 | parties under the terms of this License. 102 | 103 | c) If the modified program normally reads commands interactively 104 | when run, you must cause it, when started running for such 105 | interactive use in the most ordinary way, to print or display an 106 | announcement including an appropriate copyright notice and a 107 | notice that there is no warranty (or else, saying that you provide 108 | a warranty) and that users may redistribute the program under 109 | these conditions, and telling the user how to view a copy of this 110 | License. (Exception: if the Program itself is interactive but 111 | does not normally print such an announcement, your work based on 112 | the Program is not required to print an announcement.) 113 | 114 | These requirements apply to the modified work as a whole. If 115 | identifiable sections of that work are not derived from the Program, 116 | and can be reasonably considered independent and separate works in 117 | themselves, then this License, and its terms, do not apply to those 118 | sections when you distribute them as separate works. But when you 119 | distribute the same sections as part of a whole which is a work based 120 | on the Program, the distribution of the whole must be on the terms of 121 | this License, whose permissions for other licensees extend to the 122 | entire whole, and thus to each and every part regardless of who wrote it. 123 | 124 | Thus, it is not the intent of this section to claim rights or contest 125 | your rights to work written entirely by you; rather, the intent is to 126 | exercise the right to control the distribution of derivative or 127 | collective works based on the Program. 128 | 129 | In addition, mere aggregation of another work not based on the Program 130 | with the Program (or with a work based on the Program) on a volume of 131 | a storage or distribution medium does not bring the other work under 132 | the scope of this License. 133 | 134 | 3. You may copy and distribute the Program (or a work based on it, 135 | under Section 2) in object code or executable form under the terms of 136 | Sections 1 and 2 above provided that you also do one of the following: 137 | 138 | a) Accompany it with the complete corresponding machine-readable 139 | source code, which must be distributed under the terms of Sections 140 | 1 and 2 above on a medium customarily used for software interchange; or, 141 | 142 | b) Accompany it with a written offer, valid for at least three 143 | years, to give any third party, for a charge no more than your 144 | cost of physically performing source distribution, a complete 145 | machine-readable copy of the corresponding source code, to be 146 | distributed under the terms of Sections 1 and 2 above on a medium 147 | customarily used for software interchange; or, 148 | 149 | c) Accompany it with the information you received as to the offer 150 | to distribute corresponding source code. (This alternative is 151 | allowed only for noncommercial distribution and only if you 152 | received the program in object code or executable form with such 153 | an offer, in accord with Subsection b above.) 154 | 155 | The source code for a work means the preferred form of the work for 156 | making modifications to it. For an executable work, complete source 157 | code means all the source code for all modules it contains, plus any 158 | associated interface definition files, plus the scripts used to 159 | control compilation and installation of the executable. However, as a 160 | special exception, the source code distributed need not include 161 | anything that is normally distributed (in either source or binary 162 | form) with the major components (compiler, kernel, and so on) of the 163 | operating system on which the executable runs, unless that component 164 | itself accompanies the executable. 165 | 166 | If distribution of executable or object code is made by offering 167 | access to copy from a designated place, then offering equivalent 168 | access to copy the source code from the same place counts as 169 | distribution of the source code, even though third parties are not 170 | compelled to copy the source along with the object code. 171 | 172 | 4. You may not copy, modify, sublicense, or distribute the Program 173 | except as expressly provided under this License. Any attempt 174 | otherwise to copy, modify, sublicense or distribute the Program is 175 | void, and will automatically terminate your rights under this License. 176 | However, parties who have received copies, or rights, from you under 177 | this License will not have their licenses terminated so long as such 178 | parties remain in full compliance. 179 | 180 | 5. You are not required to accept this License, since you have not 181 | signed it. However, nothing else grants you permission to modify or 182 | distribute the Program or its derivative works. These actions are 183 | prohibited by law if you do not accept this License. Therefore, by 184 | modifying or distributing the Program (or any work based on the 185 | Program), you indicate your acceptance of this License to do so, and 186 | all its terms and conditions for copying, distributing or modifying 187 | the Program or works based on it. 188 | 189 | 6. Each time you redistribute the Program (or any work based on the 190 | Program), the recipient automatically receives a license from the 191 | original licensor to copy, distribute or modify the Program subject to 192 | these terms and conditions. You may not impose any further 193 | restrictions on the recipients' exercise of the rights granted herein. 194 | You are not responsible for enforcing compliance by third parties to 195 | this License. 196 | 197 | 7. If, as a consequence of a court judgment or allegation of patent 198 | infringement or for any other reason (not limited to patent issues), 199 | conditions are imposed on you (whether by court order, agreement or 200 | otherwise) that contradict the conditions of this License, they do not 201 | excuse you from the conditions of this License. If you cannot 202 | distribute so as to satisfy simultaneously your obligations under this 203 | License and any other pertinent obligations, then as a consequence you 204 | may not distribute the Program at all. For example, if a patent 205 | license would not permit royalty-free redistribution of the Program by 206 | all those who receive copies directly or indirectly through you, then 207 | the only way you could satisfy both it and this License would be to 208 | refrain entirely from distribution of the Program. 209 | 210 | If any portion of this section is held invalid or unenforceable under 211 | any particular circumstance, the balance of the section is intended to 212 | apply and the section as a whole is intended to apply in other 213 | circumstances. 214 | 215 | It is not the purpose of this section to induce you to infringe any 216 | patents or other property right claims or to contest validity of any 217 | such claims; this section has the sole purpose of protecting the 218 | integrity of the free software distribution system, which is 219 | implemented by public license practices. Many people have made 220 | generous contributions to the wide range of software distributed 221 | through that system in reliance on consistent application of that 222 | system; it is up to the author/donor to decide if he or she is willing 223 | to distribute software through any other system and a licensee cannot 224 | impose that choice. 225 | 226 | This section is intended to make thoroughly clear what is believed to 227 | be a consequence of the rest of this License. 228 | 229 | 8. If the distribution and/or use of the Program is restricted in 230 | certain countries either by patents or by copyrighted interfaces, the 231 | original copyright holder who places the Program under this License 232 | may add an explicit geographical distribution limitation excluding 233 | those countries, so that distribution is permitted only in or among 234 | countries not thus excluded. In such case, this License incorporates 235 | the limitation as if written in the body of this License. 236 | 237 | 9. The Free Software Foundation may publish revised and/or new versions 238 | of the General Public License from time to time. Such new versions will 239 | be similar in spirit to the present version, but may differ in detail to 240 | address new problems or concerns. 241 | 242 | Each version is given a distinguishing version number. If the Program 243 | specifies a version number of this License which applies to it and "any 244 | later version", you have the option of following the terms and conditions 245 | either of that version or of any later version published by the Free 246 | Software Foundation. If the Program does not specify a version number of 247 | this License, you may choose any version ever published by the Free Software 248 | Foundation. 249 | 250 | 10. If you wish to incorporate parts of the Program into other free 251 | programs whose distribution conditions are different, write to the author 252 | to ask for permission. For software which is copyrighted by the Free 253 | Software Foundation, write to the Free Software Foundation; we sometimes 254 | make exceptions for this. Our decision will be guided by the two goals 255 | of preserving the free status of all derivatives of our free software and 256 | of promoting the sharing and reuse of software generally. 257 | 258 | NO WARRANTY 259 | 260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY 261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN 262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS 266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE 267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, 268 | REPAIR OR CORRECTION. 269 | 270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR 272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING 274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED 275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY 276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER 277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 278 | POSSIBILITY OF SUCH DAMAGES. 279 | 280 | END OF TERMS AND CONDITIONS 281 | 282 | How to Apply These Terms to Your New Programs 283 | 284 | If you develop a new program, and you want it to be of the greatest 285 | possible use to the public, the best way to achieve this is to make it 286 | free software which everyone can redistribute and change under these terms. 287 | 288 | To do so, attach the following notices to the program. It is safest 289 | to attach them to the start of each source file to most effectively 290 | convey the exclusion of warranty; and each file should have at least 291 | the "copyright" line and a pointer to where the full notice is found. 292 | 293 | {description} 294 | Copyright (C) {year} {fullname} 295 | 296 | This program is free software; you can redistribute it and/or modify 297 | it under the terms of the GNU General Public License as published by 298 | the Free Software Foundation; either version 2 of the License, or 299 | (at your option) any later version. 300 | 301 | This program is distributed in the hope that it will be useful, 302 | but WITHOUT ANY WARRANTY; without even the implied warranty of 303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 304 | GNU General Public License for more details. 305 | 306 | You should have received a copy of the GNU General Public License along 307 | with this program; if not, write to the Free Software Foundation, Inc., 308 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 309 | 310 | Also add information on how to contact you by electronic and paper mail. 311 | 312 | If the program is interactive, make it output a short notice like this 313 | when it starts in an interactive mode: 314 | 315 | Gnomovision version 69, Copyright (C) year name of author 316 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 317 | This is free software, and you are welcome to redistribute it 318 | under certain conditions; type `show c' for details. 319 | 320 | The hypothetical commands `show w' and `show c' should show the appropriate 321 | parts of the General Public License. Of course, the commands you use may 322 | be called something other than `show w' and `show c'; they could even be 323 | mouse-clicks or menu items--whatever suits your program. 324 | 325 | You should also get your employer (if you work as a programmer) or your 326 | school, if any, to sign a "copyright disclaimer" for the program, if 327 | necessary. Here is a sample; alter the names: 328 | 329 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program 330 | `Gnomovision' (which makes passes at compilers) written by James Hacker. 331 | 332 | {signature of Ty Coon}, 1 April 1989 333 | Ty Coon, President of Vice 334 | 335 | This General Public License does not permit incorporating your program into 336 | proprietary programs. If your program is a subroutine library, you may 337 | consider it more useful to permit linking proprietary applications with the 338 | library. If this is what you want to do, use the GNU Lesser General 339 | Public License instead of this License. 340 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # 说明 2 | 3 | 从 v2.6 开始 setuptools 不再维护,它的工作由 https://github.com/jumpserver/installer 来完成,installer 统一了社区和企业版的安装,并且可以做到无缝迁移 4 | 5 | 6 | # JumpServer 安装脚本 7 | 8 | 9 | 安装文档 https://docs.jumpserver.org/zh/master/install/setup_by_fast/ 10 | 11 | - 全新安装的 Centos7 (7.x) 12 | - 需要连接 互联网 13 | - 使用 root 用户执行 14 | 15 | 注: 脚本包含 selinux 和 firewalld 处理功能, 可以在 selinux 和 firewalld 开启的情况下正常使用 16 | 17 | Use: 18 | 19 | ``` 20 | cd /opt 21 | yum -y install wget git 22 | git clone --depth=1 https://github.com/jumpserver/setuptools.git 23 | cd setuptools 24 | cp config_example.conf config.conf 25 | vi config.conf 26 | ./jmsctl.sh -h 27 | ``` 28 | 29 | Install 安装 30 | ``` 31 | ./jmsctl.sh install 32 | ``` 33 | 34 | Uninstall 卸载 35 | ``` 36 | ./jmsctl.sh uninstall 37 | ``` 38 | 39 | Help 帮助 40 | ``` 41 | ./jmsctl.sh -h 42 | ``` 43 | -------------------------------------------------------------------------------- /config_example.conf: -------------------------------------------------------------------------------- 1 | # 以下设置默认情况下不需要修改, 系统会自动生成随机字符串填入 2 | 3 | # 需要安装的版本 4 | Version=v2.5.3 5 | 6 | # Jms 加密配置 7 | SECRET_KEY= 8 | BOOTSTRAP_TOKEN= 9 | 10 | # 数据库 配置, 如果 数据库 安装在其他的服务器, 请修改下面设置 11 | DB_HOST=127.0.0.1 12 | DB_PORT=3306 13 | DB_USER=jumpserver 14 | DB_PASSWORD= 15 | DB_NAME=jumpserver 16 | 17 | # Redis 配置, 如果 Redis 安装在其他的服务器, 请修改下面设置 18 | REDIS_HOST=127.0.0.1 19 | REDIS_PORT=6379 20 | REDIS_PASSWORD= 21 | 22 | # 服务端口设置, 如果云服务器未备案请修改 http_port 端口为其他端口 23 | http_port=80 24 | ssh_port=2222 25 | 26 | # 服务安装目录 27 | install_dir=/opt 28 | 29 | Server_IP=$(ip addr | grep 'state UP' -A2 | grep inet | egrep -v '(127.0.0.1|inet6|docker)' | awk '{print $2}' | tr -d "addr:" | head -n 1 | cut -d / -f1) 30 | Docker_IP=$(ip addr | grep docker.* | grep inet | awk '{print $2}' | head -n 1) 31 | if [ ! "$Server_IP" ]; then 32 | Server_IP=$(hostname -I | cut -d ' ' -f1) 33 | fi 34 | -------------------------------------------------------------------------------- /jmsctl.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | 4 | BASE_DIR=$(cd "$(dirname "$0")";pwd) 5 | PROJECT_DIR=${BASE_DIR} 6 | SCRIPT_DIR=${BASE_DIR}/scripts 7 | action=$1 8 | target=$2 9 | 10 | cat << "EOF" 11 | __ _____ 12 | / /_ ______ ___ ____ / ___/___ ______ _____ _____ 13 | __ / / / / / __ `__ \/ __ \\__ \/ _ \/ ___/ | / / _ \/ ___/ 14 | / /_/ / /_/ / / / / / / /_/ /__/ / __/ / | |/ / __/ / 15 | \____/\__,_/_/ /_/ /_/ .___/____/\___/_/ |___/\___/_/ 16 | /_/ 17 | 18 | EOF 19 | 20 | if [ ! -f "$PROJECT_DIR/config.conf" ]; then 21 | echo -e "Error: No config file found." 22 | echo -e "You can run 'cp config_example.conf config.conf', and edit it." 23 | exit 1 24 | fi 25 | 26 | source ${PROJECT_DIR}/config.conf 27 | echo -e "\t\t\t\t\t Version: \033[33m $Version \033[0m \n" 28 | 29 | function usage() { 30 | echo "JumpServer 部署安装脚本" 31 | echo 32 | echo "Usage: " 33 | echo " jmsctl [COMMAND] ..." 34 | echo " jmsctl --help" 35 | echo 36 | echo "Commands: " 37 | echo " install 安装 JumpServer" 38 | echo " start 启动 JumpServer" 39 | echo " stop 停止 JumpServer" 40 | echo " restart 重启 JumpServer" 41 | echo " status 检查 JumpServer" 42 | echo " uninstall 卸载 JumpServer" 43 | echo " upgrade 升级 JumpServer" 44 | echo " reset 重置组件" 45 | } 46 | 47 | function main() { 48 | case "${action}" in 49 | install) 50 | bash ${SCRIPT_DIR}/install.sh 51 | ;; 52 | uninstall) 53 | bash ${SCRIPT_DIR}/uninstall.sh 54 | ;; 55 | upgrade) 56 | bash ${SCRIPT_DIR}/upgrade.sh 57 | ;; 58 | start) 59 | bash ${SCRIPT_DIR}/start.sh 60 | ;; 61 | stop) 62 | bash ${SCRIPT_DIR}/stop.sh 63 | ;; 64 | restart) 65 | bash ${SCRIPT_DIR}/stop.sh 66 | bash ${SCRIPT_DIR}/start.sh 67 | ;; 68 | status) 69 | bash ${SCRIPT_DIR}/install_status.sh 70 | ;; 71 | reset) 72 | if [ ! $target ]; then 73 | echo -e "Usage: jmsctl reset COMMAND\n" 74 | echo -e "Commands:" 75 | echo -e " all 重置所有组件" 76 | echo -e " core 重置 core" 77 | echo -e " koko 重置 koko" 78 | echo -e " guacamole 重置 guacamole" 79 | exit 1 80 | else 81 | bash ${SCRIPT_DIR}/reset.sh $target 82 | fi 83 | ;; 84 | --help) 85 | usage 86 | ;; 87 | -h) 88 | usage 89 | ;; 90 | *) 91 | echo -e "jmsctl: unknown COMMAND: '$action'" 92 | echo -e "See 'jmsctl --help' \n" 93 | usage 94 | esac 95 | } 96 | 97 | main 98 | -------------------------------------------------------------------------------- /scripts/check_install_env.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | 4 | BASE_DIR=$(dirname "$0") 5 | PROJECT_DIR=$(dirname $(cd $(dirname "$0");pwd)) 6 | source ${PROJECT_DIR}/config.conf 7 | 8 | flag=0 9 | 10 | echo -ne "User Check \t........................ " 11 | isRoot=`id -u -n | grep root | wc -l` 12 | if [ "x$isRoot" == "x1" ]; then 13 | echo -e "[\033[32m OK \033[0m]" 14 | else 15 | echo -e "[\033[31m ERROR \033[0m] 请用 root 用户执行安装脚本" 16 | flag=1 17 | fi 18 | 19 | echo -ne "OS Check \t........................ " 20 | if [ -f /etc/redhat-release ]; then 21 | osVersion=`cat /etc/redhat-release | grep -oE '[0-9]+\.[0-9]+'` 22 | majorVersion=`echo $osVersion | awk -F. '{print $1}'` 23 | if [ "x$majorVersion" == "x" ]; then 24 | echo -e "[\033[31m ERROR \033[0m] 操作系统类型版本不符合要求,请使用 CentOS 7 64 位版本" 25 | flag=1 26 | else 27 | if [[ $majorVersion == 7 ]]; then 28 | is64bitArch=`uname -m` 29 | if [ "x$is64bitArch" == "xx86_64" ]; then 30 | echo -e "[\033[32m OK \033[0m]" 31 | else 32 | echo -e "[\033[31m ERROR \033[0m] 操作系统必须是 64 位的,32 位的不支持" 33 | flag=1 34 | fi 35 | else 36 | echo -e "[\033[31m ERROR \033[0m] 操作系统类型版本不符合要求,请使用 CentOS 7" 37 | flag=1 38 | fi 39 | fi 40 | else 41 | echo -e "[\033[31m ERROR \033[0m] 操作系统类型版本不符合要求,请使用 CentOS 7" 42 | flag=1 43 | fi 44 | 45 | echo -ne "CPU Check \t........................ " 46 | processor=`cat /proc/cpuinfo| grep "processor"| wc -l` 47 | if [ $processor -lt 2 ]; then 48 | echo -e "[\033[31m ERROR \033[0m] CPU 小于 2核,JumpServer 所在机器的 CPU 需要至少 2核" 49 | flag=1 50 | else 51 | echo -e "[\033[32m OK \033[0m]" 52 | fi 53 | 54 | echo -ne "Memory Check \t........................ " 55 | memTotal=`cat /proc/meminfo | grep MemTotal | awk '{print $2}'` 56 | if [ $memTotal -lt 3750000 ]; then 57 | echo -e "[\033[31m ERROR \033[0m] 内存小于 4G,JumpServer 所在机器的内存需要至少 4G" 58 | flag=1 59 | else 60 | echo -e "[\033[32m OK \033[0m]" 61 | fi 62 | 63 | echo -ne "Version Check \t........................ " 64 | if [ "${Version:0:1}" == "v" ]; then 65 | if [ "${Version:1:1}" -lt "2" ]; then 66 | echo -e "[\033[31m ERROR \033[0m] 请安装 JumpServer v2.0.0 以上版本, 不支持旧版本安装" 67 | flag=1 68 | else 69 | echo -e "[\033[32m OK \033[0m]" 70 | fi 71 | else 72 | echo -e "[\033[31m ERROR \033[0m] JumpServer 版本号输入错误, 版本号示例: v2.2.2" 73 | flag=1 74 | fi 75 | 76 | if [ $flag -eq 1 ]; then 77 | echo "安装环境检测未通过,请查阅上述环境检测结果" 78 | exit 1 79 | fi 80 | -------------------------------------------------------------------------------- /scripts/docker/daemon.json: -------------------------------------------------------------------------------- 1 | { 2 | "registry-mirrors": ["https://bmtrgdvx.mirror.aliyuncs.com", "https://hub-mirror.c.163.com", "https://dockerhub.azk8s.cn"] 3 | } 4 | -------------------------------------------------------------------------------- /scripts/download.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | 4 | BASE_DIR=$(dirname "$0") 5 | PROJECT_DIR=$(dirname $(cd $(dirname "$0");pwd)) 6 | source ${PROJECT_DIR}/config.conf 7 | 8 | function download_core() { 9 | echo ">> Download Core" 10 | timeout 60s wget -qO $PROJECT_DIR/$Version/jumpserver-$Version.tar.gz https://github.com/jumpserver/jumpserver/releases/download/$Version/jumpserver-$Version.tar.gz || { 11 | rm -f $PROJECT_DIR/$Version/jumpserver-$Version.tar.gz 12 | wget -qO $PROJECT_DIR/$Version/jumpserver-$Version.tar.gz http://demo.jumpserver.org/download/jumpserver/$Version/jumpserver-$Version.tar.gz || { 13 | rm -f $PROJECT_DIR/$Version/jumpserver-$Version.tar.gz 14 | echo "[ERROR] 下载 Core 失败" 15 | exit 1 16 | } 17 | } 18 | } 19 | 20 | function download_lina() { 21 | echo ">> Download Lina" 22 | timeout 60s wget -qO $PROJECT_DIR/$Version/lina-$Version.tar.gz https://github.com/jumpserver/lina/releases/download/$Version/lina-$Version.tar.gz || { 23 | rm -f $PROJECT_DIR/$Version/lina-$Version.tar.gz 24 | wget -qO $PROJECT_DIR/$Version/lina-$Version.tar.gz http://demo.jumpserver.org/download/lina/$Version/lina-$Version.tar.gz || { 25 | rm -f $PROJECT_DIR/$Version/lina-$Version.tar.gz 26 | echo "[ERROR] 下载 Lina 失败" 27 | exit 1 28 | } 29 | } 30 | } 31 | 32 | function download_luna() { 33 | echo ">> Download Luna" 34 | timeout 60s wget -qO $PROJECT_DIR/$Version/luna-$Version.tar.gz https://github.com/jumpserver/luna/releases/download/$Version/luna-$Version.tar.gz || { 35 | rm -f $PROJECT_DIR/$Version/luna-$Version.tar.gz 36 | wget -qO $PROJECT_DIR/$Version/luna-$Version.tar.gz http://demo.jumpserver.org/download/luna/$Version/luna-$Version.tar.gz || { 37 | rm -f $PROJECT_DIR/$Version/luna-$Version.tar.gz 38 | echo "[ERROR] 下载 Luna 失败" 39 | exit 1 40 | } 41 | } 42 | } 43 | 44 | function download_koko(){ 45 | echo ">> Download KoKo" 46 | docker pull jumpserver/jms_koko:$Version || { 47 | echo "[ERROR] 下载 KoKo 失败" 48 | exit 1 49 | } 50 | } 51 | 52 | function download_guacamole() { 53 | echo ">> Download Guacamole" 54 | docker pull jumpserver/jms_guacamole:$Version || { 55 | echo "[ERROR] 下载 Guacamole 失败" 56 | exit 1 57 | } 58 | } 59 | 60 | function main() { 61 | if [ ! -f "$PROJECT_DIR/$Version/jumpserver-$Version.tar.gz" ]; then 62 | download_core 63 | fi 64 | if [ ! -f "$PROJECT_DIR/$Version/lina-$Version.tar.gz" ]; then 65 | download_lina 66 | fi 67 | if [ ! -f "$PROJECT_DIR/$Version/luna-$Version.tar.gz" ]; then 68 | download_luna 69 | fi 70 | if [ ! "$(docker images | grep jms_koko | grep $Version)" ]; then 71 | download_koko 72 | fi 73 | if [ ! "$(docker images | grep jms_guacamole | grep $Version)" ]; then 74 | download_guacamole 75 | fi 76 | } 77 | 78 | main 79 | -------------------------------------------------------------------------------- /scripts/install.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | 4 | BASE_DIR=$(dirname "$0") 5 | PROJECT_DIR=$(dirname $(cd $(dirname "$0");pwd)) 6 | source ${PROJECT_DIR}/config.conf 7 | 8 | function message() { 9 | echo "" 10 | echo -e "JumpServer 部署完成" 11 | echo -ne "请到 $PROJECT_DIR 目录执行" 12 | echo -ne "\033[33m ./jmsctl.sh start \033[0m" 13 | echo -e "启动 \n" 14 | } 15 | 16 | function prepare_install() { 17 | which wget >/dev/null 2>&1 18 | if [ $? -ne 0 ];then 19 | yum install -y wget 20 | fi 21 | if [ ! "$(rpm -qa | grep epel-release)" ]; then 22 | yum install -y epel-release 23 | fi 24 | if grep -q 'mirror.centos.org' /etc/yum.repos.d/CentOS-Base.repo; then 25 | wget -qO /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo 26 | sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo 27 | yum clean all 28 | fi 29 | if grep -q 'mirrors.fedoraproject.org' /etc/yum.repos.d/epel.repo; then 30 | wget -qO /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo 31 | sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/epel.repo 32 | yum clean all 33 | fi 34 | which git >/dev/null 2>&1 35 | if [ $? -ne 0 ];then 36 | yum install -y git 37 | fi 38 | which gcc >/dev/null 2>&1 39 | if [ $? -ne 0 ];then 40 | yum install -y gcc 41 | fi 42 | if [ ! -d "$PROJECT_DIR/$Version" ]; then 43 | mkdir -p $PROJECT_DIR/$Version 44 | yum update -y 45 | fi 46 | if [ ! -d "$install_dir" ]; then 47 | echo "[ERROR] 安装目录 $install_dir 不存在" 48 | exit 1 49 | fi 50 | } 51 | 52 | function main() { 53 | bash $BASE_DIR/check_install_env.sh 54 | if [[ $? != 0 ]]; then 55 | exit 1 56 | fi 57 | prepare_install 58 | bash $BASE_DIR/set_firewall.sh 59 | bash $BASE_DIR/install_docker.sh 60 | if [ $DB_HOST == 127.0.0.1 ]; then 61 | bash $BASE_DIR/install_mysql.sh 62 | fi 63 | if [ $REDIS_HOST == 127.0.0.1 ]; then 64 | bash $BASE_DIR/install_redis.sh 65 | fi 66 | bash $BASE_DIR/install_py3.sh 67 | bash $BASE_DIR/download.sh 68 | if [[ $? != 0 ]]; then 69 | exit 1 70 | fi 71 | bash $BASE_DIR/install_core.sh 72 | if [[ $? != 0 ]]; then 73 | exit 1 74 | fi 75 | bash $BASE_DIR/install_nginx.sh 76 | message 77 | } 78 | 79 | main 80 | -------------------------------------------------------------------------------- /scripts/install_core.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | 4 | BASE_DIR=$(dirname "$0") 5 | PROJECT_DIR=$(dirname $(cd $(dirname "$0");pwd)) 6 | source ${PROJECT_DIR}/config.conf 7 | 8 | function set_firewall() { 9 | firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="$Docker_IP" port protocol="tcp" port="8080" accept" 10 | firewall-cmd --reload 11 | } 12 | 13 | function dec_core() { 14 | tar xf $PROJECT_DIR/$Version/jumpserver-$Version.tar.gz -C $install_dir/ 15 | mv $install_dir/jumpserver-$Version $install_dir/jumpserver 16 | if [ "$(getenforce)" != "Disabled" ]; then 17 | restorecon -R $install_dir/jumpserver/data/ 18 | fi 19 | } 20 | 21 | function prepare_install() { 22 | yum install -y $(cat $install_dir/jumpserver/requirements/rpm_requirements.txt) || { 23 | echo "[ERROR] rpm 依赖安装失败" 24 | exit 1 25 | } 26 | source $install_dir/py3/bin/activate 27 | pip install -r $install_dir/jumpserver/requirements/requirements.txt 28 | if [ $? -ne 0 ];then 29 | echo "[ERROR] python 依赖安装失败" 30 | exit 1 31 | fi 32 | } 33 | 34 | function config_core() { 35 | if [ ! "$SECRET_KEY" ]; then 36 | SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` 37 | sed -i "0,/SECRET_KEY=/s//SECRET_KEY=$SECRET_KEY/" $PROJECT_DIR/config.conf 38 | fi 39 | if [ ! "$BOOTSTRAP_TOKEN" ]; then 40 | BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16` 41 | sed -i "0,/BOOTSTRAP_TOKEN=/s//BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN/" $PROJECT_DIR/config.conf 42 | fi 43 | if [ ! "$Server_IP" ]; then 44 | Server_IP=`ip addr | grep 'state UP' -A2 | grep inet | egrep -v '(127.0.0.1|inet6|docker)' | awk '{print $2}' | tr -d "addr:" | head -n 1 | cut -d / -f1` 45 | fi 46 | cp $install_dir/jumpserver/config_example.yml $install_dir/jumpserver/config.yml 47 | sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" $install_dir/jumpserver/config.yml 48 | sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" $install_dir/jumpserver/config.yml 49 | sed -i "s/# DEBUG: true/DEBUG: false/g" $install_dir/jumpserver/config.yml 50 | sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" $install_dir/jumpserver/config.yml 51 | sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" $install_dir/jumpserver/config.yml 52 | sed -i "s/DB_HOST: 127.0.0.1/DB_HOST: $DB_HOST/g" $install_dir/jumpserver/config.yml 53 | sed -i "s/DB_PORT: 3306/DB_PORT: $DB_PORT/g" $install_dir/jumpserver/config.yml 54 | sed -i "s/DB_USER: jumpserver/DB_USER: $DB_USER/g" $install_dir/jumpserver/config.yml 55 | sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" $install_dir/jumpserver/config.yml 56 | sed -i "s/DB_NAME: jumpserver/DB_NAME: $DB_NAME/g" $install_dir/jumpserver/config.yml 57 | sed -i "s/REDIS_HOST: 127.0.0.1/REDIS_HOST: $REDIS_HOST/g" $install_dir/jumpserver/config.yml 58 | sed -i "s/REDIS_PORT: 6379/REDIS_PORT: $REDIS_PORT/g" $install_dir/jumpserver/config.yml 59 | sed -i "s/# REDIS_PASSWORD: /REDIS_PASSWORD: $REDIS_PASSWORD/g" $install_dir/jumpserver/config.yml 60 | sed -i "s/# WINDOWS_SKIP_ALL_MANUAL_PASSWORD: False/WINDOWS_SKIP_ALL_MANUAL_PASSWORD: True/g" $install_dir/jumpserver/config.yml 61 | } 62 | 63 | function config_systemd() { 64 | cp $BASE_DIR/service/jms_core.service /usr/lib/systemd/system/ 65 | if [ $install_dir != "/opt" ]; then 66 | sed -i "s@/opt@$install_dir@g" /usr/lib/systemd/system/jms_core.service 67 | fi 68 | if [ $DB_HOST != 127.0.0.1 ]; then 69 | sed -i "s/mysqld.service //g" /usr/lib/systemd/system/jms_core.service 70 | fi 71 | if [ $REDIS_HOST != 127.0.0.1 ]; then 72 | sed -i "s/redis.service //g" /usr/lib/systemd/system/jms_core.service 73 | fi 74 | systemctl daemon-reload 75 | systemctl enable jms_core 76 | } 77 | 78 | function install_core() { 79 | echo ">> Install Jms_core" 80 | dec_core 81 | } 82 | 83 | function main() { 84 | if [ ! -d "$install_dir/jumpserver" ]; then 85 | install_core 86 | fi 87 | if [ ! -f "$install_dir/jumpserver/config.yml" ]; then 88 | config_core 89 | fi 90 | prepare_install 91 | if [ ! -f "/usr/lib/systemd/system/jms_core.service" ]; then 92 | config_systemd 93 | fi 94 | if [ "$(systemctl status firewalld | grep Active | grep running)" ]; then 95 | if [ ! "$(firewall-cmd --list-all | grep $Docker_IP)" ]; then 96 | set_firewall 97 | fi 98 | fi 99 | } 100 | 101 | main 102 | -------------------------------------------------------------------------------- /scripts/install_docker.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | 4 | BASE_DIR=$(dirname "$0") 5 | 6 | function prepare_install() { 7 | yum install -y yum-utils device-mapper-persistent-data lvm2 8 | } 9 | 10 | function install_docker() { 11 | echo ">> Install Docker" 12 | prepare_install 13 | yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo 14 | rpm --import https://mirrors.aliyun.com/docker-ce/linux/centos/gpg 15 | yum install -y docker-ce 16 | } 17 | 18 | function config_docker { 19 | mkdir -p /etc/docker/ 20 | cp $BASE_DIR/docker/daemon.json /etc/docker/daemon.json 21 | } 22 | 23 | function start_docker { 24 | systemctl start docker 25 | systemctl enable docker 26 | } 27 | 28 | function main { 29 | which docker >/dev/null 2>&1 30 | if [ $? -ne 0 ];then 31 | install_docker 32 | fi 33 | if [ ! -f "/etc/docker/daemon.json" ]; then 34 | config_docker 35 | fi 36 | if [ ! "$(systemctl status docker | grep Active | grep running)" ]; then 37 | start_docker 38 | fi 39 | } 40 | 41 | main 42 | -------------------------------------------------------------------------------- /scripts/install_guacamole.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | 4 | BASE_DIR=$(dirname "$0") 5 | PROJECT_DIR=$(dirname $(cd $(dirname "$0");pwd)) 6 | source ${PROJECT_DIR}/config.conf 7 | 8 | if [ -f "$PROJECT_DIR/$Version/guacamole.tar" ]; then 9 | docker load < $PROJECT_DIR/$Version/guacamole.tar 10 | fi 11 | 12 | function remove_guacamole() { 13 | docker stop jms_guacamole >/dev/null 2>&1 14 | docker rm jms_guacamole >/dev/null 2>&1 15 | } 16 | 17 | function start_guacamole() { 18 | echo ">> Install Jms_guacamole" 19 | docker run --name jms_guacamole -d -p 127.0.0.1:8081:8080 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN --restart=always jumpserver/jms_guacamole:$Version 20 | } 21 | 22 | function check_guacamole() { 23 | if [ ! "$(docker inspect jms_guacamole | grep BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN)" ] || [ ! "$(docker inspect jms_guacamole | grep JUMPSERVER_SERVER=http://$Server_IP:8080)" ]; then 24 | remove_guacamole 25 | start_guacamole 26 | else 27 | docker start jms_guacamole 28 | fi 29 | } 30 | 31 | function main() { 32 | if [ ! "$(docker ps | grep jms_guacamole:$Version)" ]; then 33 | if [ ! "$(docker ps -a | grep jms_guacamole:$Version)" ]; then 34 | start_guacamole 35 | else 36 | check_guacamole 37 | fi 38 | else 39 | check_guacamole 40 | fi 41 | } 42 | 43 | main 44 | -------------------------------------------------------------------------------- /scripts/install_koko.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | 4 | BASE_DIR=$(dirname "$0") 5 | PROJECT_DIR=$(dirname $(cd $(dirname "$0");pwd)) 6 | source ${PROJECT_DIR}/config.conf 7 | 8 | if [ -f "$PROJECT_DIR/$Version/koko.tar" ]; then 9 | docker load < $PROJECT_DIR/$Version/koko.tar 10 | fi 11 | 12 | function remove_koko() { 13 | docker stop jms_koko >/dev/null 2>&1 14 | docker rm jms_koko >/dev/null 2>&1 15 | } 16 | 17 | function start_koko() { 18 | echo ">> Install Jms_koko" 19 | docker run --name jms_koko -d -p $ssh_port:2222 -p 127.0.0.1:5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN --restart=always --privileged=true jumpserver/jms_koko:$Version 20 | } 21 | 22 | function check_koko() { 23 | if [ ! "$(docker inspect jms_koko | grep BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN)" ] || [ ! "$(docker inspect jms_koko | grep CORE_HOST=http://$Server_IP:8080)" ]; then 24 | remove_koko 25 | start_koko 26 | else 27 | docker start jms_koko 28 | fi 29 | } 30 | 31 | function main() { 32 | if [ ! "$(docker ps | grep jms_koko:$Version)" ]; then 33 | if [ ! "$(docker ps -a | grep jms_koko:$Version)" ]; then 34 | start_koko 35 | else 36 | check_koko 37 | fi 38 | else 39 | check_koko 40 | fi 41 | } 42 | 43 | main 44 | -------------------------------------------------------------------------------- /scripts/install_mysql.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | 4 | BASE_DIR=$(dirname "$0") 5 | PROJECT_DIR=$(dirname $(cd $(dirname "$0");pwd)) 6 | source ${PROJECT_DIR}/config.conf 7 | 8 | function prepare_set() { 9 | yum -y localinstall http://mirrors.ustc.edu.cn/mysql-repo/mysql57-community-release-el7.rpm 10 | } 11 | 12 | function install_mysql() { 13 | echo ">> Install MySQL" 14 | yum install -y mysql-community-server mysql-community-devel 15 | } 16 | 17 | function start_mysql() { 18 | systemctl start mysqld 19 | systemctl enable mysqld 20 | } 21 | 22 | function config_database() { 23 | mysql -uroot -e "create database $DB_NAME default charset 'utf8' collate 'utf8_bin';" 24 | } 25 | 26 | function config_user() { 27 | mysql -uroot -e "drop user '$DB_USER'@'$DB_HOST';" >/dev/null 2>&1 28 | mysql -uroot -e "set global validate_password_policy=LOW;grant all on $DB_NAME.* to '$DB_USER'@'$DB_HOST' identified by '$DB_PASSWORD';flush privileges;" 29 | } 30 | 31 | function config_passwd() { 32 | DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24` 33 | sed -i "0,/DB_PASSWORD=/s//DB_PASSWORD=$DB_PASSWORD/" $PROJECT_DIR/config.conf 34 | } 35 | 36 | function main() { 37 | if [ ! -f "/etc/yum.repos.d/mysql-community.repo" ]; then 38 | prepare_set 39 | fi 40 | if [ ! "$(rpm -qa | grep mysql-community-server)" ]; then 41 | install_mysql 42 | fi 43 | if [ ! "$(cat /usr/bin/mysqld_pre_systemd | grep -v ^\# | grep initialize-insecure )" ]; then 44 | sed -i "s@--initialize @--initialize-insecure @g" /usr/bin/mysqld_pre_systemd 45 | fi 46 | if [ ! "$(systemctl status mysqld | grep Active | grep running)" ]; then 47 | start_mysql 48 | fi 49 | if [ ! "$DB_PASSWORD" ]; then 50 | config_passwd 51 | fi 52 | if [ ! -d "/var/lib/mysql/$DB_NAME" ]; then 53 | config_database 54 | fi 55 | mysql -h$DB_HOST -P$DB_PORT -u$DB_USER -p$DB_PASSWORD -e "use $DB_NAME;" >/dev/null 2>&1 56 | if [ $? -ne 0 ]; then 57 | config_user 58 | fi 59 | } 60 | 61 | main 62 | -------------------------------------------------------------------------------- /scripts/install_nginx.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | 4 | BASE_DIR=$(dirname "$0") 5 | PROJECT_DIR=$(dirname $(cd $(dirname "$0");pwd)) 6 | source ${PROJECT_DIR}/config.conf 7 | 8 | function prepare_set() { 9 | cp $BASE_DIR/nginx/nginx.repo /etc/yum.repos.d/nginx.repo 10 | } 11 | 12 | function install_nginx() { 13 | echo ">> Install Nginx" 14 | yum localinstall -y $BASE_DIR/nginx/nginx-1.18.0-2.el7.ngx.x86_64.rpm 15 | } 16 | 17 | function dec_lina() { 18 | tar xf $PROJECT_DIR/$Version/lina-$Version.tar.gz -C $install_dir/ 19 | mv $install_dir/lina-$Version $install_dir/lina 20 | if [ "$(getenforce)" != "Disabled" ]; then 21 | restorecon -R $install_dir/lina/ 22 | fi 23 | } 24 | 25 | function dec_luna() { 26 | tar xf $PROJECT_DIR/$Version/luna-$Version.tar.gz -C $install_dir/ 27 | mv $install_dir/luna-$Version $install_dir/luna 28 | if [ "$(getenforce)" != "Disabled" ]; then 29 | restorecon -R $install_dir/luna/ 30 | fi 31 | } 32 | 33 | function start_nginx() { 34 | systemctl start nginx 35 | systemctl enable nginx 36 | } 37 | 38 | function config_nginx() { 39 | echo > /etc/nginx/conf.d/default.conf 40 | cp $BASE_DIR/nginx/jumpserver.conf /etc/nginx/conf.d/jumpserver.conf 41 | if [ "$http_port" != "80" ]; then 42 | sed -i "s@listen 80;@listen $http_port;@g" /etc/nginx/conf.d/jumpserver.conf 43 | fi 44 | if [ $install_dir != "/opt" ]; then 45 | sed -i "s@/opt@$install_dir@g" /etc/nginx/conf.d/jumpserver.conf 46 | fi 47 | sed -i "s@worker_processes 1;@worker_processes auto;@g" /etc/nginx/nginx.conf 48 | } 49 | 50 | function main { 51 | if [ ! -f "/etc/yum.repos.d/nginx.repo" ]; then 52 | prepare_set 53 | fi 54 | which nginx >/dev/null 2>&1 55 | if [ $? -ne 0 ];then 56 | install_nginx 57 | fi 58 | if [ ! -f /etc/nginx/conf.d/jumpserver.conf ];then 59 | config_nginx 60 | fi 61 | if [ ! -d "$install_dir/lina" ]; then 62 | dec_lina 63 | fi 64 | if [ ! -d "$install_dir/luna" ]; then 65 | dec_luna 66 | fi 67 | if [ ! "$(systemctl status nginx | grep Active | grep running)" ]; then 68 | start_nginx 69 | fi 70 | } 71 | 72 | main 73 | -------------------------------------------------------------------------------- /scripts/install_py3.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | 4 | BASE_DIR=$(dirname "$0") 5 | PROJECT_DIR=$(dirname $(cd $(dirname "$0");pwd)) 6 | source ${PROJECT_DIR}/config.conf 7 | 8 | function install_python() { 9 | echo ">> Install Python3.6" 10 | yum install -y python36 python36-devel 11 | yum install -y python3-devel 12 | } 13 | 14 | function config_py3() { 15 | python3.6 -m venv $install_dir/py3 16 | if [ ! -f "~/.pydistutils.cfg" ]; then 17 | cp $BASE_DIR/pypi/.pydistutils.cfg ~/.pydistutils.cfg 18 | fi 19 | if [ ! -f "~/.pip/pip.conf" ]; then 20 | mkdir -p ~/.pip 21 | cp $BASE_DIR/pypi/pip.conf ~/.pip/pip.conf 22 | fi 23 | } 24 | 25 | function main() { 26 | which python3.6 >/dev/null 2>&1 27 | if [ $? -ne 0 ];then 28 | install_python 29 | fi 30 | if [ ! -d "$install_dir/py3" ]; then 31 | config_py3 32 | fi 33 | } 34 | 35 | main 36 | -------------------------------------------------------------------------------- /scripts/install_redis.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | 4 | BASE_DIR=$(dirname "$0") 5 | PROJECT_DIR=$(dirname $(cd $(dirname "$0");pwd)) 6 | source ${PROJECT_DIR}/config.conf 7 | 8 | flag=0 9 | 10 | function install_redis() { 11 | echo ">> Install redis" 12 | yum install -y redis 13 | sed -i "s/bind 127.0.0.1/bind 0.0.0.0/g" /etc/redis.conf 14 | sed -i "561i maxmemory-policy allkeys-lru" /etc/redis.conf 15 | } 16 | 17 | function start_redis { 18 | systemctl start redis 19 | systemctl enable redis 20 | } 21 | 22 | function config_redis() { 23 | if [ $REDIS_PORT != 6379 ]; then 24 | sed -i "s/port 6379/port $REDIS_PORT/g" /etc/redis.conf 25 | flag=1 26 | fi 27 | if [ ! "$(cat /etc/redis.conf | grep -v ^\# | grep requirepass)" ]; then 28 | sed -i "481i requirepass $REDIS_PASSWORD" /etc/redis.conf 29 | flag=1 30 | else 31 | sed -i "s/requirepass .*/requirepass $REDIS_PASSWORD/g" /etc/redis.conf 32 | flag=1 33 | fi 34 | if [ $flag == 1 ]; then 35 | systemctl restart redis 36 | fi 37 | } 38 | 39 | function config_passwd() { 40 | REDIS_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24` 41 | sed -i "0,/REDIS_PASSWORD=/s//REDIS_PASSWORD=$REDIS_PASSWORD/" $PROJECT_DIR/config.conf 42 | config_redis 43 | } 44 | 45 | function main { 46 | if [ ! "$(rpm -qa | grep redis)" ]; then 47 | install_redis 48 | fi 49 | if [ ! "$REDIS_PASSWORD" ]; then 50 | config_passwd 51 | else 52 | config_redis 53 | fi 54 | if [ ! "$(systemctl status redis | grep Active | grep running)" ]; then 55 | start_redis 56 | fi 57 | redis-cli -h $REDIS_HOST -p $REDIS_PORT -a $REDIS_PASSWORD info >/dev/null 2>&1 58 | if [ $? -ne 0 ]; then 59 | config_redis 60 | fi 61 | } 62 | 63 | main 64 | -------------------------------------------------------------------------------- /scripts/install_status.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | 4 | BASE_DIR=$(dirname "$0") 5 | PROJECT_DIR=$(dirname $(cd $(dirname "$0");pwd)) 6 | source ${PROJECT_DIR}/config.conf 7 | 8 | flag=0 9 | 10 | function check_mysql() { 11 | echo -ne "MySQL Check \t........................ " 12 | mysql -h$DB_HOST -P$DB_PORT -u$DB_USER -p$DB_PASSWORD -e "use $DB_NAME;" >/dev/null 2>&1 13 | if [ $? -ne 0 ]; then 14 | echo -e "[\033[31m ERROR \033[0m]" 15 | flag=1 16 | else 17 | echo -e "[\033[32m OK \033[0m]" 18 | fi 19 | } 20 | 21 | function check_redis() { 22 | echo -ne "Redis Check \t........................ " 23 | if [ ! "$REDIS_PASSWORD" ]; then 24 | redis-cli -h $REDIS_HOST -p $REDIS_PORT info >/dev/null 2>&1 25 | else 26 | redis-cli -h $REDIS_HOST -p $REDIS_PORT -a $REDIS_PASSWORD info >/dev/null 2>&1 27 | fi 28 | if [ $? -ne 0 ]; then 29 | echo -e "[\033[31m ERROR \033[0m]" 30 | flag=1 31 | else 32 | echo -e "[\033[32m OK \033[0m]" 33 | fi 34 | } 35 | 36 | function check_docker() { 37 | echo -ne "Docke. Check \t........................ " 38 | if [ ! "$(systemctl status docker | grep Active | grep running)" ]; then 39 | echo -e "[\033[31m ERROR \033[0m]" 40 | flag=1 41 | else 42 | echo -e "[\033[32m OK \033[0m]" 43 | fi 44 | } 45 | 46 | function check_py3() { 47 | echo -ne "Py3 Check \t........................ " 48 | if [ ! -d "$install_dir/py3" ]; then 49 | echo -e "[\033[31m ERROR \033[0m]" 50 | flag=1 51 | else 52 | echo -e "[\033[32m OK \033[0m]" 53 | fi 54 | } 55 | 56 | function check_core() { 57 | echo -ne "Core Check \t........................ " 58 | if [ ! "$(systemctl status jms_core | grep Active | grep running)" ]; then 59 | echo -e "[\033[31m ERROR \033[0m]" 60 | flag=1 61 | else 62 | echo -e "[\033[32m OK \033[0m]" 63 | fi 64 | } 65 | 66 | function check_nginx() { 67 | echo -ne "Nginx Check \t........................ " 68 | if [ ! "$(systemctl status nginx | grep Active | grep running)" ]; then 69 | echo -e "[\033[31m ERROR \033[0m]" 70 | flag=1 71 | else 72 | echo -e "[\033[32m OK \033[0m]" 73 | fi 74 | } 75 | 76 | function check_koko() { 77 | echo -ne "Koko Check \t........................ " 78 | if [ ! "$(docker ps | grep jms_koko)" ]; then 79 | echo -e "[\033[31m ERROR \033[0m]" 80 | else 81 | echo -e "[\033[32m OK \033[0m]" 82 | fi 83 | } 84 | 85 | function check_guacamole() { 86 | echo -ne "Guaca. Check \t........................ " 87 | if [ ! "$(docker ps | grep jms_guacamole)" ]; then 88 | echo -e "[\033[31m ERROR \033[0m]" 89 | else 90 | echo -e "[\033[32m OK \033[0m]" 91 | fi 92 | } 93 | 94 | function main() { 95 | check_mysql 96 | check_redis 97 | check_docker 98 | check_nginx 99 | check_py3 100 | check_core 101 | check_koko 102 | check_guacamole 103 | 104 | if [ $flag -eq 1 ]; then 105 | echo -e "[\033[31m ERROR \033[0m] 部分组件出现故障,请查阅上述检测结果" 106 | exit 1 107 | fi 108 | } 109 | 110 | main 111 | -------------------------------------------------------------------------------- /scripts/nginx/jumpserver.conf: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | # server_name _; 4 | 5 | client_max_body_size 1024m; # 录像及文件上传大小限制 6 | 7 | location /ui/ { 8 | try_files $uri / /index.html; 9 | alias /opt/lina/; 10 | expires 24h; 11 | } 12 | 13 | location /luna/ { 14 | try_files $uri / /index.html; 15 | alias /opt/luna/; 16 | expires 24h; 17 | } 18 | 19 | location /media/ { 20 | add_header Content-Encoding gzip; 21 | root /opt/jumpserver/data/; 22 | } 23 | 24 | location /static/ { 25 | root /opt/jumpserver/data/; 26 | expires 24h; 27 | } 28 | 29 | location /koko/ { 30 | proxy_pass http://localhost:5000; 31 | proxy_buffering off; 32 | proxy_http_version 1.1; 33 | proxy_request_buffering off; 34 | proxy_set_header Upgrade $http_upgrade; 35 | proxy_set_header Connection "upgrade"; 36 | proxy_set_header X-Real-IP $remote_addr; 37 | proxy_set_header Host $host; 38 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 39 | access_log off; 40 | } 41 | 42 | location /guacamole/ { 43 | proxy_pass http://localhost:8081/; 44 | proxy_buffering off; 45 | proxy_http_version 1.1; 46 | proxy_request_buffering off; 47 | proxy_set_header Upgrade $http_upgrade; 48 | proxy_set_header Connection $http_connection; 49 | proxy_set_header X-Real-IP $remote_addr; 50 | proxy_set_header Host $host; 51 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 52 | access_log off; 53 | } 54 | 55 | location /ws/ { 56 | proxy_pass http://localhost:8070; 57 | proxy_buffering off; 58 | proxy_http_version 1.1; 59 | proxy_request_buffering off; 60 | proxy_set_header Upgrade $http_upgrade; 61 | proxy_set_header Connection "upgrade"; 62 | proxy_set_header X-Real-IP $remote_addr; 63 | proxy_set_header Host $host; 64 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 65 | } 66 | 67 | location /api/ { 68 | proxy_pass http://localhost:8080; 69 | proxy_set_header X-Real-IP $remote_addr; 70 | proxy_set_header Host $host; 71 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 72 | } 73 | 74 | location /core/ { 75 | proxy_pass http://localhost:8080; 76 | proxy_set_header X-Real-IP $remote_addr; 77 | proxy_set_header Host $host; 78 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 79 | } 80 | 81 | location / { 82 | rewrite ^/(.*)$ /ui/$1 last; 83 | } 84 | } 85 | -------------------------------------------------------------------------------- /scripts/nginx/nginx-1.18.0-2.el7.ngx.x86_64.rpm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/jumpserver/setuptools/25184befaa2b1fcb753a6a76a0945a5e37486c98/scripts/nginx/nginx-1.18.0-2.el7.ngx.x86_64.rpm -------------------------------------------------------------------------------- /scripts/nginx/nginx.repo: -------------------------------------------------------------------------------- 1 | [nginx-stable] 2 | name=nginx stable repo 3 | baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ 4 | gpgcheck=1 5 | enabled=1 6 | gpgkey=https://nginx.org/keys/nginx_signing.key 7 | module_hotfixes=true 8 | -------------------------------------------------------------------------------- /scripts/pypi/.pydistutils.cfg: -------------------------------------------------------------------------------- 1 | [easy_install] 2 | index_url = https://mirrors.aliyun.com/pypi/simple/ 3 | -------------------------------------------------------------------------------- /scripts/pypi/pip.conf: -------------------------------------------------------------------------------- 1 | [global] 2 | index-url = https://mirrors.aliyun.com/pypi/simple/ 3 | 4 | [install] 5 | trusted-host=mirrors.aliyun.com 6 | -------------------------------------------------------------------------------- /scripts/reset.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | 4 | BASE_DIR=$(dirname "$0") 5 | PROJECT_DIR=$(dirname $(cd $(dirname "$0");pwd)) 6 | source ${PROJECT_DIR}/config.conf 7 | 8 | target=$1 9 | 10 | function reset_core() { 11 | echo ">> Reset Jms_core" 12 | mv $install_dir/jumpserver $install_dir/jumpserver_backup 13 | bash $BASE_DIR/install_core.sh 14 | \cp -rf $install_dir/jumpserver_backup/data/* $install_dir/jumpserver/data/* 15 | rm -rf $install_dir/jumpserver_backup 16 | } 17 | 18 | function reset_koko() { 19 | echo ">> Reset Jms_koko" 20 | docker stop jms_koko 21 | docker rm jms_koko 22 | docker run --name jms_koko -d -p $ssh_port:2222 -p 127.0.0.1:5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN --restart=always jumpserver/jms_koko:$Version 23 | } 24 | 25 | function reset_guacamole() { 26 | echo ">> Reset Jms_guacamole" 27 | docker stop jms_guacamole 28 | docker rm jms_guacamole 29 | docker run --name jms_guacamole -d -p 127.0.0.1:8081:8080 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN --restart=always jumpserver/jms_guacamole:$Version 30 | } 31 | 32 | function main() { 33 | case "${target}" in 34 | core) 35 | reset_core 36 | ;; 37 | koko) 38 | reset_koko 39 | ;; 40 | guacamole) 41 | reset_guacamole 42 | ;; 43 | all) 44 | reset_core 45 | reset_koko 46 | reset_guacamole 47 | ;; 48 | *) 49 | echo -e "jmsctl: invalid COMMAND '$target'\n" 50 | echo -e "Usage: jmsctl reset COMMAND\n" 51 | echo -e "Commands:" 52 | echo -e " core 重置 core" 53 | echo -e " koko 重置 koko" 54 | echo -e " guacamole 重置 guacamole" 55 | echo -e " all 重置 core koko gua. " 56 | esac 57 | } 58 | 59 | main 60 | -------------------------------------------------------------------------------- /scripts/service/jms_core.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=JumpServer Core Server 3 | Documentation=https://github.com/jumpserver/jumpserver.git 4 | After=network.target mysqld.service redis.service docker.service 5 | Wants=mysqld.service redis.service docker.service 6 | 7 | [Service] 8 | Type=forking 9 | TimeoutStartSec=0 10 | WorkingDirectory=/opt/jumpserver 11 | PIDFile=/opt/jumpserver/tmp/jms.pid 12 | Environment="PATH=/opt/py3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin" 13 | ExecStart=/opt/jumpserver/jms start -d 14 | ExecReload=/bin/kill -s HUP $MAINPID 15 | ExecStop=/opt/jumpserver/jms stop 16 | 17 | [Install] 18 | WantedBy=multi-user.target 19 | -------------------------------------------------------------------------------- /scripts/set_firewall.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | 4 | BASE_DIR=$(dirname "$0") 5 | PROJECT_DIR=$(dirname $(cd $(dirname "$0");pwd)) 6 | source ${PROJECT_DIR}/config.conf 7 | 8 | function set_firewall() { 9 | if [ ! "$(firewall-cmd --list-all | grep $http_port)" ]; then 10 | firewall-cmd --zone=public --add-port=$http_port/tcp --permanent 11 | firewall-cmd --reload 12 | fi 13 | if [ ! "$(firewall-cmd --list-all | grep $ssh_port)" ]; then 14 | firewall-cmd --zone=public --add-port=$ssh_port/tcp --permanent 15 | firewall-cmd --reload 16 | fi 17 | } 18 | 19 | function set_selinux() { 20 | if [ ! "$(rpm -qa | grep policycoreutils-python)" ]; then 21 | yum install -y policycoreutils-python 22 | fi 23 | setsebool -P httpd_can_network_connect 1 24 | if [ "$http_port" != "80" ]; then 25 | semanage port -a -t http_port_t -p tcp $http_port || { 26 | semanage port -m -t http_port_t -p tcp $http_port || true 27 | } 28 | fi 29 | if [ ! "$(semanage fcontext -l | grep $install_dir/lina)" ]; then 30 | semanage fcontext -a -t httpd_sys_content_t "$install_dir/lina(/.*)?" 31 | fi 32 | if [ ! "$(semanage fcontext -l | grep $install_dir/luna)" ]; then 33 | semanage fcontext -a -t httpd_sys_content_t "$install_dir/luna(/.*)?" 34 | fi 35 | if [ ! "$(semanage fcontext -l | grep $install_dir/jumpserver/data)" ]; then 36 | semanage fcontext -a -t httpd_sys_content_t "$install_dir/jumpserver/data(/.*)?" 37 | fi 38 | } 39 | 40 | function main() { 41 | if [ "$(systemctl status firewalld | grep Active | grep running)" ]; then 42 | set_firewall 43 | fi 44 | if [ "$(getenforce)" != "Disabled" ]; then 45 | set_selinux 46 | fi 47 | } 48 | 49 | main 50 | -------------------------------------------------------------------------------- /scripts/start.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | 4 | BASE_DIR=$(dirname "$0") 5 | PROJECT_DIR=$(dirname $(cd $(dirname "$0");pwd)) 6 | source ${PROJECT_DIR}/config.conf 7 | 8 | function success() { 9 | echo "" 10 | echo -e "JumpServer 启动成功! " 11 | echo -ne "Web 登陆信息: " 12 | echo -e "\033[32mhttp://$Server_IP:$http_port\033[0m" 13 | echo -ne "SSH 登录信息: " 14 | echo -e "\033[32mssh admin@$Server_IP -p$ssh_port\033[0m" 15 | echo -ne "初始用户名密码: " 16 | echo -e "\033[32madmin admin \033[0m\n" 17 | echo -e "\033[33m[如果你是云服务器请在安全组放行 $http_port 和 $ssh_port 端口] \n\033[0m" 18 | } 19 | 20 | function start_mysqld() { 21 | echo -ne "MySQL start \t........................ " 22 | if [ ! "$(systemctl status mysqld | grep Active | grep running)" ]; then 23 | systemctl start mysqld 24 | if [ $? -ne 0 ]; then 25 | echo -e "[\033[31m ERROR \033[0m]" 26 | else 27 | echo -e "[\033[32m OK \033[0m]" 28 | fi 29 | else 30 | echo -e "[\033[32m OK \033[0m]" 31 | fi 32 | } 33 | 34 | function start_redis() { 35 | echo -ne "Redis Start \t........................ " 36 | if [ ! "$(systemctl status redis | grep Active | grep running)" ]; then 37 | systemctl start redis 38 | if [ $? -ne 0 ]; then 39 | echo -e "[\033[31m ERROR \033[0m]" 40 | else 41 | echo -e "[\033[32m OK \033[0m]" 42 | fi 43 | else 44 | echo -e "[\033[32m OK \033[0m]" 45 | fi 46 | } 47 | 48 | function start_docker() { 49 | echo -ne "Docke. Start \t........................ " 50 | if [ ! "$(systemctl status docker | grep Active | grep running)" ]; then 51 | systemctl start docker 52 | if [ $? -ne 0 ]; then 53 | echo -e "[\033[31m ERROR \033[0m]" 54 | else 55 | echo -e "[\033[32m OK \033[0m]" 56 | fi 57 | else 58 | echo -e "[\033[32m OK \033[0m]" 59 | fi 60 | } 61 | 62 | function start_core() { 63 | echo -ne "Core Start \t........................ " 64 | if [ ! "$(systemctl status jms_core | grep Active | grep running)" ]; then 65 | systemctl start jms_core 66 | if [ $? -ne 0 ]; then 67 | echo -e "[\033[31m ERROR \033[0m]" 68 | else 69 | echo -e "[\033[32m OK \033[0m]" 70 | fi 71 | else 72 | echo -e "[\033[32m OK \033[0m]" 73 | fi 74 | } 75 | 76 | function start_koko(){ 77 | echo -ne "Koko Start \t........................ " 78 | bash $BASE_DIR/install_koko.sh >/dev/null 2>&1 79 | if [ ! "$(docker ps | grep jms_koko)" ]; then 80 | systemctl restart docker 81 | docker start jms_koko 82 | if [ $? -ne 0 ]; then 83 | echo -e "[\033[31m ERROR \033[0m]" 84 | else 85 | echo -e "[\033[32m OK \033[0m]" 86 | fi 87 | else 88 | echo -e "[\033[32m OK \033[0m]" 89 | fi 90 | } 91 | 92 | function start_guacamole() { 93 | echo -ne "Guaca. Start \t........................ " 94 | bash $BASE_DIR/install_guacamole.sh >/dev/null 2>&1 95 | if [ ! "$(docker ps | grep jms_guacamole)" ]; then 96 | docker start jms_guacamole 97 | if [ $? -ne 0 ]; then 98 | echo -e "[\033[31m ERROR \033[0m]" 99 | else 100 | echo -e "[\033[32m OK \033[0m]" 101 | fi 102 | else 103 | echo -e "[\033[32m OK \033[0m]" 104 | fi 105 | } 106 | 107 | function start_nginx() { 108 | echo -ne "Nginx Start \t........................ " 109 | if [ ! "$(systemctl status nginx | grep Active | grep running)" ]; then 110 | systemctl start nginx 111 | if [ $? -ne 0 ]; then 112 | echo -e "[\033[31m ERROR \033[0m]" 113 | else 114 | echo -e "[\033[32m OK \033[0m]" 115 | fi 116 | else 117 | echo -e "[\033[32m OK \033[0m]" 118 | fi 119 | } 120 | 121 | function main() { 122 | if [ $DB_HOST == 127.0.0.1 ]; then 123 | start_mysqld 124 | fi 125 | if [ $REDIS_HOST == 127.0.0.1 ]; then 126 | start_redis 127 | fi 128 | start_docker 129 | start_core 130 | start_koko 131 | start_guacamole 132 | start_nginx 133 | echo "" 134 | bash $BASE_DIR/install_status.sh 135 | if [[ $? != 0 ]]; then 136 | exit 1 137 | fi 138 | success 139 | } 140 | 141 | main 142 | -------------------------------------------------------------------------------- /scripts/stop.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | 4 | BASE_DIR=$(dirname "$0") 5 | PROJECT_DIR=$(dirname $(cd $(dirname "$0");pwd)) 6 | source ${PROJECT_DIR}/config.conf 7 | 8 | function stop_koko() { 9 | echo -ne "Koko Stop \t........................ " 10 | docker stop jms_koko >/dev/null 2>&1 11 | if [ $? -ne 0 ];then 12 | echo -e "[\033[31m ERROR \033[0m]" 13 | else 14 | echo -e "[\033[32m OK \033[0m]" 15 | fi 16 | } 17 | 18 | function stop_guacamole() { 19 | echo -ne "Guaca. Stop \t........................ " 20 | docker stop jms_guacamole >/dev/null 2>&1 21 | if [ $? -ne 0 ];then 22 | echo -e "[\033[31m ERROR \033[0m]" 23 | else 24 | echo -e "[\033[32m OK \033[0m]" 25 | fi 26 | } 27 | 28 | function stop_core() { 29 | echo -ne "Core Stop \t........................ " 30 | systemctl stop jms_core 31 | if [ $? -ne 0 ];then 32 | echo -e "[\033[31m ERROR \033[0m]" 33 | else 34 | echo -e "[\033[32m OK \033[0m]" 35 | fi 36 | if [ "$(ps aux | grep -v grep | grep py3)" ]; then 37 | ps aux | grep py3 | grep -v grep | awk '{print $2}' | xargs kill -9 38 | fi 39 | rm -f $install_dir/jumpserver/tmp/*.pid 40 | } 41 | 42 | function main() { 43 | stop_koko 44 | stop_guacamole 45 | stop_core 46 | echo "" 47 | } 48 | 49 | main 50 | -------------------------------------------------------------------------------- /scripts/uninstall.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | 4 | BASE_DIR=$(dirname "$0") 5 | PROJECT_DIR=$(dirname $(cd $(dirname "$0");pwd)) 6 | source ${PROJECT_DIR}/config.conf 7 | 8 | echo -e "\033[31m 准备从系统中卸载 jumpserver \033[0m" 9 | 10 | if [ "$(systemctl status nginx | grep Active | grep running)" ]; then 11 | systemctl stop nginx 12 | fi 13 | rm -f /etc/nginx/conf.d/jumpserver.conf 14 | 15 | if [ "$(systemctl status docker | grep Active | grep running)" ]; then 16 | docker stop jms_koko jms_guacamole 17 | docker rm jms_koko jms_guacamole 18 | docker rmi jumpserver/jms_koko:$Version jumpserver/jms_guacamole:$Version 19 | systemctl stop docker 20 | fi 21 | 22 | if [ "$(systemctl status jms_core | grep Active | grep running)" ]; then 23 | systemctl stop jms_core 24 | fi 25 | rm -f /usr/lib/systemd/system/jms_core.service 26 | rm -rf $install_dir/py3 27 | rm -rf $install_dir/lina 28 | rm -rf $install_dir/luna 29 | rm -rf $install_dir/jumpserver 30 | 31 | if [ $REDIS_HOST == 127.0.0.1 ]; then 32 | if [ "$(systemctl status redis | grep Active | grep running)" ]; then 33 | if [ ! "$REDIS_PASSWORD" ]; then 34 | redis-cli -h $REDIS_HOST -p $REDIS_PORT flushall 35 | else 36 | redis-cli -h $REDIS_HOST -p $REDIS_PORT -a $REDIS_PASSWORD flushall 37 | fi 38 | systemctl stop redis 39 | fi 40 | fi 41 | if [ $DB_HOST == 127.0.0.1 ]; then 42 | if [ "$(systemctl status mysqld | grep Active | grep running)" ]; then 43 | mysql -uroot -e"drop user '$DB_USER'@'$DB_HOST';drop database $DB_NAME;flush privileges;" 44 | systemctl stop mysqld 45 | fi 46 | fi 47 | 48 | if [ "$(systemctl status firewalld | grep Active | grep running)" ]; then 49 | if [ "$(firewall-cmd --list-all | grep $http_port)" ]; then 50 | firewall-cmd --zone=public --remove-port=$http_port/tcp --permanent 51 | firewall-cmd --reload 52 | fi 53 | if [ "$(firewall-cmd --list-all | grep $ssh_port)" ]; then 54 | firewall-cmd --zone=public --remove-port=$ssh_port/tcp --permanent 55 | firewall-cmd --reload 56 | fi 57 | if [ "$(firewall-cmd --list-all | grep 8080)" ]; then 58 | if [ "$Docker_IP" ]; then 59 | firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="$Docker_IP" port protocol="tcp" port="8080" accept" 60 | firewall-cmd --reload 61 | fi 62 | fi 63 | fi 64 | 65 | if [ "$(getenforce)" != "Disabled" ]; then 66 | if [ "$http_port" != "80" ]; then 67 | semanage port -d -t http_port_t -p tcp $http_port || true 68 | fi 69 | if [ "$(semanage fcontext -l | grep $install_dir/lina)" ]; then 70 | semanage fcontext -d -t httpd_sys_content_t "$install_dir/lina(/.*)?" 71 | fi 72 | if [ "$(semanage fcontext -l | grep $install_dir/luna)" ]; then 73 | semanage fcontext -d -t httpd_sys_content_t "$install_dir/luna(/.*)?" 74 | fi 75 | if [ "$(semanage fcontext -l | grep $install_dir/jumpserver/data)" ]; then 76 | semanage fcontext -d -t httpd_sys_content_t "$install_dir/jumpserver/data(/.*)?" 77 | fi 78 | fi 79 | 80 | echo -e "\033[31m 已经成功清理 jumpserver 相关文件 \033[0m" 81 | echo -e "\033[31m 请自行卸载 docker nginx redis mysql 服务 \033[0m" 82 | echo -e "\033[31m yum remove -y docker-ce docker-ce-cli nginx redis mysql \033[0m" 83 | echo -e "\033[31m 卸载完成后请重启服务器清空路由表 \033[0m" 84 | -------------------------------------------------------------------------------- /scripts/upgrade.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # 3 | 4 | BASE_DIR=$(dirname "$0") 5 | PROJECT_DIR=$(dirname $(cd $(dirname "$0");pwd)) 6 | source ${PROJECT_DIR}/config.conf 7 | 8 | Upgrade_Version=$(curl -s -L http://demo.jumpserver.org/download/latest) 9 | 10 | if [ $Version == $Upgrade_Version ]; then 11 | echo -e "\033[31m $Version 已是最新版本 \033[0m" 12 | exit 0 13 | fi 14 | 15 | echo -e "\033[33m 准备从 $Version 升级到 $Upgrade_Version ... \033[0m" 16 | jumpserver_backup=${PROJECT_DIR}/backup/$Version 17 | if [ ! -d "$jumpserver_backup" ]; then 18 | mkdir -p $jumpserver_backup 19 | fi 20 | 21 | if [ ! -d "$install_dir/jumpserver" ]; then 22 | if [ ! -d "$jumpserver_backup/jumpserver" ]; then 23 | echo -e "\033[31m [ERROR] jumpserver 未安装或者目录不正确 \033[0m" 24 | exit 1 25 | fi 26 | fi 27 | 28 | if [ ! -d "$PROJECT_DIR/$Upgrade_Version" ]; then 29 | mkdir -p $PROJECT_DIR/$Upgrade_Version 30 | fi 31 | 32 | if [ "${Version:0:1}" == "1" ] || [ "${Version:1:1}" -le "2" ] || [ "${Version:3:1}" -le "4" ]; then 33 | echo -e "\033[33m* v2.5.0 开始, 数据库只支持 MySQL >= 5.7 *\033[0m" 34 | if [ $DB_HOST == 127.0.0.1 ]; then 35 | if [ ! "$(rpm -qa | grep mysql-community-server)" ]; then 36 | echo -e "\033[31m [ERROR] mysql 未正确部署 \033[0m" 37 | exit 1 38 | fi 39 | else 40 | read -p "确定环境无误请按 y 继续升级: " a 41 | if [ "$a" != "y" -a "$a" != "Y" ]; then 42 | exit 1 43 | fi 44 | fi 45 | fi 46 | 47 | if [ ! -f "$PROJECT_DIR/$Upgrade_Version/jumpserver-$Upgrade_Version.tar.gz" ]; then 48 | timeout 60s wget -qO wget -qO $PROJECT_DIR/$Upgrade_Version/jumpserver-$Upgrade_Version.tar.gz https://github.com/jumpserver/jumpserver/releases/download/$Upgrade_Version/jumpserver-$Upgrade_Version.tar.gz || { 49 | rm -f $PROJECT_DIR/$Upgrade_Version/jumpserver-$Upgrade_Version.tar.gz 50 | wget -qO $PROJECT_DIR/$Upgrade_Version/jumpserver-$Upgrade_Version.tar.gz http://demo.jumpserver.org/download/jumpserver/$Upgrade_Version/jumpserver-$Upgrade_Version.tar.gz || { 51 | rm -f $PROJECT_DIR/$Upgrade_Version/jumpserver-$Upgrade_Version.tar.gz 52 | echo -e "\033[31m [ERROR] 下载 jumpserver 失败, 请检查网络是否正常或尝试重新执行升级脚本 \033[0m" 53 | exit 1 54 | } 55 | } 56 | fi 57 | 58 | rm -rf $install_dir/lina* 59 | if [ ! -f "$PROJECT_DIR/$Upgrade_Version/lina-$Upgrade_Version.tar.gz" ]; then 60 | timeout 60s wget -qO $PROJECT_DIR/$Upgrade_Version/lina-$Upgrade_Version.tar.gz https://github.com/jumpserver/lina/releases/download/$Upgrade_Version/lina-$Upgrade_Version.tar.gz || { 61 | rm -f $PROJECT_DIR/$Upgrade_Version/lina-$Upgrade_Version.tar.gz 62 | wget -qO $PROJECT_DIR/$Upgrade_Version/lina-$Upgrade_Version.tar.gz http://demo.jumpserver.org/download/lina/$Upgrade_Version/lina-$Upgrade_Version.tar.gz || { 63 | rm -f $PROJECT_DIR/$Upgrade_Version/lina-$Upgrade_Version.tar.gz 64 | echo -e "\033[31m [ERROR] 下载 lina 失败, 请检查网络是否正常或尝试重新执行升级脚本 \033[0m" 65 | exit 1 66 | } 67 | } 68 | fi 69 | tar -xf $PROJECT_DIR/$Upgrade_Version/lina-$Upgrade_Version.tar.gz -C $install_dir 70 | mv $install_dir/lina-$Upgrade_Version $install_dir/lina 71 | 72 | rm -rf $install_dir/luna* 73 | if [ ! -f "$PROJECT_DIR/$Upgrade_Version/luna-$Upgrade_Version.tar.gz" ]; then 74 | timeout 60s wget -qO $PROJECT_DIR/$Upgrade_Version/luna-$Upgrade_Version.tar.gz https://github.com/jumpserver/luna/releases/download/$Upgrade_Version/luna-$Upgrade_Version.tar.gz || { 75 | rm -f $PROJECT_DIR/$Upgrade_Version/luna-$Upgrade_Version.tar.gz 76 | wget -qO $PROJECT_DIR/$Upgrade_Version/luna-$Upgrade_Version.tar.gz http://demo.jumpserver.org/download/luna/$Upgrade_Version/luna-$Upgrade_Version.tar.gz || { 77 | rm -f $PROJECT_DIR/$Upgrade_Version/luna-$Upgrade_Version.tar.gz 78 | echo -e "\033[31m [ERROR] 下载 luna 失败, 请检查网络是否正常或尝试重新执行升级脚本 \033[0m" 79 | exit 1 80 | } 81 | } 82 | fi 83 | tar -xf $PROJECT_DIR/$Upgrade_Version/luna-$Upgrade_Version.tar.gz -C $install_dir 84 | mv $install_dir/luna-$Upgrade_Version $install_dir/luna 85 | 86 | if [ -f "$PROJECT_DIR/$Upgrade_Version/koko.tar" ]; then 87 | docker load < $PROJECT_DIR/$Upgrade_Version/koko.tar 88 | fi 89 | 90 | if [ -f "$PROJECT_DIR/$Upgrade_Version/guacamole.tar" ]; then 91 | docker load < $PROJECT_DIR/$Upgrade_Version/guacamole.tar 92 | fi 93 | 94 | if [ ! "$(docker images | grep jms_koko | grep $Upgrade_Version)" ]; then 95 | docker pull jumpserver/jms_koko:$Upgrade_Version || { 96 | echo -e "\033[31m [ERROR] 下载 koko 镜像失败, 请检查网络是否正常或尝试重新执行升级脚本 \033[0m" 97 | exit 1 98 | } 99 | fi 100 | 101 | if [ ! "$(docker images | grep jms_guacamole | grep $Upgrade_Version)" ]; then 102 | docker pull jumpserver/jms_guacamole:$Upgrade_Version || { 103 | echo -e "\033[31m [ERROR] 下载 guacamole 镜像失败, 请检查网络是否正常或尝试重新执行升级脚本 \033[0m" 104 | exit 1 105 | } 106 | fi 107 | 108 | docker stop jms_koko jms_guacamole >/dev/null 2>&1 109 | docker rm jms_koko jms_guacamole >/dev/null 2>&1 110 | systemctl stop jms_core 111 | 112 | if [ ! -d "$jumpserver_backup/jumpserver" ]; then 113 | mv $install_dir/jumpserver $jumpserver_backup/ 114 | echo -e "\033[33m >>> 已备份文件到 $jumpserver_backup <<< \033[0m" 115 | fi 116 | 117 | if [ ! -f "$jumpserver_backup/$DB_NAME.sql" ]; then 118 | mysqldump -h$DB_HOST -P$DB_PORT -u$DB_USER -p$DB_PASSWORD $DB_NAME > $jumpserver_backup/$DB_NAME.sql 119 | echo -e "\033[33m >>> 已备份数据库到 $jumpserver_backup <<< \033[0m" 120 | fi 121 | 122 | if [ ! -d "$install_dir/jumpserver" ]; then 123 | tar -xf $PROJECT_DIR/$Upgrade_Version/jumpserver-$Upgrade_Version.tar.gz -C $install_dir 124 | mv $install_dir/jumpserver-$Upgrade_Version $install_dir/jumpserver 125 | fi 126 | 127 | if [ ! -f "$install_dir/jumpserver/config.yml" ]; then 128 | cp $jumpserver_backup/jumpserver/config.yml $install_dir/jumpserver/ 129 | \cp -rf $jumpserver_backup/jumpserver/data/* $install_dir/jumpserver/data/ 130 | fi 131 | 132 | source $install_dir/py3/bin/activate 133 | pip install --upgrade pip setuptools 134 | pip install -r $install_dir/jumpserver/requirements/requirements.txt || { 135 | echo -e "\033[31m [ERROR] 升级 python 依赖失败, 请检查网络是否正常或者更换 pypi 源 \033[0m" 136 | exit 1 137 | } 138 | 139 | if [ ! "$(systemctl status jms_core | grep Active | grep running)" ]; then 140 | systemctl start jms_core 141 | fi 142 | 143 | if [ "${Version:0:1}" == "1" ]; then 144 | if [ -f "/etc/nginx/conf.d/jumpserver.conf" ]; then 145 | if [ ! -f "$jumpserver_backup/jumpserver.conf" ]; then 146 | mv /etc/nginx/conf.d/jumpserver.conf $jumpserver_backup/ 147 | else 148 | rm -f /etc/nginx/conf.d/jumpserver.conf 149 | fi 150 | fi 151 | if [ ! -f "$PROJECT_DIR/$Upgrade_Version/jumpserver.conf" ]; then 152 | wget -qO $PROJECT_DIR/$Upgrade_Version/jumpserver.conf http://demo.jumpserver.org/download/nginx/conf.d/latest/jumpserver.conf || { 153 | rm -f $PROJECT_DIR/$Upgrade_Version/jumpserver.conf 154 | echo -e "\033[31m [ERROR] 下载 nginx 配置文件失败" 155 | } 156 | fi 157 | cp $PROJECT_DIR/$Upgrade_Version/jumpserver.conf /etc/nginx/conf.d/jumpserver.conf 158 | if [ "$http_port" != "80" ]; then 159 | sed -i "s@listen 80;@listen $http_port;@g" /etc/nginx/conf.d/jumpserver.conf 160 | fi 161 | if [ $install_dir != "/opt" ]; then 162 | sed -i "s@/opt@$install_dir@g" /etc/nginx/conf.d/jumpserver.conf 163 | fi 164 | sed -i "s@worker_processes 1;@worker_processes auto;@g" /etc/nginx/nginx.conf 165 | if [ "$(getenforce)" != "Disabled" ]; then 166 | if [ ! "$(semanage fcontext -l | grep $install_dir/lina)" ]; then 167 | semanage fcontext -a -t httpd_sys_content_t "$install_dir/lina(/.*)?" 168 | restorecon -R $install_dir/lina/ 169 | fi 170 | fi 171 | nginx -s reload 172 | systemctl restart nginx 173 | fi 174 | 175 | docker run --name jms_koko -d -p $ssh_port:2222 -p 127.0.0.1:5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN --restart=always --privileged=true jumpserver/jms_koko:$Upgrade_Version || { 176 | echo -e "\033[31m [ERROR] jms_koko 镜像下载失败, 请检查网络是否正常或者手动 pull 镜像 \033[0m" 177 | exit 1 178 | } 179 | 180 | docker run --name jms_guacamole -d -p 127.0.0.1:8081:8080 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN --restart=always jumpserver/jms_guacamole:$Upgrade_Version || { 181 | echo -e "\033[31m [ERROR] jms_guacamole 镜像下载失败, 请检查网络是否正常或者手动 pull 镜像 \033[0m" 182 | exit 1 183 | } 184 | 185 | docker rmi jumpserver/jms_koko:$Version jumpserver/jms_guacamole:$Version >/dev/null 2>&1 186 | 187 | sed -i "s/Version=$Version/Version=$Upgrade_Version/g" ${PROJECT_DIR}/config.conf 188 | 189 | echo "" 190 | echo -e "\033[33m >>> 已升级版本至 $Upgrade_Version <<< \n \033[0m" 191 | --------------------------------------------------------------------------------