欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  科技

Jumpserver堡垒机搭建(脚本自动化)

程序员文章站 2022-07-01 22:44:04
1 #!/bin/bash 2 # coding: utf-8 3 # Copyright (c) 2018 4 5 set -e #返回值为非0时,退出脚本 6 7 echo "0. 系统的一些配置" 8 setenforce 0 || true 9 systemctl stop iptables... ......
  1 #!/bin/bash
  2 # coding: utf-8
  3 # copyright (c) 2018
  4 
  5 set -e        #返回值为非0时,退出脚本
  6 
  7 echo "0. 系统的一些配置"
  8 setenforce 0 || true
  9 systemctl stop iptables.service || true >/dev/null 2>&1
 10 systemctl stop firewalld.service || true >/dev/null 2>&1
 11 
 12 localedef -c -f utf-8 -i zh_cn zh_cn.utf-8
 13 export lc_all=zh_cn.utf-8
 14 echo 'lang=zh_cn.utf-8' > /etc/sysconfig/i18n
 15 
 16 echo "1. 备份yum"
 17 {
 18 for i in /etc/yum.repos.d/*.repo;do cp $i ${i%.repo}.bak;done
 19 rm -rf /etc/yum.repos.d/*.repo
 20 } || {
 21 echo "yum出错,请更换源重新运行"
 22 exit 1
 23 }
 24 
 25 echo "2. 获取网络yum"
 26 {
 27 wget -p /etc/yum.repos.d/ http://mirrors.aliyun.com/repo/centos-7.repo >/dev/null 2>&1
 28 wget -p /etc/yum.repos.d/ http://mirrors.163.com/.help/centos7-base-163.repo >/dev/null 2>&1
 29 yum clean >/dev/null 2>&1
 30 yum repolist >/dev/null 2>&1
 31 } || {
 32 echo "yum出错,请更换源重新运行"
 33 exit 1
 34 }
 35 
 36 
 37 echo "3. 安装基本依赖"
 38 {
 39 yum update -y>/dev/null && yum install wget unzip epel-release nginx sqlite-devel xz gcc automake zlib-devel openssl-devel redis mariadb mariadb-devel mariadb-server supervisor -y >/dev/null 2>&1
 40 } || {
 41 echo "yum出错,请更换源重新运行"
 42 exit 1
 43 }
 44 
 45 
 46 echo "4. 准备python"
 47 {
 48 cd /opt/
 49 wget https://www.python.org/ftp/python/3.6.1/python-3.6.1.tar.xz -o /opt/python-3.6.1.tar.xz >/dev/null 2>&1
 50 } || {
 51 echo "pyhton 依赖包下载出错,请尝试使用特殊工具进行手工下载https://www.python.org/ftp/python/3.6.1/python-3.6.1.tar.xz ,并且放至于/opt/python-3.6.1.tar.xz,如您是手工下载,请注释上面wget命令再运行本脚本"
 52 exit 1
 53 }
 54 {
 55 tar xf python-3.6.1.tar.xz && cd python-3.6.1 && ./configure>/dev/null && make>/dev/null && make install >/dev/null 2>&1 
 56 } || {
 57 echo "解压或编译python出错,请尝试使用上面的命令手工解压或编译,如手工操作成功,请注释上述代码再运行本脚本"
 58 exit 1
 59 }
 60 {
 61 python3 -m venv py3
 62 } || {
 63 echo "建立python虚拟环境出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本"
 64 exit 1
 65 }
 66 
 67 echo "5. 下载jummpserver包并解压"
 68 {
 69 wget https://github.com/jumpserver/jumpserver/archive/1.0.0.zip -o /opt/jumpserver.zip >/dev/null 2>&1 
 70 } || {
 71 echo "下载jumpserver包出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本"
 72 exit 1
 73 }
 74 {
 75 wget https://github.com/jumpserver/coco/archive/1.0.0.zip -o /opt/coco.zip >/dev/null 2>&1 
 76 } || {
 77 echo "下载coco包出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本"
 78 exit 1
 79 }
 80 {
 81 wget https://github.com/jumpserver/luna/releases/download/v1.0.0/luna.tar.gz -o /opt/luna.tar.gz >/dev/null 2>&1 
 82 } || {
 83 echo "下载luna包出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本"
 84 exit 1
 85 }
 86 {
 87 cd /opt
 88 unzip coco.zip >/dev/null && mv coco-1.0.0 coco && unzip jumpserver.zip >/dev/null && mv jumpserver-1.0.0 jumpserver && tar xzf luna.tar.gz >/dev/null 2>&1 
 89 } || {
 90 echo "解压出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本"
 91 exit 1
 92 }
 93 
 94 echo "6. 安装yum依赖"
 95 {
 96 yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt) >/dev/null && yum -y install $(cat /opt/coco/requirements/rpm_requirements.txt) >/dev/null 2>&1
 97 } || {
 98 echo "安装jumpserver的依赖出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本"
 99 exit 1
100 }
101 
102 echo "7. 安装pip依赖"
103 {
104 python3 -m venv py3 && \
105 source /opt/py3/bin/activate && pip install --upgrade pip>/dev/null && pip install -r /opt/jumpserver/requirements/requirements.txt>/dev/null && pip install -r /opt/coco/requirements/requirements.txt >/dev/null 2>&1
106 } || {
107 echo "安装jumpserver的依赖出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本"
108 exit 1
109 }
110 
111 echo "8. 创建数据库"
112 mkdir -p /opt/mysql/share/mysql/
113 {
114 wget https://github.com/jumpserver/dockerfile/blob/mysql/alpine/mysql_security.sql?raw=true -o /opt/mysql/mysql_security.sql >/dev/null 2>&1
115 wget https://github.com/jumpserver/dockerfile/blob/mysql/alpine/mysql.cnf?raw=true -o /etc/my.cnf >/dev/null 2>&1
116 wget https://github.com/jumpserver/dockerfile/blob/mysql/alpine/errmsg.sys?raw=true -o /opt/mysql/share/mysql/errmsg.sys >/dev/null 2>&1
117 } || {
118 echo "下载数据库依赖文件出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本"
119 exit 1
120 }
121 
122 echo "9. 准备文件"
123 {
124 wget https://github.com/jumpserver/dockerfile/blob/mysql/alpine/nginx.conf?raw=true -o /etc/nginx/nginx.conf >/dev/null 2>&1
125 wget https://github.com/jumpserver/dockerfile/blob/mysql/alpine/supervisord.conf?raw=true -o /etc/supervisord.conf >/dev/null 2>&1
126 wget https://github.com/jumpserver/dockerfile/blob/mysql/alpine/jumpserver_conf.py?raw=true -o /opt/jumpserver/config.py >/dev/null 2>&1
127 wget https://github.com/jumpserver/dockerfile/blob/mysql/alpine/coco_conf.py?raw=true -o /opt/coco/conf.py >/dev/null 2>&1
128 wget https://github.com/jumpserver/dockerfile/blob/mysql/alpine/start_jms.sh?raw=true -o /opt/start_jms.sh >/dev/null 2>&1
129 } || {
130 echo "下载配置文件出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本"
131 exit 1
132 }
133 
134 echo "10. 安装docker"
135 yum check-update >/dev/null 2>&1
136 {
137 yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo >/dev/null && yum clean all>/dev/null && yum repolist >/dev/null 2>&1
138 yum -y install epel-release docker-ce >/dev/null 2>&1
139 systemctl start docker
140 tee -a /etc/sysctl.conf <<-eof    
141 net.bridge.bridge-nf-call-ip6tables = 1
142 net.bridge.bridge-nf-call-iptables = 1
143 eof
144 sysctl -p >/dev/null 2>&1
145 
146 tee -a /etc/docker/daemon.json <<-eof
147 {
148 "registry-mirrors": [
149 "https://registry.docker-cn.com"
150 ]
151 }
152 eof
153 } || {
154 echo "安装docker 出错,请尝试手工执行,如手工操作成功,请注释上述代码再运行本脚本"
155 exit 1
156 }
157 
158 systemctl daemon-reload 
159 systemctl restart docker
160 
161 
162 echo "11. 安装guacamole"
163 host_ip=`python -c "import socket;print([(s.connect(('8.8.8.8', 53)), s.getsockname()[0], s.close()) for s in [socket.socket(socket.af_inet, socket.sock_dgram)]][0][1])"`
164 
165 docker run --name jms_guacamole -d \
166 --restart always \
167 -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \
168 -e jumpserver_key_dir=/config/guacamole/key \
169 -e jumpserver_server=http://$host_ip:8080 \
170 registry.jumpserver.org/public/guacamole:1.0.0
171 
172 echo "12. 配置nginx"
173 yum -y install nginx >/dev/null 2>&1
174 cat << eof > /etc/nginx/conf.d/jumpserver.conf
175 server {
176 listen 80;
177 
178 proxy_set_header x-real-ip $remote_addr;
179 proxy_set_header host $host;
180 proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
181 
182 location /luna/ {
183 try_files $uri / /index.html;
184 alias /opt/luna/;
185 }
186 
187 location /media/ {
188 add_header content-encoding gzip;
189 root /opt/jumpserver/data/;
190 }
191 
192 location /static/ {
193 root /opt/jumpserver/data/;
194 }
195 
196 location /socket.io/ {
197 proxy_pass http://localhost:5000/socket.io/; # 如果coco安装在别的服务器,请填写它的ip
198 proxy_buffering off;
199 proxy_http_version 1.1;
200 proxy_set_header upgrade $http_upgrade;
201 proxy_set_header connection "upgrade";
202 }
203 
204 location /guacamole/ {
205 proxy_pass http://localhost:8081/; # 如果guacamole安装在别的服务器,请填写它的ip
206 proxy_buffering off;
207 proxy_http_version 1.1;
208 proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
209 proxy_set_header upgrade $http_upgrade;
210 proxy_set_header connection $http_connection;
211 access_log off;
212 }
213 
214 location / {
215 proxy_pass http://localhost:8080; # 如果jumpserver安装在别的服务器,请填写它的ip
216 }
217 }
218 
219 eof
220 
221 mkdir -p /opt/nginx/log && chmod -r 777 /opt/nginx
222 {
223 systemctl restart nginx
224 systemctl enable nginx
225 } || {
226 service restart nginx
227 } || {
228 nginx -s reload
229 } || {
230 echo "请检查nginx的启动命令"
231 exit 1
232 }
233 
234 chmod +x /opt/start_jms.sh
235 echo " 安装完成,请运行/opt/start_jms.sh启动jumpserver"