JumpServer手动部署

您所在的位置：网站首页 › jumpserver迁移 › JumpServer手动部署

JumpServer手动部署

2022-11-28 03:19| 来源: 网络整理| 查看: 265

1、服务器准备：

硬盘配置：2核CPU、4G内存、50G以上硬盘。

需要安装的软件：

python3.6

mysql大于5.6

redis 缓存型数据库

2、环境准备：

1）关闭防火墙：

systemctl stop firewalld && systemctl disable firewalld

2）配置SELINUX：

sed -i '/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux

3）配置yum源：

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo # 清空原有的yum缓存 # 生成新的yum源，便于加速软件下载 yum clean all yum makecache

4）安装系统初始化所需要的软件：

yum install -y bash-completion vim lrzsz wget expect net-tools nc nmap tree dos2unix htop iftop iotop unzip telnet sl psmisc nethogs glances bc ntpdate openldap-devel

5）安装jumpserver运行所需的依赖环境：

yum -y install git python-pip gcc automake autoconf python-devel vim sshpass lrzsz readline-devel zlib zlib-devel openssl openssl-devel

3、部署mysql5.6：

1）获取mysql5.6包：

wget https://cdn.mysql.com//Downloads/MySQL-5.6/MySQL-5.6.49-1.el7.x86_64.rpm-bundle.tar # 解压数据包 mkdir mysql tar xvf MySQL-5.6.49-1.el7.x86_64.rpm-bundle.tar -C ./mysql # 使用yum工具安装一系列的rpm包 cd mysql yum localinstall * -y

2）修改my.cnf配置文件：

[mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 # Settings user and group are ignored when systemd is used. # If you need to run mysqld under a different user or group, # customize your systemd unit file for mariadb according to the # instructions in http://fedoraproject.org/wiki/Systemd [mysqld_safe] log-error=/var/log/mysql/mysql.log pid-file=/var/run/mysql/mysql.pid # # include all files from the config directory # !includedir /etc/my.cnf.d

将此处的Mariadb都改成mysql。

3）启动mysql：

systemctl start mysql.service

4）对Mysql进行初始化：

[root@vm1 ~]# cat ~/.mysql_secret # The random password set for the root user at Sat Nov 12 22:57:18 2022 (local time): thQgdfSvwS5v1l0j

mysql5.6安装完毕之后，会默认生成一个随机密码。

修改原有的密码，并登录到数据库：

[root@vm1 ~]# mysqladmin -uroot -pthQgdfSvwS5v1l0j password ngs123 Warning: Using a password on the command line interface can be insecure.

5）登录到数据库、并创建jumpserver数据库：

mysql -uroot -pngs123 mysql> create database jumpserver default charset 'utf8' collate 'utf8_bin';

创建jumpserver用户：

mysql> create user 'jumpserver'@'%' identified by 'ngs123';

授权该用户访问jumpserver的权限：

mysql> grant all privileges on jumpserver.* to 'jumpserver'@'%' identified by 'ngs123'; mysql> flush privileges;

至此mysql5.6部署完毕。

4、部署python3.6

jumpserver启动的时候有一个后台程序，这个程序是python开发的，所以要准备好python环境，才能运行代码。

1）下载python3.6代码：

wget https://www.python.org/ftp/python/3.6.10/Python-3.6.10.tgz

2）解压python3.6的包，并进行编译安装：

tar -xvf Python-3.6.10.gz cd Python-3.6.10 ./configure --prefix=/usr/local/python3 make && make install

3）配置python3的环境变量，可以直接使用python：

echo "PATH="/usr/local/python3/bin:$PATH"" >> /etc/profile source /etc/profile echo $PATH

4）输入python进行测试：

python3.6

这样，python安装配置成功。

5）创建python3的虚拟环境：

虚拟环境存在的意义只是为了将项目独立，使用虚拟环境的优势就是，该项目使用的第三方工具都需要在虚拟环境中使用pip命令安装，并且安装好的工具不影响系统已有的工具，同时系统中的其他项目也无法调用虚拟环境中安装的工具假如一个项目需要使用python2运行，而另一个项目使用python3运行，就会导致两个项目无法同时使用，虚拟环境就可以为这两个项目配置不同的运行环境，这样两个项目就可以同时运行解决一个机器运行多个项目的问题，创建多个python3虚拟环境。

python3是一个解释器，还有一个工具是pip，这个是安装模块用的。

python3程序代码在运行的时候必须下载一些软件才能运行，使用pip3安装。

pip3 install virtualenv

使用虚拟环境工具再创建一个python3解释器，用来允许代码：

cd /usr/local virtualenv --python=python3 jmp_venvl

激活虚拟python3.6:

source /usr/local/jmp_venvl/bin/activate # 详细操作步骤 [root@vm1 bin]# ll total 60 -rw-r--r-- 1 root root 2139 Nov 12 23:55 activate -rw-r--r-- 1 root root 1431 Nov 12 23:55 activate.csh -rw-r--r-- 1 root root 3016 Nov 12 23:55 activate.fish -rw-r--r-- 1 root root 2551 Nov 12 23:55 activate.nu -rw-r--r-- 1 root root 1754 Nov 12 23:55 activate.ps1 -rw-r--r-- 1 root root 1175 Nov 12 23:55 activate_this.py -rw-r--r-- 1 root root 682 Nov 12 23:55 deactivate.nu -rwxr-xr-x 1 root root 236 Nov 12 23:55 pip -rwxr-xr-x 1 root root 236 Nov 12 23:55 pip3 -rwxr-xr-x 1 root root 236 Nov 12 23:55 pip-3.6 -rwxr-xr-x 1 root root 236 Nov 12 23:55 pip3.6 lrwxrwxrwx 1 root root 32 Nov 12 23:55 python -> /usr/local/python3/bin/python3.6 lrwxrwxrwx 1 root root 6 Nov 12 23:55 python3 -> python lrwxrwxrwx 1 root root 6 Nov 12 23:55 python3.6 -> python -rwxr-xr-x 1 root root 223 Nov 12 23:55 wheel -rwxr-xr-x 1 root root 223 Nov 12 23:55 wheel3 -rwxr-xr-x 1 root root 223 Nov 12 23:55 wheel-3.6 -rwxr-xr-x 1 root root 223 Nov 12 23:55 wheel3.6 [root@vm1 bin]# source activate (jmp_venvl) [root@vm1 bin]# echo $PATH /usr/local/jmp_venvl/bin:/usr/local/python3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin (jmp_venvl) [root@vm1 bin]# which python3 /usr/local/jmp_venvl/bin/python3 (jmp_venvl) [root@vm1 bin]# ll total 60 -rw-r--r-- 1 root root 2139 Nov 12 23:55 activate -rw-r--r-- 1 root root 1431 Nov 12 23:55 activate.csh -rw-r--r-- 1 root root 3016 Nov 12 23:55 activate.fish -rw-r--r-- 1 root root 2551 Nov 12 23:55 activate.nu -rw-r--r-- 1 root root 1754 Nov 12 23:55 activate.ps1 -rw-r--r-- 1 root root 1175 Nov 12 23:55 activate_this.py -rw-r--r-- 1 root root 682 Nov 12 23:55 deactivate.nu -rwxr-xr-x 1 root root 236 Nov 12 23:55 pip -rwxr-xr-x 1 root root 236 Nov 12 23:55 pip3 -rwxr-xr-x 1 root root 236 Nov 12 23:55 pip-3.6 -rwxr-xr-x 1 root root 236 Nov 12 23:55 pip3.6 lrwxrwxrwx 1 root root 32 Nov 12 23:55 python -> /usr/local/python3/bin/python3.6 lrwxrwxrwx 1 root root 6 Nov 12 23:55 python3 -> python lrwxrwxrwx 1 root root 6 Nov 12 23:55 python3.6 -> python -rwxr-xr-x 1 root root 223 Nov 12 23:55 wheel -rwxr-xr-x 1 root root 223 Nov 12 23:55 wheel3 -rwxr-xr-x 1 root root 223 Nov 12 23:55 wheel-3.6 -rwxr-xr-x 1 root root 223 Nov 12 23:55 wheel3.6 (jmp_venvl) [root@vm1 bin]# deactivate # 最后使用deactivate命令退出当前环境

6）部署redis数据库：

[root@vm1 bin]# yum install -y redis [root@vm1 bin]# systemctl start redis [root@vm1 bin]# netstat -atunlp |grep redis tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN 31490/redis-server [root@vm1 bin]# [root@vm1 bin]# [root@vm1 bin]# redis-cli 127.0.0.1:6379> ping PONG 127.0.0.1:6379>

7）部署jumpserver服务：

一个后台程序，基本上都是需要依赖于数据库才能运行的，后台程序启动的时候，代码都会去连接数据库，保证数据库正确启动，且正确连接，否则后台程序是起不来的。

7.1 获取jumpserver程序代码：

https://github.com/jumpserver/jumpserver/releases/download/v2.1.0/jumpserver-v2.1.0.tar.gz

7.2 解压，安装运行jumpserver系统必须的依赖组件：

tar -zxvf jumpserver-v2.1.0.tar.gz #解压 ln -s /opt/jumpserver/jumpserver-v2.1.0 /opt/jumpserver/jumpserver #创建软连接便于使用

7.3 安装运行jumpserver所需要的模块：

cd /opt/jumpserver/jumpserver/requirements cat requirements.txt [root@vm1 jumpserver]# cd requirements/ [root@vm1 requirements]# ll total 24 -rw-rw-r-- 1 root root 141 Jul 16 2020 alpine_requirements.txt -rw-rw-r-- 1 root root 212 Jul 16 2020 deb_requirements.txt -rw-rw-r-- 1 root root 359 Jul 16 2020 issues.txt -rw-rw-r-- 1 root root 54 Jul 16 2020 mac_requirements.txt -rw-rw-r-- 1 root root 1854 Jul 16 2020 requirements.txt -rw-rw-r-- 1 root root 225 Jul 16 2020 rpm_requirements.txt [root@vm1 requirements]# cat requirements.txt amqp==2.5.2 ansible==2.8.8 asn1crypto==0.24.0 bcrypt==3.1.4 billiard==3.6.3.0 boto3==1.12.14 botocore==1.15.26 celery==4.4.2 certifi==2018.1.18 cffi==1.13.2 chardet==3.0.4 configparser==3.5.0 coreapi==2.3.3 coreschema==0.0.4 cryptography==2.8 decorator==4.1.2 Django==2.2.13 django-auth-ldap==1.7.0 django-bootstrap3==9.1.0 django-celery-beat==1.4.0 django-filter==2.0.0 django-formtools==2.1 django-ranged-response==0.2.0 django-redis-cache==2.1.1 django-rest-swagger==2.1.2 django-simple-captcha==0.5.6 django-timezone-field==3.1 djangorestframework==3.9.4 djangorestframework-bulk==0.2.1 docutils==0.14 ecdsa==0.13.3 enum-compat==0.0.2 ephem==3.7.6.0 eventlet==0.24.1 future==0.16.0 ForgeryPy==0.1 greenlet==0.4.14 gunicorn==19.9.0 idna==2.6 itsdangerous==0.24 itypes==1.1.0 Jinja2==2.10.1 jmespath==0.9.3 kombu==4.6.8 ldap3==2.4 MarkupSafe==1.1.1 mysqlclient==1.3.14 olefile==0.44 openapi-codec==1.3.2 paramiko==2.4.2 passlib==1.7.1 Pillow==6.2.2 pyasn1==0.4.8 pycparser==2.19 pycrypto==2.6.1 pyotp==2.2.6 PyNaCl==1.2.1 python-dateutil==2.6.1 python-gssapi==0.6.4 pytz==2018.3 PyYAML==5.1 redis==3.2.0 requests==2.22.0 jms-storage==0.0.29 s3transfer==0.3.3 simplejson==3.13.2 six==1.11.0 sshpubkeys==3.1.0 uritemplate==3.0.0 urllib3==1.25.2 vine==1.3.0 drf-yasg==1.9.1 Werkzeug==0.15.3 drf-nested-routers==0.91 aliyun-python-sdk-core-v3==2.9.1 aliyun-python-sdk-ecs==4.10.1 rest_condition==1.0.3 python-ldap==3.1.0 tencentcloud-sdk-python==3.0.40 django-radius==1.4.0 ipip-ipdb==1.2.1 django-redis-sessions==0.6.1 unicodecsv==0.14.1 python-daemon==2.2.3 httpsig==1.3.0 treelib==1.5.3 django-proxy==1.2.1 flower==0.9.3 channels-redis==2.4.0 channels==2.3.0 daphne==2.3.0 psutil==5.6.6 django-cas-ng==4.0.1 python-cas==1.5.0 ipython huaweicloud-sdk-python==1.0.21 django-redis==4.11.0 python-redis-lock==3.5.0 jumpserver-django-oidc-rp==0.3.7.5 [root@vm1 requirements]#

安装jumpserver模块，先要激活虚拟环境，然后再安装：

[root@vm1 requirements]# source /usr/local/jmp_venvl/bin/activate (jmp_venvl) [root@vm1 requirements]# which python3 /usr/local/jmp_venvl/bin/python3 (jmp_venvl) [root@vm1 requirements]#

安装模块：

# 更改pip3的下载源： mkdir ~/.pip touch ~/.pip/pip.conf [global] index-url = https://mirrors.aliyun.com/pypi/simple/ pip3 install -r /opt/jumpserver/jumpserver/requirements/requirements.txt

修改jumpserver程序运行的配置文件：

cd /opt/jumpserver/jumpserver/ config_example.yml #就是jumpserver的配置文件 cp config_example.yml config.yml #复制一份配置文件

生成密钥：

SECRET_KEY: BOOTSTRAP_TOKEN: if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50 ; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi

然后是修改配置文件：

配置文件修改完成。

8、对python程序进行数据迁移：

jump这个程序是由python的框架diango开发而来的，必须得先进行数据库迁移，生成库表得信息，才能运行程序。

注意：所有操作必须在虚拟环境中进行！

8.1 查看数据库：

(jmp_venvl) [root@vm1 jumpserver]# mysql -uroot -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 5 Server version: 5.6.49 MySQL Community Server (GPL) Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> mysql> mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | jumpserver | | mysql | | performance_schema | | test | +--------------------+ 5 rows in set (0.00 sec) mysql> use jumpserver Database changed mysql> show tables; Empty set (0.00 sec) mysql> mysql> mysql> mysql> exit Bye

8.2 jumpserver后台程序，数据库迁移命令：

(jmp_venvl) [root@vm1 jumpserver]# cd apps (jmp_venvl) [root@vm1 apps]# ll total 16 drwxrwxr-x 7 root root 178 Jul 16 2020 applications drwxrwxr-x 10 root root 248 Jul 16 2020 assets drwxrwxr-x 4 root root 247 Jul 16 2020 audits drwxrwxr-x 8 root root 325 Jul 16 2020 authentication drwxrwxr-x 12 root root 4096 Jul 16 2020 common -rw-rw-r-- 1 root root 48 Jul 16 2020 __init__.py drwxrwxr-x 4 root root 227 Jul 16 2020 jumpserver drwxrwxr-x 3 root root 16 Jul 16 2020 locale -rwxrwxr-x 1 root root 887 Jul 16 2020 manage.py drwxrwxr-x 11 root root 307 Jul 16 2020 ops drwxrwxr-x 5 root root 276 Jul 16 2020 orgs drwxrwxr-x 9 root root 247 Jul 16 2020 perms drwxrwxr-x 7 root root 204 Jul 16 2020 settings drwxrwxr-x 6 root root 51 Jul 16 2020 static drwxrwxr-x 4 root root 4096 Jul 16 2020 templates drwxrwxr-x 9 root root 291 Jul 16 2020 terminal drwxrwxr-x 7 root root 248 Jul 16 2020 tickets drwxrwxr-x 13 root root 316 Jul 16 2020 users (jmp_venvl) [root@vm1 apps]# pwd /opt/jumpserver/jumpserver/apps (jmp_venvl) [root@vm1 apps]#

8.3 文件夹中有个manage.py的命令：

这个manage.py是python的脚本文件，是python程序后台设置的入口，我们用python3执行这个脚本文件，并加上参数makemigrations (jmp_venvl) [root@vm1 apps]# python3 /opt/jumpserver/jumpserver/apps/manage.py makemigrations Migrations for 'tickets': tickets/migrations/0002_auto_20221113_0131.py - Alter field type on ticket (jmp_venvl) [root@vm1 apps]#

8.4 数据库迁移命令：

(jmp_venvl) [root@vm1 apps]# python3 /opt/jumpserver/jumpserver/apps/manage.py migrate Operations to perform: Apply all migrations: admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, ops, orgs, perms, sessions, settings, terminal, tickets, users Running migrations: Applying contenttypes.0001_initial... OK Applying contenttypes.0002_remove_content_type_name... OK Applying auth.0001_initial... OK Applying auth.0002_alter_permission_name_max_length... OK Applying auth.0003_alter_user_email_max_length... OK Applying auth.0004_alter_user_username_opts... OK Applying auth.0005_alter_user_last_login_null... OK Applying auth.0006_require_contenttypes_0002... OK Applying auth.0007_alter_validators_add_error_messages... OK Applying auth.0008_alter_user_username_max_length... OK Applying users.0001_initial... OK Applying admin.0001_initial... OK Applying admin.0002_logentry_remove_auto_add... OK Applying admin.0003_logentry_add_action_flag_choices... OK Applying users.0002_auto_20171225_1157_squashed_0019_auto_20190304_1459... OK Applying assets.0001_initial... OK Applying perms.0001_initial... OK Applying assets.0002_auto_20180105_1807_squashed_0009_auto_20180307_1212... OK Applying assets.0010_auto_20180307_1749_squashed_0019_auto_20180816_1320... OK Applying perms.0002_auto_20171228_0025_squashed_0009_auto_20180903_1132... OK Applying perms.0003_action... OK Applying perms.0004_assetpermission_actions... OK Applying assets.0020_auto_20180816_1652... OK Applying assets.0021_auto_20180903_1132... OK Applying assets.0022_auto_20181012_1717... OK Applying assets.0023_auto_20181016_1650... OK Applying assets.0024_auto_20181219_1614... OK Applying assets.0025_auto_20190221_1902... OK Applying assets.0026_auto_20190325_2035... OK Applying applications.0001_initial... OK Applying perms.0005_auto_20190521_1619... OK Applying perms.0006_auto_20190628_1921... OK Applying perms.0007_remove_assetpermission_actions... OK Applying perms.0008_auto_20190911_1907... OK Applying assets.0027_auto_20190521_1703... OK Applying assets.0028_protocol... OK Applying assets.0029_auto_20190522_1114... OK Applying assets.0030_auto_20190619_1135... OK Applying assets.0031_auto_20190621_1332... OK Applying assets.0032_auto_20190624_2108... OK Applying assets.0033_auto_20190624_2108... OK Applying assets.0034_auto_20190705_1348... OK Applying assets.0035_auto_20190711_2018... OK Applying assets.0036_auto_20190716_1535... OK Applying assets.0037_auto_20190724_2002... OK Applying assets.0038_auto_20190911_1634... OK Applying perms.0009_remoteapppermission_system_users... OK Applying applications.0002_remove_remoteapp_system_user... OK Applying applications.0003_auto_20191210_1659... OK Applying applications.0004_auto_20191218_1705... OK Applying assets.0039_authbook_is_active... OK Applying assets.0040_auto_20190917_2056... OK Applying assets.0041_gathereduser... OK Applying assets.0042_favoriteasset... OK Applying assets.0043_auto_20191114_1111... OK Applying assets.0044_platform... OK Applying assets.0045_auto_20191206_1607... OK Applying assets.0046_auto_20191218_1705... OK Applying assets.0047_assetuser... OK Applying assets.0048_auto_20191230_1512... OK Applying assets.0049_systemuser_sftp_root... OK Applying assets.0050_auto_20200711_1740... OK Applying assets.0051_auto_20200713_1143... OK Applying assets.0052_auto_20200715_1535... OK Applying audits.0001_initial... OK Applying audits.0002_ftplog_org_id... OK Applying audits.0003_auto_20180816_1652... OK Applying audits.0004_operatelog_passwordchangelog_userloginlog... OK Applying audits.0005_auto_20190228_1715... OK Applying audits.0006_auto_20190726_1753... OK Applying audits.0007_auto_20191202_1010... OK Applying audits.0008_auto_20200508_2105... OK Applying audits.0009_auto_20200624_1654... OK Applying auth.0009_alter_user_last_name_max_length... OK Applying auth.0010_alter_group_name_max_length... OK Applying auth.0011_update_proxy_permissions... OK Applying authentication.0001_initial... OK Applying authentication.0002_auto_20190729_1423... OK Applying authentication.0003_loginconfirmsetting... OK Applying captcha.0001_initial... OK Applying common.0001_initial... OK Applying common.0002_auto_20180111_1407... OK Applying common.0003_setting_category... OK Applying common.0004_setting_encrypted... OK Applying common.0005_auto_20190221_1902... OK Applying common.0006_auto_20190304_1515... OK Applying django_cas_ng.0001_initial... OK Applying django_celery_beat.0001_initial... OK Applying django_celery_beat.0002_auto_20161118_0346... OK Applying django_celery_beat.0003_auto_20161209_0049... OK Applying django_celery_beat.0004_auto_20170221_0000... OK Applying django_celery_beat.0005_add_solarschedule_events_choices_squashed_0009_merge_20181012_1416... OK Applying django_celery_beat.0006_periodictask_priority... OK Applying jms_oidc_rp.0001_initial... OK Applying ops.0001_initial... OK Applying ops.0002_celerytask... OK Applying ops.0003_auto_20181207_1744... OK Applying ops.0004_adhoc_run_as... OK Applying ops.0005_auto_20181219_1807... OK Applying ops.0006_auto_20190318_1023... OK Applying ops.0007_auto_20190724_2002... OK Applying ops.0008_auto_20190919_2100... OK Applying ops.0009_auto_20191217_1713... OK Applying ops.0010_auto_20191217_1758... OK Applying ops.0011_auto_20200106_1534... OK Applying ops.0012_auto_20200108_1659... OK Applying ops.0013_auto_20200108_1706... OK Applying ops.0014_auto_20200108_1749... OK Applying ops.0015_auto_20200108_1809... OK Applying ops.0016_commandexecution_org_id... OK Applying ops.0017_auto_20200306_1747... OK Applying ops.0018_auto_20200509_1434... OK Applying orgs.0001_initial... OK Applying orgs.0002_auto_20180903_1132... OK Applying orgs.0003_auto_20190916_1057... OK Applying users.0020_auto_20190612_1825... OK Applying users.0021_auto_20190625_1104... OK Applying users.0022_auto_20190625_1105... OK Applying users.0023_auto_20190724_1525... OK Applying users.0024_auto_20191118_1612... OK Applying perms.0010_auto_20191218_1705... OK Applying sessions.0001_initial... OK Applying settings.0001_initial... OK Applying terminal.0001_initial... OK Applying terminal.0002_auto_20171228_0025_squashed_0009_auto_20180326_0957... OK Applying terminal.0010_auto_20180423_1140... OK Applying terminal.0011_auto_20180807_1116... OK Applying terminal.0012_auto_20180816_1652... OK Applying terminal.0013_auto_20181123_1113... OK Applying terminal.0014_auto_20181226_1441... OK Applying terminal.0015_auto_20190923_1529... OK Applying terminal.0016_commandstorage_replaystorage... OK Applying terminal.0017_auto_20191125_0931... OK Applying terminal.0018_auto_20191202_1010... OK Applying terminal.0019_auto_20191206_1000... OK Applying terminal.0020_auto_20191218_1721... OK Applying terminal.0021_auto_20200213_1316... OK Applying terminal.0022_session_is_success... OK Applying terminal.0023_command_risk_level... OK Applying terminal.0024_auto_20200715_1713... OK Applying tickets.0001_initial... OK Applying tickets.0002_auto_20221113_0131... OK Applying users.0025_auto_20200206_1216... OK Applying users.0026_auto_20200508_2105... OK Applying users.0027_auto_20200616_1503... OK

8.5 验证数据库中的数据：

数据库迁移就完成。

9、启动jumpserver服务：

(jmp_venvl) [root@vm1 jumpserver]# ll total 84 drwxrwxr-x 18 root root 285 Jul 16 2020 apps -rw-rw-r-- 1 root root 4190 Jul 16 2020 config_example.yml -rw-r--r-- 1 root root 4264 Nov 13 01:04 config.yml drwxrwxr-x 3 root root 35 Jul 16 2020 data -rw-rw-r-- 1 root root 1164 Jul 16 2020 Dockerfile drwxrwxr-x 2 root root 23 Jul 16 2020 docs -rwxrwxr-x 1 root root 303 Jul 16 2020 entrypoint.sh -rwxrwxr-x 1 root root 15008 Jul 16 2020 jms -rw-rw-r-- 1 root root 18045 Jul 16 2020 LICENSE drwxrwxr-x 2 root root 63 Nov 13 01:31 logs -rw-rw-r-- 1 root root 3172 Jul 16 2020 README_EN.md -rw-rw-r-- 1 root root 7950 Jul 16 2020 README.md drwxrwxr-x 2 root root 163 Jul 16 2020 requirements -rw-rw-r-- 1 root root 212 Jul 16 2020 run_server.py drwxrwxr-x 2 root root 22 Jul 16 2020 tmp drwxrwxr-x 3 root root 4096 Jul 16 2020 utils -rw-rw-r-- 1 root root 1969 Jul 16 2020 Vagrantfile (jmp_venvl) [root@vm1 jumpserver]# jms start -d -bash: jms: command not found (jmp_venvl) [root@vm1 jumpserver]# ./jms start -d 2022-11-13 01:38:43 Sun Nov 13 01:38:43 2022 2022-11-13 01:38:43 Jumpserver version v2.1.0, more see https://www.jumpserver.org - Start Gunicorn WSGI HTTP Server 2022-11-13 01:38:43 Check database connection ... users [X] 0001_initial [X] 0002_auto_20171225_1157_squashed_0019_auto_20190304_1459 (18 squashed migrations) [X] 0020_auto_20190612_1825 [X] 0021_auto_20190625_1104 [X] 0022_auto_20190625_1105 [X] 0023_auto_20190724_1525 [X] 0024_auto_20191118_1612 [X] 0025_auto_20200206_1216 [X] 0026_auto_20200508_2105 [X] 0027_auto_20200616_1503 2022-11-13 01:38:45 Database connect success 2022-11-13 01:38:45 Check database structure change ... 2022-11-13 01:38:45 Migrate model change to database ... Operations to perform: Apply all migrations: admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, ops, orgs, perms, sessions, settings, terminal, tickets, users Running migrations: No migrations to apply. 2022-11-13 01:38:48 Collect static files 2022-11-13 01:38:50 Collect static files done - Start Celery as Distributed Task Queue: Ansible - Start Celery as Distributed Task Queue: Celery

浏览器登录http://192.168.17.102:8080访问页面：

11、部署koko组件：

实现了SSH Server 和Web Terminal Server 的组件，提供 SSH 和 WebSocket 接口，使用 Paramiko 和 Flask 开发。koko是用golang编程语言开发的一个组件，和之前的coco组件相比（python开发的）相比而言，性能，效率，系统资源利用率都更高。

11.1 下载koko源码：

wget https://github.com/jumpserver/koko/releases/download/v2.1.0/koko-v2.1.0-linux-amd64.tar.gz

11.2 解压缩，并配置文件：

tar zxvf koko-v2.1.0-linux-amd64.tar.gz #解压 chown -R root:root koko-v2.1.0-linux-amd64 #更改权限，使权限最大化 ln -s /opt/jumpserver/koko-v2.1.0-linux-amd64 /opt/jumpserver/koko #创建软连接 cd koko cp config_example.yml config.yml vim config.yml

11.3 启动koko程序：

(jmp_venvl) [root@vm1 koko]# ll total 34692 -rw-r--r-- 1 root root 2022 Jul 16 2020 config_example.yml -rw-r--r-- 1 root root 1996 Nov 13 01:57 config.yml -rwxr-xr-x 1 root root 35516174 Jul 16 2020 koko drwxr-xr-x 4 root root 32 Jul 16 2020 locale drwxr-xr-x 5 root root 42 Jul 16 2020 static drwxr-xr-x 4 root root 33 Jul 16 2020 templates (jmp_venvl) [root@vm1 koko]# ./koko -d (jmp_venvl) [root@vm1 koko]# netstat -atunlp |grep koko tcp6 0 0 :::5000 :::* LISTEN 34397/./koko tcp6 0 0 :::2222 :::* LISTEN 34397/./koko (jmp_venvl) [root@vm1 koko]#

11.4 查看日志信息：

(jmp_venvl) [root@vm1 koko]# tail /opt/jumpserver/koko/data/logs/koko.log 2022-11-13 01:57:26 [DEBU] Load config from server: {"SECURITY_MAX_IDLE_TIME":30,"TERMINAL_ASSET_LIST_PAGE_SIZE":"auto","TERMINAL_ASSET_LIST_SORT_BY":"hostname","TERMINAL_COMMAND_STORAGE":{"TYPE":"server"},"TERMINAL_HEADER_TITLE":null,"TERMINAL_HEARTBEAT_INTERVAL":20,"TERMINAL_HOST_KEY":"Hidden","TERMINAL_PASSWORD_AUTH":true,"TERMINAL_PUBLIC_KEY_AUTH":true,"TERMINAL_REPLAY_STORAGE":{"TYPE":"server"},"TERMINAL_SESSION_KEEP_DURATION":9999,"TERMINAL_TELNET_REGEX":""} 2022-11-13 01:57:26 [INFO] Exchange share room type: local 2022-11-13 01:57:26 [DEBU] Upload remain replay done 2022-11-13 01:57:26 [INFO] Start HTTP server at 0.0.0.0:5000 2022-11-13 01:57:26 [DEBU] Loading host key 2022-11-13 01:57:26 [INFO] Start SSH server at 0.0.0.0:2222 (jmp_venvl) [root@vm1 koko]#

12、Guacamole部署：

Apache 跳板机项目，jumpserver使用其组件实现RDP（Remote Desktops）功能，jumpserver 并没有修改其代码而是添加了额外的插件，支持jumpserver调用（RDP就是通过浏览器操控机器，提供远程桌面的功能）

这块我从网上一时没有找到源码包，但是从别的地方看到有使用docker部署的方法，那么先安装docker，然后使用命令：

docker run --name jms_guacamole -d \ -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \ -e JUMPSERVER_KEY_DIR=/config/guacamole/key \ -e JUMPSERVER_SERVER=http://192.168.17.102 \ jumpserver/guacamole:latest

说明：这边的IP地址修改为本机的IP地址，不要使用127.0.0.1。

(jmp_venvl) [root@vm1 opt]# docker run --name jms_guacamole -d \ > -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \ > -e JUMPSERVER_KEY_DIR=/config/guacamole/key \ > -e JUMPSERVER_SERVER=http://192.168.17.102 \ > jumpserver/guacamole:latest Unable to find image 'jumpserver/guacamole:latest' locally latest: Pulling from jumpserver/guacamole c5e155d5a1d1: Pull complete 221d80d00ae9: Pull complete 4250b3117dca: Pull complete d1370422ab93: Pull complete deb6b03222ca: Pull complete 9cdea8d70cc3: Pull complete 968505be14db: Pull complete 04b5c270ac81: Pull complete 301d76fcab1f: Pull complete f4d49608235a: Pull complete f4c6404fd6f8: Pull complete b3d634c293dc: Pull complete 59feba32edfc: Pull complete 3591b5ce56e8: Pull complete 2a8292bdcbf2: Pull complete d5f5432c90f8: Pull complete c9400839eff5: Pull complete e81f9d620940: Pull complete 6d004d1b3f53: Pull complete 6abed3ffb3e9: Pull complete 1f9a7c8311d9: Pull complete 8ba7fcee9d26: Pull complete edcf7e09354c: Pull complete a4dffb9c676f: Pull complete 7c333102034c: Pull complete 82bc921d7051: Pull complete Digest: sha256:064b60c1d60654ed1a11053b2df3667526e32df4836cf5ce5e3b274e384457f5 Status: Downloaded newer image for jumpserver/guacamole:latest f7a93641d8ee6b161fa7300a8e2cb3e53f67526ac321b0e4787eab48d0989060 (jmp_venvl) [root@vm1 opt]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f7a93641d8ee jumpserver/guacamole:latest "/init" 6 seconds ago Up 4 seconds 0.0.0.0:8081->8080/tcp, :::8081->8080/tcp jms_guacamole (jmp_venvl) [root@vm1 opt]# (jmp_venvl) [root@vm1 opt]# (jmp_venvl) [root@vm1 opt]# docker ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES f7a93641d8ee jumpserver/guacamole:latest "/init" 10 seconds ago Up 8 seconds 0.0.0.0:8081->8080/tcp, :::8081->8080/tcp jms_guacamole (jmp_venvl) [root@vm1 opt]#

13、安装FFmpeg工具：

一个在不同格式的多媒体文件之间转换的命令行工具，视频文件转换命令行工具,也支持经过实时电视卡抓取和编码成视频文件。就是在linux平台用来处理媒体文件，比如音频、视频。

13.1 安装epel源：

yum install -y epel-release

13.2 在线安装ffmpeg一些软件包：

rpm -v --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm

13.3 安装

yum -y install ffmpeg ffmpeg-devell

13.4 查看版本：

ffmpeg -version

14、LINA组件部署：

LINA属于前端模块，负责页面的展示。

14.1 下载LINA组件：

wget https://github.com/jumpserver/lina/releases/download/v2.1.0/lina-v2.1.0.tar.gz

14.2 解压缩：

tar zxvf lina-v2.1.0.tar.gz

14.3

mv lina-v2.1.0 lina #改名字方便使用 useradd -M -s /sbin/nologin nginx #没有nginx用户，创建一个 chown -R nginx:nginx lina #改变属主属组，归nginx管理 (jmp_venvl) [root@vm1 opt]# ll total 1904 drwx--x--x 4 root root 28 Nov 13 02:29 containerd drwxr-xr-x 3 root root 17 Nov 13 02:33 guacamole drwxr-xr-x 4 root root 162 Nov 13 01:52 jumpserver drwxr-xr-x 3 root root 57 Jul 16 2020 lina-v2.1.0 -rw-r--r-- 1 root root 1949232 Dec 7 2021 lina-v2.1.0.tar.gz (jmp_venvl) [root@vm1 opt]# mv lina-v2.1.0 lina (jmp_venvl) [root@vm1 opt]# ll total 1904 drwx--x--x 4 root root 28 Nov 13 02:29 containerd drwxr-xr-x 3 root root 17 Nov 13 02:33 guacamole drwxr-xr-x 4 root root 162 Nov 13 01:52 jumpserver drwxr-xr-x 3 root root 57 Jul 16 2020 lina -rw-r--r-- 1 root root 1949232 Dec 7 2021 lina-v2.1.0.tar.gz (jmp_venvl) [root@vm1 opt]# useradd -M -s /sbin/nologin nginx (jmp_venvl) [root@vm1 opt]# chown -R nginx:nginx lina (jmp_venvl) [root@vm1 opt]# ll total 1904 drwx--x--x 4 root root 28 Nov 13 02:29 containerd drwxr-xr-x 3 root root 17 Nov 13 02:33 guacamole drwxr-xr-x 4 root root 162 Nov 13 01:52 jumpserver drwxr-xr-x 3 nginx nginx 57 Jul 16 2020 lina -rw-r--r-- 1 root root 1949232 Dec 7 2021 lina-v2.1.0.tar.gz (jmp_venvl) [root@vm1 opt]#

15、Luna组件部署：

Luna是Web Terminal 前端，计划前端页面都是由该项目提供，jumpserver 只提供API,不负责后台渲染html等，与CORE协同工作，能够实现浏览器形式的命令行终端。

15.1 下载Luna组件：

wget https://github.com/jumpserver/luna/releases/download/v2.1.1/luna-v2.1.1.tar.gz

15.2 解压缩：

tar -zxvf luna-v2.1.1.tar.gz #进行解压

15.3

mv luna-v2.1.1 luna #改名 chown -R root:root luna #给与权限

16、部署Nginx：

Nginx作用在处理静态文件，以及用于对jumpserver后台程序的反向代理。

先要跳出虚拟环境：deactivate:

16.1 配置nginx源：

vim /etc/yum.repos.d/nginx.repo [nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/7/$basearch/ gpgcheck=0 enabled=1

16.2 yum 安装nginx：

yum install -y nginx

16.3 准备配置文件：

cd /etc/nginx cp nginx.conf nginx.conf.bak

16.4 编辑配置文件：

# For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; # Load dynamic modules. See /usr/share/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; # Settings for a TLS enabled server. # # server { # listen 443 ssl http2 default_server; # listen [::]:443 ssl http2 default_server; # server_name _; # root /usr/share/nginx/html; # # ssl_certificate "/etc/pki/nginx/server.crt"; # ssl_certificate_key "/etc/pki/nginx/private/server.key"; # ssl_session_cache shared:SSL:1m; # ssl_session_timeout 10m; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # # # Load configuration files for the default server block. # include /etc/nginx/default.d/*.conf; # # location / { # } # # error_page 404 /404.html; # location = /40x.html { # } # # error_page 500 502 503 504 /50x.html; # location = /50x.html { # } # } }

16.5 新增虚拟主机配置文件jumpserver.conf

cd conf.d/ vim jumpserver.conf server { listen 80; # 代理端口，以后将通过此端口进行访问，不再通过8080端口 server_name demo.jumpserver.com; # 修改成你的域名 client_max_body_size 100m; # 录像及文件上传大小限制 location /luna/ { try_files $uri / /index.html; alias /opt/luna/; # luna 路径，如果修改安装目录，此处需要修改 } location /media/ { add_header Content-Encoding gzip; root /opt/jumpserver/data/; # 录像位置，如果修改安装目录，此处需要修改 } location /static/ { root /opt/jumpserver/data/; # 静态资源，如果修改安装目录，此处需要修改 } location /socket.io/ { proxy_pass http://192.168.135.135:5000/socket.io/; # 如果coco安装在别的服务器，请填写它的ip proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location /coco/ { proxy_pass http://192.168.135.135:5000/coco/; # 如果coco安装在别的服务器，请填写它的ip proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location /guacamole/ { proxy_pass http://192.168.135.135:8081/; # 如果guacamole安装在别的服务器，请填写它的ip proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location / { proxy_pass http://192.168.135.135:8080; # 如果jumpserver安装在别的服务器，请填写它的ip proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }

16.6 检测配置文件并运行nginx：

nginx -t systemctl enable nginx systemctl start nginx

17、开始使用jumpserver：

source /usr/local/jmp_venvl/bin/activate

该部署目前测试下来还有问题。还要进一步检查。

Original: https://blog.csdn.net/chang_chunhua/article/details/127816092Author: CCH2023Title: JumpServer手动部署

相关阅读 Title: 知识图谱学习笔记八（知识问答）知识问答 *[En]*

知识问答的基本要素

1.问题，也就是问答系统的输入。（问句、选择、填空等）

2.答案，也就是问答系统的输出。

3.智能体，也就是问答系统的执行者。(需要理解问题的语义，掌握并使用知识库解答问题)

4.知识库，存储问答系统的知识。

搜索与知识问答的差异：

1.搜素以文档来承载答案，用户需要通过阅读文档来发现答案，而问答直接返回答案。

2.搜索主要是通过关键词而不是完整的句子来搜索，需要一定的搜索技巧；而问答则会尝试理解不同的自然语言表达方式的语义，形成知识查询。

3.当用户的问题复杂时，搜索是需要多个页面去查询得到答案。知识问答不需要。

知识问答的应用场景

1.知识问答可以直接嵌入搜索引擎的结果页面，将问答的答案与搜索结果列表同事展示。

2.智能对话系统、智能客服。

3.阅读理解。

知识问答的分类体系

根据知识问答系统四大要素（问题、答案、知识库、智能体）

问题与答案类型

*[En]*

基于功能的问题分类体系：事实、列表、原因、解决方案、定义、导航等。

面向知识图谱问答的构建：事实性客观问题和主观深层次问题。

知识库类型

知识库的内容边界：领域相关的问答、领域无关的问答。

*[En]*

智能体类型

*[En]*

早期的问答系统（NLIDB）

1.基于模式匹配（直接将问题映射到查询语句）

2.基于语法解析（将复杂的语义转换成逻辑表达式）

基于信息检索的问答系统（IRQA）

参考斯坦福的基本架构，大致分为三阶段：问题处理、段落检索与排序、答案处理。

问题处理：要明确知识检索的过滤条件（即问句转换成关键字搜索）和答案类型判定。

段落检索与排序：基于提取出的关键词进行进行信息检索，对检索出的文档先排序，然后分割成合适的段落，并对段落进行再排序，找到最优答案。

答案处理：根据排序后的段落结合定义的答案类型抽取答案，形成答案候选集；最终对答案候选集进行排序，返回最优解。

基于知识库的问答系统（KBQA）

基于知识图谱解答问题的问答系统。

KBQA的核心问题Question2Query是找到从用户问题到知识图谱子图的最合理的映射。

Question2Query的四个关键步骤：

问题分析:主要利用词典、词性分析、分词、实体识别、语法解析树分析、句法依存关系分析等传统NLP技术提取问题的结构特征，并基于机器学习和规则提取分析句子的类型和答案类型。

2.词汇关联：主要是针对问题分析阶段尚未形成实体链接的部分形成与知识库的链接，包括关系属性、描述属性、实体分类的链接。

3.歧义消解：包括对候选的词汇、查询表达式的排序选优和通过语义的容斥关系去掉不可能的组合。

4.构建查询：基于问题解析结果，可以通过自定义转化规则或者特定语义模型与语法规则将问题转化成查询语言表达式，形成对知识库的查询，如 SPARQL。

基于问答对匹配的问答系统

基于常见的问答对以及社区问答都依赖搜索问答FAQ库（问答对集合）来发现以前问过的类似问题，并将找到的问答对的答案返回给用户；主要核心还是计算问题之间的语义相似性。

混合问答系统框架

将高度结构化的领域数据和相关的文本领域知识相互结合的混合框架，如：DeepQA、QALD-Hybrid-QA、Frankenstein等

问答系统的评价指标

功能评价指标

分为 6个角度：正确性、精确度、完整性、可解释性、用户友好性、其他评价维度

性能评价指标

问答系统的响应时间（一般控制在1s以内）

问答系统的故障率

问答系统的评价数据集

1. TREC QA （评价IRQA）：主要针对基于搜索的问答系统解决方案。

2. TREC LIVE QA （评价CQA社区问答）：主要是针对CQA社区问答解决方案的评价体系

3. QALD (评价KBQA)：是指链接数据的问答系统评测，为自然语言问题转化成可用的SPARQL查询以及基于语义万维网标准的知识推理提供了一系列的评价体系和测试数据集。

4. SQuAD（评价端到端的问答系统解决方案）：是斯坦福大学推出的一个大规模阅读理解数据集。

5. Quora QA (评价问题相似度计算)

6. SemEval (词义消歧评测)：SemEval是一个技术竞赛，主要包括推特情感与创造性语句分析、实体关联、信息抽取、词汇语义学以及阅读理解与推理等几方面内容。

现有的自然语言理解技术在处理自然语言的歧义性和复杂性方面还比较薄弱；

此类系统需要大量的领域知识来理解自然语言问题，一般需要人工输入；一些系统需要开发一个专用某个领域的基于句法或者语义的语法分析器或者引入一个用户词典或者映射规则等。

使用Elasticsearch搭建知识问答系统

基于gAnswer构建中英文知识问答系统

Original: https://blog.csdn.net/liuhuabing760596103/article/details/119681984Author: 犀利哗啦760596103Title: 知识图谱学习笔记八（知识问答）

原创文章受到原创版权保护。转载请注明出处：https://www.johngo689.com/212334/

转载文章受原作者版权保护。转载请注明原作者出处！

【本文地址】

公司简介

联系我们