暂无图片
暂无图片
暂无图片
暂无图片
暂无图片
首页 / jumpserver升级

jumpserver升级

云时代IT运维 2021-02-01
705

jumpserver v2.4.5 迁移升级

  差不多一年没有更新微信公众号了。自从今年从深圳回到西安,由于刚换了新的工作,需要熟悉环境,需要和新的同事打交道。2021年继续更新技术公众号,将通过技术公众号持续发布运维领域的专业技术和方案。包括K8S容器、CI/CD、中间件等;今天先将前段时间升级的jumpserver总结分享给大家;

前置条件

操作系统centos 7.6mysql 5.7redis >= 3.0docker-ce

一 导入数据

1 从原有的mysql导出jumpserver库。

mysqldump -hx.x.x.x -P3306 -ujumpserver -p jumpserver > /opt/jumpserver.sql

2 检查数据库字符集

if grep -q 'COLLATE=utf8_bin' /opt/jumpserver.sql; then
    echo "备份数据库字符集正确";
else
    cp /opt/jumpserver.sql /opt/jumpserver_bak.sql
    sed -i 's@CHARSET=utf8;@CHARSET=utf8 COLLATE=utf8_bin;@g' /opt/jumpserver.sql
fi

3 在新建的mysql上创建jumpsever库

create database jumpserver;                                      //创建数据库
alter database jumpserver character set utf8 collate utf8_bin;                     //修改字符集
CREATE USER 'jumpserver'@'%' IDENTIFIED BY '111111'; 
grant all privileges on jumpserver.* to 'jumpserver'@'%';

4 导入数据

mysql -hx.x.x.x  -uroot -p  jumpserver <  /tmp/jumpserver.sql           //提前把jumpserer.sql复制到新安装机器上

二 安装jumpserve

1 下载jumpserver-install

cd /opt;wget https://github.com/jumpserver/installer/releases/download/v2.6.2/jumpserver-installer-v2.6.2.tar.gz
tar -xf jumpserver-installer-v2.6.2.tar.gz;cd jumpserver-installer-v2.6.2
vi config-example.txt
# 修改下面选项, 其他保持默认
### 注意: SECRET_KEY 与旧版本不一致, 加密的数据将无法解密


# Core 配置
### 启动后不能再修改,否则密码等等信息无法解密
SECRET_KEY=                           # 从旧版本的配置文件获取后填入
BOOTSTRAP_TOKEN=                      # 从旧版本的配置文件获取后填入
LOG_LEVEL=ERROR
# SESSION_COOKIE_AGE=86400
SESSION_EXPIRE_AT_BROWSER_CLOSE=true  # 关闭浏览器后 session 过期

2 下载core镜像

export DOCKER_IMAGE_PREFIX=docker.mirrors.ustc.edu.cn
docker pull jumpserver/core:2.4.5             
docker tag jumpserver/core:2.4.5 jumpserver/core:v2.4.5    //core镜像版本号没有v,需要重新制作tag
//建议直接导入所有镜像包,下载可能会比较慢

3 指定安装版本v2.4.5

cd /opt/jumpserver-installer-v2.6.2;cat static.env
export VERSION="v2.4.5"                            //版本修改为v2.4.5,默认应该是v2.6.2

4 生成配置到/opt/jumpserver

./jmsctl.sh install                 //安装完后,先不启动

5 修改koko配置

vim /opt/jumpserver/config/koko/config.yml
# 项目名称, 会用来向Jumpserver注册, 识别而已, 不能重复
# NAME: {{ Hostname }}


# Jumpserver项目的url, api请求注册会使用
CORE_HOST: http://core:8080


# Bootstrap Token, 预共享秘钥, 用来注册coco使用的service account和terminal
# 请和jumpserver 配置文件中保持一致,注册完成后可以删除
BOOTSTRAP_TOKEN: hhhhhhhhhhhhhhhh                    // 从旧版本的配置文件获取后填入


# 启动时绑定的ip, 默认 0.0.0.0
# BIND_HOST: 0.0.0.0


# 监听的SSH端口号, 默认2222
# SSHD_PORT: 2222


# 监听的HTTP/WS端口号,默认5000
# HTTPD_PORT: 5000


# 项目使用的ACCESS KEY, 默认会注册,并保存到 ACCESS_KEY_STORE中,
# 如果有需求, 可以写到配置文件中, 格式 access_key_id:access_key_secret
# ACCESS_KEY: null


# ACCESS KEY 保存的地址, 默认注册后会保存到该文件中
# ACCESS_KEY_FILE: data/keys/.access_key


# 设置日志级别 [DEBUG, INFO, WARN, ERROR, FATAL, CRITICAL]
# LOG_LEVEL: INFO


# SSH连接超时时间 (default 15 seconds)
# SSH_TIMEOUT: 15


# 语言 [en,zh]
# LANGUAGE_CODE: zh


# SFTP的根目录, 可选 /tmp, Home其他自定义目录
# SFTP_ROOT: /tmp


# SFTP是否显示隐藏文件
# SFTP_SHOW_HIDDEN_FILE: false


# 是否复用和用户后端资产已建立的连接(用户不会复用其他用户的连接)
# REUSE_CONNECTION: true


# 资产加载策略, 可根据资产规模自行调整. 默认异步加载资产, 异步搜索分页; 如果为all, 则资产全部加载, 本地搜索分页.
# ASSET_LOAD_POLICY:


# zip压缩的最大额度 (单位: M)
# ZIP_MAX_SIZE: 1024M


# zip压缩存放的临时目录 /tmp
# ZIP_TMP_PATH: /tmp


# 向 SSH Client 连接发送心跳的时间间隔 (单位: 秒),默认为30, 0则表示不发送
# CLIENT_ALIVE_INTERVAL: 30


# 向资产发送心跳包的重试次数,默认为3
# RETRY_ALIVE_COUNT_MAX: 3


# 会话共享使用的类型 [local, redis], 默认local
# SHARE_ROOM_TYPE: local


# Redis配置
REDIS_HOST: 1.1.1.1                        //指定redis地址
REDIS_PORT: 6379
REDIS_PASSWORD: 123456
# REDIS_CLUSTERS:
# REDIS_DB_ROOM:

修改compose文件

vim /opt/jumpserver-installer-v2.6.2/compose/docker-compose-task.yml
version: '2.2'


services:
  celery:
    image: jumpserver/core:${VERSION}
    container_name: jms_celery
    restart: always
    tty: true
    command: task                       //删除start
    depends_on:
      core:
        condition: service_healthy
    env_file:


   - ${CONFIG_FILE}
     vironment:
        - SERVER_HOSTNAME=${HOSTNAME}
          lumes:
             - ${VOLUME_DIR}/core/data:/opt/jumpserver/data
               ${VOLUME_DIR}/core/logs:/opt/jumpserver/logs
                   healthcheck:
                     test: "cd /opt/jumpserver/apps && python manage.py check" //删除celery
                     interval: 30s
                     timeout: 20s
                     retries: 3
                   networks:
                  - net
vim /opt/jumpserver-installer-v2.6.2/compose/docker-compose-app.yml
version: '2.2'


services:
  nginx:
    image: jumpserver/nginx:alpine2
    container_name: jms_nginx
    restart: always
    ports:
      - ${HTTP_PORT}:80
      - ${HTTPS_PORT}:443
    volumes:
      - ./config_static/http_server.conf:/etc/nginx/conf.d/default.conf
      - ${CONFIG_DIR}/nginx/cert:/etc/nginx/cert
      - ${VOLUME_DIR}/core/data:/data
      - ${VOLUME_DIR}/nginx/log:/var/log/nginx
    depends_on:
      - core
      - luna
      - koko
      - guacamole
    healthcheck:
      test: ["CMD", "test", "-f", "/var/run/nginx.pid"]
      interval: 10s
      timeout: 5s
      retries: 2
    networks:
      - net


  core:
    image: jumpserver/core:${VERSION}
    container_name: jms_core
    restart: always
    tty: true
    command: web                                                //删除start
    env_file:
      - ${CONFIG_FILE}
    volumes:
      - ${CONFIG_DIR}/core/config.yml:/opt/jumpserver/config.yml
      - ${VOLUME_DIR}/core/data:/opt/jumpserver/data
      - ${VOLUME_DIR}/core/logs:/opt/jumpserver/logs
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8080/api/health/"]
      interval: 10s
      timeout: 5s
      retries: 10
    networks:
      - net


  koko:
    image: jumpserver/koko:${VERSION}
    container_name: jms_koko
    restart: always
    tty: true
    env_file:
      - ${CONFIG_FILE}
    ports:
      - ${SSH_PORT}:2222
    depends_on:
      core:
        condition: service_healthy
    volumes:
      - ${CONFIG_DIR}/koko/config.yml:/opt/koko/config.yml
      - ${VOLUME_DIR}/koko/data:/opt/koko/data
    privileged: true
    healthcheck:
      test: "ps axu | grep 'koko'"
      interval: 10s
      timeout: 5s
      retries: 3
    networks:
      - net


  luna:
    image: jumpserver/luna:${VERSION}
    container_name: jms_luna
    restart: always
    env_file:
      - ${CONFIG_FILE}
    depends_on:
      core:
        condition: service_healthy
    healthcheck:
      test: "wget http://localhost/luna/ -O -"
      interval: 10s
      timeout: 5s
      retries: 3
    networks:
      - net


  lina:
    image: jumpserver/lina:${VERSION}
    container_name: jms_lina
    restart: always
    env_file:
      - ${CONFIG_FILE}
    depends_on:
      core:
        condition: service_healthy
    healthcheck:
      test: "wget http://localhost/ -O -"
      interval: 10s
      timeout: 5s
      retries: 3
    networks:
      - net


  guacamole:
    image: jumpserver/guacamole:${VERSION}
    container_name: jms_guacamole
    env_file:
      - ${CONFIG_FILE}
    restart: always
    volumes:
      - ${VOLUME_DIR}/guacamole/data:/config/guacamole/data
    depends_on:
      core:
        condition: service_healthy
    healthcheck:
      test: ["CMD", "curl", "http://localhost:8080"]
      interval: 10s
      timeout: 5s
      retries: 3
    networks:
      - net


6 启动jumpsever

./jmsctl.sh start

7 修改core依赖库

docker exec -it jms_core bash
pip freeze | grep -i 'crypto'
asn1crypto==0.24.0
cryptography==2.8
pycrypto==2.6.1
pycryptodome==3.9.7                  //确认版本为3.9.7, pip install pycryptodome==3.9.7
pycryptodomex==3.9.7                 //确认版本为3.9.7, pip install pycryptodomex==3.9.7




cd /opt/jumpserver/apps
./manage.py makemigrations
./manage.py migrate
 docker restart jms_core

8 重启koko,guacamole

rm -rf /opt/jumpserver/koko/data/keys/.access_key
rm -rf /opt/jumpserver/guacamole/data/key/jumpserver.key
docker restart jms_koko
docker restart jms_guacamole


数据库
文章转载自云时代IT运维,如果涉嫌侵权,请发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。

评论