公司服务器前端增加堡垒机,选用开源的jumpserver
软件环境
CentOS Linux release 7.3.1611 python 2.7.5 MysqL5.7
安装git
yum -y install git
克隆jumpserver
- #cd/opt
- #gitclonehttps://github.com/jumpserver/jumpserver.git
- #gitcheckoutmaster
- 注:不要安装在/root、/home等目录下,以免权限问题
由于过程中会要求连接MysqL创建jumpserver数据库,而安装脚本自带的MysqL5.1太老,此处自己编译安装MysqL5.7来使用
安装依赖包保平安
yum install make cmake gcc gcc-c++ gcc-g77 flex bison file libtool libtool-libs autoconf kernel-devel patch wget crontabs libjpeg libjpeg-devel libpng libpng-devel libpng10 libpng10-devel gd gd-devel libxml2 libxml2-devel zlib zlib-devel glib2 glib2-devel unzip tar bzip2 bzip2-devel libevent libevent-devel ncurses ncurses-devel curl curl-devel libcurl libcurl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel vim-minimal gettext gettext-devel ncurses-devel gmp-devel pspell-devel unzip libcap diffutils ca-certificates net-tools libc-client-devel psmisc libXpm-devel git-core c-ares-devel libicu-devel libxslt libxslt-devel xz pcre-devel libticonv.x8664 libticonv-devel.x8664 PHP-mcrypt libmcrypt libmcrypt-devel mhash mhash-devel libevent libevent-devel libxml2 libxml2-devel bzip2-devel libcurl-devel libjpeg-devel libpng-devel freetype-devel vim-minimal nano fonts-chinese
建立MysqL工作目录
解压MysqL并进入源码目录
输入以下编译参数
cmake . -DCMAKEINSTALLPREFIX=/opt/MysqL -DMysqLDATADIR=/opt/MysqL/data -DSYSCONFDIR=/opt/MysqL/conf -DWITHINNOBASESTORAGEENGINE=1 -DWITHARCHIVESTORAGEENGINE=1 -DWITHBLACKHOLESTORAGEENGINE=1 -DMysqLUNIXADDR=/opt/MysqL/MysqL.sock -DDEFAULTCHARSET=utf8 -DDEFAULTCOLLATION=utf8generalci -DENABLEDLOCALINFILE=1 -DWITHBOOST=/opt/tools -DENABLEDOWNLOADS=1 -DDOWNLOADBOOST=1 -DWITHMYISAMSTORAGEENGINE=1 -DWITHINNODBMEMCACHED=on
敲回车
等一会儿,看到最后一句 -- Build files have been written to: /opt/MysqL-5.7.18 ,哈哈,OK。
PS:这里有个坑,官方文档说的不是很清楚,boost1.59的压缩包下载下来后,-DWITHBOOST的设置为压缩包所在的目录就行,也不用解压,例如我的boost1.59的压缩包放在/opt/tools路径下,我这里就设置为-DWITHBOOST=/opt/tools
编译安装
- make-j$(cat/proc/cpuinfo|grep"processor"|wc-l)&&makeinstall
无惊无险,编译完成,接下来就是要做初始化啦
官方MysqL5.7文档里面有这么一段话:
After installing MysqL,you must initialize the data directory,including the tables in the MysqL system database.
在安装MysqL,您必须初始化数据目录,包括MysqL系统数据库中的表。
As of MysqL 5.7.6,use the server to initialize the data directory:
自MysqL 5.7.6起,使用MysqL服务器初始化数据目录:
命令例子
Before MysqL 5.7.6,use MysqLinstalldb:
在MysqL 5.7.6之前,使用MysqLinstalldb:
命令例子
OK,我这里采用的是MysqLd --initialize来做初始化,哈哈哈哈哈哈哈~~~~~~~
进入MysqL应用目录
- [root@CentOS7~]#cd/opt/MysqL/
- [root@CentOS7MysqL]#./bin/MysqLd--initialize--user=MysqL--basedir=/opt/MysqL--datadir=/opt/MysqL/data--explicit_defaults_for_timestamp
- 2017-07-11T06:16:03.379811Z0[Warning]InnoDB:Newlogfilescreated,LSN=45790
- 2017-07-11T06:16:03.662014Z0[Warning]InnoDB:Creatingforeignkeyconstraintsystemtables.
- 2017-07-11T06:16:03.729756Z0[Warning]NoexistingUUIDhasbeenfound,soweassumethatthisisthefirsttimethatthisserverhasbeenstarted.GeneratinganewUUID:6ae1ad44-6600-11e7-bf9d-000c2908640f.
- 2017-07-11T06:16:03.734450Z0[Warning]Gtidtableisnotreadytobeused.Table'MysqL.gtid_executed'cannotbeopened.
- 2017-07-11T06:16:03.736620Z1[Note]Atemporarypasswordisgeneratedforroot@localhost:wiMhO2.wt.-P
- [root@centos7MysqL]#
拷贝配置文件
cp support-files/my-default.cnf /opt/MysqL/conf/my.cnf
拷贝启动脚本
cp support-files/MysqL.server /etc/init.d/MysqLd
chmod +x /etc/init.d/MysqLd
编辑启动脚本,主要编辑basedir、datadir、MysqLd_pidfilepath
basedir=/opt/MysqL
datadir=/opt/MysqL/data
MysqLdpidfile_path=/opt/MysqL/MysqL.pid #这个填不填都可以,启动脚本会自动定义
设置开机启动
chkconfig --add MysqLd chkconfig MysqLd on
[root@CentOS7 opt]# service MysqLd start Starting MysqL. [ 确定 ]
[root@CentOS7 opt]# service MysqLd status MysqL running (104746) [ 确定 ]
爽爽爽~~~~~
全局变量为了直接使用,加到环境变量里,修改/etc/profile文件,在文件末尾添加: export PATH=/opt/MysqL/bin:$PATH
source /etc/profile
设置root用户可以远程访问
- [root@CentOS7data]#MysqL-uroot-p
- Enterpassword:
- WelcometotheMysqLmonitor.Commandsendwith;or\g.
- YourMysqLconnectionidis3
- Serverversion:5.7.17
- Copyright(c)2000,2016,Oracleand/oritsaffiliates.Allrightsreserved.
- OracleisaregisteredtrademarkofOracleCorporationand/orits
- affiliates.Othernamesmaybetrademarksoftheirrespective
- owners.
- Type'help;'or'\h'forhelp.Type'\c'toclearthecurrentinputstatement.
- MysqL>setpassword=password('123456');
- MysqL>GRANTALLPRIVILEGESON*.*TO'root'@'%'IDENTIFIEDBY'123456'WITHGRANTOPTION;
- QueryOK,0rowsaffected,1warning(0.00sec)
- MysqL>flushprivileges;
- QueryOK,0rowsaffected(0.00sec)
关闭CentOS7的防火墙,再用第三方数据库管理工具连接测试,OK啦。
- [root@CentOS7html]#systemctlstopfirewalld.service
- [root@CentOS7html]#systemctldisablefirewalld.service
MysqL5.7 编译安装完毕
好咧,现在开始嘿嘿嘿~~~~~~~
替换国内pip源
- [root@centos7~]#mkdir.pip
- [root@centos7~]#cd.pip/
- [root@centos7.pip]#vimpip.conf
- 输入以下内容
- [global]
- index-url=http://mirrors.aliyun.com/pypi/simple
- [install]
- trusted-host=mirrors.aliyun.com
create database jumpserver charset='utf8';
grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '123456';
我这里是测试安装,密码都很简单,各位同学要是放在生产环境上,密码建议复杂点哦~~
执行jumpserver安装脚本
- #cdjumpserver/install
- #pythoninstall.py
这个文件在编译的MysqL目录里面,做个软链到/usr/lib64目录下面即可
ln -sv /opt/MysqL/lib/libMysqLclient.so.20 /usr/lib64/libMysqLclient.so.20