公司服务器前端增加堡垒机,选用开源的jumpserver
软件环境
CentOS Linux release 7.3.1611 python 2.7.5 MysqL5.7
安装git
yum -y install git
克隆jumpserver
#cd/opt #gitclonehttps://github.com/jumpserver/jumpserver.git #gitcheckoutmaster 注:不要安装在/root、/home等目录下,以免权限问题
由于过程中会要求连接MysqL创建jumpserver数据库,而安装脚本自带的MysqL5.1太老,此处自己编译安装MysqL5.7来使用
安装依赖包保平安
yum install make cmake gcc gcc-c++ gcc-g77 flex bison file libtool libtool-libs autoconf kernel-devel patch wget crontabs libjpeg libjpeg-devel libpng libpng-devel libpng10 libpng10-devel gd gd-devel libxml2 libxml2-devel zlib zlib-devel glib2 glib2-devel unzip tar bzip2 bzip2-devel libevent libevent-devel ncurses ncurses-devel curl curl-devel libcurl libcurl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel vim-minimal gettext gettext-devel ncurses-devel gmp-devel pspell-devel unzip libcap diffutils ca-certificates net-tools libc-client-devel psmisc libXpm-devel git-core c-ares-devel libicu-devel libxslt libxslt-devel xz pcre-devel libticonv.x8664 libticonv-devel.x8664 PHP-mcrypt libmcrypt libmcrypt-devel mhash mhash-devel libevent libevent-devel libxml2 libxml2-devel bzip2-devel libcurl-devel libjpeg-devel libpng-devel freetype-devel vim-minimal nano fonts-chinese
建立MysqL工作目录
[root@centos7~]#mkdir-pv/opt/MysqL mkdir:已创建目录"/opt/MysqL"
解压MysqL并进入源码目录
[root@centos7opt]#cdtools/ [root@centos7tools]#ll 总用量141796 -rw-r--r--.1rootroot837099837月1113:17boost_1_59_0.tar.gz -rw-r--r--.1rootroot614809827月1113:17MysqL-boost-5.7.17.tar.gz [root@centos7tools]#tarzxfMysqL-boost-5.7.17.tar.gz [root@centos7tools]#cdMysqL-5.7.17/
输入以下编译参数
cmake . -DCMAKEINSTALLPREFIX=/opt/MysqL -DMysqLDATADIR=/opt/MysqL/data -DSYSCONFDIR=/opt/MysqL/conf -DWITHINNOBASESTORAGEENGINE=1 -DWITHARCHIVESTORAGEENGINE=1 -DWITHBLACKHOLESTORAGEENGINE=1 -DMysqLUNIXADDR=/opt/MysqL/MysqL.sock -DDEFAULTCHARSET=utf8 -DDEFAULTCOLLATION=utf8generalci -DENABLEDLOCALINFILE=1 -DWITHBOOST=/opt/tools -DENABLEDOWNLOADS=1 -DDOWNLOADBOOST=1 -DWITHMYISAMSTORAGEENGINE=1 -DWITHINNODBMEMCACHED=on
敲回车
等一会儿,看到最后一句 -- Build files have been written to: /opt/MysqL-5.7.18 ,哈哈,OK。
PS:这里有个坑,官方文档说的不是很清楚,boost1.59的压缩包下载下来后,-DWITHBOOST的设置为压缩包所在的目录就行,也不用解压,例如我的boost1.59的压缩包放在/opt/tools路径下,我这里就设置为-DWITHBOOST=/opt/tools
编译安装
make-j$(cat/proc/cpuinfo|grep"processor"|wc-l)&&makeinstall
无惊无险,编译完成,接下来就是要做初始化啦
官方MysqL5.7文档里面有这么一段话:
After installing MysqL,you must initialize the data directory,including the tables in the MysqL system database.
在安装MysqL,您必须初始化数据目录,包括MysqL系统数据库中的表。
As of MysqL 5.7.6,use the server to initialize the data directory:
自MysqL 5.7.6起,使用MysqL服务器初始化数据目录:
命令例子
shell>bin/MysqLd--initialize--user=MysqL
Before MysqL 5.7.6,use MysqLinstalldb:
在MysqL 5.7.6之前,使用MysqLinstalldb:
命令例子
shell>bin/MysqL_install_db--user=MysqL
OK,我这里采用的是MysqLd --initialize来做初始化,哈哈哈哈哈哈哈~~~~~~~
进入MysqL应用目录
[root@CentOS7~]#cd/opt/MysqL/ [root@CentOS7MysqL]#./bin/MysqLd--initialize--user=MysqL--basedir=/opt/MysqL--datadir=/opt/MysqL/data--explicit_defaults_for_timestamp 2017-07-11T06:16:03.379811Z0[Warning]InnoDB:Newlogfilescreated,LSN=45790 2017-07-11T06:16:03.662014Z0[Warning]InnoDB:Creatingforeignkeyconstraintsystemtables. 2017-07-11T06:16:03.729756Z0[Warning]NoexistingUUIDhasbeenfound,soweassumethatthisisthefirsttimethatthisserverhasbeenstarted.GeneratinganewUUID:6ae1ad44-6600-11e7-bf9d-000c2908640f. 2017-07-11T06:16:03.734450Z0[Warning]Gtidtableisnotreadytobeused.Table'MysqL.gtid_executed'cannotbeopened. 2017-07-11T06:16:03.736620Z1[Note]Atemporarypasswordisgeneratedforroot@localhost:wiMhO2.wt.-P [root@centos7MysqL]#
拷贝配置文件
cp support-files/my-default.cnf /opt/MysqL/conf/my.cnf
[client] port=3306 socket=/tmp/MysqL.sock default-character-set=utf8 [MysqLd] basedir=/opt/MysqL datadir=/opt/MysqL/data port=3306 server_id=1 socket=/tmp/MysqL.sock bind-address=localhost #skip-grant-tables
拷贝启动脚本
cp support-files/MysqL.server /etc/init.d/MysqLd
chmod +x /etc/init.d/MysqLd
编辑启动脚本,主要编辑basedir、datadir、MysqLd_pidfilepath
basedir=/opt/MysqL
datadir=/opt/MysqL/data
MysqLdpidfile_path=/opt/MysqL/MysqL.pid #这个填不填都可以,启动脚本会自动定义
设置开机启动
chkconfig --add MysqLd chkconfig MysqLd on
[root@CentOS7 opt]# service MysqLd start Starting MysqL. [ 确定 ]
[root@CentOS7 opt]# service MysqLd status MysqL running (104746) [ 确定 ]
爽爽爽~~~~~
全局变量为了直接使用,加到环境变量里,修改/etc/profile文件,在文件末尾添加: export PATH=/opt/MysqL/bin:$PATH
source /etc/profile
设置root用户可以远程访问
[root@CentOS7data]#MysqL-uroot-p Enterpassword: WelcometotheMysqLmonitor.Commandsendwith;or\g. YourMysqLconnectionidis3 Serverversion:5.7.17 Copyright(c)2000,2016,Oracleand/oritsaffiliates.Allrightsreserved. OracleisaregisteredtrademarkofOracleCorporationand/orits affiliates.Othernamesmaybetrademarksoftheirrespective owners. Type'help;'or'\h'forhelp.Type'\c'toclearthecurrentinputstatement. MysqL>setpassword=password('123456'); MysqL>GRANTALLPRIVILEGESON*.*TO'root'@'%'IDENTIFIEDBY'123456'WITHGRANTOPTION; QueryOK,0rowsaffected,1warning(0.00sec) MysqL>flushprivileges; QueryOK,0rowsaffected(0.00sec)
关闭CentOS7的防火墙,再用第三方数据库管理工具连接测试,OK啦。
[root@CentOS7html]#systemctlstopfirewalld.service [root@CentOS7html]#systemctldisablefirewalld.service
MysqL5.7 编译安装完毕
好咧,现在开始嘿嘿嘿~~~~~~~
替换国内pip源
[root@centos7~]#mkdir.pip [root@centos7~]#cd.pip/ [root@centos7.pip]#vimpip.conf 输入以下内容 [global] index-url=http://mirrors.aliyun.com/pypi/simple [install] trusted-host=mirrors.aliyun.com
create database jumpserver charset='utf8';
grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '123456';
我这里是测试安装,密码都很简单,各位同学要是放在生产环境上,密码建议复杂点哦~~
执行jumpserver安装脚本
#cdjumpserver/install #pythoninstall.py
这个文件在编译的MysqL目录里面,做个软链到/usr/lib64目录下面即可
ln -sv /opt/MysqL/lib/libMysqLclient.so.20 /usr/lib64/libMysqLclient.so.20