迁移文档

    v2.6 版本升级说明

    • 统一企业版本与开源版本安装方式,企业版和社区版可以无缝切换
    • 今后只会维护此安装方式,其他安装方式不再提供技术支持
    • 安装完成后配置文件在 /opt/jumpserver/config/config.txt

    迁移步骤

    installer 部署源码部署组件容器化部署setuptools 脚本部署docker 部署docker-compose 部署

    1. cat /opt/jumpserver/config/config.txt | egrep "SECRET_KEY|BOOTSTRAP_TOKEN"
    1. ./jmsctl.sh backup_db
    1. cd /opt/koko
    2. ./koko -s stop
    3. # 更老的版本使用的 coco guacamole
    4. # cd /opt/coco
    5. # ./cocod stop
    6. # /etc/init.d/guacd stop
    7. # sh /config/tomcat9/bin/shutdown.sh
    1. cd /opt/lion
    2. ps aux | grep lion | awk '{print $2}' | xargs kill -9
    1. cd /opt/jumpserver
    2. # 记录 SECRET_KEY 和 BOOTSTRAP_TOKEN
    3. cat config.yml | egrep "SECRET_KEY|BOOTSTRAP_TOKEN"
    1. source /opt/py3/bin/activate
    2. ./jms stop
    1. cd /opt
    2. mv /opt/jumpserver /opt/jumpserver_bak
    1. mysqldump -h127.0.0.1 -P3306 -ujumpserver -p jumpserver > /opt/jumpserver.sql
    1. docker stop jms_koko jms_lion
    2. docker rm jms_koko jms_lion
    3. # 更老的版本使用的 coco guacamole
    4. # docker stop jms_coco jms_guacamole
    5. # docker rm jms_coco jms_guacamole
    1. cd /opt/jumpserver
    2. # 记录 SECRET_KEY 和 BOOTSTRAP_TOKEN
    3. cat config.yml | egrep "SECRET_KEY|BOOTSTRAP_TOKEN"
    1. source /opt/py3/bin/activate
    2. ./jms stop
    1. cd /opt
    2. mv /opt/jumpserver /opt/jumpserver_bak
    1. mysqldump -h127.0.0.1 -P3306 -ujumpserver -p jumpserver > /opt/jumpserver.sql
    1. ./jmsctl.sh stop
    2. docker rm jms_koko jms_guacamole
    3. systemctl disable jms_core
    4. mv /opt/jumpserver /opt/jumpserver_bak
    1. mysqldump -h127.0.0.1 -P3306 -ujumpserver -p jumpserver > /opt/jumpserver.sql
    1. docker cp jms_all:/opt/jumpserver /opt/jumpserver_bak
    2. # 记录 SECRET_KEY 和 BOOTSTRAP_TOKEN
    3. docker exec -it jms_all env | egrep "SECRET_KEY|BOOTSTRAP_TOKEN"
    1. docker exec -it jms_all /bin/bash
    2. mysqldump -h$DB_HOST -P$DB_PORT -u$DB_USER -p$DB_PASSWORD $DB_NAME > /opt/jumpserver.sql
    3. exit
    1. docker cp jms_all:/opt/jumpserver.sql /opt
    2. docker stop jms_all
    1. docker cp jms_core:/opt/jumpserver /opt/jumpserver_bak
    2. # 记录 SECRET_KEY 和 BOOTSTRAP_TOKEN
    3. docker exec -it jms_core env | egrep "SECRET_KEY|BOOTSTRAP_TOKEN"
    1. docker exec -it jms_mysql /bin/bash
    2. mysqldump -uroot jumpserver > /opt/jumpserver.sql
    3. exit
    1. docker cp jms_mysql:/opt/jumpserver.sql /opt
    2. cd /opt/Dockerfile
    3. docker-compose stop
    1. # 如果你不需要或不想处理数据库字符集可以跳过此步骤, 保证迁移前后的数据库字符集一样即可.
    2. if grep -q 'COLLATE=utf8_bin' /opt/jumpserver.sql; then
    3. cp /opt/jumpserver.sql /opt/jumpserver_bak.sql
    4. sed -i 's@ COLLATE=utf8_bin@@g' /opt/jumpserver.sql
    5. sed -i 's@ COLLATE utf8_bin@@g' /opt/jumpserver.sql
    6. else
    7. echo "备份数据库字符集正确";
    8. fi

    下载 jumpserver-install

    1. cd /opt
    2. yum -y install wget
    3. wget https://github.com/jumpserver/installer/releases/download/v2.27.0/jumpserver-installer-v2.27.0.tar.gz
    4. tar -xf jumpserver-installer-v2.27.0.tar.gz
    5. cd jumpserver-installer-v2.27.0
    1. vi config-example.txt
    1. # 修改下面选项, 其他保持默认
    2. ### 数据持久化目录, 安装完成后请勿随意更改, 可以使用其他目录如: /data/jumpserver
    3. VOLUME_DIR=/opt/jumpserver
    4. ### 注意: SECRET_KEY 与旧版本不一致, 加密的数据将无法解密
    5. # Core 配置
    6. ### 启动后不能再修改,否则密码等等信息无法解密
    7. SECRET_KEY= # 从旧版本的配置文件获取后填入 (*)
    8. BOOTSTRAP_TOKEN= # 从旧版本的配置文件获取后填入 (*)
    9. LOG_LEVEL=ERROR
    10. # SESSION_COOKIE_AGE=86400
    11. SESSION_EXPIRE_AT_BROWSER_CLOSE=True # 关闭浏览器后 session 过期

    使用新的内置数据库使用新的外置数据库使用旧的外置数据库

    1. ./jmsctl.sh install
    1. docker exec -it jms_mysql /bin/bash
    2. # 如果变量 $MARIADB_ROOT_PASSWORD 不存在,请使用 $MYSQL_ROOT_PASSWORD
    3. mysql -uroot -p$MARIADB_ROOT_PASSWORD
    1. drop database jumpserver;
    2. create database jumpserver default charset 'utf8';
    3. exit
    4. exit
    1. # /opt/jumpserver.sql 为旧版本数据库
    2. ./jmsctl.sh restore_db /opt/jumpserver.sql
    1. 开始还原数据库: /opt/jumpserver.sql
    2. mysql: [Warning] Using a password on the command line interface can be insecure.
    3. 数据库恢复成功!
    1. ./jmsctl.sh start
    1. # 登录外置数据库操作
    2. mysql -h192.168.100.11 -P3306 -ujumpserver -pweakPassword
    1. create database jumpserver default charset 'utf8';
    2. create user 'jumpserver'@'%' identified by 'weakPassword';
    3. grant all on jumpserver.* to 'jumpserver'@'%';
    4. flush privileges;
    5. exit
    1. ./jmsctl.sh install
    1. ██╗██╗ ██╗███╗ ███╗██████╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗
    2. ██║██║ ██║████╗ ████║██╔══██╗██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗
    3. ██║██║ ██║██╔████╔██║██████╔╝███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝
    4. ██ ██║██║ ██║██║╚██╔╝██║██╔═══╝ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗
    5. ╚█████╔╝╚██████╔╝██║ ╚═╝ ██║██║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║
    6. ╚════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝
    7. Version: v2.27.0
    8. 1. 检查配置文件
    9. 配置文件位置: /opt/jumpserver/config
    10. /opt/jumpserver/config/config.txt [ ]
    11. /opt/jumpserver/config/nginx/lb_rdp_server.conf [ ]
    12. /opt/jumpserver/config/nginx/lb_ssh_server.conf [ ]
    13. /opt/jumpserver/config/nginx/cert/server.crt [ ]
    14. /opt/jumpserver/config/nginx/cert/server.key [ ]
    15. 完成
    16. 备份至 /opt/jumpserver/config/backup/config.txt.2021-07-15_22-26-13
    17. 完成
    18. 1. 安装 Docker
    19. 开始下载 Docker 程序 ...
    20. 开始下载 Docker Compose 程序 ...
    21. 完成
    22. 2. 配置 Docker
    23. 是否需要自定义 docker 存储目录, 默认将使用目录 /var/lib/docker? (y/n) (默认为 n): n
    24. 完成
    25. 3. 启动 Docker
    26. Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /etc/systemd/system/docker.service.
    27. 完成
    28. >>> 加载 Docker 镜像
    29. Docker: Pulling from jumpserver/core:v2.27.0 [ OK ]
    30. Docker: Pulling from jumpserver/koko:v2.27.0 [ OK ]
    31. Docker: Pulling from jumpserver/web:v2.27.0 [ OK ]
    32. Docker: Pulling from jumpserver/redis:6-alpine [ OK ]
    33. Docker: Pulling from jumpserver/mysql:5 [ OK ]
    34. Docker: Pulling from jumpserver/lion:v2.27.0 [ OK ]
    35. >>> 安装配置 JumpServer
    36. 1. 配置网络
    37. 是否需要支持 IPv6? (y/n) (默认为 n): n
    38. 完成
    39. 2. 配置加密密钥
    40. SECRETE_KEY: YTE2YTVkMTMtMGE3MS00YzI5LWFlOWEtMTc2OWJlMmIyMDE2
    41. BOOTSTRAP_TOKEN: YTE2YTVkMTMtMGE3
    42. 完成
    43. 3. 配置持久化目录
    44. 是否需要自定义持久化存储, 默认将使用目录 /opt/jumpserver? (y/n) (默认为 n): n
    45. 完成
    46. 4. 配置 MySQL
    47. 是否使用外部 MySQL? (y/n) (默认为 n): y
    48. 请输入 MySQL 的主机地址 (无默认值): 192.168.100.11
    49. 请输入 MySQL 的端口 (默认为 3306): 3306
    50. 请输入 MySQL 的数据库 (默认为 jumpserver): jumpserver
    51. 请输入 MySQL 的用户名 (无默认值): jumpserver
    52. 请输入 MySQL 的密码 (无默认值): weakPassword
    53. 完成
    54. 5. 配置 Redis
    55. 是否使用外部 Redis? (y/n) (默认为 n): y
    56. 请输入 Redis 的主机地址 (无默认值): 192.168.100.11
    57. 请输入 Redis 的端口 (默认为 6379): 6379
    58. 请输入 Redis 的密码 (无默认值): weakPassword
    59. 完成
    60. 6. 配置对外端口
    61. 是否需要配置 JumpServer 对外访问端口? (y/n) (默认为 n): n
    62. 完成
    63. 7. 初始化数据库
    64. Creating network "jms_net" with driver "bridge"
    65. Creating jms_redis ... done
    66. 2021-07-15 22:39:52 Collect static files
    67. 2021-07-15 22:39:52 Collect static files done
    68. 2021-07-15 22:39:52 Check database structure change ...
    69. 2021-07-15 22:39:52 Migrate model change to database ...
    70. 475 static files copied to '/opt/jumpserver/data/static'.
    71. Operations to perform:
    72. Apply all migrations: acls, admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, notifications, ops, orgs, perms, sessions, settings, terminal, tickets, users
    73. Running migrations:
    74. Applying contenttypes.0001_initial... OK
    75. Applying contenttypes.0002_remove_content_type_name... OK
    76. Applying auth.0001_initial... OK
    77. Applying auth.0002_alter_permission_name_max_length... OK
    78. Applying auth.0003_alter_user_email_max_length... OK
    79. Applying auth.0004_alter_user_username_opts... OK
    80. Applying auth.0005_alter_user_last_login_null... OK
    81. Applying auth.0006_require_contenttypes_0002... OK
    82. Applying auth.0007_alter_validators_add_error_messages... OK
    83. Applying auth.0008_alter_user_username_max_length... OK
    84. ...
    85. Applying sessions.0001_initial... OK
    86. Applying terminal.0032_auto_20210302_1853... OK
    87. Applying terminal.0033_auto_20210324_1008... OK
    88. Applying terminal.0034_auto_20210406_1434... OK
    89. Applying terminal.0035_auto_20210517_1448... OK
    90. Applying terminal.0036_auto_20210604_1124... OK
    91. Applying terminal.0037_auto_20210623_1748... OK
    92. Applying tickets.0008_auto_20210311_1113... OK
    93. Applying tickets.0009_auto_20210426_1720... OK
    94. >>> 安装完成了
    95. 1. 可以使用如下命令启动, 然后访问
    96. cd /root/jumpserver-installer-v2.27.0
    97. ./jmsctl.sh start
    98. 2. 其它一些管理命令
    99. ./jmsctl.sh stop
    100. ./jmsctl.sh restart
    101. ./jmsctl.sh backup
    102. ./jmsctl.sh upgrade
    103. 更多还有一些命令, 你可以 ./jmsctl.sh --help 来了解
    104. 3. Web 访问
    105. http://192.168.100.212:80
    106. 默认用户: admin 默认密码: admin
    107. 4. SSH/SFTP 访问
    108. ssh -p2222 admin@192.168.100.212
    109. sftp -P2222 admin@192.168.100.212
    110. 5. 更多信息
    111. 我们的官网: https://www.jumpserver.org/
    112. 我们的文档: https://docs.jumpserver.org/
    1. ./jmsctl.sh start
    1. Creating network "jms_net" with driver "bridge"
    2. Creating jms_core ... done
    3. Creating jms_celery ... done
    4. Creating jms_koko ... done
    5. Creating jms_magnus ... done
    6. Creating jms_web ... done
    1. # 如果之前使用的数据库符合版本要求, 可以直接使用 (注意备份)
    2. ./jmsctl.sh install
    1. ██╗██╗ ██╗███╗ ███╗██████╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗
    2. ██║██║ ██║████╗ ████║██╔══██╗██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗
    3. ██║██║ ██║██╔████╔██║██████╔╝███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝
    4. ██ ██║██║ ██║██║╚██╔╝██║██╔═══╝ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗
    5. ╚█████╔╝╚██████╔╝██║ ╚═╝ ██║██║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║
    6. ╚════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝
    7. Version: v2.27.0
    8. 配置文件位置: /opt/jumpserver/config
    9. /opt/jumpserver/config/config.txt [ ]
    10. /opt/jumpserver/config/nginx/lb_rdp_server.conf [ ]
    11. /opt/jumpserver/config/nginx/lb_ssh_server.conf [ ]
    12. /opt/jumpserver/config/nginx/cert/server.crt [ ]
    13. /opt/jumpserver/config/nginx/cert/server.key [ ]
    14. 完成
    15. 2. 备份配置文件
    16. 备份至 /opt/jumpserver/config/backup/config.txt.2021-07-15_22-26-13
    17. 完成
    18. >>> 安装配置 Docker
    19. 1. 安装 Docker
    20. 开始下载 Docker 程序 ...
    21. 开始下载 Docker Compose 程序 ...
    22. 完成
    23. 2. 配置 Docker
    24. 是否需要自定义 docker 存储目录, 默认将使用目录 /var/lib/docker? (y/n) (默认为 n): n
    25. 完成
    26. 3. 启动 Docker
    27. Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /etc/systemd/system/docker.service.
    28. 完成
    29. >>> 加载 Docker 镜像
    30. Docker: Pulling from jumpserver/core:v2.27.0 [ OK ]
    31. Docker: Pulling from jumpserver/koko:v2.27.0 [ OK ]
    32. Docker: Pulling from jumpserver/web:v2.27.0 [ OK ]
    33. Docker: Pulling from jumpserver/redis:6-alpine [ OK ]
    34. Docker: Pulling from jumpserver/mysql:5 [ OK ]
    35. Docker: Pulling from jumpserver/lion:v2.27.0 [ OK ]
    36. >>> 安装配置 JumpServer
    37. 1. 配置网络
    38. 是否需要支持 IPv6? (y/n) (默认为 n): n
    39. 完成
    40. 2. 配置加密密钥
    41. SECRETE_KEY: YTE2YTVkMTMtMGE3MS00YzI5LWFlOWEtMTc2OWJlMmIyMDE2
    42. BOOTSTRAP_TOKEN: YTE2YTVkMTMtMGE3
    43. 完成
    44. 3. 配置持久化目录
    45. 是否需要自定义持久化存储, 默认将使用目录 /opt/jumpserver? (y/n) (默认为 n): n
    46. 完成
    47. 4. 配置 MySQL
    48. 是否使用外部 MySQL? (y/n) (默认为 n): y
    49. 请输入 MySQL 的主机地址 (无默认值): 192.168.100.11
    50. 请输入 MySQL 的端口 (默认为 3306): 3306
    51. 请输入 MySQL 的数据库 (默认为 jumpserver): jumpserver
    52. 请输入 MySQL 的用户名 (无默认值): jumpserver
    53. 请输入 MySQL 的密码 (无默认值): weakPassword
    54. 完成
    55. 5. 配置 Redis
    56. 是否使用外部 Redis? (y/n) (默认为 n): y
    57. 请输入 Redis 的主机地址 (无默认值): 192.168.100.11
    58. 请输入 Redis 的端口 (默认为 6379): 6379
    59. 请输入 Redis 的密码 (无默认值): weakPassword
    60. 完成
    61. 6. 配置对外端口
    62. 是否需要配置 JumpServer 对外访问端口? (y/n) (默认为 n): n
    63. 完成
    64. 7. 初始化数据库
    65. Creating network "jms_net" with driver "bridge"
    66. Creating jms_redis ... done
    67. 2021-07-15 22:39:52 Collect static files
    68. 2021-07-15 22:39:52 Collect static files done
    69. 2021-07-15 22:39:52 Check database structure change ...
    70. 2021-07-15 22:39:52 Migrate model change to database ...
    71. 475 static files copied to '/opt/jumpserver/data/static'.
    72. Operations to perform:
    73. Apply all migrations: acls, admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, notifications, ops, orgs, perms, sessions, settings, terminal, tickets, users
    74. Running migrations:
    75. Applying contenttypes.0001_initial... OK
    76. Applying contenttypes.0002_remove_content_type_name... OK
    77. Applying auth.0001_initial... OK
    78. Applying auth.0002_alter_permission_name_max_length... OK
    79. Applying auth.0003_alter_user_email_max_length... OK
    80. Applying auth.0004_alter_user_username_opts... OK
    81. Applying auth.0005_alter_user_last_login_null... OK
    82. Applying auth.0006_require_contenttypes_0002... OK
    83. Applying auth.0007_alter_validators_add_error_messages... OK
    84. Applying auth.0008_alter_user_username_max_length... OK
    85. ...
    86. Applying sessions.0001_initial... OK
    87. Applying terminal.0032_auto_20210302_1853... OK
    88. Applying terminal.0033_auto_20210324_1008... OK
    89. Applying terminal.0034_auto_20210406_1434... OK
    90. Applying terminal.0035_auto_20210517_1448... OK
    91. Applying terminal.0036_auto_20210604_1124... OK
    92. Applying terminal.0037_auto_20210623_1748... OK
    93. Applying tickets.0008_auto_20210311_1113... OK
    94. Applying tickets.0009_auto_20210426_1720... OK
    95. >>> 安装完成了
    96. 1. 可以使用如下命令启动, 然后访问
    97. cd /root/jumpserver-installer-v2.27.0
    98. ./jmsctl.sh start
    99. 2. 其它一些管理命令
    100. ./jmsctl.sh stop
    101. ./jmsctl.sh restart
    102. ./jmsctl.sh backup
    103. ./jmsctl.sh upgrade
    104. 更多还有一些命令, 你可以 ./jmsctl.sh --help 来了解
    105. 3. Web 访问
    106. http://192.168.100.212:80
    107. 默认用户: admin 默认密码: admin
    108. 4. SSH/SFTP 访问
    109. ssh -p2222 admin@192.168.100.212
    110. sftp -P2222 admin@192.168.100.212
    111. 5. 更多信息
    112. 我们的官网: https://www.jumpserver.org/
    113. 我们的文档: https://docs.jumpserver.org/
    1. Creating network "jms_net" with driver "bridge"
    2. Creating jms_core ... done
    3. Creating jms_celery ... done
    4. Creating jms_koko ... done
    5. Creating jms_magnus ... done
    6. Creating jms_web ... done