升级文档

升级及迁移请保持 SECRET_KEY 与旧版本一致, 否则会导致数据库加密数据无法解密

环境说明

  • 从 v2.5 开始, 要求 MySQL >= 5.7
  • 从 v2.6 开始, 要求 Redis >= 5
  • 推荐使用外置 数据库 和 Redis, 方便日后扩展升级
DBVersionCacheVersion
MySQL>= 5.7Redis>= 5.0
MariaDB>= 10.2

迁移说明

v2.6 版本升级说明

  • 统一企业版本与开源版本安装方式, 企业版和社区版可以无缝切换
  • 今后只会维护此安装方式, 其他安装方式不再提供技术支持
  • 安装完成后配置文件在 /opt/jumpserver/config/config.txt

迁移步骤

备份数据库

  1. # 从 jumpserver/config.yml 获取数据库信息
  2. DB_HOST: 127.0.0.1 # 数据库服务器 IP
  3. DB_PORT: 3306 # 数据库服务器 端口
  4. DB_USER: jumpserver # 连接数据库的用户
  5. DB_PASSWORD: ****** # 连接数据库用户的密码
  6. DB_NAME: jumpserver # JumpServer 使用的数据库
  7. # mysqldump -h<DB_HOST> -P<DB_PORT> -u<DB_USER> -p<DB_PASSWORD> <DB_NAME> > /opt/<DB_NAME>.sql

手动部署

  1. cd /opt/koko
  2. ./koko -s stop
  3. # 更老的版本使用的 coco
  4. # cd /opt/coco
  5. # ./cocod stop
  1. /etc/init.d/guacd stop
  2. sh /config/tomcat9/bin/shutdown.sh
  1. cd /opt/jumpserver
  2. source /opt/py3/bin/activate
  3. ./jms stop
  1. cd /opt
  2. mv /opt/jumpserver /opt/jumpserver_bak
  1. mysqldump -h127.0.0.1 -P3306 -ujumpserver -p jumpserver > /opt/jumpserver.sql

组件容器化部署

  1. docker stop jms_koko jms_guacamole
  2. docker rm jms_koko jms_guacamole
  3. # 更老的版本使用的 coco
  4. # docker stop jms_coco
  5. # docker rm jms_coco
  1. cd /opt/jumpserver
  2. source /opt/py3/bin/activate
  3. ./jms stop
  1. cd /opt
  2. mv /opt/jumpserver /opt/jumpserver_bak
  1. mysqldump -h127.0.0.1 -P3306 -ujumpserver -p jumpserver > /opt/jumpserver.sql

setuptools 脚本部署

  1. cd /opt/setuptools
  2. ./jmsctl.sh stop
  3. docker rm jms_koko jms_guacamole
  4. systemctl disable jms_core
  5. mv /opt/jumpserver /opt/jumpserver_bak
  1. mysqldump -h127.0.0.1 -P3306 -ujumpserver -p jumpserver > /opt/jumpserver.sql

docker 部署

  1. docker cp jms_all:/opt/jumpserver /opt/jumpserver_bak
  2. docker exec -it jms_all env | egrep "SECRET_KEY|BOOTSTRAP_TOKEN"
  1. docker exec -it jms_all /bin/bash
  2. mysqldump -h$DB_HOST -P$DB_PORT -u$DB_USER -p$DB_PASSWORD $DB_NAME > /opt/jumpserver.sql
  3. exit
  1. docker cp jms_all:/opt/jumpserver.sql /opt
  2. docker stop jms_all

docker-compose 部署

  1. docker cp jms_core:/opt/jumpserver /opt/jumpserver_bak
  2. docker exec -it jms_core env | egrep "SECRET_KEY|BOOTSTRAP_TOKEN"
  1. docker exec -it jms_mysql /bin/bash
  2. mysqldump -uroot jumpserver > /opt/jumpserver.sql
  3. exit
  1. docker cp jms_mysql:/opt/jumpserver.sql /opt
  2. cd /opt/Dockerfile
  3. docker-compose stop

修改数据库字符集

  1. if grep -q 'COLLATE=utf8_bin' /opt/jumpserver.sql; then
  2. cp /opt/jumpserver.sql /opt/jumpserver_bak.sql
  3. sed -i 's@COLLATE=utf8_bin@@g' /opt/jumpserver.sql
  4. sed -i 's@COLLATE utf8_bin@@g' /opt/jumpserver.sql
  5. else
  6. echo "备份数据库字符集正确";
  7. fi

下载 jumpserver-install

  1. cd /opt
  2. yum -y install wget
  3. wget https://github.com/jumpserver/installer/releases/download/v2.9.2/jumpserver-installer-v2.9.2.tar.gz
  4. tar -xf jumpserver-installer-v2.9.2.tar.gz
  5. cd jumpserver-installer-v2.9.2
  1. vi config-example.txt
  1. # 修改下面选项, 其他保持默认
  2. ### 注意: SECRET_KEY 与旧版本不一致, 加密的数据将无法解密
  3. # Core 配置
  4. ### 启动后不能再修改,否则密码等等信息无法解密
  5. SECRET_KEY= # 从旧版本的配置文件获取后填入 (*)
  6. BOOTSTRAP_TOKEN= # 从旧版本的配置文件获取后填入 (*)
  7. LOG_LEVEL=ERROR
  8. # SESSION_COOKIE_AGE=86400
  9. SESSION_EXPIRE_AT_BROWSER_CLOSE=true # 关闭浏览器后 session 过期

开始部署 JumpServer

使用内置数据库

  1. ./jmsctl.sh install
  1. ██╗██╗ ██╗███╗ ███╗██████╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗
  2. ██║██║ ██║████╗ ████║██╔══██╗██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗
  3. ██║██║ ██║██╔████╔██║██████╔╝███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝
  4. ██ ██║██║ ██║██║╚██╔╝██║██╔═══╝ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗
  5. ╚█████╔╝╚██████╔╝██║ ╚═╝ ██║██║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║
  6. ╚════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝
  7. Version: v2.9.2
  8. >>> 安装配置 Docker
  9. 1. 安装 Docker
  10. 开始下载 Docker 程序 ...
  11. 完成
  12. 开始下载 Docker Compose 程序 ...
  13. 完成
  14. 2. 配置 Docker
  15. 是否需要自定义 Docker 数据目录, 默认将使用 /var/lib/docker 目录? (y/n) (默认为 n): n
  16. 完成
  17. 3. 启动 Docker
  18. Docker 版本发生改变 Docker 配置文件发生变化,是否要重启? (y/n) (默认为 y): y
  19. 完成
  20. >>> 加载 Docker 镜像
  21. Docker: Pulling from jumpserver/core:v2.9.2 [ OK ]
  22. Docker: Pulling from jumpserver/koko:v2.9.2 [ OK ]
  23. Docker: Pulling from jumpserver/luna:v2.9.2 [ OK ]
  24. Docker: Pulling from jumpserver/nginx:alpine2 [ OK ]
  25. Docker: Pulling from jumpserver/redis:6-alpine [ OK ]
  26. Docker: Pulling from jumpserver/lina:v2.9.2 [ OK ]
  27. Docker: Pulling from jumpserver/mysql:5 [ OK ]
  28. Docker: Pulling from jumpserver/guacamole:v2.9.2 [ OK ]
  29. >>> 安装配置 JumpServer
  30. 1. 检查配置文件
  31. 配置文件位置: /opt/jumpserver/config
  32. /opt/jumpserver/config/config.txt [ ]
  33. /opt/jumpserver/config/nginx/lb_http_server.conf [ ]
  34. /opt/jumpserver/config/nginx/lb_ssh_server.conf [ ]
  35. /opt/jumpserver/config/core/config.yml [ ]
  36. /opt/jumpserver/config/koko/config.yml [ ]
  37. /opt/jumpserver/config/mysql/my.cnf [ ]
  38. /opt/jumpserver/config/redis/redis.conf [ ]
  39. 完成
  40. 2. 配置 Nginx
  41. 配置文件位置:: /opt/jumpserver/config/nginx/cert
  42. /opt/jumpserver/config/nginx/cert/server.crt [ ]
  43. /opt/jumpserver/config/nginx/cert/server.key [ ]
  44. 完成
  45. 3. 备份配置文件
  46. 备份至 /opt/jumpserver/config/backup/config.txt.2021-03-19_08-01-51
  47. 完成
  48. 4. 配置网络
  49. 是否需要支持 IPv6? (y/n) (默认为 n): n
  50. 完成
  51. 5. 配置加密密钥
  52. SECRETE_KEY: ICAgIGluZXQ2IDI0MDk6OGE0ZDpjMjg6ZjkwMTo6ZDRjLzEyO
  53. BOOTSTRAP_TOKEN: ICAgIGluZXQ2IDI0
  54. 完成
  55. 6. 配置持久化目录
  56. 是否需要自定义持久化存储, 默认将使用目录 /opt/jumpserver? (y/n) (默认为 n): n
  57. 完成
  58. 7. 配置 MySQL
  59. 是否使用外部mysql (y/n) (默认为n): n
  60. 8. 配置 Redis
  61. 是否使用外部redis (y/n) (默认为n): n
  62. >>> 安装完成了
  63. 1. 可以使用如下命令启动, 然后访问
  64. ./jmsctl.sh start
  65. 2. 其它一些管理命令
  66. ./jmsctl.sh stop
  67. ./jmsctl.sh restart
  68. ./jmsctl.sh backup
  69. ./jmsctl.sh upgrade
  70. 更多还有一些命令, 你可以 ./jmsctl.sh --help 来了解
  71. 3. Web 访问
  72. http://192.168.100.248:8080
  73. https://192.168.100.248:8443
  74. 默认用户: admin 默认密码: admin
  75. 4. SSH/SFTP 访问
  76. ssh admin@192.168.100.248 -p2222
  77. sftp -P2222 admin@192.168.100.248
  78. 5. 更多信息
  79. 我们的官网: https://www.jumpserver.org/
  80. 我们的文档: https://docs.jumpserver.org/

使用外置数据库

  1. ./jmsctl.sh install
  1. ██╗██╗ ██╗███╗ ███╗██████╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗
  2. ██║██║ ██║████╗ ████║██╔══██╗██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗
  3. ██║██║ ██║██╔████╔██║██████╔╝███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝
  4. ██ ██║██║ ██║██║╚██╔╝██║██╔═══╝ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗
  5. ╚█████╔╝╚██████╔╝██║ ╚═╝ ██║██║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║
  6. ╚════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝
  7. Version: v2.9.2
  8. >>> 安装配置 Docker
  9. 1. 安装 Docker
  10. 开始下载 Docker 程序 ...
  11. 完成
  12. 开始下载 Docker Compose 程序 ...
  13. 完成
  14. 2. 配置 Docker
  15. 是否需要自定义 Docker 数据目录, 默认将使用 /var/lib/docker 目录? (y/n) (默认为 n): n
  16. 完成
  17. 3. 启动 Docker
  18. Docker 版本发生改变 Docker 配置文件发生变化,是否要重启? (y/n) (默认为 y): y
  19. 完成
  20. >>> 加载 Docker 镜像
  21. Docker: Pulling from jumpserver/core:v2.9.2 [ OK ]
  22. Docker: Pulling from jumpserver/koko:v2.9.2 [ OK ]
  23. Docker: Pulling from jumpserver/luna:v2.9.2 [ OK ]
  24. Docker: Pulling from jumpserver/nginx:alpine2 [ OK ]
  25. Docker: Pulling from jumpserver/redis:6-alpine [ OK ]
  26. Docker: Pulling from jumpserver/lina:v2.9.2 [ OK ]
  27. Docker: Pulling from jumpserver/mysql:5 [ OK ]
  28. Docker: Pulling from jumpserver/guacamole:v2.9.2 [ OK ]
  29. >>> 安装配置 JumpServer
  30. 1. 检查配置文件
  31. 配置文件位置: /opt/jumpserver/config
  32. /opt/jumpserver/config/config.txt [ ]
  33. /opt/jumpserver/config/nginx/lb_http_server.conf [ ]
  34. /opt/jumpserver/config/nginx/lb_ssh_server.conf [ ]
  35. /opt/jumpserver/config/core/config.yml [ ]
  36. /opt/jumpserver/config/koko/config.yml [ ]
  37. /opt/jumpserver/config/mysql/my.cnf [ ]
  38. /opt/jumpserver/config/redis/redis.conf [ ]
  39. 完成
  40. 2. 配置 Nginx
  41. 配置文件位置:: /opt/jumpserver/config/nginx/cert
  42. /opt/jumpserver/config/nginx/cert/server.crt [ ]
  43. /opt/jumpserver/config/nginx/cert/server.key [ ]
  44. 完成
  45. 3. 备份配置文件
  46. 备份至 /opt/jumpserver/config/backup/config.txt.2021-03-19_08-01-51
  47. 完成
  48. 4. 配置网络
  49. 是否需要支持 IPv6? (y/n) (默认为 n): n
  50. 完成
  51. 5. 配置加密密钥
  52. SECRETE_KEY: ICAgIGluZXQ2IDI0MDk6OGE0ZDpjMjg6ZjkwMTo6ZDRjLzEyO
  53. BOOTSTRAP_TOKEN: ICAgIGluZXQ2IDI0
  54. 完成
  55. 6. 配置持久化目录
  56. 是否需要自定义持久化存储, 默认将使用目录 /opt/jumpserver? (y/n) (默认为 n): n
  57. 完成
  58. 7. 配置 MySQL
  59. 是否使用外部mysql (y/n) (默认为n): y
  60. 请输入mysql的主机地址 (无默认值): 192.168.100.11
  61. 请输入mysql的端口 (默认为3306): 3306
  62. 请输入mysql的数据库(事先做好授权) (默认为jumpserver): jumpserver
  63. 请输入mysql的用户名 (无默认值): jumpserver
  64. 请输入mysql的密码 (无默认值): weakPassword
  65. 完成
  66. 8. 配置 Redis
  67. 是否使用外部redis (y/n) (默认为n): y
  68. 请输入redis的主机地址 (无默认值): 192.168.100.11
  69. 请输入redis的端口 (默认为6379): 6379
  70. 请输入redis的密码 (无默认值): weakPassword
  71. 完成
  72. >>> 安装完成了
  73. 1. 可以使用如下命令启动, 然后访问
  74. ./jmsctl.sh start
  75. 2. 其它一些管理命令
  76. ./jmsctl.sh stop
  77. ./jmsctl.sh restart
  78. ./jmsctl.sh backup
  79. ./jmsctl.sh upgrade
  80. 更多还有一些命令, 你可以 ./jmsctl.sh --help 来了解
  81. 3. Web 访问
  82. http://192.168.100.248:8080
  83. https://192.168.100.248:8443
  84. 默认用户: admin 默认密码: admin
  85. 4. SSH/SFTP 访问
  86. ssh admin@192.168.100.248 -p2222
  87. sftp -P2222 admin@192.168.100.248
  88. 5. 更多信息
  89. 我们的官网: https://www.jumpserver.org/
  90. 我们的文档: https://docs.jumpserver.org/
  1. mkdir -p /opt/jumpserver/core/
  2. mv /opt/jumpserver_bak/data /opt/jumpserver/core/
  1. ./jmsctl.sh start
  1. Creating network "jms_net" with driver "bridge"
  2. Creating jms_core ... done
  3. Creating jms_celery ... done
  4. Creating jms_luna ... done
  5. Creating jms_lina ... done
  6. Creating jms_guacamole ... done
  7. Creating jms_koko ... done
  8. Creating jms_nginx ... done
  1. docker exec -it jms_mysql /bin/bash
  2. mysql -uroot -p$DB_PASSWORD
  1. drop database jumpserver;
  2. create database jumpserver default charset 'utf8';
  3. exit
  4. exit
  1. ./jmsctl.sh restore_db /opt/jumpserver.sql
  1. 开始还原数据库: /opt/jumpserver.sql
  2. mysql: [Warning] Using a password on the command line interface can be insecure.
  3. 数据库恢复成功!
  1. ./jmsctl.sh restart

升级说明

要求说明

  • jumpserver 版本 >= v2.6.0
  • jumpserver 版本 < v2.6.0 的请先参考上面的迁移文档迁移到最新版本

升级步骤

操作步骤

  1. cd /opt
  2. yum -y install wget
  3. wget https://github.com/jumpserver/installer/releases/download/v2.9.2/jumpserver-installer-v2.9.2.tar.gz
  4. tar -xf jumpserver-installer-v2.9.2.tar.gz
  5. cd jumpserver-installer-v2.9.2
  1. ./jmsctl.sh upgrade
  1. 是否将版本更新至 v2.9.2 ? (y/n) (默认为 n): y
  2. 1. 检查配置变更
  3. /opt/jumpserver/config/nginx/lb_http_server.conf [ ]
  4. /opt/jumpserver/config/nginx/lb_ssh_server.conf [ ]
  5. /opt/jumpserver/config/core/config.yml [ ]
  6. /opt/jumpserver/config/koko/config.yml [ ]
  7. /opt/jumpserver/config/mysql/my.cnf [ ]
  8. /opt/jumpserver/config/redis/redis.conf [ ]
  9. 完成
  10. 2. 检查程序文件变更
  11. 完成
  12. 完成
  13. 3. 升级镜像文件
  14. Docker: Pulling from jumpserver/core:v2.9.2 [ OK ]
  15. Docker: Pulling from jumpserver/koko:v2.9.2 [ OK ]
  16. Docker: Pulling from jumpserver/luna:v2.9.2 [ OK ]
  17. Docker: Pulling from jumpserver/nginx:alpine2 [ OK ]
  18. Docker: Pulling from jumpserver/redis:6-alpine [ OK ]
  19. Docker: Pulling from jumpserver/lina:v2.9.2 [ OK ]
  20. Docker: Pulling from jumpserver/mysql:5 [ OK ]
  21. Docker: Pulling from jumpserver/guacamole:v2.9.2 [ OK ]
  22. 完成
  23. 4. 备份数据库
  24. 正在备份...
  25. mysqldump: [Warning] Using a password on the command line interface can be insecure.
  26. [SUCCESS] 备份成功! 备份文件已存放至: /opt/jumpserver/db_backup/jumpserver-2021-03-19_08:32:39.sql
  27. 5. 进行数据库变更
  28. 表结构变更可能需要一段时间, 请耐心等待
  29. 检测到 jms_core 正在运行, 是否需要关闭 jms_core 并继续升级? (y/n) (默认为 n): y
  30. jms_core
  31. jms_core
  32. 2021-03-19 08:32:44 Collect static files
  33. 2021-03-19 08:32:44 Collect static files done
  34. 2021-03-19 08:32:44 Check database structure change ...
  35. 2021-03-19 08:32:44 Migrate model change to database ...
  36. 473 static files copied to '/opt/jumpserver/data/static'.
  37. Operations to perform:
  38. Apply all migrations: acls, admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, ops, orgs, perms, sessions, settings, terminal, tickets, users
  39. Running migrations:
  40. No migrations to apply.
  41. 完成
  42. 6. 升级成功, 可以重启程序了
  43. ./jmsctl.sh restart
  1. ./jmsctl.sh restart