noslin005/0x00-setup-jumpserver.md

## 0x00-setup-jumpserver.md

      
    Raw
  

              0x00-setup-jumpserver.md
            
          
Scripts to setup jumpserver in CentOS7.

Usage

After clone this repository, run the following command to deploy jumpserver:
bash setup.sh

Check log file if some errors happen when runing the command above:
less -R log


## 0x01-prepare.sh
set -e

# Set firewall
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=2222/tcp --permanent
firewall-cmd --reload


# Set selinux
setenforce 0
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

# Set charset
#localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
#export LC_ALL=zh_CN.UTF-8
#echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf

# Set python
yum -y install wget gcc epel-release git
yum -y install python36 python36-devel
( cd /opt
  python3.6 -m venv py3
)


## 0x02-install-jumpserver.sh
set -e
source /opt/py3/bin/activate

# Clone project
( cd /opt/
  wget --content-disposition https://github.com/jumpserver/jumpserver/archive/1.4.9.tar.gz -O jumpserver-1.4.9.tar.gz
  mkdir /opt/jumpserver && tar xzf jumpserver-1.4.9.tar.gz -C /opt/jumpserver --strip-components 1
)

# Install python requirements
( cd /opt/jumpserver/requirements
  yum -y install $(cat rpm_requirements.txt)
  pip install -r requirements.txt
)

# Install redis
yum -y install redis
systemctl enable redis
systemctl start redis

# Install mysql
yum -y install mariadb mariadb-devel mariadb-server
systemctl enable mariadb
systemctl start mariadb

# Set mysql
export DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`
echo "export DB_PASSWORD=$DB_PASSWORD" >> ~/.bashrc
mysql -uroot -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD'; flush privileges;"

# Config jumpserver
( cd /opt/jumpserver
  cp config_example.yml config.yml
  export SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
  export BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
  echo "export SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
  echo "export BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc

  sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
  sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
  sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
  sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
  sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
  sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
)

# Run jumpserver
( cd /opt/jumpserver
  ./jms start all -d
)

## 0x03-install-coco.sh
set -e
source /opt/py3/bin/activate

# Clone project
( cd /opt
  wget --content-disposition https://github.com/jumpserver/coco/archive/1.4.9.tar.gz -O coco-1.4.9.tar.gz
  mkdir /opt/coco && tar zxf coco-1.4.9.tar.gz -C /opt/coco --strip-components 1
)

# Install python requirements
( cd /opt/coco/requirements
  yum -y install $(cat rpm_requirements.txt)
  pip install -r requirements.txt
)

# Config coco
( cd /opt/coco
  cp config_example.yml config.yml

  sed -i "s/BOOTSTRAP_TOKEN: <PleasgeChangeSameWithJumpserver>/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/coco/config.yml
  sed -i "s/# LOG_LEVEL: INFO/LOG_LEVEL: ERROR/g" /opt/coco/config.yml
)

# Run
( cd /opt/coco
  ./cocod start -d
)

## 0x04-install-luna.sh
set -e

( cd /opt
  wget --content-disposition https://github.com/jumpserver/luna/releases/download/1.4.9/luna.tar.gz -O luna-1.4.9.tar.gz
  mkdir /opt/luna && tar xzf luna-1.4.9.tar.gz -C /opt/luna --strip-components 1
  chown -R root:root luna
)

## 0x05-install-guacamole.sh
set -e

# Install freerdp
mkdir /usr/local/lib/freerdp/
ln -s /usr/local/lib/freerdp /usr/lib64/freerdp
rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
yum -y localinstall --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm

# Install other requirements
yum install -y java-1.8.0-openjdk libtool
yum install -y cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel
yum install -y ffmpeg-devel freerdp-devel freerdp-plugins pango-devel \
  libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel \
  openssl-devel libvorbis-devel libwebp-devel ghostscript

# Install guacamole server
( cd /opt
  wget --content-disposition https://github.com/jumpserver/docker-guacamole/archive/1.4.9.tar.gz -O docker-guacamole-1.4.9.tar.gz
  mkdir /opt/docker-guacamole && tar xzf docker-guacamole-1.4.9.tar.gz -C /opt/docker-guacamole --strip-components 1
)
( cd /opt/docker-guacamole/
  tar -xf guacamole-server-0.9.14.tar.gz
)
( cd /opt/docker-guacamole/guacamole-server-0.9.14
  autoreconf -fi
  ./configure --with-init-dir=/etc/init.d
  make && make install
  cd ..
  rm -rf guacamole-server-0.9.14
  ldconfig
)

# Install tomcat
mkdir -p /config/guacamole /config/guacamole/lib /config/guacamole/extensions
ln -sf /opt/docker-guacamole/guacamole-auth-jumpserver-0.9.14.jar /config/guacamole/extensions/guacamole-auth-jumpserver-0.9.14.jar
ln -sf /opt/docker-guacamole/root/app/guacamole/guacamole.properties /config/guacamole/guacamole.properties

( cd /config
  wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-8/v8.5.39/bin/apache-tomcat-8.5.39.tar.gz
  tar xf apache-tomcat-8.5.39.tar.gz
  rm -rf apache-tomcat-8.5.39.tar.gz
  mv apache-tomcat-8.5.39 tomcat8
  rm -rf /config/tomcat8/webapps/*
  ln -sf /opt/docker-guacamole/guacamole-0.9.14.war /config/tomcat8/webapps/ROOT.war
  sed -i 's/Connector port="8080"/Connector port="8081"/g' /config/tomcat8/conf/server.xml
  sed -i 's/FINE/WARNING/g' /config/tomcat8/conf/logging.properties
)

( cd /config
  wget https://github.com/ibuler/ssh-forward/releases/download/v0.0.5/linux-amd64.tar.gz
  tar xf linux-amd64.tar.gz -C /bin/
  chmod +x /bin/ssh-forward
)

# Set Environment
export JUMPSERVER_SERVER=http://127.0.0.1:8080
echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc

export BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN
echo "export BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
export JUMPSERVER_KEY_DIR=/config/guacamole/keys
echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
export GUACAMOLE_HOME=/config/guacamole
echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc

# Run
/etc/init.d/guacd start
sh /config/tomcat8/bin/startup.sh

## 0x06-install-nginx.sh
yum install -y yum-utils

cat > /etc/yum.repos.d/nginx.repo <<EOF
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
EOF

yum install -y nginx
rm -rf /etc/nginx/conf.d/default.conf

cat > /etc/nginx/conf.d/jumpserver.conf <<EOF
server {
    listen 80;  # 代理端口, 以后将通过此端口进行访问, 不再通过8080端口
    # server_name demo.jumpserver.org;  # 修改成你的域名或者注释掉

    client_max_body_size 100m;  # 录像及文件上传大小限制

    location /luna/ {
        try_files \$uri / /index.html;
        alias /opt/luna/;  # luna 路径, 如果修改安装目录, 此处需要修改
    }

    location /media/ {
        add_header Content-Encoding gzip;
        root /opt/jumpserver/data/;  # 录像位置, 如果修改安装目录, 此处需要修改
    }

    location /static/ {
        root /opt/jumpserver/data/;  # 静态资源, 如果修改安装目录, 此处需要修改
    }

    location /socket.io/ {
        proxy_pass       http://localhost:5000/socket.io/;  # 如果coco安装在别的服务器, 请填写它的ip
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade \$http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header Host \$host;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        access_log off;
    }

    location /coco/ {
        proxy_pass       http://localhost:5000/coco/;  # 如果coco安装在别的服务器, 请填写它的ip
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header Host \$host;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        access_log off;
    }

    location /guacamole/ {
        proxy_pass       http://localhost:8081/;  # 如果guacamole安装在别的服务器, 请填写它的ip
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade \$http_upgrade;
        proxy_set_header Connection \$http_connection;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header Host \$host;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        access_log off;
    }

    location / {
        proxy_pass http://localhost:8080;  # 如果jumpserver安装在别的服务器, 请填写它的ip
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header Host \$host;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
    }
}
EOF

nginx -t
systemctl start nginx
systemctl enable nginx

## coco.service
[Unit]
Description=Coco daemon
After=network.target

[Service]
Type=forking
Environment="PATH=/opt/py3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
ExecStart=/opt/coco/cocod start -d
ExecStop=/opt/coco/cocod stop -d

[Install]
WantedBy=multi-user.target


## guacd.service
[Unit]
Description=guacamole daemon
After=network.target

[Service]
Type=forking
ExecStart=/etc/init.d/guacd start
ExecStop=/etc/init.d/guacd stop

[Install]
WantedBy=multi-user.target


## jumpserver.service
[Unit]
Description=Jumpserver
After=network.target

[Service]
Type=forking
Environment="PATH=/opt/py3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
ExecStart=/opt/jumpserver/jms start all -d
ExecStop=/opt/jumpserver/jms stop all -d

[Install]
WantedBy=multi-user.target


## setup.sh
#!/usr/bin/env bash

set -e

exec > >(tee -ai log)
exec 2>&1

run() {
  # :param $1: script to execute
  echo -e "\033[31m $1 \033[0m"
  bash -i "$1"
}

steps=(
  0x01-prepare.sh
  0x02-install-jumpserver.sh
  0x03-install-coco.sh
  0x04-install-luna.sh
  0x05-install-guacamole.sh
  0x06-install-nginx.sh
)

for step in "${steps[@]}"; do
  run "$step"
done


## tomcat.service
[Unit]
Description=Tomcat
After=network.target

[Service]
Type=forking
ExecStart=/config/tomcat8/bin/startup.sh
ExecStop=/config/tomcat8/bin/shutdown.sh

[Install]
WantedBy=multi-user.target
	set -e

	# Set firewall
	firewall-cmd --zone=public --add-port=80/tcp --permanent
	firewall-cmd --zone=public --add-port=2222/tcp --permanent
	firewall-cmd --reload


	# Set selinux
	setenforce 0
	sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

	# Set charset
	#localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
	#export LC_ALL=zh_CN.UTF-8
	#echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf

	# Set python
	yum -y install wget gcc epel-release git
	yum -y install python36 python36-devel
	( cd /opt
	python3.6 -m venv py3
	)
	set -e
	source /opt/py3/bin/activate

	# Clone project
	( cd /opt/
	wget --content-disposition https://github.com/jumpserver/jumpserver/archive/1.4.9.tar.gz -O jumpserver-1.4.9.tar.gz
	mkdir /opt/jumpserver && tar xzf jumpserver-1.4.9.tar.gz -C /opt/jumpserver --strip-components 1
	)

	# Install python requirements
	( cd /opt/jumpserver/requirements
	yum -y install $(cat rpm_requirements.txt)
	pip install -r requirements.txt
	)

	# Install redis
	yum -y install redis
	systemctl enable redis
	systemctl start redis

	# Install mysql
	yum -y install mariadb mariadb-devel mariadb-server
	systemctl enable mariadb
	systemctl start mariadb

	# Set mysql
	export DB_PASSWORD=`cat /dev/urandom \| tr -dc A-Za-z0-9 \| head -c 24`
	echo "export DB_PASSWORD=$DB_PASSWORD" >> ~/.bashrc
	mysql -uroot -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD'; flush privileges;"

	# Config jumpserver
	( cd /opt/jumpserver
	cp config_example.yml config.yml
	export SECRET_KEY=`cat /dev/urandom \| tr -dc A-Za-z0-9 \| head -c 50`
	export BOOTSTRAP_TOKEN=`cat /dev/urandom \| tr -dc A-Za-z0-9 \| head -c 16`
	echo "export SECRET_KEY=$SECRET_KEY" >> ~/.bashrc
	echo "export BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc

	sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
	sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
	sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
	sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
	sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml
	sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
	)

	# Run jumpserver
	( cd /opt/jumpserver
	./jms start all -d
	)
	set -e

	# Install freerdp
	mkdir /usr/local/lib/freerdp/
	ln -s /usr/local/lib/freerdp /usr/lib64/freerdp
	rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
	rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
	yum -y localinstall --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm https://download1.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-7.noarch.rpm

	# Install other requirements
	yum install -y java-1.8.0-openjdk libtool
	yum install -y cairo-devel libjpeg-turbo-devel libpng-devel uuid-devel
	yum install -y ffmpeg-devel freerdp-devel freerdp-plugins pango-devel \
	libssh2-devel libtelnet-devel libvncserver-devel pulseaudio-libs-devel \
	openssl-devel libvorbis-devel libwebp-devel ghostscript

	# Install guacamole server
	( cd /opt
	wget --content-disposition https://github.com/jumpserver/docker-guacamole/archive/1.4.9.tar.gz -O docker-guacamole-1.4.9.tar.gz
	mkdir /opt/docker-guacamole && tar xzf docker-guacamole-1.4.9.tar.gz -C /opt/docker-guacamole --strip-components 1
	)
	( cd /opt/docker-guacamole/
	tar -xf guacamole-server-0.9.14.tar.gz
	)
	( cd /opt/docker-guacamole/guacamole-server-0.9.14
	autoreconf -fi
	./configure --with-init-dir=/etc/init.d
	make && make install
	cd ..
	rm -rf guacamole-server-0.9.14
	ldconfig
	)

	# Install tomcat
	mkdir -p /config/guacamole /config/guacamole/lib /config/guacamole/extensions
	ln -sf /opt/docker-guacamole/guacamole-auth-jumpserver-0.9.14.jar /config/guacamole/extensions/guacamole-auth-jumpserver-0.9.14.jar
	ln -sf /opt/docker-guacamole/root/app/guacamole/guacamole.properties /config/guacamole/guacamole.properties

	( cd /config
	wget http://mirror.bit.edu.cn/apache/tomcat/tomcat-8/v8.5.39/bin/apache-tomcat-8.5.39.tar.gz
	tar xf apache-tomcat-8.5.39.tar.gz
	rm -rf apache-tomcat-8.5.39.tar.gz
	mv apache-tomcat-8.5.39 tomcat8
	rm -rf /config/tomcat8/webapps/*
	ln -sf /opt/docker-guacamole/guacamole-0.9.14.war /config/tomcat8/webapps/ROOT.war
	sed -i 's/Connector port="8080"/Connector port="8081"/g' /config/tomcat8/conf/server.xml
	sed -i 's/FINE/WARNING/g' /config/tomcat8/conf/logging.properties
	)

	( cd /config
	wget https://github.com/ibuler/ssh-forward/releases/download/v0.0.5/linux-amd64.tar.gz
	tar xf linux-amd64.tar.gz -C /bin/
	chmod +x /bin/ssh-forward
	)

	# Set Environment
	export JUMPSERVER_SERVER=http://127.0.0.1:8080
	echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc

	export BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN
	echo "export BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
	export JUMPSERVER_KEY_DIR=/config/guacamole/keys
	echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
	export GUACAMOLE_HOME=/config/guacamole
	echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc

	# Run
	/etc/init.d/guacd start
	sh /config/tomcat8/bin/startup.sh
	yum install -y yum-utils

	cat > /etc/yum.repos.d/nginx.repo <<EOF
	[nginx-stable]
	name=nginx stable repo
	baseurl=http://nginx.org/packages/centos/\$releasever/\$basearch/
	gpgcheck=1
	enabled=1
	gpgkey=https://nginx.org/keys/nginx_signing.key
	EOF

	yum install -y nginx
	rm -rf /etc/nginx/conf.d/default.conf

	cat > /etc/nginx/conf.d/jumpserver.conf <<EOF
	server {
	listen 80; # 代理端口, 以后将通过此端口进行访问, 不再通过8080端口
	# server_name demo.jumpserver.org; # 修改成你的域名或者注释掉

	client_max_body_size 100m; # 录像及文件上传大小限制

	location /luna/ {
	try_files \$uri / /index.html;
	alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改
	}

	location /media/ {
	add_header Content-Encoding gzip;
	root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改
	}

	location /static/ {
	root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改
	}

	location /socket.io/ {
	proxy_pass http://localhost:5000/socket.io/; # 如果coco安装在别的服务器, 请填写它的ip
	proxy_buffering off;
	proxy_http_version 1.1;
	proxy_set_header Upgrade \$http_upgrade;
	proxy_set_header Connection "upgrade";
	proxy_set_header X-Real-IP \$remote_addr;
	proxy_set_header Host \$host;
	proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
	access_log off;
	}

	location /coco/ {
	proxy_pass http://localhost:5000/coco/; # 如果coco安装在别的服务器, 请填写它的ip
	proxy_set_header X-Real-IP \$remote_addr;
	proxy_set_header Host \$host;
	proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
	access_log off;
	}

	location /guacamole/ {
	proxy_pass http://localhost:8081/; # 如果guacamole安装在别的服务器, 请填写它的ip
	proxy_buffering off;
	proxy_http_version 1.1;
	proxy_set_header Upgrade \$http_upgrade;
	proxy_set_header Connection \$http_connection;
	proxy_set_header X-Real-IP \$remote_addr;
	proxy_set_header Host \$host;
	proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
	access_log off;
	}

	location / {
	proxy_pass http://localhost:8080; # 如果jumpserver安装在别的服务器, 请填写它的ip
	proxy_set_header X-Real-IP \$remote_addr;
	proxy_set_header Host \$host;
	proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
	}
	}
	EOF

	nginx -t
	systemctl start nginx
	systemctl enable nginx
	[Unit]
	Description=Coco daemon
	After=network.target

	[Service]
	Type=forking
	Environment="PATH=/opt/py3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
	ExecStart=/opt/coco/cocod start -d
	ExecStop=/opt/coco/cocod stop -d

	[Install]
	WantedBy=multi-user.target
	[Unit]
	Description=guacamole daemon
	After=network.target

	[Service]
	Type=forking
	ExecStart=/etc/init.d/guacd start
	ExecStop=/etc/init.d/guacd stop

	[Install]
	WantedBy=multi-user.target
	[Unit]
	Description=Jumpserver
	After=network.target

	[Service]
	Type=forking
	Environment="PATH=/opt/py3/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
	ExecStart=/opt/jumpserver/jms start all -d
	ExecStop=/opt/jumpserver/jms stop all -d

	[Install]
	WantedBy=multi-user.target
	#!/usr/bin/env bash

	set -e

	exec > >(tee -ai log)
	exec 2>&1

	run() {
	# :param $1: script to execute
	echo -e "\033[31m $1 \033[0m"
	bash -i "$1"
	}

	steps=(
	0x01-prepare.sh
	0x02-install-jumpserver.sh
	0x03-install-coco.sh
	0x04-install-luna.sh
	0x05-install-guacamole.sh
	0x06-install-nginx.sh
	)

	for step in "${steps[@]}"; do
	run "$step"
	done
	[Unit]
	Description=Tomcat
	After=network.target

	[Service]
	Type=forking
	ExecStart=/config/tomcat8/bin/startup.sh
	ExecStop=/config/tomcat8/bin/shutdown.sh

	[Install]
	WantedBy=multi-user.target