JumpServer官网:https://docs.jumpserver.org/zh/master/
我们公司一直在使用jumpserver,根据我的理解有以下优点:
- 这个服务能够快速登录到目标服务器
- 安全,每个人都有自己的账号,自己的每个操作都会记录在此服务上
一、搭建:
1.1 随机生成加密秘钥
if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi
if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi
1.2 搭建MySQL服务
sudo docker run --name mysql-server -t \
--hostname mysql-server \
--restart=always \
-v /etc/localtime:/etc/localtime \
-v /volume1/docker/mysql/2/:/var/lib/mysql \
-e MYSQL_DATABASE="jumpserver" \
-e MYSQL_USER="jumpserver" \
-e MYSQL_PASSWORD="jumpserver" \
-e MYSQL_ROOT_PASSWORD="111111" \
-p 3306:3306 \
-d mysql:5.7 \
--character-set-server=utf8 --collation-server=utf8_bin
查看容器运行日志docker logs -f mysql-server
1.3 搭建redis服务
sudo docker run --name redis-server -t \
--hostname redis-server \
--restart=always \
-v /etc/localtime:/etc/localtime \
-d redis
查看容器运行日志docker logs -f redis-server
1.4 搭建Jumpserver服务
sudo docker run --name jms_all -t \
--hostname jms_all \
--restart=always \
-v /etc/localtime:/etc/localtime \
-p 80:80 \
-p 2222:2222 \
-e SECRET_KEY=$SECRET_KEY \
-e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN \
-e DB_HOST="mysql-server" \
-e DB_PORT=3306 \
-e DB_NAME="jumpserver" \
-e DB_USER="jumpserver" \
-e DB_PASSWORD="jumpserver" \
--link mysql-server:mysql \
-e REDIS_HOST="redis-server" \
-e REDIS_PORT="6379" \
--link redis-server:redis \
-d jumpserver/jms_all:1.5.2
查看容器运行日志docker logs -f jms_all,请耐心等待初始化完成,时间可能比较长点(是真的长啊,得10-20左右分钟吧),当容器日志显示如下即可访问Jumpserver网页了
其中还遇到坑了,如下:
- Start Celery as Distributed Task Queue
- Start Beat as Periodic Task Scheduler
Error: celery start error
Stop service: gunicorn
celery is stopped
beat is stopped
Use eventlet dispatch
2020-10-02 09:13:22 [request ERROR] Connect endpoint http://127.0.0.1:8080 error: HTTPConnectionPool(host='127.0.0.1', port=8080): Max retries exceeded with url: /api/terminal/v2/terminal-registrations/ (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f4ec7417898>: Failed to establish a new connection: [Errno 111] ECONNREFUSED',))
2020-10-02 09:13:22 [terminal ERROR] Connect endpoint http://127.0.0.1:8080 error: HTTPConnectionPool(host='127.0.0.1', port=8080): Max retries exceeded with url: /api/terminal/v2/terminal-registrations/ (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f4ec7417898>: Failed to establish a new connection: [Errno 111] ECONNREFUSED',))
Traceback (most recent call last):
File "/opt/py3/lib64/python3.6/site-packages/urllib3/connection.py", line 160, in _new_conn
(self._dns_host, self.port), self.timeout, **extra_kw)
File "/opt/py3/lib64/python3.6/site-packages/urllib3/util/connection.py", line 80, in create_connection
raise err
File "/opt/py3/lib64/python3.6/site-packages/urllib3/util/connection.py", line 70, in create_connection
sock.connect(sa)
File "/opt/py3/lib64/python3.6/site-packages/eventlet/greenio/base.py", line 251, in connect
socket_checkerr(fd)
File "/opt/py3/lib64/python3.6/site-packages/eventlet/greenio/base.py", line 51, in socket_checkerr
raise socket.error(err, errno.errorcode[err])
ConnectionRefusedError: [Errno 111] ECONNREFUSED
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/py3/lib64/python3.6/site-packages/urllib3/connectionpool.py", line 603, in urlopen
chunked=chunked)
File "/opt/py3/lib64/python3.6/site-packages/urllib3/connectionpool.py", line 355, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/usr/lib64/python3.6/http/client.py", line 1239, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib64/python3.6/http/client.py", line 1285, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/lib64/python3.6/http/client.py", line 1234, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib64/python3.6/http/client.py", line 1026, in _send_output
self.send(msg)
File "/usr/lib64/python3.6/http/client.py", line 964, in send
self.connect()
File "/opt/py3/lib64/python3.6/site-packages/urllib3/connection.py", line 183, in connect
conn = self._new_conn()
File "/opt/py3/lib64/python3.6/site-packages/urllib3/connection.py", line 169, in _new_conn
self, "Failed to establish a new connection: %s" % e)
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f4ec7417898>: Failed to establish a new connection: [Errno 111] ECONNREFUSED
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/py3/lib64/python3.6/site-packages/requests/adapters.py", line 449, in send
timeout=timeout
File "/opt/py3/lib64/python3.6/site-packages/urllib3/connectionpool.py", line 641, in urlopen
_stacktrace=sys.exc_info()[2])
File "/opt/py3/lib64/python3.6/site-packages/urllib3/util/retry.py", line 399, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='127.0.0.1', port=8080): Max retries exceeded with url: /api/terminal/v2/terminal-registrations/ (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f4ec7417898>: Failed to establish a new connection: [Errno 111] ECONNREFUSED',))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/py3/lib64/python3.6/site-packages/jms/request.py", line 116, in do
resp = req.do()
File "/opt/py3/lib64/python3.6/site-packages/jms/request.py", line 54, in do
**self.kwargs
File "/opt/py3/lib64/python3.6/site-packages/requests/api.py", line 116, in post
return request('post', url, data=data, json=json, **kwargs)
File "/opt/py3/lib64/python3.6/site-packages/requests/api.py", line 60, in request
return session.request(method=method, url=url, **kwargs)
File "/opt/py3/lib64/python3.6/site-packages/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/opt/py3/lib64/python3.6/site-packages/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/opt/py3/lib64/python3.6/site-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPConnectionPool(host='127.0.0.1', port=8080): Max retries exceeded with url: /api/terminal/v2/terminal-registrations/ (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f4ec7417898>: Failed to establish a new connection: [Errno 111] ECONNREFUSED',))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/py3/lib64/python3.6/site-packages/jms/terminal.py", line 62, in register_terminal_v2
headers=headers
File "/opt/py3/lib64/python3.6/site-packages/jms/request.py", line 130, in post
return self.do(*args, **kwargs)
File "/opt/py3/lib64/python3.6/site-packages/jms/request.py", line 120, in do
raise RequestError(msg)
jms.exception.RequestError: Connect endpoint http://127.0.0.1:8080 error: HTTPConnectionPool(host='127.0.0.1', port=8080): Max retries exceeded with url: /api/terminal/v2/terminal-registrations/ (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f4ec7417898>: Failed to establish a new connection: [Errno 111] ECONNREFUSED',))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "./cocod", line 31, in <module>
from coco import Coco
File "/opt/coco/coco/__init__.py", line 6, in <module>
from .app import Coco
File "/opt/coco/coco/app.py", line 14, in <module>
from .sshd import SSHServer
File "/opt/coco/coco/sshd.py", line 13, in <module>
from coco.interface import SSHInterface
File "/opt/coco/coco/interface.py", line 11, in <module>
from .service import app_service
File "/opt/coco/coco/service.py", line 12, in <module>
app_service.initial()
File "/opt/py3/lib64/python3.6/site-packages/jms/service.py", line 55, in initial
self.load_access_key()
File "/opt/py3/lib64/python3.6/site-packages/jms/service.py", line 66, in load_access_key
self.register_and_save()
File "/opt/py3/lib64/python3.6/site-packages/jms/service.py", line 93, in register_and_save
self.config['NAME'], self.config['BOOTSTRAP_TOKEN']
File "/opt/py3/lib64/python3.6/site-packages/jms/terminal.py", line 67, in register_terminal_v2
raise RegisterError(msg)
jms.exception.RegisterError: Connect endpoint http://127.0.0.1:8080 error: HTTPConnectionPool(host='127.0.0.1', port=8080): Max retries exceeded with url: /api/terminal/v2/terminal-registrations/ (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f4ec7417898>: Failed to establish a new connection: [Errno 111] ECONNREFUSED',))
Starting guacd: guacd[94]: INFO: Guacamole proxy daemon (guacd) version 1.0.0 started
SUCCESS
解决办法:很简单,重启服务(找了很久,也不清楚为什么,重启就OK了)
最终浏览器访问jumpserver所在IP地址,出现如下页面(初始用户、密码:admin,admin)
登陆后:
通过终端访问:
9670
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
