一: jumpserver简介:
Jumpserver 是一款使用 Python, Django 开发的开源跳板机系统, 为互联网企业提供了认证,授权,审计,自动化运维等功能。
1.1 部署环境
官方环境要求:
硬件配置: 2个CPU核心, 4G 内存, 50G 硬盘(最低)
操作系统: Linux 发行版 x86_64
Python = 3.6.x
Mysql Server ≥ 5.6
Mariadb Server ≥ 5.5.56
Redis
1.2 部署MySQL
置数据库要求
mysql 版本需要大于等于 5.6
mariadb 版本需要大于等于 5.5.6
数据库编码要求 uft8
1.2.1 导入MySQL
#docker load -i mysql-5.6.X.tar.gz
#docker pull mysql:5.6.X
1.2.2: mysqld.cnf配置文件
将容器中的MySQL配置文件在宿主机通过-v 挂载到容器中。
##mysqld.conf配置文件:
# mkdir /etc/mysql/mysql.conf.d –pv
# cat /etc/mysql/mysql.conf.d/mysqld.cnf
# Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
# The MySQL Server configuration file.
#
# For explanations see
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
[mysqld]
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
datadir = /var/lib/mysql
#log-error = /var/log/mysql/error.log
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
character-set-server=utf8
1.2.3: mysql.cnf配置文件:
#mysql.cnf配置文件:
# mkdir /etc/mysql/conf.d/
# cat /etc/mysql/conf.d/mysql.cnf
[mysql]
default-character-set=utf8
1.2.4: 创建数据目录:
数据保存在宿主机,实现数据与容器分离,当容器运行异常时也可以在启动一个新的容器直接使用宿主机的数据,从而保证业务的正产运行。
# mkdir /data/mysql -p
1.2.5: 运行MySQL容器:
# docker run -it -d -p 3306:3306 -v /etc/mysql/mysql.conf.d/mysqld.cnf:/etc/mysql/mysql.conf.d/mysqld.cnf -v /etc/mysql/conf.d/mysql.cnf:/etc/mysql/conf.d/mysql.cnf -v /data/mysql:/var/lib/mysql -e MYSQL_ROOT_PASSWORD="q1w2e3r4t5y6" mysql:5.6.44
1.3 : 创建jumpserver数据库:
启动数据库授权密码不能为纯数字
# mysql -uroot -pq1w2e3r4t5y6 -h192.168.148.130
mysql> create database jumpserver default charset 'utf8';
Query OK, 1 row affected (0.00 sec)
mysql> grant all on jumpserver.* to 'jumpserver'@'%' identified by 'q1w2e3r4t5y6';
Query OK, 0 rows affected (0.00 sec)
1.3.1 确认jumpserver用户有权限访问数据库
#mysql -ujumpserver -pq1w2e3r4t5y6 -h192.168.148.130
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.6.44 MySQL Community Server (GPL)
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| jumpserver |
+--------------------+
2 rows in set (0.00 sec)
1.4:部署Redis服务:
#docker pull redis:4.0.14
#docker run -it -d -p 6379:6379 redis:4.0.14
1.4.1:验证Redis访问:
#apt install redis -y #安装Redis客户端
#redis-cli -h 192.168.148.131
192.168.148.131:6379> info
#Server
redis_version:4.0.14
redis_git_sha1:00000000
1.5 部署jumpserver:
# docker pull jumpserver/jms_all:1.4.8
# docker pull jumpserver/jms_all:1.5.6
或者上传之前已经下载完成的镜像,然后导入到服务器
# docker load -i jumpserver -jms_all_1.4.8.tar.gz
1.5.1 生成加密秘钥:
生成随机加密秘钥和初始化token。
# if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi
XHK7dhQ4nmEPqE0rqWupOm2FtYIEeD1DmU9EiNyfl3pypEtgjK
# if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi
z7QorguuusCTGx0H
1.5.2 建Jumpserver容器:
docker run --name jms_all \
-v /opt/jumpserver:/opt/jumpserver/data/media \
-p 80:80 \
-p 2222:2222 \
-e SECRET_KEY=XHK7dhQ4nmEPqE0rqWupOm2FtYIEeD1DmU9EiNyfl3pypEtgjK \
-e BOOTSTRAP_TOKEN=z7QorguuusCTGx0H \
-e DB_HOST=192.168.148.130 \
-e DB_PORT=3306 \
-e DB_USER='jumpserver' \
-e DB_PASSWORD="q1w2e3r4t5y6" \
-e DB_NAME=jumpserver \
-e REDIS_HOST=192.168.148.130 \
-e REDIS_PORT=6379 \
-e REDIS_PASSWORD= \
jumpserver/jms_all:1.4.8
1.5.3 容器启动完成:
1.5.4 登录web:
默认账户admin,密码admin