1、环境
操作系统:龙蜥os 7.9
组件说明
Core 组件是 JumpServer 的核心组件,其他组件依赖此组件启动。
Koko 是服务于类 Unix 资产平台的组件,通过 SSH、Telnet 协议提供字符型连接。
Lion 是服务于 Windows 资产平台的组件,用于 Web 端访问 Windows 资产。
XRDP 是服务于 RDP 协议组件,该组件主要功能是通过 JumpServer Client 方式访问 windows 2000、XP 等系统的资产。
Razor 是服务于 RDP 协议组件,JumpServer Client 默认使用 Razor 组件访问 Windows 资产。
Magnus 是服务于数据库的组件,用于通过客户端代理访问数据库资产。
Kael 是服务于 GPT 资产平台的组件,用于纳管 ChatGPT 资产。
Chen 是服务于数据库的组件,用于通过 Web GUI 方式访问数据库资产。
Celery 是处理异步任务的组件,用于执行 JumpServer 相关的自动化任务。
Video 是专门处理 Razor 组件和 Lion 组件产生录像的格式转换工作,将产生的会话录像转化为 MP4 格式。
Panda 是基于国产操作系统的应用发布机,用于调度 Virtualapp 应用。
端口说明
各机器限制防火墙规则
firewall-cmd --permanent --zone=public --remove-service=ssh
firewall-cmd --permanent --zone=public --add-rich-rule='rule family=ipv4 source address=10.90.101.1 port port=22 protocol=tcp accept'
firewall-cmd --reload
2、安装NFS
(1)安装依赖
yum -y install epel-release
(2)安装 NFS 依赖包
yum -y install nfs-utils rpcbind
(3)启动 NFS
systemctl enable rpcbind nfs-server nfs-lock nfs-idmap
systemctl start rpcbind nfs-server nfs-lock nfs-idmap
(4)配置防火墙规则
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.99.51.0/24" service name="nfs" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.99.51.0/24" service name="mountd" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.99.51.0/24" service name="rpc-bind" accept'
firewall-cmd --reload
#查看规则
firewall-cmd --list-all
(5)配置 NFS
mkdir /data
chmod 777 -R /data
vi /etc/exports
/data 10.99.51.*(rw,sync,all_squash,anonuid=0,anongid=0)
(6)让 exports 配置生效
exportfs -a
3、安装mysql
(1)设置 Repo
yum -y localinstall http://mirrors.ustc.edu.cn/mysql-repo/mysql57-community-release-el7.rpm
(2)Yum 方式安装 MySQL
yum install -y mysql-community-server
报错解决:出现gpgkey问题,改yum源 不检查
(3)配置 MySQL
if [ ! "$(cat /usr/bin/mysqld_pre_systemd | grep -v ^\# | grep initialize-insecure )" ]; then
sed -i "s@--initialize @--initialize-insecure @g" /usr/bin/mysqld_pre_systemd
fi
(4) 启动 MySQL
systemctl enable mysqld
systemctl start mysqld
(5)配置数据库授权
mysql -uroot
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.32 MySQL Community Server (GPL)
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> create database jumpserver default charset 'utf8';
Query OK, 1 row affected (0.00 sec)
mysql> set global validate_password_policy=LOW;
Query OK, 0 rows affected (0.00 sec)
mysql> create user 'jumpserver'@'%' identified by 'KXOeyNgDeTdpeu9q';
Query OK, 0 rows affected (0.00 sec)
mysql> grant all on jumpserver.* to 'jumpserver'@'%';
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
报错处理
INSTALL PLUGIN validate_password SONAME 'validate_password.so';
重启下mysqld
systemctl restart mysqld
mysql> set global validate_password_policy=LOW;
(6)配置防火墙
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.99.51.0/24" port protocol="tcp" port="3306" accept"
firewall-cmd --reload
4、部署 Redis 服务
(1)设置 Repo
yum -y install epel-release https://repo.ius.io/ius-release-el7.rpm
(2) Yum 方式安装 Redis
yum install -y redis6
(3) 配置 Redis
sed -i "s/bind 127.0.0.1/bind 0.0.0.0/g" /etc/redis/redis.conf
sed -i "561i maxmemory-policy allkeys-lru" /etc/redis/redis.conf
sed -i "481i requirepass KXOeyNgDeTdpeu9q" /etc/redis/redis.conf
(4)启动 Redis
systemctl enable redis
systemctl start redis
(5)配置防火墙
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.99.51.0/24" port protocol="tcp" port="6379" accept"
firewall-cmd --reload
5、部署 JumpServer 01 节点
(1)安装 NFS 依赖包
yum -y install nfs-utils
showmount -e 10.99.51.121
(2)创建挂载 NFS 目录
mkdir -p /opt/jumpserver/core/data
(3)配置 NFS 共享目录开机自动挂载
echo "10.99.51.121:/data /opt/jumpserver/core/data nfs defaults 0 0" >> /etc/fstab
mount -a
(4)下载 jumpserver-install 软件包
cd /opt
yum -y install wget
wget https://github.com/jumpserver/installer/releases/download/v3.10.10/jumpserver-installer-v3.10.10.tar.gz
tar -xf jumpserver-installer-v3.10.10.tar.gz
cd jumpserver-installer-v3.10.10
(5)修改临时配置文件
vi config-example.txt
以下秘钥key 密码登 自行修改正确-这只是示例
# JumpServer configuration file example.
#
# 如果不了解用途可以跳过修改此配置文件, 系统会自动填入
# 完整参数文档 https://docs.jumpserver.org/zh/v3/guide/env/
################################## 镜像配置 ###################################
#
# 国内连接 docker.io 会超时或下载速度较慢, 开启此选项使用华为云镜像加速
# 取代旧版本 DOCKER_IMAGE_PREFIX
#
DOCKER_IMAGE_MIRROR=1
# 镜像拉取规则 Always, IfNotPresent
# Always 表示每次都会拉取最新镜像, IfNotPresent 表示本地不存在镜像时才会拉取
#
# IMAGE_PULL_POLICY=Always
################################## 安装配置 ###################################
#
# JumpServer 数据库持久化目录, 默认情况下录像、任务日志都在此目录
# 请根据实际情况修改, 升级时备份的数据库文件(.sql)和配置文件也会保存到该目录
#
VOLUME_DIR=/opt/jumpserver
# 加密密钥, 迁移请保证 SECRET_KEY 与旧环境一致, 请勿使用特殊字符串
# (*) Warning: Keep this value secret.
# (*) 勿向任何人泄露 SECRET_KEY
#
SECRET_KEY=xxxx
# 组件向 core 注册使用的 token, 迁移请保持 BOOTSTRAP_TOKEN 与旧环境一致,
# 请勿使用特殊字符串
# (*) Warning: Keep this value secret.
# (*) 勿向任何人泄露 BOOTSTRAP_TOKEN
#
BOOTSTRAP_TOKEN=xxxx
# 日志等级 INFO, WARN, ERROR
#
LOG_LEVEL=ERROR
# JumpServer 容器使用的网段, 请勿与现有的网络冲突, 根据实际情况自行修改
#
DOCKER_SUBNET=192.168.250.0/24
# ipv6 nat, 正常情况下无需开启
# 如果宿主不支持 ipv6 开启此选项将会导致无法获取真实的客户端 ip 地址
#
USE_IPV6=0
DOCKER_SUBNET_IPV6=fc00:1010:1111:200::/64
################################# MySQL 配置 ##################################
# 外置 MySQL 需要输入正确的 MySQL 信息, 内置 MySQL 系统会自动处理
# (*) 密码部分不得包含单引号和双引号
#
DB_HOST=10.99.51.121
DB_PORT=3306
DB_USER=jumpserver
DB_PASSWORD=xxxx
DB_NAME=jumpserver
# 如果外置 MySQL 需要开启 TLS/SSL 连接, 参考 https://docs.jumpserver.org/zh/v3/installation/security_setup/mysql_ssl/
#
# DB_USE_SSL=true
################################# Redis 配置 ##################################
# 外置 Redis 需要请输入正确的 Redis 信息, 内置 Redis 系统会自动处理
# (*) 密码部分不得包含单引号和双引号
#
REDIS_HOST=10.99.51.121
REDIS_PORT=6379
REDIS_PASSWORD=xxxx
# 如果使用外置 Redis Sentinel, 请手动填写下面内容
#
# REDIS_SENTINEL_HOSTS=mymaster/192.168.100.1:26379,192.168.100.1:26380,192.168.100.1:26381
# REDIS_SENTINEL_PASSWORD=your_sentinel_password
# REDIS_PASSWORD=your_redis_password
# REDIS_SENTINEL_SOCKET_TIMEOUT=5
# 如果外置 Redis 需要开启 TLS/SSL 连接, 参考 https://docs.jumpserver.org/zh/v3/installation/security_setup/redis_ssl/
#
# REDIS_USE_SSL=true
################################## 访问配置 ###################################
# 对外提供服务端口, 如果与现有服务冲突请自行修改
#
HTTP_PORT=80
SSH_PORT=2222
MAGNUS_MYSQL_PORT=33061
MAGNUS_MARIADB_PORT=33062
MAGNUS_REDIS_PORT=63790
MAGNUS_POSTGRESQL_PORT=54320
MAGNUS_SQLSERVER_PORT=14330
MAGNUS_ORACLE_PORTS=30000-30030
################################# HTTPS 配置 #################################
# 参考 https://docs.jumpserver.org/zh/v3/installation/proxy/ 配置
#
# HTTPS_PORT=443
# SERVER_NAME=your_domain_name
# SSL_CERTIFICATE=your_cert
# SSL_CERTIFICATE_KEY=your_cert_key
#
# Nginx 文件上传下载大小限制
#
CLIENT_MAX_BODY_SIZE=4096m
################################## 组件配置 ###################################
# 组件注册使用, 默认情况下向 core 容器注册, 集群环境需要修改为集群 vip 地址
#
CORE_HOST=http://core:8080
PERIOD_TASK_ENABLED=true
# Core Session 定义,
# SESSION_COOKIE_AGE 表示闲置多少秒后 session 过期,
# SESSION_EXPIRE_AT_BROWSER_CLOSE=true 表示关闭浏览器即 session 过期
#
# SESSION_COOKIE_AGE=86400
SESSION_EXPIRE_AT_BROWSER_CLOSE=false
# 可信任 DOMAINS 定义,
# 定义可信任的访问 IP, 请根据实际情况修改, 如果是公网 IP 请改成对应的公网 IP,
# DOMAINS="demo.jumpserver.org:443"
# DOMAINS="172.17.200.191:80"
# DOMAINS="demo.jumpserver.org:443,172.17.200.191:80"
DOMAINS=
# 配置不需要启动的组件, 默认所有组件都会开启, 如果不需要某个组件可以通过设置 {组件名称}_ENABLED 为 0 关闭
# CORE_ENABLED=0
# CELERY_ENABLED=0
# KOKO_ENABLED=0
# LION_ENABLED=0
# MAGNUS_ENABLED=0
# CHEN_ENABLED=0
# KAEL_ENABLED=0
# PANDA_ENABLED=0
# WEB_ENABLED=0
# Lion 开启字体平滑, 优化体验
#
JUMPSERVER_ENABLE_FONT_SMOOTHING=true
################################# XPack 配置 #################################
# XPack 包, 开源版本设置无效
#
RDP_PORT=3389
XRDP_PORT=3390
################################## 其他配置 ##################################
# 终端使用宿主 HOSTNAME 标识, 首次安装自动生成
#
SERVER_HOSTNAME=${HOSTNAME}
# 使用内置 SLB, 如果 Web 页面获取到的客户端 IP 地址不正确, 请将 USE_LB 设置为 0
# USE_LB 设置为 1 时, 使用配置 proxy_set_header X-Forwarded-For $remote_addr
# USE_LB 设置为 0 时, 使用配置 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for
USE_LB=1
# 当前运行的 JumpServer 版本号, 安装和升级完成后自动生成
#
CURRENT_VERSION=
# KoKo Lion 配置
SHARE_ROOM_TYPE=redis # KoKo Lion 使用 redis 共享
REUSE_CONNECTION=False # Koko 禁用连接复用
(6)执行脚本安装 JumpServer 服务
./jmsctl.sh install
根据提示选择 是还是不是即可
(7)启动 JumpServer 服务
./jmsctl.sh start
6、部署 JumpServer 02 节点
同 jumpserver 01 节点
7、部署 JumpServer 03节点
同 jumpserver 01 节点
8、部署 JumpServer 04节点
同 jumpserver 01 节点
9、部署 HAProxy 服务
(1)安装 HAProxy
yum install -y haproxy
(2) 配置 HAProxy
合并证书,并把证书放到/etc/haproxy 下,后面解析域名
cat wtown.com.pem wtown.com.key | tee all.pem
# 打开 HAProxy 的配置文件
vi /etc/haproxy/haproxy.cfg
配置示例
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
log global
option dontlognull
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
listen stats
bind *:8080
mode http
stats enable
stats uri /haproxy # 监控页面, 请自行修改. 访问地址为 http://10.99.51.100:8080/haproxy
stats refresh 5s
stats realm haproxy-status
stats auth admin:xxxxx # 账户密码, 请自行修改. 访问 http://10.99.51.100:8080/haproxy 会要求输入
#---------------------------------------------------------------------
# check 检活参数说明
# inter 间隔时间, 单位: 毫秒
# rise 连续成功的次数, 单位: 次
# fall 连续失败的次数, 单位: 次
# 例: inter 2s rise 2 fall 3
# 表示 2 秒检查一次状态, 连续成功 2 次服务正常, 连续失败 3 次服务异常
#
# server 服务参数说明
# server 10.99.51.101 10.99.51.101:80 weight 1 cookie web01
# 第一个 10.99.51.101 做为页面展示的标识, 可以修改为其他任意字符串
# 第二个 10.99.51.101:80 是实际的后端服务端口
# weight 为权重, 多节点时安装权重进行负载均衡
# cookie 用户侧的 cookie 会包含此标识, 便于区分当前访问的后端节点
# 例: server db01 10.99.51.101:3306 weight 1 cookie db_01
#---------------------------------------------------------------------
listen jms-web
bind *:80 # 监听 80 端口
mode http
redirect scheme https if !{ ssl_fc } # 重定向到 https
bind *:443 ssl crt /etc/haproxy/all.pem # https 设置
option httpchk GET /api/health/ HTTP/1.1\r\nHost:\ 10.99.51.100\r\nConnection:\ close
http-check expect status 200 # 期待返回的状态码为 200
stick-table type ip size 200k expire 30m
stick on src
balance leastconn
server 10.99.51.101 10.99.51.101:80 weight 1 cookie web01 check inter 2s rise 2 fall 3 # JumpServer 服务器
server 10.99.51.102 10.99.51.102:80 weight 1 cookie web02 check inter 2s rise 2 fall 3
server 10.99.51.103 10.99.51.103:80 weight 1 cookie web03 check inter 2s rise 2 fall 3
server 10.99.51.104 10.99.51.104:80 weight 1 cookie web03 check inter 2s rise 2 fall 3
listen jms-ssh
bind *:2222
mode tcp
option tcp-check
fullconn 500
balance source
server 10.99.51.101 10.99.51.101:2222 weight 1 check inter 2s rise 2 fall 3 send-proxy
server 10.99.51.102 10.99.51.102:2222 weight 1 check inter 2s rise 2 fall 3 send-proxy
server 10.99.51.103 10.99.51.103:2222 weight 1 check inter 2s rise 2 fall 3 send-proxy
server 10.99.51.104 10.99.51.104:2222 weight 1 check inter 2s rise 2 fall 3 send-proxy
listen jms-koko
mode http
option httpclose
option forwardfor
option httpchk GET /koko/health/ HTTP/1.1\r\nHost:\ 10.99.51.100 # KoKo 检活接口, host 填写 HAProxy 的 ip 地址
cookie SERVERID insert indirect
hash-type consistent
fullconn 500
balance leastconn
server 10.99.51.101 10.99.51.101:80 weight 1 cookie web01 check inter 2s rise 2 fall 3
server 10.99.51.102 10.99.51.102:80 weight 1 cookie web02 check inter 2s rise 2 fall 3
server 10.99.51.103 10.99.51.103:80 weight 1 cookie web03 check inter 2s rise 2 fall 3
server 10.99.51.104 10.99.51.104:80 weight 1 cookie web03 check inter 2s rise 2 fall 3
listen jms-lion
mode http
option httpclose
option forwardfor
option httpchk GET /lion/health/ HTTP/1.1\r\nHost:\ 10.99.51.100 # Lion 检活接口, host 填写 HAProxy 的 ip 地址
cookie SERVERID insert indirect
hash-type consistent
fullconn 500
balance leastconn
server 10.99.51.101 10.99.51.101:80 weight 1 cookie web01 check inter 2s rise 2 fall 3
server 10.99.51.102 10.99.51.102:80 weight 1 cookie web02 check inter 2s rise 2 fall 3
server 10.99.51.103 10.99.51.103:80 weight 1 cookie web03 check inter 2s rise 2 fall 3
server 10.99.51.104 10.99.51.104:80 weight 1 cookie web03 check inter 2s rise 2 fall 3
listen jms-magnus-mysql
bind *:33061
mode tcp
fullconn 500
balance source
server 10.99.51.101 10.99.51.101:33061 weight 1 check inter 2s rise 2 fall 3 send-proxy
server 10.99.51.102 10.99.51.102:33061 weight 1 check inter 2s rise 2 fall 3 send-proxy
server 10.99.51.103 10.99.51.103:33061 weight 1 check inter 2s rise 2 fall 3 send-proxy
server 10.99.51.104 10.99.51.104:33061 weight 1 check inter 2s rise 2 fall 3 send-proxy
listen jms-magnus-mariadb
bind *:33062
mode tcp
fullconn 500
balance source
server 10.99.51.101 10.99.51.101:33062 weight 1 check inter 2s rise 2 fall 3 send-proxy
server 10.99.51.102 10.99.51.102:33062 weight 1 check inter 2s rise 2 fall 3 send-proxy
server 10.99.51.103 10.99.51.103:33062 weight 1 check inter 2s rise 2 fall 3 send-proxy
server 10.99.51.104 10.99.51.104:33062 weight 1 check inter 2s rise 2 fall 3 send-proxy
(3)设置防火墙规则
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.90.101.0/24" port protocol="tcp" port="80" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.90.101.0/24" port protocol="tcp" port="443" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.90.101.0/24" port protocol="tcp" port="2222" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.90.101.0/24" port protocol="tcp" port="33060" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.90.101.0/24" port protocol="tcp" port="33061" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family=ipv4 source address=10.90.101.1 port port=8080 protocol=tcp accept'
firewall-cmd --reload
(4)设置selinux规则
setsebool -P haproxy_connect_any 1
(5)启动 HAProxy
systemctl enable haproxy
systemctl start haproxy
(6)修改jumpserver 配置文件允许域名
vi /opt/jumpserver/config/config.txt
重启jms服务
jmsctl restart
10、部署 MinIO 服务
(1)安装配置 Docker 环境
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
yum makecache fast
yum -y install docker-ce
(2)配置 Docker
mkdir /etc/docker/
vi /etc/docker/daemon.json
添加如下
{
"live-restore": true,
"registry-mirrors": ["https://hub-mirror.c.163.com", "https://bmtrgdvx.mirror.aliyuncs.com", "http://f1361db2.m.daocloud.io"],
"log-driver": "json-file",
"log-opts": {"max-file": "3", "max-size": "10m"}
}
(3)启动 Docker
systemctl enable docker
systemctl start docker
(4)下载 MinIO 镜像
docker pull minio/minio:latest
(5)MinIO 持久化数据目录创建
mkdir -p /opt/jumpserver/minio/data /opt/jumpserver/minio/config
(6)启动 MinIO 服务
docker run --name jms_minio -d -p 9000:9000 -p 9001:9001 -e MINIO_ROOT_USER=admin -e MINIO_ROOT_PASSWORD=xxxxx -v /opt/jumpserver/minio/data:/data -v /opt/jumpserver/minio/config:/root/.minio --restart=always minio/minio:latest server /data --console-address ":9001"
(7) 在 MinIO 中创建 Buckets
访问 http://10.99.51.131:9000,输入刚才设置的 MinIO 账号密码登录。
点击左侧菜单的 Buckets,选择 Create Bucket 创建桶,Bucket Name 输入 jumpserver,然后点击 Save 保存。
(8)在 JumpServer 中配置 MinIO
配置录像使用minio存储
11、部署 Elasticsearch 服务
(1)安装 Docker
yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
yum makecache fast
yum -y install docker-ce
(2)配置 Docker
mkdir /etc/docker/
vi /etc/docker/daemon.json
添加如下
{
"live-restore": true,
"registry-mirrors": ["https://hub-mirror.c.163.com", "https://bmtrgdvx.mirror.aliyuncs.com", "http://f1361db2.m.daocloud.io"],
"log-driver": "json-file",
"log-opts": {"max-file": "3", "max-size": "10m"}
}
(3)启动 Docker
systemctl enable docker
systemctl start docker
(4)下载 Elasticsearch 镜像
docker pull docker.elastic.co/elasticsearch/elasticsearch:7.17.6
(5)Elasticsearch 持久化数据目录创建
mkdir -p /opt/jumpserver/elasticsearch/data /opt/jumpserver/elasticsearch/logs
(6) 启动 Elasticsearch 服务
## 请自行修改账号密码并牢记,丢失后可以删掉容器后重新用新密码创建,数据不会丢失
# 9200 # Web 访问端口
# 9300 # 集群通信
# discovery.type=single-node # 单节点
# bootstrap.memory_lock="true" # 锁定物理内存, 不使用 swap
# xpack.security.enabled="true" # 开启安全模块
# TAKE_FILE_OWNERSHIP="true" # 自动修改挂载文件夹的所属用户
# ES_JAVA_OPTS="-Xms512m -Xmx512m" # JVM 内存大小, 推荐设置为主机内存的一半
# elastic # Elasticsearch 账号
# ELASTIC_PASSWORD=KXOeyNgDeTdpeu9q # Elasticsearch 密码
docker run --name jms_es -d -p 9200:9200 -p 9300:9300 -e cluster.name=docker-cluster -e discovery.type=single-node -e network.host=0.0.0.0 -e bootstrap.memory_lock="true" -e xpack.security.enabled="true" -e TAKE_FILE_OWNERSHIP="true" -e ES_JAVA_OPTS="-Xms512m -Xmx512m" -e ELASTIC_PASSWORD=xxxxx -v /opt/jumpserver/elasticsearch/data:/usr/share/elasticsearch/data -v /opt/jumpserver/elasticsearch/logs:/usr/share/elasticsearch/logs --restart=always docker.elastic.co/elasticsearch/elasticsearch:7.17.6
(7)在 JumpServer 中配置 Elasticsearch
配置命令存储使用jms-es
已经存储
12、简单使用介绍
https://download.csdn.net/download/zyj81092211/89499626
扫一扫
1639
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
