@yangwenbo
2022-09-21T14:26:48.000000Z
字数 21289
阅读 286
基础组件环境
访问JumpServer安装文档
名称 | 物理IP | 说明 | 密码 |
---|---|---|---|
JumpServer | 192.168.200.32 | 跳板机 | admin/123.123 |
#默认会安装到 /opt/jumpserver-installer-v2.13.2 目录
[root@jumpserver ~]# curl -sSL https://github.com/jumpserver/jumpserver/releases/download/v2.13.2/quick_start.sh | bash
[root@jumpserver ~]# cd /opt/jumpserver-installer-v2.13.2/
[root@jumpserver jumpserver-installer-v2.13.2]# ./jmsctl.sh start
#如果网络不好的情况情况下不建议使用一键部署,可以先下载tar包,然后进行编译安装
#下载JumpServer的tar包
[root@jumpserver ~]# wget https://github.com/jumpserver/installer/releases/download/v2.13.2/jumpserver-installer-v2.13.2.tar.gz
#将JumpServer的tar包解压到/usr/local/目录下
[root@jumpserver ~]# tar xf jumpserver-installer-v2.13.2.tar.gz -C /usr/local/
#进入到解压后的目录进行编译安装
[root@jumpserver ~]# cd /usr/local/jumpserver-installer-v2.13.2/
#查看目录内容
[root@jumpserver jumpserver-installer-v2.13.2]# ls
compose config-example.txt config_init jmsctl.sh locale quick_start.sh README.md scripts static.env utils
[root@jumpserver jumpserver-installer-v2.13.2]# cat config-example.txt
# 以下设置如果为空系统会自动生成随机字符串填入
## 迁移请修改 SECRET_KEY 和 BOOTSTRAP_TOKEN 为原来的设置
## 完整参数文档 https://docs.jumpserver.org/zh/master/admin-guide/env/
## 安装配置, 可以使用华为云加速下载, arm64 用户需要注释掉 DOCKER_IMAGE_PREFIX
# DOCKER_IMAGE_PREFIX=swr.cn-south-1.myhuaweicloud.com
VOLUME_DIR=/opt/jumpserver
DOCKER_DIR=/var/lib/docker
SECRET_KEY=
BOOTSTRAP_TOKEN=
LOG_LEVEL=ERROR
## MySQL 配置, USE_EXTERNAL_MYSQL=1 表示使用外置 MySQL, 请输入正确的 MySQL 信息
USE_EXTERNAL_MYSQL=0
DB_HOST=mysql
DB_PORT=3306
DB_USER=root
DB_PASSWORD=
DB_NAME=jumpserver
## Redis 配置, USE_EXTERNAL_REDIS=1 表示使用外置 Redis, 请输入正确的 Redis 信息
USE_EXTERNAL_REDIS=0
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=
## Compose 项目设置, 如果 192.168.250.0/24 网段与你现有网段冲突, 请修改然后重启 JumpServer
COMPOSE_PROJECT_NAME=jms
COMPOSE_HTTP_TIMEOUT=3600
DOCKER_CLIENT_TIMEOUT=3600
DOCKER_SUBNET=192.168.250.0/24
## IPV6 设置, 容器是否开启 ipv6 nat, USE_IPV6=1 表示开启, 为 0 的情况下 DOCKER_SUBNET_IPV6 定义不生效
USE_IPV6=0
DOCKER_SUBNET_IPV6=2001:db8:10::/64
## Nginx 配置, USE_LB=1 表示开启, 为 0 的情况下, HTTPS_PORT 定义不生效
HTTP_PORT=80
SSH_PORT=2222
RDP_PORT=3389
USE_LB=0
HTTPS_PORT=443
## Task 配置, 是否启动 jms_celery 容器, 单节点必须开启
USE_TASK=1
## XPack, USE_XPACK=1 表示开启, 开源版本设置无效
USE_XPACK=0
# Core 配置, Session 定义, SESSION_COOKIE_AGE 表示闲置多少秒后 session 过期, SESSION_EXPIRE_AT_BROWSER_CLOSE=true 表示关闭浏览器即 session 过期
# SESSION_COOKIE_AGE=86400
SESSION_EXPIRE_AT_BROWSER_CLOSE=true
# Koko Lion XRDP 组件配置
CORE_HOST=http://core:8080
# 额外的配置
CURRENT_VERSION=
[root@jumpserver jumpserver-installer-v2.13.2]# ./jmsctl.sh install
██╗██╗ ██╗███╗ ███╗██████╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗
██║██║ ██║████╗ ████║██╔══██╗██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗
██║██║ ██║██╔████╔██║██████╔╝███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝
██ ██║██║ ██║██║╚██╔╝██║██╔═══╝ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗
╚█████╔╝╚██████╔╝██║ ╚═╝ ██║██║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║
╚════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝
Version: v2.13.2
1. 检查配置文件
配置文件位置: /opt/jumpserver/config
/opt/jumpserver/config/config.txt [ √ ]
/opt/jumpserver/config/nginx/lb_rdp_server.conf [ √ ]
/opt/jumpserver/config/nginx/lb_ssh_server.conf [ √ ]
/opt/jumpserver/config/nginx/cert/server.crt [ √ ]
/opt/jumpserver/config/nginx/cert/server.key [ √ ]
完成
2. 备份配置文件
备份至 /opt/jumpserver/config/backup/config.txt.2022-04-11_16-54-33
完成
>>> 安装配置 Docker
1. 安装 Docker
开始下载 Docker 程序 ...
开始下载 Docker Compose 程序 ...
完成
2. 配置 Docker
是否需要自定义 docker 存储目录, 默认将使用目录 /var/lib/docker? (y/n) (默认为 n):
完成
3. 启动 Docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /etc/systemd/system/docker.service.
完成
>>> 加载 Docker 镜像
[jumpserver/nginx:alpine2]
alpine2: Pulling from jumpserver/nginx
alpine2: Pulling from jumpserver/nginx
486039affc0a: Pull complete
a99e975e0fd9: Pull complete
92520226185f: Pull complete
0c892c15af12: Pull complete
Digest: sha256:bc5107a2b70df7d81dd00823ec8fc4ee56ea00c61032d8f7b33ad33f6aa9224b
Status: Downloaded newer image for jumpserver/nginx:alpine2
[jumpserver/redis:6-alpine]
6-alpine: Pulling from jumpserver/redis
5843afab3874: Pull complete
f2c041a97bd6: Pull complete
2ab181d61f92: Pull complete
0e735c6f0308: Pull complete
3494533ff85c: Pull complete
09ce5e93ca58: Pull complete
Digest: sha256:8300b885570faad626e569e7b8cfef3407c87050d705ff26e243200cb3f84da8
Status: Downloaded newer image for jumpserver/redis:6-alpine
[jumpserver/mysql:5]
5: Pulling from jumpserver/mysql
6ec7b7d162b2: Pull complete
fedd960d3481: Pull complete
7ab947313861: Pull complete
64f92f19e638: Pull complete
3e80b17bff96: Pull complete
014e976799f9: Pull complete
59ae84fee1b3: Pull complete
7d1da2a18e2e: Pull complete
301a28b700b9: Pull complete
979b389fc71f: Pull complete
403f729b1bad: Pull complete
Digest: sha256:b3b2703de646600b008cbb2de36b70b21e51e7e93a7fca450d2b08151658b2dd
Status: Downloaded newer image for jumpserver/mysql:5
[jumpserver/web:v2.13.2]
v2.13.2: Pulling from jumpserver/web
29291e31a76a: Pull complete
e82f830de071: Pull complete
d7c9fa7589ae: Pull complete
3c1eaf69ff49: Pull complete
bf2b3ee132db: Pull complete
9a6ac07b84eb: Pull complete
74f40c418ade: Pull complete
b87961e347c1: Pull complete
b6f96856746e: Pull complete
04c67e5d3785: Pull complete
b8052eeb24f5: Pull complete
Digest: sha256:ddeb91d7063203ad893ba2724ab7db42654f4905705c4b40134a33a4fb55c072
Status: Downloaded newer image for jumpserver/web:v2.13.2
[jumpserver/core:v2.13.2]
v2.13.2: Pulling from jumpserver/core
6ec7b7d162b2: Already exists
80ff6536d04b: Pulling fs layer
2d04da85e485: Pulling fs layer
998aa32a5c8a: Downloading
7733ef26f344: Waiting
b8f2de1a0c00: Waiting
bce204fa577d: Waiting
2886eb4524b3: Waiting
119a097d4cb2: Waiting
05910b160293: Waiting
2a3a5a6216d8: Waiting
cb8ec5e3f08f: Waiting
0ef3e1bf4247: Waiting
v2.13.2: Pulling from jumpserver/core
6ec7b7d162b2: Already exists
80ff6536d04b: Pull complete
2d04da85e485: Pull complete
998aa32a5c8a: Pull complete
7733ef26f344: Pull complete
b8f2de1a0c00: Pull complete
bce204fa577d: Pull complete
2886eb4524b3: Pull complete
119a097d4cb2: Pull complete
05910b160293: Pull complete
2a3a5a6216d8: Pull complete
cb8ec5e3f08f: Pull complete
0ef3e1bf4247: Pull complete
Digest: sha256:7e2982dbdc0360601387cade82b285235948b6d0e6506aa8375f704e77260b27
Status: Downloaded newer image for jumpserver/core:v2.13.2
[jumpserver/koko:v2.13.2]
v2.13.2: Pulling from jumpserver/koko
v2.13.2: Pulling from jumpserver/koko
33f99cea3b7d: Pull complete
2d5748cec128: Pull complete
3c306b4a8bf3: Pull complete
51551dd74879: Pull complete
d6595856b6f2: Pull complete
7514ad72b0f5: Pull complete
68aaeea68ec7: Pull complete
f168d88f4ac6: Pull complete
2e9752838d5c: Pull complete
cc91d4b42ecb: Pull complete
67120f3de9ba: Pull complete
Digest: sha256:f81558d25dfe6999baa42984e2f68d77bf777b29d7206c3fd7195a61efdb18f6
Status: Downloaded newer image for jumpserver/koko:v2.13.2
[jumpserver/lion:v2.13.2]
v2.13.2: Pulling from jumpserver/lion
69692152171a: Pull complete
d884362f8d65: Pull complete
642670135f62: Pull complete
f2f9e484b2f8: Pull complete
31b2c41bb975: Pull complete
5a4d603bde6f: Pull complete
9775c16c68db: Pull complete
f66751b83e51: Pull complete
75d7844e3a93: Pull complete
268ab36224e9: Pull complete
87186b2fda35: Pull complete
dd7716bd850a: Pull complete
fdf60e19e994: Pull complete
cce69d5a2c12: Pull complete
Digest: sha256:d743a69635c7c6574d84a49f55f8d8e045087821434612d6db35669780a80681
Status: Downloaded newer image for jumpserver/lion:v2.13.2
完成
>>> 安装配置 JumpServer
1. 配置网络
是否需要支持 IPv6? (y/n) (默认为 n):
完成
2. 配置加密密钥
SECRETE_KEY: ODliMjRkNTYtMDRiNi02OTVlLWE3ZjEtMWQ3YzI4ZGI0MGUw
BOOTSTRAP_TOKEN: ODliMjRkNTYtMDRiNi02OTVl
完成
3. 配置持久化目录
是否需要自定义持久化存储, 默认将使用目录 /opt/jumpserver? (y/n) (默认为 n):
完成
4. 配置 MySQL
是否使用外部 MySQL? (y/n) (默认为 n):
完成
5. 配置 Redis
是否使用外部 Redis? (y/n) (默认为 n):
完成
6. 配置对外端口
是否需要配置 JumpServer 对外访问端口? (y/n) (默认为 n):
完成
7. 初始化数据库
Creating network "jms_net" with driver "bridge"
Creating jms_redis ... done
Creating jms_mysql ... done
Creating jms_core ... done
2022-04-12 00:59:13 Collect static files
2022-04-12 00:59:13 Collect static files done
2022-04-12 00:59:13 Check database structure change ...
2022-04-12 00:59:13 Migrate model change to database ...
476 static files copied to '/opt/jumpserver/data/static'.
Operations to perform:
Apply all migrations: acls, admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, notifications, ops, orgs, perms, sessions, settings, terminal, tickets, users
Running migrations:
Applying contenttypes.0001_initial... OK
Applying contenttypes.0002_remove_content_type_name... OK
Applying auth.0001_initial... OK
Applying auth.0002_alter_permission_name_max_length... OK
Applying auth.0003_alter_user_email_max_length... OK
Applying auth.0004_alter_user_username_opts... OK
Applying auth.0005_alter_user_last_login_null... OK
Applying auth.0006_require_contenttypes_0002... OK
Applying auth.0007_alter_validators_add_error_messages... OK
Applying auth.0008_alter_user_username_max_length... OK
Applying users.0001_initial... OK
Applying acls.0001_initial... OK
Applying admin.0001_initial... OK
Applying admin.0002_logentry_remove_auto_add... OK
Applying admin.0003_logentry_add_action_flag_choices... OK
Applying users.0002_auto_20171225_1157_squashed_0019_auto_20190304_1459... OK
Applying users.0020_auto_20190612_1825... OK
Applying users.0021_auto_20190625_1104... OK
Applying users.0022_auto_20190625_1105... OK
Applying users.0023_auto_20190724_1525... OK
Applying users.0024_auto_20191118_1612... OK
Applying users.0025_auto_20200206_1216... OK
Applying users.0026_auto_20200508_2105... OK
Applying users.0027_auto_20200616_1503... OK
Applying users.0028_auto_20200728_1805... OK
Applying users.0029_auto_20200814_1650... OK
Applying users.0030_auto_20200819_2041... OK
Applying users.0031_auto_20201118_1801... OK
Applying tickets.0001_initial... OK
Applying tickets.0002_auto_20200728_1146... OK
Applying tickets.0003_auto_20200804_1551... OK
Applying tickets.0004_ticket_comment... OK
Applying tickets.0005_ticket_meta_confirmed_system_users... OK
Applying tickets.0006_auto_20201023_1628... OK
Applying tickets.0007_auto_20201224_1821... OK
Applying terminal.0001_initial... OK
Applying terminal.0002_auto_20171228_0025_squashed_0009_auto_20180326_0957... OK
Applying terminal.0010_auto_20180423_1140... OK
Applying terminal.0011_auto_20180807_1116... OK
Applying terminal.0012_auto_20180816_1652... OK
Applying terminal.0013_auto_20181123_1113... OK
Applying terminal.0014_auto_20181226_1441... OK
Applying terminal.0015_auto_20190923_1529... OK
Applying terminal.0016_commandstorage_replaystorage... OK
Applying common.0001_initial... OK
Applying common.0002_auto_20180111_1407... OK
Applying common.0003_setting_category... OK
Applying common.0004_setting_encrypted... OK
Applying common.0005_auto_20190221_1902... OK
Applying common.0006_auto_20190304_1515... OK
Applying settings.0001_initial... OK
Applying terminal.0017_auto_20191125_0931... OK
Applying terminal.0018_auto_20191202_1010... OK
Applying terminal.0019_auto_20191206_1000... OK
Applying terminal.0020_auto_20191218_1721... OK
Applying terminal.0021_auto_20200213_1316... OK
Applying terminal.0022_session_is_success... OK
Applying terminal.0023_command_risk_level... OK
Applying terminal.0024_auto_20200715_1713... OK
Applying terminal.0025_auto_20200810_1735... OK
Applying terminal.0026_auto_20201027_1905... OK
Applying terminal.0027_auto_20201102_1651... OK
Applying terminal.0028_auto_20201110_1918... OK
Applying terminal.0029_auto_20201116_1757... OK
Applying terminal.0030_terminal_type... OK
Applying terminal.0031_auto_20210113_1356... OK
Applying assets.0001_initial... OK
Applying perms.0001_initial... OK
Applying assets.0002_auto_20180105_1807_squashed_0009_auto_20180307_1212... OK
Applying assets.0010_auto_20180307_1749_squashed_0019_auto_20180816_1320... OK
Applying perms.0002_auto_20171228_0025_squashed_0009_auto_20180903_1132... OK
Applying perms.0003_action... OK
Applying perms.0004_assetpermission_actions... OK
Applying assets.0020_auto_20180816_1652... OK
Applying assets.0021_auto_20180903_1132... OK
Applying assets.0022_auto_20181012_1717... OK
Applying assets.0023_auto_20181016_1650... OK
Applying assets.0024_auto_20181219_1614... OK
Applying assets.0025_auto_20190221_1902... OK
Applying assets.0026_auto_20190325_2035... OK
Applying applications.0001_initial... OK
Applying perms.0005_auto_20190521_1619... OK
Applying perms.0006_auto_20190628_1921... OK
Applying perms.0007_remove_assetpermission_actions... OK
Applying perms.0008_auto_20190911_1907... OK
Applying assets.0027_auto_20190521_1703... OK
Applying assets.0028_protocol... OK
Applying assets.0029_auto_20190522_1114... OK
Applying assets.0030_auto_20190619_1135... OK
Applying assets.0031_auto_20190621_1332... OK
Applying assets.0032_auto_20190624_2108... OK
Applying assets.0033_auto_20190624_2108... OK
Applying assets.0034_auto_20190705_1348... OK
Applying assets.0035_auto_20190711_2018... OK
Applying assets.0036_auto_20190716_1535... OK
Applying assets.0037_auto_20190724_2002... OK
Applying assets.0038_auto_20190911_1634... OK
Applying perms.0009_remoteapppermission_system_users... OK
Applying assets.0039_authbook_is_active... OK
Applying assets.0040_auto_20190917_2056... OK
Applying assets.0041_gathereduser... OK
Applying assets.0042_favoriteasset... OK
Applying assets.0043_auto_20191114_1111... OK
Applying assets.0044_platform... OK
Applying assets.0045_auto_20191206_1607... OK
Applying assets.0046_auto_20191218_1705... OK
Applying applications.0002_remove_remoteapp_system_user... OK
Applying applications.0003_auto_20191210_1659... OK
Applying applications.0004_auto_20191218_1705... OK
Applying perms.0010_auto_20191218_1705... OK
Applying perms.0011_auto_20200721_1739... OK
Applying assets.0047_assetuser... OK
Applying assets.0048_auto_20191230_1512... OK
Applying assets.0049_systemuser_sftp_root... OK
Applying assets.0050_auto_20200711_1740... OK
Applying assets.0051_auto_20200713_1143... OK
Applying assets.0052_auto_20200715_1535... OK
Applying assets.0053_auto_20200723_1232... OK
Applying assets.0054_auto_20200807_1032... OK
Applying applications.0005_k8sapp... OK
Applying perms.0012_k8sapppermission... OK
Applying assets.0055_auto_20200811_1845... OK
Applying assets.0056_auto_20200904_1751... OK
Applying assets.0057_fill_node_value_assets_amount_and_parent_key...
................................................................. OK
Applying perms.0013_rebuildusertreetask_usergrantedmappingnode... OK
Applying perms.0014_build_users_perm_tree... OK
Applying perms.0015_auto_20200929_1728... OK
Applying assets.0058_auto_20201023_1115... OK
Applying assets.0059_auto_20201027_1905... OK
Applying applications.0006_application... OK
Applying perms.0016_applicationpermission... OK
Applying perms.0017_auto_20210104_0435... OK
Applying assets.0060_node_full_value...
- Start migrate node value if has /
- Start migrate node full value
OK
Applying assets.0061_auto_20201116_1757... OK
Applying assets.0062_auto_20201117_1938... OK
Applying assets.0063_migrate_default_node_key...
Check old default node `key=0 value=Default` not exists
OK
Applying assets.0064_auto_20201203_1100... OK
Applying assets.0065_auto_20210121_1549... OK
Applying perms.0018_auto_20210208_1515... OK
Applying orgs.0001_initial... OK
Applying orgs.0002_auto_20180903_1132... OK
Applying orgs.0003_auto_20190916_1057... OK
Applying orgs.0004_organizationmember... OK
Applying orgs.0005_auto_20200721_1937... OK
Applying orgs.0006_auto_20200721_1937... OK
Applying orgs.0007_auto_20200728_1805... OK
Applying orgs.0008_auto_20200819_2041... OK
Applying orgs.0009_auto_20201023_1628... OK
Applying ops.0001_initial... OK
Applying ops.0002_celerytask... OK
Applying ops.0003_auto_20181207_1744... OK
Applying ops.0004_adhoc_run_as... OK
Applying ops.0005_auto_20181219_1807... OK
Applying ops.0006_auto_20190318_1023... OK
Applying ops.0007_auto_20190724_2002... OK
Applying ops.0008_auto_20190919_2100... OK
Applying ops.0009_auto_20191217_1713... OK
Applying ops.0010_auto_20191217_1758... OK
Applying ops.0011_auto_20200106_1534... OK
Applying ops.0012_auto_20200108_1659... OK
Applying ops.0013_auto_20200108_1706... OK
Applying ops.0014_auto_20200108_1749... OK
Applying ops.0015_auto_20200108_1809... OK
Applying ops.0016_commandexecution_org_id... OK
Applying ops.0017_auto_20200306_1747... OK
Applying ops.0018_auto_20200509_1434... OK
Applying ops.0019_adhocexecution_celery_task_id... OK
Applying audits.0001_initial... OK
Applying audits.0002_ftplog_org_id... OK
Applying audits.0003_auto_20180816_1652... OK
Applying audits.0004_operatelog_passwordchangelog_userloginlog... OK
Applying audits.0005_auto_20190228_1715... OK
Applying audits.0006_auto_20190726_1753... OK
Applying audits.0007_auto_20191202_1010... OK
Applying audits.0008_auto_20200508_2105... OK
Applying audits.0009_auto_20200624_1654... OK
Applying audits.0010_auto_20200811_1122... OK
Applying audits.0011_userloginlog_backend... OK
Applying assets.0066_auto_20210208_1802... OK
Applying applications.0007_auto_20201119_1110... OK
Applying applications.0008_auto_20210104_0435... OK
Applying orgs.0010_auto_20210219_1241...
Migrate model org id: Application done, use 0.88 ms
Migrate model org id: AdminUser done, use 0.92 ms
Migrate model org id: Asset done, use 0.88 ms
Migrate model org id: AuthBook done, use 0.8 ms
Migrate model org id: CommandFilter done, use 0.66 ms
Migrate model org id: CommandFilterRule done, use 0.72 ms
Migrate model org id: Domain done, use 0.66 ms
Migrate model org id: Gateway done, use 0.96 ms
Migrate model org id: GatheredUser done, use 1.06 ms
Migrate model org id: Label done, use 1.21 ms
Migrate model org id: Node done, use 0.74 ms
Migrate model org id: SystemUser done, use 0.89 ms
Migrate model org id: FTPLog done, use 1.21 ms
Migrate model org id: OperateLog done, use 0.97 ms
Migrate model org id: AdHoc done, use 0.75 ms
Migrate model org id: AdHocExecution done, use 0.77 ms
Migrate model org id: CommandExecution done, use 0.71 ms
Migrate model org id: Task done, use 0.99 ms
Migrate model org id: ApplicationPermission done, use 0.79 ms
Migrate model org id: AssetPermission done, use 0.77 ms
Migrate model org id: UserAssetGrantedTreeNodeRelation done, use 0.77 ms
Migrate model org id: Session done, use 0.84 ms
Migrate model org id: Command done, use 0.74 ms
Migrate model org id: Ticket done, use 0.81 ms
Migrate model org id: UserGroup done, use 0.97 ms
Will add users to default org: 1
Add users to default org: 1-1
done, use 5.91 ms
OK
Applying assets.0067_auto_20210311_1113... OK
Applying assets.0068_auto_20210312_1455... OK
Applying assets.0069_change_node_key0_to_key1...
--> Not exist key=0 nodes, do nothing.
OK
Applying assets.0070_auto_20210426_1515... OK
Applying applications.0009_applicationuser... OK
Applying assets.0071_systemuser_type...
OK
Applying assets.0072_historicalauthbook...
OK
Applying assets.0073_auto_20210606_1142...
OK
Applying assets.0074_remove_systemuser_assets... OK
Applying assets.0075_auto_20210705_1759... OK
Applying assets.0076_delete_assetuser... OK
Applying audits.0012_auto_20210414_1443... OK
Applying auth.0009_alter_user_last_name_max_length... OK
Applying auth.0010_alter_group_name_max_length... OK
Applying auth.0011_update_proxy_permissions... OK
Applying auth.0012_alter_user_first_name_max_length... OK
Applying authentication.0001_initial... OK
Applying authentication.0002_auto_20190729_1423... OK
Applying authentication.0003_loginconfirmsetting... OK
Applying authentication.0004_ssotoken... OK
Applying captcha.0001_initial... OK
Applying django_cas_ng.0001_initial... OK
Applying django_celery_beat.0001_initial... OK
Applying django_celery_beat.0002_auto_20161118_0346... OK
Applying django_celery_beat.0003_auto_20161209_0049... OK
Applying django_celery_beat.0004_auto_20170221_0000... OK
Applying django_celery_beat.0005_add_solarschedule_events_choices... OK
Applying django_celery_beat.0006_auto_20180322_0932... OK
Applying django_celery_beat.0007_auto_20180521_0826... OK
Applying django_celery_beat.0008_auto_20180914_1922... OK
Applying django_celery_beat.0006_auto_20180210_1226... OK
Applying django_celery_beat.0006_periodictask_priority... OK
Applying django_celery_beat.0009_periodictask_headers... OK
Applying django_celery_beat.0010_auto_20190429_0326... OK
Applying django_celery_beat.0011_auto_20190508_0153... OK
Applying django_celery_beat.0012_periodictask_expire_seconds... OK
Applying jms_oidc_rp.0001_initial... OK
Applying users.0032_userpasswordhistory... OK
Applying users.0033_user_need_update_password... OK
Applying users.0034_auto_20210506_1448... OK
Applying users.0035_auto_20210526_1100... OK
Applying notifications.0001_initial... OK
Applying ops.0020_adhoc_run_system_user... OK
Applying sessions.0001_initial... OK
Applying settings.0002_auto_20210729_1546... OK
Applying terminal.0032_auto_20210302_1853... OK
Applying terminal.0033_auto_20210324_1008... OK
Applying terminal.0034_auto_20210406_1434... OK
Applying terminal.0035_auto_20210517_1448... OK
Applying terminal.0036_auto_20210604_1124... OK
Applying terminal.0037_auto_20210623_1748... OK
Applying terminal.0038_task_kwargs... OK
Applying terminal.0039_auto_20210805_1552... OK
Applying tickets.0008_auto_20210311_1113... OK
Applying tickets.0009_auto_20210426_1720... OK
Applying users.0036_user_feishu_id... OK
完成
>>> 安装完成了
1. 可以使用如下命令启动, 然后访问
cd /usr/local/jumpserver-installer-v2.13.2
./jmsctl.sh start
2. 其它一些管理命令
./jmsctl.sh stop
./jmsctl.sh restart
./jmsctl.sh backup
./jmsctl.sh upgrade
更多还有一些命令, 你可以 ./jmsctl.sh --help 来了解
3. Web 访问
http://192.168.200.32:80
默认用户: admin 默认密码: admin
4. SSH/SFTP 访问
ssh -p2222 admin@192.168.200.32
sftp -P2222 admin@192.168.200.32
5. 更多信息
我们的官网: https://www.jumpserver.org/
我们的文档: https://docs.jumpserver.org/
#启动JumpServer
[root@jumpserver jumpserver-installer-v2.13.2]# ./jmsctl.sh start
jms_redis is up-to-date
jms_mysql is up-to-date
Creating jms_core ... done
Creating jms_lion ... done
Creating jms_koko ... done
Creating jms_celery ... done
Creating jms_web ... done
提示修改密码:
修改密码:
修改完成之后,重新登录JumpServer 堡垒机即可:
登录堡垒机成功:
用户、系统用户、管理用户的关系
- 用户管理里面的用户列表 是用来登录jumpserver平台的用户,用户需要先登录jumpserver平台才能管理或者连接资产
- 资产管理里面的特权用户 是jumpserver用来管理资产需要的服务账户
- 资产管理里面的系统用户 是jumpserver用户连接资产需要的登录账户
稍后创建
#备注:这里的管理用户,要在被管理节点提前创建,用户名密码保持一致,并且要在被管理节点进行sudo提权
#创建登录用户
[root@mysql-master ~]# useradd look
[root@mysql-master ~]# echo "look" | passwd --stdin look
更改用户 look 的密码 。
passwd:所有的身份验证令牌已经成功更新。
#配置sudo权限
[root@mysql-master ~]# vim /etc/sudoers
[root@mysql-master ~]# sed -i "101p" /etc/sudoers
[root@mysql-master ~]#
[root@mysql-master ~]# sed -n "101p" /etc/sudoers
look ALL=(root) NOPASSWD:ALL
#测试提权是否成功
[root@mysql-master ~]# su - look
[look@mysql-master ~]$ sudo touch 1.txt
创建完成,进行验证主机是否可连接
1、退出admin管理员用户,使用yangwenbo普通用户登录Jumpserver堡垒机平台
2、查看自己对所分配的资产有无连接权限
可以看到,可以连接,并且可以操作。
检测
有操作回放视频,能查看工作人员操作的历史记录。