[关闭]
@yangwenbo 2022-09-21T14:26:48.000000Z 字数 21289 阅读 277

基础组件环境

JumpServer安装部署

访问JumpServer安装文档

名称 物理IP 说明 密码
JumpServer 192.168.200.32 跳板机 admin/123.123

1、一键安装JumpServer(需要可以科学上网)

  1. #默认会安装到 /opt/jumpserver-installer-v2.13.2 目录
  2. [root@jumpserver ~]# curl -sSL https://github.com/jumpserver/jumpserver/releases/download/v2.13.2/quick_start.sh | bash
  3. [root@jumpserver ~]# cd /opt/jumpserver-installer-v2.13.2/
  4. [root@jumpserver jumpserver-installer-v2.13.2]# ./jmsctl.sh start
  5. #如果网络不好的情况情况下不建议使用一键部署,可以先下载tar包,然后进行编译安装

2、手动部署JumpServer

2.1 JumpServer下载安装

  1. #下载JumpServer的tar包
  2. [root@jumpserver ~]# wget https://github.com/jumpserver/installer/releases/download/v2.13.2/jumpserver-installer-v2.13.2.tar.gz
  3. #将JumpServer的tar包解压到/usr/local/目录下
  4. [root@jumpserver ~]# tar xf jumpserver-installer-v2.13.2.tar.gz -C /usr/local/
  5. #进入到解压后的目录进行编译安装
  6. [root@jumpserver ~]# cd /usr/local/jumpserver-installer-v2.13.2/
  7. #查看目录内容
  8. [root@jumpserver jumpserver-installer-v2.13.2]# ls
  9. compose config-example.txt config_init jmsctl.sh locale quick_start.sh README.md scripts static.env utils

2.2 根据需要修改配置文件模板, 如果不清楚用途可以跳过修改

  1. [root@jumpserver jumpserver-installer-v2.13.2]# cat config-example.txt
  2. # 以下设置如果为空系统会自动生成随机字符串填入
  3. ## 迁移请修改 SECRET_KEY 和 BOOTSTRAP_TOKEN 为原来的设置
  4. ## 完整参数文档 https://docs.jumpserver.org/zh/master/admin-guide/env/
  5. ## 安装配置, 可以使用华为云加速下载, arm64 用户需要注释掉 DOCKER_IMAGE_PREFIX
  6. # DOCKER_IMAGE_PREFIX=swr.cn-south-1.myhuaweicloud.com
  7. VOLUME_DIR=/opt/jumpserver
  8. DOCKER_DIR=/var/lib/docker
  9. SECRET_KEY=
  10. BOOTSTRAP_TOKEN=
  11. LOG_LEVEL=ERROR
  12. ## MySQL 配置, USE_EXTERNAL_MYSQL=1 表示使用外置 MySQL, 请输入正确的 MySQL 信息
  13. USE_EXTERNAL_MYSQL=0
  14. DB_HOST=mysql
  15. DB_PORT=3306
  16. DB_USER=root
  17. DB_PASSWORD=
  18. DB_NAME=jumpserver
  19. ## Redis 配置, USE_EXTERNAL_REDIS=1 表示使用外置 Redis, 请输入正确的 Redis 信息
  20. USE_EXTERNAL_REDIS=0
  21. REDIS_HOST=redis
  22. REDIS_PORT=6379
  23. REDIS_PASSWORD=
  24. ## Compose 项目设置, 如果 192.168.250.0/24 网段与你现有网段冲突, 请修改然后重启 JumpServer
  25. COMPOSE_PROJECT_NAME=jms
  26. COMPOSE_HTTP_TIMEOUT=3600
  27. DOCKER_CLIENT_TIMEOUT=3600
  28. DOCKER_SUBNET=192.168.250.0/24
  29. ## IPV6 设置, 容器是否开启 ipv6 nat, USE_IPV6=1 表示开启, 为 0 的情况下 DOCKER_SUBNET_IPV6 定义不生效
  30. USE_IPV6=0
  31. DOCKER_SUBNET_IPV6=2001:db8:10::/64
  32. ## Nginx 配置, USE_LB=1 表示开启, 为 0 的情况下, HTTPS_PORT 定义不生效
  33. HTTP_PORT=80
  34. SSH_PORT=2222
  35. RDP_PORT=3389
  36. USE_LB=0
  37. HTTPS_PORT=443
  38. ## Task 配置, 是否启动 jms_celery 容器, 单节点必须开启
  39. USE_TASK=1
  40. ## XPack, USE_XPACK=1 表示开启, 开源版本设置无效
  41. USE_XPACK=0
  42. # Core 配置, Session 定义, SESSION_COOKIE_AGE 表示闲置多少秒后 session 过期, SESSION_EXPIRE_AT_BROWSER_CLOSE=true 表示关闭浏览器即 session 过期
  43. # SESSION_COOKIE_AGE=86400
  44. SESSION_EXPIRE_AT_BROWSER_CLOSE=true
  45. # Koko Lion XRDP 组件配置
  46. CORE_HOST=http://core:8080
  47. # 额外的配置
  48. CURRENT_VERSION=

2.3 安装JumpServer

  1. [root@jumpserver jumpserver-installer-v2.13.2]# ./jmsctl.sh install
  2. ██╗██╗ ██╗███╗ ███╗██████╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗
  3. ██║██║ ██║████╗ ████║██╔══██╗██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗
  4. ██║██║ ██║██╔████╔██║██████╔╝███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝
  5. ██ ██║██║ ██║██║╚██╔╝██║██╔═══╝ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗
  6. ╚█████╔╝╚██████╔╝██║ ╚═╝ ██║██║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║
  7. ╚════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝
  8. Version: v2.13.2
  9. 1. 检查配置文件
  10. 配置文件位置: /opt/jumpserver/config
  11. /opt/jumpserver/config/config.txt [ ]
  12. /opt/jumpserver/config/nginx/lb_rdp_server.conf [ ]
  13. /opt/jumpserver/config/nginx/lb_ssh_server.conf [ ]
  14. /opt/jumpserver/config/nginx/cert/server.crt [ ]
  15. /opt/jumpserver/config/nginx/cert/server.key [ ]
  16. 完成
  17. 2. 备份配置文件
  18. 备份至 /opt/jumpserver/config/backup/config.txt.2022-04-11_16-54-33
  19. 完成
  20. >>> 安装配置 Docker
  21. 1. 安装 Docker
  22. 开始下载 Docker 程序 ...
  23. 开始下载 Docker Compose 程序 ...
  24. 完成
  25. 2. 配置 Docker
  26. 是否需要自定义 docker 存储目录, 默认将使用目录 /var/lib/docker? (y/n) (默认为 n):
  27. 完成
  28. 3. 启动 Docker
  29. Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /etc/systemd/system/docker.service.
  30. 完成
  31. >>> 加载 Docker 镜像
  32. [jumpserver/nginx:alpine2]
  33. alpine2: Pulling from jumpserver/nginx
  34. alpine2: Pulling from jumpserver/nginx
  35. 486039affc0a: Pull complete
  36. a99e975e0fd9: Pull complete
  37. 92520226185f: Pull complete
  38. 0c892c15af12: Pull complete
  39. Digest: sha256:bc5107a2b70df7d81dd00823ec8fc4ee56ea00c61032d8f7b33ad33f6aa9224b
  40. Status: Downloaded newer image for jumpserver/nginx:alpine2
  41. [jumpserver/redis:6-alpine]
  42. 6-alpine: Pulling from jumpserver/redis
  43. 5843afab3874: Pull complete
  44. f2c041a97bd6: Pull complete
  45. 2ab181d61f92: Pull complete
  46. 0e735c6f0308: Pull complete
  47. 3494533ff85c: Pull complete
  48. 09ce5e93ca58: Pull complete
  49. Digest: sha256:8300b885570faad626e569e7b8cfef3407c87050d705ff26e243200cb3f84da8
  50. Status: Downloaded newer image for jumpserver/redis:6-alpine
  51. [jumpserver/mysql:5]
  52. 5: Pulling from jumpserver/mysql
  53. 6ec7b7d162b2: Pull complete
  54. fedd960d3481: Pull complete
  55. 7ab947313861: Pull complete
  56. 64f92f19e638: Pull complete
  57. 3e80b17bff96: Pull complete
  58. 014e976799f9: Pull complete
  59. 59ae84fee1b3: Pull complete
  60. 7d1da2a18e2e: Pull complete
  61. 301a28b700b9: Pull complete
  62. 979b389fc71f: Pull complete
  63. 403f729b1bad: Pull complete
  64. Digest: sha256:b3b2703de646600b008cbb2de36b70b21e51e7e93a7fca450d2b08151658b2dd
  65. Status: Downloaded newer image for jumpserver/mysql:5
  66. [jumpserver/web:v2.13.2]
  67. v2.13.2: Pulling from jumpserver/web
  68. 29291e31a76a: Pull complete
  69. e82f830de071: Pull complete
  70. d7c9fa7589ae: Pull complete
  71. 3c1eaf69ff49: Pull complete
  72. bf2b3ee132db: Pull complete
  73. 9a6ac07b84eb: Pull complete
  74. 74f40c418ade: Pull complete
  75. b87961e347c1: Pull complete
  76. b6f96856746e: Pull complete
  77. 04c67e5d3785: Pull complete
  78. b8052eeb24f5: Pull complete
  79. Digest: sha256:ddeb91d7063203ad893ba2724ab7db42654f4905705c4b40134a33a4fb55c072
  80. Status: Downloaded newer image for jumpserver/web:v2.13.2
  81. [jumpserver/core:v2.13.2]
  82. v2.13.2: Pulling from jumpserver/core
  83. 6ec7b7d162b2: Already exists
  84. 80ff6536d04b: Pulling fs layer
  85. 2d04da85e485: Pulling fs layer
  86. 998aa32a5c8a: Downloading
  87. 7733ef26f344: Waiting
  88. b8f2de1a0c00: Waiting
  89. bce204fa577d: Waiting
  90. 2886eb4524b3: Waiting
  91. 119a097d4cb2: Waiting
  92. 05910b160293: Waiting
  93. 2a3a5a6216d8: Waiting
  94. cb8ec5e3f08f: Waiting
  95. 0ef3e1bf4247: Waiting
  96. v2.13.2: Pulling from jumpserver/core
  97. 6ec7b7d162b2: Already exists
  98. 80ff6536d04b: Pull complete
  99. 2d04da85e485: Pull complete
  100. 998aa32a5c8a: Pull complete
  101. 7733ef26f344: Pull complete
  102. b8f2de1a0c00: Pull complete
  103. bce204fa577d: Pull complete
  104. 2886eb4524b3: Pull complete
  105. 119a097d4cb2: Pull complete
  106. 05910b160293: Pull complete
  107. 2a3a5a6216d8: Pull complete
  108. cb8ec5e3f08f: Pull complete
  109. 0ef3e1bf4247: Pull complete
  110. Digest: sha256:7e2982dbdc0360601387cade82b285235948b6d0e6506aa8375f704e77260b27
  111. Status: Downloaded newer image for jumpserver/core:v2.13.2
  112. [jumpserver/koko:v2.13.2]
  113. v2.13.2: Pulling from jumpserver/koko
  114. v2.13.2: Pulling from jumpserver/koko
  115. 33f99cea3b7d: Pull complete
  116. 2d5748cec128: Pull complete
  117. 3c306b4a8bf3: Pull complete
  118. 51551dd74879: Pull complete
  119. d6595856b6f2: Pull complete
  120. 7514ad72b0f5: Pull complete
  121. 68aaeea68ec7: Pull complete
  122. f168d88f4ac6: Pull complete
  123. 2e9752838d5c: Pull complete
  124. cc91d4b42ecb: Pull complete
  125. 67120f3de9ba: Pull complete
  126. Digest: sha256:f81558d25dfe6999baa42984e2f68d77bf777b29d7206c3fd7195a61efdb18f6
  127. Status: Downloaded newer image for jumpserver/koko:v2.13.2
  128. [jumpserver/lion:v2.13.2]
  129. v2.13.2: Pulling from jumpserver/lion
  130. 69692152171a: Pull complete
  131. d884362f8d65: Pull complete
  132. 642670135f62: Pull complete
  133. f2f9e484b2f8: Pull complete
  134. 31b2c41bb975: Pull complete
  135. 5a4d603bde6f: Pull complete
  136. 9775c16c68db: Pull complete
  137. f66751b83e51: Pull complete
  138. 75d7844e3a93: Pull complete
  139. 268ab36224e9: Pull complete
  140. 87186b2fda35: Pull complete
  141. dd7716bd850a: Pull complete
  142. fdf60e19e994: Pull complete
  143. cce69d5a2c12: Pull complete
  144. Digest: sha256:d743a69635c7c6574d84a49f55f8d8e045087821434612d6db35669780a80681
  145. Status: Downloaded newer image for jumpserver/lion:v2.13.2
  146. 完成
  147. >>> 安装配置 JumpServer
  148. 1. 配置网络
  149. 是否需要支持 IPv6? (y/n) (默认为 n):
  150. 完成
  151. 2. 配置加密密钥
  152. SECRETE_KEY: ODliMjRkNTYtMDRiNi02OTVlLWE3ZjEtMWQ3YzI4ZGI0MGUw
  153. BOOTSTRAP_TOKEN: ODliMjRkNTYtMDRiNi02OTVl
  154. 完成
  155. 3. 配置持久化目录
  156. 是否需要自定义持久化存储, 默认将使用目录 /opt/jumpserver? (y/n) (默认为 n):
  157. 完成
  158. 4. 配置 MySQL
  159. 是否使用外部 MySQL? (y/n) (默认为 n):
  160. 完成
  161. 5. 配置 Redis
  162. 是否使用外部 Redis? (y/n) (默认为 n):
  163. 完成
  164. 6. 配置对外端口
  165. 是否需要配置 JumpServer 对外访问端口? (y/n) (默认为 n):
  166. 完成
  167. 7. 初始化数据库
  168. Creating network "jms_net" with driver "bridge"
  169. Creating jms_redis ... done
  170. Creating jms_mysql ... done
  171. Creating jms_core ... done
  172. 2022-04-12 00:59:13 Collect static files
  173. 2022-04-12 00:59:13 Collect static files done
  174. 2022-04-12 00:59:13 Check database structure change ...
  175. 2022-04-12 00:59:13 Migrate model change to database ...
  176. 476 static files copied to '/opt/jumpserver/data/static'.
  177. Operations to perform:
  178. Apply all migrations: acls, admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, notifications, ops, orgs, perms, sessions, settings, terminal, tickets, users
  179. Running migrations:
  180. Applying contenttypes.0001_initial... OK
  181. Applying contenttypes.0002_remove_content_type_name... OK
  182. Applying auth.0001_initial... OK
  183. Applying auth.0002_alter_permission_name_max_length... OK
  184. Applying auth.0003_alter_user_email_max_length... OK
  185. Applying auth.0004_alter_user_username_opts... OK
  186. Applying auth.0005_alter_user_last_login_null... OK
  187. Applying auth.0006_require_contenttypes_0002... OK
  188. Applying auth.0007_alter_validators_add_error_messages... OK
  189. Applying auth.0008_alter_user_username_max_length... OK
  190. Applying users.0001_initial... OK
  191. Applying acls.0001_initial... OK
  192. Applying admin.0001_initial... OK
  193. Applying admin.0002_logentry_remove_auto_add... OK
  194. Applying admin.0003_logentry_add_action_flag_choices... OK
  195. Applying users.0002_auto_20171225_1157_squashed_0019_auto_20190304_1459... OK
  196. Applying users.0020_auto_20190612_1825... OK
  197. Applying users.0021_auto_20190625_1104... OK
  198. Applying users.0022_auto_20190625_1105... OK
  199. Applying users.0023_auto_20190724_1525... OK
  200. Applying users.0024_auto_20191118_1612... OK
  201. Applying users.0025_auto_20200206_1216... OK
  202. Applying users.0026_auto_20200508_2105... OK
  203. Applying users.0027_auto_20200616_1503... OK
  204. Applying users.0028_auto_20200728_1805... OK
  205. Applying users.0029_auto_20200814_1650... OK
  206. Applying users.0030_auto_20200819_2041... OK
  207. Applying users.0031_auto_20201118_1801... OK
  208. Applying tickets.0001_initial... OK
  209. Applying tickets.0002_auto_20200728_1146... OK
  210. Applying tickets.0003_auto_20200804_1551... OK
  211. Applying tickets.0004_ticket_comment... OK
  212. Applying tickets.0005_ticket_meta_confirmed_system_users... OK
  213. Applying tickets.0006_auto_20201023_1628... OK
  214. Applying tickets.0007_auto_20201224_1821... OK
  215. Applying terminal.0001_initial... OK
  216. Applying terminal.0002_auto_20171228_0025_squashed_0009_auto_20180326_0957... OK
  217. Applying terminal.0010_auto_20180423_1140... OK
  218. Applying terminal.0011_auto_20180807_1116... OK
  219. Applying terminal.0012_auto_20180816_1652... OK
  220. Applying terminal.0013_auto_20181123_1113... OK
  221. Applying terminal.0014_auto_20181226_1441... OK
  222. Applying terminal.0015_auto_20190923_1529... OK
  223. Applying terminal.0016_commandstorage_replaystorage... OK
  224. Applying common.0001_initial... OK
  225. Applying common.0002_auto_20180111_1407... OK
  226. Applying common.0003_setting_category... OK
  227. Applying common.0004_setting_encrypted... OK
  228. Applying common.0005_auto_20190221_1902... OK
  229. Applying common.0006_auto_20190304_1515... OK
  230. Applying settings.0001_initial... OK
  231. Applying terminal.0017_auto_20191125_0931... OK
  232. Applying terminal.0018_auto_20191202_1010... OK
  233. Applying terminal.0019_auto_20191206_1000... OK
  234. Applying terminal.0020_auto_20191218_1721... OK
  235. Applying terminal.0021_auto_20200213_1316... OK
  236. Applying terminal.0022_session_is_success... OK
  237. Applying terminal.0023_command_risk_level... OK
  238. Applying terminal.0024_auto_20200715_1713... OK
  239. Applying terminal.0025_auto_20200810_1735... OK
  240. Applying terminal.0026_auto_20201027_1905... OK
  241. Applying terminal.0027_auto_20201102_1651... OK
  242. Applying terminal.0028_auto_20201110_1918... OK
  243. Applying terminal.0029_auto_20201116_1757... OK
  244. Applying terminal.0030_terminal_type... OK
  245. Applying terminal.0031_auto_20210113_1356... OK
  246. Applying assets.0001_initial... OK
  247. Applying perms.0001_initial... OK
  248. Applying assets.0002_auto_20180105_1807_squashed_0009_auto_20180307_1212... OK
  249. Applying assets.0010_auto_20180307_1749_squashed_0019_auto_20180816_1320... OK
  250. Applying perms.0002_auto_20171228_0025_squashed_0009_auto_20180903_1132... OK
  251. Applying perms.0003_action... OK
  252. Applying perms.0004_assetpermission_actions... OK
  253. Applying assets.0020_auto_20180816_1652... OK
  254. Applying assets.0021_auto_20180903_1132... OK
  255. Applying assets.0022_auto_20181012_1717... OK
  256. Applying assets.0023_auto_20181016_1650... OK
  257. Applying assets.0024_auto_20181219_1614... OK
  258. Applying assets.0025_auto_20190221_1902... OK
  259. Applying assets.0026_auto_20190325_2035... OK
  260. Applying applications.0001_initial... OK
  261. Applying perms.0005_auto_20190521_1619... OK
  262. Applying perms.0006_auto_20190628_1921... OK
  263. Applying perms.0007_remove_assetpermission_actions... OK
  264. Applying perms.0008_auto_20190911_1907... OK
  265. Applying assets.0027_auto_20190521_1703... OK
  266. Applying assets.0028_protocol... OK
  267. Applying assets.0029_auto_20190522_1114... OK
  268. Applying assets.0030_auto_20190619_1135... OK
  269. Applying assets.0031_auto_20190621_1332... OK
  270. Applying assets.0032_auto_20190624_2108... OK
  271. Applying assets.0033_auto_20190624_2108... OK
  272. Applying assets.0034_auto_20190705_1348... OK
  273. Applying assets.0035_auto_20190711_2018... OK
  274. Applying assets.0036_auto_20190716_1535... OK
  275. Applying assets.0037_auto_20190724_2002... OK
  276. Applying assets.0038_auto_20190911_1634... OK
  277. Applying perms.0009_remoteapppermission_system_users... OK
  278. Applying assets.0039_authbook_is_active... OK
  279. Applying assets.0040_auto_20190917_2056... OK
  280. Applying assets.0041_gathereduser... OK
  281. Applying assets.0042_favoriteasset... OK
  282. Applying assets.0043_auto_20191114_1111... OK
  283. Applying assets.0044_platform... OK
  284. Applying assets.0045_auto_20191206_1607... OK
  285. Applying assets.0046_auto_20191218_1705... OK
  286. Applying applications.0002_remove_remoteapp_system_user... OK
  287. Applying applications.0003_auto_20191210_1659... OK
  288. Applying applications.0004_auto_20191218_1705... OK
  289. Applying perms.0010_auto_20191218_1705... OK
  290. Applying perms.0011_auto_20200721_1739... OK
  291. Applying assets.0047_assetuser... OK
  292. Applying assets.0048_auto_20191230_1512... OK
  293. Applying assets.0049_systemuser_sftp_root... OK
  294. Applying assets.0050_auto_20200711_1740... OK
  295. Applying assets.0051_auto_20200713_1143... OK
  296. Applying assets.0052_auto_20200715_1535... OK
  297. Applying assets.0053_auto_20200723_1232... OK
  298. Applying assets.0054_auto_20200807_1032... OK
  299. Applying applications.0005_k8sapp... OK
  300. Applying perms.0012_k8sapppermission... OK
  301. Applying assets.0055_auto_20200811_1845... OK
  302. Applying assets.0056_auto_20200904_1751... OK
  303. Applying assets.0057_fill_node_value_assets_amount_and_parent_key...
  304. ................................................................. OK
  305. Applying perms.0013_rebuildusertreetask_usergrantedmappingnode... OK
  306. Applying perms.0014_build_users_perm_tree... OK
  307. Applying perms.0015_auto_20200929_1728... OK
  308. Applying assets.0058_auto_20201023_1115... OK
  309. Applying assets.0059_auto_20201027_1905... OK
  310. Applying applications.0006_application... OK
  311. Applying perms.0016_applicationpermission... OK
  312. Applying perms.0017_auto_20210104_0435... OK
  313. Applying assets.0060_node_full_value...
  314. - Start migrate node value if has /
  315. - Start migrate node full value
  316. OK
  317. Applying assets.0061_auto_20201116_1757... OK
  318. Applying assets.0062_auto_20201117_1938... OK
  319. Applying assets.0063_migrate_default_node_key...
  320. Check old default node `key=0 value=Default` not exists
  321. OK
  322. Applying assets.0064_auto_20201203_1100... OK
  323. Applying assets.0065_auto_20210121_1549... OK
  324. Applying perms.0018_auto_20210208_1515... OK
  325. Applying orgs.0001_initial... OK
  326. Applying orgs.0002_auto_20180903_1132... OK
  327. Applying orgs.0003_auto_20190916_1057... OK
  328. Applying orgs.0004_organizationmember... OK
  329. Applying orgs.0005_auto_20200721_1937... OK
  330. Applying orgs.0006_auto_20200721_1937... OK
  331. Applying orgs.0007_auto_20200728_1805... OK
  332. Applying orgs.0008_auto_20200819_2041... OK
  333. Applying orgs.0009_auto_20201023_1628... OK
  334. Applying ops.0001_initial... OK
  335. Applying ops.0002_celerytask... OK
  336. Applying ops.0003_auto_20181207_1744... OK
  337. Applying ops.0004_adhoc_run_as... OK
  338. Applying ops.0005_auto_20181219_1807... OK
  339. Applying ops.0006_auto_20190318_1023... OK
  340. Applying ops.0007_auto_20190724_2002... OK
  341. Applying ops.0008_auto_20190919_2100... OK
  342. Applying ops.0009_auto_20191217_1713... OK
  343. Applying ops.0010_auto_20191217_1758... OK
  344. Applying ops.0011_auto_20200106_1534... OK
  345. Applying ops.0012_auto_20200108_1659... OK
  346. Applying ops.0013_auto_20200108_1706... OK
  347. Applying ops.0014_auto_20200108_1749... OK
  348. Applying ops.0015_auto_20200108_1809... OK
  349. Applying ops.0016_commandexecution_org_id... OK
  350. Applying ops.0017_auto_20200306_1747... OK
  351. Applying ops.0018_auto_20200509_1434... OK
  352. Applying ops.0019_adhocexecution_celery_task_id... OK
  353. Applying audits.0001_initial... OK
  354. Applying audits.0002_ftplog_org_id... OK
  355. Applying audits.0003_auto_20180816_1652... OK
  356. Applying audits.0004_operatelog_passwordchangelog_userloginlog... OK
  357. Applying audits.0005_auto_20190228_1715... OK
  358. Applying audits.0006_auto_20190726_1753... OK
  359. Applying audits.0007_auto_20191202_1010... OK
  360. Applying audits.0008_auto_20200508_2105... OK
  361. Applying audits.0009_auto_20200624_1654... OK
  362. Applying audits.0010_auto_20200811_1122... OK
  363. Applying audits.0011_userloginlog_backend... OK
  364. Applying assets.0066_auto_20210208_1802... OK
  365. Applying applications.0007_auto_20201119_1110... OK
  366. Applying applications.0008_auto_20210104_0435... OK
  367. Applying orgs.0010_auto_20210219_1241...
  368. Migrate model org id: Application done, use 0.88 ms
  369. Migrate model org id: AdminUser done, use 0.92 ms
  370. Migrate model org id: Asset done, use 0.88 ms
  371. Migrate model org id: AuthBook done, use 0.8 ms
  372. Migrate model org id: CommandFilter done, use 0.66 ms
  373. Migrate model org id: CommandFilterRule done, use 0.72 ms
  374. Migrate model org id: Domain done, use 0.66 ms
  375. Migrate model org id: Gateway done, use 0.96 ms
  376. Migrate model org id: GatheredUser done, use 1.06 ms
  377. Migrate model org id: Label done, use 1.21 ms
  378. Migrate model org id: Node done, use 0.74 ms
  379. Migrate model org id: SystemUser done, use 0.89 ms
  380. Migrate model org id: FTPLog done, use 1.21 ms
  381. Migrate model org id: OperateLog done, use 0.97 ms
  382. Migrate model org id: AdHoc done, use 0.75 ms
  383. Migrate model org id: AdHocExecution done, use 0.77 ms
  384. Migrate model org id: CommandExecution done, use 0.71 ms
  385. Migrate model org id: Task done, use 0.99 ms
  386. Migrate model org id: ApplicationPermission done, use 0.79 ms
  387. Migrate model org id: AssetPermission done, use 0.77 ms
  388. Migrate model org id: UserAssetGrantedTreeNodeRelation done, use 0.77 ms
  389. Migrate model org id: Session done, use 0.84 ms
  390. Migrate model org id: Command done, use 0.74 ms
  391. Migrate model org id: Ticket done, use 0.81 ms
  392. Migrate model org id: UserGroup done, use 0.97 ms
  393. Will add users to default org: 1
  394. Add users to default org: 1-1
  395. done, use 5.91 ms
  396. OK
  397. Applying assets.0067_auto_20210311_1113... OK
  398. Applying assets.0068_auto_20210312_1455... OK
  399. Applying assets.0069_change_node_key0_to_key1...
  400. --> Not exist key=0 nodes, do nothing.
  401. OK
  402. Applying assets.0070_auto_20210426_1515... OK
  403. Applying applications.0009_applicationuser... OK
  404. Applying assets.0071_systemuser_type...
  405. OK
  406. Applying assets.0072_historicalauthbook...
  407. OK
  408. Applying assets.0073_auto_20210606_1142...
  409. OK
  410. Applying assets.0074_remove_systemuser_assets... OK
  411. Applying assets.0075_auto_20210705_1759... OK
  412. Applying assets.0076_delete_assetuser... OK
  413. Applying audits.0012_auto_20210414_1443... OK
  414. Applying auth.0009_alter_user_last_name_max_length... OK
  415. Applying auth.0010_alter_group_name_max_length... OK
  416. Applying auth.0011_update_proxy_permissions... OK
  417. Applying auth.0012_alter_user_first_name_max_length... OK
  418. Applying authentication.0001_initial... OK
  419. Applying authentication.0002_auto_20190729_1423... OK
  420. Applying authentication.0003_loginconfirmsetting... OK
  421. Applying authentication.0004_ssotoken... OK
  422. Applying captcha.0001_initial... OK
  423. Applying django_cas_ng.0001_initial... OK
  424. Applying django_celery_beat.0001_initial... OK
  425. Applying django_celery_beat.0002_auto_20161118_0346... OK
  426. Applying django_celery_beat.0003_auto_20161209_0049... OK
  427. Applying django_celery_beat.0004_auto_20170221_0000... OK
  428. Applying django_celery_beat.0005_add_solarschedule_events_choices... OK
  429. Applying django_celery_beat.0006_auto_20180322_0932... OK
  430. Applying django_celery_beat.0007_auto_20180521_0826... OK
  431. Applying django_celery_beat.0008_auto_20180914_1922... OK
  432. Applying django_celery_beat.0006_auto_20180210_1226... OK
  433. Applying django_celery_beat.0006_periodictask_priority... OK
  434. Applying django_celery_beat.0009_periodictask_headers... OK
  435. Applying django_celery_beat.0010_auto_20190429_0326... OK
  436. Applying django_celery_beat.0011_auto_20190508_0153... OK
  437. Applying django_celery_beat.0012_periodictask_expire_seconds... OK
  438. Applying jms_oidc_rp.0001_initial... OK
  439. Applying users.0032_userpasswordhistory... OK
  440. Applying users.0033_user_need_update_password... OK
  441. Applying users.0034_auto_20210506_1448... OK
  442. Applying users.0035_auto_20210526_1100... OK
  443. Applying notifications.0001_initial... OK
  444. Applying ops.0020_adhoc_run_system_user... OK
  445. Applying sessions.0001_initial... OK
  446. Applying settings.0002_auto_20210729_1546... OK
  447. Applying terminal.0032_auto_20210302_1853... OK
  448. Applying terminal.0033_auto_20210324_1008... OK
  449. Applying terminal.0034_auto_20210406_1434... OK
  450. Applying terminal.0035_auto_20210517_1448... OK
  451. Applying terminal.0036_auto_20210604_1124... OK
  452. Applying terminal.0037_auto_20210623_1748... OK
  453. Applying terminal.0038_task_kwargs... OK
  454. Applying terminal.0039_auto_20210805_1552... OK
  455. Applying tickets.0008_auto_20210311_1113... OK
  456. Applying tickets.0009_auto_20210426_1720... OK
  457. Applying users.0036_user_feishu_id... OK
  458. 完成
  459. >>> 安装完成了
  460. 1. 可以使用如下命令启动, 然后访问
  461. cd /usr/local/jumpserver-installer-v2.13.2
  462. ./jmsctl.sh start
  463. 2. 其它一些管理命令
  464. ./jmsctl.sh stop
  465. ./jmsctl.sh restart
  466. ./jmsctl.sh backup
  467. ./jmsctl.sh upgrade
  468. 更多还有一些命令, 你可以 ./jmsctl.sh --help 来了解
  469. 3. Web 访问
  470. http://192.168.200.32:80
  471. 默认用户: admin 默认密码: admin
  472. 4. SSH/SFTP 访问
  473. ssh -p2222 admin@192.168.200.32
  474. sftp -P2222 admin@192.168.200.32
  475. 5. 更多信息
  476. 我们的官网: https://www.jumpserver.org/
  477. 我们的文档: https://docs.jumpserver.org/

2.4 启动JumpServer

  1. #启动JumpServer
  2. [root@jumpserver jumpserver-installer-v2.13.2]# ./jmsctl.sh start
  3. jms_redis is up-to-date
  4. jms_mysql is up-to-date
  5. Creating jms_core ... done
  6. Creating jms_lion ... done
  7. Creating jms_koko ... done
  8. Creating jms_celery ... done
  9. Creating jms_web ... done

2.5 浏览器访问http://192.168.200.32地址

图片.png-1495.7kB

提示修改密码:
图片.png-78.6kB

修改密码:
图片.png-81.3kB

修改完成之后,重新登录JumpServer 堡垒机即可:
图片.png-1452.4kB

登录堡垒机成功:
图片.png-397.7kB

3、Jumpserver使用

3.1 用户配置

用户、系统用户、管理用户的关系

  • 用户管理里面的用户列表 是用来登录jumpserver平台的用户,用户需要先登录jumpserver平台才能管理或者连接资产
  • 资产管理里面的特权用户 是jumpserver用来管理资产需要的服务账户
  • 资产管理里面的系统用户 是jumpserver用户连接资产需要的登录账户

3.2 用户组

图片.png-297.4kB

3.3 用户列表

图片.png-268.5kB

3.4 网域列表

图片.png-318.9kB

3.5 资产列表

图片.png-488.9kB

图片.png-202.7kB

稍后创建

3.6 系统用户-特权用户

  1. #备注:这里的管理用户,要在被管理节点提前创建,用户名密码保持一致,并且要在被管理节点进行sudo提权
  2. #创建登录用户
  3. [root@mysql-master ~]# useradd look
  4. [root@mysql-master ~]# echo "look" | passwd --stdin look
  5. 更改用户 look 的密码
  6. passwd:所有的身份验证令牌已经成功更新。
  7. #配置sudo权限
  8. [root@mysql-master ~]# vim /etc/sudoers
  9. [root@mysql-master ~]# sed -i "101p" /etc/sudoers
  10. [root@mysql-master ~]#
  11. [root@mysql-master ~]# sed -n "101p" /etc/sudoers
  12. look ALL=(root) NOPASSWD:ALL
  13. #测试提权是否成功
  14. [root@mysql-master ~]# su - look
  15. [look@mysql-master ~]$ sudo touch 1.txt

图片.png-385.1kB

图片.png-283.5kB

3.7 系统用户-普通用户

图片.png-322.8kB

3.8 资产列表(接3.5)

图片.png-393.5kB

图片.png-307.3kB

创建完成,进行验证主机是否可连接
图片.png-319.3kB

图片.png-403.5kB

图片.png-243.9kB

3.9 资产授权

图片.png-350.9kB

图片.png-317kB

3.10 测试

1、退出admin管理员用户,使用yangwenbo普通用户登录Jumpserver堡垒机平台
2、查看自己对所分配的资产有无连接权限

图片.png-373.8kB

可以看到,可以连接,并且可以操作。

图片.png-396.8kB

3.11 配置命令规则

图片.png-305kB

图片.png-379.3kB

图片.png-353.5kB

图片.png-294.9kB

检测
图片.png-264.5kB

3.12 会话管理

有操作回放视频,能查看工作人员操作的历史记录。

图片.png-548.5kB

添加新批注
在作者公开此批注前,只有你和作者可见。
回复批注