[关闭]
@yangwenbo 2022-09-21T14:26:48.000000Z 字数 21289 阅读 242

基础组件环境

JumpServer安装部署

访问JumpServer安装文档

名称 物理IP 说明 密码
JumpServer 192.168.200.32 跳板机 admin/123.123

1、一键安装JumpServer(需要可以科学上网)

  1. #默认会安装到 /opt/jumpserver-installer-v2.13.2 目录 
  2. [root@jumpserver ~]# curl -sSL https://github.com/jumpserver/jumpserver/releases/download/v2.13.2/quick_start.sh | bash
  4. [root@jumpserver ~]# cd /opt/jumpserver-installer-v2.13.2/
  5. [root@jumpserver jumpserver-installer-v2.13.2]# ./jmsctl.sh start
  6. #如果网络不好的情况情况下不建议使用一键部署,可以先下载tar包,然后进行编译安装

2、手动部署JumpServer

2.1 JumpServer下载安装

  1. #下载JumpServer的tar包
  2. [root@jumpserver ~]# wget https://github.com/jumpserver/installer/releases/download/v2.13.2/jumpserver-installer-v2.13.2.tar.gz
  4. #将JumpServer的tar包解压到/usr/local/目录下
  5. [root@jumpserver ~]# tar xf jumpserver-installer-v2.13.2.tar.gz -C /usr/local/
  7. #进入到解压后的目录进行编译安装
  8. [root@jumpserver ~]# cd /usr/local/jumpserver-installer-v2.13.2/
  10. #查看目录内容
  11. [root@jumpserver jumpserver-installer-v2.13.2]# ls
  12. compose  config-example.txt  config_init  jmsctl.sh  locale  quick_start.sh  README.md  scripts  static.env  utils

2.2 根据需要修改配置文件模板, 如果不清楚用途可以跳过修改

  1. [root@jumpserver jumpserver-installer-v2.13.2]# cat config-example.txt 
  2. # 以下设置如果为空系统会自动生成随机字符串填入
  3. ## 迁移请修改 SECRET_KEY 和 BOOTSTRAP_TOKEN 为原来的设置
  4. ## 完整参数文档 https://docs.jumpserver.org/zh/master/admin-guide/env/
  6. ## 安装配置, 可以使用华为云加速下载, arm64 用户需要注释掉 DOCKER_IMAGE_PREFIX
  7. # DOCKER_IMAGE_PREFIX=swr.cn-south-1.myhuaweicloud.com
  8. VOLUME_DIR=/opt/jumpserver
  9. DOCKER_DIR=/var/lib/docker
  10. SECRET_KEY=
  11. BOOTSTRAP_TOKEN=
  12. LOG_LEVEL=ERROR
  14. ##  MySQL 配置, USE_EXTERNAL_MYSQL=1 表示使用外置 MySQL, 请输入正确的 MySQL 信息
  15. USE_EXTERNAL_MYSQL=0
  16. DB_HOST=mysql
  17. DB_PORT=3306
  18. DB_USER=root
  19. DB_PASSWORD=
  20. DB_NAME=jumpserver
  22. ##  Redis 配置, USE_EXTERNAL_REDIS=1 表示使用外置 Redis, 请输入正确的 Redis 信息
  23. USE_EXTERNAL_REDIS=0
  24. REDIS_HOST=redis
  25. REDIS_PORT=6379
  26. REDIS_PASSWORD=
  28. ## Compose 项目设置, 如果 192.168.250.0/24 网段与你现有网段冲突, 请修改然后重启 JumpServer
  29. COMPOSE_PROJECT_NAME=jms
  30. COMPOSE_HTTP_TIMEOUT=3600
  31. DOCKER_CLIENT_TIMEOUT=3600
  32. DOCKER_SUBNET=192.168.250.0/24
  34. ## IPV6 设置, 容器是否开启 ipv6 nat, USE_IPV6=1 表示开启, 为 0 的情况下 DOCKER_SUBNET_IPV6 定义不生效
  35. USE_IPV6=0
  36. DOCKER_SUBNET_IPV6=2001:db8:10::/64
  38. ## Nginx 配置, USE_LB=1 表示开启, 为 0 的情况下, HTTPS_PORT 定义不生效
  39. HTTP_PORT=80
  40. SSH_PORT=2222
  41. RDP_PORT=3389
  43. USE_LB=0
  44. HTTPS_PORT=443
  46. ## Task 配置, 是否启动 jms_celery 容器, 单节点必须开启
  47. USE_TASK=1
  49. ## XPack, USE_XPACK=1 表示开启, 开源版本设置无效
  50. USE_XPACK=0
  52. # Core 配置, Session 定义, SESSION_COOKIE_AGE 表示闲置多少秒后 session 过期, SESSION_EXPIRE_AT_BROWSER_CLOSE=true 表示关闭浏览器即 session 过期
  53. # SESSION_COOKIE_AGE=86400
  54. SESSION_EXPIRE_AT_BROWSER_CLOSE=true
  56. # Koko Lion XRDP 组件配置
  57. CORE_HOST=http://core:8080
  59. # 额外的配置
  60. CURRENT_VERSION=

2.3 安装JumpServer

  1. [root@jumpserver jumpserver-installer-v2.13.2]# ./jmsctl.sh install
  4.        ██╗██╗   ██╗███╗   ███╗██████╗ ███████╗███████╗██████╗ ██╗   ██╗███████╗██████╗
  5.        ██║██║   ██║████╗ ████║██╔══██╗██╔════╝██╔════╝██╔══██╗██║   ██║██╔════╝██╔══██╗
  6.        ██║██║   ██║██╔████╔██║██████╔╝███████╗█████╗  ██████╔╝██║   ██║█████╗  ██████╔╝
  7.   ██   ██║██║   ██║██║╚██╔╝██║██╔═══╝ ╚════██║██╔══╝  ██╔══██╗╚██╗ ██╔╝██╔══╝  ██╔══██╗
  8.   ╚█████╔╝╚██████╔╝██║ ╚═╝ ██║██║     ███████║███████╗██║  ██║ ╚████╔╝ ███████╗██║  ██║
  9.    ╚════╝  ╚═════╝ ╚═╝     ╚═╝╚═╝     ╚══════╝╚══════╝╚═╝  ╚═╝  ╚═══╝  ╚══════╝╚═╝  ╚═╝
  11.                                    Version:  v2.13.2  
  13. 1. 检查配置文件
  14. 配置文件位置: /opt/jumpserver/config
  15. /opt/jumpserver/config/config.txt  [  ]
  16. /opt/jumpserver/config/nginx/lb_rdp_server.conf  [  ]
  17. /opt/jumpserver/config/nginx/lb_ssh_server.conf  [  ]
  18. /opt/jumpserver/config/nginx/cert/server.crt   [  ]
  19. /opt/jumpserver/config/nginx/cert/server.key   [  ]
  20. 完成
  22. 2. 备份配置文件
  23. 备份至 /opt/jumpserver/config/backup/config.txt.2022-04-11_16-54-33
  24. 完成
  26. >>> 安装配置 Docker
  27. 1. 安装 Docker
  28. 开始下载 Docker 程序 ...
  29. 开始下载 Docker Compose 程序 ...
  30. 完成
  32. 2. 配置 Docker
  33. 是否需要自定义 docker 存储目录, 默认将使用目录 /var/lib/docker? (y/n)  (默认为 n): 
  34. 完成
  36. 3. 启动 Docker
  37. Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /etc/systemd/system/docker.service.
  38. 完成
  40. >>> 加载 Docker 镜像
  41. [jumpserver/nginx:alpine2]
  42. alpine2: Pulling from jumpserver/nginx
  43. alpine2: Pulling from jumpserver/nginx
  44. 486039affc0a: Pull complete 
  45. a99e975e0fd9: Pull complete 
  46. 92520226185f: Pull complete 
  47. 0c892c15af12: Pull complete 
  48. Digest: sha256:bc5107a2b70df7d81dd00823ec8fc4ee56ea00c61032d8f7b33ad33f6aa9224b
  49. Status: Downloaded newer image for jumpserver/nginx:alpine2
  51. [jumpserver/redis:6-alpine]
  52. 6-alpine: Pulling from jumpserver/redis
  53. 5843afab3874: Pull complete 
  54. f2c041a97bd6: Pull complete 
  55. 2ab181d61f92: Pull complete 
  56. 0e735c6f0308: Pull complete 
  57. 3494533ff85c: Pull complete 
  58. 09ce5e93ca58: Pull complete 
  59. Digest: sha256:8300b885570faad626e569e7b8cfef3407c87050d705ff26e243200cb3f84da8
  60. Status: Downloaded newer image for jumpserver/redis:6-alpine
  62. [jumpserver/mysql:5]
  63. 5: Pulling from jumpserver/mysql
  64. 6ec7b7d162b2: Pull complete 
  65. fedd960d3481: Pull complete 
  66. 7ab947313861: Pull complete 
  67. 64f92f19e638: Pull complete 
  68. 3e80b17bff96: Pull complete 
  69. 014e976799f9: Pull complete 
  70. 59ae84fee1b3: Pull complete 
  71. 7d1da2a18e2e: Pull complete 
  72. 301a28b700b9: Pull complete 
  73. 979b389fc71f: Pull complete 
  74. 403f729b1bad: Pull complete 
  75. Digest: sha256:b3b2703de646600b008cbb2de36b70b21e51e7e93a7fca450d2b08151658b2dd
  76. Status: Downloaded newer image for jumpserver/mysql:5
  78. [jumpserver/web:v2.13.2]
  79. v2.13.2: Pulling from jumpserver/web
  80. 29291e31a76a: Pull complete 
  81. e82f830de071: Pull complete 
  82. d7c9fa7589ae: Pull complete 
  83. 3c1eaf69ff49: Pull complete 
  84. bf2b3ee132db: Pull complete 
  85. 9a6ac07b84eb: Pull complete 
  86. 74f40c418ade: Pull complete 
  87. b87961e347c1: Pull complete 
  88. b6f96856746e: Pull complete 
  89. 04c67e5d3785: Pull complete 
  90. b8052eeb24f5: Pull complete 
  91. Digest: sha256:ddeb91d7063203ad893ba2724ab7db42654f4905705c4b40134a33a4fb55c072
  92. Status: Downloaded newer image for jumpserver/web:v2.13.2
  94. [jumpserver/core:v2.13.2]
  95. v2.13.2: Pulling from jumpserver/core
  96. 6ec7b7d162b2: Already exists 
  97. 80ff6536d04b: Pulling fs layer 
  98. 2d04da85e485: Pulling fs layer 
  99. 998aa32a5c8a: Downloading 
  100. 7733ef26f344: Waiting 
  101. b8f2de1a0c00: Waiting 
  102. bce204fa577d: Waiting 
  103. 2886eb4524b3: Waiting 
  104. 119a097d4cb2: Waiting 
  105. 05910b160293: Waiting 
  106. 2a3a5a6216d8: Waiting 
  107. cb8ec5e3f08f: Waiting 
  108. 0ef3e1bf4247: Waiting 
  109. v2.13.2: Pulling from jumpserver/core
  110. 6ec7b7d162b2: Already exists 
  111. 80ff6536d04b: Pull complete 
  112. 2d04da85e485: Pull complete 
  113. 998aa32a5c8a: Pull complete 
  114. 7733ef26f344: Pull complete 
  115. b8f2de1a0c00: Pull complete 
  116. bce204fa577d: Pull complete 
  117. 2886eb4524b3: Pull complete 
  118. 119a097d4cb2: Pull complete 
  119. 05910b160293: Pull complete 
  120. 2a3a5a6216d8: Pull complete 
  121. cb8ec5e3f08f: Pull complete 
  122. 0ef3e1bf4247: Pull complete 
  123. Digest: sha256:7e2982dbdc0360601387cade82b285235948b6d0e6506aa8375f704e77260b27
  124. Status: Downloaded newer image for jumpserver/core:v2.13.2
  126. [jumpserver/koko:v2.13.2]
  127. v2.13.2: Pulling from jumpserver/koko
  128. v2.13.2: Pulling from jumpserver/koko
  129. 33f99cea3b7d: Pull complete 
  130. 2d5748cec128: Pull complete 
  131. 3c306b4a8bf3: Pull complete 
  132. 51551dd74879: Pull complete 
  133. d6595856b6f2: Pull complete 
  134. 7514ad72b0f5: Pull complete 
  135. 68aaeea68ec7: Pull complete 
  136. f168d88f4ac6: Pull complete 
  137. 2e9752838d5c: Pull complete 
  138. cc91d4b42ecb: Pull complete 
  139. 67120f3de9ba: Pull complete 
  140. Digest: sha256:f81558d25dfe6999baa42984e2f68d77bf777b29d7206c3fd7195a61efdb18f6
  141. Status: Downloaded newer image for jumpserver/koko:v2.13.2
  143. [jumpserver/lion:v2.13.2]
  144. v2.13.2: Pulling from jumpserver/lion
  145. 69692152171a: Pull complete 
  146. d884362f8d65: Pull complete 
  147. 642670135f62: Pull complete 
  148. f2f9e484b2f8: Pull complete 
  149. 31b2c41bb975: Pull complete 
  150. 5a4d603bde6f: Pull complete 
  151. 9775c16c68db: Pull complete 
  152. f66751b83e51: Pull complete 
  153. 75d7844e3a93: Pull complete 
  154. 268ab36224e9: Pull complete 
  155. 87186b2fda35: Pull complete 
  156. dd7716bd850a: Pull complete 
  157. fdf60e19e994: Pull complete 
  158. cce69d5a2c12: Pull complete 
  159. Digest: sha256:d743a69635c7c6574d84a49f55f8d8e045087821434612d6db35669780a80681
  160. Status: Downloaded newer image for jumpserver/lion:v2.13.2
  162. 完成
  164. >>> 安装配置 JumpServer
  165. 1. 配置网络
  166. 是否需要支持 IPv6? (y/n)  (默认为 n): 
  167. 完成
  169. 2. 配置加密密钥
  170. SECRETE_KEY:     ODliMjRkNTYtMDRiNi02OTVlLWE3ZjEtMWQ3YzI4ZGI0MGUw
  171. BOOTSTRAP_TOKEN: ODliMjRkNTYtMDRiNi02OTVl
  172. 完成
  174. 3. 配置持久化目录
  175. 是否需要自定义持久化存储, 默认将使用目录 /opt/jumpserver? (y/n)  (默认为 n): 
  176. 完成
  178. 4. 配置 MySQL
  179. 是否使用外部 MySQL? (y/n)  (默认为 n): 
  180. 完成
  182. 5. 配置 Redis
  183. 是否使用外部 Redis? (y/n)  (默认为 n): 
  184. 完成
  186. 6. 配置对外端口
  187. 是否需要配置 JumpServer 对外访问端口? (y/n)  (默认为 n): 
  188. 完成
  190. 7. 初始化数据库
  191. Creating network "jms_net" with driver "bridge"
  192. Creating jms_redis ... done
  193. Creating jms_mysql ... done
  194. Creating jms_core  ... done
  195. 2022-04-12 00:59:13 Collect static files
  196. 2022-04-12 00:59:13 Collect static files done
  197. 2022-04-12 00:59:13 Check database structure change ...
  198. 2022-04-12 00:59:13 Migrate model change to database ...
  200. 476 static files copied to '/opt/jumpserver/data/static'.
  201. Operations to perform:
  202.   Apply all migrations: acls, admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, notifications, ops, orgs, perms, sessions, settings, terminal, tickets, users
  203. Running migrations:
  204.   Applying contenttypes.0001_initial... OK
  205.   Applying contenttypes.0002_remove_content_type_name... OK
  206.   Applying auth.0001_initial... OK
  207.   Applying auth.0002_alter_permission_name_max_length... OK
  208.   Applying auth.0003_alter_user_email_max_length... OK
  209.   Applying auth.0004_alter_user_username_opts... OK
  210.   Applying auth.0005_alter_user_last_login_null... OK
  211.   Applying auth.0006_require_contenttypes_0002... OK
  212.   Applying auth.0007_alter_validators_add_error_messages... OK
  213.   Applying auth.0008_alter_user_username_max_length... OK
  214.   Applying users.0001_initial... OK
  215.   Applying acls.0001_initial... OK
  216.   Applying admin.0001_initial... OK
  217.   Applying admin.0002_logentry_remove_auto_add... OK
  218.   Applying admin.0003_logentry_add_action_flag_choices... OK
  219.   Applying users.0002_auto_20171225_1157_squashed_0019_auto_20190304_1459... OK
  220.   Applying users.0020_auto_20190612_1825... OK
  221.   Applying users.0021_auto_20190625_1104... OK
  222.   Applying users.0022_auto_20190625_1105... OK
  223.   Applying users.0023_auto_20190724_1525... OK
  224.   Applying users.0024_auto_20191118_1612... OK
  225.   Applying users.0025_auto_20200206_1216... OK
  226.   Applying users.0026_auto_20200508_2105... OK
  227.   Applying users.0027_auto_20200616_1503... OK
  228.   Applying users.0028_auto_20200728_1805... OK
  229.   Applying users.0029_auto_20200814_1650... OK
  230.   Applying users.0030_auto_20200819_2041... OK
  231.   Applying users.0031_auto_20201118_1801... OK
  232.   Applying tickets.0001_initial... OK
  233.   Applying tickets.0002_auto_20200728_1146... OK
  234.   Applying tickets.0003_auto_20200804_1551... OK
  235.   Applying tickets.0004_ticket_comment... OK
  236.   Applying tickets.0005_ticket_meta_confirmed_system_users... OK
  237.   Applying tickets.0006_auto_20201023_1628... OK
  238.   Applying tickets.0007_auto_20201224_1821... OK
  239.   Applying terminal.0001_initial... OK
  240.   Applying terminal.0002_auto_20171228_0025_squashed_0009_auto_20180326_0957... OK
  241.   Applying terminal.0010_auto_20180423_1140... OK
  242.   Applying terminal.0011_auto_20180807_1116... OK
  243.   Applying terminal.0012_auto_20180816_1652... OK
  244.   Applying terminal.0013_auto_20181123_1113... OK
  245.   Applying terminal.0014_auto_20181226_1441... OK
  246.   Applying terminal.0015_auto_20190923_1529... OK
  247.   Applying terminal.0016_commandstorage_replaystorage... OK
  248.   Applying common.0001_initial... OK
  249.   Applying common.0002_auto_20180111_1407... OK
  250.   Applying common.0003_setting_category... OK
  251.   Applying common.0004_setting_encrypted... OK
  252.   Applying common.0005_auto_20190221_1902... OK
  253.   Applying common.0006_auto_20190304_1515... OK
  254.   Applying settings.0001_initial... OK
  255.   Applying terminal.0017_auto_20191125_0931... OK
  256.   Applying terminal.0018_auto_20191202_1010... OK
  257.   Applying terminal.0019_auto_20191206_1000... OK
  258.   Applying terminal.0020_auto_20191218_1721... OK
  259.   Applying terminal.0021_auto_20200213_1316... OK
  260.   Applying terminal.0022_session_is_success... OK
  261.   Applying terminal.0023_command_risk_level... OK
  262.   Applying terminal.0024_auto_20200715_1713... OK
  263.   Applying terminal.0025_auto_20200810_1735... OK
  264.   Applying terminal.0026_auto_20201027_1905... OK
  265.   Applying terminal.0027_auto_20201102_1651... OK
  266.   Applying terminal.0028_auto_20201110_1918... OK
  267.   Applying terminal.0029_auto_20201116_1757... OK
  268.   Applying terminal.0030_terminal_type... OK
  269.   Applying terminal.0031_auto_20210113_1356... OK
  270.   Applying assets.0001_initial... OK
  271.   Applying perms.0001_initial... OK
  272.   Applying assets.0002_auto_20180105_1807_squashed_0009_auto_20180307_1212... OK
  273.   Applying assets.0010_auto_20180307_1749_squashed_0019_auto_20180816_1320... OK
  274.   Applying perms.0002_auto_20171228_0025_squashed_0009_auto_20180903_1132... OK
  275.   Applying perms.0003_action... OK
  276.   Applying perms.0004_assetpermission_actions... OK
  277.   Applying assets.0020_auto_20180816_1652... OK
  278.   Applying assets.0021_auto_20180903_1132... OK
  279.   Applying assets.0022_auto_20181012_1717... OK
  280.   Applying assets.0023_auto_20181016_1650... OK
  281.   Applying assets.0024_auto_20181219_1614... OK
  282.   Applying assets.0025_auto_20190221_1902... OK
  283.   Applying assets.0026_auto_20190325_2035... OK
  284.   Applying applications.0001_initial... OK
  285.   Applying perms.0005_auto_20190521_1619... OK
  286.   Applying perms.0006_auto_20190628_1921... OK
  287.   Applying perms.0007_remove_assetpermission_actions... OK
  288.   Applying perms.0008_auto_20190911_1907... OK
  289.   Applying assets.0027_auto_20190521_1703... OK
  290.   Applying assets.0028_protocol... OK
  291.   Applying assets.0029_auto_20190522_1114... OK
  292.   Applying assets.0030_auto_20190619_1135... OK
  293.   Applying assets.0031_auto_20190621_1332... OK
  294.   Applying assets.0032_auto_20190624_2108... OK
  295.   Applying assets.0033_auto_20190624_2108... OK
  296.   Applying assets.0034_auto_20190705_1348... OK
  297.   Applying assets.0035_auto_20190711_2018... OK
  298.   Applying assets.0036_auto_20190716_1535... OK
  299.   Applying assets.0037_auto_20190724_2002... OK
  300.   Applying assets.0038_auto_20190911_1634... OK
  301.   Applying perms.0009_remoteapppermission_system_users... OK
  302.   Applying assets.0039_authbook_is_active... OK
  303.   Applying assets.0040_auto_20190917_2056... OK
  304.   Applying assets.0041_gathereduser... OK
  305.   Applying assets.0042_favoriteasset... OK
  306.   Applying assets.0043_auto_20191114_1111... OK
  307.   Applying assets.0044_platform... OK
  308.   Applying assets.0045_auto_20191206_1607... OK
  309.   Applying assets.0046_auto_20191218_1705... OK
  310.   Applying applications.0002_remove_remoteapp_system_user... OK
  311.   Applying applications.0003_auto_20191210_1659... OK
  312.   Applying applications.0004_auto_20191218_1705... OK
  313.   Applying perms.0010_auto_20191218_1705... OK
  314.   Applying perms.0011_auto_20200721_1739... OK
  315.   Applying assets.0047_assetuser... OK
  316.   Applying assets.0048_auto_20191230_1512... OK
  317.   Applying assets.0049_systemuser_sftp_root... OK
  318.   Applying assets.0050_auto_20200711_1740... OK
  319.   Applying assets.0051_auto_20200713_1143... OK
  320.   Applying assets.0052_auto_20200715_1535... OK
  321.   Applying assets.0053_auto_20200723_1232... OK
  322.   Applying assets.0054_auto_20200807_1032... OK
  323.   Applying applications.0005_k8sapp... OK
  324.   Applying perms.0012_k8sapppermission... OK
  325.   Applying assets.0055_auto_20200811_1845... OK
  326.   Applying assets.0056_auto_20200904_1751... OK
  327.   Applying assets.0057_fill_node_value_assets_amount_and_parent_key...
  329.   ................................................................. OK
  330.   Applying perms.0013_rebuildusertreetask_usergrantedmappingnode... OK
  331.   Applying perms.0014_build_users_perm_tree... OK
  332.   Applying perms.0015_auto_20200929_1728... OK
  333.   Applying assets.0058_auto_20201023_1115... OK
  334.   Applying assets.0059_auto_20201027_1905... OK
  335.   Applying applications.0006_application... OK
  336.   Applying perms.0016_applicationpermission... OK
  337.   Applying perms.0017_auto_20210104_0435... OK
  338.   Applying assets.0060_node_full_value...
  339. - Start migrate node value if has /
  340. - Start migrate node full value
  341.  OK
  342.   Applying assets.0061_auto_20201116_1757... OK
  343.   Applying assets.0062_auto_20201117_1938... OK
  344.   Applying assets.0063_migrate_default_node_key...
  345. Check old default node `key=0 value=Default` not exists
  346.  OK
  347.   Applying assets.0064_auto_20201203_1100... OK
  348.   Applying assets.0065_auto_20210121_1549... OK
  349.   Applying perms.0018_auto_20210208_1515... OK
  350.   Applying orgs.0001_initial... OK
  351.   Applying orgs.0002_auto_20180903_1132... OK
  352.   Applying orgs.0003_auto_20190916_1057... OK
  353.   Applying orgs.0004_organizationmember... OK
  354.   Applying orgs.0005_auto_20200721_1937... OK
  355.   Applying orgs.0006_auto_20200721_1937... OK
  356.   Applying orgs.0007_auto_20200728_1805... OK
  357.   Applying orgs.0008_auto_20200819_2041... OK
  358.   Applying orgs.0009_auto_20201023_1628... OK
  359.   Applying ops.0001_initial... OK
  360.   Applying ops.0002_celerytask... OK
  361.   Applying ops.0003_auto_20181207_1744... OK
  362.   Applying ops.0004_adhoc_run_as... OK
  363.   Applying ops.0005_auto_20181219_1807... OK
  364.   Applying ops.0006_auto_20190318_1023... OK
  365.   Applying ops.0007_auto_20190724_2002... OK
  366.   Applying ops.0008_auto_20190919_2100... OK
  367.   Applying ops.0009_auto_20191217_1713... OK
  368.   Applying ops.0010_auto_20191217_1758... OK
  369.   Applying ops.0011_auto_20200106_1534... OK
  370.   Applying ops.0012_auto_20200108_1659... OK
  371.   Applying ops.0013_auto_20200108_1706... OK
  372.   Applying ops.0014_auto_20200108_1749... OK
  373.   Applying ops.0015_auto_20200108_1809... OK
  374.   Applying ops.0016_commandexecution_org_id... OK
  375.   Applying ops.0017_auto_20200306_1747... OK
  376.   Applying ops.0018_auto_20200509_1434... OK
  377.   Applying ops.0019_adhocexecution_celery_task_id... OK
  378.   Applying audits.0001_initial... OK
  379.   Applying audits.0002_ftplog_org_id... OK
  380.   Applying audits.0003_auto_20180816_1652... OK
  381.   Applying audits.0004_operatelog_passwordchangelog_userloginlog... OK
  382.   Applying audits.0005_auto_20190228_1715... OK
  383.   Applying audits.0006_auto_20190726_1753... OK
  384.   Applying audits.0007_auto_20191202_1010... OK
  385.   Applying audits.0008_auto_20200508_2105... OK
  386.   Applying audits.0009_auto_20200624_1654... OK
  387.   Applying audits.0010_auto_20200811_1122... OK
  388.   Applying audits.0011_userloginlog_backend... OK
  389.   Applying assets.0066_auto_20210208_1802... OK
  390.   Applying applications.0007_auto_20201119_1110... OK
  391.   Applying applications.0008_auto_20210104_0435... OK
  392.   Applying orgs.0010_auto_20210219_1241...
  393. Migrate model org id: Application done, use 0.88 ms
  394. Migrate model org id: AdminUser done, use 0.92 ms
  395. Migrate model org id: Asset done, use 0.88 ms
  396. Migrate model org id: AuthBook done, use 0.8 ms
  397. Migrate model org id: CommandFilter done, use 0.66 ms
  398. Migrate model org id: CommandFilterRule done, use 0.72 ms
  399. Migrate model org id: Domain done, use 0.66 ms
  400. Migrate model org id: Gateway done, use 0.96 ms
  401. Migrate model org id: GatheredUser done, use 1.06 ms
  402. Migrate model org id: Label done, use 1.21 ms
  403. Migrate model org id: Node done, use 0.74 ms
  404. Migrate model org id: SystemUser done, use 0.89 ms
  405. Migrate model org id: FTPLog done, use 1.21 ms
  406. Migrate model org id: OperateLog done, use 0.97 ms
  407. Migrate model org id: AdHoc done, use 0.75 ms
  408. Migrate model org id: AdHocExecution done, use 0.77 ms
  409. Migrate model org id: CommandExecution done, use 0.71 ms
  410. Migrate model org id: Task done, use 0.99 ms
  411. Migrate model org id: ApplicationPermission done, use 0.79 ms
  412. Migrate model org id: AssetPermission done, use 0.77 ms
  413. Migrate model org id: UserAssetGrantedTreeNodeRelation done, use 0.77 ms
  414. Migrate model org id: Session done, use 0.84 ms
  415. Migrate model org id: Command done, use 0.74 ms
  416. Migrate model org id: Ticket done, use 0.81 ms
  417. Migrate model org id: UserGroup done, use 0.97 ms
  418. Will add users to default org: 1
  419. Add users to default org: 1-1
  420. done, use 5.91 ms
  421.  OK
  422.   Applying assets.0067_auto_20210311_1113... OK
  423.   Applying assets.0068_auto_20210312_1455... OK
  424.   Applying assets.0069_change_node_key0_to_key1...
  425. --> Not exist key=0 nodes, do nothing.
  426.  OK
  427.   Applying assets.0070_auto_20210426_1515... OK
  428.   Applying applications.0009_applicationuser... OK
  429.   Applying assets.0071_systemuser_type...
  430.  OK
  431.   Applying assets.0072_historicalauthbook...
  432.  OK
  433.   Applying assets.0073_auto_20210606_1142...
  435.  OK
  436.   Applying assets.0074_remove_systemuser_assets... OK
  437.   Applying assets.0075_auto_20210705_1759... OK
  438.   Applying assets.0076_delete_assetuser... OK
  439.   Applying audits.0012_auto_20210414_1443... OK
  440.   Applying auth.0009_alter_user_last_name_max_length... OK
  441.   Applying auth.0010_alter_group_name_max_length... OK
  442.   Applying auth.0011_update_proxy_permissions... OK
  443.   Applying auth.0012_alter_user_first_name_max_length... OK
  444.   Applying authentication.0001_initial... OK
  445.   Applying authentication.0002_auto_20190729_1423... OK
  446.   Applying authentication.0003_loginconfirmsetting... OK
  447.   Applying authentication.0004_ssotoken... OK
  448.   Applying captcha.0001_initial... OK
  449.   Applying django_cas_ng.0001_initial... OK
  450.   Applying django_celery_beat.0001_initial... OK
  451.   Applying django_celery_beat.0002_auto_20161118_0346... OK
  452.   Applying django_celery_beat.0003_auto_20161209_0049... OK
  453.   Applying django_celery_beat.0004_auto_20170221_0000... OK
  454.   Applying django_celery_beat.0005_add_solarschedule_events_choices... OK
  455.   Applying django_celery_beat.0006_auto_20180322_0932... OK
  456.   Applying django_celery_beat.0007_auto_20180521_0826... OK
  457.   Applying django_celery_beat.0008_auto_20180914_1922... OK
  458.   Applying django_celery_beat.0006_auto_20180210_1226... OK
  459.   Applying django_celery_beat.0006_periodictask_priority... OK
  460.   Applying django_celery_beat.0009_periodictask_headers... OK
  461.   Applying django_celery_beat.0010_auto_20190429_0326... OK
  462.   Applying django_celery_beat.0011_auto_20190508_0153... OK
  463.   Applying django_celery_beat.0012_periodictask_expire_seconds... OK
  464.   Applying jms_oidc_rp.0001_initial... OK
  465.   Applying users.0032_userpasswordhistory... OK
  466.   Applying users.0033_user_need_update_password... OK
  467.   Applying users.0034_auto_20210506_1448... OK
  468.   Applying users.0035_auto_20210526_1100... OK
  469.   Applying notifications.0001_initial... OK
  470.   Applying ops.0020_adhoc_run_system_user... OK
  471.   Applying sessions.0001_initial... OK
  472.   Applying settings.0002_auto_20210729_1546... OK
  473.   Applying terminal.0032_auto_20210302_1853... OK
  474.   Applying terminal.0033_auto_20210324_1008... OK
  475.   Applying terminal.0034_auto_20210406_1434... OK
  476.   Applying terminal.0035_auto_20210517_1448... OK
  477.   Applying terminal.0036_auto_20210604_1124... OK
  478.   Applying terminal.0037_auto_20210623_1748... OK
  479.   Applying terminal.0038_task_kwargs... OK
  480.   Applying terminal.0039_auto_20210805_1552... OK
  481.   Applying tickets.0008_auto_20210311_1113... OK
  482.   Applying tickets.0009_auto_20210426_1720... OK
  483.   Applying users.0036_user_feishu_id... OK
  484. 完成
  486. >>> 安装完成了
  487. 1. 可以使用如下命令启动, 然后访问
  488. cd /usr/local/jumpserver-installer-v2.13.2
  489. ./jmsctl.sh start
  491. 2. 其它一些管理命令
  492. ./jmsctl.sh stop
  493. ./jmsctl.sh restart
  494. ./jmsctl.sh backup
  495. ./jmsctl.sh upgrade
  496. 更多还有一些命令, 你可以 ./jmsctl.sh --help 来了解
  498. 3. Web 访问
  499. http://192.168.200.32:80
  500. 默认用户: admin  默认密码: admin
  502. 4. SSH/SFTP 访问
  503. ssh -p2222 admin@192.168.200.32
  504. sftp -P2222 admin@192.168.200.32
  506. 5. 更多信息
  507. 我们的官网: https://www.jumpserver.org/
  508. 我们的文档: https://docs.jumpserver.org/

2.4 启动JumpServer

  1. #启动JumpServer
  2. [root@jumpserver jumpserver-installer-v2.13.2]# ./jmsctl.sh start
  3. jms_redis is up-to-date
  4. jms_mysql is up-to-date
  5. Creating jms_core ... done
  6. Creating jms_lion   ... done
  7. Creating jms_koko   ... done
  8. Creating jms_celery ... done
  9. Creating jms_web    ... done

2.5 浏览器访问http://192.168.200.32地址

图片.png-1495.7kB

提示修改密码:
图片.png-78.6kB

修改密码:
图片.png-81.3kB

修改完成之后,重新登录JumpServer 堡垒机即可:
图片.png-1452.4kB

登录堡垒机成功:
图片.png-397.7kB

3、Jumpserver使用

3.1 用户配置

用户、系统用户、管理用户的关系

  • 用户管理里面的用户列表 是用来登录jumpserver平台的用户,用户需要先登录jumpserver平台才能管理或者连接资产
  • 资产管理里面的特权用户 是jumpserver用来管理资产需要的服务账户
  • 资产管理里面的系统用户 是jumpserver用户连接资产需要的登录账户

3.2 用户组

图片.png-297.4kB

3.3 用户列表

图片.png-268.5kB

3.4 网域列表

图片.png-318.9kB

3.5 资产列表

图片.png-488.9kB

图片.png-202.7kB

稍后创建

3.6 系统用户-特权用户

  1. #备注:这里的管理用户,要在被管理节点提前创建,用户名密码保持一致,并且要在被管理节点进行sudo提权
  3. #创建登录用户
  4. [root@mysql-master ~]# useradd look
  5. [root@mysql-master ~]# echo "look" | passwd --stdin look
  6. 更改用户 look 的密码 
  7. passwd:所有的身份验证令牌已经成功更新。
  9. #配置sudo权限
  10. [root@mysql-master ~]# vim /etc/sudoers
  11. [root@mysql-master ~]# sed -i "101p" /etc/sudoers
  12. [root@mysql-master ~]# 
  13. [root@mysql-master ~]# sed -n "101p" /etc/sudoers
  14. look    ALL=(root)  NOPASSWD:ALL
  16. #测试提权是否成功
  17. [root@mysql-master ~]# su - look
  18. [look@mysql-master ~]$ sudo touch 1.txt

图片.png-385.1kB

图片.png-283.5kB

3.7 系统用户-普通用户

图片.png-322.8kB

3.8 资产列表(接3.5)

图片.png-393.5kB

图片.png-307.3kB

创建完成,进行验证主机是否可连接
图片.png-319.3kB

图片.png-403.5kB

图片.png-243.9kB

3.9 资产授权

图片.png-350.9kB

图片.png-317kB

3.10 测试

1、退出admin管理员用户,使用yangwenbo普通用户登录Jumpserver堡垒机平台
2、查看自己对所分配的资产有无连接权限

图片.png-373.8kB

可以看到,可以连接,并且可以操作。

图片.png-396.8kB

3.11 配置命令规则

图片.png-305kB

图片.png-379.3kB

图片.png-353.5kB

图片.png-294.9kB

检测
图片.png-264.5kB

3.12 会话管理

有操作回放视频,能查看工作人员操作的历史记录。

图片.png-548.5kB

添加新批注
在作者公开此批注前,只有你和作者可见。
回复批注