Jump Server
Jumpserver 是一款使用 Python, Django 开发的开源跳板机系统, 为互联网企业提供了认证,授权,审计,自动化运维等功能。 官方地址:http://www.jumpserver.org/
我这里的是部署在docker容器中。
官方环境要求: 硬件配置: 2个CPU核心, 4G 内存, 50G 硬盘(最低) 操作系统: Linux 发行版 x86_64 Python = 3.6.x Mysql Server ≥ 5.6 Mariadb Server ≥ 5.5.56 Redis
安装部署:
1.准备机器:
1 安装机器:ubuntu18.04.3
2 Jump Server:10.0.0.70 2C-4G
3 Mysql/redis :10.0.0.71 1C-1G
4两台机器都需要安装docker,安装docker步骤省略阿里云镜像站可以下载
10.0.0.71mysql机器配置 #下载redis和mysql root@ubuntu1804:~# apt install lrzsz root@ubuntu1804:~# docker pull mysql:5.6.47 root@ubuntu1804:~# docker pull redis #mysql.cnf配置文件: #将容器中的Mysql配置文件在宿主机上通过-v挂载容器中。 root@ubuntu1804:~# mkdir /etc/mysql/mysql.conf.d -p root@ubuntu1804:~# cd /etc/mysql/mysql.conf.d/ root@ubuntu1804:/etc/mysql/mysql.conf.d# vim mysqld.cnf #把容器的mysql配置文件复制下来 #Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2.0, # as published by the Free Software Foundation. # # This program is also distributed with certain software (including # but not limited to OpenSSL) that is licensed under separate terms, # as designated in a particular file or component or in included license # documentation. The authors of MySQL hereby grant you an additional # permission to link the program and your derivative works with the # separately licensed software that they have included with MySQL. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License, version 2.0, for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # # The MySQL Server configuration file. # # For explanations see # http://dev.mysql.com/doc/mysql/en/server-system-variables.html [mysqld] pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock datadir = /var/lib/mysql #log-error = /var/log/mysql/error.log # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 character-set-server=utf8 这一行必须要加上 #mysql.cnf配置文件 root@ubuntu1804:/etc/mysql/mysql.conf.d# vim /etc/mysql/mysql.conf.d/mysql.cnf [mysql] default-character-set=utf8 #创建数据目录并且运行mysql容器 root@ubuntu1804:/etc/mysql/mysql.conf.d# mkdir /data/mysql -p root@ubuntu1804:~# docker run -it -d -p 3306:3306 -v /etc/mysql/mysql.conf.d/mysqld.cnf:/etc/mysql/mysql.conf.d/mysqld.cnf -v /etc/mysql/conf.d/mysql.cnf:/etc/mysql/conf.d/mysql.cnf -v /data/mysql:/var/lib/mysql -e MYSQL_ROOT_PASSWORD="magedu.com" mysql:5.6.47
1.启动redis并暴露端口 root@ubuntu1804:~# docker run -it -d -p 6379:6379 redis
2.验证redis root@ubuntu1804:~# apt install redis-server root@ubuntu1804:~# redis-cli -h 10.0.0.71 10.0.0.71:6379> info # Serve #验证mysql 从10.0.0.70即jump server服务器访问数据库,验证数据库编码,验证字符集是否是utf-8 root@ubuntu1804:~# apt install mysql-client root@ubuntu1804:~# mysql -uroot -pmagedu.com -h 10.0.0.71 mysql: [Warning] Using a password on the command line interface can be insecure. mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | +--------------------+ 3 rows in set (0.00 sec) #验证数据库编码 mysql> show variables like "%character%";show variables like "%collation%"; +--------------------------+----------------------------+ | Variable_name | Value | +--------------------------+----------------------------+ | character_set_client | utf8 | | character_set_connection | utf8 | | character_set_database | utf8 | | character_set_filesystem | binary | | character_set_results | utf8 | | character_set_server | utf8 | | character_set_system | utf8 | | character_sets_dir | /usr/share/mysql/charsets/ | +--------------------------+----------------------------+ 8 rows in set (0.00 sec) +----------------------+-----------------+ | Variable_name | Value | +----------------------+-----------------+ | collation_connection | utf8_general_ci | | collation_database | utf8_general_ci | | collation_server | utf8_general_ci | +----------------------+-----------------+ 3 rows in set (0.00 sec) mysql> exit Bye
创建Jump Server 数据库 mysql -uroot -pmagedu.com -h10.0.0.71 create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'jumpserver'@'%' identified by 'magedu.com'; #生成加密密钥 #生成随机加密密钥和初始化token。 root@ubuntu1804:~# if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi PGlVEfo5GdEF766FMNdByQiS3ELJD49HUK5iZ7QFg6CsZJlCLn root@ubuntu1804:~# if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi N8LunBBco2OUfWBj #验证数据库 root@ubuntu1804:~# mysql -ujumpserver -pmagedu.com -h10.0.0.71 mysql: [Warning] Using a password on the command line interface can be insecure. #下载jumpserver镜像:不带版本号,默认下载最新版jumpserver docker pull jumpserver/jms_all:1.5.6 建jumpserver 容器 root@ubuntu1804:~# docker run --name all -v /opt/jumpserver:/opt/jumpserver/data/media -p 80:80 -p 2222:2222 -e SECRET_KEY=XHK7dhQ4nmEPqE0rqWupOm2FtYIEeD1DmU9EiNyfl3pypEtgjK -e BOOTSTRAP_TOKEN=z7QorguuusCTGx0H -e DB_HOST=10.0.0.71 -e DB_PORT=3306 -e DB_USER='jumpserver' -e DB_PASSWORD="magedu.com" -e DB_NAME=jumpserver -e REDIS_HOST=10.0.0.71 -e REDIS_PORT=6379 -e REDIS_PASSWORD= jumpserver/jms_all:1.5.6
#容器启动完成 SUCCESS Tomcat started. Jumpserver ALL 1.5.6 官网 http://www.jumpserver.org 文档 http://docs.jumpserver.org 有问题请参考 http://docs.jumpserver.org/zh/docs/faq.html 进入容器命令 docker exec -it jms_all /bin/bash #jumps server 使用: 默认账户:admin 默认密码:admin
我们一直奔跑在进步的旅途
