前段时间曾经用过JumpServer帮助一个客户完成了他的关于堡垒机的需求,由于当时赶进度,没来得及将整个过程记录和完善,现在抽时间慢慢整理下。
1)JumpServer的介绍
Jumpserver 是一款由python编写开源的跳板机(堡垒机)系统,实现了跳板机应有的功能。基于ssh协议来管理,客户端无需安装agent。 支持常见系统:
-
CentOS, RedHat, Fedora, Amazon Linux
-
Debian
-
SUSE, Ubuntu
-
FreeBSD
-
其他ssh协议硬件设备
关于JumpServer的详细介绍:http://www.jumpserver.org/
2)CentOS7下安装JumpServer
[root@localhost ~]# cd /opt/ [root@localhost ~]# cat /etc/redhat-release CentOS Linux release 7.1.1503 (Core) [root@localhost opt]# yum -y install git python-pip mysql-devel gcc automake autoconf python-devel vim sshpass lrzsz readline-devel [root@localhost opt]#git clone https://github.com/jumpserver/jumpserver.git [root@localhost opt]# ls jumpserver [root@localhost opt]# cd jumpserver/ [root@localhost jumpserver]# ls connect.py docs jlog juser manage.py service.sh connect.pyc init.sh jperm keys manage.pyc static docker-compose.yaml install jumpserver LICENSE README.md templates Dockerfile jasset jumpserver.conf logs run_server.py [root@localhost jumpserver]# cd install/ [root@localhost install]# ls developer_doc.txt docker functions initial_data.yaml install.py install.pyc next.py requirements.txt [root@localhost install]# python install.py - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 开始关闭防火墙和selinux 请输入您服务器的IP地址,用户浏览器可以访问 [10.10.10.133]: 是否安装新的MySQL服务器? (y/n) [y]: 开始安装设置mysql (请手动设置mysql安全) 默认用户名: jumpserver 默认密码: 5Lov@wife - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 一路回车。。。。 连接数据库成功 请输入SMTP地址: smtp.163.com 请输入SMTP端口 [25]: 25 请输入账户: molewan@163.com 请输入密码: **************(密码我就不写出来了)
说明:在邮箱中注意开启smtp服务
请登陆邮箱查收邮件, 然后确认是否继续安装 是否继续? (y/n) [y]: 开始写入配置文件 开始安装Jumpserver ... 开始更新jumpserver Creating tables ... Creating table django_admin_log Creating table auth_permission Creating table auth_group_permissions Creating table auth_group Creating table django_content_type Creating table django_session Creating table setting Creating table juser_usergroup Creating table juser_user_group Creating table juser_user_groups Creating table juser_user_user_permissions Creating table juser_user Creating table juser_admingroup Creating table juser_document Creating table jasset_assetgroup Creating table jasset_idc Creating table jasset_asset_group Creating table jasset_asset Creating table jasset_assetrecord Creating table jasset_assetalias Creating table jperm_permlog Creating table jperm_permsudo Creating table jperm_permrole_sudo Creating table jperm_permrole Creating table jperm_permrule_asset_group Creating table jperm_permrule_role Creating table jperm_permrule_asset Creating table jperm_permrule_user_group Creating table jperm_permrule_user Creating table jperm_permrule Creating table jperm_permpush Creating table jlog_log Creating table jlog_alert Creating table jlog_ttylog Creating table jlog_execlog Creating table jlog_filelog Creating table jlog_termlog_user Creating table jlog_termlog Installing custom SQL ... Installing indexes ... Installed 0 object(s) from 0 fixture(s) 请输入管理员用户名 [admin]: 请输入管理员用户名 [admin]: 请输入管理员密码: [5Lov@wife]: 请再次输入管理员密码: [5Lov@wife]: Starting jumpserver service: [ 确定 ] 安装成功,请访问web, 祝你使用愉快。 请访问 https://github.com/jumpserver/jumpserver/wiki 查看文档
3)查看计划任务
[root@localhost ~]# crontab -l 0 1 * * * /usr/bin/python /opt/jumpserver/manage.py crontab run 3718e5baf203ed0f54703b2f0b7e9e16 # django-cronjobs for jumpserver */10 * * * * /usr/bin/python /opt/jumpserver/manage.py crontab run 9956b75140f4453ab1dc4aeb62962a74 # django-cronjobs for jumpserver
如果发现服务无法正常开启,即80端口被占用或者无法开启
[root@localhost ~]# cd /opt/jumpserver/ [root@localhost jumpserver]# ls connect.py docker-compose.yaml docs install jlog jumpserver juser LICENSE manage.py README.md service.sh templates connect.pyc Dockerfile init.sh jasset jperm jumpserver.conf keys logs manage.pyc run_server.py static [root@localhost jumpserver]#python manage.py runserver 0.0.0.0:80 & [root@localhost jumpserver]# lsof -i :80 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME python 22129 root 3u IPv4 61572 0t0 TCP *:http (LISTEN)
到此,我们的安装已经完毕!
原创文章,作者:Net21-冰冻vs西瓜,如若转载,请注明出处:http://www.178linux.com/24860
