安装Jumpserver

安装Jumpserver

Jumpserver简介

Jumpserver 是一款使用Python, Django 开发的开源跳板机系统, 为互联网企业提供了认证,授权,审计,自动化运维等功能。官方地址:https://www.jumpserver.org/

部署环境

本次所有环境均采用docker容器来运行,包括jumpserver、MySQL、redis等服务

1
2
3
4
5
6
7
8
官方环境要求:
硬件配置: 2 个CPU 核心, 4G 内存, 50G 硬盘(最低)
操作系统: Linux 发行版x86_64
Python = 3.6.x
Mysql Server ≥ 5.6
Mariadb Server ≥ 5.5.56
Redis
docker = 20.10.10

服务器规划

1
2
3
4
172.20.17.26   jumpserver    4C-8G
172.20.17.25   mysql/redis   2C-4G
172.20.17.22   web-server-1  2C-2G
172.20.17.23   web-server-2  2C-2G

部署数据库

部署mysql

数据库安装这里可以使用二进制、编译、容器三者选其一即可

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
# 上传docker的二进制部署文件
root@mongodb-server-25:/usr/local/src# ls
docker_binary_20-10-10.tar.xz
root@mongodb-server-25:/usr/local/src# tar xf docker_binary_20-10-10.tar.xz 
root@mongodb-server-25:/usr/local/src# ls
docker  docker_binary_20-10-10.tar.xz
root@mongodb-server-25:/usr/local/src# cd docker/
root@mongodb-server-25:/usr/local/src/docker# ls
containerd.service  daemon.json  deploy_docker.sh  docker  docker-20.10.10.tgz  docker-compose-v2.6.1  docker.service  docker.socket
root@mongodb-server-25:/usr/local/src/docker# vim daemon.json 
root@mongodb-server-25:/usr/local/src/docker# bash deploy_docker.sh 
当前目录为: /usr/local/src/docker
开始部署Docker服务,此版本为: docker-20.10.10
docker/
docker/dockerd
docker/docker-init
docker/runc
docker/ctr
docker/containerd-shim-runc-v2
docker/containerd-shim
docker/docker
docker/containerd
docker/docker-proxy
拷贝docker的可执行程序到/usr/bin目录
root@mongodb-server-25:/usr/local/src/docker# vim deploy_docker.sh 
root@mongodb-server-25:/usr/local/src/docker# systemctl daemon-reload
root@mongodb-server-25:/usr/local/src/docker# systemctl start docker
# 拉取mysql镜像
root@mongodb-server-25:~# docker pull 172.20.17.24/mysql/mysql:5.6.48
5.6.48: Pulling from mysql/mysql
7d2977b12acb: Pull complete 
5fb8400e7f07: Pull complete 
234877fbb165: Pull complete 
6fe1021f12f3: Pull complete 
7e36fe6b53f0: Pull complete 
996ec709c11b: Pull complete 
5198b7523387: Pull complete 
cc9bdad4dcc0: Pull complete 
380cd37ad979: Pull complete 
d64465acf034: Pull complete 
d4ee6606b3ab: Pull complete 
Digest: sha256:77c18189a775dac4c281de075e46a3c910dcca3775244667d7b8b93e251dbea6
Status: Downloaded newer image for 172.20.17.24/mysql/mysql:5.6.48
172.20.17.24/mysql/mysql:5.6.48
# 先创建要挂载数据库的目录
root@mongodb-server-25:~# mkdir /app/mysql/{conf,data} -p
# 先启动一个容器用于拷贝里头的配置文件到宿主机里用于后面正式数据库的配置
root@mongodb-server-25:~# docker run -it --rm 172.20.17.24/mysql/mysql:5.6.48 bash
root@mongodb-server-25:~# docker ps 
CONTAINER ID   IMAGE                             COMMAND                  CREATED         STATUS         PORTS      NAMES
1e9cd6520df7   172.20.17.24/mysql/mysql:5.6.48   "docker-entrypoint.s…"   3 minutes ago   Up 3 minutes   3306/tcp   zealous_gould
root@mongodb-server-25:~# docker cp 1e9cd6520df7:/etc/mysql/mysql.conf.d/mysqld.cnf /app/mysql/conf/
root@mongodb-server-25:~# vim /app/mysql/conf/mysqld.cnf 
# 在[mysqld]中设置utf-8的字符集
character-set-server=utf8
# 拷贝客户端配置文件
root@mongodb-server-25:~# docker cp 1e9cd6520df7:/etc/mysql/conf.d/mysql.cnf /app/mysql/conf/
root@mongodb-server-25:~# vim /app/mysql/conf/mysql.cnf
[mysql]
default-character-set=utf8
# 启动数据库容器
root@mongodb-server-25:~# docker run --name mysql -it -d -p 3306:3306 \
 -v /app/mysql/conf/mysqld.cnf:/etc/mysql/mysql.conf.d/mysqld.cnf \
 -v /app/mysql/conf/mysql.cnf:/etc/mysql/conf.d/mysql.cnf \
 -v /app/mysql/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD="dklwj.com" \
 172.20.17.24/mysql/mysql:5.6.48
bc7a55054ec534deee8451ade0bd0eece044a413cbedc2617c2118df4d8a7949
root@mongodb-server-25:~# docker ps 
CONTAINER ID   IMAGE                             COMMAND                  CREATED         STATUS         PORTS                                       NAMES
bc7a55054ec5   172.20.17.24/mysql/mysql:5.6.48   "docker-entrypoint.s…"   3 seconds ago   Up 2 seconds   0.0.0.0:3306->3306/tcp, :::3306->3306/tcp   mysqlroot@mongodb-server-25:~# docker run --name mysql -it -d -p 3306:3306 -v /app/mysql/conf/mysqld.cnf:/etc/mysql/mysql.conf.d/mysqld.cnf -v /app/mysql/conf/mysql.cnf:/etc/mysql/conf.d/mysql.cnf -v /app/mysql/data:/var/lib/mysql -e MYSQL_ROOT_PASSWORD="qwe123" 172.20.17.24/mysql/mysql:5.6.48
a0a03a1c7061848d39c39a453d24782a1d96155623333f1264ab519b489cdd64
root@mongodb-server-25:~# docker logs -f mysql
...
2023-03-26 12:25:22 1 [Warning] 'proxies_priv' entry '@ root@a0a03a1c7061' ignored in --skip-name-resolve mode.
2023-03-26 12:25:22 1 [Note] Event Scheduler: Loaded 0 events
2023-03-26 12:25:22 1 [Note] mysqld: ready for connections.
Version: '5.6.48'  socket: '/var/run/mysqld/mysqld.sock'  port: 3306  MySQL Community Server (GPL)
# 进入容器里查看数据库信息
root@mongodb-server-25:~# docker exec -it mysql /bin/bash
root@5929b6e2d2ca:/# mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.6.48 MySQL Community Server (GPL)

Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| test               |
+--------------------+
4 rows in set (0.00 sec)

# 查看字符集
mysql> show variables like "%character%";show variables like "%collation%";
+--------------------------+----------------------------+
| Variable_name            | Value                      |
+--------------------------+----------------------------+
| character_set_client     | utf8                       |
| character_set_connection | utf8                       |
| character_set_database   | utf8                       |
| character_set_filesystem | binary                     |
| character_set_results    | utf8                       |
| character_set_server     | utf8                       |
| character_set_system     | utf8                       |
| character_sets_dir       | /usr/share/mysql/charsets/ |
+--------------------------+----------------------------+
8 rows in set (0.00 sec)

+----------------------+-----------------+
| Variable_name        | Value           |
+----------------------+-----------------+
| collation_connection | utf8_general_ci |
| collation_database   | utf8_general_ci |
| collation_server     | utf8_general_ci |
+----------------------+-----------------+
3 rows in set (0.00 sec)

# 创建jumpserver数据库
mysql> create database jumpserver default charset 'utf8';
Query OK, 1 row affected (0.00 sec)
# 授权
mysql> grant all on jumpserver.* to 'jumpserver'@'%' identified by  'dklwj.com';
Query OK, 0 rows affected (0.00 sec)
# 验证创建好的jumpserver能不能正常连接,安装mysql的客户端
root@k8s-master-13:~# apt -y install mysql-client
root@k8s-master-13:~# mysql -ujumpserver -h 172.20.21.12 -pdklwj.com
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.6.48 MySQL Community Server (GPL)

Copyright (c) 2000, 2023, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| jumpserver         |
+--------------------+
2 rows in set (0.00 sec)

部署Redis

redis 版本为 4.0.14

1
2
3
4
5
6
root@mongodb-server-25:/app/mysql/conf# docker run --name redis -it -d -p 6379:6379 172.20.17.24/redis/redis:4.0.14
490cc4369fba6e199d77712e85848eba30d850dd1220a258e5d1d371a9459971
root@mongodb-server-25:/app/mysql/conf# docker ps 
CONTAINER ID   IMAGE                             COMMAND                  CREATED         STATUS         PORTS                                       NAMES
490cc4369fba   172.20.17.24/redis/redis:4.0.14   "docker-entrypoint.s…"   7 seconds ago   Up 5 seconds   0.0.0.0:6379->6379/tcp, :::6379->6379/tcp   redis
5929b6e2d2ca   172.20.17.24/mysql/mysql:5.6.48   "docker-entrypoint.s…"   9 minutes ago   Up 9 minutes   0.0.0.0:3306->3306/tcp, :::3306->3306/tcp   mysql

部署jumpserver

安装docker环境

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# 上传docker的二进制部署文件
root@jumpserver-01:/usr/local/src# ls
docker_binary_20-10-10.tar.xz
root@jumpserver-01:/usr/local/src# tar xf docker_binary_20-10-10.tar.xz 
root@jumpserver-01:/usr/local/src# ls
docker  docker_binary_20-10-10.tar.xz
root@jumpserver-01:/usr/local/src# cd docker/
root@jumpserver-01:/usr/local/src/docker# ls
containerd.service  daemon.json  deploy_docker.sh  docker  docker-20.10.10.tgz  docker-compose-v2.6.1  docker.service  docker.socket
root@jumpserver-01:/usr/local/src/docker# vim deploy_docker.sh 
root@jumpserver-01:/usr/local/src/docker# ls
containerd.service  daemon.json  deploy_docker.sh  docker  docker-20.10.10.tgz  docker-compose-v2.6.1  docker.service  docker.socket
root@jumpserver-01:/usr/local/src/docker# vim daemon.json 
root@jumpserver-01:/usr/local/src/docker# bash deploy_docker.sh 
当前目录为: /usr/local/src/docker
开始部署Docker服务,此版本为: docker-20.10.10
docker/
docker/dockerd
docker/docker-init
docker/runc
docker/ctr
docker/containerd-shim-runc-v2
docker/containerd-shim
docker/docker
docker/containerd
docker/docker-proxy
拷贝docker的可执行程序到/usr/bin目录
root@jumpserver-01:/usr/local/src/docker# systemctl start docker
# 查看docker信息
root@jumpserver-01:/usr/local/src/docker# docker info 
Client:
 Context:    default
 Debug Mode: false
 
Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 0
 Server Version: 20.10.10
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 1
...

拉取镜像

1
2
# 拉取jumpserver镜像文件
root@junmpserver-01:~# docker pull jumpserver/jms_all:1.5.9

生成秘钥

1
2
3
4
root@junmpserver-01:~# if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc;> echo $SECRET_KEY; else echo $SECRET_KEY; fi
JNBvKl5v2E6FcbPOKVlu991QwyyJA91UM47yW65NbAU6M2oSLC
root@junmpserver-01:~# if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi
ALpEIRKa3pZqS4xx

创建jumpserver容器

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# 前面准备工作都做好后开始启动jumpserver容器
root@junmpserver-01:~# docker run -d --name jms_all \
 -v /data/jumpserver:/opt/jumpserver/data/media \
 -p 80:80 \
 -p 2222:2222 \
 -e SECRET_KEY=JNBvKl5v2E6FcbPOKVlu991QwyyJA91UM47yW65NbAU6M2oSLC \
 -e BOOTSTRAP_TOKEN=ALpEIRKa3pZqS4xx \
 -e DB_HOST=172.20.21.12 \
 -e DB_PORT=3306 \
 -e DB_USER='jumpserver' \
 -e DB_PASSWORD="dklwj.com" \
 -e DB_NAME=jumpserver \
 -e REDIS_HOST=172.20.21.12 \
 -e REDIS_PORT=6379 \
 -e REDIS_PASSWORD= \
 jumpserver/jms_all:1.5.9
0f66c3ca8cd58322ef64199b0186148a7f1a852835cec11d382624485602730f
# 查看监听端口
root@junmpserver-01:~# ss -tnl 
State                    Recv-Q                   Send-Q                                     Local Address:Port                                      Peer Address:Port                  Process                   
LISTEN                   0                        32768                                          127.0.0.1:34407                                          0.0.0.0:*                                               
LISTEN                   0                        32768                                            0.0.0.0:2222                                           0.0.0.0:*                                               
LISTEN                   0                        32768                                            0.0.0.0:80                                             0.0.0.0:*                                               
LISTEN                   0                        4096                                       127.0.0.53%lo:53                                             0.0.0.0:*                                               
LISTEN                   0                        128                                              0.0.0.0:22                                             0.0.0.0:*                                               
LISTEN                   0                        32768                                               [::]:2222                                              [::]:*                                               
LISTEN                   0                        32768                                               [::]:80                                                [::]:*                                               
LISTEN                   0                        128                                                 [::]:22                                                [::]:*                                               
root@junmpserver-01:~#

验证访问

jumpserver服务启动后打开浏览器访问,默认登录账号和密码都是admin

登录后的界面如下

堡垒机
#jumpserver
安装Jumpserver
https://www.dklwj.com/2023/03/Install-Jumpserver.html
作者
阿伟
发布于
2023年3月28日
许可协议