《工具箱-堡垒机》JumpServer堡垒机Linux部署

  • Post author:
  • Post category:linux




堡垒机



一、堡垒机介绍

​ 堡垒机,即为在特定的网络环境下,针对主机、数据库、网络设备等运维权限、运维行为进行管理和审计的工具。从而保障网络和数据不受外部和内部用户的入侵和破坏,避免主机账号服用、数据泄露、运维权限混乱、运维过程不透明等。而通过堡垒机可以对运维行为进行阻断和控制,所有运维、开发人员对服务器的登录、命令、文件传输等都必须是合法,否则就会被阻断。

在这里插入图片描述

​ 1.运维人员在运维端连接堡垒机,向堡垒机发送请求

​ 2.堡垒机向目标端发送请求,并将结果返回给运维端



二、堡垒机部署



1.下载解压

## 创建目录
[root@hadoop apps]# mkdir JumpServer
[root@hadoop apps]# cd JumpServer/
## 下载jumpserver压缩包
[root@hadoop JumpServer]# wget https://github.com/jumpserver/installer/releases/download/v2.21.0/jumpserver-installer-v2.21.0.tar.gz
--2022-06-21 21:37:48-- 
.......
2022-06-21 21:37:51 (81.9 KB/s) - ‘jumpserver-installer-v2.21.0.tar.gz’ saved [45558/45558]
## 查看下载结果
[root@hadoop JumpServer]# ls
jumpserver-installer-v2.21.0.tar.gz
## 解压
## tar -zxvf **.tar.gz -C [解压目录]
[root@hadoop JumpServer]# tar -zxvf jumpserver-installer-v2.21.0.tar.gz -C ./
## 查看解压结果
[root@hadoop JumpServer]# ls
jumpserver-installer-v2.21.0  jumpserver-installer-v2.21.0.tar.gz



2.配置文件


config-example.txt配置文件,可根据需要调整,如果没有明确的需求,可以默认不变

[root@hadoop jumpserver-installer-v2.21.0]# vim config-example.txt
# 以下设置如果为空系统会自动生成随机字符串填入
## 迁移请修改 SECRET_KEY 和 BOOTSTRAP_TOKEN 为原来的设置
## 完整参数文档 https://docs.jumpserver.org/zh/master/admin-guide/env/

## 安装配置, 可以使用华为云加速下载, arm64 用户需要注释掉 DOCKER_IMAGE_PREFIX
# DOCKER_IMAGE_PREFIX=swr.cn-south-1.myhuaweicloud.com
VOLUME_DIR=/opt/jumpserver
DOCKER_DIR=/var/lib/docker
SECRET_KEY=
BOOTSTRAP_TOKEN=
LOG_LEVEL=ERROR

##  MySQL 配置, USE_EXTERNAL_MYSQL=1 表示使用外置 MySQL, 请输入正确的 MySQL 信息
USE_EXTERNAL_MYSQL=0
DB_HOST=mysql
DB_PORT=3306
DB_USER=root
DB_PASSWORD=
DB_NAME=jumpserver

##  Redis 配置, USE_EXTERNAL_REDIS=1 表示使用外置 Redis, 请输入正确的 Redis 信息
USE_EXTERNAL_REDIS=0
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=

## Compose 项目设置, 如果 192.168.250.0/24 网段与你现有网段冲突, 请修改然后重启 JumpServer
COMPOSE_PROJECT_NAME=jms
COMPOSE_HTTP_TIMEOUT=3600
DOCKER_CLIENT_TIMEOUT=3600
DOCKER_SUBNET=192.168.250.0/24

## IPV6 设置, 容器是否开启 ipv6 nat, USE_IPV6=1 表示开启, 为 0 的情况下 DOCKER_SUBNET_IPV6 定义不生效
USE_IPV6=0
DOCKER_SUBNET_IPV6=fc00:1010:1111:200::/64

## 访问配置
HTTP_PORT=80
SSH_PORT=2222
MAGNUS_MYSQL_PORT=33060
MAGNUS_MARIADB_PORT=33061

## HTTPS 配置, 参考 https://docs.jumpserver.org/zh/master/admin-guide/proxy/ 配置
# USE_LB=1
# HTTPS_PORT=443
# SERVER_NAME=your_domain_name
# SSL_CERTIFICATE=your_cert
# SSL_CERTIFICATE_KEY=your_cert_key

## Nginx 文件上传大小
CLIENT_MAX_BODY_SIZE=4096m

## Task 配置, 是否启动 jms_celery 容器, 单节点必须开启
USE_TASK=1

## XPack, USE_XPACK=1 表示开启, 开源版本设置无效
USE_XPACK=0
RDP_PORT=3389
MAGNUS_POSTGRE_PORT=54320

## Core 配置, Session 定义, SESSION_COOKIE_AGE 表示闲置多少秒后 session 过期, SESSION_EXPIRE_AT_BROWSER_CLOSE=true 表示关闭浏览器即 session 过期
# SESSION_COOKIE_AGE=86400
SESSION_EXPIRE_AT_BROWSER_CLOSE=true

## Koko Lion XRDP 组件配置
CORE_HOST=http://core:8080
JUMPSERVER_ENABLE_FONT_SMOOTHING=true
TCP_SEND_BUFFER_BYTES=4194304
TCP_RECV_BUFFER_BYTES=6291456

## 终端使用宿主 HOSTNAME 标识
SERVER_HOSTNAME=${HOSTNAME}

## 额外的配置
CURRENT_VERSION=



3.安装

[root@hadoop jumpserver-installer-v2.21.0]# ls
compose  config-example.txt  config_init  jmsctl.sh  LICENSE  locale  quick_start.sh  README.md  scripts  static.env  utils
## 安装
[root@hadoop jumpserver-installer-v2.21.0]# ./jmsctl.sh install


       ██╗██╗   ██╗███╗   ███╗██████╗ ███████╗███████╗██████╗ ██╗   ██╗███████╗██████╗
       ██║██║   ██║████╗ ████║██╔══██╗██╔════╝██╔════╝██╔══██╗██║   ██║██╔════╝██╔══██╗
       ██║██║   ██║██╔████╔██║██████╔╝███████╗█████╗  ██████╔╝██║   ██║█████╗  ██████╔╝
  ██   ██║██║   ██║██║╚██╔╝██║██╔═══╝ ╚════██║██╔══╝  ██╔══██╗╚██╗ ██╔╝██╔══╝  ██╔══██╗
  ╚█████╔╝╚██████╔╝██║ ╚═╝ ██║██║     ███████║███████╗██║  ██║ ╚████╔╝ ███████╗██║  ██║
   ╚════╝  ╚═════╝ ╚═╝     ╚═╝╚═╝     ╚══════╝╚══════╝╚═╝  ╚═╝  ╚═══╝  ╚══════╝╚═╝  ╚═╝

                                                                   Version:  v2.21.0

1. 检查配置文件
配置文件位置: /opt/jumpserver/config
/opt/jumpserver/config/config.txt  [ √ ]
/opt/jumpserver/config/nginx/cert/server.crt   [ √ ]
/opt/jumpserver/config/nginx/cert/server.key   [ √ ]
完成

>>> 安装配置 Docker
1. 安装 Docker
开始下载 Docker Compose 程序 ...
完成

2. 配置 Docker
是否需要支持 IPv6? (y/n)  (默认为 n): y
完成

3. 启动 Docker
完成

>>> 加载 Docker 镜像
[jumpserver/redis:6-alpine]
6-alpine: Pulling from jumpserver/redis
Digest: sha256:8300b885570faad626e569e7b8cfef3407c87050d705ff26e243200cb3f84da8
Status: Image is up to date for jumpserver/redis:6-alpine
docker.io/jumpserver/redis:6-alpine

[jumpserver/mysql:5]
5: Pulling from jumpserver/mysql
Digest: sha256:24fe4f4aaf4dd86920612aa925693da731dd35e6ab2146b860c8a2b3b750bd58
Status: Image is up to date for jumpserver/mysql:5
docker.io/jumpserver/mysql:5

[jumpserver/web:v2.21.0]
v2.21.0: Pulling from jumpserver/web
Digest: sha256:1fdbb613c610b1a9131d586716a98d8655fe7022b2ef9376aca35601b3f7a697
Status: Image is up to date for jumpserver/web:v2.21.0
docker.io/jumpserver/web:v2.21.0

[jumpserver/core:v2.21.0]
v2.21.0: Pulling from jumpserver/core
Digest: sha256:9d71ab8155c80f30af2c29ed4c93b738a2f05589259e5f3f06a111aaae8f44b8
Status: Image is up to date for jumpserver/core:v2.21.0
docker.io/jumpserver/core:v2.21.0

[jumpserver/koko:v2.21.0]
v2.21.0: Pulling from jumpserver/koko
Digest: sha256:32636524d6395ef645dc931cebd83f1617417786f32ef7537d07d14920ce7454
Status: Image is up to date for jumpserver/koko:v2.21.0
docker.io/jumpserver/koko:v2.21.0

[jumpserver/lion:v2.21.0]
v2.21.0: Pulling from jumpserver/lion
Digest: sha256:0c0c4ebacf2641843bebd34493d0b53813e51c5d6bbeda2fc2d2c3771739e8d4
Status: Image is up to date for jumpserver/lion:v2.21.0
docker.io/jumpserver/lion:v2.21.0

[jumpserver/magnus:v2.21.0]
v2.21.0: Pulling from jumpserver/magnus
Digest: sha256:edee98923b5fc3081aa49f66ce045c087ed6467764b88ba2478d5fe471c92bba
Status: Image is up to date for jumpserver/magnus:v2.21.0
docker.io/jumpserver/magnus:v2.21.0

完成

>>> 安装配置 JumpServer
1. 配置加密密钥
SECRETE_KEY:     Mjg2MjRkNTYtYmFkNi04ZWU0LTNkYjQtYzI0MDdlNTM3NDZk
BOOTSTRAP_TOKEN: Mjg2MjRkNTYtYmFkNi04ZWU0
完成

2. 配置持久化目录
是否需要自定义持久化存储, 默认将使用目录 /opt/jumpserver? (y/n)  (默认为 n): y

修改日志录像等持久化的目录,可以找个最大的磁盘,并创建目录,如 /data/jumpserver
注意:安装后不能更改,否则数据库可能会丢失

文件系统                 容量  已用  可用 已用% 挂载点

持久化存储目录 (默认为 /opt/jumpserver):
完成

3. 配置 MySQL
是否使用外部 MySQL? (y/n)  (默认为 n): n
完成

4. 配置 Redis
是否使用外部 Redis? (y/n)  (默认为 n): n
完成

5. 配置对外端口
是否需要配置 JumpServer 对外访问端口? (y/n)  (默认为 n): y
JumpServer web 端口 (默认为 80): 80
JumpServer ssh 端口 (默认为 2222): 2222
完成

6. 初始化数据库
Recreating jms_redis ... done
Recreating jms_mysql ... done
Creating jms_core    ... done
2022-06-22 15:16:22 Collect static files
2022-06-22 15:16:23 Collect static files done
2022-06-22 15:16:23 Check database structure change ...
2022-06-22 15:16:23 Migrate model change to database ...
Operations to perform:
  Apply all migrations: acls, admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, notifications, ops, orgs, perms, rbac, sessions, settings, terminal, tickets, users
Running migrations:
  Applying contenttypes.0001_initial... OK
  Applying contenttypes.0002_remove_content_type_name... OK
  Applying auth.0001_initial... OK
  Applying auth.0002_alter_permission_name_max_length... OK
  Applying auth.0003_alter_user_email_max_length... OK
  Applying auth.0004_alter_user_username_opts... OK
  Applying auth.0005_alter_user_last_login_null... OK
  Applying auth.0006_require_contenttypes_0002... OK
  Applying auth.0007_alter_validators_add_error_messages... OK
  Applying auth.0008_alter_user_username_max_length... OK
  Applying users.0001_initial... OK
  Applying users.0002_auto_20171225_1157_squashed_0019_auto_20190304_1459... OK
  Applying authentication.0001_initial... OK
  Applying authentication.0002_auto_20190729_1423... OK
  Applying authentication.0003_loginconfirmsetting... OK
  Applying authentication.0004_ssotoken... OK
  Applying acls.0001_initial... OK
  Applying acls.0002_auto_20210926_1047... OK
  Applying acls.0003_auto_20211130_1037... OK
  Applying admin.0001_initial... OK
  Applying admin.0002_logentry_remove_auto_add... OK
  Applying admin.0003_logentry_add_action_flag_choices... OK
  Applying users.0020_auto_20190612_1825... OK
  Applying users.0021_auto_20190625_1104... OK
  Applying users.0022_auto_20190625_1105... OK
  Applying users.0023_auto_20190724_1525... OK
  Applying users.0024_auto_20191118_1612... OK
  Applying users.0025_auto_20200206_1216... OK
  Applying users.0026_auto_20200508_2105... OK
  Applying users.0027_auto_20200616_1503... OK
  Applying users.0028_auto_20200728_1805... OK
  Applying users.0029_auto_20200814_1650... OK
  Applying users.0030_auto_20200819_2041... OK
  Applying users.0031_auto_20201118_1801... OK
  Applying tickets.0001_initial... OK
  Applying tickets.0002_auto_20200728_1146... OK
  Applying tickets.0003_auto_20200804_1551... OK
  Applying tickets.0004_ticket_comment... OK
  Applying tickets.0005_ticket_meta_confirmed_system_users... OK
  Applying tickets.0006_auto_20201023_1628... OK
  Applying tickets.0007_auto_20201224_1821... OK
  Applying terminal.0001_initial... OK
  Applying terminal.0002_auto_20171228_0025_squashed_0009_auto_20180326_0957... OK
  Applying terminal.0010_auto_20180423_1140... OK
  Applying terminal.0011_auto_20180807_1116... OK
  Applying terminal.0012_auto_20180816_1652... OK
  Applying terminal.0013_auto_20181123_1113... OK
  Applying terminal.0014_auto_20181226_1441... OK
  Applying terminal.0015_auto_20190923_1529... OK
  Applying terminal.0016_commandstorage_replaystorage... OK
  Applying common.0001_initial... OK
  Applying common.0002_auto_20180111_1407... OK
  Applying common.0003_setting_category... OK
  Applying common.0004_setting_encrypted... OK
  Applying common.0005_auto_20190221_1902... OK
  Applying common.0006_auto_20190304_1515... OK
  Applying settings.0001_initial... OK
  Applying terminal.0017_auto_20191125_0931... OK
  Applying terminal.0018_auto_20191202_1010... OK
  Applying terminal.0019_auto_20191206_1000... OK
  Applying terminal.0020_auto_20191218_1721... OK
  Applying terminal.0021_auto_20200213_1316... OK
  Applying terminal.0022_session_is_success... OK
  Applying terminal.0023_command_risk_level... OK
  Applying terminal.0024_auto_20200715_1713... OK
  Applying terminal.0025_auto_20200810_1735... OK
  Applying terminal.0026_auto_20201027_1905... OK
  Applying terminal.0027_auto_20201102_1651... OK
  Applying terminal.0028_auto_20201110_1918... OK
  Applying terminal.0029_auto_20201116_1757... OK
  Applying terminal.0030_terminal_type... OK
  Applying terminal.0031_auto_20210113_1356... OK
  Applying assets.0001_initial... OK
  Applying perms.0001_initial... OK
  Applying assets.0002_auto_20180105_1807_squashed_0009_auto_20180307_1212... OK
  Applying assets.0010_auto_20180307_1749_squashed_0019_auto_20180816_1320... OK
  Applying perms.0002_auto_20171228_0025_squashed_0009_auto_20180903_1132... OK
  Applying perms.0003_action... OK
  Applying perms.0004_assetpermission_actions... OK
  Applying assets.0020_auto_20180816_1652... OK
  Applying assets.0021_auto_20180903_1132... OK
  Applying assets.0022_auto_20181012_1717... OK
  Applying assets.0023_auto_20181016_1650... OK
  Applying assets.0024_auto_20181219_1614... OK
  Applying assets.0025_auto_20190221_1902... OK
  Applying assets.0026_auto_20190325_2035... OK
  Applying applications.0001_initial... OK
  Applying perms.0005_auto_20190521_1619... OK
  Applying perms.0006_auto_20190628_1921... OK
  Applying perms.0007_remove_assetpermission_actions... OK
  Applying perms.0008_auto_20190911_1907... OK
  Applying assets.0027_auto_20190521_1703... OK
  Applying assets.0028_protocol... OK
  Applying assets.0029_auto_20190522_1114... OK
  Applying assets.0030_auto_20190619_1135... OK
  Applying assets.0031_auto_20190621_1332... OK
  Applying assets.0032_auto_20190624_2108... OK
  Applying assets.0033_auto_20190624_2108... OK
  Applying assets.0034_auto_20190705_1348... OK
  Applying assets.0035_auto_20190711_2018... OK
  Applying assets.0036_auto_20190716_1535... OK
  Applying assets.0037_auto_20190724_2002... OK
  Applying assets.0038_auto_20190911_1634... OK
  Applying perms.0009_remoteapppermission_system_users... OK
  Applying assets.0039_authbook_is_active... OK
  Applying assets.0040_auto_20190917_2056... OK
  Applying assets.0041_gathereduser... OK
  Applying assets.0042_favoriteasset... OK
  Applying assets.0043_auto_20191114_1111... OK
  Applying assets.0044_platform... OK
  Applying assets.0045_auto_20191206_1607... OK
  Applying assets.0046_auto_20191218_1705... OK
  Applying applications.0002_remove_remoteapp_system_user... OK
  Applying applications.0003_auto_20191210_1659... OK
  Applying applications.0004_auto_20191218_1705... OK
  Applying perms.0010_auto_20191218_1705... OK
  Applying perms.0011_auto_20200721_1739... OK
  Applying assets.0047_assetuser... OK
  Applying assets.0048_auto_20191230_1512... OK
  Applying assets.0049_systemuser_sftp_root... OK
  Applying assets.0050_auto_20200711_1740... OK
  Applying assets.0051_auto_20200713_1143... OK
  Applying assets.0052_auto_20200715_1535... OK
  Applying assets.0053_auto_20200723_1232... OK
  Applying assets.0054_auto_20200807_1032... OK
  Applying applications.0005_k8sapp... OK
  Applying perms.0012_k8sapppermission... OK
  Applying assets.0055_auto_20200811_1845... OK
  Applying assets.0056_auto_20200904_1751... OK
  Applying assets.0057_fill_node_value_assets_amount_and_parent_key...

  ................................................................. OK
  Applying perms.0013_rebuildusertreetask_usergrantedmappingnode... OK
  Applying perms.0014_build_users_perm_tree... OK
  Applying perms.0015_auto_20200929_1728... OK
  Applying assets.0058_auto_20201023_1115... OK
  Applying assets.0059_auto_20201027_1905... OK
  Applying applications.0006_application... OK
  Applying perms.0016_applicationpermission... OK
  Applying perms.0017_auto_20210104_0435... OK
  Applying assets.0060_node_full_value...
- Start migrate node value if has /
- Start migrate node full value
 OK
  Applying assets.0061_auto_20201116_1757... OK
  Applying assets.0062_auto_20201117_1938... OK
  Applying assets.0063_migrate_default_node_key...
Check old default node `key=0 value=Default` not exists
 OK
  Applying assets.0064_auto_20201203_1100... OK
  Applying assets.0065_auto_20210121_1549... OK
  Applying perms.0018_auto_20210208_1515... OK
  Applying orgs.0001_initial... OK
  Applying orgs.0002_auto_20180903_1132... OK
  Applying orgs.0003_auto_20190916_1057... OK
  Applying orgs.0004_organizationmember... OK
  Applying orgs.0005_auto_20200721_1937... OK
  Applying orgs.0006_auto_20200721_1937... OK
  Applying orgs.0007_auto_20200728_1805... OK
  Applying orgs.0008_auto_20200819_2041... OK
  Applying orgs.0009_auto_20201023_1628... OK
  Applying ops.0001_initial... OK
  Applying ops.0002_celerytask... OK
  Applying ops.0003_auto_20181207_1744... OK
  Applying ops.0004_adhoc_run_as... OK
  Applying ops.0005_auto_20181219_1807... OK
  Applying ops.0006_auto_20190318_1023... OK
  Applying ops.0007_auto_20190724_2002... OK
  Applying ops.0008_auto_20190919_2100... OK
  Applying ops.0009_auto_20191217_1713... OK
  Applying ops.0010_auto_20191217_1758... OK
  Applying ops.0011_auto_20200106_1534... OK
  Applying ops.0012_auto_20200108_1659... OK
  Applying ops.0013_auto_20200108_1706... OK
  Applying ops.0014_auto_20200108_1749... OK
  Applying ops.0015_auto_20200108_1809... OK
  Applying ops.0016_commandexecution_org_id... OK
  Applying ops.0017_auto_20200306_1747... OK
  Applying ops.0018_auto_20200509_1434... OK
  Applying ops.0019_adhocexecution_celery_task_id... OK
  Applying audits.0001_initial... OK
  Applying audits.0002_ftplog_org_id... OK
  Applying audits.0003_auto_20180816_1652... OK
  Applying audits.0004_operatelog_passwordchangelog_userloginlog... OK
  Applying audits.0005_auto_20190228_1715... OK
  Applying audits.0006_auto_20190726_1753... OK
  Applying audits.0007_auto_20191202_1010... OK
  Applying audits.0008_auto_20200508_2105... OK
  Applying audits.0009_auto_20200624_1654... OK
  Applying audits.0010_auto_20200811_1122... OK
  Applying audits.0011_userloginlog_backend... OK
  Applying assets.0066_auto_20210208_1802... OK
  Applying applications.0007_auto_20201119_1110... OK
  Applying applications.0008_auto_20210104_0435... OK
  Applying orgs.0010_auto_20210219_1241...
Migrate model org id: Application done, use 1.31 ms
Migrate model org id: AdminUser done, use 1.24 ms
Migrate model org id: Asset done, use 1.19 ms
Migrate model org id: AuthBook done, use 1.15 ms
Migrate model org id: CommandFilter done, use 0.89 ms
Migrate model org id: CommandFilterRule done, use 0.91 ms
Migrate model org id: Domain done, use 0.88 ms
Migrate model org id: Gateway done, use 1.14 ms
Migrate model org id: GatheredUser done, use 0.92 ms
Migrate model org id: Label done, use 0.88 ms
Migrate model org id: Node done, use 1.56 ms
Migrate model org id: SystemUser done, use 1.0 ms
Migrate model org id: FTPLog done, use 1.09 ms
Migrate model org id: OperateLog done, use 0.91 ms
Migrate model org id: AdHoc done, use 0.88 ms
Migrate model org id: AdHocExecution done, use 0.98 ms
Migrate model org id: CommandExecution done, use 0.93 ms
Migrate model org id: Task done, use 1.1 ms
Migrate model org id: ApplicationPermission done, use 0.93 ms
Migrate model org id: AssetPermission done, use 0.89 ms
Migrate model org id: UserAssetGrantedTreeNodeRelation done, use 0.9 ms
Migrate model org id: Session done, use 0.89 ms
Migrate model org id: Command done, use 0.89 ms
Migrate model org id: Ticket done, use 1.48 ms
Migrate model org id: UserGroup done, use 1.01 ms
Will add users to default org: 1
Add users to default org: 1-1
done, use 5.18 ms
 OK
  Applying assets.0067_auto_20210311_1113... OK
  Applying assets.0068_auto_20210312_1455... OK
  Applying assets.0069_change_node_key0_to_key1...
--> Not exist key=0 nodes, do nothing.
 OK
  Applying assets.0070_auto_20210426_1515... OK
  Applying assets.0071_systemuser_type...
 OK
  Applying assets.0072_historicalauthbook...
 OK
  Applying assets.0073_auto_20210606_1142...

 OK
  Applying assets.0074_remove_systemuser_assets... OK
  Applying assets.0075_auto_20210705_1759... OK
  Applying assets.0076_delete_assetuser... OK
  Applying applications.0009_applicationuser... OK
  Applying applications.0010_appaccount_historicalappaccount... OK
  Applying applications.0011_auto_20210826_1759... OK
  Applying applications.0012_auto_20211014_2209... OK
  Applying applications.0013_auto_20211026_1711... OK
  Applying applications.0014_auto_20211105_1605... OK
  Applying applications.0015_auto_20220112_2035... OK
  Applying applications.0016_auto_20220118_1455... OK
  Applying applications.0017_auto_20220217_2135... OK
  Applying applications.0018_auto_20220223_1539... OK
  Applying applications.0019_auto_20220310_1853... OK
  Applying applications.0020_auto_20220316_2028... OK
  Applying assets.0077_auto_20211012_1642... OK
  Applying assets.0078_auto_20211014_2209... OK
  Applying assets.0079_auto_20211102_1922... OK
  Applying assets.0080_auto_20211104_1347... OK
  Applying assets.0081_auto_20211105_1605... OK
  Applying assets.0082_auto_20211209_1440... OK
  Applying assets.0083_auto_20211215_1436... OK
  Applying assets.0084_auto_20220112_1959... OK
  Applying assets.0085_commandfilterrule_ignore_case... OK
  Applying assets.0086_auto_20220217_2135... OK
  Applying assets.0087_auto_20220223_1539... OK
  Applying assets.0088_auto_20220303_1612... OK
  Applying assets.0089_auto_20220310_0616... OK
  Applying assets.0090_auto_20220412_1145... OK
  Applying audits.0012_auto_20210414_1443... OK
  Applying audits.0013_auto_20211130_1037... OK
  Applying auth.0009_alter_user_last_name_max_length... OK
  Applying auth.0010_alter_group_name_max_length... OK
  Applying auth.0011_update_proxy_permissions... OK
  Applying auth.0012_alter_user_first_name_max_length... OK
  Applying authentication.0005_delete_loginconfirmsetting... OK
  Applying authentication.0006_auto_20211227_1059... OK
  Applying authentication.0007_connectiontoken... OK
  Applying authentication.0008_superconnectiontoken... OK
  Applying authentication.0009_auto_20220310_0616... OK
  Applying authentication.0010_temptoken... OK
  Applying captcha.0001_initial... OK
  Applying django_cas_ng.0001_initial... OK
  Applying django_celery_beat.0001_initial... OK
  Applying django_celery_beat.0002_auto_20161118_0346... OK
  Applying django_celery_beat.0003_auto_20161209_0049... OK
  Applying django_celery_beat.0004_auto_20170221_0000... OK
  Applying django_celery_beat.0005_add_solarschedule_events_choices... OK
  Applying django_celery_beat.0006_auto_20180322_0932... OK
  Applying django_celery_beat.0007_auto_20180521_0826... OK
  Applying django_celery_beat.0008_auto_20180914_1922... OK
  Applying django_celery_beat.0006_auto_20180210_1226... OK
  Applying django_celery_beat.0006_periodictask_priority... OK
  Applying django_celery_beat.0009_periodictask_headers... OK
  Applying django_celery_beat.0010_auto_20190429_0326... OK
  Applying django_celery_beat.0011_auto_20190508_0153... OK
  Applying django_celery_beat.0012_periodictask_expire_seconds... OK
  Applying django_celery_beat.0013_auto_20200609_0727... OK
  Applying django_celery_beat.0014_remove_clockedschedule_enabled... OK
  Applying django_celery_beat.0015_edit_solarschedule_events_choices... OK
  Applying jms_oidc_rp.0001_initial... OK
  Applying users.0032_userpasswordhistory... OK
  Applying users.0033_user_need_update_password... OK
  Applying users.0034_auto_20210506_1448... OK
  Applying users.0035_auto_20210526_1100... OK
  Applying users.0036_user_feishu_id... OK
  Applying notifications.0001_initial... OK
  Applying notifications.0002_auto_20210909_1946...
  Init user message subscription: 1
 OK
  Applying ops.0020_adhoc_run_system_user... OK
  Applying ops.0021_auto_20211130_1037... OK
  Applying rbac.0001_initial... OK
  Applying rbac.0002_auto_20210929_1409... OK
  Applying rbac.0003_auto_20211130_1037...Update builtin Role: SystemAdmin - True
Update builtin Role: SystemAuditor - True
Update builtin Role: SystemComponent - True
Update builtin Role: User - True
Update builtin Role: OrgAdmin - True
Update builtin Role: OrgAuditor - True
Update builtin Role: OrgUser - True
 OK
  Applying rbac.0004_auto_20211201_1901... OK
  Applying orgs.0011_auto_20211223_1913... OK
  Applying orgs.0012_auto_20220118_1054... OK
  Applying perms.0019_auto_20210906_1044... OK
  Applying perms.0020_auto_20210910_1103... OK
  Applying perms.0021_auto_20211105_1605... OK
  Applying perms.0022_applicationpermission_actions... OK
  Applying perms.0023_auto_20220112_2035... OK
  Applying perms.0024_auto_20220217_2135... OK
  Applying perms.0025_auto_20220223_1539... OK
  Applying perms.0026_auto_20220307_1500... OK
  Applying perms.0027_auto_20220310_1802... OK
  Applying perms.0028_auto_20220316_2028... OK
  Applying rbac.0005_auto_20220307_1524... OK
  Applying rbac.0006_auto_20220310_0616... OK
  Applying rbac.0007_auto_20220314_1525... OK
  Applying rbac.0008_auto_20220411_1709... OK
  Applying rbac.0009_auto_20220411_1724... OK
  Applying sessions.0001_initial... OK
  Applying settings.0002_auto_20210729_1546... OK
  Applying settings.0003_auto_20210901_1035... OK
  Applying settings.0004_auto_20220211_1401... OK
  Applying settings.0005_auto_20220310_0616... OK
  Applying terminal.0032_auto_20210302_1853... OK
  Applying terminal.0033_auto_20210324_1008... OK
  Applying terminal.0034_auto_20210406_1434... OK
  Applying terminal.0035_auto_20210517_1448... OK
  Applying terminal.0036_auto_20210604_1124... OK
  Applying terminal.0037_auto_20210623_1748... OK
  Applying terminal.0038_task_kwargs... OK
  Applying terminal.0039_auto_20210805_1552... OK
  Applying terminal.0040_sessionjoinrecord_sessionsharing... OK
  Applying terminal.0041_auto_20211105_1605... OK
  Applying terminal.0042_auto_20211229_1619... OK
  Applying terminal.0043_auto_20220217_2135... OK
  Applying terminal.0044_auto_20220223_1539... OK
  Applying terminal.0045_auto_20220228_1144... OK
  Applying terminal.0046_auto_20220228_1744... OK
  Applying terminal.0047_auto_20220302_1951... OK
  Applying terminal.0048_endpoint_endpointrule... OK
  Applying tickets.0008_auto_20210311_1113... OK
  Applying tickets.0009_auto_20210426_1720... OK
  Applying tickets.0010_auto_20210812_1618... OK
  Applying tickets.0011_remove_approvalrule_assignees_display... OK
  Applying tickets.0012_ticketsession... OK
  Applying tickets.0013_ticket_serial_num...
Fill ticket serial number ... 0 OK
  Applying tickets.0014_auto_20220217_2135... OK
  Applying tickets.0015_superticket... OK
  Applying users.0037_user_secret_key... OK
  Applying users.0038_auto_20211209_1140... OK
  Applying users.0039_auto_20211229_1852... OK
After migration, update builtin role permissions
完成

>>> 安装完成了
1. 可以使用如下命令启动, 然后访问
cd /opt/apps/JumpServer/jumpserver-installer-v2.21.0
./jmsctl.sh start

2. 其它一些管理命令
./jmsctl.sh stop
./jmsctl.sh restart
./jmsctl.sh backup
./jmsctl.sh upgrade
更多还有一些命令, 你可以 ./jmsctl.sh --help 来了解

3. Web 访问
http://192.168.130.100:80
默认用户: admin  默认密码: admin

4. SSH/SFTP 访问
ssh -p2222 admin@192.168.130.100
sftp -P2222 admin@192.168.130.100

5. 更多信息
我们的官网: https://www.jumpserver.org/
我们的文档: https://docs.jumpserver.org/



4.启动

## 启动
[root@hadoop jumpserver-installer-v2.21.0]# ./jmsctl.sh start
jms_redis is up-to-date
jms_mysql is up-to-date
Creating jms_core ... done
Creating jms_magnus ... done
Creating jms_web    ... done
Creating jms_celery ... done
Creating jms_koko   ... done
Creating jms_lion   ... done
[root@hadoop jumpserver-installer-v2.21.0]# jps
52540 Jps

## 查看启动
[root@hadoop jumpserver-installer-v2.21.0]# docker ps
CONTAINER ID   IMAGE                       COMMAND                  CREATED          STATUS                    PORTS                                                                              NAMES
ea1b07d56bd0   jumpserver/lion:v2.21.0     "./entrypoint.sh"        8 minutes ago    Up 8 minutes (healthy)    4822/tcp                                                                           jms_lion
0d9aae5691b6   jumpserver/koko:v2.21.0     "./entrypoint.sh"        8 minutes ago    Up 8 minutes (healthy)    0.0.0.0:2222->2222/tcp, :::2222->2222/tcp, 5000/tcp                                jms_koko
d14d41735f58   jumpserver/core:v2.21.0     "./entrypoint.sh sta…"   8 minutes ago    Up 8 minutes (healthy)    8070/tcp, 8080/tcp                                                                 jms_celery
28a1a3a74bff   jumpserver/web:v2.21.0      "/docker-entrypoint.…"   8 minutes ago    Up 8 minutes (healthy)    0.0.0.0:80->80/tcp, :::80->80/tcp                                                  jms_web
be94f6bc955e   jumpserver/magnus:v2.21.0   "./entrypoint.sh"        8 minutes ago    Up 8 minutes (healthy)    0.0.0.0:33060-33061->33060-33061/tcp, :::33060-33061->33060-33061/tcp, 54320/tcp   jms_magnus
9f1876ad1619   jumpserver/core:v2.21.0     "./entrypoint.sh sta…"   10 minutes ago   Up 10 minutes (healthy)   8070/tcp, 8080/tcp                                                                 jms_core
c936c7049a12   jumpserver/redis:6-alpine   "docker-entrypoint.s…"   22 minutes ago   Up 22 minutes (healthy)   6379/tcp                                                                           jms_redis
7853d7626adb   jumpserver/mysql:5          "docker-entrypoint.s…"   23 minutes ago   Up 23 minutes (healthy)   3306/tcp, 33060/tcp                                                                jms_mysql
39ed40f4c722   portainer/portainer         "/portainer"             5 months ago     Up About an hour          0.0.0.0:9000->9000/tcp, :::9000->9000/tcp                                          prtainer-test



5.关闭

[root@hadoop jumpserver-installer-v2.21.0]# ./jmsctl.sh stop
Stopping jms_core ... done
Stopping jms_koko ... done
Stopping jms_lion ... done
Stopping jms_magnus ... done
Stopping jms_web ... done
Stopping jms_celery ... done
Removing jms_core ... done
Removing jms_koko ... done
Removing jms_lion ... done
Removing jms_magnus ... done
Removing jms_web ... done
Removing jms_celery ... done



三、堡垒机登录使用


Web 访问



http://192.168.130.100:80



默认用户: admin 默认密码: admin


使用默认密码登录后,需要重新设置密码即可

在这里插入图片描述

在这里插入图片描述



版权声明:本文为m0_51197424原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。