AlmaLinux 9部署JumpServer
JumpServer简介
JumpServer 是广受欢迎的开源堡垒机,是符合 4A 规范的专业运维安全审计系统。
JumpServer 使用 Python 开发,配备了业界领先的 Web Terminal 方案,交互界面美观、用户体验好。
JumpServer 采纳分布式架构,支持多机房跨区域部署,支持横向扩展,无资产数量及并发限制。
Github 地址
https://github.com/jumpserver/jumpserver
特色优势
开源: 零门槛,线上快速获取和安装;
分布式: 轻松支持大规模并发访问;
无插件: 仅需浏览器,极致的 Web Terminal 使用体验;
多租户: 一套系统,多个子公司或部门同时使用;
多云支持: 一套系统,同时管理不同云上面的资产;
云端存储: 审计录像云端存储,永不丢失;
多应用支持: 数据库,Windows远程应用,Kubernetes。
安装
访问releases页面,查看最新版安装命令并执行安装,
sudo su -
curl -sSL https://resource.fit2cloud.com/jumpserver/jumpserver/releases/latest/download/quick_start.sh | bash
整个安装过程的日志如下,
download install script to /opt/jumpserver-installer-v3.0.3██╗██╗ ██╗███╗ ███╗██████╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗██║██║ ██║████╗ ████║██╔══██╗██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗██║██║ ██║██╔████╔██║██████╔╝███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝██ ██║██║ ██║██║╚██╔╝██║██╔═══╝ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗╚█████╔╝╚██████╔╝██║ ╚═╝ ██║██║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║╚════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝Version: v3.0.3 1. Check Configuration File
Path to Configuration file: /opt/jumpserver/config
/opt/jumpserver/config/config.txt [ √ ]
/opt/jumpserver/config/core/config.yml [ √ ]
/opt/jumpserver/config/koko/config.yml [ √ ]
/opt/jumpserver/config/mariadb/mariadb.cnf [ √ ]
/opt/jumpserver/config/mysql/my.cnf [ √ ]
/opt/jumpserver/config/nginx/lb_http_server.conf [ √ ]
/opt/jumpserver/config/redis/redis.conf [ √ ]
/opt/jumpserver/config/nginx/cert/server.crt [ √ ]
/opt/jumpserver/config/nginx/cert/server.key [ √ ]
complete>>> Install and Configure Docker
1. Install Docker
complete2. Configure Docker
complete3. Start Docker
complete>>> Loading Docker Image
[jumpserver/redis:6.2]
6.2: Pulling from jumpserver/redis
Digest: sha256:7a9547085a1e837ec83d7452dd1c18e2e25beae9f25719aabeb4deaaa9a68609
Status: Downloaded newer image for swr.cn-north-1.myhuaweicloud.com/jumpserver/redis:6.2
swr.cn-north-1.myhuaweicloud.com/jumpserver/redis:6.2
Untagged: swr.cn-north-1.myhuaweicloud.com/jumpserver/redis:6.2
Untagged: swr.cn-north-1.myhuaweicloud.com/jumpserver/redis@sha256:7a9547085a1e837ec83d7452dd1c18e2e25beae9f25719aabeb4deaaa9a68609[jumpserver/mariadb:10.6]
10.6: Pulling from jumpserver/mariadb
Digest: sha256:1a80e751a3b22919f9ccd94fa8a30782e495ee1326e3a35d943b2a54dff3e89b
Status: Downloaded newer image for swr.cn-north-1.myhuaweicloud.com/jumpserver/mariadb:10.6
swr.cn-north-1.myhuaweicloud.com/jumpserver/mariadb:10.6
Untagged: swr.cn-north-1.myhuaweicloud.com/jumpserver/mariadb:10.6
Untagged: swr.cn-north-1.myhuaweicloud.com/jumpserver/mariadb@sha256:1a80e751a3b22919f9ccd94fa8a30782e495ee1326e3a35d943b2a54dff3e89b[jumpserver/core:v3.0.3]
v3.0.3: Pulling from jumpserver/core
Digest: sha256:dab22df110432bc0fe95d0ebaefcf9fda4e46a14d4507991341d5e72c613ad74
Status: Downloaded newer image for swr.cn-north-1.myhuaweicloud.com/jumpserver/core:v3.0.3
swr.cn-north-1.myhuaweicloud.com/jumpserver/core:v3.0.3
Untagged: swr.cn-north-1.myhuaweicloud.com/jumpserver/core:v3.0.3
Untagged: swr.cn-north-1.myhuaweicloud.com/jumpserver/core@sha256:dab22df110432bc0fe95d0ebaefcf9fda4e46a14d4507991341d5e72c613ad74[jumpserver/koko:v3.0.3]
v3.0.3: Pulling from jumpserver/koko
Digest: sha256:c8724426c635b06b060f139ec1a89225ba76168b91f4c744a6b6219db66925f1
Status: Downloaded newer image for swr.cn-north-1.myhuaweicloud.com/jumpserver/koko:v3.0.3
swr.cn-north-1.myhuaweicloud.com/jumpserver/koko:v3.0.3
Untagged: swr.cn-north-1.myhuaweicloud.com/jumpserver/koko:v3.0.3
Untagged: swr.cn-north-1.myhuaweicloud.com/jumpserver/koko@sha256:c8724426c635b06b060f139ec1a89225ba76168b91f4c744a6b6219db66925f1[jumpserver/lion:v3.0.3]
v3.0.3: Pulling from jumpserver/lion
Digest: sha256:5bdbef13a426a2ba00ddb304eb2a8763cbb75cdcd6ea7a5f1301225c4c0b8e9c
Status: Downloaded newer image for swr.cn-north-1.myhuaweicloud.com/jumpserver/lion:v3.0.3
swr.cn-north-1.myhuaweicloud.com/jumpserver/lion:v3.0.3
Untagged: swr.cn-north-1.myhuaweicloud.com/jumpserver/lion:v3.0.3
Untagged: swr.cn-north-1.myhuaweicloud.com/jumpserver/lion@sha256:5bdbef13a426a2ba00ddb304eb2a8763cbb75cdcd6ea7a5f1301225c4c0b8e9c[jumpserver/magnus:v3.0.3]
v3.0.3: Pulling from jumpserver/magnus
Digest: sha256:5f04be4dd5d20711939662c03474db0e218900a84ebd2f771716f6601e4e80e7
Status: Downloaded newer image for swr.cn-north-1.myhuaweicloud.com/jumpserver/magnus:v3.0.3
swr.cn-north-1.myhuaweicloud.com/jumpserver/magnus:v3.0.3
Untagged: swr.cn-north-1.myhuaweicloud.com/jumpserver/magnus:v3.0.3
Untagged: swr.cn-north-1.myhuaweicloud.com/jumpserver/magnus@sha256:5f04be4dd5d20711939662c03474db0e218900a84ebd2f771716f6601e4e80e7[jumpserver/web:v3.0.3]
v3.0.3: Pulling from jumpserver/web
Digest: sha256:9d6fa5942a8cccd40f4eb62087bb1dd551c24e7ee350c7fd6c7c22932b405e43
Status: Downloaded newer image for swr.cn-north-1.myhuaweicloud.com/jumpserver/web:v3.0.3
swr.cn-north-1.myhuaweicloud.com/jumpserver/web:v3.0.3
Untagged: swr.cn-north-1.myhuaweicloud.com/jumpserver/web:v3.0.3
Untagged: swr.cn-north-1.myhuaweicloud.com/jumpserver/web@sha256:9d6fa5942a8cccd40f4eb62087bb1dd551c24e7ee350c7fd6c7c22932b405e43complete>>> Install and Configure JumpServer
1. Configure Private Key
complete2. Configure Persistent Directory
Do you need custom persistent store, will use the default directory /data/jumpserver? (y/n) (default n): complete3. Configure MySQL
Do you want to use external MySQL? (y/n) (default n): complete4. Configure Redis
Do you want to use external Redis? (y/n) (default n): complete5. Configure External Port
Do you need to customize the JumpServer external port? (y/n) (default n): complete6. Init JumpServer Database
WARN[0000] Found orphan containers ([jms_web jms_celery jms_lion jms_magnus jms_koko]) for this project. If you removed or renamed this service in your compose file, you can run this command with the --remove-orphans flag to clean it up.
[+] Running 3/3⠿ Container jms_redis Healthy 0.5s⠿ Container jms_mysql Healthy 0.5s⠿ Container jms_core Started 0.9s
2023-03-07 14:31:29 Collect static files
2023-03-07 14:31:29 Collect static files done
2023-03-07 14:31:29 Check database structure change ...
2023-03-07 14:31:29 Migrate model change to database ...
Operations to perform:Apply all migrations: accounts, acls, admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, notifications, ops, orgs, perms, rbac, sessions, settings, terminal, tickets, users
Running migrations:No migrations to apply.After migration, update builtin role permissions- Update builtin roles
complete>>> The Installation is Complete
1. You can use the following command to start, and then visit
cd /opt/jumpserver-installer-v3.0.3
./jmsctl.sh start2. Other management commands
./jmsctl.sh stop
./jmsctl.sh restart
./jmsctl.sh backup
./jmsctl.sh upgrade
For more commands, you can enter ./jmsctl.sh --help to understand3. Web access
http://192.168.31.25:80
Default username: admin Default password: admin4. SSH/SFTP access
ssh -p2222 admin@192.168.31.25
sftp -P2222 admin@192.168.31.255. More information
Official Website: https://www.jumpserver.org/
Documentation: https://docs.jumpserver.org/[+] Running 8/8⠿ Container jms_redis Healthy 0.5s⠿ Container jms_mysql Healthy 0.5s⠿ Container jms_core Healthy 26.4s⠿ Container jms_web Started 0.7s⠿ Container jms_koko Started 0.4s⠿ Container jms_lion Started 0.7s⠿ Container jms_celery Started 0.7s⠿ Container jms_magnus Started
访问JumpServer
使用安装日志里提示的Web access信息登录JumpServer。第一次登录需要修改密码。
3. Web access
http://192.168.31.25:80
Default username: admin Default password: admin
创建用户
单击"用户管理"=>“用户列表”=>“创建”,
输入各个项目信息,单击"提交",
添加资产
单击"资产管理"=>“资产列表”=>“创建”,
选择平台,Linux,
输入各个项目信息,单击"提交",
其中,添加账号的内容如下,
资产授权
单击"权限管理"=>“资产授权”=>“创建”,
输入各个项目,单击"提交”,
使用新建用户访问资产
使用新建的"oracle"用户登录,
访问资产
单击右上的Web终端,
单击要访问的资产,
单击"链接",
连接成功,
完结!
本文来自互联网用户投稿,文章观点仅代表作者本人,不代表本站立场,不承担相关法律责任。如若转载,请注明出处。 如若内容造成侵权/违法违规/事实不符,请点击【内容举报】进行投诉反馈!