堡垒机-jumpserver
Posted zzzhbr
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了堡垒机-jumpserver相关的知识,希望对你有一定的参考价值。
目录
官方网站
http://jumpserver.org
Jumpserver 软件包环境要求:
Python = 3.6.x
mysql Server ≥ 5.6
Mariadb Server ≥ 5.5.56
Redis
** 生产环境部署建议部署 1.4.8 版本 **
环境
jumpserver服务端:
[[email protected] ~]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
[[email protected] ~]# uname -r
3.10.0-693.el7.x86_64
[[email protected] ~]# uname -n
jumpserver
[[email protected] ~]# uname -m
x86_64
[[email protected] ~]# ifconfig ens33 | grep "inet "|awk 'print $2'
10.0.0.161
jumpserver被管理端:
[[email protected] ~]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
[[email protected] ~]# uname -r
3.10.0-693.el7.x86_64
[[email protected] ~]# uname -n
jumpserver-client
[[email protected] ~]# uname -m
x86_64
[[email protected] ~]# ifconfig ens33 | grep "inet " | awk ' print $2'
10.0.0.162
准备所需软件:
jumpserver: https://github.com/jumpserver/jumpserver
luna: https://demo.jumpserver.org/download/luna
coco: https://github.com/jumpserver/coco
? 在线下载代码:# git clone
? https://github.com/jumpserver/coco.git && cd coco && git
python: wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz
手动本地jumpserver-服务端搭建
初始化一些系统环境设置:
1. 创建软件包放置目录:
[[email protected] ~]# mkdir /server/sources -p
将所需软件全部放在/server/sources/ 目录里
软件包打包下载
[[email protected] ~]# cd /server/sources/
[[email protected] sources]# ls
coco luna.tar.gz Python-3.6.1.tar.xz
jumpserver python-package
2. 关闭防火墙
[[email protected] sources]# systemctl stop firewalld
[[email protected] sources]# systemctl disable firewalld
[[email protected] sources]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
[[email protected] sources]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
3. 关闭selinux
[[email protected] sources]# setenforce 0
[[email protected] sources]# getenforce
只要显示Permissive或者Disabled就是成功
将SELINUX=enforcing改为SELINUX=disabled
[[email protected] sources]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
4. 如果生产环境需要开启selinux和防火墙的情况下则使用(直接复制整段进命令行运行即可):
echo -e "\\033[31m 1. 防火墙 Selinux 设置 \\033[0m" && if [ "$(systemctl status firewalld | grep running)" != "" ]; then firewall-cmd --zone=public --add-port=80/tcp --permanent; firewall-cmd --zone=public --add-port=2222/tcp --permanent; firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="172.17.0.0/16" port protocol="tcp" port="8080" accept"; firewall-cmd --reload; fi && if [ "$(getenforce)" != "Disabled" ]; then setsebool -P httpd_can_network_connect 1; fi
5. 配置中文环境(整段复制到命令行运行即可):
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && yum -y install kde-l10n-Chinese && localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 && export LC_ALL=zh_CN.UTF-8 && echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf
重新来登录即可
安装相关软件
依赖软件
wget #下载;epel-release #扩展源;sqlite-devel #数据库;xz #解压;gcc #编译器;automake #编译相关;zlib-devel #压缩;openssl-devel #加密;git #git相关
[[email protected] ~]# yum -y install wget epel-release sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git
......
更新完毕:
git.x86_64 0:1.8.3.1-20.el7
作为依赖被升级:
e2fsprogs.x86_64 0:1.42.9-13.el7
e2fsprogs-libs.x86_64 0:1.42.9-13.el7
krb5-libs.x86_64 0:1.15.1-37.el7_6
libcom_err.x86_64 0:1.42.9-13.el7
libselinux.x86_64 0:2.5-14.1.el7
libselinux-python.x86_64 0:2.5-14.1.el7
libselinux-utils.x86_64 0:2.5-14.1.el7
libsepol.x86_64 0:2.5-10.el7
libss.x86_64 0:1.42.9-13.el7
openssl.x86_64 1:1.0.2k-16.el7_6.1
openssl-libs.x86_64 1:1.0.2k-16.el7_6.1
perl-Git.noarch 0:1.8.3.1-20.el7
zlib.x86_64 0:1.2.7-18.el7
完毕!
编译安装python3.6.1
[[email protected] ~]# cd /server/sources/
[[email protected] sources]# ls
coco luna.tar.gz python-package
jumpserver Python-3.6.1.tar.xz
[[email protected] sources]# ./configure && make && make install
[[email protected] ~]# cd /server/sources/
[[email protected] sources]# tar xf Python-3.6.1.tar.xz
[[email protected] sources]# cd Python-3.6.1
cd /opt
tar xvf Python-3.6.1.tar.xz && cd Python-3.6.1
./configure && make -j 4 && make install
使用 Python 虚拟环境(使多版本的python互不影响,共存)
[[email protected] Python-3.6.1]# cd /opt/
[[email protected] opt]# python3 -m venv py3 #在opt目录下创建一个py3的虚拟环境
[[email protected] opt]# source /opt/py3/bin/
activate easy_install-3.6 python
activate.csh pip python3
activate.fish pip3
easy_install pip3.6
[[email protected] opt]# source /opt/py3/bin/activate
(py3) [[email protected] opt]# #切换成功的,前面有一个(py3)标识
安装 Jumpserver
这里用的版本是 Jumpserver 1.0.0
重新打开一个10.0.0.161的shell连接窗口(注意前面没有py3所以不是在python3的虚拟环境下运行)
①. 安装rpm依赖
[[email protected] ~]# cd /server/sources/jumpserver/requirements
[[email protected] requirements]# cat rpm_requirements.txt
libtiff-devel libjpeg-devel libzip-devel freetype-devel lcms2-devel libwebp-devel tcl-devel tk-devel sshpass openldap-devel mysql-devel libffi-devel openssh-clients
[[email protected] requirements]# yum install -y `cat rpm_requirements.txt`
②. 安装 Python 库依赖
在之前的 (py3) [[email protected] ~]# 窗口下进行
确保是这样的提示状态:
(py3) [[email protected] ~]#
如果不是请运行
[[email protected] ~]# source /opt/py3/bin/activate
(py3) [[email protected] ~]# #进入py3虚拟环境
(py3) [[email protected] ~]# pip -V
pip 9.0.1 from /opt/py3/lib/python3.6/site-packages (python 3.6)
(py3) [[email protected] requirements]# cd /server/sources/jumpserver/requirements #pip在线安装
(py3) [[email protected] ~]# pip install --upgrade pip -i https://mirrors.aliyun.com/pypi/simple/
v(py3) [[email protected] ~]# pip install -r /opt/jumpserver/requirements/requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
③. 安装 Redis, Jumpserver 使用 Redis 做 cache 和 celery broke
(注意命令行的提示前缀;这里都不是py3虚拟环境)
[[email protected] requirements]# yum -y install redis
[[email protected] requirements]# systemctl enable redis
Created symlink from /etc/systemd/system/multi-user.target.wants/redis.service to /usr/lib/systemd/system/redis.service.
[[email protected] requirements]# systemctl start redis
④. 安装 MySQL
[[email protected] requirements]# yum install mariadb mariadb-devel mariadb-server -y
[[email protected] requirements]# systemctl enable mariadb;systemctl start mariadb
⑤. 建数据库 Jumpserver 并授权
[[email protected] requirements]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \\g.
Your MariaDB connection id is 2
Server version: 5.5.60-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\\h' for help. Type '\\c' to clear the current input statement.
MariaDB [(none)]> create database jumpserver default charset 'utf8';
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit;
Bye
⑥. 改 Jumpserver 配置文件
将下载来的jumpserver移动到app目录下
[[email protected] requirements]# mkdir -p /server/app
[[email protected] requirements]# cd /server/app/
[[email protected] app]# cp -r /server/sources/jumpserver/ .
[[email protected] app]# ls
jumpserver
[[email protected] jumpserver]# cp config_example.py config.py
[[email protected] jumpserver]# vim config.py
#编辑class DevelopmentConfig(Config):这一段;因为默认使用该配置
class DevelopmentConfig(Config):
DEBUG = True
DB_ENGINE = 'mysql'
DB_HOST = '127.0.0.1'
DB_PORT = 3306
DB_USER = 'jumpserver'
DB_PASSWORD = '123456'
DB_NAME = 'jumpserver'
最终效果:
[[email protected] jumpserver]# cat config.py
"""
jumpserver.config
~~~~~~~~~~~~~~~~~
Jumpserver project setting file
:copyright: (c) 2014-2017 by Jumpserver Team
:license: GPL v2, see LICENSE for more details.
"""
import os
BASE_DIR = os.path.dirname(os.path.abspath(__file__))
class Config:
# Use it to encrypt or decrypt data
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = os.environ.get('SECRET_KEY') or '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
# Django security setting, if your disable debug model, you should setting that
ALLOWED_HOSTS = ['*']
# Development env open this, when error occur display the full process track, Production disable it
DEBUG = True
# DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
LOG_LEVEL = 'DEBUG'
LOG_DIR = os.path.join(BASE_DIR, 'logs')
# Database setting, Support sqlite3, mysql, postgres ....
# See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
# SQLite setting:
DB_ENGINE = 'sqlite3'
DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
# MySQL or postgres setting like:
# DB_ENGINE = 'mysql'
# DB_HOST = '127.0.0.1'
# DB_PORT = 3306
# DB_USER = 'root'
# DB_PASSWORD = ''
# DB_NAME = 'jumpserver'
# When Django start it will bind this host and port
# ./manage.py runserver 127.0.0.1:8080
HTTP_BIND_HOST = '0.0.0.0'
HTTP_LISTEN_PORT = 8080
# Use Redis as broker for celery and web socket
REDIS_HOST = '127.0.0.1'
REDIS_PORT = 6379
REDIS_PASSWORD = ''
BROKER_URL = 'redis://%(password)s%(host)s:%(port)s/3' %
'password': REDIS_PASSWORD,
'host': REDIS_HOST,
'port': REDIS_PORT,
def __init__(self):
pass
def __getattr__(self, item):
return None
#class DevelopmentConfig(Config):
# pass
class DevelopmentConfig(Config):
DEBUG = True
DB_ENGINE = 'mysql'
DB_HOST = '127.0.0.1'
DB_PORT = 3306
DB_USER = 'jumpserver'
DB_PASSWORD = '123456'
DB_NAME = 'jumpserver'
class TestConfig(Config):
pass
class ProductionConfig(Config):
pass
# Default using Config settings, you can write if/else for different env
config = DevelopmentConfig()
⑦. 数据库表结构和初始化数据
(py3)虚拟环境下进行;且确保之前的pip已经安装完成了
(py3) [[email protected] jumpserver]# cd /server/app/jumpserver/utils
(py3) [[email protected] utils]# bash make_migrations.sh
⑧. 运行jumpserver
(py3) [[email protected] utils]# cd /server/app/jumpserver/
(py3) [[email protected] jumpserver]# chmod +x jms
(py3) [[email protected] jumpserver]# ./jms start all -d #-d后台运行
jumpserver的使用方法:./jms start|stop|status|restart all
⑨. 访问测试
http://10.0.0.161:8080/
默认 账号:admin
密码:admin
安装 组件
在web页面上点击web终端
会看到:
Luna是单独部署的一个程序,你需要部署luna,coco,配置nginx做url分发, 如果你看到了这个页面,证明你访问的不是nginx监听的端口,祝你好运
所以接下来,我们安装luna和coco
安装coco
coco实现了
SSH Server 和 Web Terminal Server 的组件,提供 SSH 和 WebSocket 接口,
使用 Paramiko 和 Flask 开发
(py3) [[email protected] coco]# cd /server/sources/coco/requirements/
(py3) [[email protected] requirements]# yum install `cat rpm_requirements.txt`
(py3) [[email protected] requirements]# pip install -r requirements.txt -i https://mirrors.aliyun.com/pypi/simple/
(py3) [[email protected] requirements]# cp -r /server/sources/coco/ /server/app/
(py3) [[email protected] requirements]# cd /server/app/coco/
(py3) [[email protected] coco]# cp conf_example.py conf.py
(py3) [[email protected] coco]# chmod +x cocod
(py3) [[email protected] coco]# ./cocod start -d
Start coco process
使用方法:./cocod start|stop|status|restart
安装Web-Terminal前端-Luna组件
Luna概述:Luna现在是 Web Terminal 前端,计划前端页面都由该项目提供,Jumpserver 只提供 API,不再负责后台渲染html等
(py3) [[email protected] coco]# cd /server/sources/
(py3) [[email protected] sources]# tar xf luna.tar.gz
(py3) [[email protected] sources]# cp -r luna /server/app/
配置Nginx整合各组件
(py3) [[email protected] sources]# yum -y install nginx
(py3) [[email protected] sources]# vim /etc/nginx/^Cinx.conf
将原先的server 段全部替换掉
** 最终的结果如下:**
(py3) [[email protected] nginx]# grep -Ev "#|^$" /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events
worker_connections 1024;
http
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
server
listen 80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location /luna/
try_files $uri / /index.html;
alias /server/app/luna/;
location /media/
add_header Content-Encoding gzip;
root /server/app/jumpserver/data/;
location /static/
root /server/app/jumpserver/data/;
location /socket.io/
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
location /
(py3) [[email protected] sources]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
运行 Nginx
(py3) [[email protected] nginx]# systemctl start nginx
(py3) [[email protected] nginx]# systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
在web页面上点击
默认信息,确认即可
服务器终端测试:
(py3) [[email protected] nginx]# ssh -p2222 [email protected]
The authenticity of host '[10.0.0.161]:2222 ([10.0.0.161]:2222)' can't be established.
RSA key fingerprint is SHA256:8MCnHK0t1yfaxyf6fFq1e93fE9JDBc4hG00OlnWelXY.
RSA key fingerprint is MD5:b5:6d:74:d6:00:90:f4:93:8f:b8:de:33:14:ea:6b:ee.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[10.0.0.161]:2222' (RSA) to the list of known hosts.
[email protected]'s password: #admin的密码admin
Administrator, 欢迎使用Jumpserver开源跳板机系统
1) 输入 ID 直接登录 或 输入部分 IP,主机名,备注 进行搜索登录(如果唯一).
2) 输入 / + IP, 主机名 or 备注 搜索. 如: /ip
3) 输入 P/p 显示您有权限的主机.
4) 输入 G/g 显示您有权限的主机组.
5) 输入 G/g + 组ID 显示该组下主机. 如: g1
6) 输入 H/h 帮助.
0) 输入 Q/q 退出.
用10.0.0.161就可以直接访问了,不要再加8080
到此安装成功
自建服务器极速安装步骤
0. 防火墙、Selinux 设置
echo -e "\\033[31m 1. 防火墙 Selinux 设置 \\033[0m" && if [ "$(systemctl status firewalld | grep running)" != "" ]; then firewall-cmd --zone=public --add-port=80/tcp --permanent; firewall-cmd --zone=public --add-port=2222/tcp --permanent; firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="172.17.0.0/16" port protocol="tcp" port="8080" accept"; firewall-cmd --reload; fi && if [ "$(getenforce)" != "Disabled" ]; then setsebool -P httpd_can_network_connect 1; fi
1. 部署环境
echo -e "\\033[31m 2. 部署环境 \\033[0m" && yum update -y && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && yum -y install kde-l10n-Chinese && localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 && export LC_ALL=zh_CN.UTF-8 && echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf && yum -y install wget gcc epel-release git && yum install -y yum-utils device-mapper-persistent-data lvm2 && yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo && yum makecache fast && rpm --import https://mirrors.aliyun.com/docker-ce/linux/centos/gpg && echo -e "[nginx-stable]\\nname=nginx stable repo\\nbaseurl=http://nginx.org/packages/centos/\\$releasever/\\$basearch/\\ngpgcheck=1\\nenabled=1\\ngpgkey=https://nginx.org/keys/nginx_signing.key" > /etc/yum.repos.d/nginx.repo && rpm --import https://nginx.org/keys/nginx_signing.key && yum -y install redis mariadb mariadb-devel mariadb-server mariadb-shared nginx docker-ce && systemctl enable redis mariadb nginx docker && systemctl start redis mariadb && yum -y install python36 python36-devel && python3.6 -m venv /opt/py3
下载组件
echo -e "\\033[31m 3. 下载组件 \\033[0m" && cd /opt && if [ ! -d "/opt/jumpserver" ]; then git clone https://github.com/jumpserver/jumpserver.git; cd /opt/jumpserver; git checkout 1.4.8; cd /opt; fi && if [ ! -f "/opt/luna.tar.gz" ]; then wget https://demo.jumpserver.org/download/luna/1.4.8/luna.tar.gz; tar xf luna.tar.gz; chown -R root:root luna; fi && yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt) && source /opt/py3/bin/activate && pip install --upgrade pip setuptools -i https://mirrors.aliyun.com/pypi/simple/ && pip install -r /opt/jumpserver/requirements/requirements.txt -i https://mirrors.aliyun.com/pypi/simple/ && curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io && systemctl restart docker && docker pull jumpserver/jms_coco:1.4.8 && docker pull jumpserver/jms_guacamole:1.4.8 && rm -rf /etc/nginx/conf.d/default.conf && wget -O /etc/nginx/conf.d/jumpserver.conf https://demo.jumpserver.org/download/nginx/conf.d/jumpserver.conf
处理配置文件
echo -e "\\033[31m 4. 处理配置文件 \\033[0m" && if [ "$DB_PASSWORD" = "" ]; then DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24`; fi && if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; fi && if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; fi && if [ "$Server_IP" = "" ]; then Server_IP=`ip addr | grep inet | egrep -v '(127.0.0.1|inet6|docker)' | awk 'print $2' | tr -d "addr:" | head -n 1 | cut -d / -f1`; fi && if [ ! -d "/var/lib/mysql/jumpserver" ]; then mysql -uroot -e "create database jumpserver default charset 'utf8';grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD';flush privileges;"; fi && if [ ! -f "/opt/jumpserver/config.yml" ]; then cp /opt/jumpserver/config_example.yml /opt/jumpserver/config.yml; sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml; sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml; sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml; sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml; sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml; sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml; fi
启动 Jumpserve
echo -e "\\033[31m 5. 启动 Jumpserver \\033[0m" && systemctl start nginx && cd /opt/jumpserver && ./jms start -d && docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_coco:1.4.8 && docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_guacamole:1.4.8 && echo -e "\\033[31m 你的数据库密码是 $DB_PASSWORD \\033[0m" && echo -e "\\033[31m 你的SECRET_KEY是 $SECRET_KEY \\033[0m" && echo -e "\\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \\033[0m" && echo -e "\\033[31m 你的服务器IP是 $Server_IP \\033[0m" && echo -e "\\033[31m 请打开浏览器访问 http://$Server_IP 用户名:admin 密码:admin \\033[0m"
配置自启
echo -e "\\033[31m 6. 配置自启 \\033[0m" && if [ ! -f "/usr/lib/systemd/system/jms.service" ]; then wget -O /usr/lib/systemd/system/jms.service https://demo.jumpserver.org/download/shell/centos/jms.service; chmod 755 /usr/lib/systemd/system/jms.service; fi && if [ ! -f "/opt/start_jms.sh" ]; then wget -O /opt/start_jms.sh https://demo.jumpserver.org/download/shell/centos/start_jms.sh; fi && if [ ! -f "/opt/stop_jms.sh" ]; then wget -O /opt/stop_jms.sh https://demo.jumpserver.org/download/shell/centos/stop_jms.sh; fi && if [ "$(cat /etc/rc.local | grep start_jms.sh)" == "" ]; then echo "sh /opt/start_jms.sh" >> /etc/rc.local; chmod +x /etc/rc.d/rc.local; fi && echo -e "\\033[31m 启动停止的脚本在 /opt 目录下, 如果自启失败可以手动启动 \\033[0m"
以上是关于堡垒机-jumpserver的主要内容,如果未能解决你的问题,请参考以下文章