centos7安装jumpserver3.0跳板机
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了centos7安装jumpserver3.0跳板机相关的知识,希望对你有一定的参考价值。
Jumpserver是一款由python编写, Django开发的开源跳板机/堡垒机系统, 助力互联网企业高效 用户、资产、权限、审计 管理。jumpserver实现了跳板机应有的功能,基于ssh协议来管理,客户端无需安装agent。Jumpserver特点:
1)完全开源,GPL授权
2)Python编写,容易再次开发
3)实现了跳板机基本功能,身份认证、访问控制、授权、审计 、批量操作等。
4)集成了Ansible,批量命令等
5)支持WebTerminal
6)Bootstrap编写,界面美观
7)自动收集硬件信息
8)录像回放
9)命令搜索
10)实时监控
11)批量上传下载
不多做介绍了,下面就Jumpserver安装及功能使用做一记录:
安装jumpserver 3.0版本,相对于jumpserver 2.0版本,在新的版本3.0中取消了LDAP授权,取而代之的是ssh进行推送;界面也有所变化,功能更完善,安装更简单。本案例操作系统是Centos7.2 1)关闭jumpserver部署机的iptables和selinux 2)安装依赖包[[email protected]-vm001 opt]# yum -y install git python-pip mysql-devel gcc automake autoconf python-devel vim sshpass lrzsz readline-devel 3)下载jumpserver V3.0下载地址:https://pan.baidu.com/s/1nv4zVCX提取密码:vcbg connect.py connect.pyc docs install jasset jlog jperm jumpserver jumpserver.conf juser keys LICENSE logs manage.py README.md run_websocket.py service.sh static templatesdeveloper_doc.txt initial_data.yaml install.py install.pyc next.py requirements.txt zzjumpserver.sh 4)执行快速安装脚本5)查看安装的包[[email protected]-vm001 install]# pip freeze
6) 安装并启动MariaDB[[email protected]-vm001 install]# systemctl enable mariadb
7)在MariaDB数据库中创建jumpserver库,并授权连接MariaDB [(none)]> create database jumpserver;Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all on jumpserver.* to [email protected]'172.16.220.%' identified by "123456";Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> grant all on jumpserver.* to [email protected]'172.16.220.%' identified by "123456";Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> flush privileges;Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]>
8)接着继续执行install安装请务必先查看wiki https://github.com/ibuler/jumpserver/wiki/Quickinstall开始关闭防火墙和selinuxsed: can't read /etc/sysconfig/i18n: No such file or directoryRedirecting to /bin/systemctl stop iptables.serviceFailed to stop iptables.service: Unit iptables.service not loaded. 请输入您服务器的IP地址,用户浏览器可以访问 []: 172.16.220.128 //这个是Jumpserver部署机的ip地址是否安装新的MySQL服务器? (y/n) [y]: n请输入数据库服务器IP [127.0.0.1]: 172.16.220.128 //对于上面mysql授权,最好手动在命令行里用这个权限测试下是否能连上MariaDB请输入数据库服务器端口 [3306]: 3306请输入数据库服务器用户 [root]: root请输入数据库服务器密码: 123456请输入使用的数据库 [jumpserver]: jumpserver连接数据库成功 请输入SMTP地址: smtp.163.com //(腾讯企业邮箱的smtp地址:smtp.exmail.qq.com)请输入SMTP端口 [25]: 25 //要确保本机能正常发邮件。即telnet smtp.163.com 25要能通请输入账户: [email protected]163.com请输入密码: [email protected]23232323sd 是否继续? (y/n) [y]: y开始写入配置文件开始安装Jumpserver开始更新jumpserverCreating tables ...Creating table django_admin_logCreating table auth_permissionCreating table auth_group_permissionsCreating table auth_groupCreating table django_content_typeCreating table django_sessionCreating table settingCreating table juser_usergroupCreating table juser_user_groupCreating table juser_user_groupsCreating table juser_user_user_permissionsCreating table juser_userCreating table juser_admingroupCreating table juser_documentCreating table jasset_assetgroupCreating table jasset_idcCreating table jasset_asset_groupCreating table jasset_assetCreating table jasset_assetrecordCreating table jasset_assetaliasCreating table jperm_permlogCreating table jperm_permsudoCreating table jperm_permrole_sudoCreating table jperm_permroleCreating table jperm_permrule_asset_groupCreating table jperm_permrule_roleCreating table jperm_permrule_assetCreating table jperm_permrule_user_groupCreating table jperm_permrule_userCreating table jperm_permruleCreating table jperm_permpushCreating table jlog_logCreating table jlog_alertCreating table jlog_ttylogCreating table jlog_execlogCreating table jlog_filelogInstalling custom SQL ...Installing indexes ...Installed 0 object(s) from 0 fixture(s) 请输入管理员用户名 [admin]: adminStarting jumpsever service: [ OK ] 安装成功,请访问web, 祝你使用愉快。请访问 https://github.com/ibuler/jumpserver 查看文档 9)运行 crontab,定期处理失效连接,定期更新资产信息 adding cronjob: (3718e5baf203ed0f54703b2f0b7e9e16) -> ('0 1 * * *', 'jasset.asset_api.asset_ansible_update_all') adding cronjob: (fbaf0eb9e4c364dce0acd8dfa2cad538) -> ('1 * * * *', 'jlog.log_api.kill_invalid_connection') 上面命令执行后,查看crontab任务列表0 1 * * * /usr/bin/python /data/jumpserver/manage.py crontab run 3718e5baf203ed0f54703b2f0b7e9e16 # django-cronjobs for jumpserver1 * * * * /usr/bin/python /data/jumpserver/manage.py crontab run fbaf0eb9e4c364dce0acd8dfa2cad538 # django-cronjobs for jumpserver 10)jumpserver启动如上安装后,jumpserver服务就会自动起来了COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEpython 17994 root 3u IPv4 1604206 0t0 TCP *:http (LISTEN) Jumpserver的启动和重启 11)访问JumpserverCOMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEpython 34323 root 4u IPv4 66808 0t0 TCP *:http (LISTEN) 以上是关于centos7安装jumpserver3.0跳板机的主要内容,如果未能解决你的问题,请参考以下文章