Jumpserver的部署和使用
阿新 • • 發佈:2020-08-07
1.Jumpserver簡介
JumpServer 是全球首款完全開源的堡壘機, 使用 GNU GPL v2.0 開源協議, 是符合 4A 的專業運維審計系統。
JumpServer 使用 Python / Django 進行開發, 遵循 Web 2.0 規範, 配備了業界領先的 Web Terminal 解決方案, 互動介面美觀、使用者體驗好。
JumpServer 採納分散式架構, 支援多機房跨區域部署, 中心節點提供 API, 各機房部署登入節點, 可橫向擴充套件、無併發訪問限制。
JumpServer 現已支援管理 SSH、 Telnet、 RDP、 VNC 協議資產。
更多詳細資訊,請參考官方地址: https://docs.jumpserver.org/zh/master/
1.特色優勢
- 開源: 零門檻,線上快速獲取和安裝;
- 分散式: 輕鬆支援大規模併發訪問;
- 無外掛: 僅需瀏覽器,極致的 Web Terminal 使用體驗;
- 多雲支援: 一套系統,同時管理不同雲上面的資產;
- 雲端儲存: 審計錄影雲端儲存,永不丟失;
- 多租戶: 一套系統,多個子公司和部門同時使用。
2.功能列表
2.JumpServer的部署
我這裡按照容器的方式進行部署。
1.環境要求
硬體配置: 2個CPU核心, 4G 記憶體, 50G 硬碟(最低) 作業系統: Linux 發行版 x86_64 Python = 3.6.x Mysql Server ≥ 5.6 Mariadb Server ≥ 5.5.56 Redis
提前安裝好docker環境
2.部署mysql服務
[root@jumpserver-no ~]# docker pull mysql:5.7 [root@jumpserver-no ~]# mkdir /iflytek/mysql/mysql.conf.d -pv [root@jumpserver-no ~]# mkdir /iflytek/mysql/conf.d -p [root@jumpserver-no ~]# mkdir /iflytek/mysql/data [root@jumpserver-no mysql]# cat /iflytek/mysql/mysql.conf.d/mysqld.cnf # Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved. # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License, version 2.0, # as published by the Free Software Foundation. # # This program is also distributed with certain software (including # but not limited to OpenSSL) that is licensed under separate terms, # as designated in a particular file or component or in included license # documentation. The authors of MySQL hereby grant you an additional # permission to link the program and your derivative works with the # separately licensed software that they have included with MySQL. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License, version 2.0, for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA # # The MySQL Server configuration file. # # For explanations see # http://dev.mysql.com/doc/mysql/en/server-system-variables.html [mysqld] pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock datadir = /var/lib/mysql #log-error = /var/log/mysql/error.log # By default we only accept connections from localhost #bind-address = 127.0.0.1 # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 [root@jumpserver-no mysql]# cat /iflytek/mysql/conf.d/mysql.cnf [mysql] default-character-set=utf8 [root@jumpserver-no ~]# docker run -it -d -p 3306:3306 -v /iflytek/mysql/mysql.conf.d/mysqld.cnf:/etc/mysql/mysql.conf.d/mysqld.cnf -v /iflytek/mysql/conf.d/mysql.cnf:/etc/mysql/conf.d/mysql.cnf -v /iflytek/mysql/data/:/var/lib/mysql -e MYSQL_ROOT_PASSWORD="Liu@2020" mysql:5.7 9c7b2bc71c84137b10430d9f0e41f80ec63997e65390e1a64160dffcef853c64 [root@jumpserver-no mysql]# yum install mysql-client [root@jumpserver-no mysql]# mysql -uroot -pLiu@2020 -h172.31.242.80 mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 2 Server version: 5.7.31 MySQL Community Server (GPL) Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | sys | +--------------------+ 4 rows in set (0.00 sec) mysql> show global variables where variable_name like 'character%'; +--------------------------+----------------------------+ | Variable_name | Value | +--------------------------+----------------------------+ | character_set_client | latin1 | | character_set_connection | latin1 | | character_set_database | latin1 | | character_set_filesystem | binary | | character_set_results | latin1 | | character_set_server | latin1 | | character_set_system | utf8 | | character_sets_dir | /usr/share/mysql/charsets/ | +--------------------------+----------------------------+ 8 rows in set (0.00 sec) mysql> create database jumpserver default charset 'utf8' collate 'utf8_bin'; Query OK, 1 row affected (0.00 sec) mysql> grant all on jumpserver.* to 'jumpserver'@'%' identified by 'Liu@2020'; Query OK, 0 rows affected, 1 warning (0.00 sec)