#环境:
10.0.0.150 centos8
#安装docker-ce
[root@jumpserver ~]#yum install -y yum-utils device-mapper-persistent-data lvm2
[root@jumpserver ~]#yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@jumpserver ~]#sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
[root@jumpserver ~]#dnf install https://download.docker.com/linux/centos/8/x86_64/stable/Packages/containerd.io-1.4.3-3.1.el8.x86_64.rpm --allowerasing
[root@jumpserver ~]#yum install -y docker-ce docker-ce-cli
#配置镜像加速,使用docker下载镜像时,默认使用的是官方镜像库,修改成阿里的镜像库,下载镜像更快
[root@jumpserver ~]#vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://e6rzmd2z.mirror.aliyuncs.com"]
}
[root@jumpserver ~]#systemctl daemon-reload
[root@jumpserver ~]#systemctl restart docker
[root@jumpserver ~]#docker info
#安装mysql
[root@jumpserver ~]#docker run --rm --name mysql -e MYSQL_ROOT_PASSWORD=123456 -e MYSQL_DATABASE=jumpserver -e MYSQL_USER=jumpserver -e MYSQL_PASSWORD=123456 -d -p 3306:3306 mysql:5.7.30
Unable to find image 'mysql:5.7.30' locally
5.7.30: Pulling from library/mysql
8559a31e96f4: Pull complete
d51ce1c2e575: Pull complete
c2344adc4858: Pull complete
fcf3ceff18fc: Pull complete
16da0c38dc5b: Pull complete
b905d1797e97: Pull complete
4b50d1c6b05c: Pull complete
d85174a87144: Pull complete
a4ad33703fa8: Pull complete
f7a5433ce20d: Pull complete
3dcd2a278b4a: Pull complete
Digest: sha256:32f9d9a069f7a735e28fd44ea944d53c61f990ba71460c5c183e610854ca4854
Status: Downloaded newer image for mysql:5.7.30
e51e25f5904aab18a35f11d5b8fd3f40edcd8741e9eccdc758bb64d3b9749d84
#查看mysql的容器配置是否符合jumpserver的要求,结果是不符合,需要自行准备配置文件。
[root@jumpserver ~]#docker exec -it mysql bash
root@e51e25f5904a:/# mysql -uroot -p123456
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.30 MySQL Community Server (GPL)
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show create database jumpserver;
+------------+-----------------------------------------------------------------------+
| Database | Create Database |
+------------+-----------------------------------------------------------------------+
| jumpserver | CREATE DATABASE `jumpserver` /*!40100 DEFAULT CHARACTER SET latin1 */ |
+------------+-----------------------------------------------------------------------+
1 row in set (0.01 sec)
mysql> select user,host from mysql.user;
+---------------+-----------+
| user | host |
+---------------+-----------+
| jumpserver | % |
| root | % |
| mysql.session | localhost |
| mysql.sys | localhost |
| root | localhost |
+---------------+-----------+
5 rows in set (0.00 sec)
mysql> exit
Bye
root@e51e25f5904a:/# cat /etc/mysql/mysql.cnf
# Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License, version 2.0,
# as published by the Free Software Foundation.
#
# This program is also distributed with certain software (including
# but not limited to OpenSSL) that is licensed under separate terms,
# as designated in a particular file or component or in included license
# documentation. The authors of MySQL hereby grant you an additional
# permission to link the program and your derivative works with the
# separately licensed software that they have included with MySQL.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License, version 2.0, for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/mysql.conf.d/
root@e51e25f5904a:/# ls -lR /etc/mysql
/etc/mysql:
total 8
drwxr-xr-x 2 root root 62 Jun 9 2020 conf.d
lrwxrwxrwx 1 root root 24 Jun 9 2020 my.cnf -> /etc/alternatives/my.cnf
-rw-r--r-- 1 root root 839 Aug 3 2016 my.cnf.fallback
-rw-r--r-- 1 root root 1215 Mar 23 2020 mysql.cnf
drwxr-xr-x 2 root root 24 Jun 9 2020 mysql.conf.d
/etc/mysql/conf.d:
total 12
-rw-r--r-- 1 root root 43 Jun 9 2020 docker.cnf
-rw-r--r-- 1 root root 8 Aug 3 2016 mysql.cnf
-rw-r--r-- 1 root root 55 Aug 3 2016 mysqldump.cnf
/etc/mysql/mysql.conf.d:
total 4
-rw-r--r-- 1 root root 1610 Jun 9 2020 mysqld.cnf
root@e51e25f5904a:/# grep '^[^#]' /etc/mysql/mysql.conf.d/mysqld.cnf
[mysqld]
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
datadir = /var/lib/mysql
symbolic-links=0
root@e51e25f5904a:/# cat /etc/mysql/conf.d/mysql.cnf
[mysql]
root@e51e25f5904a:/# exit
exit
[root@jumpserver ~]#docker stop mysql
#在宿主机准备mysql配置文件
[root@jumpserver ~]#mkdir -p /etc/mysql/mysql.conf.d/
[root@jumpserver ~]#mkdir -p /etc/mysql/conf.d/
[root@jumpserver ~]#tee /etc/mysql/mysql.conf.d/mysqld.cnf << EOF
> [mysql]
> pid-file= /var/run/mysqld/mysqld.pid
> socket= /var/run/mysqld/mysqld.sock
> datadir= /var/lib/mysql
> symbolic-links=0
> character-set-server=utf8
> EOF
[mysqld]
pid-file=/var/run/mysqld/mysqld.pid
socket=/var/run/mysqld/mysqld.sock
datadir=/var/lib/mysql
symbolic-links=0
character-set-server=utf8
[root@jumpserver ~]#tee /etc/mysql/conf.d/mysql.cnf <<EOF
> [mysql]
> default-character-set=utf8
> EOF
[mysql]
default-character-set=utf8
#启动容器,并挂载本地配置文件到容器。
[root@jumpserver ~]#rm -rf /data/mysql/*
[root@jumpserver ~]#docker run -d -p 3306:3306 --name mysql --restart always -e MYSQL_ROOT_PASSWORD=123456 -e MYSQL_DATABASE=jumpserver -e MYSQL_USER=jumpserver -e MYSQL_PASSWORD=123456 -v /data/mysql/:/var/lib/mysql -v /etc/mysql/mysql.conf.d/mysqld.cnf:/etc/mysql/mysql.conf.d/mysqld.cnf -v /etc/mysql/conf.d/mysql.cnf:/etc/mysql/conf.d/mysql.cnf mysql:5.7.30
#验证mysql
[root@jumpserver ~]#docker exec -it mysql sh
# mysql -p123456 -e 'show variables like "character%"'
mysql: [Warning] Using a password on the command line interface can be insecure.
+--------------------------+----------------------------+
| Variable_name | Value |
+--------------------------+----------------------------+
| character_set_client | utf8 |
| character_set_connection | utf8 |
| character_set_database | utf8 |
| character_set_filesystem | binary |
| character_set_results | utf8 |
| character_set_server | utf8 |
| character_set_system | utf8 |
| character_sets_dir | /usr/share/mysql/charsets/ |
+--------------------------+----------------------------+
# mysql -p123456 -e 'show variables like "collation%"'
mysql: [Warning] Using a password on the command line interface can be insecure.
+----------------------+-----------------+
| Variable_name | Value |
+----------------------+-----------------+
| collation_connection | utf8_general_ci |
| collation_database | utf8_general_ci |
| collation_server | utf8_general_ci |
+----------------------+-----------------+
# cat /var/lib/mysql/jumpserver/db.opt
default-character-set=utf8
default-collation=utf8_general_ci
# cat /etc/mysql/mysql.conf.d/mysqld.cnf
[mysqld]
socket=/var/run/mysqld/mysqld.sock
pid-file=/var/run/mysqld/mysqld.pid
datadir=/var/lib/mysql
symbolic-links=0
character-set-server=utf8
# cat /etc/mysql/conf.d/mysql.cnf
[mysql]
default-character-set=utf8
# mysql -p123456 -e 'select user,host from mysql.user'
mysql: [Warning] Using a password on the command line interface can be insecure.
+---------------+-----------+
| user | host |
+---------------+-----------+
| jumpserver | % |
| root | % |
| mysql.session | localhost |
| mysql.sys | localhost |
| root | localhost |
+---------------+-----------+
# ls /var/lib/mysql/ -l
total 188484
-rw-r----- 1 mysql mysql 56 Aug 27 06:55 auto.cnf
-rw------- 1 mysql mysql 1676 Aug 27 06:55 ca-key.pem
-rw-r--r-- 1 mysql mysql 1112 Aug 27 06:55 ca.pem
-rw-r--r-- 1 mysql mysql 1112 Aug 27 06:55 client-cert.pem
-rw------- 1 mysql mysql 1680 Aug 27 06:55 client-key.pem
-rw-r----- 1 mysql mysql 1346 Aug 27 06:55 ib_buffer_pool
-rw-r----- 1 mysql mysql 50331648 Aug 27 06:55 ib_logfile0
-rw-r----- 1 mysql mysql 50331648 Aug 27 06:55 ib_logfile1
-rw-r----- 1 mysql mysql 79691776 Aug 27 06:55 ibdata1
-rw-r----- 1 mysql mysql 12582912 Aug 27 06:55 ibtmp1
drwxr-x--- 2 mysql mysql 20 Aug 27 06:55 jumpserver
drwxr-x--- 2 mysql mysql 4096 Aug 27 06:55 mysql
drwxr-x--- 2 mysql mysql 8192 Aug 27 06:55 performance_schema
-rw------- 1 mysql mysql 1676 Aug 27 06:55 private_key.pem
-rw-r--r-- 1 mysql mysql 452 Aug 27 06:55 public_key.pem
-rw-r--r-- 1 mysql mysql 1112 Aug 27 06:55 server-cert.pem
-rw------- 1 mysql mysql 1676 Aug 27 06:55 server-key.pem
drwxr-x--- 2 mysql mysql 8192 Aug 27 06:55 sys
#使用另外一台主机,远程连接mysql数据库测试
[root@ha2 ~]#yum install -y mariadb
[root@ha2 ~]#mysql -ujumpserver -p123456 -h10.0.0.150
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.7.30 MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MySQL [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| jumpserver |
+--------------------+
2 rows in set (0.001 sec)
#安装redis服务
[root@jumpserver ~]#docker run -d -p 6379:6379 --name redis --restart always redis:5.0.9
Unable to find image 'redis:5.0.9' locally
5.0.9: Pulling from library/redis
bb79b6b2107f: Pull complete
1ed3521a5dcb: Pull complete
5999b99cee8f: Pull complete
bfee6cb5fdad: Pull complete
fd36a1ebc672: Pull complete
97481c7992eb: Pull complete
Digest: sha256:2a9865e55c37293b71df051922022898d8e4ec0f579c9b53a0caee1b170bc81c
Status: Downloaded newer image for redis:5.0.9
ea09afe8bcf829aa3701eba4dd36b1f693ec068e84dc3691d07191d34929f774
#使用另外一台主机,远程连接redis数据库测试
[root@ha2 ~]#redis-cli -h 10.0.0.150
10.0.0.150:6379> server
(error) ERR unknown command `server`, with args beginning with:
10.0.0.150:6379> info
# Server
redis_version:5.0.9
redis_git_sha1:00000000
redis_git_dirty:0
redis_build_id:9f4bb002aa1b31e6
#部署jumpserver
#需要先生成 key 和 token
[root@ha2 ~]#vim key.sh
#!/bin/bash
#================================================================
# Copyright (C) 2022 IEucd Inc. All rights reserved.
#
# 文件名称:key.sh
# 创 建 者:TanLiang
# 创建日期:2022年08月27日
# 描 述:This is a test file
#
#================================================================
#!/bin/bash
if [ ! "$SECRET_KEY" ]; then
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`;
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc;
echo $SECRET_KEY;
else
echo $SECRET_KEY;
fi
if [ ! "$BOOTSTRAP_TOKEN" ]; then
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`;
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc;
echo $BOOTSTRAP_TOKEN;
else
echo $BOOTSTRAP_TOKEN;
fi
[root@ha2 ~]#bash key.sh
uHv3vWGyuCdwwg1WMewR2GglrEfx6KMwrYZI02QaHVmOhgIhNw
IARJRIMRevMsuN4a
[root@ha2 ~]#tail -n2 .bashrc
SECRET_KEY=uHv3vWGyuCdwwg1WMewR2GglrEfx6KMwrYZI02QaHVmOhgIhNw
BOOTSTRAP_TOKEN=IARJRIMRevMsuN4a
#运行jumpserver2.1.2版本
[root@jumpserver ~]#docker run --name jms_all -d -v /opt/jumpserver/data:/opt/jumpserver/data -p 80:80 -p 2222:2222 -e SECRET_KEY=uHv3vWGyuCdwwg1WMewR2GglrEfx6KMwrYZI02QaHVmOhgIhNw -e BOOTSTRAP_TOKEN=IARJRIMRevMsuN4a -e DB_HOST=10.0.0.150 -e DB_PORT=3306 -e DB_USER=root -e DB_PASSWORD=123456 -e DB_NAME=jumpserver -e REDIS_HOST=10.0.0.150 -e REDIS_PORT=6379 -e REDIS_PASSWORD='' jumpserver/jms_all:v2.1.2
14619b1078f7a349b3941f84db746d649b795a30fbdd5b51a5fa2a7fe4deb281
#验证是否成功,查看日志
[root@jumpserver ~]#docker logs -f jms_all
2022-08-27 15:15:41 Sat Aug 27 15:15:41 2022
2022-08-27 15:15:41 Jumpserver version v2.1.2, more see https://www.jumpserver.org
2022-08-27 15:15:41 Check database connection ...
users
[ ] 0001_initial
[ ] 0002_auto_20171225_1157_squashed_0019_auto_20190304_1459 (18 squashed migrations)
[ ] 0020_auto_20190612_1825
[ ] 0021_auto_20190625_1104
[ ] 0022_auto_20190625_1105
[ ] 0023_auto_20190724_1525
[ ] 0024_auto_20191118_1612
[ ] 0025_auto_20200206_1216
[ ] 0026_auto_20200508_2105
[ ] 0027_auto_20200616_1503
2022-08-27 15:15:44 Database connect success
2022-08-27 15:15:44 Check database structure change ...
2022-08-27 15:15:44 Migrate model change to database ...
Operations to perform:
Apply all migrations: admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, ops, orgs, perms, sessions, settings, terminal, tickets, users
Running migrations:
Applying contenttypes.0001_initial... OK
Applying contenttypes.0002_remove_content_type_name... OK
Applying auth.0001_initial... OK
Applying auth.0002_alter_permission_name_max_length... OK
Applying auth.0003_alter_user_email_max_length... OK
Applying auth.0004_alter_user_username_opts... OK
Applying auth.0005_alter_user_last_login_null... OK
Applying auth.0006_require_contenttypes_0002... OK
Applying auth.0007_alter_validators_add_error_messages... OK
Applying auth.0008_alter_user_username_max_length... OK
Applying users.0001_initial... OK
Applying admin.0001_initial... OK
Applying admin.0002_logentry_remove_auto_add... OK
Applying admin.0003_logentry_add_action_flag_choices... OK
Applying users.0002_auto_20171225_1157_squashed_0019_auto_20190304_1459... OK
Applying assets.0001_initial... OK
Applying perms.0001_initial... OK
Applying assets.0002_auto_20180105_1807_squashed_0009_auto_20180307_1212... OK
Applying assets.0010_auto_20180307_1749_squashed_0019_auto_20180816_1320... OK
Applying perms.0002_auto_20171228_0025_squashed_0009_auto_20180903_1132... OK
Applying perms.0003_action... OK
Applying perms.0004_assetpermission_actions... OK
Applying assets.0020_auto_20180816_1652... OK
Applying assets.0021_auto_20180903_1132... OK
Applying assets.0022_auto_20181012_1717... OK
Applying assets.0023_auto_20181016_1650... OK
Applying assets.0024_auto_20181219_1614... OK
Applying assets.0025_auto_20190221_1902... OK
Applying assets.0026_auto_20190325_2035... OK
Applying applications.0001_initial... OK
Applying perms.0005_auto_20190521_1619... OK
Applying perms.0006_auto_20190628_1921... OK
Applying perms.0007_remove_assetpermission_actions... OK
Applying perms.0008_auto_20190911_1907... OK
Applying assets.0027_auto_20190521_1703... OK
Applying assets.0028_protocol... OK
Applying assets.0029_auto_20190522_1114... OK
Applying assets.0030_auto_20190619_1135... OK
Applying assets.0031_auto_20190621_1332... OK
Applying assets.0032_auto_20190624_2108... OK
Applying assets.0033_auto_20190624_2108... OK
Applying assets.0034_auto_20190705_1348... OK
Applying assets.0035_auto_20190711_2018... OK
Applying assets.0036_auto_20190716_1535... OK
Applying assets.0037_auto_20190724_2002... OK
Applying assets.0038_auto_20190911_1634... OK
Applying perms.0009_remoteapppermission_system_users... OK
Applying applications.0002_remove_remoteapp_system_user... OK
Applying applications.0003_auto_20191210_1659... OK
Applying applications.0004_auto_20191218_1705... OK
Applying assets.0039_authbook_is_active... OK
Applying assets.0040_auto_20190917_2056... OK
Applying assets.0041_gathereduser... OK
Applying assets.0042_favoriteasset... OK
Applying assets.0043_auto_20191114_1111... OK
Applying assets.0044_platform... OK
Applying assets.0045_auto_20191206_1607... OK
Applying assets.0046_auto_20191218_1705... OK
Applying assets.0047_assetuser... OK
Applying assets.0048_auto_20191230_1512... OK
Applying assets.0049_systemuser_sftp_root... OK
Applying assets.0050_auto_20200711_1740... OK
Applying assets.0051_auto_20200713_1143... OK
Applying assets.0052_auto_20200715_1535... OK
Applying audits.0001_initial... OK
Applying audits.0002_ftplog_org_id... OK
Applying audits.0003_auto_20180816_1652... OK
Applying audits.0004_operatelog_passwordchangelog_userloginlog... OK
Applying audits.0005_auto_20190228_1715... OK
Applying audits.0006_auto_20190726_1753... OK
Applying audits.0007_auto_20191202_1010... OK
Applying audits.0008_auto_20200508_2105... OK
Applying audits.0009_auto_20200624_1654... OK
Applying auth.0009_alter_user_last_name_max_length... OK
Applying auth.0010_alter_group_name_max_length... OK
Applying auth.0011_update_proxy_permissions... OK
Applying authentication.0001_initial... OK
Applying authentication.0002_auto_20190729_1423... OK
Applying authentication.0003_loginconfirmsetting... OK
Applying captcha.0001_initial... OK
Applying common.0001_initial... OK
Applying common.0002_auto_20180111_1407... OK
Applying common.0003_setting_category... OK
Applying common.0004_setting_encrypted... OK
Applying common.0005_auto_20190221_1902... OK
Applying common.0006_auto_20190304_1515... OK
Applying django_cas_ng.0001_initial... OK
Applying django_celery_beat.0001_initial... OK
Applying django_celery_beat.0002_auto_20161118_0346... OK
Applying django_celery_beat.0003_auto_20161209_0049... OK
Applying django_celery_beat.0004_auto_20170221_0000... OK
Applying django_celery_beat.0005_add_solarschedule_events_choices_squashed_0009_merge_20181012_1416... OK
Applying django_celery_beat.0006_periodictask_priority... OK
Applying jms_oidc_rp.0001_initial... OK
Applying ops.0001_initial... OK
Applying ops.0002_celerytask... OK
Applying ops.0003_auto_20181207_1744... OK
Applying ops.0004_adhoc_run_as... OK
Applying ops.0005_auto_20181219_1807... OK
Applying ops.0006_auto_20190318_1023... OK
Applying ops.0007_auto_20190724_2002... OK
Applying ops.0008_auto_20190919_2100... OK
Applying ops.0009_auto_20191217_1713... OK
Applying ops.0010_auto_20191217_1758... OK
Applying ops.0011_auto_20200106_1534... OK
Applying ops.0012_auto_20200108_1659... OK
Applying ops.0013_auto_20200108_1706... OK
Applying ops.0014_auto_20200108_1749... OK
Applying ops.0015_auto_20200108_1809... OK
Applying ops.0016_commandexecution_org_id... OK
Applying ops.0017_auto_20200306_1747... OK
Applying ops.0018_auto_20200509_1434... OK
Applying orgs.0001_initial... OK
Applying orgs.0002_auto_20180903_1132... OK
Applying orgs.0003_auto_20190916_1057... OK
Applying users.0020_auto_20190612_1825... OK
Applying users.0021_auto_20190625_1104... OK
Applying users.0022_auto_20190625_1105... OK
Applying users.0023_auto_20190724_1525... OK
Applying users.0024_auto_20191118_1612... OK
Applying perms.0010_auto_20191218_1705... OK
Applying sessions.0001_initial... OK
Applying settings.0001_initial... OK
Applying terminal.0001_initial... OK
Applying terminal.0002_auto_20171228_0025_squashed_0009_auto_20180326_0957... OK
Applying terminal.0010_auto_20180423_1140... OK
Applying terminal.0011_auto_20180807_1116... OK
Applying terminal.0012_auto_20180816_1652... OK
Applying terminal.0013_auto_20181123_1113... OK
Applying terminal.0014_auto_20181226_1441... OK
Applying terminal.0015_auto_20190923_1529... OK
Applying terminal.0016_commandstorage_replaystorage... OK
Applying terminal.0017_auto_20191125_0931... OK
Applying terminal.0018_auto_20191202_1010... OK
Applying terminal.0019_auto_20191206_1000... OK
Applying terminal.0020_auto_20191218_1721... OK
Applying terminal.0021_auto_20200213_1316... OK
Applying terminal.0022_session_is_success... OK
Applying terminal.0023_command_risk_level... OK
Applying terminal.0024_auto_20200715_1713... OK
Applying tickets.0001_initial... OK
Applying users.0025_auto_20200206_1216... OK
Applying users.0026_auto_20200508_2105... OK
Applying users.0027_auto_20200616_1503... OK
2022-08-27 15:15:56 Collect static files
2022-08-27 15:15:58 Collect static files done
guacd[80]: INFO: Guacamole proxy daemon (guacd) version 1.2.0 started
Starting guacd: SUCCESS
Tomcat started.
Jumpserver ALL v2.1.2
官网 http://www.jumpserver.org
文档 http://docs.jumpserver.org
有问题请参考 http://docs.jumpserver.org/zh/docs/faq.html
进入容器命令 docker exec -it jms_all /bin/bash
#查看数据库,表
[root@jumpserver ~]#docker exec -it mysql sh
# mysql -uroot -p123456
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| jumpserver |
| mysql |
| performance_schema |
| sys |
+--------------------+
5 rows in set (0.00 sec)
mysql> use jumpserver
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+----------------------------------------------+
| Tables_in_jumpserver |
+----------------------------------------------+
| applications_databaseapp |
| applications_remoteapp |
| assets_adminuser |
| assets_asset |
| assets_asset_labels |
| assets_asset_nodes |
| assets_assetgroup |
| assets_authbook |
| assets_cluster |
| assets_commandfilter |
| assets_commandfilterrule |
| assets_domain |
| assets_favoriteasset |
| assets_gateway |
| assets_gathereduser |
| assets_label |
| assets_node |
| assets_platform |
| assets_systemuser |
| assets_systemuser_assets |
| assets_systemuser_cmd_filters |
| assets_systemuser_groups |
| assets_systemuser_nodes |
| assets_systemuser_users |
| audits_ftplog |
| audits_operatelog |
| audits_passwordchangelog |
| audits_userloginlog |
| auth_group |
| auth_group_permissions |
| auth_permission |
| authentication_accesskey |
| authentication_loginconfirmsetting |
| authentication_loginconfirmsetting_reviewers |
| authentication_privatetoken |
| captcha_captchastore |
| django_admin_log |
| django_cas_ng_proxygrantingticket |
| django_cas_ng_sessionticket |
| django_celery_beat_crontabschedule |
| django_celery_beat_intervalschedule |
| django_celery_beat_periodictask |
| django_celery_beat_periodictasks |
| django_celery_beat_solarschedule |
| django_content_type |
| django_migrations |
| django_session |
| jms_oidc_rp_oidcuser |
| ops_adhoc |
| ops_adhoc_execution |
| ops_adhoc_hosts |
| ops_celerytask |
| ops_commandexecution |
| ops_commandexecution_hosts |
| ops_task |
| orgs_organization |
| orgs_organization_admins |
| orgs_organization_auditors |
| orgs_organization_users |
| perms_assetpermission |
| perms_assetpermission_assets |
| perms_assetpermission_nodes |
| perms_assetpermission_system_users |
| perms_assetpermission_user_groups |
| perms_assetpermission_users |
| perms_databaseapppermission |
| perms_databaseapppermission_database_apps |
| perms_databaseapppermission_system_users |
| perms_databaseapppermission_user_groups |
| perms_databaseapppermission_users |
| perms_remoteapppermission |
| perms_remoteapppermission_remote_apps |
| perms_remoteapppermission_system_users |
| perms_remoteapppermission_user_groups |
| perms_remoteapppermission_users |
| settings_setting |
| terminal |
| terminal_command |
| terminal_commandstorage |
| terminal_replaystorage |
| terminal_session |
| terminal_status |
| terminal_task |
| tickets_comment |
| tickets_ticket |
| tickets_ticket_assignees |
| users_user |
| users_user_groups |
| users_user_user_permissions |
| users_usergroup |
+----------------------------------------------+
90 rows in set (0.00 sec)
#查看端口
[root@jumpserver ~]#ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:3306 0.0.0.0:*
LISTEN 0 128 0.0.0.0:6379 0.0.0.0:*
LISTEN 0 128 0.0.0.0:36875 0.0.0.0:*
LISTEN 0 128 0.0.0.0:2222 0.0.0.0:*
LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
LISTEN 0 32 192.168.122.1:53 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 100 127.0.0.1:25 0.0.0.0:*
LISTEN 0 128 127.0.0.1:6010 0.0.0.0:*
LISTEN 0 128 [::]:3306 [::]:*
LISTEN 0 128 [::]:6379 [::]:*
LISTEN 0 128 [::]:2222 [::]:*
LISTEN 0 128 [::]:111 [::]:*
LISTEN 0 128 [::]:80 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
LISTEN 0 128 [::1]:6010 [::]:*
LISTEN 0 128 [::]:44957 [::]:*
[root@jumpserver ~]#lsof -i :80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
docker-pr 14205 root 4u IPv4 96524 0t0 TCP *:http (LISTEN)
docker-pr 14211 root 4u IPv6 96527 0t0 TCP *:http (LISTEN)
#登录并初始化配置
浏览器访问http:10.0.0.150
登录 JumpServer 默认用户: admin 密码: admin
#ssh登录
[root@jumpserver ~]#ssh -p2222 admin@localhost
The authenticity of host '[localhost]:2222 ([::1]:2222)' can't be established.
RSA key fingerprint is SHA256:EMUieonul3128xMn1NIyrNalInAME9FjseQ2V66XU6w.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[localhost]:2222' (RSA) to the list of known hosts.
admin@localhost's password:
Administrator, 欢迎使用Jumpserver开源堡垒机系统
1) 输入 部分IP、主机名、备注 进行搜索登录(如果唯一).
2) 输入 / + IP,主机名 or 备注 进行搜索,如:/192.168.
3) 输入 p 进行显示您有权限的主机.
4) 输入 g 进行显示您有权限的节点.
5) 输入 d 进行显示您有权限的数据库.
6) 输入 r 进行刷新最新的机器和节点信息.
7) 输入 h 进行显示帮助.
8) 输入 q 进行退出.
Opt>配置邮件并测试。
创建zs,ls,ww三个用户
创建运维,开发,测试三个用户组,分别将zs,ls,ww三个用户加入到三个组中
资产管理
管理用户是jumpServer用来管理后端服务器或其它资产的管理员用户,此用户必须对后端服务器有管理 权限
管理用户特点:
通常是后端服务器的root或者是具备root权限的超级用户
用于推送或者是创建系统用户
用于获取被管理的硬件资产信息创建管理用户
用户和密码是后端服务器的管理员账户密码,用来收集硬件信息
创建资产
授权管理
添加过程:创建系统用户,创建授权规则
创建系统用户
系统用户是分配给JumpServer用户,用来让JumpServer用户在连接后端服务器和其它资产,一般不会给 管理权限
生产环境中,一般都会利用自动化运维工具提前在后端服务器创建好系统用户,在所有后端服务器统一用 户ID信息,而非在jumpserver中创建
[root@ha2 ~]#id wwww
uid=1001(wwww) gid=1001(wwww) groups=1001(wwww)
创建授权规则
通过授权规则, 为用户分配可以访问的资产
登录ls用户测试验证资产管理
后端服务器安装数据库服务mariadb
[root@client ~]#hostname -I
10.0.0.190
[root@client ~]#dnf install -y mariadb-server
[root@client ~]#systemctl restart mariadb
[root@client ~]#mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 8
Server version: 10.3.28-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database wordpress;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> grant all on wordpress.* to wordpress@'10.0.0.%' identified by '123456';
Query OK, 0 rows affected (0.000 sec)
创建数据库应用
创建数据库的系统用户
创建数据库授权规则
测试数据库连接
用ssh连接MySQL资产
[root@jumpserver ~]#ssh -p2222 zs@localhost
zs@localhost's password:
zs, 欢迎使用Jumpserver开源堡垒机系统
1) 输入 部分IP、主机名、备注 进行搜索登录(如果唯一).
2) 输入 / + IP,主机名 or 备注 进行搜索,如:/192.168.
3) 输入 p 进行显示您有权限的主机.
4) 输入 g 进行显示您有权限的节点.
5) 输入 d 进行显示您有权限的数据库.
6) 输入 r 进行刷新最新的机器和节点信息.
7) 输入 h 进行显示帮助.
8) 输入 q 进行退出.Opt> d
ID | 名称 | IP | 数据库类型 | 数据库名称 | 备注
+------+------------+-------------------+-------------------+------------------+---------+
1 | mariadb | 10.0.0.190 | mysql | wordpress |
页码:1,每页行数:35,总页数:1,总数量:1
提示:输入数据库ID直接登录,二级搜索使用 // + 字段,如://192 上一页:b 下一页:n
搜索: 所有
Opt> 1
连接数据库
mysql://10.0.0.190:3306/wordpress 0.0
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 10.3.28-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [wordpress]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| wordpress |
+--------------------+
2 rows in set (0.00 sec)
MariaDB [wordpress]>
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
