jumpserver介绍
可以通过堡垒机管理百万台机器
<李>有效的记录运维人员的操作记录
官方资料: https://github.com/jumpserver/jumpserver http://www.jumpserver.org/
搭建jumpserver跳板机/堡垒机:
全新安装的Centos7系统
保持服务器网络畅通
1。防火墙Selinux设置
echo - e“033年\[31米1。防火墙Selinux设置\ 033 \ [0 m”
,,如果(“$ (systemctl状态firewalld | grep运行)”!=" ");然后firewall-cmd——区公共——添加一个端口==80/tcp——永久;firewall-cmd——区=公共——添加一个端口=2222/tcp永久;firewall-cmd——永久add-rich-rule="统治家庭=" ipv4 "源地址=" 172.17.0.0/16 "端口协议=" tcp端口=" 8080“接受”;firewall-cmd——重载;fi \
,,如果(" $ (getenforce) "!="禁用");然后setsebool - p httpd_can_network_connect 1;fi以前 <>前2。部署环境
echo - e“033年\ [31 m 2。部署环境\ 033 \ [0 m”
,,yum更新- y \
,,ln科幻/usr/share/zoneinfo/Asia/Shanghai/etc/localtime \
,,百胜是安装kde-l10n-Chinese \
,,localedef - c - f utf - 8 -我zh_CN zh_CN。utf - 8 \
,,出口LC_ALL=zh_CN。utf - 8 \
,,回声的LANG=" zh_CN。utf - 8”比;/etc/locale.参看\
,,百胜是安装wget gcc epel-release git \
,,yum安装- y yum-utils device-mapper-persistent-data lvm2 \
,,yum-config-manager——add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo \
,,百胜makecache快\
,,rpm——https://mirrors.aliyun.com/docker-ce/linux/centos/gpg \进口
,,echo - e”[nginx-stable] \ nname=nginx稳定回购\ nbaseurl=http://nginx.org/packages/centos/\ $ releasever/\ $ basearch/\ ngpgcheck=1 \ nenabled=1 \ ngpgkey=https://nginx.org/keys/nginx_signing.key”比;/etc/yum.repos.d/nginx。回购\
,,rpm——https://nginx.org/keys/nginx_signing.key \进口
,,百胜是安装复述,mariadb mariadb-devel mariadb-server MariaDB-shared nginx docker-ce \
,,systemctl使复述,mariadb nginx码头工人\
,,systemctl开始复述,mariadb \
,,百胜是安装python36 python36-devel \
,,python3.6 - m venv/opt/py3 3。下载组件 echo - e“033年\[31米3。下载组033件\ \ [0 m” ,,cd/opt \ ,,如果[!- d“/opt/jumpserver”);然后git克隆——https://github.com/jumpserver/jumpserver.git深度=1;fi \ ,,如果[!/opt/luna.tar - f”。广州”);然后wget https://demo.jumpserver.org/download/luna/1.5.2/luna.tar.gz;tar xf luna.tar.gz;乔恩- r根:根月亮;fi \ ,,百胜是安装(cat/opt/美元jumpserver/要求/rpm_requirements.txt) \ ,,echo - e”[easy_install] \ nindex_url=https://mirrors.aliyun.com/pypi/simple/北?~/.pydistutils。cfg \ ,,源/opt/py3/bin/激活\ ,,pip安装,升级pip setuptools - https://mirrors.aliyun.com/pypi/simple/\ ,,pip安装- r/opt/jumpserver/要求/需求。txt - https://mirrors.aliyun.com/pypi/simple/\ ,,旋度ssl https://get.daocloud.io/daotools/set_mirror。上海| sh - s http://f1361db2.m.daocloud。io \ ,,systemctl重启码头工人\ ,,码头工人拉jumpserver/jms_koko: 1.5.2 \ ,,码头工人拉jumpserver/jms_guacamole: 1.5.2 \ ,,rm射频/etc/nginx/conf.d/default.参看\ ,,wget - o/etc/nginx/conf.d/jumpserver。参看https://demo.jumpserver.org/download/nginx/conf.d/jumpserver.conf<>前4。处理配置文件 echo - e“033年\[31米4。033年处理配置文件\ \ [0 m” ,,~/来源。bashrc \ ( ,,如果(" $ DB_PASSWORD "=" ");然后DB_PASSWORD='猫/dev/urandom | tr直流A-Za-z0-9 |头- c 24”;fi \ ,,如果(" $ SECRET_KEY "=" ");然后SECRET_KEY='猫/dev/urandom | tr直流A-Za-z0-9 |头50 - c”;回声“SECRET_KEY=$ SECRET_KEY”在祝辞~/. bashrc;fi \ ,,如果(" $ BOOTSTRAP_TOKEN "=" ");然后BOOTSTRAP_TOKEN='猫/dev/urandom | tr直流A-Za-z0-9 |头- c 16”;回声“BOOTSTRAP_TOKEN=$ BOOTSTRAP_TOKEN”在祝辞~/. bashrc;fi \ ,,如果(" $ Server_IP "=" ");然后Server_IP=' ip addr | grep inet | egrep - v”(127.0.0.1 | inet6 |码头工人)| awk的{打印$ 2}”| tr - d“addr:“n 1 | |头切- d/f1 ';fi \ ,,如果[!- d "/var/lib/mysql/jumpserver”);然后mysql -uroot - e”创建数据库jumpserver默认字符集use utf8,格兰特所有alt=" jumpserver安装(一)”>
