一. Jumpserver启动 Python: 版本 3.6
1.1 启动Jumpserver
先进入Python虚拟环境
[root@localhost ~]# source /opt/py3/bin/activate
(py3) [root@localhost ~]# service redis start
Redirecting to /bin/systemctl start redis.service
(py3) [root@localhost ~]# cd /opt/jumpserver/
(py3) [root@localhost jumpserver]# sh nginx.sh start
Starting nginx: [ OK ]
(py3) [root@localhost jumpserver]# python run_server.py all
Sun Jan 28 21:19:21 2018
Jumpserver version 0.5.0, more see https://www.jumpserver.org
Quit the server with CONTROL-C.
- Start Gunicorn WSGI HTTP Server
Check database change, make migrations
2018-01-28 21:19:23 [signals_handler DEBUG] Receive django ready signal
....
1.2 启动coco
先进入Python虚拟环境
[root@localhost ~]# source /opt/py3/bin/activate
(py3) [root@localhost ~]# cd /opt/coco/
(py3) [root@localhost coco]# python run_server.py
2018-01-28 22:06:47 [service DEBUG] Initial app service
2018-01-28 22:06:47 [service DEBUG] Load access key
2018-01-28 22:06:47 [service INFO] No access key found, register it
2018-01-28 22:06:47 [service INFO] "Terminal was not accepted yet"
2018-01-28 22:06:50 [service INFO] "Terminal was not accepted yet"
...
1.2.1 访问jumpserver管理后台接受coco的注册
http://ip 账号密码: admin admin
1.3 docker启动 guacamole
这里所需要注意的是 guacamole 暴露出来的端口是 8081,若与主机上其他端口冲突请自定义一下.再次强调:修改 JUMPSERVER_SERVER 环境变量的配置,填上Jumpserver 的内网地址,这时去Jumpserver-会话管理-终端管理 接受[Gua]开头的一个注册.
1.3.1 guacamole与jumpserver部署不在同一主机上
guacamole_ip:192.168.50.132
jumpserver_ip:192.168.50.128
docker run -d -p 8081:8080 -e JUMPSERVER_SERVER=http://192.168.50.128:8080 registry.jumpserver.org/public/guacamole:latest
附nginx配置
server {
listen 80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/;
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/;
}
location /static/ {
root /opt/jumpserver/data/;
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /guacamole/ {
proxy_pass http://192.168.50.132:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
access_log off;
}
location / {
proxy_pass http://localhost:8080;
}
1.3.2 guacamole与jumpserver部署在同一主机上
guacamole_ip:192.168.50.128
jumpserver_ip:192.168.50.128
docker run -d -p 8081:8080 -e JUMPSERVER_SERVER=http://192.168.50.128:8080 registry.jumpserver.org/public/guacamole:latest
附nginx配置
server {
listen 80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/;
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/;
}
location /static/ {
root /opt/jumpserver/data/;
}
location /socket.io/ {
proxy_pass http://localhost:5000/socket.io/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /guacamole/ {
proxy_pass http://localhost:8081/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
access_log off;
}
location / {
proxy_pass http://localhost:8080;
}
1.3.3 访问jumpserver管理后台接受guacamole的注册
1.4 系统设置
1.4.1 基本设置
1.4.2 邮件设置
1.5 创建用户并登录
创建用户会发送邮件,需要设置密码,登录
1.5.1. 创建用户
1.5.2. 创建用户jms
1.5.3. 发送邮件创建帐户成功
1.5.4. 打开邮件点设置密码 登录用户 jms
1.6 创建管理用户
创建一个管理用户, 创建资产时需要关联
1.6.1. 创建管理用户
1.6.2. 管理用户为root
1.7 新建节点
1.7.1 节点重命为Linux 、Windows
1.8 创建资产
创建一个资产,关联刚创建的管理用户
1.8.1. 创建资产
1.8.2. 添加Linux资产并关联管理用户
1.8.3. 添加Windows资产
1.8.4. 批量导入Linux资产
1.8.5. 批量添加资产到Linux节点及批量激活资产
1.8.6. 添加完资产会自动更新获取硬件信息
1.9 创建系统用户
系统用户是用来登录资产的,授权时需要
1.9.1. 创建系统用户
1.9.2. 创建Linux系统用户为Dev
1.9.3. 创建Windows系统用户为Administrator
1.9.4. 创建完成
1.10 创建授权规则
授权规则 关联用户,资产,系统用户 形成授权规则,授权的系统用户会自动推送到资产上
1.10.1. 创建授权规则
1.10.2. 分别给Linux、Windows节点创建授权规则
1.11 SSH连接终端
$ ssh -p2222 admin@192.168.50.128
密码: admin
如果是用在windows下,Xshell terminal登录语法如下
$ssh admin@192.168.50.128 2222
密码: admin
1.12 WEB连接终端
administrator 先切换到用户界面
参考文章:https://github.com/jumpserver/jumpserver/wiki/v0.5.0-%E5%BA%94%E7%94%A8%E5%9B%BE%E8%A7%A3