實驗前期準備
準備三臺虛擬機,版本:Ubuntu1804
主機名 | IP | 用途 |
---|---|---|
U8-1 | 10.20.0.31 | Redis的MySQL服務器 |
U8-2 | 10.20.0.32 | jumpserver跳轉服務器 |
U8-3 | 10.20.0.33 | 實驗測試服務器節點1 |
部署 jumpserver 最低配置要求:
硬件配置: 2個CPU核心, 4G 內存, 50G 硬盤(最低)
操作系統: Linux 發行版 x86_64 架構
Python = 3.6.x
Mysql Server >= 5.6
Mariadb Server >= 5.5.56
Redis
使用 docker 部署 jumpserver 和 mysql 及 redis ,其中,mysql 和 redis
部署與同一個docker,jumpserver部署於另一臺docker主機。
部署mysql
使用docker部署mysql。如果將mysql部署到獨立主機,則要求:
外置數據庫要求
mysql 版本需要大於等於 5.6
mariadb 版本需要大於等於 5.5.6
數據庫編碼要求 uft8
1
我爲了省事,直接用官方的docker安裝腳本
`部署mysql`
[root@U8-1 ~]# curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
[root@U8-1 ~]# systemctl start docker
[root@U8-1 ~]# docker pull mysql:5.7
5.7: Pulling from library/mysql
8559a31e96f4: Pull complete
d51ce1c2e575: Pull complete
c2344adc4858: Pull complete
fcf3ceff18fc: Pull complete
16da0c38dc5b: Pull complete
b905d1797e97: Pull complete
4b50d1c6b05c: Pull complete
d85174a87144: Pull complete
a4ad33703fa8: Pull complete
f7a5433ce20d: Pull complete
3dcd2a278b4a: Pull complete
Digest: sha256:32f9d9a069f7a735e28fd44ea944d53c61f990ba71460c5c183e610854ca4854
Status: Downloaded newer image for mysql:5.7
docker.io/library/mysql:5.7
[root@U8-1 ~]# docker run -it --rm mysql:5.7 /bin/bash
root@1850b06b5a85:/# find / -name my.cnf
/var/lib/dpkg/alternatives/my.cnf
/etc/alternatives/my.cnf
/etc/mysql/my.cnf
root@1850b06b5a85:/# cat /etc/issue
Debian GNU/Linux 10 \n \l
root@1850b06b5a85:/# apt update && apt install vim -y
root@1850b06b5a85:/# exit
exit
將配置文件防到容器外的主機目錄
使用 -v /etc/mysql/mysql.conf.d/mysqld.cnf:/etc/mysql/mysql.conf.d/mysqld.cnf 掛載到容器
[root@U8-1 ~]# mkdir /etc/mysql/mysql.conf.d -p
[root@U8-1 ~]# vim /etc/mysql/mysql.conf.d/mysqld.cnf
[mysqld]
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
datadir = /var/lib/mysql
#log-error = /var/log/mysql/error.log
symbolic-links=0
character-set-server=utf8
使用 -v /etc/mysql/conf.d/mysql.cnf:/etc/mysql/conf.d/mysql.cnf 掛載到容器
[root@U8-1 ~]# mkdir /etc/mysql/conf.d
[root@U8-1 ~]# vim /etc/mysql/conf.d/mysql.cnf
[mysql]
default-character-set=utf8
數據保存在主機上,實現數據與容器分離,當容器運行異常時也可以在啓動
一個新的容器直接使用託管機的數據,從而保證業務的正產運行。
使用 -v /data/mysql:/var/lib/mysql 掛載到容器
[root@U8-1 ~]# mkdir /data/mysql -p
[root@U8-1 ~]# docker run -it -d -p 3306:3306 --name jumpserver-mysql \
> -v /etc/mysql/mysql.conf.d/mysqld.cnf:/etc/mysql/mysql.conf.d/mysqld.cnf \
> -v /etc/mysql/conf.d/mysql.cnf:/etc/mysql/conf.d/mysql.cnf \
> -v /data/mysql:/var/lib/mysql \
> -e MYSQL_ROOT_PASSWORD="123456" mysql:5.7
90402336c39c9528dd18158da068fec743a864824f02172c7829c42ce497dbbe
[root@U8-1 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
90402336c39c mysql:5.7 "docker-entrypoint.s…" 29 seconds ago Up 27 seconds 0.0.0.0:3306->3306/tcp, 33060/tcp jumpserver-mysql
測試連接
[root@U8-1 apt]# apt install mysql-client -y
[root@U8-1 apt]# mysql -uroot -p123456 -h127.0.0.1
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
4 rows in set (0.00 sec)
查看數據庫編碼
mysql> SHOW VARIABLES LIKE "%character%";SHOW VARIABLES LIKE "%collation%";
+--------------------------+----------------------------+
| Variable_name | Value |
+--------------------------+----------------------------+
| character_set_client | utf8 |
| character_set_connection | utf8 |
| character_set_database | utf8 |
| character_set_filesystem | binary |
| character_set_results | utf8 |
| character_set_server | utf8 |
| character_set_system | utf8 |
| character_sets_dir | /usr/share/mysql/charsets/ |
+--------------------------+----------------------------+
8 rows in set (0.01 sec)
+----------------------+-----------------+
| Variable_name | Value |
+----------------------+-----------------+
| collation_connection | utf8_general_ci |
| collation_database | utf8_general_ci |
| collation_server | utf8_general_ci |
+----------------------+-----------------+
3 rows in set (0.01 sec)
mysql> exit
Bye
創建Jumpserver使用的數據庫和授權其訪問數據庫的用戶權限
`注意:jumpserver要求數據庫的密碼爲字符串,不能爲純數字`
[root@U8-1 apt]# ip a|sed -n '9p'
inet 10.20.0.31/16 brd 10.20.255.255 scope global eth0
[root@U8-1 apt]# mysql -uroot -p123456 -h10.20.0.31
mysql> CREATE DATABASE jumpserver_data DEFAULT CHARSET 'utf8';
Query OK, 1 row affected (0.00 sec)
mysql> GRANT ALL ON jumpserver_data.* TO 'dushan'@'%' IDENTIFIED BY 'dushanpswd';
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
測試使用 dushan 用戶訪問 jumpserver 數據庫
[root@U8-1 apt]# mysql -udushan -pdushanpswd -h10.20.0.31
mysql> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| jumpserver_data |
+--------------------+
2 rows in set (0.00 sec)
mysql> exit
Bye
2
`部署redis`
使用docker部署redis
[root@U8-1 apt]# docker pull redis:5.0.7
5.0.7: Pulling from library/redis
68ced04f60ab: Pull complete
7ecc253967df: Pull complete
765957bf98d4: Pull complete
52f16772e1ca: Pull complete
2e43ba99c3f3: Pull complete
d95576c71392: Pull complete
Digest: sha256:938ee5bfba605cc85f9f52ff95024e9a24cf5511ba6f1cbc68ec9d91a0432125
Status: Downloaded newer image for redis:5.0.7
docker.io/library/redis:5.0.7
[root@U8-1 apt]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mysql 5.7 9cfcce23593a 2 weeks ago 448MB
redis 5.0.7 7eed8df88d3b 4 months ago 98.2MB
[root@U8-1 apt]# docker run -d -p 6379:6379 --name jumpserver-redis redis:5.0.7
63686d7e4239ede2c9924a424f660967d7e8b157a899ec62f89e0cd5ebf896bb
[root@U8-1 apt]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
63686d7e4239 redis:5.0.7 "docker-entrypoint.s…" 25 seconds ago Up 24 seconds 0.0.0.0:6379->6379/tcp jumpserver-redis
90402336c39c mysql:5.7 "docker-entrypoint.s…" 41 minutes ago Up 40 minutes 0.0.0.0:3306->3306/tcp, 33060/tcp jumpserver-mysql
測試redis連接性
先把redis容器停止,再安裝redis客戶端
[root@U8-1 apt]# docker stop 63686d7e4239
63686d7e4239
[root@U8-1 apt]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
90402336c39c mysql:5.7 "docker-entrypoint.s…" 44 minutes ago Up 44 minutes 0.0.0.0:3306->3306/tcp, 33060/tcp jumpserver-mysql
[root@U8-1 apt]# apt install redis -y
[root@U8-1 apt]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
2731398e5dfa redis:5.0.7 "docker-entrypoint.s…" 6 minutes ago Created
90402336c39c mysql:5.7 "docker-entrypoint.s…" 59 minutes ago Up 59 minutes 0.0.0.0:3306->3306/
[root@U8-1 apt]# docker rm -fv 2731398e5dfa
2731398e5dfa
[root@U8-1 apt]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
90402336c39c mysql:5.7 "docker-entrypoint.s…" 59 minutes ago Up 59 minutes 0.0.0.0:3306->3306/
[root@U8-1 apt]# docker run -it -d -p 6379:6379 --name jumpserver-redis redis:5.0.7
9521da58aa19d20597a06c9d9b657aa3db7fd434895131c3f15d97c96ad914fc
[root@U8-1 apt]# redis-cli -h 10.20.0.31
10.20.0.31:6379> info
# Server
redis_version:5.0.7
redis_git_sha1:00000000
redis_git_dirty:0
redis_build_id:825c96d6c798641
redis_mode:standalone
os:Linux 4.15.0-55-generic x86_64
arch_bits:64
multiplexing_api:epoll
atomicvar_api:atomic-builtin
gcc_version:8.3.0
…………………..
3
`部署jumpserver`
JumpServer封裝了一個完整的Docker,可以快速啓動。該集成集成
了所需要的組件,支持使用外置數據庫和Redis。
[root@U8-2 ~]# curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
[root@U8-2 ~]# systemctl start docker
[root@U8-2 ~]# docker pull jumpserver/jms_all:latest
latest: Pulling from jumpserver/jms_all
524b0c1e57f8: Pull complete
a72eee1b3d17: Pull complete
1d7b2097c580: Pull complete
4097b5239d77: Pull complete
f9b098f2d932: Pull complete
379f50a511b0: Pull complete
Digest: sha256:b08792bc3bbabc53e6c48ec3a08857addd6eccb4b3f4062e5877d0d73dcecbf6
Status: Downloaded newer image for jumpserver/jms_all:latest
docker.io/jumpserver/jms_all:latest
[root@U8-2 ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
jumpserver/jms_all latest 37c1274100bc 3 days ago 1.46GB
生成加密祕鑰,生成隨機加密祕鑰和初始化令牌。
生成密鑰
[root@U8-2 ~]# if [ "$SECRET_KEY" = "" ]; then \
> SECRET_KEY=`cat /dev/urandom | \
> tr -dc A-Za-z0-9 | \
> head -c 50`; \
> echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; \
> echo $SECRET_KEY; else echo $SECRET_KEY; \
> fi
TcKhqIo7meqqtv7SSl0Cq64TiFonUpGbtLSn1ITDcIIwFF03x0
生成token
[root@U8-2 ~]# if [ "$BOOTSTRAP_TOKEN" = "" ]; then \
> BOOTSTRAP_TOKEN=`cat /dev/urandom | \
> tr -dc A-Za-z0-9 | \
> head -c 16`; \
> echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; \
> echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; \
> fi
Ruqu1YotxHEmzjXN
#啓動jumpserver
[root@U8-2 ~]# docker run -it -d --name jumpserver_all \
> -v /opt/jumpserver:/opt/jumpserver/data/media \
> -p 80:80 \
> -p 2222:2222 \
> -e SECRET_KEY=TcKhqIo7meqqtv7SSl0Cq64TiFonUpGbtLSn1ITDcIIwFF03x0 \
> -e BOOTSTRAP_TOKEN=Ruqu1YotxHEmzjXN \
> -e DB_HOST=10.20.0.31 \
> -e DB_PORT=3306 \
> -e DB_USER='dushan' \
> -e DB_PASSWORD="dushanpswd" \
> -e DB_NAME=jumpserver_data \
> -e REDIS_HOST=10.20.0.31 \
> -e REDIS_PORT=6379 \
> -e REDIS_PASSWORD= \
> jumpserver/jms_all:latest
cebf6d04a7c6d7043e301e5927e17069e3cbfc4c0e96907b7b765362dce70e7b
[root@U8-2 ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cebf6d04a7c6 jumpserver/jms_all:latest "./entrypoint.sh" 43 seconds ago Up 41 seconds 0.0.0.0:80->80/tcp, 0.0.0.0:2222->2222/tcp jumpserver_all
[root@U8-2 ~]# ip a|sed -n '9p'
inet 10.20.0.32/16 brd 10.20.255.255 scope global eth0
查看數據庫是否生成表
[root@U8-1 apt]# mysql -udushan -pdushanpswd -h10.20.0.31
mysql> USE jumpserver_data;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> SHOW TABLES;
+----------------------------------------------+
| Tables_in_jumpserver_data |
+----------------------------------------------+
| applications_databaseapp |
| applications_remoteapp |
……………………..
web界面
登錄jumpserver WEB界面
默認賬戶和密碼都是:admin
測試登錄新添加的用戶
返回admin用戶