81-CentOS-jumpserver自動化部署腳本

---

參考信息

當前版本：CentOS7.7

.	.
Jumpserver服務器	10.20.0.16
資產主機	10.20.0.15

#執行腳本前請確保Jumpserver服務器

#請確保網絡配置正常，能夠連接外網
#自動化部署腳本quick_start內容如下

#!/bin/bash
#

which wget >/dev/null 2>&1
if [ $? -ne 0 ];then
    yum install -y wget
fi

which git >/dev/null 2>&1
    if [ $? -ne 0 ];then
        yum install -y git
    fi

if [ ! -d "/opt/setuptools" ]; then
    wget -qO /opt/setuptools.tar.gz http://demo.jumpserver.org/download/setuptools.tar.gz
    tar -xf /opt/setuptools.tar.gz -C /opt
    rm -rf /opt/setuptools.tar.gz
fi

cd /opt/setuptools
git pull

if [ ! -f "/opt/setuptools/config.conf" ]; then
    cp config_example.conf config.conf
fi

./jmsctl.sh install

---

setuptools.tar.gz 下載鏈接
鏈接：https://pan.baidu.com/s/17WXQDQc13g2FQUJbb3Ja2w
提取碼：jp3z

---

[root@C7-6 data]# cat /opt/setuptools/jmsctl.sh 
#!/usr/bin/env bash
#

BASE_DIR=$(cd "$(dirname "$0")";pwd)
PROJECT_DIR=${BASE_DIR}
SCRIPT_DIR=${BASE_DIR}/scripts
action=$1
target=$2

if [ ! -f "$PROJECT_DIR/config.conf" ]; then
    echo -e "Error: No config file found."
    echo -e "You can run 'cp config_example.conf config.conf', and edit it."
    exit 1
fi

source ${PROJECT_DIR}/config.conf

function usage() {
   echo "JumpServer 部署安裝腳本"
   echo
   echo "Usage: "
   echo "  jmsctl [COMMAND] ..."
   echo "  jmsctl --help"
   echo
   echo "Commands: "
   echo "  install      安裝 JumpServer"
   echo "  start        啓動 JumpServer"
   echo "  stop         停止 JumpServer"
   echo "  restart      重啓 JumpServer"
   echo "  status       檢查 JumpServer"
   echo "  uninstall    卸載 JumpServer"
   echo "  upgrade      升級 JumpServer"
   echo "  reset        重置組件"
}

function main() {
   case "${action}" in
      install)
         bash ${SCRIPT_DIR}/install.sh
         ;;
      uninstall)
         bash ${SCRIPT_DIR}/uninstall.sh
         ;;
      upgrade)
         bash ${SCRIPT_DIR}/upgrade.sh
         ;;
      start)
         bash ${SCRIPT_DIR}/start.sh
         ;;
      stop)
         bash ${SCRIPT_DIR}/stop.sh
         ;;
      restart)
         bash ${SCRIPT_DIR}/stop.sh
         bash ${SCRIPT_DIR}/start.sh
         ;;
      status)
         bash ${SCRIPT_DIR}/install_status.sh
         ;;
      reset)
         if [ ! $target ]; then
             echo -e "Usage: jmsctl reset COMMAND\n"
             echo -e "Commands:"
             echo -e "  koko         重置 koko"
             echo -e "  guacamole    重置 guacamole"
             exit 1
         else
             bash ${SCRIPT_DIR}/reset.sh $target
         fi
         ;;
      --help)
         usage
         ;;
      -h)
         usage
         ;;
      *)
         echo -e "jmsctl: unknown COMMAND: '$action'"
         echo -e "See 'jmsctl --help' \n"
         usage
    esac
}

main

---

部署開始

[root@C7-6 data]# curl -sSL https://github.com/jumpserver/jumpserver/releases/download/2.0.1/quick_start.sh | sh
……………..# 腳本執行時間很長
Digest: sha256:3589e1d06c5dc169bf1ce256a82ab111604fa1597049fc6ec6d89e03b61baded
Status: Downloaded newer image for jumpserver/jms_guacamole:2.0.1
24536f019fd8a9b94794bb09d6c33268dcf46d4e3c461cb4f79332db209cc25b
MySQL  Check 	........................ [ OK ]
Redis  Check 	........................ [ OK ]
Ninx   Check 	........................ [ OK ]
Py3    Check 	........................ [ OK ]
Core   Check 	........................ [ OK ]
Koko   Check 	........................ [ OK ]
Guaca. Check 	........................ [ OK ]
 Jumpserver 安裝成功!

 默認登陸信息: 
 http://10.20.0.16:80 
 username: admin 
 password: admin 
 [如果你是雲服務器請在安全組放行 80 和 2222 端口] 

---

---

#登錄 jumpserver web 界面 ，賬戶在上圖可看

---

#創建普通用戶

---

#創建管理用戶
#管理用戶應當是資產主機上的root管理員或者是在資產主機上擁有 NOPASSWD: ALL sudo 權限的用戶
#jumpserver會使用該用戶去推送系統用戶以及獲取資產硬件信息等，因此若該用戶的密鑰配置錯誤將會導致無法連接資產主機

---

#創建系統用戶
#該用戶是jumpserver跳轉登錄資產主機時使用的用戶

---

#創建資產

---

#資產授權

---

#登錄mahuateng 用戶

---

#返回admin用戶，配置命令過濾

---

#更新系統用戶配置

---

#登錄mahuateng 用戶