jumpserver-v0.5.0 应用图解

一. Jumpserver启动 Python: 版本 3.6

1.1 启动Jumpserver

先进入Python虚拟环境

[root@localhost ~]# source /opt/py3/bin/activate

(py3) [root@localhost ~]# service redis start
Redirecting to /bin/systemctl start  redis.service

(py3) [root@localhost ~]# cd /opt/jumpserver/

(py3) [root@localhost jumpserver]# sh nginx.sh start
Starting nginx:                                            [  OK  ]

(py3) [root@localhost jumpserver]# python run_server.py all
Sun Jan 28 21:19:21 2018
Jumpserver version 0.5.0, more see https://www.jumpserver.org
Quit the server with CONTROL-C.
- Start Gunicorn WSGI HTTP Server
Check database change, make migrations
2018-01-28 21:19:23 [signals_handler DEBUG] Receive django ready signal
....

1.2 启动coco

先进入Python虚拟环境
[root@localhost ~]# source /opt/py3/bin/activate

(py3) [root@localhost ~]# cd /opt/coco/

(py3) [root@localhost coco]# python run_server.py 
2018-01-28 22:06:47 [service DEBUG] Initial app service
2018-01-28 22:06:47 [service DEBUG] Load access key
2018-01-28 22:06:47 [service INFO] No access key found, register it
2018-01-28 22:06:47 [service INFO] "Terminal was not accepted yet"
2018-01-28 22:06:50 [service INFO] "Terminal was not accepted yet"
...

1.2.1 访问jumpserver管理后台接受coco的注册

http://ip 帐号密码： admin admin

1.3 docker启动 guacamole

这里所须要注意的是 guacamole 暴露出来的端口是 8081,若与主机上其余端口冲突请自定义一下.再次强调:修改 JUMPSERVER_SERVER 环境变量的配置,填上Jumpserver 的内网地址,这时去Jumpserver-会话管理-终端管理 接受[Gua]开头的一个注册.

1.3.1 guacamole与jumpserver部署不在同一主机上

guacamole_ip:192.168.50.132

jumpserver_ip:192.168.50.128

docker run -d -p 8081:8080 -e JUMPSERVER_SERVER=http://192.168.50.128:8080 registry.jumpserver.org/public/guacamole:latest

附nginx配置

server {
    listen 80;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    location /luna/ {
        try_files $uri / /index.html;
        alias /opt/luna/;
    }

    location /media/ {
        add_header Content-Encoding gzip;
        root /opt/jumpserver/data/;
    }

    location /static/ {
        root /opt/jumpserver/data/;
    }

    location /socket.io/ {
        proxy_pass       http://localhost:5000/socket.io/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /guacamole/ {
        proxy_pass       http://192.168.50.132:8081/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        access_log off;
    }

    location / {
        proxy_pass http://localhost:8080;
    }

1.3.2 guacamole与jumpserver部署在同一主机上

guacamole_ip:192.168.50.128

jumpserver_ip:192.168.50.128

docker run -d -p 8081:8080 -e JUMPSERVER_SERVER=http://192.168.50.128:8080 registry.jumpserver.org/public/guacamole:latest

附nginx配置

server { listen 80; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; location /luna/ { try_files $uri / /index.html; alias /opt/luna/; } location /media/ { add_header Content-Encoding gzip; root /opt/jumpserver/data/; } location /static/ { root /opt/jumpserver/data/; } location /socket.io/ { proxy_pass http://localhost:5000/socket.io/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /guacamole/ { proxy_pass http://localhost:8081/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; access_log off; } location / { proxy_pass http://localhost:8080; }

1.3.3 访问jumpserver管理后台接受guacamole的注册

1.4 系统设置

1.4.1 基本设置

1.4.2 邮件设置

1.5 建立用户并登陆

建立用户会发送邮件，须要设置密码，登陆

1.5.1. 建立用户

1.5.2. 建立用户jms

1.5.3. 发送邮件建立账户成功

1.5.4. 打开邮件点设置密码 登陆用户 jms

1.6 建立管理用户

建立一个管理用户， 建立资产时须要关联

1.6.1. 建立管理用户

1.6.2. 管理用户为root

1.7 新建节点

1.7.1 节点重命为Linux 、Windows

1.8 建立资产

建立一个资产,关联刚建立的管理用户

1.8.1. 建立资产

1.8.2. 添加Linux资产并关联管理用户

1.8.3. 添加Windows资产

1.8.4. 批量导入Linux资产

1.8.5. 批量添加资产到Linux节点及批量激活资产

1.8.6. 添加完资产会自动更新获取硬件信息

1.9 建立系统用户

系统用户是用来登陆资产的，受权时须要

1.9.1. 建立系统用户

1.9.2. 建立Linux系统用户为Dev

1.9.3. 建立Windows系统用户为Administrator

1.9.4. 建立完成

1.10 建立受权规则

受权规则 关联用户，资产，系统用户 造成受权规则，受权的系统用户会自动推送到资产上

1.10.1. 建立受权规则

1.10.2. 分别给Linux、Windows节点建立受权规则

1.11 SSH链接终端

$ ssh -p2222 admin@192.168.50.128 密码: admin

若是是用在windows下，Xshell terminal登陆语法以下
$ssh admin@192.168.50.128 2222
密码: admin

1.12 WEB链接终端

administrator 先切换到用户界面

 

参考文章：https://github.com/jumpserver/jumpserver/wiki/v0.5.0-%E5%BA%94%E7%94%A8%E5%9B%BE%E8%A7%A3