jumpserver-v0.5.0 應用圖解

一. Jumpserver啓動 Python: 版本 3.6

1.1 啓動Jumpserver

先進入Python虛擬環境

[root@localhost ~]# source /opt/py3/bin/activate

(py3) [root@localhost ~]# service redis start
Redirecting to /bin/systemctl start  redis.service

(py3) [root@localhost ~]# cd /opt/jumpserver/

(py3) [root@localhost jumpserver]# sh nginx.sh start
Starting nginx:                                            [  OK  ]

(py3) [root@localhost jumpserver]# python run_server.py all
Sun Jan 28 21:19:21 2018
Jumpserver version 0.5.0, more see https://www.jumpserver.org
Quit the server with CONTROL-C.
- Start Gunicorn WSGI HTTP Server
Check database change, make migrations
2018-01-28 21:19:23 [signals_handler DEBUG] Receive django ready signal
....

1.2 啓動coco

先進入Python虛擬環境
[root@localhost ~]# source /opt/py3/bin/activate

(py3) [root@localhost ~]# cd /opt/coco/

(py3) [root@localhost coco]# python run_server.py 
2018-01-28 22:06:47 [service DEBUG] Initial app service
2018-01-28 22:06:47 [service DEBUG] Load access key
2018-01-28 22:06:47 [service INFO] No access key found, register it
2018-01-28 22:06:47 [service INFO] "Terminal was not accepted yet"
2018-01-28 22:06:50 [service INFO] "Terminal was not accepted yet"
...

1.2.1 訪問jumpserver管理後臺接受coco的註冊

http://ip 帳號密碼： admin admin

1.3 docker啓動 guacamole

這裏所須要注意的是 guacamole 暴露出來的端口是 8081,若與主機上其餘端口衝突請自定義一下.再次強調:修改 JUMPSERVER_SERVER 環境變量的配置,填上Jumpserver 的內網地址,這時去Jumpserver-會話管理-終端管理 接受[Gua]開頭的一個註冊.

1.3.1 guacamole與jumpserver部署不在同一主機上

guacamole_ip:192.168.50.132

jumpserver_ip:192.168.50.128

docker run -d -p 8081:8080 -e JUMPSERVER_SERVER=http://192.168.50.128:8080 registry.jumpserver.org/public/guacamole:latest

附nginx配置

server {
    listen 80;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    location /luna/ {
        try_files $uri / /index.html;
        alias /opt/luna/;
    }

    location /media/ {
        add_header Content-Encoding gzip;
        root /opt/jumpserver/data/;
    }

    location /static/ {
        root /opt/jumpserver/data/;
    }

    location /socket.io/ {
        proxy_pass       http://localhost:5000/socket.io/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /guacamole/ {
        proxy_pass       http://192.168.50.132:8081/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        access_log off;
    }

    location / {
        proxy_pass http://localhost:8080;
    }

1.3.2 guacamole與jumpserver部署在同一主機上

guacamole_ip:192.168.50.128

jumpserver_ip:192.168.50.128

docker run -d -p 8081:8080 -e JUMPSERVER_SERVER=http://192.168.50.128:8080 registry.jumpserver.org/public/guacamole:latest

附nginx配置

server { listen 80; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; location /luna/ { try_files $uri / /index.html; alias /opt/luna/; } location /media/ { add_header Content-Encoding gzip; root /opt/jumpserver/data/; } location /static/ { root /opt/jumpserver/data/; } location /socket.io/ { proxy_pass http://localhost:5000/socket.io/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /guacamole/ { proxy_pass http://localhost:8081/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; access_log off; } location / { proxy_pass http://localhost:8080; }

1.3.3 訪問jumpserver管理後臺接受guacamole的註冊

1.4 系統設置

1.4.1 基本設置

1.4.2 郵件設置

1.5 建立用戶並登陸

建立用戶會發送郵件，須要設置密碼，登陸

1.5.1. 建立用戶

1.5.2. 建立用戶jms

1.5.3. 發送郵件建立賬戶成功

1.5.4. 打開郵件點設置密碼 登陸用戶 jms

1.6 建立管理用戶

建立一個管理用戶， 建立資產時須要關聯

1.6.1. 建立管理用戶

1.6.2. 管理用戶爲root

1.7 新建節點

1.7.1 節點重命爲Linux 、Windows

1.8 建立資產

建立一個資產,關聯剛建立的管理用戶

1.8.1. 建立資產

1.8.2. 添加Linux資產並關聯管理用戶

1.8.3. 添加Windows資產

1.8.4. 批量導入Linux資產

1.8.5. 批量添加資產到Linux節點及批量激活資產

1.8.6. 添加完資產會自動更新獲取硬件信息

1.9 建立系統用戶

系統用戶是用來登陸資產的，受權時須要

1.9.1. 建立系統用戶

1.9.2. 建立Linux系統用戶爲Dev

1.9.3. 建立Windows系統用戶爲Administrator

1.9.4. 建立完成

1.10 建立受權規則

受權規則 關聯用戶，資產，系統用戶 造成受權規則，受權的系統用戶會自動推送到資產上

1.10.1. 建立受權規則

1.10.2. 分別給Linux、Windows節點建立受權規則

1.11 SSH鏈接終端

$ ssh -p2222 admin@192.168.50.128 密碼: admin

若是是用在windows下，Xshell terminal登陸語法以下
$ssh admin@192.168.50.128 2222
密碼: admin

1.12 WEB鏈接終端

administrator 先切換到用戶界面

 

參考文章：https://github.com/jumpserver/jumpserver/wiki/v0.5.0-%E5%BA%94%E7%94%A8%E5%9B%BE%E8%A7%A3