Fortress-up service of jumpsever
Official Website: http: //www.jumpserver.org/
A, jumpserver installation
The official document: https: //jumpserver.readthedocs.io/zh/master/dockerinstall.html
1.1 deployment environment:
硬件配置: 2 个 CPU 核心, 4G 内存, 50G 硬盘(最低)
操作系统: Linux 发行版 x86_64
Python = 3.6.x
Mysql Server ≥ 5.6
Mariadb Server ≥ 5.5.56
Redis
jumpserver use architecture
1, installation services docker
docker-ce mirror sites: https: //yq.aliyun.com/articles/110806
Automatic installation script docker-ce
·curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
1.1 mysql service deployment
docker library: https:? //hub.docker.com/_/mysql tab = tags
based on the selection 5.6 or later required to meet the requirements
$ docker pull mysql:5.7
$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
mysql 5.7 383867b75fd2 5 days ago 373MB
1.1.1mysqld.cnf profile
The container MySQL profile host vessel through the mount -v
$ mkdir /etc/mysql/mysql.conf.d -pv
$ vim /etc/mysql/mysql.conf.d/mysql.cnf
# Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; version 2 of the License.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
# The MySQL Server configuration file.
#
# For explanations see
# http://dev.mysql.com/doc/mysql/en/server-system-variables.html
[mysqld]
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
datadir = /var/lib/mysql
#log-error = /var/log/mysql/error.log
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
character-set-server=utf8
1.1.2 Configuration mysql.cnf
$ mkdir /etc/mysql/conf.d
$ vim /etc/mysql/conf.d/mysql.cnf
[mysql]
default-character-set=utf8
1.1.3 establish a data directory
Stored in the host data, data separation container, when the container is in abnormal operation may start a
new data container used as the host, thereby ensuring positive business production run.
mkdir /data/mysql
1.3.5 start mysql container
$ docker run -it -d -p 3306:3306 -v /etc/mysql/mysql.conf.d/mysql.cnf:/etc/mysql/mysql.conf.d/mysql.cnf -v /etc/mysql/conf.d/mysql.cnf:/etc/mysql/conf.d/mysql.cnf -v /data/mysql:/var/lib/mysql -e MYSQL_ROOT_PASSWORD="mysql123" mysql:5.7
1.1.6 verify the database and create a database
From the client to access the database, verify that the database encoding is utf8, while creating a database and authorize jumpserver
$ apt install mysql-client
$ mysql -uroot -pmysql123 -h192.168.7.102
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
mysql> show variables like "%character%";show variables like "collation%"; #确定utf8是否为默认字符集,有即为成功
+--------------------------+----------------------------+
| Variable_name | Value |
+--------------------------+----------------------------+
| character_set_client | utf8 |
| character_set_connection | utf8 |
| character_set_database | utf8 |
| character_set_filesystem | binary |
| character_set_results | utf8 |
| character_set_server | utf8 |
| character_set_system | utf8 |
| character_sets_dir | /usr/share/mysql/charsets/ |
+--------------------------+----------------------------+
8 rows in set (0.00 sec)
+----------------------+-----------------+
| Variable_name | Value |
+----------------------+-----------------+
| collation_connection | utf8_general_ci |
| collation_database | utf8_general_ci |
| collation_server | utf8_general_ci |
+----------------------+-----------------+
3 rows in set (0.00 sec)
mysql> create database jumpserver default charset "utf8"; #添加jump数据库
Query OK, 1 row affected (0.00 sec)
mysql> grant all on jumpserver.* to jumpserver@"%" identified by "jumpserver123"; #授权访问jump数据库
Query OK, 0 rows affected, 1 warning (0.00 sec)
Verify database access
2, redis service deployment
redis the docker library: https:? //hub.docker.com/_/redis tab = tags
$ docker pull redis:4.0.14
$ docker run -it -d -p 6379:6379 redis:4.0.14
2.1 verify redis
$ apt install redis -y $客户端安装redis
$ redis-cli -h 192.168.7.102
192.168.7.102:6379> info
# Server
redis_version:4.0.14
#设置redis密码
192.168.7.102:6379> CONFIG set requirepass redis123
3, deployment jumpserver
jumpserver mirror docker library: https: //hub.docker.com/r/jumpserver/jms_all/tags
docker pull jumpserver/jms_all:1.4.8
# 生成随机加密秘钥和初始化 token
$ if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi
$ if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo
$BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi
#启动容器
docker run --name jms_all -d \
-v /opt/jumpserver:/opt/jumpserver/data/media \
-p 80:80 \
-p 2222:2222 \
-e SECRET_KEY=HUxlfeHLvh2vDVPQIz9NGcR5UTEMnYAGq1QdxZt15EvMKz4Lpq \
-e BOOTSTRAP_TOKEN=MmXgGPQskSm8BVo4 \
-e DB_HOST=192.168.7.102 \
-e DB_PORT=3306 \
-e DB_USER=jumpserver \
-e DB_PASSWORD=""jumpserver123" \
-e DB_NAME=jumpserver \
-e REDIS_HOST=192.168.7.102 \
-e REDIS_PORT=6379 \
-e REDIS_PASSWORD= \
jumpserver/jms_all:1.4.8
Successful start