docker下jumpserver跳板机 /堡垒机

jumpserver概述

Jumpserver是一款开源的开源的堡垒机，可使系统的管理员和开发人员安全的连接到企业内部服务器上执行操作，并且支持大部分操作系统，是一款非常安全的远程连接工具

常见支持的系统：

CentOS, RedHat, Fedora, Amazon LinuxDebianSUSE, UbuntuFreeBSD其他ssh协议硬件设备

部署步骤

实验环境

关闭selinux

[root@centos7 ~]#setenforce 0

关闭防火墙

[root@centos7 ~]#systemctl stop firewalld

[root@centos7 ~]#iptables -F

安装docker的源

[root@centos7 ~]#yum -y install wget

[root@centos7 ~]#cd /etc/yum.repos.d/

[root@centos7 ~]#wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

[root@centos7 ~]#wget http://mirrors.aliyun.com/repo/Centos-7.repo

[root@centos7 ~]#yum -y install centos-release-openstack-ocata

配置mariadb

安装mariadb

[root@centos7 ~]#yum -y install mariadb-server

修改配置文件

[root@centos7 ~]#vim /etc/my.cnf[client-server]
[mysqld]
symbolic-links=0#禁止主机名解析

skip_name_resolve
!includedir /etc/my.cnf.d

启动服务

[root@centos7 ~]#systemctl start mariadb

[root@centos7 ~]#systemctl enable mariadb

创建jumpserver数据库并授权

MariaDB [(none)]> create database jumpserver default charset 'utf8';
#创建管理账号，密码必须是数字加字母MariaDB [(none)]> grant all onjumpserver.* to 'jumpserver'@'%' identified by 'linux123';

配置Redis

安装Redis

[root@centos7 ~]#yum -y install redis

编辑配置文件

[root@centos7 ~]#vim /etc/redis.conf #修改下面两行

bind0.0.0.0

requirepass 123

启动服务

[root@centos7 ~]#systemctl start redis

[root@centos7 ~]#systemctl enable redis

配置docker

安装docker

[root@centos7 ~]#yum -y install docker

启动docker

[root@centos7 ~]#systemctl start docker

[root@centos7 ~]#systemctl enable docker

下载jumpserver镜像，并运行

[root@centos7 ~]#docker run --name jms_all -d \
-v /opt/mysql:/var/lib/mysql \
-v
/opt/jumpserver:/opt/jumpserver/data/media \
-p 80:80 \
-p 2222:2222 \
-e SECRET_KEY=
PEHVdLzvZFtDQT733ntHDH1hglXQ9OQKoI1xxAfdDhpRGx3tg7 \
-e BOOTSTRAP_TOKEN=YDzl55tZPTdclbUh \
-e DB_HOST=192.168.8.223 \ #当前主机IP
-e DB_PORT=3306 \
-e DB_USER=jumpserver \ #数据库用户
-e DB_PASSWORD=linux123 \ #数据库密码
-e DB_NAME=jumpserver \ #数据库名称
-e REDIS_HOST=192.168.8.223 \
-e REDIS_PORT=6379 \
-e REDIS_PASSWORD=123 \ #Redis密码
jumpserver/jms_all:1.4.8

查看状态

[root@centos7 ~]#docker logs -f jms_all#看到如下几行即可gunicorn is running: 57celery is running: 73beat is running: 75guacd[98]: INFO: Guacamole proxy daemon (guacd) version 0.9.14 started
Starting guacd: SUCCESS
Tomcat started.
Use eventlet dispatch
Start coco process
Use eventlet dispatch
Start coco process
Use eventlet dispatch
Start coco process
Jumpserver ALL 1.4.8
官网 http://www.jumpserver.org文档
http://docs.jumpserver.org有问题请参考
http://docs.jumpserver.org/zh/docs/faq.html进入容器命令 docker exec -it jms_all /bin/bash访问测试

登入web界面，初始密码账号均为admin