内容简介:本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容更多学习教程公众号风哥教程itpux_com,详细介绍了相关技术的配置和使用方法。
风哥提示:
本文档介绍自动化运维平台的部署和应用。
Part01-JumpServer部署
1.1 安装JumpServer
[root@jumpserver ~]# dnf config-manager –add-repo https://download.docker.com/linux/centos/docker-ce.repo
[root@jumpserver ~]# dnf install -y docker-ce docker-compose-plugin
[root@jumpserver ~]# systemctl enable –now docker
# 下载JumpServer
[root@jumpserver ~]# cd /opt
[root@jumpserver opt]# wget https://github.com/jumpserver/installer/releases/download/v3.6.0/jumpserver-installer-v3.6.0.tar.gz
[root@jumpserver opt]# tar xzf jumpserver-installer-v3.6.0.tar.gz
[root@jumpsfrom PG视频:www.itpux.comerver opt]# cd jumpserver-installer-v3.6.0
# 配置JumpServer
[root@jumpserver jumpserver-installer-v3.6.0]# cat > config-example.txt << 'EOF'
# 版本号
VERSION=v3.6.0
# 架构
ARCH=amd64
# MySQL配置
DB_HOST=mysql
DB_PORT=3306
DB_USER=root
DB_PASSWORD=JumpServer@123456
DB_NAME=jumpserver
# Redis配置
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=JumpServer@123456
# JumpServer配置
SECRET_KEY=your-secret-key-here
BOOTSTRAP_TOKEN=your-bootstrap-token-here
DEBUG=false
LOG_LEVEL=ERROR
# Web配置
HTTP_PORT=80
HTTPS_PORT=443
SSH_PORT=2222
DOMAIN=jumpserver.fgedu.net.cn
EOF
# 安装JumpServer
[root@jumpserver jumpserver-installer-v3.6.0]# ./jmsctl.sh install
██╗██╗ ██╗███╗ ███╗██████╗ ███████╗██████╗ ███╗ ███╗██╗███╗ ██╗███████╗
██║██║ ██║████╗ ████║██╔══██╗██╔════╝██╔══██╗████╗ ████║██║████╗ ██║██╔════╝
██║██║ ██║██╔████╔██║██████╔╝█████╗ ██████╔╝██╔████╔██║██║██╔██╗ ██║█████╗
██ ██║██║ ██║██║╚██╔╝██║██╔══██╗██╔══╝ ██╔══██╗██║╚██╔╝██║██║██║╚██╗██║██╔══╝
╚█████╔╝╚██████╔╝██║ ╚═╝ ██║██████╔╝███████╗██║ ██║██║ ╚═╝ ██║██║██║ ╚████║███████╗
╚════╝ ╚═════╝ ╚═╝ ╚═╝╚═════╝ ╚══════╝╚═╝ ╚═╝╚═╝ ╚═╝╚═╝╚═╝ ╚═══╝╚══════╝
v3.6.0
1. Check Configuration
...
[+] Running 8/8
✔ Network jms_net Created
✔ Container jms_mysql Started
✔ Container jms_redis Started
✔ Container jms_core Started
✔ Container jms_celery Started
✔ Container jms_koko Started
✔ Container jms_lion Started
✔ Container jms_nginx Started
# 查看状态
[root@jumpserver jumpserver-installer-v3.6.0]# ./jmsctl.sh status
NAME IMAGE COMMAND SERVICE CREATED STATUS PORTS
jms_core jumpserver/core:v3.6.0 "./entrypoint.sh sta…" core 2 minutes ago Up 2 minutes (healthy) 8080/tcp
jms_celery jumpserver/core:v3.6.0 "./entrypoint.sh sta…" celery 2 minutes ago Up 2 minutes (healthy) 8080/tcp
jms_koko jumpserver/koko:v3.6.0 "./entrypoint.学习交流加群风哥微信: itpux-comsh" koko 2 minutes ago Up 2 minutes (healthy) 0.0.0.0:2222->2222/tcp
jms_lion jumpserver/lion:v3.6.0 “./entrypoint.sh” lion 2 minutes ago Up 2 minutes (healthy) 4822/tcp
jms_nginx jumpserver/nginx:v3.6.0 “/docker-entrypoint.…” nginx 2 minutes ago Up 2 minutes 0.0.0.0:80->80/tcp
jms_mysql mysql:8.0 “docker-entrypoint.s…” mysql 2 minutes ago Up 2 minutes (healthy) 3306/tcp, 33060/tcp
jms_redis redis:7-alpine “docker-entrypoint.s…” redis 2 minutes ago Up 2 minutes (healthy) 6379/tcp
# 访问Web界面
# http://192.更多视频教程www.fgedu.net.cn168.1.10
# 默认用户名/密码: admin/admin
Part02-JumpServer配置
2.1 资产管理
# 使用API添加资产
[root@jumpserver ~]# cat > /tmp/add_asset.sh << 'EOF'
#!/bin/bash
JMS_URL="http://localhost"
TOKEN="your-api-token"
# 创建资产
curl -X POST "${JMS_URL}/api/v1/assets/assets/" \
-H "Authorization: Bearer ${TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"name": "Web Server 1",
"address": "192.168.1.20",
"platform": "Linux",
"protocols": [
{"name": "ssh", "port": 22}
],
"nodes": ["node-id"],
"admin_user": "admin-user-id"
}'
# 创建系统用户
curl -X POST "${JMS_URL}/api/v1/assets/system-users/" \
-H "Authorization: Bearer ${TOKEN}" \
-H "Content-Type: application/json" \
-d '{
"name": "web-admin",
"username": "admin",
"protocol": "ssh",
"auth_type": "password",
"password": "Admin@123456"
}'
EOF
[root@jumpserver ~]# chmod +x /tmp/add_asset.sh
# 配置命令过滤
# Web界面 -> 系统设置 -> 命令过滤 -> 创建规则
# 禁止命令: rm -rf /*, dd if=/dev/zero, mkfs
# 配置会话录像
# Web界面 -> 系统设置 -> 终端设置 -> 会话录像
# 启用会话录像存储
# 查看在线会话
[root@jumpserver ~]# ./jmsctl.sh exec core python manage.py shell
>>> from terminal.models import Session
>>> Session.objects.filter(is_finished=False).count()
5
2.2 权限管理
[root@jumpserver ~]# cat > /tmp/add_perm.sh << 'EOF' #!/bin/bash JMS_URL="http://localhost" TOKEN="your-api-token" # 创建资产授权 curl -X POST "${JMS_URL}/api/v1/perms/asset-permissions/" \ -H "Authorization: Bearer ${TOKEN}" \ -H "Content-Type: application/json" \ -d '{ "name": "Web Server Access", "users": ["user-id"], "user_groups": ["group-id"], "assets": ["asset-id"], "nodes": ["node-id"], "system_users": ["system-user-id"], "actions": ["connect", "upload", "download"], "is_active": true, "date_start": "2026-01-01 00:00:00", "date_expired": "2026-12-31 23:59:59" }' EOF # 审计日志查询 [root@jumpserver ~]# ./jmsctl.sh exec core python manage.py shell >>> from audits.models import FTPLog, UserLoginLog
>>> FTPLog.objects.all().count()
100
>>> UserLoginLog.objects.filter(status=True).count()
50
# 导出审计日志
[root@jumpserver ~]# ./jmsctl.sh exec core python manage.py export_login_log
- 配置双因素认证提高安全性
- 设置合理的权限最小化原则
- 定期审计操作日志
- 配置命令过滤防止误操作
- 定期备份配置数据
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
