centos7使用docker镜像安装jumpserver

发布于 2017-10-30  3.13k 次阅读


centos7使用docker镜像安装jumpserver

1. 环境

Centos7.0 EIP:122.112.198.209

2. 基本环境安装

[[email protected] ~]# cd /opt
[[email protected] opt]#yum install -y epel-release

3. 安装docker

3.1 查看内核版本

[[email protected] opt]# uname -r
3.10.0-123.el7.x86_64
建议内核版本3.10.0以上

3.2 执行安装docker命令

[[email protected] hcis-tech opt]# curl –sSL https://get.docker.com/ | sh
[[email protected] hcis-tech opt]# systemctl start docker
[[email protected] hcis-tech opt]# systemctl enable docker
[[email protected] hcis-tech opt]# docker -v
Docker version 17.09.0-ce, build afdb6d4

3.3 执行命令安装docker-compose

[[email protected] opt]# yum install -y docker-compose
[[email protected] ~]# docker-compose -v
docker-compose version 1.9.0, build 2585387

4.安装mariadb

4.1 执行命令安装mariadb

[[email protected] ~]# yum -y install mariadb-server mariadb-devel
[[email protected] opt]# systemctl start mariadb
[[email protected] opt]# systemctl enable mariadb

4.2 执行命令创建jumpserver数据库

[[email protected] opt]# mysql -e "create database jumpserver charset='utf8';"
[[email protected] opt]# mysql -e "grant all on jumpserver.* to 'jumpserver'@'122.112.198.209' identified by '[email protected]';"
[[email protected] opt]# mysql -e "flush privileges;"
[[email protected] opt]# mysql -e "show databases;"
+--------------------+
| Database |
+--------------------+
| information_schema |
| jumpserver |
| mysql |
| performance_schema |
| test |
+--------------------+

5.jumpserver docker镜像

5.1 修改docker镜像源

[[email protected] opt]# vim /etc/docker/daemon.json
{

"registry-mirrors": ["https://registry.docker-cn.com"]

}
[[email protected] opt]# systemctl restart docker

5.2 拉镜像

[[email protected] opt]# docker pull jiaxiangkong/jumpserver_docker:0.3.2

5.3 创建一个容器

[[email protected] opt]# docker run -d -p 2222:22 -p 8888:80 --restart=always --name jumpserver jiaxiangkong/jumpserver_docker:0.3.2
6c549e3fa4bbbe0b29c6e40836cc6b653b9c326b26e075e2eba569d4fbd81d09
[[email protected] opt]#

5.4 登录容器编辑jumpserver.conf

[[email protected] opt]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6c549e3fa4bbjiaxiangkong/jumpserver_docker:0.3.2"/bin/sh -c /run.sh" 4 minutes ago Up 4 minutes 0.0.0.0:2222->22/tcp, 0.0.0.0:8888->80/tcp jumpserver
[[email protected] opt]# docker exec -it 6c549e3fa4bb /bin/sh
/jumpserver # ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
9: eth0: mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 scope global eth0
valid_lft forever preferred_lft forever
/jumpserver # vi jumpserver.conf
输入数据库连接信息
/jumpserver # exit

5.5 返回重新授权数据库给IP地址172.17.0.2,然后进入容器,安装jumpserver

[[email protected] opt]# mysql -e "grant all on jumpserver.* to 'jumpserver'@'172.17.0.2' identified by 'admin';"
[[email protected] opt]# mysql -e "flush privileges;"
[[email protected] opt]# docker exec -it 6c549e3fa4bb /bin/sh
/jumpserver # cd install/ && python next.py

5.6 云控制台-ECS安全组中,放行入方向TCP/UDP 8888端口,然后

访问http://122.112.198.209:8888 用户名admin 密码admin 登录


6.评估

受限于产品本身实现原理是通过ssh连接主机,jumpserver添加资产只能添加linux主机,添加完资产,要往主机中推送系统用户,成功后可以使用系统用户连接主机。Jumpserver这款产品偏向于堡垒机的作用,用作不同运维人员的权限管控和操作审计,没有对于主机本身的监控告警功能,不太符合运维监控展示中心的需求。


Flyfish's Blog - 飞鱼博客| 点滴记忆,记录成长---flyfish