centos7使用docker镜像安装jumpserver

发布于 2017-10-30  2.1k 次阅读


centos7使用docker镜像安装jumpserver

1. 环境

Centos7.0 EIP:122.112.198.209

2. 基本环境安装

[root@hcis-tech ~]# cd /opt
[root@hcis-tech opt]#yum install -y epel-release

3. 安装docker

3.1 查看内核版本

[root@docker opt]# uname -r
3.10.0-123.el7.x86_64
建议内核版本3.10.0以上

3.2 执行安装docker命令

[root@ hcis-tech opt]# curl –sSL https://get.docker.com/ | sh
[root@ hcis-tech opt]# systemctl start docker
[root@ hcis-tech opt]# systemctl enable docker
[root@ hcis-tech opt]# docker -v
Docker version 17.09.0-ce, build afdb6d4

3.3 执行命令安装docker-compose

[root@hcis-tech opt]# yum install -y docker-compose
[root@hcis-tech ~]# docker-compose -v
docker-compose version 1.9.0, build 2585387

4.安装mariadb

4.1 执行命令安装mariadb

[root@hcis-tech ~]# yum -y install mariadb-server mariadb-devel
[root@hcis-tech opt]# systemctl start mariadb
[root@hcis-tech opt]# systemctl enable mariadb

4.2 执行命令创建jumpserver数据库

[root@hcis-tech opt]# mysql -e "create database jumpserver charset='utf8';"
[root@hcis-tech opt]# mysql -e "grant all on jumpserver.* to 'jumpserver'@'122.112.198.209' identified by 'Hcis@2017';"
[root@hcis-tech opt]# mysql -e "flush privileges;"
[root@hcis-tech opt]# mysql -e "show databases;"
+--------------------+
| Database |
+--------------------+
| information_schema |
| jumpserver |
| mysql |
| performance_schema |
| test |
+--------------------+

5.jumpserver docker镜像

5.1 修改docker镜像源

[root@hcis-tech opt]# vim /etc/docker/daemon.json
{

"registry-mirrors": ["https://registry.docker-cn.com"]

}
[root@hcis-tech opt]# systemctl restart docker

5.2 拉镜像

[root@hcis-tech opt]# docker pull jiaxiangkong/jumpserver_docker:0.3.2

5.3 创建一个容器

[root@hcis-tech opt]# docker run -d -p 2222:22 -p 8888:80 --restart=always --name jumpserver jiaxiangkong/jumpserver_docker:0.3.2
6c549e3fa4bbbe0b29c6e40836cc6b653b9c326b26e075e2eba569d4fbd81d09
[root@hcis-tech opt]#

5.4 登录容器编辑jumpserver.conf

[root@hcis-tech opt]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
6c549e3fa4bbjiaxiangkong/jumpserver_docker:0.3.2"/bin/sh -c /run.sh" 4 minutes ago Up 4 minutes 0.0.0.0:2222->22/tcp, 0.0.0.0:8888->80/tcp jumpserver
[root@hcis-tech opt]# docker exec -it 6c549e3fa4bb /bin/sh
/jumpserver # ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
9: eth0: mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:11:00:02 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.2/16 scope global eth0
valid_lft forever preferred_lft forever
/jumpserver # vi jumpserver.conf
输入数据库连接信息
/jumpserver # exit

5.5 返回重新授权数据库给IP地址172.17.0.2,然后进入容器,安装jumpserver

[root@hcis-tech opt]# mysql -e "grant all on jumpserver.* to 'jumpserver'@'172.17.0.2' identified by 'admin';"
[root@hcis-tech opt]# mysql -e "flush privileges;"
[root@hcis-tech opt]# docker exec -it 6c549e3fa4bb /bin/sh
/jumpserver # cd install/ && python next.py

5.6 云控制台-ECS安全组中,放行入方向TCP/UDP 8888端口,然后

访问http://122.112.198.209:8888 用户名admin 密码admin 登录


6.评估

受限于产品本身实现原理是通过ssh连接主机,jumpserver添加资产只能添加linux主机,添加完资产,要往主机中推送系统用户,成功后可以使用系统用户连接主机。Jumpserver这款产品偏向于堡垒机的作用,用作不同运维人员的权限管控和操作审计,没有对于主机本身的监控告警功能,不太符合运维监控展示中心的需求。


Flyfish's Blog - 飞鱼博客| 点滴记忆,记录成长---flyfish