-
2.5计划任务远程管理
2.5计划任务/远程管理
一、计划任务
1、计划任务概念解析
在Linux操作系统中,除了用户即时执行的命令操作以外,还可以配置在指定的时间、指定的日期 执行预先计划好的系统管理任务(如定期备份、定期采集监测数据)。RHEL6系统中默认已安装 了at、cronie软件包,通过atd和crond这两个系统服务实现一次性、周期性计划任务的功能,并 分别通过at、crontab命令进行计划任务设置。- 1
- 2
- 3
- 4
- 5
- 6
- 7
2、计划任务分类
一次性计划任务 循环型计划任务 系统级计划任务 用户级计划任务- 1
- 2
- 3
- 4
- 5
- 6
- 7
3、Crontab详解
安装软件 [root@localhost ~]# yum -y install crontabs 启动服务 默认是启动的 rhel5/6: [root@localhost ~]# /etc/init.d/crond status [root@localhost ~]# /etc/init.d/crond start rhel7: [root@localhost ~]# systemctl start crond.service [root@localhost ~]# systemctl status crond.service [root@localhost ~]# systemctl enable crond.service 开机启动(rhel5/6) [root@localhost ~]# chkconfig crond on 创建计划任务:用户级别的计划任务 [root@localhost ~]# crontab -u 用户 -e -u 指定用户 默认不写就是root [root@localhost ~]# crontab -e 配置分两部分 拿空格分开 第一部分:时间 分钟 小时 日 月 周 范围 0-59 0-23 1-31 1-12 0-7 上面的时间范围可以查看man手册: [root@localhost ~]# man 5 crontab 各种时间写法: 5 10 * * * 5 10 8 * * 1 5 7 * 5 1,5,9 * * * * 8-12 * * * * 5-20,40 * * * * 8-12,20-25 * * * * */5 * * * * ps: * 表示每... , 取不同的时间点 - 表示范围 */5 每5分钟 第二部分:动作 把上面规定的时间要执行的命令写在这里,当然包括脚本(最常用),命令最好要写绝对路径 查看计划任务:两种方法 1)[root@localhost ~]# crontab -l -u 用户名 查看某一个账户的计划任务 2)[root@localhost ~]# cat /var/spool/cron/root 计划任务删除:两种方法 1)[root@localhost ~]# crontab -r -u wing -r 删除 -u 指定用户 [root@localhost ~]# crontab -e -u tom 2)[root@localhost ~]# rm -f /var/spool/cron/root 计划任务的权限控制 [root@localhost ~]# cat /etc/cron.deny 如果这个文件存在,凡是写到这个文件里面的账户不允许执行crontab命令 [root@localhost ~]# cat /etc/cron.allow 如果这个文件存在,没有写到这个文件里面的账户不允许执行crontab命令 如果有allow文件,那不管deny是否存在,都是只允许allow文件里面的用户- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
二、计划任务实战
使用计划任务运行指定应用程序
[root@localhost yum.repos.d]# which touch /usr/bin/touch [root@localhost yum.repos.d]# cd /tmp [root@localhost tmp]# ls [root@localhost tmp]# rm -rf * 每分钟创建一个1.txt [root@localhost tmp]# crontab -e */1 * * * * /usr/bin/touch /tmp/1.txt [root@localhost tmp]# ls 1.txt 查看日志 [root@localhost tmp]# tailf /var/log/cron 定时重启 [root@localhost tmp]# which reboot /usr/sbin/reboot [root@localhost tmp]# crontab -e 00 24 * * * /usr/sbin/reboot crontab: installing new crontab "/tmp/crontab.udy0yb":2: bad hour errors in crontab file, can't install. Do you want to retry the same edit? q Enter Y or N Do you want to retry the same edit? ^C 删除 [root@localhost tmp]# crontab -r 查询 [root@localhost tmp]# crontab -l no crontab for root- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
三、远程管理
1、ssh服务
安装软件: openssh-server 提供服务 openssh-clients 客户端 openssh [root@localhost ~]# yum install openssh* -y ssh 端口22 服务器端: 启动服务: [root@localhost ~]# systemctl start sshd 查看: [root@localhost ~]# lsof -i:22 关闭防火墙和selinux systemctl stop firewalld 临时关闭 [root@localhost tmp]# getenforce 0 Enforcing [root@localhost tmp]# setenforce 0 [root@localhost tmp]# getenforce 0 Permissive 这个是永久关闭 重启机器才能生效 vi /etc/selinux/config 客户端: 远程登陆管理: [root@localhost ~]# ssh -X tom@10.18.44.208 -p 2222 [root@localhost ~]# ssh 10.18.44.208 如登陆果账户没有密码,默认不能 无密码登陆(ssh密钥认证) client: 产生公钥和私钥: [root@localhost ~]# ssh-keygen //一路回车 拷贝公钥给对方: [root@localhost ~]# ssh-copy-id -i 10.18.44.208 直接执行远程命令: [root@localhost ~]# ssh 10.18.44.208 "reboot" 远程拷贝: 需要先安装客户端 [root@localhost ~]# cp 源文件 目标路径 谁是远程谁加IP 132的 [root@localhost tmp]# touch 1.txt [root@localhost tmp]# ls 1.txt [root@localhost ~]# scp 1.txt 192.168.120.133:/tmp/ -P端口 拷贝目录加-r选项 [root@localhost tmp]# scp 192.168.120.133:/tmp/1.txt /tmp/ 1.txt 100% 0 0.0KB/s 00:00 [root@localhost tmp]# ls 1.txt 修改端口号 [root@localhost ~]# vim /etc/ssh/sshd_config Port 1000 [root@localhost tmp]# systemctl restart sshd Port 22 ListenAddress 192.168.2.8 PermitRootLogin yes MaxSessions 10 最大并发量 PermitEmptyPasswords no- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
2、rz sz命令
安装 root 账号登陆后执行以下命令: 搜索软件包 [root@localhost tmp]# yum provides rz [root@localhost ~]#yum -y install lrzsz-0.12.20-36.el7.x86_64 使用 sz命令发送文件到本地: [root@localhost ~]# sz filename rz命令本地上传文件到服务器: [root@localhost ~]## rz 执行该命令后,在弹出框中选择要上传的文件即可。- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
3、远程桌面管理
4、Jumpserver
四、Jumpserver详解
1、环境配置
[root@localhost ~]# setenforce 0 [root@localhost ~]# getenforce Disabled [root@localhost ~]# systemctl stop firewalld.service 修改字符集,否则可能报 input/output error的问题,因为日志里打印了中文 [root@localhost ~]# localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 [root@localhost ~]# export LC_ALL=zh_CN.UTF-8 [root@localhost ~]# echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf [root@localhost ~]# yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git [root@localhost ~]# wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz 解压 [root@localhost ~]# tar xf Python-3.6.1.tar.xz && cd Python-3.6.1 编译安装 [root@sdp-dev Python-3.6.1]# ./configure && make && make install 这里必须执行编译安装,否则在安装 Python 库依赖时会有麻烦... [root@sdp-dev Python-3.6.1]# cd /opt [root@sdp-dev opt]# python3 -m venv py3 [root@sdp-dev opt]# source /opt/py3/bin/activate (py3) [root@sdp-dev opt]# 报错 (py3) [root@localhost opt]# git clone git://github.com/kennethreitz/autoenv.git 正克隆到 'autoenv'... fatal: unable to connect to github.com: github.com[0: 20.205.243.166]: errno=???? 如果失败 可以修复一下 (py3) [root@localhost opt]# git config --global url.https://github.com/.insteadOf git://github.com/ 第二个报错 (py3) [root@localhost opt]# git clone git://github.com/kennethreitz/autoenv.git 正克隆到 'autoenv'... fatal: unable to access 'https://github.com/kennethreitz/autoenv.git/': Failed connect to 127.0.0.1:1080; Connection refused (py3) [root@localhost opt]# git config --global --unset https.proxy (py3) [root@localhost opt]# git config --global --unset http.proxy 上述方案要还是无法解决,运行以下命令: git config --global http.sslVerify "false" (py3) [root@sdp-dev opt]# git clone git://github.com/kennethreitz/autoenv.git 正克隆到 'autoenv'... remote: Enumerating objects: 671, done. remote: Total 671 (delta 0), reused 0 (delta 0), pack-reused 671 接收对象中: 100% (671/671), 103.92 KiB | 115.00 KiB/s, done. 处理 delta 中: 100% (356/356), done. (py3) [root@sdp-dev opt]# (py3) [root@sdp-dev opt]# echo 'source /opt/autoenv/activate.sh' >> ~/.bashrc (py3) [root@sdp-dev opt]# source ~/.bashrc (py3) [root@sdp-dev opt]#- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
2、下载Jumpserver
报这个问题的时候安装了这个 正在解析主机 github.com (github.com)... 20.205.243.166 正在连接 github.com (github.com)|20.205.243.166|:443... 失败:拒绝连接。 (py3) [root@localhost opt]# yum update nss 按y 项目太大无法拉取的问题 (py3) [root@localhost opt]# git clone https://github.com/jumpserver/jumpserver.git && cd jumpserver && git checkout master 正克隆到 'jumpserver'... error: RPC failed; result=7, HTTP code = 0 fatal: The remote end hung up unexpectedly (py3) [root@localhost opt]# git config --global http.postBuffer 1048576000 (py3) [root@sdp-dev opt]# git clone https://github.com/jumpserver/jumpserver.git && cd jumpserver && git checkout master 正克隆到 'jumpserver'... remote: Enumerating objects: 79, done. remote: Counting objects: 100% (79/79), done. remote: Compressing objects: 100% (68/68), done. remote: Total 41282 (delta 19), reused 20 (delta 5), pack-reused 41203 接收对象中: 100% (41282/41282), 52.05 MiB | 79.00 KiB/s, done. 处理 delta 中: 100% (28176/28176), done. 已经位于 'master' (py3) [root@sdp-dev jumpserver]#- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
3、安装所需的python modules
(py3) [root@sdp-dev jumpserver]# echo "source /opt/py3/bin/activate" > /opt/jumpserver/.env (py3) [root@sdp-dev jumpserver]# cd requirements/ autoenv: autoenv: WARNING: autoenv: This is the first time you are about to source /opt/jumpserver/.env: autoenv: autoenv: --- (begin contents) --------------------------------------- autoenv: source /opt/py3/bin/activate$ autoenv: autoenv: --- (end contents) ----------------------------------------- autoenv: autoenv: Are you sure you want to allow this? (y/N) y (py3) [root@sdp-dev requirements]# (py3) [root@sdp-dev requirements]# yum -y install $(cat rpm_requirements.txt) (py3) [root@sdp-dev requirements]# pip install --upgrade pip (py3) [root@sdp-dev requirements]# pip install -r requirements.txt- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
4、安装Redis
(py3) [root@sdp-dev requirements]# yum -y install redis (py3) [root@sdp-dev requirements]# systemctl enable redis Created symlink from /etc/systemd/system/multi-user.target.wants/redis.service to /usr/lib/systemd/system/redis.service. (py3) [root@sdp-dev requirements]# systemctl start redis- 1
- 2
- 3
- 4
- 5
5、安装MySQL
(py3) [root@sdp-dev requirements]# yum -y install mariadb mariadb-devel mariadbserver (py3) [root@sdp-dev requirements]# systemctl enable mariadb Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service. (py3) [root@sdp-dev requirements]# systemctl start mariadb (py3) [root@sdp-dev requirements]# (py3) [root@sdp-dev requirements]# mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 2 Server version: 5.5.60-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> create database jumpserver default charset 'utf8'; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all on jumpserver.* to 'jumpserveradmin'@'127.0.0.1' identified by 'jumpserverpwd'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> flush privileges; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> \q Bye (py3) [root@sdp-dev requirements]#- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
6、配置Jumpserver
(py3) [root@sdp-dev requirements]# pwd /opt/jumpserver/requirements (py3) [root@sdp-dev requirements]# cd .. (py3) [root@sdp-dev jumpserver]# ls apps config_example.yml Dockerfile entrypoint.sh LICENSE README_EN.md requirements tmp build.sh data docs jms logs README.md run_server.py utils (py3) [root@sdp-dev jumpserver]# cp config_example.yml config.yml (py3) [root@sdp-dev jumpserver]# (py3) [root@sdp-dev jumpserver]# SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` (py3) [root@sdp-dev jumpserver]# echo $SECRET_KEY vFjo4WEMRWNinXMconEXodf3VeEaRStkDzo6SpIfNxphYEEMUZ (py3) [root@sdp-dev jumpserver]# echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc (py3) [root@sdp-dev jumpserver]# BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc AZa-z0-9 | head -c 16` (py3) [root@sdp-dev jumpserver]# echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc (py3) [root@sdp-dev jumpserver]# echo $BOOTSTRAP_TOKEN yBCVQ9WHA9phTZ21 (py3) [root@sdp-dev jumpserver]# sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml (py3) [root@sdp-dev jumpserver]# sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOKEN: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml (py3) [root@sdp-dev jumpserver]# sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml (py3) [root@sdp-dev jumpserver]# sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml (py3) [root@sdp-dev jumpserver]# sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: false/SESSION_EXPIRE_AT_BROWSER_CLOSE: true/g" /opt/jumpserver/config.yml (py3) [root@sdp-dev jumpserver]# echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m" 你的SECRET_KEY是 vFjo4WEMRWNinXMconEXodf3VeEaRStkDzo6SpIfNxphYEEMUZ (py3) [root@sdp-dev jumpserver]# echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m" 你的BOOTSTRAP_TOKEN是 yBCVQ9WHA9phTZ21 (py3) [root@sdp-dev jumpserver]# vi config.yml (py3) [root@sdp-dev jumpserver]# sed -n '/^DB_/p' /opt/jumpserver/config.yml DB_ENGINE: mysql DB_HOST: 127.0.0.1 DB_PORT: 3306 DB_USER: jumpserveradmin DB_PASSWORD: jumpserverpwd DB_NAME: jumpserver (py3) [root@sdp-dev jumpserver]#- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
7、启动/关闭Jumpserver
(py3) [root@sdp-dev jumpserver]# ./jms start ...... (py3) [root@sdp-dev jumpserver]# ./jms stop Stop service: gunicorn Stop service: celery Stop service: beat (py3) [root@sdp-dev jumpserver]#- 1
- 2
- 3
- 4
- 5
- 6
- 7
后台启动
(py3) [root@sdp-dev jumpserver]# ./jms start -d- 1
8、部署koko
支持终端管理,默认port为2222
[root@sdp-dev ~]# systemctl start docker [root@sdp-dev ~]# [root@sdp-dev ~]# Server_IP=192.168.20.32 [root@sdp-dev ~]# BOOTSTRAP_TOKEN=yBCVQ9WHA9phTZ21 [root@sdp-dev ~]# docker run --name jms_koko -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_koko:1.5.5 Unable to find image 'jumpserver/jms_koko:1.5.5' locally 1.5.2: Pulling from jumpserver/jms_koko 050382585609: Pull complete f6e2d22aa00f: Pull complete 8c86c00c5332: Pull complete 6b9c6941a89d: Pull complete a10054b94acf: Pull complete 4005724a64ff: Pull complete 446406ca2953: Pull complete 716a981c63ee: Pull complete 41a65efed49e: Pull complete Digest: sha256:ac6258fe46165860289410970e124031aa74a380cb3e1ad97348feb2c9265cbc Status: Downloaded newer image for jumpserver/jms_koko:1.5.5 31fc5862ea104946590c232f16dab366d55823e559e256c5208a3720be9406ba [root@sdp-dev ~]#- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
手工部署koko (coco 目前已经被 koko 取代)
cd /opt wget https://github.com/jumpserver/koko/releases/download/1.5.2/koko-master- 37daa82-linux-amd64.tar.gz tar xf koko-master-37daa82-linux-amd64.tar.gz chown -R root:root kokodir cd kokodir chown -R root:root /opt/kokodir cd /opt/kokodir cp config_example.yml config.yml vim config.yml # BOOTSTRAP_TOKEN 需要从 jumpserver/config.yml 里面获取, 保证一致 ./koko- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
9、部署guacamole
基于 HTML 5 和 JavaScript 的 VNC 查看器
[root@sdp-dev ~]# docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_guacamole:1.5.5 Unable to find image 'jumpserver/jms_guacamole:1.5.5' locally 1.5.5: Pulling from jumpserver/jms_guacamole 8ba884070f61: Pull complete 74b389e6937e: Pull complete 41f5461bfc2f: Pull complete f693f2484212: Pull complete 246835158fe4: Pull complete Digest: sha256:de0b74e33c9991181eb507d768df73fb05932f3b4722dc36ecdca4e358fdce8d Status: Downloaded newer image for jumpserver/jms_guacamole:1.5.5 f4d0c314c5fb840e42ea7e284f5349c571039bb1e3af2f3f8377b7a2c5f53f82 [root@sdp-dev ~]#- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
9手工部署guacamole
$ cd /opt $ git clone --depth=1 https://github.com/jumpserver/docker-guacamole.git $ cd /opt/docker-guacamole $ tar xf guacamole-server-1.0.0.tar.gz $ cd /opt/docker-guacamole/guacamole-server-1.0.0 # 根据 http://guacamole.apache.org/doc/gug/installing-guacamole.html 文档安装对应的 依赖包 $ autoreconf -fi $ ./configure --with-init-dir=/etc/init.d $ make $ make install # 访问 https://tomcat.apache.org/download-90.cgi 下载最新的 tomcat9 $ mkdir -p /config/guacamole /config/guacamole/lib /config/guacamole/extensions /config/guacamole/data/log/ $ cd /config $ wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat- 9/v9.0.22/bin/apache-tomcat-9.0.22.tar.gz $ tar xf apache-tomcat-9.0.22.tar.gz $ mv apache-tomcat-9.0.22 tomcat9 $ rm -rf /config/tomcat9/webapps/* $ sed -i 's/Connector port="8080"/Connector port="8081"/g' /config/tomcat9/conf/server.xml $ echo "java.util.logging.ConsoleHandler.encoding = UTF-8" >> /config/tomcat9/conf/logging.properties $ ln -sf /opt/docker-guacamole/guacamole-1.0.0.war /config/tomcat9/webapps/ROOT.war $ ln -sf /opt/docker-guacamole/guacamole-auth-jumpserver-1.0.0.jar /config/guacamole/extensions/guacamole-auth-jumpserver-1.0.0.jar $ ln -sf /opt/docker-guacamole/root/app/guacamole/guacamole.properties /config/guacamole/guacamole.properties $ wget https://github.com/ibuler/ssh-forward/releases/download/v0.0.5/linuxamd64.tar.gz $ tar xf linux-amd64.tar.gz -C /bin/ $ chmod +x /bin/ssh-forward # 设置 guacamole 环境 $ export JUMPSERVER_SERVER=http://127.0.0.1:8080 # http://127.0.0.1:8080 指 jumpserver 访问地址 $ echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc # BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN 值 $ export BOOTSTRAP_TOKEN=****** $ echo "export BOOTSTRAP_TOKEN=******" >> ~/.bashrc $ export JUMPSERVER_KEY_DIR=/config/guacamole/keys $ echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc $ export GUACAMOLE_HOME=/config/guacamole $ echo "export GUACAMOLE_HOME=/config/guacamole" >> ~/.bashrc $ /etc/init.d/guacd start $ sh /config/tomcat9/bin/startup.sh- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
10、部署luna
与nginx结合支持Web Terminal前端
[root@sdp-dev ~]# cd /opt/ [root@sdp-dev opt]# wget https://github.com/jumpserver/luna/releases/download/1.5.5/luna.tar.gz [root@sdp-dev opt]# tar xf luna.tar.gz [root@sdp-dev opt]# chown -R root:root luna- 1
- 2
- 3
- 4
- 5
11、配置nginx
[root@sdp-dev opt]# cd /usr/local/nginx/conf/ [root@sdp-dev conf]# ls fastcgi.conf koi-utf nginx.conf uwsgi_params fastcgi.conf.default koi-win nginx.conf.default uwsgi_params.default fastcgi_params mime.types scgi_params win-utf fastcgi_params.default mime.types.default scgi_params.default [root@sdp-dev conf]# mkdir conf.d [root@sdp-dev conf]# cd conf.d/ [root@sdp-dev conf.d]# vim jumpserver.conf [root@sdp-dev conf.d]# ls jumpserver.conf [root@sdp-dev conf.d]# cat jumpserver.conf server { listen 80; # server_name _; server_name bastion.qf.com; client_max_body_size 100m; # 录像及文件上传大小限制 location /luna/ { try_files $uri / /index.html; alias /opt/luna/; # luna 路径, 如果修改安装目录, 此处需要修改 } location /media/ { add_header Content-Encoding gzip; root /opt/jumpserver/data/; # 录像位置, 如果修改安装目录, 此处需要修改 } location /static/ { root /opt/jumpserver/data/; # 静态资源, 如果修改安装目录, 此处需要修改 } location /koko/ { proxy_pass http://localhost:5000; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location /guacamole/ { proxy_pass http://localhost:8081/; proxy_buffering off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location /ws/ { proxy_pass http://localhost:8070; proxy_http_version 1.1; proxy_buffering off; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } location / { proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; access_log off; } } [root@sdp-dev conf.d]# [root@sdp-dev conf.d]# cd .. [root@sdp-dev conf]# vim nginx.conf [root@sdp-dev conf]# grep -Pv "^($| *#)" nginx.conf worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; include /usr/local/nginx/conf/conf.d/*.conf; } [root@sdp-dev conf]# cd .. [root@sdp-dev nginx]# sbin/nginx -t nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful [root@sdp-dev nginx]#- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
12、Jumpserver 登录测试
# 检查应用是否已经正常运行 # 服务全部启动后, 访问 jumpserver 服务器 nginx 代理的 80 端口, 不要通过8080端口访问 # 默认账号: admin 密码: admin- 1
- 2
- 3
13、快速入门
参考:
####系统设置
设置用户访问的URL
五、远程管理实战
1、使用ssh管理远程机器
2、部署并使用jumpserver服务器
六总结
rpm_requirements.txt 部署的时候一直缺少这个包 没有找到原因 最终使用了 一键安装 原因找到后在线跟新文档 curl -sSL https://resource.fit2cloud.com/jumpserver/jumpserver/releases/latest/download/quick_start.sh | bash 安装完成后 JumpServer 配置文件路径为: /opt/jumpserver/config/config.txt cd /opt/jumpserver-installer-v3.1.2 # 启动 ./jmsctl.sh start # 停止 ./jmsctl.sh down # 卸载 ./jmsctl.sh uninstall # 帮助 ./jmsctl.sh -h 用户名: admin 密码: admin http://ip地址:80/core/auth/login/- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
-
相关阅读:
【车载开发系列】CAPL语言事件类型概述
C++ - 包装器
CUDA By Example(四)——线程协作
java计算机毕业设计基于springboot+vue+elementUI的旅游网站(源码+数据库+Lw文档)
基于JavaSwing开发数字识别系统+PPT+系统文档 课程设计 大作业源码
VictoriaMetrics之vmalert
Vue3的学习
(免费分享)基于springboot,vue在线考试系统
操作系统------讲讲内存管理的历史(1)连续分配内存
Openlayers | Cesium 在线生成随机点线面坐标数据
- 原文地址:https://blog.csdn.net/l10711097061/article/details/134538846
