Detailed deployment of jumpserver springboard machine / fortress machine under docker

Introduction to the springboard / bastion machine:

The springboard machine enables developers or operation and maintenance personnel to log in to the server uniformly first, and then log in to the target equipment for maintenance and operation.

Use scenario of springboard machine:

jumpserver overview

Jumpserver is an open source fortress machine, which can make administrators and developers of the system safely connect to the internal server of the enterprise to perform operations, and support most of the operating systems. It is a very secure remote connection tool.

Common supported systems:

CentOS, RedHat, Fedora, Amazon Linux
Debian
SUSE, Ubuntu
FreeBSD
Other ssh protocol hardware devices

Deployment steps

Experimental environment

Turn off selinux

[root@centos7 ~]#setenforce 0

Turn off firewall

[root@centos7 ~]#systemctl stop firewalld
[root@centos7 ~]#iptables -F

Source for installing docker

[root@centos7 ~]#yum -y install wget
[root@centos7 ~]#cd /etc/yum.repos.d/
[root@centos7 ~]#wget https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
[root@centos7 ~]#wget http://mirrors.aliyun.com/repo/Centos-7.repo
[root@centos7 ~]#yum -y install centos-release-openstack-ocata

Configure mariadb

Install mariadb

[root@centos7 ~]#yum -y install mariadb-server

Modify profile

[root@centos7 ~]#vim /etc/my.cnf
[client-server]

[mysqld]

symbolic-links=0
#Disable hostname resolution
skip_name_resolve

!includedir /etc/my.cnf.d

Startup service

[root@centos7 ~]#systemctl start mariadb
[root@centos7 ~]#systemctl enable mariadb

Create jumpserver database and authorize

MariaDB [(none)]> create database jumpserver default charset 'utf8';
#To create a management account, the password must be alphanumeric
MariaDB [(none)]> grant all on jumpserver.* to 'jumpserver'@'%' identified by 'linux123';

Configure Redis

Install Redis

[root@centos7 ~]#yum -y install redis

Edit profile

[root@centos7 ~]#vim /etc/redis.conf 
61: bind 0.0.0.0
480: requirepass 123

Startup service

[root@centos7 ~]#systemctl start redis
[root@centos7 ~]#systemctl enable redis

Configure docker

Install docker

[root@centos7 ~]#yum -y install docker-ce

Start docker

[root@centos7 ~]#systemctl start docker
[root@centos7 ~]#systemctl enable docker

Download the jumpserver image and run

[root@centos7 ~]#docker run --name jms_all -d \
    -v /opt/mysql:/var/lib/mysql \
    -v /opt/jumpserver:/opt/jumpserver/data/media \
    -p 80:80 \
    -p 2222:2222 \
    -e SECRET_KEY=PEHVdLzvZFtDQT733ntHDH1hglXQ9OQKoI1xxAfdDhpRGx3tg7 \
    -e BOOTSTRAP_TOKEN=YDzl55tZPTdclbUh \
    -e DB_HOST=192.168.8.223 \ #Current host IP
    -e DB_PORT=3306 \ 
    -e DB_USER=jumpserver \ #Database users
    -e DB_PASSWORD=zhang123 \ #Database password
    -e DB_NAME=jumpserver \ #Database name
    -e REDIS_HOST=192.168.8.223 \
    -e REDIS_PORT=6379 \
    -e REDIS_PASSWORD=123 \ #Redis password
    jumpserver/jms_all:1.4.8

View state

[root@centos7 ~]#docker logs -f jms_all
#You can see the following lines
gunicorn is running: 57
celery is running: 73
beat is running: 75
guacd[98]: INFO:    Guacamole proxy daemon (guacd) version 0.9.14 started
Starting guacd: SUCCESS
Tomcat started.
Use eventlet dispatch
Start coco process
Use eventlet dispatch
Start coco process
Use eventlet dispatch
Start coco process
Jumpserver ALL 1.4.8
//Official website: http://www.jumpserver.org
//Document http://docs.jumpserver.org
//For questions, please refer to http://docs.jumpserver.org/zh/docs/faq.html

//Enter the container command docker exec -it jms_all /bin/bash

Access test

Log in to the web interface, and the initial password and account are all admin.

Tags: Linux Docker MariaDB Redis yum

Posted on Fri, 01 Nov 2019 07:44:51 -0700 by angeljyt