Centos7.3下安装Jumpserver1.0.0(⽀持windows组件)
Jumpserver最新版本⽀持windows组件,废话不多介绍了,下⾯直接介绍下部署过程:
0)系统环境
CentOS 7.3
IP: 192.168.10.210
[root@jumpserver-server ~]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
关闭防⽕墙和selinux
[root@jumpserver-server ~]# systemctl stop firewalld.service
[root@jumpserver-server ~]# systemctl disable firewalld.service
[root@jumpserver-server ~]# setenforce 0
[root@jumpserver-server ~]# getenforce
[root@jumpserver-server ~]# cat /etc/sysconfig/selinux
........
SELINUX=disabled
修改字符集,否则可能报 input/output error的问题,因为⽇志⾥打印了中⽂
[root@jumpserver-server ~]# localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8
[root@jumpserver-server ~]# export LC_ALL=zh_CN.UTF-8
[root@jumpserver-server ~]# echo 'LANG=zh_CN.UTF-8' > /etc/sysconfig/i18n
1)准备Python3和Python虚拟环境
1.1)安装依赖包
[root@jumpserver-server ~]# yum -y install wget libselinux-python sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git
1.2)编译安装(这⾥必须执⾏编译安装,否则在安装 Python 库依赖时会有⿇烦)
[root@jumpserver-server ~]# cd /usr/local/src/
[root@jumpserver-server src]# wget /ftp/python/3.6.1/Python-3.6.
[root@jumpserver-server src]# tar xvf Python-3.6.
[root@jumpserver-server src]# cd Python-3.6.1
[root@jumpserver-server Python-3.6.1]# ./configure && make && make install
1.3)建⽴Python虚拟环境
因为CentOS 6/7⾃带的是Python2,⽽Yum等⼯具依赖原来的Python,为了不扰乱原来的环境我们来使⽤Python虚拟环境
[root@jumpserver-server ~]# cd /opt/
[root@jumpserver-server opt]# python3 -m venv py3
[root@jumpserver-server opt]# source /opt/py3/bin/activate
(py3) [root@jumpserver-server opt]#
看到上⾯的提⽰符代表成功,以后运⾏Jumpserver都要先运⾏以上source命令,以下所有命令均在该虚拟环境中运⾏!
2)安装Jumpserver 1.0.0
2.1)下载或clone项⽬
除了在github上下载外,还可以到百度云盘上下载:pan.baidu/s/1BVYRF7M-akKjUOoYZPBi7Q (提取密码:v5rs)
(py3) [root@jumpserver-server ~]# cd /opt/
(py3) [root@jumpserver-server opt]# git clone github/jumpserver/jumpserver.git
2.2)安装依赖rpm包
(py3) [root@jumpserver-server opt]# cd /opt/
(py3) [root@jumpserver-server opt]# cd jumpserver/requirements
(py3) [root@jumpserver-server requirements]# yum -y install epel-release
(py3) [root@jumpserver-server requirements]# yum -y install $(cat ) //如果没有任何报错请继续
2.3)安装python库依赖
(py3) [root@jumpserver-server requirements]# pip install - //如果没有任何报错请继续
2.4)安装Redis, Jumpserver 使⽤ Redis 做 cache 和 celery broke
(py3) [root@jumpserver-server requirements]# yum -y install redis
(py3) [root@jumpserver-server requirements]# systemctl start redis
(py3) [root@jumpserver-server requirements]# lsof -i:6379
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
redis-ser 11281 redis 4u IPv4 90233 0t0 TCP localhost:6379 (LISTEN)
2.5)安装MySQL
(py3) [root@jumpserver-server requirements]# yum -y install mariadb mariadb-devel mariadb-server
(py3) [root@jumpserver-server requirements]# systemctl enable mariadb
(py3) [root@jumpserver-server requirements]# systemctl start mariadb
(py3) [root@jumpserver-server requirements]# systemctl status mariadb
(py3) [root@jumpserver-server requirements]# lsof -i:3306
设置mysql密码,⽐如密码设置为123456
(py3) [root@jumpserver-server requirements]# mysql_secure_installation
......
Set root password? [Y/n] y
New password: //⽐如密码是123456
Re-enter new password:
...... //其他项全部回车默认
创建数据库Jumpserver并授权
(py3) [root@jumpserver-server requirements]# mysql -p123456
MariaDB [(none)]> create database jumpserver default charset 'utf8';
MariaDB [(none)]> grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'jumpserver@123';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| jumpserver |
| mysql |
| performance_schema |
| test |
+--------------------+
2.6)安装 python3 mysql驱动: mysqlclient
由于MySQLdb库不⽀持 python3.5+,所以选择了mysqlclient作为驱动,pymysql使⽤python写的,速度较慢
(py3) [root@jumpserver-server requirements]# pip install mysqlclient
2.7)修改jumpserver配置⽂件
计划修改 DevelopmentConfig中的配置,因为默认jumpserver是使⽤该配置,它继承⾃Config。
(py3) [root@jumpserver-server opt]# cd /opt/jumpserver
(py3) [root@jumpserver-server jumpserver]# cp config_example.py config.py
(py3) [root@jumpserver-server jumpserver]# vim config.py
.....
class ProductionConfig(Config):
pass
class DevelopmentConfig(Config): //从这⼀⾏开始添加
DEBUG = True
DISPLAY_PER_PAGE = 20
DB_ENGINE = 'mysql'
DB_HOST = '127.0.0.1'
DB_PORT = 3306
DB_USER = 'jumpserver'
DB_PASSWORD = 'jumpserver@123'
DB_NAME = 'jumpserver'
EMAIL_HOST = 'smtp.kevin'
EMAIL_PORT = 465
EMAIL_HOST_USER = 'monit@kevin'
EMAIL_HOST_PASSWORD = 'monit@123'
EMAIL_USE_SSL = True
EMAIL_USE_TLS = False
EMAIL_SUBJECT_PREFIX = '[Jumpserver] '
SITE_URL = '192.168.10.210:8080' //⼀直添加到这⼀⾏
# Default using Config settings, you can write if/else for different env
config = DevelopmentConfig()
2.8)⽣成数据库表结构和初始化数据
(py3) [root@jumpserver-server jumpserver]# cd /opt/jumpserver/utils
(py3) [root@jumpserver-server utils]# ls
clean_migrations.sh export_fake_data.sh load_fake_data.sh make_migrations.sh f
(py3) [root@jumpserver-server utils]# bash make_migrations.sh
.....
"""
~
~~~~~~~~~~~~~~~~
Jumpserver project setting file
........
Applying django_celery_beat.0002_auto_ OK
Applying django_celery_beat.0003_auto_ OK
Applying django_celery_beat.0004_auto_ OK
Applying terminal.0002_auto_ OK
出现如上信息,即表⽰操作成功!
2.9)运⾏Jumpserver
(py3) [root@jumpserver-server utils]# cd /opt/jumpserver
(py3) [root@jumpserver-server jumpserver]# python run_server.py & //按键ctrl+c结束
(py3) [root@jumpserver-server jumpserver]# lsof -i:8080
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
gunicorn 17338 root 5u IPv4 204937 0t0 TCP *:webcache (LISTEN)
gunicorn 28888 root 5u IPv4 204937 0t0 TCP *:webcache (LISTEN)
gunicorn 28890 root 5u IPv4 204937 0t0 TCP *:webcache (LISTEN)
gunicorn 28894 root 5u IPv4 204937 0t0 TCP *:webcache (LISTEN)
gunicorn 28896 root 5u IPv4 204937 0t0 TCP *:webcache (LISTEN)
运⾏不报错,请浏览器访问 192.168.10.210:8080/ 账号: admin 密码: admin
3)测试使⽤Jumpserver 1.0.0
a)创建⽤户:测试是否正常发送邮件,通过邮件中的链接进⾏密码设置;测试是否正常修改密码,登录。
b)创建管理⽤户:创建⼀个管理⽤户,创建资产时需要关联
c)创建资产:创建⼀个资产,关联刚创建的管理⽤户
d)创建系统⽤户:系统⽤户是⽤来登录资产的,授权时需要
e)创建授权规则:关联⽤户,资产,系统⽤户形成授权规则,授权的系统⽤户会⾃动推送到资产上
注意事项:
3.1)新版本的jumpserver界⾯⾥创建的⽤户不会⾃动在jumpserver部署机上创建,即/etc/passwd⽂件⾥不会有这些⽤户信息。
(jumpserver3.0之前都是会在jumpserver部署机上创建⽤户的)
3.2)⽤户的秘钥可以在jumpserver部署机上⽣产,根据每个⽤户创建时填写的邮件(⽤户邮件不能重复)进⾏⽣成。如下创建wangshibo⽤户的秘钥:[root@jumpserver-server ~]# ssh-keygen -t rsa -C "wangshibo@kevin"
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/wangshibo_id_rsa //在这⼀步要指定邮件指定秘钥⽂件名称
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/wangshibo_id_rsa.
Your public key has been saved in /root/.ssh/wangshibo_id_rsa.pub.
The key fingerprint is:
SHA256:VAPokLf1L5Q20TOloendiZWDx4BFHfo4y2GMxZMPDVA wangshibo@kevin
The key's randomart image is:
+---[RSA 2048]----+
| . ...+BEoo. |
| o o ..o=+@.. |
| + o..ooXoB |
| o. .*= @ o |
| SoooO = |
| .o.+ |
| .o |
| |
| |
+----[SHA256]-----+
[root@[root@jumpserver-server ~]# ~]# cd /root/.ssh/
[root@[root@jumpserver-server ~]# .ssh]# ll
total 20
-rw-r--r--. 1 root root 1371 Mar 31 22:12 known_hosts
-
rw-------. 1 root root 1675 Mar 31 14:42 wangshibo_id_rsa
-rw-r--r--. 1 root root 409 Mar 31 14:42 wangshibo_id_rsa.pub
然后使⽤wanghsibo⽤户登录jumpserver界⾯后,⽤上⾯的wangshibo_id_rsa.pub⽂件中的公钥内容进⾏提交!
3.3)被添加的主机要关闭iptables和selinux。即:
# /etc/init.d/iptables stop
# yum install libselinux-python -y
# setenforce 0
# getenforce
否则在执⾏推送作业时会报错:
Set ops authorized key => Aborting, target uses selinux but python bindings (libselinux-python) aren't installed!
3.4)管理⽤户要是真实存在被添加主机系统上的⽤户,最好⽤root账号(真实的root密码)或是其他能有sudo权限的账号。
3.5)若是系统⽤户不能⾃动推送,可以⼿动点击"推送"
3.6)主机资产添加后,要登录查看它们是否被正常推送了系统⽤户以及sudo权限是否正常设置了。
3.7)检查"作业中⼼"-"任务列表"⾥的任务是否都被成功执⾏了,如果有报错,可以根据具体报错信息进⾏修复。
4)安装 SSH Server: Coco
新开⼀个终端,别忘了"source /opt/py3/bin/activate",
4.1)载coco项⽬。
也可以百度云盘下载:pan.baidu/s/1rEFg1Wlw9ZtK6YPsyaqDiA 提取密码:x8ga
(py3) [root@jumpserver-server ~]# cd /opt
(py3) [root@jumpserver-server opt]# git clone github/jumpserver/coco.git
4.2)安装依赖
(py3) [root@jumpserver-server opt]# cd /opt/coco/requirements
(py3) [root@jumpserver-server requirements]# yum -y install $(cat )
(py3) [root@jumpserver-server requirements]# pip install -
4.3)查看配置⽂件并运⾏
(py3) [root@jumpserver-server requirements]# cd /opt/coco
(py3) [root@jumpserver-server coco]# cp conf_example.py conf.py
[root@centos6-test10 coco]# python run_server.py &
这时候仔细观察,会有如下报错信息:
ERROR:root:Load access key failed
Using access key 311d0e77-5ec9-4c46-a131-7409e1daf271:***
WARNING:/opt/coco/coco/service.py:App auth failed, Access key error or need admin active it
这时需要去jumpserver界⾯的管理后台-会话管理-终端管理-进⾏coco的注册。
注册完成后,上⾯的启动信息中的报错就不会出现了
(py3) [root@jumpserver-server coco]# lsof -i:2222
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
python3 17738 root 7u IPv4 207992 0t0 TCP *:EtherNet/IP-1 (LISTEN)
只要2222端⼝是启动起来的,则下⾯注册的Coco项⽬就会是"在线"状态中的!
4.4)测试连接
要保证2222端⼝是启动着的。然后进⾏堡垒机的连接测试,可以使⽤默认的admin⽤户或上⾯⾃⼰创建的wangshibo⽤户。
注意这些⽤户创建后不会再jumpserver部署机⾥⾃动创建成系统⽤户(但是3.0之前的jumpserver会在部署机上⾃动创建)
(py3) [root@jump-v4 coco]# ssh -p2222 admin@192.168.10.210 //admin的密码默认是admin
......
admin@192.168.10.210's password:
Administrator, 欢迎使⽤Jumpserver开源跳板机系统
1) 输⼊ ID 直接登录或输⼊部分 IP,主机名,备注进⾏搜索登录(如果唯⼀).
2) 输⼊ / + IP, 主机名 or 备注搜索. 如: /ip
3) 输⼊ P/p 显⽰您有权限的主机.
4) 输⼊ G/g 显⽰您有权限的主机组.
5) 输⼊ G/g + 组ID 显⽰该组下主机. 如: g1
6) 输⼊ H/h 帮助.
0) 输⼊ Q/q 退出.
-
------------------------------------------------
如果是⽤Xshell登录的话,语法如下
$ssh admin@192.168.10.210 2222
密码: admin
如果能登陆代表部署成功
------------------------------------------------
5)安装 Web Terminal: Luna
新开⼀个终端,连接测试机,别忘了"source /opt/py3/bin/activate"
Luna 已改为纯前端,需要 Nginx 来运⾏访问。
可以访问github/jumpserver/luna/releases下载对应版本的 release 包,直接解压,不需要编译
也可以百度云盘下载:pan.baidu/s/18AJUD25f6XLxk6RrGOBF5w 提取密码:nfgg
5.1)下载luna项⽬
(py3) [root@jumpserver-server coco]# cd /opt/
(py3) [root@jumpserver-server opt]# wget github/jumpserver/luna/releases/download/v1.0.0/
(py3) [root@jumpserver-server opt]# tar xvf
(py3) [root@jumpserver-server opt]# ls /opt/luna
5.2)安装 Windows ⽀持组件。这⼀步是安装Windows⽀持组件(如果不需要管理 windows 资产,可以直接跳过这⼀步)!
因为⼿动安装 guacamole 组件⽐较复杂,这⾥提供打包好的 docker 使⽤, 启动 guacamole
Docker安装 (仅针对CentOS7,CentOS6安装Docker相对⽐较复杂)
卸载⽼版本的 docker 及其相关依赖
(py3) [root@jumpserver-server opt]# yum remove docker docker-common container-selinux docker-lat
est-logrotate docker-logrotate docker-selinux docker-engine
(py3) [root@jumpserver-server opt]# yum install -y yum-utils device-mapper-persistent-data lvm2
(py3) [root@jumpserver-server opt]# yum-config-manager --add-repo mirrors.aliyun/docker-ce/linux/po //这是国内的阿⾥源,官⽅源为:yum-config-manager --add-repo download.docker/linux/centos/d (py3) [root@jumpserver-server opt]# yum-config-manager --enable docker-ce-edge
(py3) [root@jumpserver-server opt]# yum-config-manager --enable docker-ce-test
(py3) [root@jumpserver-server opt]# yum install docker-ce
(py3) [root@jumpserver-server opt]# systemctl start docker
(py3) [root@jumpserver-server opt]# systemctl status docker
5.3)启动 Guacamole(下⾯命令下载时间可能有点长,取决于带宽⼤⼩)。
这⾥所需要注意的是 guacamole 暴露出来的端⼝是 8081,若与主机上其他端⼝冲突请⾃定义。
修改JUMPSERVER_SERVER环境变量的配置,填上Jumpserver 的内⽹地址, 启动成功后去Jumpserver的web管理界⾯的"会话管理"-"终端管理"接受[Gua]开头的⼀个注册。
(py3) [root@jumpserver-server opt]# docker run --name jms_guacamole -d -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key
-e JUMPSERVER_KEY_DIR=/config/guacamole/key -e JUMPSERVER_SERVER=192.168.10.210:8080 /public/guacamole:1.0.0
(py3) [root@jumpserver-server opt]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
/public/guacamole 1.0.0 6300349f2642 5 days ago 1.23GB
(py3) [root@jumpserver-server opt]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b1f06c49a790 /public/guacamole:1.0.0 "/init" 3 minutes ago Up 3 minutes 0.0.0.0:8081->8080/tcp jms_guacamole
6)配置 Nginx 整合各组件
6.1)安装Nginx
(py3) [root@jumpserver-server ~]# yum -y install nginx
6.2)准备配置⽂件修改/etc/nginx/conf.f
(py3) [root@jumpserver-server ~]# cp /etc/f /etc/f.bak
(py3) [root@jumpserver-server ~]# vim /etc/f
user www;
worker_processes 8;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
events {
worker_connections 65535;
}
http {
include pes;
default_type application/octet-stream;
charset utf-8;
log_format main '$http_x_forwarded_for $remote_addr $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_cookie" $host $request_time';
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
fastcgi_connect_timeout 3000;
fastcgi_send_timeout 3000;
fastcgi_read_timeout 3000;
fastcgi_buffer_size 256k;
fastcgi_buffers 8 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
client_header_timeout 600s;
client_body_timeout 600s;
client_max_body_size 100m;
client_body_buffer_size 256k;
## support more than 15 test environments<br> server_names_hash_max_size 512;<br> server_names_hash_bucket_size 128;<br>
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 9;
gzip_types text/plain application/x-javascript text/css application/xml text/javascript application/x-httpd-php;
gzip_vary on;
include /etc/nginx/conf.d/*.conf;
}
(py3) [root@jumpserver-server ~]# useradd www
(py3) [root@jumpserver-server ~]# echo " * soft nofile 65535" >> /etc/f
(py3) [root@jumpserver-server ~]# echo " * hard nofile 65535" >> /etc/f
(py3) [root@jumpserver-server ~]# echo " * soft nproc 102400" >> /etc/f
(py3) [root@jumpserver-server ~]# echo " * hard nproc 102400" >> /etc/f
(py3) [root@jumpserver-server ~]# ulimit -SHn 65535
(py3) [root@jumpserver-server ~]# vim /etc/nginx/conf.f
server {
listen 80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location /luna/ {
try_files $uri / /index.html;
alias /opt/luna/;
}
location /media/ {
add_header Content-Encoding gzip;
root /opt/jumpserver/data/;
}
location /static/ {
root /opt/jumpserver/data/;
}
location /socket.io/ {
proxy_pass localhost:5000/socket.io/; #如果coco安装在别的服务器,请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /guacamole/ {
proxy_pass localhost:8081/; #如果guacamole安装在别的服务器,请填写它的ip
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
access_log off;
}
location / {
proxy_pass localhost:8080; #如果jumpserver安装在别的服务器,请填写它的ip
}
}
6.3)运⾏Nginx
(py3) [root@jumpserver-server ~]# nginx -t
(py3) [root@jumpserver-server ~]# systemctl enable nginx
(py3) [root@jumpserver-server ~]# systemctl start nginx
(py3) [root@jumpserver-server ~]# systemctl status nginx
(py3) [root@jumpserver-server ~]# lsof -i:80
(py3) [root@jumpserver-server ~]# lsof -i:8080
(py3) [root@jumpserver-server ~]# lsof -i:8081
6.4)访问 192.168.10.210 //最终要起来的端⼝分别是:80、8080、8081、5000、2222
使⽤其他⽤户(如wangshibo⽤户)登录jumpserver,通过webshell登录机器:
可以直接使⽤创建的jumpserver⽤户(⽐如wangshibo)及其密码(这个即是jumpserver管理界⾯的登录密码也是登录jumpserver终端的密码)和2222端⼝登录jumpserver堡垒机终端:
使⽤webshell登录堡垒机的⼀个软肋就是不能直接使⽤rz、sz进⾏上传和下载操作,如果要想上传和下载⽂件,⽐较简单的⽅法就是:在添加的资源机器上统⼀创建⼀个临时账号,然后通过FileZilla或WinScp等⼯具将本机和linux直接进⾏⽂件上传和下载:
[root@centos6-test09 ~]# mkdir /tmp/share
[root@centos6-test09 ~]# useradd share -d /tmp/share
[root@centos6-test09 ~]# cat /etc/passwd|grep share
share:x:503:503::/tmp/share:/bin/bash
[root@centos6-test09 ~]# echo "123456"|passwd --stdin share
[root@centos6-test09 ~]# chmod -R 4777 /tmp/share //设置t权限
[root@centos6-test09 ~]# ll -d /tmp/share
drwsrwxrwx. 2 root root 4096 Apr 1 06:21 /tmp/share
在终端⾥登录jumpserver堡垒机,会显⽰"*** 欢迎使⽤Jumpserver开源跳板机系统",这⼀段标识语可以⾃⾏修改,修改⽅法:
(py3) [root@jumpserver-server jumpserver]# cd /opt/
(py3) [root@jumpserver-server opt]# fgrep -R "欢迎使⽤Jumpserver开源跳板机系统" ./*
./coco/coco/interactive.py: banner = _("""\n {title} {user}, 欢迎使⽤Jumpserver开源跳板机系统 {end}\r\n\r
Binary file ./coco/coco/__pycache__/interactive.cpython-36.pyc matches
Binary file ./jumpserver/.git/objects/pack/pack-3c43bf16d0fa157a5c748ba6137c11af858d79d0.pack matches
Binary file ./jumpserver/apps/i18n/zh/LC_ matches
./jumpserver/apps/i18n/zh/LC_MESSAGES/django.po:msgstr "欢迎使⽤Jumpserver开源跳板机系统"
(py3) [root@jumpserver-server opt]# ll /opt/coco/coco/interactive.py
-rw-r--r--. 1 root root 12357 Mar 31 13:52 /opt/coco/coco/interactive.py
即在/opt/coco/coco/interactive.py⽂件⾥修改。
===========================================================
7)Jumpserver堡垒机添加Windows客户机资产的⽅法:
7.0)Windows主机需要提前做的操作
a)关闭防⽕墙(或者防⽕墙要运⾏rpd协议通过);
b)允许远程桌⾯连接;
c)要保证在jumpserver部署机器上能telnet windows主机的3389端⼝
[root@jumpserver-server ~]# telnet 192.168.10.214 3389
Trying 192.168.
Connected to 192.168.10.214.
Escape character is '^]'.
7.1)创建 Windows 管理⽤户
同 Linux 系统的管理⽤户⼀样,名称可以按资产树来命名,⽤户名是管理员⽤户名,密码是管理员的密码(这个管理⽤户和密码要能真正成功登录windows主机的)。
7.2)创建 Windows 系统⽤户
由于⽬前 Windows 不⽀持⾃动推送,所以 Windows 的系统⽤户设置成与管理⽤户同⼀个⽤户(交换机、Windows等设备不⽀持 Ansible, 需⼿动填写账号密码)。Windows 资
产协议务必选择 rdp,并且要去掉⾃动⽣成密钥、⾃动推送勾选。
7.3)创建 Windows 资产
同创建 Linux 资产⼀样。创建 Windows 资产,系统平台请选择正确的 Windows,端⼝号为3389,IP 和管理⽤户请正确选择,确保管理⽤户能正确登录到指定的 IP 主机上。
7.4) Windows 资产创建授权规则
7.5)Windows ⽆法连接的问题及解决
a)如果⽩屏可能是nginx配置⽂件的guacamole设置的不对,也可能运⾏guacamole的docker容器有问题,总之请求到不了guacamole
b)如果显⽰没有权限可能是你在终端管理⾥没有接受 guacamole的注册,请接受⼀下,如果还是不⾏,就删除刚才的注册,重启guacamole的docker重新注册
c)如果显⽰未知问题可能是你的资产填写的端⼝不对,或者授权的系统⽤户的协议不是rdp
d)提⽰⽆法连接服务器,请联系管理员或查看⽇志⼀般情况下是登录的系统账户不正确,可以从Windows的⽇志查看信息
e)提⽰⽹络问题⽆法连接或者超时,请检查⽹络连接并重试,或联系管理员⼀般情况下是防⽕墙设置不正确,可以从Windows的⽇志查看信息
==========================================================================================
在如上步骤添加windows主机资产后,在Web终端⾥可以正常登录Linux主机,但是却不能正常登录Windows主机,报错如下:
产⽣的原因:在Jumpserver终端管理⾥没有成功接受guacamole的注册,如下图所⽰, guacamole注册后显⽰的是"不在线"状态
解决办法:需要删除之前的guacamole注册,然后重启guacamole的docker服务,并且重新注册guacamole!必须保证guacamole注册后是"在线"状态!
(py3) [root@jumpserver-server conf.d]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
658b243e1106 /public/guacamole:1.0.0 "/init" 21 hours ago Up 21 hours 0.0.0.0:8081->8080/tcp jms_guacamole
(py3) [root@jumpserver-server conf.d]# docker rm -f `docker ps -a -q`
658b243e1106
(py3) [root@jumpserver-server conf.d]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
(py3) [root@jumpserver-server conf.d]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
(py3) [root@jumpserver-server conf.d]# lsof -i:8081
(py3) [root@jumpserver-server conf.d]#
(py3) [root@jumpserver-server conf.d]# docker run --name jms_guacamole -d -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key -e JUMPSERVER_KEY_DIR=/config/guacamole/key -e JUMPSERVER_SERVER=192.168.10.210:8 e8b976408ef41c1ddafe8d8b9d968c4886136aab9d53d7c75fd218b2725f6b29
ssh工具windows(py3) [root@jumpserver-server conf.d]# lsof -i:8081
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
docker-pr 11785 root 4u IPv6 549583 0t0 TCP *:tproxy (LISTEN)
(py3) [root@jumpserver-server conf.d]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e8b976408ef4 /public/guacamole:1.0.0 "/init" 8 seconds ago Up 6 seconds 0.0.0.0:8081->8080/tcp jms_guacamole
注册guacamole的时候,名称保持默认不变(即是以Gua开头的默认名称)!guacamole注册成功后,过⼀会⼉,就会发现已经是"在线"状态了!
这样使⽤创建的⾮管理⽤户登录Jumpserver,从web终端⾥就能成功登录Windows主机了!
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论