20170524-jumpserver-1 Jumpserver是一个由一群有理想有抱负的大牛们开发的开源跳板机及资产管理系统,最近在整理搭建,发现还是蛮好用的,过程记录如下,感谢作者开源!!

Environment

  • aws ec2
  • centos7.3
  • Python: 3.5
  • Django: 1.11
  • Mysql

Install

  • install rely env(使用Redhat)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13

wget http://dev.mysql.com/get/mysql57-community-release-el7-7.noarch.rpm
rpm -ivh mysql57-community-release-el7-7.noarch.rpm
yum install -y mysql-community-server
systemctl start mysqld.service
mysqladmin -uroot -p password "your_password"
pip uninstall pycrypto
rm -rf /usr/lib64/python2.6/site-packages/Crypto/
rm -rf  /usr/lib64/python2.6/site-packages/pycrypto-2.6.1-py2.6-linux-x86_64.egg
pip install pycrypto==2.4.1
wget https://www.python.org/ftp/python/3.6.0/Python-3.6.0.tar.xz
tar xvf Python-3.6.0.tar.xz;cd Python-3.6.0
./configure --prefix=/usr/local/python3
make && make install
  • modify config
1
2

#My path: vim /data/jumpserver_pkg/jumpserver-master/install/install.py
python install.py #直接执行即可

Solve the problem

  • mysql error:报错为django相关

使用utf8创建database CREATE DATABASE IF NOT EXISTS jumpserver DEFAULT CHARACTER SET utf8;

Aws ec2 批量添加主机脚本

  • 获取aws ec2运行主机列表
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

---
#name:get_ec2_host_list.yml
- hosts: localhost
  connection: local
  gather_facts: True
  tasks:
    - name: ec2 instance facts
      ec2_remote_facts:
        region: cn-north-1
        filters:
          instance-state-name:  running
      register: ec2
    - set_fact: ec2_out={{ ec2 }}
    - shell: rm -rf running_ec2_list.txt
    - shell: echo "{{ item.0.private_ip_address }}"  "{{item.0.tags.Name}}" >> running_ec2_list.txt
      with_together:
        - "{{ ec2_out.instances }}"
  • 生成Excel文件
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

#!/usr/bin/python
# -*- coding:utf-8 -*-
###############################################################################
#Author: arvon
#Email: yafeng2011@126.com
#Blog: http://blog.arvon.top/
#Date: 2017-05-23
#Filename: write_jumpserver_host.py
#Revision: 1.0
#License: GPL
#Description: use ansible get host list then use xlrd module write excel
#Notes:
###############################################################################
import os
import openpyxl
#vars
port='22'
host_group='group_name'
aws_access_id='your_id'
aws_secret_id='your_id'
server_file_name='./running_ec2_list.txt'
dest_filename = 'asset_cn_dev.xlsx'
##functions
def create_server_file():
  os.environ['AWS_ACCESS_KEY_ID'] = aws_access_id
  os.environ['AWS_SECRET_ACCESS_KEY'] = aws_secret_id
  os.system('ansible-playbook get_ec2_host_list.yml')
def write_jumpserver_excel():
  wb = openpyxl.Workbook()
  ws1 = wb.active
  ws1.title = 'Assets'
  ws1.append(['IP地址','端口号','主机名','管理账号','用户名','密码','主机组'])
  with open (server_file_name, 'r') as f1:
      server_num = len(open(server_file_name,'rU').readlines())
      row = int(2)
      for eachline in f1:
          server_info=eachline.split()
          private_ip=server_info[0]
          tag_name=server_info[1]
          ws1.cell(column=1,row=row,value=private_ip)
          ws1.cell(column=2,row=row,value=port)
          ws1.cell(column=3,row=row,value=tag_name)
          ws1.cell(column=4,row=row,value='默认')
          ws1.cell(column=5,row=row,value='')
          ws1.cell(column=6, row=row, value='')
          ws1.cell(column=7, row=row, value=host_group)
          wb.save(filename=dest_filename)
          row=row+1
if __name__=='__main__':
  write_jumpserver_excel()

设置教程

  • 使用jumpserver账户密码登录,如果未设置就是admin及默认密码(如果没有改端口默认为8000) 2
  • 进入设置页面,注意这里填写的用户只能一次,新添加一个会覆盖原来的设置 3
  • 建立用户组,然后建立用户时关联用户组,这里的用户和组都是相对jumpserver其实在服务器上并不需要存在这些 4
  • 添加资产,可以使用上面的python脚本进行批量添加 5
  • 创建sudo权限控制组,方便对权限进行精细控制 6
  • 创建用户,这时并没有真正创建,需要保存后进行推送,推送需要选择资产或资产组,选择完成点击推送后会在对应资产上创建该用户 7
  • 确定jumpserver用户以哪个系统用户访问对应资产 8
  • 设置完成,此时jumpserver新建用户可以通过接收到的邮件信息进行访问了
    • 上传下载这个比较好理解直接操作一遍就清楚了
    • 另外有审计功能也是很不错,方便问题定位,也是点着看看就清楚了

再次感谢jumpserver的开发团队!!! 以上

Reference