负载均衡

环境说明

  • 除 JumpServer 自身组件外, 其他组件的高可用请参考对应的官方文档进行部署
  • 按照此方式部署后, 后续只需要根据需要扩容 core web 节点然后添加节点到 tengine 即可
  • 如果已经有 HLB 或者 SLB 可以跳过 Tengine 部署, 第三方 LB 要注意 session 和 websocket 问题
  • 如果已经有 云存储(* S3/Ceph/Swift/OSS/Azure) 可以跳过 MinIO 部署, MySQL Redis 也一样
DBVersionCacheVersion
MySQL>= 5.7Redis>= 6.0
MariaDB>= 10.2
Server NameIPPortUseMinimize HardwareStandard Hardware
MySQL192.168.100.113306Core2Core/4GB RAM/1T HDD4Core/16GB RAM/1T SSD
Redis192.168.100.116379Core, Koko, lion2Core/4GB RAM/60G HDD2Core/8GB RAM/60G SSD
Tengine192.168.100.10080,443All2Core/4GB RAM/60G HDD4Core/8GB RAM/60G SSD
Core Web 01192.168.100.2180Tengine2Core/8GB RAM/60G HDD4Core/8GB RAM/90G SSD
Core Web 02192.168.100.2280Tengine2Core/8GB RAM/60G HDD4Core/8GB RAM/90G SSD
Core Task192.168.100.31Tengine4Core/8GB RAM/60G HDD4Core/16GB RAM/90G SSD
MinIO192.168.100.419000KoKo, Lion2Core/4GB RAM/1T HDD4Core/8GB RAM/1T SSD
Server NameCheck HealthExample
Corehttp://core:8080/api/health/https://demo.jumpserver.org/api/health/
KoKohttp://koko:5000/koko/health/https://demo.jumpserver.org/koko/health/
Lionhttp://lion:8081/lion/health/https://demo.jumpserver.org/lion/health/

部署 MySQL 服务

  1. 服务器: 192.168.100.11

设置 Repo

  1. yum -y localinstall http://mirrors.ustc.edu.cn/mysql-repo/mysql57-community-release-el7.rpm

安装 MySQL

  1. yum install -y mysql-community-server

配置 MySQL

  1. if [ ! "$(cat /usr/bin/mysqld_pre_systemd | grep -v ^\# | grep initialize-insecure )" ]; then
  2. sed -i "s@--initialize @--initialize-insecure @g" /usr/bin/mysqld_pre_systemd
  3. fi

启动 MySQL

  1. systemctl enable mysqld
  2. systemctl start mysqld

数据库授权

  1. mysql -uroot
  1. Welcome to the MySQL monitor. Commands end with ; or \g.
  2. Your MySQL connection id is 2
  3. Server version: 5.7.32 MySQL Community Server (GPL)
  4. Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
  5. Oracle is a registered trademark of Oracle Corporation and/or its
  6. affiliates. Other names may be trademarks of their respective
  7. owners.
  8. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
  9. mysql> create database jumpserver default charset 'utf8';
  10. Query OK, 1 row affected (0.00 sec)
  11. mysql> set global validate_password_policy=LOW;
  12. Query OK, 0 rows affected (0.00 sec)
  13. mysql> create user 'jumpserver'@'%' identified by 'weakPassword';
  14. Query OK, 0 rows affected (0.00 sec)
  15. mysql> grant all on jumpserver.* to 'jumpserver'@'%';
  16. Query OK, 0 rows affected, 1 warning (0.00 sec)
  17. mysql> flush privileges;
  18. Query OK, 0 rows affected (0.00 sec)
  19. mysql> exit
  20. Bye

配置防火墙

  1. firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.0/24" port protocol="tcp" port="3306" accept"
  2. firewall-cmd --reload

部署 Redis 服务

  1. 服务器: 192.168.100.11

下载源码

  1. yum -y install epel-release wget make gcc-c++
  2. cd /opt
  3. wget https://download.redis.io/releases/redis-6.2.4.tar.gz

安装 Redis

  1. tar -xf redis-6.2.4.tar.gz
  2. cd redis-6.2.4
  3. make
  4. make install PREFIX=/usr/local/redis

配置 Redis

  1. cp redis.conf /etc/redis.conf
  2. sed -i "s/bind 127.0.0.1/bind 0.0.0.0/g" /etc/redis.conf
  3. sed -i "s/daemonize no/daemonize yes/g" /etc/redis.conf
  4. sed -i "561i maxmemory-policy allkeys-lru" /etc/redis.conf
  5. sed -i "481i requirepass weakPassword" /etc/redis.conf
  6. vi /etc/systemd/system/redis.service
  1. [Unit]
  2. Description=Redis persistent key-value database
  3. After=network.target
  4. After=network-online.target
  5. Wants=network-online.target
  6. [Service]
  7. Type=forking
  8. PIDFile=/var/run/redis_6379.pid
  9. ExecStart=/usr/local/redis/bin/redis-server /etc/redis.conf
  10. ExecReload=/bin/kill -s HUP $MAINPID
  11. ExecStop=/bin/kill -s QUIT $MAINPID
  12. [Install]
  13. WantedBy=multi-user.target

启动 Redis

  1. systemctl enable redis
  2. systemctl start redis

配置防火墙

  1. firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.0/24" port protocol="tcp" port="6379" accept"
  2. firewall-cmd --reload

部署 Core Web 01

  1. 服务器: 192.168.100.21

下载 jumpserver-install

  1. cd /opt
  2. yum -y install wget
  3. wget https://github.com/jumpserver/installer/releases/download/v2.12.1/jumpserver-installer-v2.12.1.tar.gz
  4. tar -xf jumpserver-installer-v2.12.1.tar.gz
  5. cd jumpserver-installer-v2.12.1

修改配置文件

  1. vi config-example.txt
  1. # 修改下面选项, 其他保持默认
  2. ### 注意: SECRET_KEY 和要其他 JumpServer 服务器一致, 加密的数据将无法解密
  3. ## Task 配置
  4. USE_TASK=0 # 不启动 jms_celery
  5. # Core 配置
  6. ### 启动后不能再修改,否则密码等等信息无法解密
  7. SECRET_KEY=kWQdmdCQKjaWlHYpPhkNQDkfaRulM6YnHctsHLlSPs8287o2kW # 要其他 JumpServer 服务器一致 (*)
  8. BOOTSTRAP_TOKEN=KXOeyNgDeTdpeu9q # 要其他 JumpServer 服务器一致 (*)
  9. LOG_LEVEL=ERROR
  10. # SESSION_COOKIE_AGE=86400
  11. SESSION_EXPIRE_AT_BROWSER_CLOSE=true
  12. # KoKo Lion 配置
  13. SHARE_ROOM_TYPE=redis # KoKo Lion 使用 redis 共享
  1. ./jmsctl.sh install
  1. ██╗██╗ ██╗███╗ ███╗██████╗ ███████╗███████╗██████╗ ██╗ ██╗███████╗██████╗
  2. ██║██║ ██║████╗ ████║██╔══██╗██╔════╝██╔════╝██╔══██╗██║ ██║██╔════╝██╔══██╗
  3. ██║██║ ██║██╔████╔██║██████╔╝███████╗█████╗ ██████╔╝██║ ██║█████╗ ██████╔╝
  4. ██ ██║██║ ██║██║╚██╔╝██║██╔═══╝ ╚════██║██╔══╝ ██╔══██╗╚██╗ ██╔╝██╔══╝ ██╔══██╗
  5. ╚█████╔╝╚██████╔╝██║ ╚═╝ ██║██║ ███████║███████╗██║ ██║ ╚████╔╝ ███████╗██║ ██║
  6. ╚════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚══════╝╚══════╝╚═╝ ╚═╝ ╚═══╝ ╚══════╝╚═╝ ╚═╝
  7. Version: v2.12.1
  8. 1. 检查配置文件
  9. 配置文件位置: /opt/jumpserver/config
  10. /opt/jumpserver/config/config.txt [ ]
  11. /opt/jumpserver/config/nginx/lb_rdp_server.conf [ ]
  12. /opt/jumpserver/config/nginx/lb_ssh_server.conf [ ]
  13. /opt/jumpserver/config/nginx/cert/server.crt [ ]
  14. /opt/jumpserver/config/nginx/cert/server.key [ ]
  15. 完成
  16. 2. 备份配置文件
  17. 备份至 /opt/jumpserver/config/backup/config.txt.2021-07-15_22-26-13
  18. 完成
  19. >>> 安装配置 Docker
  20. 1. 安装 Docker
  21. 开始下载 Docker 程序 ...
  22. 开始下载 Docker Compose 程序 ...
  23. 完成
  24. 2. 配置 Docker
  25. 是否需要自定义 docker 存储目录, 默认将使用目录 /var/lib/docker? (y/n) (默认为 n): n
  26. 完成
  27. 3. 启动 Docker
  28. Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /etc/systemd/system/docker.service.
  29. 完成
  30. >>> 加载 Docker 镜像
  31. Docker: Pulling from jumpserver/core:v2.12.1 [ OK ]
  32. Docker: Pulling from jumpserver/koko:v2.12.1 [ OK ]
  33. Docker: Pulling from jumpserver/nginx:v2.12.1 [ OK ]
  34. Docker: Pulling from jumpserver/redis:6-alpine [ OK ]
  35. Docker: Pulling from jumpserver/mysql:5 [ OK ]
  36. Docker: Pulling from jumpserver/lion:v2.12.1 [ OK ]
  37. >>> 安装配置 JumpServer
  38. 1. 配置网络
  39. 是否需要支持 IPv6? (y/n) (默认为 n): n
  40. 完成
  41. 2. 配置加密密钥
  42. SECRETE_KEY: YTE2YTVkMTMtMGE3MS00YzI5LWFlOWEtMTc2OWJlMmIyMDE2
  43. BOOTSTRAP_TOKEN: YTE2YTVkMTMtMGE3
  44. 完成
  45. 3. 配置持久化目录
  46. 是否需要自定义持久化存储, 默认将使用目录 /opt/jumpserver? (y/n) (默认为 n): n
  47. 完成
  48. 4. 配置 MySQL
  49. 是否使用外部 MySQL? (y/n) (默认为 n): y
  50. 请输入 MySQL 的主机地址 (无默认值): 192.168.100.11
  51. 请输入 MySQL 的端口 (默认为3306): 3306
  52. 请输入 MySQL 的数据库(事先做好授权) (默认为jumpserver): jumpserver
  53. 请输入 MySQL 的用户名 (无默认值): jumpserver
  54. 请输入 MySQL 的密码 (无默认值): weakPassword
  55. 完成
  56. 5. 配置 Redis
  57. 是否使用外部 Redis? (y/n) (默认为 n): y
  58. 请输入 Redis 的主机地址 (无默认值): 192.168.100.11
  59. 请输入 Redis 的端口 (默认为6379): 6379
  60. 请输入 Redis 的密码 (无默认值): weakPassword
  61. 完成
  62. 6. 配置对外端口
  63. 是否需要配置 JumpServer 对外访问端口? (y/n) (默认为 n): n
  64. 完成
  65. 7. 初始化数据库
  66. Creating network "jms_net" with driver "bridge"
  67. Creating jms_redis ... done
  68. 2021-07-15 22:39:52 Collect static files
  69. 2021-07-15 22:39:52 Collect static files done
  70. 2021-07-15 22:39:52 Check database structure change ...
  71. 2021-07-15 22:39:52 Migrate model change to database ...
  72. 475 static files copied to '/opt/jumpserver/data/static'.
  73. Operations to perform:
  74. Apply all migrations: acls, admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, notifications, ops, orgs, perms, sessions, settings, terminal, tickets, users
  75. Running migrations:
  76. Applying contenttypes.0001_initial... OK
  77. Applying contenttypes.0002_remove_content_type_name... OK
  78. Applying auth.0001_initial... OK
  79. Applying auth.0002_alter_permission_name_max_length... OK
  80. Applying auth.0003_alter_user_email_max_length... OK
  81. Applying auth.0004_alter_user_username_opts... OK
  82. Applying auth.0005_alter_user_last_login_null... OK
  83. Applying auth.0006_require_contenttypes_0002... OK
  84. Applying auth.0007_alter_validators_add_error_messages... OK
  85. Applying auth.0008_alter_user_username_max_length... OK
  86. ...
  87. Applying sessions.0001_initial... OK
  88. Applying terminal.0032_auto_20210302_1853... OK
  89. Applying terminal.0033_auto_20210324_1008... OK
  90. Applying terminal.0034_auto_20210406_1434... OK
  91. Applying terminal.0035_auto_20210517_1448... OK
  92. Applying terminal.0036_auto_20210604_1124... OK
  93. Applying terminal.0037_auto_20210623_1748... OK
  94. Applying tickets.0008_auto_20210311_1113... OK
  95. Applying tickets.0009_auto_20210426_1720... OK
  96. >>> 安装完成了
  97. 1. 可以使用如下命令启动, 然后访问
  98. cd /root/jumpserver-installer-v2.12.1
  99. ./jmsctl.sh start
  100. 2. 其它一些管理命令
  101. ./jmsctl.sh stop
  102. ./jmsctl.sh restart
  103. ./jmsctl.sh backup
  104. ./jmsctl.sh upgrade
  105. 更多还有一些命令, 你可以 ./jmsctl.sh --help 来了解
  106. 3. Web 访问
  107. http://192.168.100.212:80
  108. 默认用户: admin 默认密码: admin
  109. 4. SSH/SFTP 访问
  110. ssh -p2222 admin@192.168.100.212
  111. sftp -P2222 admin@192.168.100.212
  112. 5. 更多信息
  113. 我们的官网: https://www.jumpserver.org/
  114. 我们的文档: https://docs.jumpserver.org/

启动 JumpServer

  1. ./jmsctl.sh start
  1. Creating network "jms_net" with driver "bridge"
  2. Creating jms_core ... done
  3. Creating jms_lion ... done
  4. Creating jms_koko ... done
  5. Creating jms_nginx ... done

部署 Core Web 02

  1. 服务器: 192.168.100.22

下载 jumpserver-install

  1. cd /opt
  2. yum -y install wget
  3. wget https://github.com/jumpserver/installer/releases/download/v2.12.1/jumpserver-installer-v2.12.1.tar.gz
  4. tar -xf jumpserver-installer-v2.12.1.tar.gz
  5. cd jumpserver-installer-v2.12.1

修改配置文件

  1. vi config-example.txt
  1. # 修改下面选项, 其他保持默认
  2. ### 注意: SECRET_KEY 和要其他 JumpServer 服务器一致, 加密的数据将无法解密
  3. ## Task 配置
  4. USE_TASK=0 # 不启动 jms_celery
  5. # Core 配置
  6. ### 启动后不能再修改,否则密码等等信息无法解密
  7. SECRET_KEY=kWQdmdCQKjaWlHYpPhkNQDkfaRulM6YnHctsHLlSPs8287o2kW # 要其他 JumpServer 服务器一致 (*)
  8. BOOTSTRAP_TOKEN=KXOeyNgDeTdpeu9q # 要其他 JumpServer 服务器一致 (*)
  9. LOG_LEVEL=ERROR
  10. # SESSION_COOKIE_AGE=86400
  11. SESSION_EXPIRE_AT_BROWSER_CLOSE=true
  12. # KoKo Lion 配置
  13. SHARE_ROOM_TYPE=redis # KoKo Lion 使用 redis 共享
  1. ./jmsctl.sh install

启动 JumpServer

  1. ./jmsctl.sh start
  1. Creating network "jms_net" with driver "bridge"
  2. Creating jms_core ... done
  3. Creating jms_lion ... done
  4. Creating jms_koko ... done
  5. Creating jms_nginx ... done

部署 Core Task

  1. 服务器: 192.168.100.31

下载 jumpserver-install

  1. cd /opt
  2. yum -y install wget
  3. wget https://github.com/jumpserver/installer/releases/download/v2.12.1/jumpserver-installer-v2.12.1.tar.gz
  4. tar -xf jumpserver-installer-v2.12.1.tar.gz
  5. cd jumpserver-installer-v2.12.1

修改配置文件

  1. vi config-example.txt
  1. # 修改下面选项, 其他保持默认
  2. ### 注意: SECRET_KEY 和要其他 JumpServer 服务器一致, 加密的数据将无法解密
  3. ## Task 配置
  4. USE_TASK=1 # 启动 jms_celery
  5. # Core 配置
  6. ### 启动后不能再修改,否则密码等等信息无法解密
  7. SECRET_KEY=kWQdmdCQKjaWlHYpPhkNQDkfaRulM6YnHctsHLlSPs8287o2kW # 要其他 JumpServer 服务器一致 (*)
  8. BOOTSTRAP_TOKEN=KXOeyNgDeTdpeu9q # 要其他 JumpServer 服务器一致 (*)
  9. LOG_LEVEL=ERROR
  10. # SESSION_COOKIE_AGE=86400
  11. SESSION_EXPIRE_AT_BROWSER_CLOSE=true
  12. # KoKo Lion 配置
  13. SHARE_ROOM_TYPE=redis # KoKo Lion 使用 redis 共享
  1. ./jmsctl.sh install

启动 JumpServer

  1. ./jmsctl.sh start
  1. Creating network "jms_net" with driver "bridge"
  2. Creating jms_core ... done
  3. Creating jms_celery ... done
  4. Creating jms_lion ... done
  5. Creating jms_koko ... done
  6. Creating jms_nginx ... done

部署 Tengine 服务

  1. 服务器: 192.168.100.100

配置 Repo

  1. vi /etc/yum.repos.d/nginx.repo
  1. [nginx-stable]
  2. name=nginx stable repo
  3. baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
  4. gpgcheck=1
  5. enabled=1
  6. gpgkey=https://nginx.org/keys/nginx_signing.key
  7. module_hotfixes=true

安装 Tengine

  1. yum install -y policycoreutils-python https://github.com/wojiushixiaobai/tengine-rpm/releases/download/2.3.3/tengine-2.3.3-2.el7.ngx.x86_64.rpm

配置 Nginx

  1. vi /etc/nginx/nginx.conf
  1. user nginx;
  2. worker_processes auto;
  3. error_log /var/log/nginx/error.log warn;
  4. pid /var/run/nginx.pid;
  5. events {
  6. worker_connections 1024;
  7. }
  8. stream {
  9. log_format proxy '$remote_addr [$time_local] '
  10. '$protocol $status $bytes_sent $bytes_received '
  11. '$session_time "$upstream_addr" '
  12. '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
  13. access_log /var/log/nginx/tcp-access.log proxy;
  14. open_log_file_cache off;
  15. upstream kokossh {
  16. # core web 节点
  17. server 192.168.100.21:2222;
  18. server 192.168.100.22:2222;
  19. least_conn;
  20. }
  21. server {
  22. # 对外 ssh 端口
  23. listen 2222;
  24. proxy_pass kokossh;
  25. proxy_protocol on;
  26. proxy_connect_timeout 1s;
  27. }
  28. }
  29. http {
  30. include /etc/nginx/mime.types;
  31. default_type application/octet-stream;
  32. log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  33. '$status $body_bytes_sent "$http_referer" '
  34. '"$http_user_agent" "$http_x_forwarded_for"';
  35. access_log /var/log/nginx/access.log main;
  36. sendfile on;
  37. #tcp_nopush on;
  38. keepalive_timeout 65;
  39. #gzip on;
  40. include /etc/nginx/conf.d/*.conf;
  41. }
  1. echo > /etc/nginx/conf.d/default.conf
  2. vi /etc/nginx/conf.d/jumpserver.conf
  1. upstream core_web {
  2. # 用户连接时使用 ip_hash 负载
  3. server 192.168.100.21:80;
  4. server 192.168.100.22:80;
  5. session_sticky;
  6. }
  7. upstream core_task {
  8. # use_task = 1 的任务服务器, 多节点请用 NFS 共享持久化 jumpserver/core/data 目录
  9. server 192.168.100.31:80;
  10. }
  11. server {
  12. listen 80;
  13. server_name demo.jumpserver.org; # 自行修改成你的域名
  14. return 301 https://$server_name$request_uri;
  15. }
  16. server {
  17. listen 443 ssl;
  18. server_name demo.jumpserver.org; # 自行修改成你的域名
  19. ssl_certificate /etc/nginx/sslkey/1_jumpserver.org.crt; # 自行设置证书
  20. ssl_certificate_key /etc/nginx/sslkey/2_jumpserver.org.key; # 自行设置证书
  21. ssl_session_timeout 5m;
  22. ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
  23. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  24. ssl_prefer_server_ciphers on;
  25. client_max_body_size 4096m; # 录像上传大小限制
  26. location ~ /replay/ {
  27. proxy_pass http://core_web;
  28. proxy_set_header X-Real-IP $remote_addr;
  29. proxy_set_header Host $host;
  30. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  31. }
  32. location ~ /(ops|task|tasks|flower)/ {
  33. proxy_pass http://core_task;
  34. proxy_http_version 1.1;
  35. proxy_set_header Upgrade $http_upgrade;
  36. proxy_set_header Connection "upgrade";
  37. proxy_set_header X-Real-IP $remote_addr;
  38. proxy_set_header Host $host;
  39. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  40. }
  41. location /ws/ {
  42. proxy_pass http://core_task/ws/;
  43. proxy_http_version 1.1;
  44. proxy_set_header Upgrade $http_upgrade;
  45. proxy_set_header Connection "upgrade";
  46. proxy_set_header X-Real-IP $remote_addr;
  47. proxy_set_header Host $host;
  48. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  49. }
  50. location / {
  51. proxy_pass http://core_web;
  52. proxy_buffering off;
  53. proxy_request_buffering off;
  54. proxy_http_version 1.1;
  55. proxy_set_header Upgrade $http_upgrade;
  56. proxy_set_header Connection "upgrade";
  57. proxy_set_header X-Real-IP $remote_addr;
  58. proxy_set_header Host $host;
  59. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  60. }
  61. }
  1. nginx -t

配置 Selinux

  1. setsebool -P httpd_can_network_connect 1
  2. semanage port -a -t http_port_t -p tcp 2222

启动 Tengine

  1. systemctl enable nginx
  2. systemctl start nginx

配置防火墙

  1. firewall-cmd --permanent --zone=public --add-port=80/tcp
  2. firewall-cmd --permanent --zone=public --add-port=443/tcp
  3. firewall-cmd --permanent --zone=public --add-port=2222/tcp
  4. firewall-cmd --reload

部署 MinIO 服务

  1. 服务器: 192.168.100.41

安装 Docker

  1. yum install -y yum-utils device-mapper-persistent-data lvm2
  2. yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
  3. sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
  4. yum makecache fast
  5. yum -y install docker-ce

配置 Docker

  1. mkdir /etc/docker/
  2. vi /etc/docker/daemon.json
  1. {
  2. "live-restore": true,
  3. "registry-mirrors": ["https://hub-mirror.c.163.com", "https://bmtrgdvx.mirror.aliyuncs.com", "http://f1361db2.m.daocloud.io"],
  4. "log-driver": "json-file",
  5. "log-opts": {"max-file": "3", "max-size": "10m"}
  6. }

启动 Docker

  1. systemctl enable docker
  2. systemctl start docker

下载 MinIO 镜像

  1. docker pull minio/minio:latest
  1. latest: Pulling from minio/minio
  2. a591faa84ab0: Pull complete
  3. 76b9354adec6: Pull complete
  4. f9d8746550a4: Pull complete
  5. 890b1dd95baa: Pull complete
  6. 3a8518c890dc: Pull complete
  7. 8053f0501aed: Pull complete
  8. 506c41cb8532: Pull complete
  9. Digest: sha256:e7a725edb521dd2af07879dad88ee1dfebd359e57ad8d98104359ccfbdb92024
  10. Status: Downloaded newer image for minio/minio:latest
  11. docker.io/minio/minio:latest

持久化数据目录

  1. mkdir -p /opt/jumpserver/minio/data /opt/jumpserver/minio/config

启动 MinIO

  1. ## 请自行修改账号密码并牢记, 丢失后可以删掉容器后重新用新密码创建, 数据不会丢失
  2. # 9000 # api 访问端口
  3. # 9001 # console 访问端口
  4. # MINIO_ROOT_USER=minio # minio 账号
  5. # MINIO_ROOT_PASSWORD=KXOeyNgDeTdpeu9q # minio 密码
  1. docker run --name jms_minio -d -p 9000:9000 -p 9001:9001 -e MINIO_ROOT_USER=minio -e MINIO_ROOT_PASSWORD=KXOeyNgDeTdpeu9q -v /opt/jumpserver/minio/data:/data -v /opt/jumpserver/minio/config:/root/.minio --restart=always minio/minio:latest server /data --console-address ":9001"

设置 MinIO

  • 访问 http://192.168.100.41:9000, 输入刚才设置的 MinIO 账号密码登录
  • 点击左侧菜单的 Buckets, 选择 Create Bucket 创建桶, Bucket Name 输入 jumpserver, 然后点击 Save 保存

设置 JumpServer

  • 访问 JumpServer Web 页面并使用管理员账号进行登录
  • 点击左侧菜单栏的 [终端管理], 在页面的上方选择 [存储配置], 在 [录像存储] 下方选择 [创建] 选择 [Ceph]
  • 根据下方的说明进行填写, 保存后在 [终端管理] 页面对所有组件进行 [更新], 录像存储选择 [jms-mino], 提交
选项参考值说明
名称 (Name)jms-minio标识, 不可重复
类型 (Type)Ceph固定, 不可更改
桶名称 (Bucket)jumpserverBucket Name
Access keyminioMINIO_ROOT_USER
Secret keyKXOeyNgDeTdpeu9qMINIO_ROOT_PASSWORD
端点 (Endpoint)http://192.168.100.41:9000minio 服务访问地址
默认存储新组件将自动使用该存储