一、安装Docker
1.安装需要的软件包, yum-util 提供yum-config-manager功能,另两个是devicemapper驱动依赖
yum install -y yum-utils device-mapper-persistent-data lvm2
2.设置yum源
yum-config-manager --add-repo http://download.docker.com/linux/centos/docker-ce.repo(中央仓库) yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo(阿里仓库)
3.选择docker版本并安装
yum list docker-ce --showduplicates | sort -r yum install docker-ce-版本号
4、启动 Docker 并设置开机自启
systemctl start docker systemctl enable docker
二、部署mysql说明
1.下载mysql dockerfile
docker pull mysql:5.7
2、部署mysql:5.7
docker run -it -d --name mysql
--restart=always
-p 3306:3306
-v /opt/jumpserver/mysql/conf:/etc/mysql/conf.d #持久化存储mysql配置
-v /opt/jumpserver/mysql/logs:/var/log/mysql #持久化存储mysql日志
-v /opt/jumpserver/mysql/data:/var/lib/mysql #持久化存储mysql数据
-e MYSQL_ROOT_PASSWORD="xxxxxx" #生成mysql root密码
mysql:5.7
3、初始化jumpserver的docker镜像数据库
docker exec -ti mysql mysql -uroot -pxxxxxx -e " create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'root'@'%'; flush privileges; quit"
三、部署redis说明,
1.下载redis dockerfile
docker pull redis
2、部署redis,密码为xxxxxx
docker run -it -d --name redis --restart=always
-p 6379:6379 redis
--requirepass "xxxxxx"
四、部署jumpserver
1、下载jumpServer镜像
docker pull jumpserver/jms_all:latest
2、生成随机加密秘钥和初始化token
#/bin/sh
if [ ! "$SECRET_KEY" ]; then
SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`;
echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc;
echo $SECRET_KEY;
else
echo $SECRET_KEY;
fi
if [ ! "$BOOTSTRAP_TOKEN" ]; then
BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`;
echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc;
echo $BOOTSTRAP_TOKEN;
else
echo $BOOTSTRAP_TOKEN;
fi
EOBhaGJrj2PKorzVmlzyOsbtqqn4UwQdpqCDneOghAS2fFQj2w
kkUVjid3aZVFWp01
3、部署jumpserver
docker run --name jumpserver -d --restart=always
-v /opt/jumpserver/data:/opt/jumpserver/data
-v /opt/jumpserver/koko:/opt/koko/data
-v /opt/jumpserver/lion:/opt/lion/data
-p 80:80
-p 2222:2222
-e SECRET_KEY=EOBhaGJrj2PKorzVmlzyOsbtqqn4UwQdpqCDneOghAS2fFQj2w #SECRET_KEY
-e BOOTSTRAP_TOKEN=kkUVjid3aZVFWp01 #BOOTSTRAP_TOKEN
-e DB_HOST=172.17.0.1 #docker0 ip或者其它主机IP
-e DB_PORT=3306
-e DB_USER=root
-e DB_PASSWORD=xxxxxx
-e DB_NAME=jumpserver
-e REDIS_HOST=172.17.0.1 #docker0 ip或者其它主机IP
-e REDIS_PORT=6379
-e REDIS_PASSWORD=xxxxxx
jumpserver/jms_all
五、配置防火墙
为了堡垒机安全,应该禁止mysql和redis的外部访问链接,脚本如下:
#!/bin/sh iptables -F INPUT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i docker0 -j ACCEPT #允许22、80、443 iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT #deny all iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited
六、部署完毕,查看日志!
docker logs -f jumpserver
