模版主机创建成功后, 需要在机器中内置好, 监控agent、堡垒机注册程序、创建虚拟机时固定IP地址, 满足以上三点设置的话, 就需要良好的设计逻辑, 从镜像、脚本、系统三层配合实现;
1,jumpserver官方安装文档; https://docs.jumpserver.org/zh/master/install/setup_by_fast/
2,安装完成后网页进入默认用户admin 密码admin
3,创建特权用户jumper
4,配置连接脚本
[root@localhost virtual_create]# ll
total 12
-rw-r--r--. 1 root root 2812 May 30 19:37 createvm.sh
-rw-r--r--. 1 root root 579 May 29 18:28 deploy_zabbix_agent.sh
-rw-r--r--. 1 root root 1641 May 29 18:28 registry_to_jumper.py
vim registry_to_jumper.py
。。。。。
self.jms_url = 'http://192.168.19.100' //http协议:junmpserver地址
self.machines_url = '/api/v1/assets/assets/'
self.admin_user_id = '6faf27d0-9cd6-4258-86ec-13ed0c46a037' //在jumpserver的特权用户中查看
self.__jms_token = '38c412ebd41ff8e2594991bc140b24451df44143' //官方文档
。。。。。
user-id
JUMPERPTOKEN
docker exec -it jms_core /bin/bash
cd /opt/jumpserver/apps
python manage.py shell
from users.models import User
u = User.objects.get(username='admin')
u.create_private_token()
复制执行
5,在虚拟磁盘上创建链接配置
接第5篇中的环境
[root@localhost kvm]# virsh list --all
Id Name State
----------------------------------------------------
- test-nat-network2 shut off
[root@localhost kvm]#virsh start test-nat-network
test-nat-network2 :
mkdir /tasks
vi /tasks/registry-jumpserver.py
复制宿主机registry_to_jumper.py的内容
vi /etc/rc.local
python3 /tasks/registry-jumpserver.py
添加python3运行文件目录
chmod a+x /etc/rc.d/rc.local
创建特权用户并给予权限
useradd jumper
passwd jumper
vi /etc/sudoers.d/jumper
jumper ALL=(ALL) NOPASSWD: ALL
vi /etc/hostname
按createvm.sh改
6,安装python3环境
yum -y install python3 python3-devel
pip3 install requests
完成后关机
init 0
vim /kvmvirtual/virtual_create/createvm.sh
cp /kvmvirtual/virtual_create/createvm.sh /usr/local/bin/createvm
chmod a+x /usr/local/bin/createvm
cp /kvm/vdisks/{test-nat-network2.qcow2,test-createvm.qcow2}
按环境修改配置
6,创建虚拟机
createvm -a 192.168.19.111 -p 5902 -n jumpserver-01
virsh start test-jumpserver-registry
查看资产
报错问题记录
刷新硬件信息
报错1
没有授权用户
[root@jumpserver-01 ~]# useradd jumper
[root@jumpserver-01 ~]# vi /etc/sudoers.d/jumper
jumper ALL=(ALL) NOPASSWD: ALL
[root@jumpserver-01 ~]# passwd jumper
用户密码与jumpserver特权用户一致
报错2
重新登录jumpserver