JumpServer 扩容

目标

JumpSever的录像默认位置为: /opt/jumpserver/data/media/replay/ 为了防止录像文件把过大,需要为该目录挂载一块新的硬盘。

执行

  1. 为主机挂载一块20G硬盘
  2. 新建LVM分区
[root@jumpserver ~]# partprobe /dev/sdb
[root@jumpserver ~]# pvcreate /dev/sdb
[root@jumpserver ~]# vgcreate vg_jumpereplay /dev/sdb
[root@jumpserver ~]# lvcreate -l 100%FREE -n lv_jump vg_jumpreplay
[root@jumpserver ~]# mkfs.xfs /dev/vg_jumpreplay/lv_jump
  1. 挂载
[root@jumpserver ~]# blkid
/dev/mapper/vg_jumpreplay-lv_jump: UUID="7360e830-ec71-4f56-bbc8-765e42ba39cc" TYPE="xfs" 
[root@jumpserver ~]# vim /etc/fstab
UUID=7360e830-ec71-4f56-bbc8-765e42ba39cc   /opt/jumpserver/data    xfs defaults    0 0
[root@jumpserver ~]# mount -a
  1. 完成

————————————————

JumpServer 修改KOKO端口号

目标

Jumpserver 在不使用web终端的情况下可以使用2222端口来直接访问堡垒机系统,然后跳转访问授权资产。现在需要修改默认的2222端口来访问堡垒机的koko。

方法

  1. 急速安装的堡垒机中2222端口是本地代理映射的Docker中的2222端口,所以我们只需要修改相关配置文件重新加载即可。
  2. 修改
[root@jumpserver ~]# cd /opt/setuptools/
[root@jumpserver setuptools]# ./jmsctl.sh status
MySQL   Check   ........................ [ OK ]
Redis   Check   ........................ [ OK ]
Ninx    Check   ........................ [ OK ]
Py3     Check   ........................ [ OK ]
Core    Check   ........................ [ OK ]
Koko    Check   ........................ [ OK ]
Guaca.  Check   ........................ [ OK ]
# 查找koko镜像对应的容器ID
[root@jumpserver setuptools]# docker ps
CONTAINER ID        IMAGE                             COMMAND             CREATED             STATUS              PORTS                                               NAMES
2ed1a83b1d98        jumpserver/jms_guacamole:v2.1.2   "./entrypoint.sh"   21 hours ago        Up 35 seconds       127.0.0.1:8081->8080/tcp                            jms_guacamole
8351b191fd1d        jumpserver/jms_koko:v2.1.2        "./entrypoint.sh"   21 hours ago        Up 35 seconds       127.0.0.1:5000->5000/tcp, 0.0.0.0:2222->2222/tcp   jms_koko
[root@jumpserver ~]# sh /opt/setuptools/jmsctl.sh stop
[root@jumpserver ~]# updatedb && locate 8351b191fd1d
[root@jumpserver ~]# vim /var/lib/docker/containers/8351b191fd1d9bbe3a0a3bd0f6de213ca5847e286d5cc164afbcc2e0f02cc8f2/hostconfig.json
# 修改["HostPort":"2222"]中的2222为目标端口
"PortBindings":{"2222/tcp":[{"HostIp":"","HostPort":"2222"}],"5000/tcp":[{"HostIp":"127.0.0.1","HostPort":"5000"}]}
[root@jumpserver ~]# sh /opt/setuptools/jmsctl.sh start
  1. 登陆测试