步骤版: ==================================服务器的设置======================================= yum install -y openldap openldap-servers openldap-clients openldap-devel cp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf && cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG sed -ri 's/(suffix.*)"dc=my-domain,dc=com"/\1"dc=youyuan,dc=com"/g' /etc/openldap/slapd.conf && sed -ri 's/(rootdn.*)"cn=Manager,dc=my-domain,dc=com"/\1"cn=admin,dc=youyuan,dc=com"/g' /etc/openldap/slapd.conf && sed -ri 's/# (rootpw.*)secret/\112345678/g' /etc/openldap/slapd.conf sed -i '/local7.*/a\#by openldap\nlocal4.* /var/log/ldap.log' /etc/rsyslog.conf && service rsyslog restart service slapd start && rm -rf /etc/openldap/slapd.d/* && slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d && chown -R ldap:ldap /etc/openldap/slapd.d/* && service slapd restart yum -y install migrationtools && sed -i 's/padl/youyuan/g' /usr/share/migrationtools/migrate_common.ph /usr/share/migrationtools/migrate_base.pl >/tmp/base.ldif ;; /usr/share/migrationtools/migrate_passwd.pl /etc/passwd >/tmp/passwd.ldif ;; /usr/share/migrationtools/migrate_group.pl /etc/group >/tmp/group.ldif ldapadd -x -D "cn=admin,dc=youyuan,dc=com" -w 12345678 -f /tmp/base.ldif ldapadd -x -D "cn=admin,dc=youyuan,dc=com" -w 12345678 -f /tmp/passwd.ldif ldapadd -x -D "cn=admin,dc=youyuan,dc=com" -w 12345678 -f /tmp/group.ldif service slapd restart =====================start设置sudoer============== cp /usr/share/doc/sudo-1.8.6p3/schema.OpenLDAP /etc/openldap/schema/sudo.schema && echo "include/etc/openldap/schema/sudo.schema" >> /etc/openldap/slapd.conf rm -rf /etc/openldap/slapd.d/* ; slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d; chown -R ldap:ldap /etc/openldap/slapd.d/*;service slapd restart cat >>/www/sudo.ldif<<eof dn: ou=Sudoers,dc=youyuan,dc=com objectClass: top objectClass: organizationalUnit ou: Sudoers dn: cn=defaults,ou=Sudoers,dc=youyuan,dc=com objectClass: top objectClass: sudoRole cn: defaults sudoOption: !visiblepw sudoOption: always_set_home sudoOption: env_reset sudoOption: requiretty dn: cn=wangyl,ou=Sudoers,dc=youyuan,dc=com objectClass: top objectClass: sudoRole cn: wangyl sudoCommand: ALL sudoHost: ALL sudoOption: !authenticate sudoRunAsUser: ALL sudoUser: wangyl eof ldapadd -x -D "cn=admin,dc=youyuan,dc=com" -w 12345678 -f /www/sudo.ldif =====================end设置sudoer============== 安装jumpserver 数据库配置: create database jumpserver charset='utf8'; grant all on jumpserver.* to 'jumpserver'@'192.168.%' identified by 'youyuanops'; server配置: 192.168.3.146 [/var/lib/ldap] 2014-12-22 12:06:42 root@pts/0 # yum -y install xz gcc automake autoconf 192.168.3.146 [~] 2014-12-22 13:04:23 root@pts/0 # tar -xvf Python-2.7.6.tar.xz 192.168.3.146 [~] 2014-12-22 13:04:23 root@pts/0 # cd Python-2.7.6 192.168.3.146 [~/Python-2.7.6] 2014-12-22 13:05:06 root@pts/0 # ./configure && make && make install root@pts/0 # mv /usr/bin/python /usr/bin/python.bak root@pts/0 # ln -s /usr/local/bin/python /usr/bin/python root@pts/0 # yum search setuptools root@pts/0 # yum install python-setuptools.noarch root@pts/0 # yum install python-pip.noarch 192.168.3.146 [/opt/jumpserver/scripts] 2014-12-22 13:15:34 root@pts/0 # wget --no-check-certificate https://bootstrap.pypa.io/ez_setup.py -O - | python root@pts/0 # wget --no-check-certificate https://pypi.python.org/packages/source/p/pip/pip-1.5.6.tar.gz#md5=01026f87978932060cc86c1dc527903e root@pts/0 # tar -zxvf pip-1.5.6.tar.gz root@pts/0 # cd pip-1.5.6 root@pts/0 # python setup.py install root@pts/0 # cd /opt/jumpserver/scripts root@pts/0 # pip2.7 install -r requirements.txt -i http://pypi.douban.com/simple 192.168.3.146 [/opt/jumpserver/scripts] 2014-12-22 13:21:08 root@pts/0 # cat requirements.txt pexpect==3.3 sphinx-me==0.3 django==1.7.1 python-ldap==2.4.18 paramiko==1.15.1 pycrypto==2.6.1 ecdsa>=0.11 MySQL-python==1.2.5 192.168.3.146 [/opt/jumpserver/scripts] 2014-12-22 13:21:20 root@pts/0 # 192.168.3.146 [/opt/jumpserver/scripts] 2014-12-22 13:22:03 root@pts/0 # pip2.7 list Django (1.7.1) ecdsa (0.11) MySQL-python (1.2.5) paramiko (1.15.1) pexpect (3.3) pip (1.5.6) pycrypto (2.6.1) python-ldap (2.4.18) setuptools (8.2.1) sphinx-me (0.3) wsgiref (0.1.2) 192.168.3.146 [/opt/jumpserver/scripts] 2014-12-22 13:22:07 root@pts/0 # 配置文件: 192.168.3.146 [/opt/jumpserver] 2014-12-22 13:24:34 root@pts/0 # cat jumpserver.conf #coding:utf-8 [db] host = 192.168.3.40 port = 3306 user = jumpserver password = youyuanops db = jumpserver [jumpserver] key = 88aaaf7ffe3c6c04 ldap_host = ldap://127.0.0.1:389 ldap_base_dn = dc=youyuan,dc=com admin_cn = cn=admin,dc=youyuan,dc=com admin_pass = VNLqNCjpNBIetEoCA2h3 web_socket_host = 172.10.10.9:3000 192.168.3.146 [/opt/jumpserver] 2014-12-22 13:24:38 root@pts/0 # 最后变为: 192.168.3.146 [~] 2014-12-22 13:49:12 root@pts/4 # cat /opt/jumpserver/jumpserver.conf #coding:utf-8 [db] host = 192.168.3.40 port = 3306 user = jumpserver password = youyuanops db = jumpserver [jumpserver] key = 88aaaf7ffe3c6c04 ldap_host = ldap://127.0.0.1:389 ldap_base_dn = dc=youyuan,dc=com admin_cn = cn=admin,dc=youyuan,dc=com admin_pass = 12345678(不改会报错的) web_socket_host = 172.10.10.9:3000 192.168.3.146 [~] 2014-12-22 13:49:15 root@pts/4 # 修改logs目录权限 root@pts/0 # chmod 777 logs django sync db 到数据库 192.168.3.146 [/opt/jumpserver/webroot/AutoSa] 2014-12-22 13:27:29 root@pts/0 # python manage.py syncdb Operations to perform: Synchronize unmigrated apps: Assets, UserManage Apply all migrations: admin, contenttypes, auth, sessions Synchronizing apps without migrations: Creating tables... Creating table UserManage_group Creating table UserManage_user_group Creating table UserManage_user Creating table UserManage_logs Creating table UserManage_pid Creating table Assets_idc Creating table Assets_assets Creating table Assets_assetsuser Installing custom SQL... Installing indexes... Running migrations: Applying contenttypes.0001_initial... OK Applying auth.0001_initial... OK Applying admin.0001_initial... OK Applying sessions.0001_initial... OK You have installed Django's auth system, and don't have any superusers defined. Would you like to create one now? (yes/no): no 192.168.3.146 [/opt/jumpserver/webroot/AutoSa] 2014-12-22 13:27:50 root@pts/0 # 运行两个窗口: 192.168.3.146 [/opt/jumpserver/webroot/AutoSa] 2014-12-22 13:28:44 root@pts/0 # python manage.py runserver 0.0.0.0:81 Performing system checks... System check identified no issues (0 silenced). December 22, 2014 - 13:28:59 Django version 1.7.1, using settings 'AutoSa.settings' Starting development server at http://0.0.0.0:81/ Quit the server with CONTROL-C. root@pts/1 # cd /opt/jumpserver/webroot/AutoSa/ 192.168.3.146 [/opt/jumpserver/webroot/AutoSa] 2014-12-22 13:29:51 root@pts/1 # ls Assets AutoSa __init__.py log_handler.py manage.py sta tic templates UserManage websocket 192.168.3.146 [/opt/jumpserver/webroot/AutoSa] 2014-12-22 13:29:52 root@pts/1 # pwd /opt/jumpserver/webroot/AutoSa 192.168.3.146 [/opt/jumpserver/webroot/AutoSa] 2014-12-22 13:29:53 root@pts/1 # python log_handler.py 打开: http://192.168.3.146:81/install/ 成功:安装成功 用户名及密码: http://192.168.3.146:81 admin admin 安装Nodejs,功能实时刷新 root@pts/2 # wget http://nodejs.org/dist/v0.10.34/node-v0.10.34.tar.gz root@pts/2 # tar -zxvf node-v0.10.34.tar.gz 192.168.3.146 [~/node-v0.10.34] 2014-12-22 14:12:30 root@pts/0 # cd node-v0.10.34/;./configure --prefix=/opt/node/ && make && make install 相关配置 192.168.3.146 [/opt/node/bin] 2014-12-22 14:13:46 root@pts/0 # touch /etc/profile.d/node.sh 192.168.3.146 [/opt/node/bin] 2014-12-22 14:16:16 root@pts/0 # vim /etc/profile.d/node.sh 192.168.3.146 [/opt/node/bin] 2014-12-22 14:16:36 root@pts/0 # vim /etc/profile.d/node.sh 192.168.3.146 [/opt/node/bin] 2014-12-22 14:16:39 root@pts/0 # source /etc/profile.d/node.sh 192.168.3.146 [/opt/node/bin] 2014-12-22 14:16:47 root@pts/0 # root@pts/0 # cat /etc/profile.d/node.sh export PATH=$PATH:/opt/node/bin 192.168.3.146 [/opt/node/bin] 2014-12-22 14:17:23 root@pts/0 # 安装项目依赖module,或使用下载好的 192.168.3.146 [/opt/jumpserver/webroot/AutoSa/websocket] 2014-12-22 14:18:25 root@pts/0 # pwd /opt/jumpserver/webroot/AutoSa/websocket 192.168.3.146 [/opt/jumpserver/webroot/AutoSa/websocket] 20 14-12-22 14:18:27 root@pts/0 # ll 总用量 8 -rw-r--r-- 1 root root 2832 12月 22 07:40 index.js -rw-r--r-- 1 root root 219 12月 22 07:40 package.json 192.168.3.146 [/opt/jumpserver/webroot/AutoSa/websocket] 2014-12-22 14:18:28 root@pts/0 # cat package.json { "name": "web-socket", "version": "0.0.1", "description": "my first realtime server", "dependencies": { "express": "~4.10.1", "socket.io": "~1.2.0", "node-tail": "0.0.4", "tail": "~0.4.0" }} 192.168.3.146 [/opt/jumpserver/webroot/AutoSa/websocket] 2014-12-22 14:18:33 root@pts/0 # npm install 192.168.3.146 [/opt/jumpserver/webroot/AutoSa/websocket] 2014-12-22 14:19:17 测试启动websocket root@pts/0 # node index.js listening on *:3000 让用户登录jumpserver自动运行系统 # cd /opt/jumpserver/scripts # vim jumpserver.sh ... if [ $USER == 'guanghongwei' ];then # 修改特殊用户,结束后不 退出 ... # cp jumpserver.sh /etc/profile.d/ 正常运行jumpserver系统 # cd /opt/jumpserver/ # ./runserver# 说明:如果想结束系统# ./stopserver 脚本: 192.168.3.146 [/opt/jumpserver] 2014-12-22 14:23:36 root@pts/1 # cat runserver #!/bin/bash manage_file="./webroot/AutoSa/manage.py" log_handler_file="./webroot/AutoSa/log_handler.py" websocket_file="./webroot/AutoSa/websocket/index.js" which node &> /dev/null if [ $? != '0' ];then echo "Please define the node.js binary file 'node' in the PATH." exit fi node $websocket_file & if [ -f $manage_file -a -e $manage_file ] && [ -f $log_handler_file -a -e $log_handler_file ];then $manage_file runserver 0.0.0.0:80 &> logs/access.log & $log_handler_file &> logs/handler.log & else echo "manage.py or log_handler.py isn't exist or executable." fi 192.168.3.146 [/opt/jumpserver] 2014-12-22 14:23:38 stopserver root@pts/1 # cat stopserver #!/bin/bash pids=$(ps axu | grep -E '(manage.py|log_handler|index.js)'| grep -v 'grep' | awk '{ print $2 }') for pid in $pids;do kill -15 $pid done 192.168.3.146 [/opt/jumpserver] 2014-12-22 14:23:41 root@pts/1 # WEB具体操作: http://laoguang.blog.51cto.com/6013350/1576502 ===========================客户端部分============================================ 安装LDAP客户端及完成客户端设置。 yum -y install openldap openldap-clients echo "session required pam_mkhomedir.so skel=/etc/skel umask=0077" >> /etc/pam.d/system-auth authconfig --enableldap --enableldapauth --enablemkhomedir --ldapserver=192.168.3.65 --ldapbasedn="dc=youyuan,dc=com" --update 从jumpserver连接testuser测试 ssh [email protected] 如果连接成功则继续 客户端sudoer设置 echo -e "uri ldap://192.168.3.65\nSudoers_base ou=Sudoers,dc=youyuan,dc=com" > /etc/sudo-ldap.conf echo "Sudoers: files ldap" >> /etc/nsswitch.conf 检查 egrep -v "(^#|^$)" /etc/sudo-ldap.conf grep -i sudo /etc/nsswitch.conf 测试sudo # ssh [email protected] # sudo su 如果不提示输入密码,则成功。 ==============================遇到的问题================================== root@pts/0 # yum search setuptools There was a problem importing one of the Python modules required to run yum. The error leading to this problem was: No module named yum Please install a package which provides this module, or verify that the module is installed correctly. It's possible that the above module doesn't match the current version of Python, which is: 2.7.6 (default, Dec 26 2014, 14:06:44) [GCC 4.4.7 20120313 (Red Hat 4.4.7-11)] If you cannot solve this problem yourself, please go to the yum faq at: http://yum.baseurl.org/wiki/Faq 192.168.3.65 [~] 2014-12-26 14:22:21 解决: python升级完yum不可用: cat /usr/bin/yum #!/usr/bin/python2.6 ============== root@pts/0 # vim jumpserver.conf #coding:utf-8 [db] host = 127.0.0.1 port = 3306 user = root password = redhat db = jumpserver [jumpserver] key = 88aaaf7ffe3c6c04 ldap_host = ldap://127.0.0.1:389 ldap_base_dn = dc=yolu,dc=com admin_cn = cn=admin,dc=yolu,dc=com admin_pass = VNLqNCjpNBIetEoCA2h3 web_socket_host = 172.10.10.9:3000 =================== python manage.py syncdb 问题; ImportError: libmysqlclient.so.18: cannot open shared object file: No such file or directory 解决: ln -s /usr/local/mysql/lib/libmysqlclient.so.18 /usr/lib64/libmysqlclient.so.18 问题: django.db.utils.OperationalError: (1045, "Access denied for user 'jumpserver'@'192.168.3.65' (using password: YES)") 解决: mysql -uroot -p12345678 -h127.1 GRANT ALL ON *.* TO 'jumpserver'192.168.%';set password for 'jumpserver'@'192.168.%' = PASSWORD('youyuanops');GRANT ALL ON *.* TO O 'jumpserver'@'localhost';set password for 'jumpserver'@'localhost' = PASSWORD('youyuanops'); flush privileges;