Centos8上试用开源堡垒机Jumpserver 1.5.6(七):服务器重启后的恢复操作(手工启动jumpserver等程序)
===================================================================
开源堡垒机Jumpserver安装/配置系列:
1、Centos8上试用开源堡垒机Jumpserver 1.5.6(一):堡垒机概述
2、Centos8上试用开源堡垒机Jumpserver 1.5.6(二):安装Centos8(CentOS-8.1.1911-x86_64-dvd1.iso)
3、Centos8上试用开源堡垒机Jumpserver 1.5.6(三):在Centos8上安装Jumpserver
4、Centos8上试用开源堡垒机Jumpserver 1.5.6(四):添加被管资源与运维帐户权限分配
5、Centos8上试用开源堡垒机Jumpserver 1.5.6(五):通过堡垒机进行运维管理
6、Centos8上试用开源堡垒机Jumpserver 1.5.6(六):试用批量命令和命令过滤功能
7、Centos8上试用开源堡垒机Jumpserver 1.5.6(七):服务器重启后的恢复操作(手工启动jumpserver等程序)
8、Centos8上试用开源堡垒机Jumpserver 1.5.6(八):创建用户时使用密码链接并发邮件给用户功能
===================================================================
服务器出现硬件故障或维护等原因需要关闭或重启jumpserver服务器,而重启后,由于一些程序不是开机自动启动,需要手工,具体重启后恢复操作如下:
1、检查防火墙及SELinux状态
正常在安装时这两个功能为关闭状态,检查是否为关闭状态:
[root@localhost ~]# getenforce
Disabled
[root@localhost ~]#
[root@localhost ~]# firewall-cmd –state
not running
[root@localhost ~]#
[root@localhost ~]#
如上所示,检查都为关闭状态。
2、检查redis、mariadb、nginx启动状态
由于redis、mariadb、nginx这三个程序在安装时是启用开机自启动模式,故正常应该都为运行状态,检查如下:
[root@localhost ~]# systemctl status redis
鈼[0m redis.service – Redis persistent key-value database
Loaded: loaded (/usr/lib/systemd/system/redis.service; enabled; vendor preset: disabled)
Drop-In: /etc/systemd/system/redis.service.d
鈹斺攢limit.conf
Active: active (running) since Sat 2020-02-22 06:58:41 CST; 18min ago
Main PID: 1300 (redis-server)
Tasks: 4 (limit: 26213)
Memory: 10.4M
CGroup: /system.slice/redis.service
鈹斺攢1300 /usr/bin/redis-server 127.0.0.1:6379Feb 22 06:58:41 localhost.localdomain systemd[1]: Starting Redis persistent key-value database…
Feb 22 06:58:41 localhost.localdomain systemd[1]: Started Redis persistent key-value database.
[root@localhost ~]#
[root@localhost ~]# systemctl status mariadb
鈼[0m mariadb.service – MariaDB 10.3 database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2020-02-22 06:58:44 CST; 18min ago
Docs: man:mysqld(8)
https://mariadb.com/kb/en/library/systemd/
Process: 1714 ExecStartPost=/usr/libexec/mysql-check-upgrade (code=exited, status=0/SUCCESS)
Process: 1344 ExecStartPre=/usr/libexec/mysql-prepare-db-dir mariadb.service (code=exited, status=0/SUCCESS)
Process: 1299 ExecStartPre=/usr/libexec/mysql-check-socket (code=exited, status=0/SUCCESS)
Main PID: 1414 (mysqld)
Status: "Taking your SQL requests now…"
Tasks: 30 (limit: 26213)
Memory: 122.4M
CGroup: /system.slice/mariadb.service
鈹斺攢1414 /usr/libexec/mysqld –basedir=/usrFeb 22 06:58:41 localhost.localdomain systemd[1]: Starting MariaDB 10.3 database server…
Feb 22 06:58:42 localhost.localdomain mysql-prepare-db-dir[1344]: Database MariaDB is probably initialized in /var/lib/mysql already, nothing is done.
Feb 22 06:58:42 localhost.localdomain mysql-prepare-db-dir[1344]: If this is not the case, make sure the /var/lib/mysql is empty before running mysql-prepare-db-dir.
Feb 22 06:58:43 localhost.localdomain mysqld[1414]: 2020-02-22 6:58:43 0 [Note] /usr/libexec/mysqld (mysqld 10.3.17-MariaDB) starting as process 1414 …
Feb 22 06:58:43 localhost.localdomain mysqld[1414]: 2020-02-22 6:58:43 0 [Warning] Could not increase number of max_open_files to more than 1024 (request: 4186)
Feb 22 06:58:43 localhost.localdomain mysqld[1414]: 2020-02-22 6:58:43 0 [Warning] Changed limits: max_open_files: 1024 max_connections: 151 (was 151) table_cache: 421 (was 2000)
Feb 22 06:58:44 localhost.localdomain systemd[1]: Started MariaDB 10.3 database server.
[root@localhost ~]#
[root@localhost ~]# systemctl status nginx
鈼[0m nginx.service – nginx – high performance web server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2020-02-22 06:58:43 CST; 19min ago
Docs: http://nginx.org/en/docs/
Process: 1565 ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf (code=exited, status=0/SUCCESS)
Main PID: 1641 (nginx)
Tasks: 2 (limit: 26213)
Memory: 3.7M
CGroup: /system.slice/nginx.service
鈹溾攢1641 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
鈹斺攢1642 nginx: worker processFeb 22 06:58:43 localhost.localdomain systemd[1]: Starting nginx – high performance web server…
Feb 22 06:58:43 localhost.localdomain systemd[1]: Started nginx – high performance web server.
[root@localhost ~]#
[root@localhost ~]#
如上所示,redis、mariadb、nginx都为运行中,状态正常。
3、检查jumpserver程序
jms没有设置为自启动,需要手工启动,首先进入python环境:
[root@localhost ~]# source /opt/py3/bin/activate
(py3) [root@localhost ~]#
(py3) [root@localhost ~]#
然后进入jumpserver程序目录/opt/jumpserver,使用./jms status –d检查程序是否启动,操作如下:
(py3) [root@localhost ~]# cd /opt/jumpserver
(py3) [root@localhost jumpserver]#
(py3) [root@localhost jumpserver]# ls
Dockerfile LICENSE README.md README_EN.md Vagrantfile apps build.sh config.yml config_example.yml data docs entrypoint.sh jms logs requirements run_server.py tmp utils
(py3) [root@localhost jumpserver]#
(py3) [root@localhost jumpserver]# ./jms status -d
gunicorn is stopped
celery_ansible is stopped
celery_default is stopped
beat is stopped
flower is stopped
daphne is stopped
(py3) [root@localhost jumpserver]#
如上,显示都为stopped,未启动,故页面也无法打开,如下:
使用./jms start –d启动jumpserver程序,如下:
(py3) [root@localhost jumpserver]# ./jms start -d
2020-02-22 07:29:47 Sat Feb 22 07:29:47 2020
2020-02-22 07:29:47 Jumpserver version 1.5.6, more see https://www.jumpserver.org– Start Gunicorn WSGI HTTP Server
2020-02-22 07:29:47 Check database connection …
users
[X] 0001_initial
[X] 0002_auto_20171225_1157_squashed_0019_auto_20190304_1459 (18 squashed migrations)
[X] 0020_auto_20190612_1825
[X] 0021_auto_20190625_1104
[X] 0022_auto_20190625_1105
[X] 0023_auto_20190724_1525
[X] 0024_auto_20191118_1612
2020-02-22 07:30:04 Database connect success
2020-02-22 07:30:04 Check database structure change …
2020-02-22 07:30:04 Migrate model change to database …
Operations to perform:
Apply all migrations: admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_celery_beat, ops, orgs, perms, sessions, settings, terminal, tickets, users
Running migrations:
No migrations to apply.
2020-02-22 07:30:11 Collect static files
2020-02-22 07:30:17 Collect static files done– Start Celery as Distributed Task Queue: Ansible
– Start Celery as Distributed Task Queue: Celery
– Start Beat as Periodic Task Scheduler
– Start Flower as Task Monitor
– Start Daphne ASGI WS Server
gunicorn is running: 2498
celery_ansible is running: 2509
celery_default is running: 2517
beat is running: 2528
flower is running: 2532
daphne is running: 2539
(py3) [root@localhost jumpserver]#
完成启动,再次打开主界面http://192.168.10.216,显示正常,如下:
jumpserver正常后,使用admin用户登陆管理主界面,进入“会话管理”->”终端管理”,如下图,在线状态栏中显示红色小圆点,即为未在线,说明koko和guacamole没有启动
检查koko和guacamole镜像,如下,说明镜像存在:
(py3) [root@localhost ~]# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
dockerhub.azk8s.cn/wojiushixiaobai/jms_guacamole 1.5.6 af71674d07a4 2 weeks ago 678 MB
dockerhub.azk8s.cn/wojiushixiaobai/jms_koko 1.5.6 2561f1397767 2 weeks ago 367 MB
(py3) [root@localhost ~]#
(py3) [root@localhost ~]#
使用docker ps查看运行中的容器,发现没有运行中的容器,如下:
(py3) [root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
(py3) [root@localhost ~]#
(py3) [root@localhost ~]#
使用docker ps -a查看所有创建的容器(包括未运行的容器),如下:
(py3) [root@localhost ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9107b7603bf2 dockerhub.azk8s.cn/wojiushixiaobai/jms_guacamole:1.5.6 ./entrypoint.sh 12 days ago Exited (143) About an hour ago 127.0.0.1:8081->8080/tcp jms_guacamole
769148c0cec1 dockerhub.azk8s.cn/wojiushixiaobai/jms_koko:1.5.6 ./entrypoint.sh 12 days ago Exited (0) About an hour ago 0.0.0.0:2222->2222/tcp, 127.0.0.1:5000->5000/tcp jms_koko
(py3) [root@localhost ~]#
(py3) [root@localhost ~]#
如上所示,发现STATUS中状态为Exited,正常应该为up,应该是容器没有启动,手工启动koko和guacamole,操作如下:
(py3) [root@localhost ~]# docker start 9107b7603bf2
9107b7603bf25c48bb939907882591cee524e22bd5c399781694863152fae72f
(py3) [root@localhost ~]#
(py3) [root@localhost ~]#
(py3) [root@localhost ~]# docker start 769148c0cec1
769148c0cec1cc8a6b227e9946f48613e3670c33b347862ae07e53d6b2e1ac99
(py3) [root@localhost ~]#
(py3) [root@localhost ~]#
start后面为容器的id,通过docker ps -a的第一列可以查看到。
完成后再次运行docker ps,可以看到STATUS状态为UP About……,如下所示,即为启动运行中。
(py3) [root@localhost ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
9107b7603bf2 dockerhub.azk8s.cn/wojiushixiaobai/jms_guacamole:1.5.6 ./entrypoint.sh 12 days ago Up About a minute ago 127.0.0.1:8081->8080/tcp jms_guacamole
769148c0cec1 dockerhub.azk8s.cn/wojiushixiaobai/jms_koko:1.5.6 ./entrypoint.sh 12 days ago Up About a minute ago 0.0.0.0:2222->2222/tcp, 127.0.0.1:5000->5000/tcp jms_koko
(py3) [root@localhost ~]#
再次查看管理主界面的终端列表,“在线”一列中已为在线状态,说明koko和guacamole终端注册成功,运行正常。
最后,测试用户端运维管理是否正常,使用user01用户登陆,管理jumpserver和网管两台服务器,都可以连接和管理,如下:
历史会话记录也正常,能够回放
至此,整个jumpserver服务器重启后的操作全部完成,功能恢复正常。
[…] […]
[…] […]