Tag:ldap Fortress machine build configuration
Step version: ================================== server Settings =======================================yum install -y openldap openldap-servers openldap-clients openldap-develcp /usr/share/ Openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf && cp /usr/share/ openldap-servers/db_config.example /var/lib/ldap/db_config sed - ri ' s/(suffix.*) "dc=my-domain,dc=com"/\1 "dc=youyuan,dc=com"/g ' /etc/openldap/slapd.conf & & sed -ri ' s/(rootdn.*) "cn=manager,dc=my-domain,dc=com"/\1 "cn=admin,dc=youyuan,dc=com"/g ' /etc/openldap/slapd.conf && sed -ri ' s/# (rootpw.*) secret/\112345678/g ' /etc/openldap/slapd.confsed -i '/local7.*/a\ #by openldap\nlocal4.* /var/log/ldap.log ' /etc/rsyslog.conf && Service rsyslog restartservice&nbsP;slapd start && rm -rf /etc/openldap/slapd.d/* && slaptest -f /etc/openldap/slapd.conf -f /etc/openldap/slapd.d && chown -r ldap:ldap /etc/openldap/slapd.d/* && service slapd restartyum -y install migrationtools && sed -i ' s/padl/youyuan/g ' /usr/share/ migrationtools/migrate_common.ph/usr/share/migrationtools/migrate_base.pl >/tmp/base.ldif ;; /usr/share/migrationtools/migrate_passwd.pl /etc/passwd >/tmp/passwd.ldif ;; /usr/share/migrationtools/migrate_group.pl /etc/group >/tmp/group.ldifldapadd -x -d "Cn=admin,dc=youyuan,dc=com" -w 12345678 -f /tmp/base.ldifldapadd -x -d "Cn=admin,dc=youyuan,dc=com" -w 12345678 -f /tmp/passwd.ldifldapadd -x -d "Cn=admin,dc=youyuan,dc=com" -w 12345678 -f /tmp/group.ldifservice slapd restart===================== Start setting Sudoer==============cp /usr/share/doc/sudo-1.8.6p3/schema. openldap /etc/openldap/schema/sudo.schema && echo "include/etc/openldap/schema/ Sudo.schema " >> /etc/openldap/slapd.confrm -rf /etc/openldap/slapd.d/* ; slaptest -f /etc/openldap/slapd.conf -f /etc/openldap/slapd.d; chown -r ldap:ldap /etc/openldap/slapd.d/*;service slapd restartcat >>/www/sudo.ldif <<eofdn: ou=sudoers,dc=youyuan,dc=comobjectclass: topobjectclass: organizationalunitou: Sudoersdn: cn=defaults,ou=Sudoers,dc=youyuan,dc=comobjectClass: topobjectClass: Sudorolecn: defaultssudooption: !visiblepwsudooption: always_set_homesudooption: env_ Resetsudooption: requirettydn: cn=wangyl,ou=sudoers,dc=youyuan,dc=comobjeCtclass: topobjectclass: sudorolecn: wangylsudocommand: allsudohost: allsudooption: !authenticatesudoRunAsUser: ALLsudoUser: wangyleofldapadd -x -D "cn=admin,dc= Youyuan,dc=com " -w 12345678 -f /www/sudo.ldif=====================end Settings sudoer============= = Install jumpserver database configuration: create database jumpserver charset= ' UTF8 ';grant all on jumpserver.* to ' jumpserver ' @ ' 192.168.% ' identified by ' youyuanops '; server configuration : 192.168.3.146 [/var/lib/ldap] 2014-12-22 12:06:42[email protected]/0 # yum -y install xz gcc automake autoconf192.168.3.146 [~] 2014-12-22 13:04:23[email protected]/0 # tar -xvf python-2.7.6.tar.xz192.168.3.146 [~] 2014-12-22 13:04:23[email protected]/0 # cd python-2.7.6192.168.3.146 [~/ Python-2.7.6] 2014-12-22 13:05:06[email protected]/0 # ./configure && make && make install[email protected]/0 # mv /usr/bin/python /usr/bin/python.bak[email protected]/0 # ln -s /usr/local/bin/python /usr/bin/python[email protected]/0 # yum search setuptools[email protected]/0 # yum install python-setuptools.noarch[email protected]/0 # yum install python-pip.noarch192.168.3.146 [/opt/jumpserver/scripts] 2014-12-22 13:15:34[email Protected]/0 # wget --no-check-certificate https://bootstrap.pypa.io/ez_setup.py -o - | python[email protected]/0 # wget --no-check-certificate https:// pypi.python.org/packages/source/p/pip/pip-1.5.6.tar.gz#md5=01026f87978932060cc86c1dc527903e[email Protected]/0 # tar -zxvf pip-1.5.6.tar.gz[email protected]/0 # cd pip-1.5.6[email protected]/0 # python setup.py install[email protected]/0 # cd /opt/jumpserver/scripts[email protected]/0 # pip2.7 install -r requirements.txt -i http://pypi.douban.com/ simple192.168.3.146 [/opt/jumpserver/scripts] 2014-12-22 13:21:08[email protected]/0 # cat requirements.txtpexpect==3.3sphinx-me==0.3django==1.7.1python-ldap==2.4.18paramiko== 1.15.1pycrypto==2.6.1ecdsa>=0.11mysql-python==1.2.5192.168.3.146 [/opt/jumpserver/scripts] 2014-12-22 13:21:20[email protected]/0 #192 .168.3.146 [/opt/jumpserver/scripts] 2014-12-22 13:22:03[email protected]/0 # pip2.7 listdjango (1.7.1) ecdsa ( 0.11) mysql-python (1.2.5) paramiko (1.15.1) pexpect (3.3) pip (1.5.6) pycrypto (2.6.1) python-ldap (2.4.18) setuptools (8.2.1) Sphinx-me (0.3) wsgiref (0.1.2) 192.168.3.146 [/opt/jumpserver/scripts] 2014-12-22 13:22:07[email protected]/0 #配置文件:192.168.3.146 [/opt/jumpserver] 2014-12-22 13:24:34[email protected]/0 # cat jumpserver.conf#coding:utf-8[db]host = 192.168.3.40port = 3306user = jumpserverpassword = youyuanopsdb = jumpserver[jumpserver]key = 88aaaf7ffe3c6c04ldap_host = ldap://127.0.0.1:389ldap_base_dn = dc=youyuan,dc= Comadmin_cn = cn=admin,dc=youyuan,dc=comadmin_pass = vnlqncjpnbieteoca2h3web_socket_host = 172.10.10.9:3000192.168.3.146 [/opt/jumpserver] 2014-12-22 13:24:38[email protected]/0 #最后变为: 192.168.3.146 [~] 2014-12-22 13:49:12[email protected]/4 # cat /opt/jumpserver/jumpserver.conf#coding:utf-8[db]host = 192.168.3.40port = 3306user = jumpserveRpassword = youyuanopsdb = jumpserver[jumpserver]key = 88aaaf7ffe3c6c04ldap_host = ldap://127.0.0.1:389ldap_base_dn = dc=youyuan,dc=comadmin_cn = cn=admin,dc= youyuan,dc=comadmin_pass = 12345678 (Do not change the error) web_socket_host = 172.10.10.9:3000192.168.3.146 [~] 2014-12-22 13:49:15[email protected]/4 #修改logs目录权限 [email protected]/0 # chmod 777 logsdjango sync db to Database 192.168.3.146 [/opt/jumpserver/webroot/ autosa] 2014-12-22 13:27:29[email protected]/0 # python manage.py Syncdboperations to perform:synchronize unmigrated apps: assets, usermanageapply all migrations: admin, contenttypes, auth, sessionssynchronizing apps without migrations:creating tables ... Creating table usermanage_groupcreating table usermanage_user_groupcreating table usermanage_usercreating table usermanage_logscreating table Usermanage_pidcreating table assets_idccreating table assets_assetscreating table assets_assetsuserinstalling custom sql ... Installing indexes ... Running migrations:applying contenttypes.0001_initial... okapplying auth.0001_initial ... okapplying admin.0001_initial... okapplying sessions.0001_initial... okyou have installed django ' S auth system, and don ' t have anysuperusers Defined. would you like to create one now? (yes/no): no192.168.3.146 [/opt /jumpserver/webroot/autosa] 2014-12-22 13:27:50[email protected]/0 #运行两个窗口: 192.168.3.146 [/opt/jumpserver/webroot/AutoSa] 2014-12-22 13:28:44[email protected]/0 # python manage.py runserver 0.0.0.0:81performing system checks. system check identified no issues (0 silenced). december 22, 2014 - 13:28:59django version 1.7.1, using settings ' Autosa.settings ' starting development server at http://0.0.0.0:81/quit the Server with control-c. [email protected]/1 # cd /opt/jumpserver/webroot/autosa/192.168.3.146 [/opt/ jumpserver/webroot/autosa] 2014-12-22 13:29:51[email protected]/1 # lsassets autosa __init__.py log_handler.py manage.py static templates usermanage websocket192.168.3.146 [/opt/jumpserver/webroot/autosa] 2014-12-22 13:29:52[email Protected]/1 # pwd/opt/jumpserver/webroot/autosa192.168.3.146 [/opt/jumpserver/webroot/autosa] 2014-12-22 13:29:53[email protected]/1 # python log_handler.py Open: http://192.168.3.146:81/install/Success: Installation successful user name and password: http://192.168.3.146:81adminadmin installation Nodejs, function real-time refresh [EMAIL&NBSP;PROTECTED]/2 # wget http://nodejs.org/dist/v0.10.34/node-v0.10.34.tar.gz[email protected]/2 # tar -zxvf node-v0.10.34.tar.gz192.168.3.146 [~/node-v0.10.34] 2014-12-22 14:12:30[email protected]/0 # cd node-v0.10.34/;. /configure --prefix=/opt/node/ && make && make Install related configuration 192.168.3.146 [/opt/node/bin] 2014-12-22 14:13:46[email protected]/0 # touch /etc/profile.d/node.sh192.168.3.146 [/opt/node/bin] 2014-12-22 14:16:16[email protected]/0 # vim /etc/profile.d/node.sh192.168.3.146 [/opt/node/bin] 2014-12-22 14:16:36[email protected]/0 # vim /etc/profile.d/node.sh192.168.3.146 [/opt/node/bin] 2014-12-22 14:16:39[email protected]/0 # source /etc/profile.d/node.sh192.168.3.146 [/opt/node/bin] 2014-12-22 14:16:47[email protected]/0 #[email protected]/0 # cat /etc/profile.d/node.shexport path= $PATH:/opt/node/ bin192.168.3.146 [/opt/node/bin] 2014-12-22 14:17:23[email protected]/0 #安装项目依赖module , or use the downloaded 192.168.3.146 [/opt/jumpserver/webroot/autosa/websocket] 2014-12-22 14:18:25[email protected]/0 # pwd/opt/jumpserver/webroot/autosa/websocket192.168.3.146 [/opt/jumpserver/ Webroot/autosa/websocket] 2014-12-22 14:18:27[email protected]/0 # ll Total Dosage 8- Rw-r--r-- 1 root root 2832 12 Month 22 07:40 index.js-rw-r--r-- 1 root root 219 12 Month 22 07:40 package.json192.168.3.146 [/opt/jumpserver /webroot/autosa/websocket] 2014-12-22 14:18:28[email protected]/0 # cat package.json{"name": "Web-sockEt "," Version ": " 0.0.1 "," description ": " My first realtime server "," dependencies ": {"Express": "~4.10.1", "Socket.io": "~1.2.0", "Node-tail": "0.0.4", "tail": "~0.4.0"}} 192.168.3.146 [/opt/jumpserver/webroot/autosa/websocket] 2014-12-22 14:18:33[email protected]/0 # npm install192.168.3.146 [/opt/jumpserver/webroot/autosa/websocket] 2014-12-22 14:19:17 Test Start Websocket[email protected]/0 # node index.jslistening on *:3000 let users log in Jumpserver automatically run the system # cd /opt/jumpserver/scripts# vim jumpserver.sh...if [ $USER == ' Guanghongwei ' ];then # modify special user, do not exit ...# cp after end jumpserver.sh /etc/profile.d/normal operation Jumpserver system # cd /opt/jumpserver/# ./runserver# Description: If you want to end the system #./stopserver Script: 192.168.3.146&NBSP;[/OPT/JUMPSERVER]&NBSP;2014-12-22&NBSP;14:23:36[EMAIL&NBSP;PROTECTED]/1 # cat runserver#!/bin/bashmAnage_file= "./webroot/autosa/manage.py" log_handler_file= "./webroot/autosa/log_handler.py" websocket_file= "./ Webroot/autosa/websocket/index.js "which node &> /dev/nullif [ $? != ' 0 ' ];thenecho ' please define the node.js binary file ' node ' in the path. " exitfinode $websocket _file &if [ -f $manage _file -a -e $manage _ file ] && [ -f $log _handler_file -a -e $log _handler_file ];then$manage_file runserver 0.0.0.0:80 &> logs/access.log & $log _handler_ file &> logs/handler.log &elseecho "manage.py or log_handler.py Isn ' t exist or executable. " fi192.168.3.146 [/opt/jumpserver] 2014-12-22 14:23:38stopserver[email protected]/1 # cat stopserver#!/bin/bashpids=$ (ps axu | grep -e ' (manage.py|log_handler|index.js) ' | grep -v ' grep ' | awk ' { &NBSP;PRINT&NBSP;$2&NBSP, for pid in $pids;d okill -15 $piddone 192.168.3.146 [/ opt/jumpserver] 2014-12-22 14:23:41[email protected]/1 #WEB具体操作:/http laoguang.blog.51cto.com/6013350/1576502=========================== Client Section ======================================= ===== Install the LDAP client and complete the client settings. yum -y install openldap openldap-clientsecho "Session required pam_ mkhomedir.so skel=/etc/skel umask=0077 " >> /etc/pam.d/system-authauthconfig -- Enableldap --enableldapauth --enablemkhomedir --ldapserver=192.168.3.65 --ldapbasedn= "dc= youyuan,dc=com " --update connection TestUser test ssh [email protected] from Jumpserver If the connection succeeds, continue with the client sudoer setting echo -e "Uri ldap://192.168.3.65\nsudoers_base ou=sudoers,dc=youyuan, Dc=com " > /etc/sudo-ldap.conf echo "Sudoers: files ldap" >> /etc/nsswitch.conf check Egrep -v "(^#|^$)" /etc/sudo-ldap.confgrep -i sudo /etc/nsswitch.conf test sudo# ssh [email protected]# sudo su successful If you do not prompt for a password. ============================== problems encountered ==================================[email protected]/0 # yum search setuptoolsThere was a problem importing one of the Python modulesrequired to run yum. the error leading to this problem was: No module named yumPlease install a Package which provides this module, orverify that the module is installed correctly. It ' S&NBSP;POSSIBLE&NBSP;THAT&NBSP;THE&NBSP;ABOVE&NBSP;MODULE&NBSP;DOESN ' t match thecurrent Version of python, which is:2.7.6 (default, dec 26 2014, 14:06:44) [GCC 4.4.7 20120313 (red hat 4.4.7-11)]if you cannot solve this problem yourself, please go to the yum faq at: http://yum.baseurl.org/ WIKI/FAQ&NBSP;&NBSP;192.168.3.65&NBSP;[~]&NBSP;2014-12-26&NBSP;14:22:21 FIX: Python is not available after upgrading Yum: cat /usr/bin/ yum#!/usr/bin/python2.6==============[email protected]/0 # vim jumpserver.conf # coding:utf-8[db]host = 127.0.0.1port = 3306user = rootpassword = redhatdb = jumpserver[jumpserver]key = 88aaaf7ffe3c6c04ldap_host = ldap:// 127.0.0.1:389ldap_base_dn = dc=yolu,dc=comadmin_cn = cn=admin,dc=yolu,dc=comadmin_pass = VNLqNCjpNBIetEoCA2h3web_socket_host = 172.10.10.9:3000===================python MANAGE.PY&NBSP;SYNCDB problem; importerror: lIbmysqlclient.so.18: cannot open shared object file: no such file or directory Solution: ln -s /usr/local/mysql/lib/libmysqlclient.so.18 /usr/lib64/ libmysqlclient.so.18 problem:django.db.utils.operationalerror: (1045, "access denied for user ' jumpserver ' @ ' 192.168.3.65 ' (using password: yes) ") Solution: mysql -uroot - p12345678 -h127.1grant all on *.* to ' jumpserver ' 192.168.% '; set password for ' jumpserver ' @ ' 192.168.% ' = password (' youyuanops '); grant all on *.* to o ' jumpserver ' @ ' localhost ';set password for ' Jumpserver ' @ ' localhost ' = password (' youyuanops '); flush privileges;
LDAP Quick Build Step Edition