Merge branch 'feature-zjy' of uskycloud/usky-dev-doc into master

技术分享/Jenkins存储目录变更及问题解决记录.md

@@ -0,0 +1,126 @@
+一、修改Jenkins存储目录，并创建软连接到原目录
+1.停止服务器上的Jenkins服务
+[root@172 ~]# systemctl stop jenkins
+2.保全期间原目录Jenkins存储目录（/var/lib/jenkins）保留，将数据复制到新存储目录（/home/jenkins）后，修改原目录Jenkins存储目录（/var/lib/jenkins）的名字
+[root@172 ~]# cp -rf /var/lib/jenkins /home/jenkins    #确认复制完成
+[root@172 ~]# mv /var/lib/jenkins /var/lib/jenkins.bak  #重命名原存储目录
+3.创建软链接
+[root@172 ~]# ln -s /home/jenkins /var/lib/jenkins
+4.启动Jenkins
+[root@172 ~]# systemctl start jenkins
+
+
+
+二、启动jenkins报错问题记录
+
+1、报错信息：Job for jenkins.service failed because the control process exited with error code. See "systemctl status jenkins.service" and "journalctl -xe" for details.
+[root@172 ~]# systemctl start jenkins
+Job for jenkins.service failed because the control process exited with error code. See "systemctl status jenkins.service" and "journalctl -xe" for details.
+[root@172 ~]# systemctl status jenkins
+● jenkins.service - Jenkins Continuous Integration Server
+Loaded: loaded (/usr/lib/systemd/system/jenkins.service; disabled; vendor preset: disabled)
+Active: failed (Result: start-limit) since Tue 2023-02-21 18:59:14 CST; 30s ago
+Process: 9388 ExecStart=/usr/bin/jenkins (code=exited, status=1/FAILURE)
+Main PID: 9388 (code=exited, status=1/FAILURE)
+Feb 21 18:59:14 localhost.localdomain systemd[1]: Failed to start Jenkins Continuous Integration Server.
+Feb 21 18:59:14 localhost.localdomain systemd[1]: Unit jenkins.service entered failed state.
+Feb 21 18:59:14 localhost.localdomain systemd[1]: jenkins.service failed.
+Feb 21 18:59:14 localhost.localdomain systemd[1]: jenkins.service holdoff time over, scheduling restart.
+Feb 21 18:59:14 localhost.localdomain systemd[1]: Stopped Jenkins Continuous Integration Server.
+Feb 21 18:59:14 localhost.localdomain systemd[1]: start request repeated too quickly for jenkins.service
+Feb 21 18:59:14 localhost.localdomain systemd[1]: Failed to start Jenkins Continuous Integration Server.
+Feb 21 18:59:14 localhost.localdomain systemd[1]: Unit jenkins.service entered failed state.
+Feb 21 18:59:14 localhost.localdomain systemd[1]: jenkins.service failed.</code>
+
+解决方法：
+排查jenkins安装所需目录是否存在
+[root@172 ~]# vim /etc/sysconfig/jenkins
+
+/var/lib/jenkins
+/var/log/jenkins
+/var/cache/jenkins
+若不存在，创建后重新执行yum install jenkins
+并重新加载服务 systemctl daemon-reload
+启动Jenkins  systemctl start jenkins
+
+原因分析
+可能出现Jenkins目录不全，或问题2权限不同问题需确认
+
+2、报错信息：Jenkins throwing error: jenkins.model.InvalidBuildsDir: ${ITEM_ROOTDIR}/builds does not exist and probably cannot be created
+
+解决方式：
+统一修改jenkins相关目录权限（上个问题查看用户为jenkins）
+[root@172 ~]# chown -R jenkins:jenkins /var/lib/jenkins
+[root@172 ~]# chown -R jenkins:jenkins /var/log/jenkins
+[root@172 ~]# chown -R jenkins:jenkins /var/cache/jenkins
+[root@172 ~]# chown -R jenkins:jenkins /home/jenkins
+
+原因分析
+使用不通用户移动Jenkins相关目录造成的用户不同问题，统一用户后正常
+
+3、报错信息：java.lang.IllegalStateException: An attempt to save the global configuration was made before it was loaded
+
+
+
+
+解决方式：
+1. 下载role-strategy.hpi（最新），下载地址：https://updates.jenkins.io/download/plugins/role-strategy/
+2. 将role-strategy.hpi复制到jenkins安装目录的plugins目录下面
+3. 重启jenkins的服务
+
+原因分析
+升级Jenkins版本后，/var/lib/jenkins/plugins/文件夹中的hpi文件异常，需下载下载hpi文件，并将其放到/var/lib/jenkins/plugins/文件夹.
+
+
+4、报错信息：
+[root@172 ~]# systemctl start jenkins
+Job for jenkins.service failed because the control process exited with error code.
+See "systemctl status jenkins.service" and "journalctl -xe" for details.
+[root@172 ~]# systemctl status jenkins
+
+
+解决方式：
+如果通过 systemctl 不能解决Jenkins重启的问题，那就用Jenkins自带的启停来解决
+[root@172 ~]#  cd /etc/init.d  # 一般在这里
+[root@172 ~]#  ./jenkins stop   #停止jenkins服务
+[root@172 ~]#  ./jenkins status   #检查jenkins状态
+[root@172 ~]#  ./jenkins start    #启动jenkins
+
+
+原因分析
+Jenkins 如果使用 Systemd 来管理服务，通常会在 /etc/systemd/system/ 目录中找到 Jenkins 的 Systemd 单元文件 jenkins.service ，但是，我并没有在 /etc/systemd/system/ 下看到 jenkins.service ，说明 Jenkins 并没有使用 Systemd 来管理服务，所以 sudo systemctl restart jenkins命令就无法执行Jenkins 安装目录中的脚本 。
+
+操作    命令
+启动 Jenkins 服务    /etc/init.d/jenkins start
+停止 Jenkins 服务    /etc/init.d/jenkins stop
+重启 Jenkins 服务    /etc/init.d/jenkins restart
+检查 Jenkins 服务的 状态    /etc/init.d/jenkins status
+强制重新加载 Jenkins 服务配置    /etc/init.d/jenkins force-reload
+
+
+
+三、修改Jenkins存储目录，指定新目录为存储目录
+1.停止服务器上的Jenkins服务
+[root@172 ~]# systemctl stop jenkins
+2.保全期间原目录Jenkins存储目录（/var/lib/jenkins）保留，将数据复制到新存储目录（/home/jenkins）
+[root@172 ~]# cp -rf /var/lib/jenkins /home/jenkins    #确认复制完成
+3.修改Jenkins配置文件中指定存储目录参数
+[root@172 ~]# vim /etc/sysconfig/jenkins
+将JENKINS_HOME="/var/lib/jenkins"修改为将JENKINS_HOME="/home/jenkins"
+
+4.修改全局环境变量配置使新存储目录生效
+[root@172 ~]# vim /etc/profile
+export JENKINS_HOME=/home/jenkins  #在末尾添加
+
+[root@172 ~]# source /etc/profile   #重新加载全局变量生效
+[root@172 ~]# systemctl start jenkins #启动jenkins，如出现问题参考二
+
+四、Jenkins迁移至新服务器
+1.在新服务器中安装jenkins并首次启动，可访问Jenkins后直接停止jenkins（不用登陆，主要为生成存储目录）
+2.备份旧服务器存储目录中config.xml文件，jobs文件夹，users文件夹和plugins文件夹。
+config.xml是存放配置信息的
+jobs是存放创建的工程项目的
+users是存放用户账信息的
+plugins是存放插件的
+3.将备份的config.xml文件，jobs文件夹，users文件夹和plugins文件夹放到新服务器Jenkins存储目录
+4.再次启动新服务器Jenkins，使用与旧服务器相同用户登录

技术分享/jumpserver堡垒机部署.md

@@ -0,0 +1,529 @@
+1、使用官方网站下载对应版本安装包
+官方网站：https://www.jumpserver.org/
+下载链接：https://cdn0-download-offline-installer.fit2cloud.com/jumpserver/jumpserver-ce-v4.0.1-x86_64.tar.gz
+或在linux服务器中直接下载
+[root@localhost home]# wget https://cdn0-download-offline-installer.fit2cloud.com/jumpserver/jumpserver-ce-v4.0.1-x86_64.tar.gz
+2、下载完成后解压缩进入目录修改配置文件
+[root@localhost home]# tar zxvf jumpserver-ce-v4.0.1-x86_64.tar.gz
+[root@localhost jumpserver-ce-v4.0.1-x86_64]# ll
+总用量 84
+-rw-r--r--. 1 root root  2029 7月  17 23:22 cn-quick_start.sh
+drwxr-xr-x. 2 root root  4096 7月  25 10:54 compose
+-rw-r--r--. 1 root root  6418 7月  25 10:53 config-example.txt
+drwxr-xr-x. 7 root root    89 7月  17 23:22 config_init
+-rwxr-xr-x. 1 root root  5949 7月  17 23:22 jmsctl.sh
+-rw-r--r--. 1 root root 35148 7月  17 23:22 LICENSE
+drwxr-xr-x. 5 root root    44 7月  17 23:22 locale
+-rw-r--r--. 1 root root  1900 7月  17 23:22 quick_start.sh
+-rw-r--r--. 1 root root  1642 7月  17 23:22 README.md
+drwxr-xr-x. 4 root root  4096 7月  17 23:23 scripts
+-rw-r--r--. 1 root root    25 7月  17 23:22 static.env
+drwxr-xr-x. 2 root root    41 7月  17 23:22 utils
+[root@localhost jumpserver-ce-v4.0.1-x86_64]# cp -rf config-example.txt config-example.txt.bak
+[root@localhost jumpserver-ce-v4.0.1-x86_64]# vim config-example.txt
+# 打开安装配置文件，一般默认即可。
+其中mysql，redis可以自己配置，使用外部已安装服务，jumpserver数据库需提前创建好
+#JumpServer configuration file example.
+#
+# If you don't understand the purpose, you can skip modifying this configuration file, the system will automatically fill in
+# Complete parameter documentation https://docs.jumpserver.org/zh/v3/guide/env/
+
+################################# Image Configuration #################################
+#
+# The connection to docker.io in China will timeout or the download speed will be slow, enable this option to use Huawei Cloud image acceleration
+# Replace the old version DOCKER_IMAGE_PREFIX
+#
+# DOCKER_IMAGE_MIRROR=1
+
+# Image pull policy Always, IfNotPresent
+# Always means that the latest image will be pulled every time, IfNotPresent means that the image will be pulled only if it does not exist locally
+#
+# IMAGE_PULL_POLICY=Always
+
+############################## Installation Configuration #############################
+#
+# JumpServer database persistence directory, by default, recordings, task logs are in this directory
+# Please modify according to the actual situation, the database file (.sql) and configuration file backed up during the upgrade will also be saved to this directory
+#
+VOLUME_DIR=/data/jumpserver
+
+# Encryption key, please ensure that SECRET_KEY is consistent with the old environment when migrating, do not use special strings
+# (*) Warning: Keep this value secret.
+# (*) Do not disclose SECRET_KEY to anyone
+#
+SECRET_KEY=
+
+# The token used by the component to register with core, please keep BOOTSTRAP_TOKEN consistent with the old environment when migrating,
+# Do not use special strings
+# (*) Warning: Keep this value secret.
+# (*) Do not disclose BOOTSTRAP_TOKEN to anyone
+#
+BOOTSTRAP_TOKEN=
+
+# Log level INFO, WARN, ERROR
+#
+LOG_LEVEL=ERROR
+
+# The network segment used by the JumpServer container, please do not conflict with the existing network, modify according to the actual situation
+#
+DOCKER_SUBNET=192.168.250.0/24
+
+# ipv6 nat, no need to enable under normal circumstances
+# If the host does not support ipv6, enabling this option will prevent the real client ip address from being obtained
+#
+USE_IPV6=0
+DOCKER_SUBNET_IPV6=fc00:1010:1111:200::/64
+
+################################# DB Configuration ####################################
+# For external databases, you need to enter the correct database information, the system will automatically handle the built-in database
+# (*) The password part must not contain single quotes and double quotes
+#
+DB_ENGINE=mysql
+DB_HOST=usky-cloud-mysql
+DB_PORT=3306
+DB_USER=root
+DB_PASSWORD=yt123456
+DB_NAME=jumpserver
+
+# If external MySQL needs to enable TLS/SSL connection, refer to https://docs.jumpserver.org/zh/v3/installation/security_setup/mysql_ssl/
+#
+# DB_USE_SSL=true
+
+################################# Redis Configuration #################################
+# For external Redis, please enter the correct Redis information, the system will automatically handle the built-in Redis
+# (*) The password part must not contain single quotes and double quotes
+#
+REDIS_HOST=usky-cloud-redis
+REDIS_PORT=6379
+REDIS_PASSWORD=123456
+
+# If you are using external Redis Sentinel, please manually fill in the following content
+#
+# REDIS_SENTINEL_HOSTS=mymaster/192.168.100.1:26379,192.168.100.1:26380,192.168.100.1:26381
+# REDIS_SENTINEL_PASSWORD=your_sentinel_password
+# REDIS_PASSWORD=your_redis_password
+# REDIS_SENTINEL_SOCKET_TIMEOUT=5
+
+# If external Redis needs to enable TLS/SSL connection, refer to https://docs.jumpserver.org/zh/v3/installation/security_setup/redis_ssl/
+#
+# REDIS_USE_SSL=true
+
+################################# Access Configuration ################################
+# The service port provided to the outside, if it conflicts with the existing service, please modify it yourself
+#
+HTTP_PORT=3000
+
+################################# HTTPS Configuration #################################
+# Refer to https://docs.jumpserver.org/zh/v3/installation/proxy/ for configuration
+#
+# HTTPS_PORT=443
+# SERVER_NAME=your_domain_name
+# SSL_CERTIFICATE=your_cert
+# SSL_CERTIFICATE_KEY=your_cert_key
+#
+
+# Nginx file upload and download size limit
+#
+CLIENT_MAX_BODY_SIZE=4096m
+
+################################# Component Configuration #############################
+# Component registration use, by default, register to the core container, the cluster environment needs to be modified to the cluster vip address
+#
+CORE_HOST=http://core:8080
+PERIOD_TASK_ENABLED=true
+
+# Core Session definition,
+# SESSION_COOKIE_AGE indicates how many seconds the session expires after idling,
+# SESSION_EXPIRE_AT_BROWSER_CLOSE=true means that the session expires as soon as the browser is closed
+#
+# SESSION_COOKIE_AGE=86400
+SESSION_EXPIRE_AT_BROWSER_CLOSE=false
+
+# Trusted DOMAINS definition,
+# Define the trusted access IP, please modify according to the actual situation, if it is a public IP, please change to the corresponding public IP,
+# DOMAINS="demo.jumpserver.org:443"
+# DOMAINS="172.17.200.191:80"
+# DOMAINS="demo.jumpserver.org:443,172.17.200.191:80"
+DOMAINS=172.16.120.34:3000
+
+# Configure the components that do not need to be started, by default all components will be started, if you do not need a certain component, you can set {component name}_ENABLED to 0 to turn it off
+# CORE_ENABLED=0
+# CELERY_ENABLED=0
+# KOKO_ENABLED=0
+# LION_ENABLED=0
+# CHEN_ENABLED=0
+# WEB_ENABLED=0
+
+# Lion enables font smoothing to optimize the experience
+#
+JUMPSERVER_ENABLE_FONT_SMOOTHING=true
+
+################################# XPack Configuration #################################
+# XPack package, invalid setting in open source version
+#
+SSH_PORT=2222
+RDP_PORT=3389
+XRDP_PORT=3390
+MAGNUS_MYSQL_PORT=33061
+MAGNUS_MARIADB_PORT=33062
+MAGNUS_REDIS_PORT=63790
+MAGNUS_POSTGRESQL_PORT=54320
+MAGNUS_SQLSERVER_PORT=14330
+MAGNUS_ORACLE_PORTS=30000-30030
+
+################################## Other Configuration ################################
+# The terminal uses the host HOSTNAME as the identifier, automatically generated during the first installation
+#
+SERVER_HOSTNAME=${HOSTNAME}
+
+# Use built-in SLB, if the client IP address obtained by the Web page is not correct, please set USE_LB to 0
+# When USE_LB is set to 1, use the configuration proxy_set_header X-Forwarded-For $remote_addr
+# When USE_LB is set to 0, use the configuration proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for
+USE_LB=1
+
+# The current running version number of JumpServer, automatically generated after installation and upgrade
+#
+TZ=Asia/Shanghai
+CURRENT_VERSION=
+
+3、进入安装目录进行安装
+[root@localhost home]# cd jumpserver-ce-v4.0.1-x86_64
+[root@localhost jumpserver-ce-v4.0.1-x86_64]# ./jmsctl.sh install
+
+[root@localhost jumpserver-ce-v4.0.1-x86_64]# vim config-example.txt
+[root@localhost jumpserver-ce-v4.0.1-x86_64]# ./jmsctl.sh install
+██╗██╗   ██╗███╗   ███╗██████╗ ███████╗███████╗██████╗ ██╗   ██╗███████╗██████╗
+██║██║   ██║████╗ ████║██╔══██╗██╔════╝██╔════╝██╔══██╗██║   ██║██╔════╝██╔══██╗
+██║██║   ██║██╔████╔██║██████╔╝███████╗█████╗  ██████╔╝██║   ██║█████╗  ██████╔╝
+
+██   ██║██║   ██║██║╚██╔╝██║██╔═══╝ ╚════██║██╔══╝  ██╔══██╗╚██╗ ██╔╝██╔══╝  ██╔══██╗
+╚█████╔╝╚██████╔╝██║ ╚═╝ ██║██║     ███████║███████╗██║  ██║ ╚████╔╝ ███████╗██║  ██║
+╚════╝  ╚═════╝ ╚═╝     ╚═╝╚═╝     ╚══════╝╚══════╝╚═╝  ╚═╝  ╚═══╝  ╚══════╝╚═╝  ╚═╝
+Version:  v4.0.1-ce
+
+检查配置文件
+配置文件位置: /opt/jumpserver/config
+/opt/jumpserver/config/config.txt      [ √ ]
+/opt/jumpserver/config/loki/promtail.yml      [ √ ]
+/opt/jumpserver/config/nginx/cert/server.crt       [ √ ]
+/opt/jumpserver/config/nginx/cert/server.key       [ √ ]
+
+
+
+安装配置 Docker
+
+
+
+安装 Docker
+完成
+配置 Docker
+完成
+启动 Docker
+完成
+
+
+
+加载 Docker 镜像
+redis:7.0-bullseye <= images/redis:7.0-bullseye.tar
+0cc1f0165626: Loading layer [==================================================>]  84.03MB/84.03MB
+788a57b17fde: Loading layer [==================================================>]  338.4kB/338.4kB
+9eff024458da: Loading layer [==================================================>]  4.229MB/4.229MB
+389269916152: Loading layer [==================================================>]  32.11MB/32.11MB
+
+
+
+3a77f685672e: Loading layer [==================================================>]  2.048kB/2.048kB
+907ed375516e: Loading layer [==================================================>]  4.096kB/4.096kB
+Loaded image: redis:7.0-bullseye
+镜像文件没有发现: images/mariadb:10.6.tar
+jumpserver/core:v4.0.1-ce <= images/core:v4.0.1-ce.tar
+a2375faae132: Loading layer [==================================================>]  84.17MB/84.17MB
+38f4cd1f2f58: Loading layer [==================================================>]  3.395MB/3.395MB
+ac57353351c9: Loading layer [==================================================>]  32.95MB/32.95MB
+c827de9bd91d: Loading layer [==================================================>]  4.608kB/4.608kB
+ad6bd1bdf5c0: Loading layer [==================================================>]  12.28MB/12.28MB
+f6436eeaf0fe: Loading layer [==================================================>]  48.18MB/48.18MB
+35e9eef5c9a5: Loading layer [==================================================>]  902.9MB/902.9MB
+57de9af9e20b: Loading layer [==================================================>]  4.697MB/4.697MB
+dcae01dd27b3: Loading layer [==================================================>]  3.072kB/3.072kB
+5f70bf18a086: Loading layer [==================================================>]  1.024kB/1.024kB
+Loaded image: jumpserver/core:v4.0.1-ce
+jumpserver/koko:v4.0.1-ce <= images/koko:v4.0.1-ce.tar
+cb455d571d50: Loading layer [==================================================>]  3.402MB/3.402MB
+cca9e9e0710a: Loading layer [==================================================>]  6.689MB/6.689MB
+ce875a1c0010: Loading layer [==================================================>]  2.048kB/2.048kB
+a211545d1dda: Loading layer [==================================================>]  54.27kB/54.27kB
+3045d6241026: Loading layer [==================================================>]  300.8MB/300.8MB
+083b731f2c42: Loading layer [==================================================>]  114.6MB/114.6MB
+4f6f0bb621b0: Loading layer [==================================================>]  88.06kB/88.06kB
+5b27d9b60fe3: Loading layer [==================================================>]  81.34MB/81.34MB
+Loaded image: jumpserver/koko:v4.0.1-ce
+jumpserver/lion:v4.0.1-ce <= images/lion:v4.0.1-ce.tar
+420179ad2efa: Loading layer [==================================================>]  84.18MB/84.18MB
+8990d195c0e6: Loading layer [==================================================>]  12.11MB/12.11MB
+779dd605f82e: Loading layer [==================================================>]  101.4MB/101.4MB
+80b7ed71976d: Loading layer [==================================================>]  5.632kB/5.632kB
+d0b80c353acd: Loading layer [==================================================>]  338.9kB/338.9kB
+a8cf91a571ad: Loading layer [==================================================>]  33.18MB/33.18MB
+adc6a1b2c0aa: Loading layer [==================================================>]  2.048kB/2.048kB
+bf80bf1dc6bb: Loading layer [==================================================>]  8.241MB/8.241MB
+7410b1f44267: Loading layer [==================================================>]  4.697MB/4.697MB
+c3013e7c9a41: Loading layer [==================================================>]  32.28MB/32.28MB
+4b6357755d93: Loading layer [==================================================>]  3.584kB/3.584kB
+7f084fbcc23c: Loading layer [==================================================>]  3.584kB/3.584kB
+97db3b36da3e: Loading layer [==================================================>]  3.584kB/3.584kB
+Loaded image: jumpserver/lion:v4.0.1-ce
+jumpserver/chen:v4.0.1-ce <= images/chen:v4.0.1-ce.tar
+0cc7ceaf7b6e: Loading layer [==================================================>]  216.3MB/216.3MB
+dadbe1118b2d: Loading layer [==================================================>]  2.048kB/2.048kB
+4b09ac621b90: Loading layer [==================================================>]  39.05MB/39.05MB
+e92cbd397f1b: Loading layer [==================================================>]  86.28MB/86.28MB
+4c5c58e0ccb5: Loading layer [==================================================>]  3.584kB/3.584kB
+6471e6461062: Loading layer [==================================================>]  20.99MB/20.99MB
+554fba6e30b5: Loading layer [==================================================>]  3.584kB/3.584kB
+Loaded image: jumpserver/chen:v4.0.1-ce
+jumpserver/web:v4.0.1-ce <= images/web:v4.0.1-ce.tar
+13c8460bfc9a: Loading layer [==================================================>]  62.52MB/62.52MB
+b9a187a24e19: Loading layer [==================================================>]  3.584kB/3.584kB
+96c08fed6a4c: Loading layer [==================================================>]  4.608kB/4.608kB
+29492f82bbc2: Loading layer [==================================================>]  3.584kB/3.584kB
+bc4a3582faa9: Loading layer [==================================================>]  7.168kB/7.168kB
+904aad46269b: Loading layer [==================================================>]   3.09MB/3.09MB
+5f70bf18a086: Loading layer [==================================================>]  1.024kB/1.024kB
+ba9fc941bde6: Loading layer [==================================================>]  4.697MB/4.697MB
+87e0723a44fa: Loading layer [==================================================>]  34.12MB/34.12MB
+4c1ed0cab85b: Loading layer [==================================================>]  6.029MB/6.029MB
+9f08f3b8b2e3: Loading layer [==================================================>]  18.03MB/18.03MB
+628b12811a17: Loading layer [==================================================>]  4.096kB/4.096kB
+93afc19c0a2e: Loading layer [==================================================>]  8.192kB/8.192kB
+7ab23e4f0c7b: Loading layer [==================================================>]  4.608kB/4.608kB
+b61eedb9806b: Loading layer [==================================================>]  4.096kB/4.096kB
+76f2472430ea: Loading layer [==================================================>]  7.168kB/7.168kB
+Loaded image: jumpserver/web:v4.0.1-ce
+完成
+
+
+
+安装配置 JumpServer
+
+
+
+配置加密密钥
+SECRETE_KEY:     1b5bb5bfda541a7dbc85671a0f29a4fed5880ca66aacc29b
+BOOTSTRAP_TOKEN: 60TYPbKGjC4FDOIBDkrQ6k29
+完成
+配置持久化目录
+是否需要自定义持久化存储, 默认将使用目录 /data/jumpserver? (y/n)  (默认为 n): y
+修改日志录像等持久化的目录，可以找个最大的磁盘，并创建目录，如 /data/jumpserver
+注意：安装后不能更改，否则数据库可能会丢失
+文件系统                 容量  已用  可用 已用% 挂载点
+/dev/mapper/centos-root   50G  3.2G   47G    7% /
+/dev/mapper/centos-home  873G   27G  846G    4% /home
+持久化存储目录 (默认为 /data/jumpserver): /home/data/jumpserver
+完成
+配置数据库
+是否使用外部 MySQL? (y/n)  (默认为 y): y
+请输入数据库的主机地址 (默认为 usky-cloud-mysql): 172.16.120.34
+请输入数据库的端口 (默认为 3306): 3306
+请输入数据库的数据库 (默认为 jumpserver): jumpserver
+请输入数据库的用户名 (默认为 root): root
+请输入数据库的密码 (默认为 yt123456): yt123456
+完成
+配置 Redis
+请输入 Redis 模式? (redis/sentinel)  (默认为 redis): redis
+是否使用外部 Redis? (y/n)  (默认为 y): y
+请输入 Redis 的主机地址 (默认为 usky-cloud-redis): 172.16.120.34
+请输入 Redis 的端口 (默认为 6379): 6379
+请输入 Redis 的密码 (默认为 123456): 123456
+完成
+配置外部访问
+是否需要配置 JumpServer 对外访问端口? (y/n)  (默认为 n): y
+JumpServer web 端口 (默认为 3000): 3000
+完成
+初始化数据库
+[+] Running 1/2
+⠙ Network jms_net     Created                                                                                                                                                   2.1s
+✔ Container jms_core  Started                                                                                                                                                   1.7s
+2024-07-25 13:25:06 Collect static files
+ALLOWED_HOSTS:
+172.16.120.34:3000
+core:8080
+127.0.0.1
+127.0.0.1:8080
+127.0.0.1:80
+localhost:8080
+localhost:80
+core:8080
+core:80
+172.16.120.34:3000
+core:8080
+127.0.0.1
+127.0.0.1:8080
+127.0.0.1:80
+localhost:8080
+localhost:80
+core:8080
+core:80
+After migration, update builtin role permissions
+Update builtin roles
+
+
+
+安装完成了
+
+
+
+可以使用如下命令启动, 然后访问
+cd /home/jumpserver-ce-v4.0.1-x86_64
+./jmsctl.sh start
+其它一些管理命令
+./jmsctl.sh stop
+./jmsctl.sh restart
+./jmsctl.sh backup
+./jmsctl.sh upgrade
+更多还有一些命令, 你可以 ./jmsctl.sh --help 来了解
+Web 访问
+http://172.16.120.34:3000
+默认用户: admin  默认密码: ChangeMe
+更多信息
+我们的官网: https://www.jumpserver.org/
+我们的文档: https://docs.jumpserver.org/
+[root@localhost jumpserver-ce-v4.0.1-x86_64]# ./jmsctl.sh start
+[+] Running 6/6
+✔ Container jms_web     Started                                                                                                                                                16.3s
+✔ Container jms_lion    Started                                                                                                                                                17.9s
+✔ Container jms_chen    Started                                                                                                                                                17.9s
+✔ Container jms_koko    Started                                                                                                                                                17.0s
+✔ Container jms_celery  Started                                                                                                                                                16.8s
+✔ Container jms_core    Started                                                                                                                                                17.4s
+[root@localhost jumpserver-ce-v4.0.1-x86_64]#
+# 执行安装，一直默认选项即可。（安装期间会加载Docker镜像，会比较慢）
+# 默认安装会使用Docker部署的内置Mariadb数据库和Redis数据库.
+# 默认安装情况下会把数据和配置文件目录存放在 /data/jumpserver
+
+# 安装后执行启动，默认为开机启动，但安装或升级后，需要手动启动。
+# 启动
+./jmsctl.sh start
+[root@localhost jumpserver-ce-v4.0.1-x86_64]# ./jmsctl.sh start
+[+] Running 6/6
+✔ Container jms_web     Started                                                                                                                                                16.3s
+✔ Container jms_lion    Started                                                                                                                                                17.9s
+✔ Container jms_chen    Started                                                                                                                                                17.9s
+✔ Container jms_koko    Started                                                                                                                                                17.0s
+✔ Container jms_celery  Started                                                                                                                                                16.8s
+✔ Container jms_core    Started                                                                                                                                                17.4s
+# 停止
+./jmsctl.sh stop
+[root@localhost jumpserver-ce-v4.0.1-x86_64]# ./jmsctl.sh stop
+[+] Running 7/7
+✔ Container jms_chen    Removed                                                                                                                                                 2.6s
+✔ Container jms_core    Removed                                                                                                                                                11.4s
+✔ Container jms_lion    Removed                                                                                                                                                 3.6s
+✔ Container jms_celery  Removed                                                                                                                                                11.4s
+✔ Container jms_web     Removed                                                                                                                                                 2.7s
+✔ Container jms_koko    Removed                                                                                                                                                 2.2s
+✔ Network jms_net       Removed                                                                                                                                                 0.3s
+
+# 卸载
+./jmsctl.sh uninstall
+[root@localhost jumpserver-ce-v4.0.1-x86_64]# ./jmsctl.sh uninstall
+
+>>> 卸载 JumpServer
+
+正在清理 /usr/bin/jmsctl
+
+[ WARNING ] 请确认已经备份好相关数据, 此操作不可逆!
+
+确认清理 JumpServer 相关文件? (y/n)  (默认为 n): y
+正在清理 /home/data/jumpserver
+正在清理 /opt/jumpserver/config
+
+是否清理 Docker 镜像? (y/n)  (默认为 n): y
+Untagged: redis:7.0-bullseye
+Deleted: sha256:9316221abf0d315ed1b167f43fc161d6be34ab5814893a269ed4fb64acc260b3
+Deleted: sha256:fa4eae068c39ba46b64e463637033cc5a7a373a9a3a096b2cca5b215be59f85a
+Deleted: sha256:96054e38f0cc6c966e7f635bd536a2d8176a9e41076379647a07454f95774b49
+Deleted: sha256:842f9d214c5cc39687be3700c225e93c2331393d0df29044bbaeafbf17412b87
+Deleted: sha256:c7b58040f7c176b5ffd61b26f376b74ef9c4d00a70afc92aa5e0b6d4fbe6bc02
+Deleted: sha256:896c2e29fe0e888a27bf21628e97c2477b3812665ad3bf050828dbf95645a3aa
+Deleted: sha256:0cc1f01656262cc1319655e8570146e4aa190c3fb8c7e81c353760c44a96c13b
+
+Error response from daemon: No such image: mariadb:10.6
+
+Untagged: jumpserver/core:v4.0.1-ce
+Deleted: sha256:962c206958ac973ce21b71d3779b3d8ad6f447f6a029b45380d90fc51e489ad9
+Deleted: sha256:b3748667abdbb993b30e151cceb16d3d028cad327017aac2ec52b4a0cebd90a7
+Deleted: sha256:f66544addc61c9c37571b0eac87033a55da103ea87b7b62e6097bfc8a4b200cd
+Deleted: sha256:d1e47675782c9d19fce8c329c349dfe2d1d770cfc0049bef34024d26135e0e0f
+Deleted: sha256:028f7588a888d5d7a710e10729a961ec811624fb64547f31270ba5f69c92b386
+Deleted: sha256:b6295735e2432521fd083dfe49321ec2d8a5a0fac9b9d15500f3947f870ba3e4
+Deleted: sha256:44fbf008248cf8b8ee927d1ea6bb2dde5855299eab387ae25b6343ae6d176c4a
+Deleted: sha256:1504ba3b05cdb261bf358937831af5c3a098e13f4c41f388e8b1827346f1b5eb
+Deleted: sha256:ed291dba698a60fedf4dee11239af0e5195ac518f16997e208c3937f51b8710b
+Deleted: sha256:51196a42e76b0d62a2f119b7801aa894a75055fdd8b050d2da83fb6c5e726743
+
+Untagged: jumpserver/koko:v4.0.1-ce
+Deleted: sha256:f4a36144e8528de4da90cf7f3869ca4b4ed3eb2f6066d46758e613382226b894
+Deleted: sha256:4b900040b7d0e3e35bf441a34664c777700c2aa523fd16d99a3b2bb6ddd65985
+Deleted: sha256:49876768d93a0be31d00cd344a7efbaf4007ff00d794853181826ac2c2daaa0d
+Deleted: sha256:f593e46de54acc74fafebf0b923242ac64a36f689b78c266a2f4c12c9d5fbd56
+Deleted: sha256:ff60160697f4afbcb2ab55f45e2d57223b6b1f0ce2b0988d42d6f279cb21dc29
+Deleted: sha256:9c59dd4c769c6a7420ceb7e5d2f9cbac6eb5bf5a369918a2c4fb9248bcdeeb65
+Deleted: sha256:92a37db889dfc610d8b30b1312ea440418eba128273b6c36cf09325d0ba42152
+Deleted: sha256:9a4a706935bff3688fc479c4c8ee81de74473ae0bf24ce320f0f07eb98de90b8
+Deleted: sha256:b39409b0fd9cc7c13700ec85a6be3a07296da7751c10c32a506dcd9451a0d54b
+
+Untagged: jumpserver/lion:v4.0.1-ce
+Deleted: sha256:8f4ae77a13118ade90cf7a68d8fc770951fdf3c59331f52ce13d242e979ceb37
+Deleted: sha256:463fdd1b9b6bc84f97190e653ddbc46f01060d382d3bc6581a63d8af72060cf5
+Deleted: sha256:f1fd4796e05ea9b12e69ac01e808c9100f0bdaa1d0b97105dc45a02d6959a3e6
+Deleted: sha256:d9ddc367c5f1a73bac3e62c773eeb753af423952ee15259e71693e52d0918052
+Deleted: sha256:de787ffcacaff2087164b8c350aab3fd564487e97020c0d5d8d62b92eb922ed6
+Deleted: sha256:49b325b8d2a11e9fd3253243f0e26ab88d22e49b8d19fc423433dff09b4882b5
+Deleted: sha256:26785ccbfd4756cd0de8feb649e5e6b98dcc85ea1990099925e6511cdf471218
+Deleted: sha256:b858c5d743f08bd75ccc8b87a133a1df3adc5a8359a909a85eca6beb5c37781f
+Deleted: sha256:12882279d05f11fe4611e88d4f49254160d0d3e163c82e59a1fd657c43de57fd
+Deleted: sha256:025a3c7b8b45743f30525d74f8afb8a538edf885aa92f44b2a82c8c15ff1d728
+Deleted: sha256:4c967e7049c30cdfaf097419290318e6509c7a05281855348483fbe5ff7569d1
+Deleted: sha256:8b6ea766c3d1b167073a778984c58b5d1b537116e6c406ab029618046ae573d4
+Deleted: sha256:766f135153a1a69ed535ec6e61bf344b52081070c24001fe4d99275c757f3874
+
+Untagged: jumpserver/chen:v4.0.1-ce
+Deleted: sha256:8bf5bd4d37156108b56b22957c848242ed3f8616fbbaf2058b7ca3cb22809d08
+Deleted: sha256:1e971dbf4cc515bc3479a87a992eae69cffd5d103da3c011184e2098a19b47aa
+Deleted: sha256:481e07db33a240d01806af309b25632f658eefa1bd9d17b028762ffd68e2cb9b
+Deleted: sha256:205dbbc21fed28028ed600ef1a0d7717cc70537ceab6f9f36b6bb13942dca10c
+Deleted: sha256:1cc1e457b7373b9a32c2de7eb2693d16fffb1e901733877c040d433dc8d3a0e1
+Deleted: sha256:abcc8fe4c1f057be6f86f37f683eae572bb9403979366f107e0410e908cb1de8
+Deleted: sha256:f707aedf68ff956518ada4967fd71a9a9b45f7d2052d33d928de50bd64f09944
+Deleted: sha256:74f3c8124e4576f99edccc126caa6661ec9c42742f4d9e96cc10467545ccf5c7
+Deleted: sha256:a2375faae1321ab431cdefbc4c1e3de02e8710ac4dff782caecbeecf391875c3
+
+Untagged: jumpserver/web:v4.0.1-ce
+Deleted: sha256:a0ef6bf1950c50decb64c3bed96590f988629a8775683996b8195cf00239759e
+Deleted: sha256:6ea8e6ad76b6e6bcfe194a4f4570944ef1c1f4d181eff3ce886787ad3995513c
+Deleted: sha256:ed47ac34ba13e0132721f9f54d1d53ebcb96517efd700ca95cf6b98235552842
+Deleted: sha256:95004db07dfe0390cd184c41a54aac2517cf4d8e207c43f16736e14af218be4a
+Deleted: sha256:6386cdaaa40c16afc9172131b3a62e785c72064fcfbeb8e3441f1f506f5329a6
+Deleted: sha256:e6d914e511b10bba073a7151cfdb0b02d5ebdc281c6c919f44f1b5f632e0c2ff
+Deleted: sha256:019ec7a7b89723da45051b82c7f346ea129e45064080c603aa92357763ac1203
+Deleted: sha256:fa2ed8236fb94d0c69c3c468bdfcd61497f323bd028e2d342f17add4a52c18bb
+Deleted: sha256:894c82ab0ca76caa18addd82a9b1eb8dfa9df90719dcbdef697daedb13d1bed5
+Deleted: sha256:3a20bada1e9901f66cc72111989fc04c698ff2c7974e588e86da3b2886413bb9
+Deleted: sha256:f657aae5d15fe70160c3e387d4993864ce45896071b95afe94428f2d3e99629d
+Deleted: sha256:a72cd84eae67bc8ad1cfbeecaeef662c461fba1212dd7681d72afc04ea73a32a
+Deleted: sha256:900bffe8e713fa3e647c47daef6beb03a216210a006be9652471fc20d34094bc
+Deleted: sha256:0f6b58ea01b8d90ff540e9910d552a8b0973ca9687e598a1acf9a92e37ab838b
+Deleted: sha256:7090f288e4c7fb5aa5213096087b10d1434967b71fc3f99c0dddd8d25a9d5956
+Deleted: sha256:58aa501015ed274238859377826a2fd4647182da4b34733ce13359e8c636abab
+Deleted: sha256:058997b8111a6c6be3b3de944bf01d2cdd4918a242eefbaf9cb4cf8271553913
+Deleted: sha256:420179ad2efafbf953a0c75f68a4c9dfaf38a98643df97d415bce49b179895f7
+
+清理完成!
+[root@localhost jumpserver-ce-v4.0.1-x86_64]#
+
+# 重启
+./jmsctl.sh restart
+
+# 帮助
+./jmsctl.sh -h

技术分享/修改Jenkins存储目录步骤与问题解决记录.md

@@ -0,0 +1,117 @@
+一、修改Jenkins存储目录，并创建软连接到原目录
+1.停止服务器上的Jenkins服务
+[root@172 ~]# systemctl stop jenkins
+2.保全期间原目录Jenkins存储目录（/var/lib/jenkins）保留，将数据复制到新存储目录（/home/jenkins）后，修改原目录Jenkins存储目录（/var/lib/jenkins）的名字
+[root@172 ~]# cp -rf /var/lib/jenkins /home/jenkins    #确认复制完成
+[root@172 ~]# mv /var/lib/jenkins /var/lib/jenkins.bak  #重命名原存储目录
+3.创建软链接
+[root@172 ~]# ln -s /home/jenkins /var/lib/jenkins
+4.启动Jenkins
+[root@172 ~]# systemctl start jenkins
+
+
+
+二、启动jenkins报错问题记录
+
+1、报错信息：Job for jenkins.service failed because the control process exited with error code. See "systemctl status jenkins.service" and "journalctl -xe" for details.
+[root@172 ~]# systemctl start jenkins
+Job for jenkins.service failed because the control process exited with error code. See "systemctl status jenkins.service" and "journalctl -xe" for details.
+[root@172 ~]# systemctl status jenkins
+● jenkins.service - Jenkins Continuous Integration Server
+Loaded: loaded (/usr/lib/systemd/system/jenkins.service; disabled; vendor preset: disabled)
+Active: failed (Result: start-limit) since Tue 2023-02-21 18:59:14 CST; 30s ago
+Process: 9388 ExecStart=/usr/bin/jenkins (code=exited, status=1/FAILURE)
+Main PID: 9388 (code=exited, status=1/FAILURE)
+Feb 21 18:59:14 localhost.localdomain systemd[1]: Failed to start Jenkins Continuous Integration Server.
+Feb 21 18:59:14 localhost.localdomain systemd[1]: Unit jenkins.service entered failed state.
+Feb 21 18:59:14 localhost.localdomain systemd[1]: jenkins.service failed.
+Feb 21 18:59:14 localhost.localdomain systemd[1]: jenkins.service holdoff time over, scheduling restart.
+Feb 21 18:59:14 localhost.localdomain systemd[1]: Stopped Jenkins Continuous Integration Server.
+Feb 21 18:59:14 localhost.localdomain systemd[1]: start request repeated too quickly for jenkins.service
+Feb 21 18:59:14 localhost.localdomain systemd[1]: Failed to start Jenkins Continuous Integration Server.
+Feb 21 18:59:14 localhost.localdomain systemd[1]: Unit jenkins.service entered failed state.
+Feb 21 18:59:14 localhost.localdomain systemd[1]: jenkins.service failed.</code>
+
+解决方法：
+排查jenkins安装所需目录是否存在
+[root@172 ~]# vim /etc/sysconfig/jenkins
+/var/lib/jenkins
+/var/log/jenkins
+/var/cache/jenkins
+若不存在，创建后重新执行yum install jenkins
+并重新加载服务 systemctl daemon-reload
+启动Jenkins  systemctl start jenkins
+
+原因分析
+可能出现Jenkins目录不全，或问题2权限不同问题需确认
+
+2、报错信息：Jenkins throwing error: jenkins.model.InvalidBuildsDir: ${ITEM_ROOTDIR}/builds does not exist and probably cannot be created
+
+解决方式：
+统一修改jenkins相关目录权限（上个问题查看用户为jenkins）
+[root@172 ~]# chown -R jenkins:jenkins /var/lib/jenkins
+[root@172 ~]# chown -R jenkins:jenkins /var/log/jenkins
+[root@172 ~]# chown -R jenkins:jenkins /var/cache/jenkins
+[root@172 ~]# chown -R jenkins:jenkins /home/jenkins
+
+原因分析
+使用不通用户移动Jenkins相关目录造成的用户不同问题，统一用户后正常
+
+3、报错信息：java.lang.IllegalStateException: An attempt to save the global configuration was made before it was loaded
+解决方式：
+1. 下载role-strategy.hpi（最新），下载地址：https://updates.jenkins.io/download/plugins/role-strategy/
+2. 将role-strategy.hpi复制到jenkins安装目录的plugins目录下面
+3. 重启jenkins的服务
+
+原因分析
+升级Jenkins版本后，/var/lib/jenkins/plugins/文件夹中的hpi文件异常，需下载下载hpi文件，并将其放到/var/lib/jenkins/plugins/文件夹.
+
+
+4、报错信息：
+[root@172 ~]# systemctl start jenkins
+Job for jenkins.service failed because the control process exited with error code.
+See "systemctl status jenkins.service" and "journalctl -xe" for details.
+[root@172 ~]# systemctl status jenkins
+解决方式：
+如果通过 systemctl 不能解决Jenkins重启的问题，那就用Jenkins自带的启停来解决
+[root@172 ~]#  cd /etc/init.d  # 一般在这里
+[root@172 ~]#  ./jenkins stop   #停止jenkins服务
+[root@172 ~]#  ./jenkins status   #检查jenkins状态
+[root@172 ~]#  ./jenkins start    #启动jenkins
+
+
+原因分析
+Jenkins 如果使用 Systemd 来管理服务，通常会在 /etc/systemd/system/ 目录中找到 Jenkins 的 Systemd 单元文件 jenkins.service ，但是，我并没有在 /etc/systemd/system/ 下看到 jenkins.service ，说明 Jenkins 并没有使用 Systemd 来管理服务，所以 sudo systemctl restart jenkins命令就无法执行Jenkins 安装目录中的脚本 。
+
+操作    命令
+启动 Jenkins 服务    /etc/init.d/jenkins start
+停止 Jenkins 服务    /etc/init.d/jenkins stop
+重启 Jenkins 服务    /etc/init.d/jenkins restart
+检查 Jenkins 服务的 状态    /etc/init.d/jenkins status
+强制重新加载 Jenkins 服务配置    /etc/init.d/jenkins force-reload
+
+
+
+三、修改Jenkins存储目录，指定新目录为存储目录
+1.停止服务器上的Jenkins服务
+[root@172 ~]# systemctl stop jenkins
+2.保全期间原目录Jenkins存储目录（/var/lib/jenkins）保留，将数据复制到新存储目录（/home/jenkins）
+[root@172 ~]# cp -rf /var/lib/jenkins /home/jenkins    #确认复制完成
+3.修改Jenkins配置文件中指定存储目录参数
+[root@172 ~]# vim /etc/sysconfig/jenkins
+将JENKINS_HOME="/var/lib/jenkins"修改为将JENKINS_HOME="/home/jenkins"
+4.修改全局环境变量配置使新存储目录生效
+[root@172 ~]# vim /etc/profile
+export JENKINS_HOME=/home/jenkins  #在末尾添加
+[root@172 ~]# source /etc/profile   #重新加载全局变量生效
+[root@172 ~]# systemctl start jenkins #启动jenkins，如出现问题参考二
+
+四、Jenkins迁移至新服务器
+1.在新服务器中安装jenkins并首次启动，可访问Jenkins后直接停止jenkins（不用登陆，主要为生成存储目录）
+2.备份旧服务器存储目录中config.xml文件，jobs文件夹，users文件夹和plugins文件夹。
+config.xml是存放配置信息的
+jobs是存放创建的工程项目的
+users是存放用户账信息的
+plugins是存放插件的
+3.将备份的config.xml文件，jobs文件夹，users文件夹和plugins文件夹放到新服务器Jenkins存储目录
+4.再次启动新服务器Jenkins，使用与旧服务器相同用户登录

技术分享/多租户使用文档.md

@@ -33,4 +33,6 @@ spring:
 
 
 
+
+
 ​