1 概述本文主要介绍 JumpServer 组件相关的常见问题处理。
2 Core 启动异常2.1 问题描述在启动 JumpServer 服务时候,Core 组件启动异常,导致其他组件启动失败(例如:KoKo、Lion 等组件)
# 启动 JumpServer 服务./jmsctl.sh start# 输出如下:Creating network "jms_net" with driver "bridge"Creating jms_mysql ... doneCreating jms_redis ... doneCreating jms_core ... doneERROR: for celery Container "76b2e315f69d" is unhealthy.ERROR: for lion Container "76b2e315f69d" is unhealthy.ERROR: for koko Container "76b2e315f69d" is unhealthy.ERROR: for web Container "76b2e315f69d" is unhealthy.ERROR: Encountered errors while bringing up the project.2.2 操作步骤如果出现上面组件报错 unhealthy 的错误,执行下面的命令,直到出现 Check service status 为止。
docker logs -f jms_core --tail 200# 如果没有报错就等表结构合并完毕后,然后重新执行 start 即可2.2.1 初始化超时# 日志信息2023-03-16 18:15:08 [db_port INFO] Check oracle ports2023-03-16 18:15:08 Collect static files2023-03-16 18:15:08 Collect static files done2023-03-16 18:15:08 Check database structure change ...2023-03-16 18:15:08 Migrate model change to database ...Operations to perform: Apply all migrations: accounts, acls, admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, notifications, ops, orgs, perms, rbac, sessions, settings, terminal, tickets, users, xpackRunning migrations: Applying contenttypes.0001_initial... OK Applying contenttypes.0002_remove_content_type_name... OK Applying auth.0001_initial... OK Applying auth.0002_alter_permission_name_max_length... OK Applying auth.0003_alter_user_email_max_length... OK Applying auth.0004_alter_user_username_opts... OK Applying auth.0005_alter_user_last_login_null... OK ··· 省略 Applying terminal.0021_auto_20200213_1316... OK Applying terminal.0022_session_is_success... OK Applying terminal.0023_command_risk_level... OK Applying terminal.0024_auto_20200715_1713... OK Applying terminal.0025_auto_20200810_1735... OK Applying terminal.0026_auto_20201027_1905... OK Applying terminal.0027_auto_20201102_1651... OK # 确定这上面都是显示 ok,不能有 error2023-03-16 18:18:26 [signal_handlers INFO] Create SystemMsgSubscription: package=ops type=ServerPerformanceMessage2023-03-16 18:18:26 Create SystemMsgSubscription: package=ops type=ServerPerformanceMessage2023-03-16 18:18:27 [signal_handlers INFO] Create SystemMsgSubscription: package=terminal type=CommandAlertMessage OKAfter migration, update builtin role permissions - Update builtin rolescomplete# 确定上面都是 ok 的没有报错, 提示 Check service status 后就可以重新启动其他组件./jmsctl.sh start2.2.2 启动超时# 日志信息2023-03-16 18:20:16 [db_port INFO] Check oracle ports2023-03-16 18:20:16 Check database connection: 0System check identified no issues (0 silenced).2023-03-16 18:20:18 Database connect success2023-03-16 18:20:18 Collect static files2023-03-16 18:20:19 Collect static files done2023-03-16 18:20:19 Check database structure change ...2023-03-16 18:20:19 Migrate model change to database ...Operations to perform: Apply all migrations: accounts, acls, admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, notifications, ops, orgs, perms, rbac, sessions, settings, terminal, tickets, users, xpackRunning migrations: No migrations to apply.After migration, update builtin role permissions - Update builtin roles2023-03-16 18:20:22 Install builtin applets2023-03-16 18:20:22 Thu Mar 16 18:20:22 20232023-03-16 18:20:22 JumpServer version v3.0.3, more see https://www.jumpserver.org- Start Flower as Task Monitor- Start Gunicorn WSGI HTTP Server- Start heartbeat thread => ([Core]-ab-jms1-174)2023-03-16 18:20:23 Check service status: flower -> running at 262023-03-16 18:20:24 Check service status: gunicorn -> running at 272023-03-16 18:20:55 Check service status: flower -> running at 26# 确定上面都是 ok 的没有报错, 提示 Check service status 后就可以重新启动其他组件./jmsctl.sh start3 Web 页面异常3.1 问题描述在用户访问 JumpServer 页面时,报错 "Server error occur, contact administrator"
3.2 问题处理# 查看是否有报错,如果没有或者不完整请进入容器查看日志docker logs -f jms_core --tail 200docker exec -it jms_core /bin/bashtail -f logs/jumpserver.log# 根据实际报错处理4 Web 登陆失败4.1忘记密码,密码过期如果忘记密码或者密码过期,可以点击找回密码通过邮件找回,如果无法通过邮件找回,可以通过控制台重置,操作步骤如下:
docker exec -it jms_core /bin/bashcd /opt/jumpserver/appspython manage.py shellfrom users.models import Useru = User.objects.get(username='admin')u.reset_password('password')u.save()# admin 为你要修改的账户名称,password 为你要修改的密码4.2登录频繁账号被锁定可以找管理员重置,管理员可以在对应用户的个人页面重置账号,或者通过控制台重置,操作步骤如下:
docker exec -it jms_core /bin/bashcd /opt/jumpserver/appspython manage.py shellfrom django.core.cache import cachecache.delete_pattern('_LOGIN_BLOCK_*')cache.delete_pattern('_LOGIN_LIMIT_*')或者也可以新建一个超级管理员来对其他用户进行设置,操作步骤如下:
docker exec -it jms_core /bin/bashcd /opt/jumpserver/appspython manage.py createsuperuser --username=user --email=user@domain.com4.3 管理员忘记 MFA如果是管理员忘记了 MFA,可以通过控制台重置,操作步骤如下:
docker exec -it jms_core /bin/bashcd /opt/jumpserver/appspython manage.py shellfrom users.models import Useru = User.objects.get(username='admin')u.mfa_level='0'u.otp_secret_key=''u.save()4.4 设置了 LDAP 后无法登录如果是设置了 LDAP 后无法登录,请登录数据库禁用 ldap 登录,然后重新设置 LDAP,操作步骤如下:
mysql -uroot -puse jumpserver;update settings_setting set value='false' where name='AUTH_LDAP';update settings_setting set enabled='0' where name='AUTH_LDAP';redis-cli -a $REDIS_PASSWORDselect 4keys *LDAP*del :1:_SETTING_AUTH_LDAP如果是设置 其他身份认证 后无法登录,可以使用本地用户登录 Web 后在设置里面重新配置。
5 关于特权用户5.1资产测试可连接性、更新硬件信息 报 Permission denied 或者 Authentication failure一般都是特权用户账户密码不正确。
5.2资产测试可连接性、更新硬件信息 报 /usr/bin/python: not found一般出现在 Ubuntu 资产上,资产 Python 未安装或者 Python 异常。
5.3 提示 timeout# 手动 ssh 登录提示 timeout 的那台服务器vi /etc/ssh/sshd_config# 修改 UseDNS 参数为 noUseDNS no# 重启 JumpServer 服务器的 docker 和 koko 组件服务systemctl restart dockerdocker restart jms_koko5.4Connect Websocket server error一般情况下是 Nginx 未配置 Websocket 导致,根据反向代理 - JumpServer 文档进行修改后重启 Nginx 即可。