Tacport堡垒机安装
操作系统:RockyLinux 9.4
堡垒机:tacport-server-4.0.6-preview.tar.gz
数据库:mysql-5.7.44-1.el9.x86_64.rpm
一、安装数据库:
rpm -ivh mysql-5.7.44-1.el9.x86_64.rpm
source /etc/profile.d/mysql.sh
# 数据库初始密码为空
### 直接回车
mysql -uroot -p二、创建Tacport数据库
# 配置数据库root密码
mysql> grant all on *.* to 'root'@'localhost' identified by 'root@123';
Query OK, 0 rows affected, 2 warnings (0.00 sec)
# 创建tacport数据库
mysql> create database tacport character set utf8 collate utf8_general_ci;
Query OK, 1 row affected (0.00 sec)
# 创建用户和密码并授权
mysql> grant all on tacport.* to 'tacport'@'127.0.0.1' identified by 'tacport';
Query OK, 0 rows affected, 1 warning (0.00 sec)
# 刷新授权
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> select user,host from mysql.user;
+---------------+-----------+
| user | host |
+---------------+-----------+
| tacport | 127.0.0.1 |
| mysql.session | localhost |
| mysql.sys | localhost |
| root | localhost |
+---------------+-----------+
4 rows in set (0.00 sec)三、安装redis
dnf install -y redis四、安装 Tacport
tar zxf tacport-server-4.0.6-preview.tar.gz
cd tacport-server-4.0.6-preview
# 执行install.sh
bash install.sh五、配置文件编辑
[root@rocky etc]# cat config.yaml
#
# TacPort Configuration / TacPort 配置文件
#
# =======================================================================
# Important!!! Please change all value marked as "PLEASE-CHANGE-THIS"
# 非常重要!!请修改所有标记为“PLEASE-CHANGE-THIS”的配置项!
# =======================================================================
# node_id:
# an integer greater than 0, when deploying multiple nodes, ensure that the node_id are not duplicated, default to 1.
# 一个大于0的整数,表明节点ID。部署多个节点是要确保各节点ID不重复。默认为 1。
#
#node_id: 1
# node_addr:
# address (IP or Domain) which user can access outside.
# 此节点的外部访问地址(IP或域名)
#
node_addr: "192.168.10.4"
# =======================================================================
# global settings / 全局设置
# =======================================================================
# mode: [test|release]
# running mode, default to release.
# 运行模式,默认为 release。
#
#mode: "release"
# log_level: [debug|verbose|info|warn|error]
# log level, default to info.
# 日志等级,默认为 info。
#
#log_level: "info"
# log_to_file: [yes|no]
# save log into log-file or not, default to yes.
# 是否要将日志输出到日志文件,默认为 yes。
#
#log_to_file: yes
# data_path:
# path to save data, default to "{%EXEC_PATH%}/data".
# 数据存储路径,默认为"{%EXEC_PATH%}/data",其中 {%EXEC_PATH%} 为服务主程序所在路径
#
#data_path: "{%EXEC_PATH%}/data"
# log_path:
# default to "{%DATA_PATH%}/log"
# 日志文件存储路径,默认为"{%DATA_PATH%}/log",其中,{%DATA_PATH%} 为数据存储路径
#
#log_path: "{%DATA_PATH%}/log"
# record_path:
# default to "{%DATA_PATH%}/record"
# 录像文件存储路径,默认为"{%DATA_PATH%}/record"
#
#record_path: "{%DATA_PATH%}/record"
# default_language: [zh-Hans|zh-Hant|en-US]
# use default language while no language specified, default to zh-Hans.
# 默认语言,当未能根据环境检测到语言时,将使用此默认语言。默认为 zh-Hans。
# zh-Hans 简体中文
# zh-Hant 繁体中文--尚不支持
# en-US English
#
default_language: "zh-Hans"
#------------------------------------------------------
# database configuration / 数据库配置
# MySQL/MariaDB/TiDB/...
#------------------------------------------------------
# db_addr:
# address of database, default to "127.0.0.1:3306" .
# 数据库地址,默认为 "127.0.0.1:3306"。
db_addr: "127.0.0.1:3306"
# db_user: database user / 数据库用户名
#
db_user: "tacport"
# db_name: database name / 数据库的库名
#
db_name: "tacport"
# db_pass: password of database / 数据库密码
#
db_pass: "tacport"
# secret_key:
# key of encryption for secret data when save to database, no default value.
# notice: you should write this secret_key down at a safe place.
# if you lose this secret_key, your TacPort service can not use/migration/recover anymore.
# 私密数据加密存放到数据库时所用的密钥,无默认值。
# 注意:您应当将此密钥记下来,并存放到一处安全所在。
# 如果您丢失了此密钥,您的 TacPort 服务将无法使用/迁移/恢复。
#
secret_key: "root@123"
# log_sql: [yes|no]
# log every SQL statement or not, default to no.
# be careful, turn this to yes could save private information into console or log file, use at your own risk.
# on "release" mode, log_sql is disabled and always be "no".
# 是否记录每一条SQL语句到日志中,默认为 no。
# 小心,SQL中可能包含私密信息,设置此配置项为 yes 可能会将私密信息输出到控制台或写入日志文件,请斟酌其中的风险.
# 出于风险考虑,在"release"模式下,"log_sql"总是会被禁用。
#
#log_sql: no
#------------------------------------------------------
# redis configuration / redis 配置
#------------------------------------------------------
# redis_mode: [standalone|sentinel|cluster]
# deployment mode of redis, default to standalone.
# redis的部署模式,默认为 standalone。
#
redis_mode: standalone
# redis_master:
# master name of redis instance group, for redis-sentinel mode only.
# redis实例组的主节点名称,仅用于redis哨兵模式。
#redis_master: ""
# redis_addr:
# address of redis, should be one address, or multiple address split by commas. default to "127.0.0.1:6379"
# redis地址,可以为单独地址,或者多个用逗号分割的redis地址。默认为 "127.0.0.1:6379"
# e.g. / 示例
# standalone/单机模式: "127.0.0.1:6379"
# sentinel/cluster/哨兵模式/集群模式: "192.168.0.2:6379, 192.168.0.3:6379, 192.168.0.4:6379"
#
redis_addr: "127.0.0.1:6379"
# redis_pass: redis password / redis访问密码
#
#redis_pass: ""
# redis_index:
# redis database index(0~15), ignored in redis-cluster mode, default to 0.
# redis数据库编号(0~15),在集群模式下此配置项被忽略。默认为0.
#
#redis_index: 0
# ==================================================
# node services settings / 节点业务服务设置
# ==================================================
# service: (api,ssh,rdp,vnc,telnet,...)
# services available on this node, one or more of `api/ssh/rdp/vnc/telnet/...`, default to ["api"].
# 此节点承载的服务,可以为 `api/ssh/rdp/vnc/telnet/...` 之中的一个或多个,默认为 ["api"] 。
#
# api: API service(including WEB-UI front-end) / API服务(含前端WEB-UI)
# ssh: SSH/SFTP Proxy / SSH/SFTP转发服务
# rdp: Remote Desktop Protocol Proxy(under development) / 远程桌面RDP协议的转发服务(开发中)
# vnc: Virtual Network Console Proxy(under development) / 虚拟远程控制台VNC协议的转发服务(开发中)
# telnet: Telnet Proxy(under development) / Telnet远程协议转发服务(开发中)
#
service: [ "api" ]
# --------------------------------------------------
# API services settings / API服务配置
# --------------------------------------------------
# api_instance: [1~16]
# how many process to serve api, default to 1.
# 运行api服务的实例数量,默认为 1。
#
api_instance: 1
# api_listen_port:
# user visit such port to access API service, default to 52100.
# 监听端口,用户通过此端口访问api服务,默认为 52100。
#
api_listen_port: 52100
# api_mapping_port:
# used for containerized deployment, specifies the host port mapped to this api service port. default to 0 if the
# host port is the same as the service listening port.
# 映射端口,用于容器化部署时,指明映射到此api服务端口的宿主机端口。默认为0,表示宿主机端口与服务监听端口一致。
#
#api_mapping_port: 0
# api_log_level:
# log level, should be one of inherit/debug/verbose/info/warn/error, default to inherit.
# inherit means use global log_level setting.
# 日志等级,可以为 inherit/debug/verbose/info/warn/error 之一,默认为 inherit。
# inherit 表示继承全局设置中的日志等级。
#
api_log_level: inherit
# api_log_http: [yes|no]
# log every HTTP request or not, default to no.
# 是否记录每一个HTTP请求,默认为 no。
#
api_log_http: no
# api_use_builtin_web: [yes|no]
# provide web-ui front-end by this API service or not, default to yes.
# 是否使用内建的前端WEB-UI服务,默认为 yes。
#
api_use_builtin_web: yes
# api_web_path:
# only available when api_use_builtin_web set, specify the path to the front-end files, default to "{%EXEC_PATH%}/web".
# 仅当设置了 api_use_builtin_web 时有效,指定前端文件的路径,默认为 "{%EXEC_PATH%}/web"。
#
api_web_path: "{%EXEC_PATH%}/web"
# --------------------------------------------------
# SSH proxy settings / SSH协议转发服务配置
# --------------------------------------------------
# ssh_instance: [1~16]
# how many process to serve ssh proxy, default to 1.
# 运行SSH协议转发服务的实例数量,默认为 1。
#
#ssh_instance: 1
# ssh_listen_port:
# user visit such port to access ssh proxy service, default to 52101.
# 监听端口,用户通过此端口访问ssh协议转发服务,默认为 52101。
#
#ssh_listen_port: 52101
# ssh_mapping_port:
# used for containerized deployment, specifies the host port mapped to this ssh proxy service port. default to 0 if the
# host port is the same as the service listening port.
# 映射端口,用于容器化部署时,指明映射到此ssh协议转发服务端口的宿主机端口。默认为0,表示宿主机端口与服务监听端口一致。
#
#ssh_mapping_port: 0
#
#
#ssh_log_level: inherit六、访问web界面
http://ip:52100/
评论 (0)