1 概述
本文主要介绍 JumpServer 组件相关的常见问题处理。
2 Core 启动异常
2.1 问题描述
在启动 JumpServer 服务时候,Core 组件启动异常,导致其他组件启动失败(例如:KoKo、Lion 等组件)
# 启动 JumpServer 服务
./jmsctl.sh start
# 输出如下:
Creating network "jms_net" with driver "bridge"
Creating jms_mysql ... done
Creating jms_redis ... done
Creating jms_core ... done
ERROR: for celery Container "76b2e315f69d" is unhealthy.
ERROR: for lion Container "76b2e315f69d" is unhealthy.
ERROR: for koko Container "76b2e315f69d" is unhealthy.
ERROR: for web Container "76b2e315f69d" is unhealthy.
ERROR: Encountered errors while bringing up the project.
2.2 操作步骤
如果出现上面组件报错 unhealthy 的错误,执行下面的命令,直到出现 Check service status 为止。
docker logs -f jms_core --tail 200
# 如果没有报错就等表结构合并完毕后,然后重新执行 start 即可
2.2.1 初始化超时
# 日志信息
2023-03-16 18:15:08 [db_port INFO] Check oracle ports
2023-03-16 18:15:08 Collect static files
2023-03-16 18:15:08 Collect static files done
2023-03-16 18:15:08 Check database structure change ...
2023-03-16 18:15:08 Migrate model change to database ...
Operations to perform:
Apply all migrations: accounts, acls, admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, notifications, ops, orgs, perms, rbac, sessions, settings, terminal, tickets, users, xpack
Running migrations:
Applying contenttypes.0001_initial... OK
Applying contenttypes.0002_remove_content_type_name... OK
Applying auth.0001_initial... OK
Applying auth.0002_alter_permission_name_max_length... OK
Applying auth.0003_alter_user_email_max_length... OK
Applying auth.0004_alter_user_username_opts... OK
Applying auth.0005_alter_user_last_login_null... OK
··· 省略
Applying terminal.0021_auto_20200213_1316... OK
Applying terminal.0022_session_is_success... OK
Applying terminal.0023_command_risk_level... OK
Applying terminal.0024_auto_20200715_1713... OK
Applying terminal.0025_auto_20200810_1735... OK
Applying terminal.0026_auto_20201027_1905... OK
Applying terminal.0027_auto_20201102_1651... OK
# 确定这上面都是显示 ok,不能有 error
2023-03-16 18:18:26 [signal_handlers INFO] Create SystemMsgSubscription: package=ops type=ServerPerformanceMessage
2023-03-16 18:18:26 Create SystemMsgSubscription: package=ops type=ServerPerformanceMessage
2023-03-16 18:18:27 [signal_handlers INFO] Create SystemMsgSubscription: package=terminal type=CommandAlertMessage
OK
After migration, update builtin role permissions
- Update builtin roles
complete
# 确定上面都是 ok 的没有报错, 提示 Check service status 后就可以重新启动其他组件
./jmsctl.sh start
2.2.2 启动超时
# 日志信息
2023-03-16 18:20:16 [db_port INFO] Check oracle ports
2023-03-16 18:20:16 Check database connection: 0
System check identified no issues (0 silenced).
2023-03-16 18:20:18 Database connect success
2023-03-16 18:20:18 Collect static files
2023-03-16 18:20:19 Collect static files done
2023-03-16 18:20:19 Check database structure change ...
2023-03-16 18:20:19 Migrate model change to database ...
Operations to perform:
Apply all migrations: accounts, acls, admin, applications, assets, audits, auth, authentication, captcha, common, contenttypes, django_cas_ng, django_celery_beat, jms_oidc_rp, notifications, ops, orgs, perms, rbac, sessions, settings, terminal, tickets, users, xpack
Running migrations:
No migrations to apply.
After migration, update builtin role permissions
- Update builtin roles
2023-03-16 18:20:22 Install builtin applets
2023-03-16 18:20:22 Thu Mar 16 18:20:22 2023
2023-03-16 18:20:22 JumpServer version v3.0.3, more see https://www.jumpserver.org
- Start Flower as Task Monitor
- Start Gunicorn WSGI HTTP Server
- Start heartbeat thread => ([Core]-ab-jms1-174)
2023-03-16 18:20:23 Check service status: flower -> running at 26
2023-03-16 18:20:24 Check service status: gunicorn -> running at 27
2023-03-16 18:20:55 Check service status: flower -> running at 26
# 确定上面都是 ok 的没有报错, 提示 Check service status 后就可以重新启动其他组件
./jmsctl.sh start
3 Web 页面异常
3.1 问题描述
在用户访问 JumpServer 页面时,报错 "Server error occur, contact administrator"
3.2 问题处理
# 查看是否有报错,如果没有或者不完整请进入容器查看日志
docker logs -f jms_core --tail 200
docker exec -it jms_core /bin/bash
tail -f logs/jumpserver.log
# 根据实际报错处理
4 Web 登陆失败
4.1 忘记密码,密码过期
如果忘记密码或者密码过期,可以点击找回密码通过邮件找回,如果无法通过邮件找回,可以通过控制台重置,操作步骤如下:
docker exec -it jms_core /bin/bash
cd /opt/jumpserver/apps
python manage.py shell
from users.models import User
u = User.objects.get(username='admin')
u.reset_password('password')
u.save()
# admin 为你要修改的账户名称,password 为你要修改的密码
4.2 登录频繁账号被锁定
可以找管理员重置,管理员可以在对应用户的个人页面重置账号,或者通过控制台重置,操作步骤如下:
docker exec -it jms_core /bin/bash
cd /opt/jumpserver/apps
python manage.py shell
from django.core.cache import cache
cache.delete_pattern('_LOGIN_BLOCK_*')
cache.delete_pattern('_LOGIN_LIMIT_*')
或者也可以新建一个超级管理员来对其他用户进行设置,操作步骤如下:
docker exec -it jms_core /bin/bash
cd /opt/jumpserver/apps
python manage.py createsuperuser --username=user --email=user@domain.com
4.3 管理员忘记 MFA
如果是管理员忘记了 MFA,可以通过控制台重置,操作步骤如下:
docker exec -it jms_core /bin/bash
cd /opt/jumpserver/apps
python manage.py shell
from users.models import User
u = User.objects.get(username='admin')
u.mfa_level='0'
u.otp_secret_key=''
u.save()
4.4 设置了 LDAP 后无法登录
如果是设置了 LDAP 后无法登录,请登录数据库禁用 ldap 登录,然后重新设置 LDAP,操作步骤如下:
mysql -uroot -p
use jumpserver;
update settings_setting set value='false' where name='AUTH_LDAP';
update settings_setting set enabled='0' where name='AUTH_LDAP';
redis-cli -a $REDIS_PASSWORD
select 4
keys *LDAP*
del :1:_SETTING_AUTH_LDAP
如果是设置 其他身份认证 后无法登录,可以使用本地用户登录 Web 后在设置里面重新配置。
5 关于特权用户
5.1 资产测试可连接性、更新硬件信息 报 Permission denied 或者 Authentication failure
一般都是特权用户账户密码不正确。
5.2 资产测试可连接性、更新硬件信息 报 /usr/bin/python: not found
一般出现在 Ubuntu 资产上,资产 Python 未安装或者 Python 异常。
5.3 提示 timeout
# 手动 ssh 登录提示 timeout 的那台服务器
vi /etc/ssh/sshd_config
# 修改 UseDNS 参数为 no
UseDNS no
# 重启 JumpServer 服务器的 docker 和 koko 组件服务
systemctl restart docker
docker restart jms_koko
5.4 Connect Websocket server error
一般情况下是 Nginx 未配置 Websocket 导致,根据反向代理 - JumpServer 文档进行修改后重启 Nginx 即可。