top of page
Writer's pictureSergey Poptsov
Feb 153 min read

HA cluster for JumpServer Community and Enterprise Edition

Updated: Oct 14

It's very interesting that the Community Edition fully supports HA clustering without any limits. In this article, I will show you how it works.


In the official documentation, you can see the requirements for a cluster - 8 dedicated servers, but these are not minimal requirements.

What do we need to build a JumpServer HA cluster with 2 nodes?

  • Server with NFS, MySQL, Redis (4 CPU, 8GB RAM)

  • JumpServer Node1 (4 CPU, 8GB RAM)

  • JumpServer Node2 (4 CPU, 8GB RAM)

  • HAproxy server (or another Load Balancer)

If you require more stability and performance, you can:

  • Use a MySQL Cluster instead of a single instance.

  • Use a Redis Cluster instead of a single instance.

  • Use MinIO or S3 storage for storing a large amount of videos.

  • Use Elasticsearch for storing commands for a large number of session commands.

...but most customers don't need it.


1. Preparing server with NFS,MySQL and Redis


Server is Ubuntu 22.04, IP: 10.10.50.10


Install and configure NFS


Notice: Commands will be different on another Linux OS but all we need is to create shared folder.

$ sudo apt install nfs-kernel-server
$ sudo mkdir -p /data
$ sudo chown -R nobody:nogroup /data/
$ sudo chmod 777 /data/
$ sudo nano /etc/exports

To exports file we need to add line: 

/data 10.10.50.10/24(rw,sync,no_subtree_check)

Apply settings and restart NFS service:

$ sudo exportfs -a
$ sudo systemctl restart nfs-kernel-server

Install and configure MySQL


You can find instruction how to install MySQL on your server, it depends on OS version.


Here, you can see how to create the database "jumpserver" and create the user "jumpserver" with the password "KXOeyNgDeTdpeu9q". Please make sure to use a different password for your installation.

mysql -uroot
mysql> create database jumpserver default charset 'utf8'; Query OK, 1 row affected (0.00 sec) mysql> set global validate_password_policy=LOW; Query OK, 0 rows affected (0.00 sec) mysql> create user 'jumpserver'@'%' identified by 'KXOeyNgDeTdpeu9q'; Query OK, 0 rows affected (0.00 sec) mysql> grant all on jumpserver.* to 'jumpserver'@'%'; Query OK, 0 rows affected, 1 warning (0.00 sec) 
mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) mysql> exit Bye

Don't forget to configure your firewall to allow access to MySQL on port 3306.


Install and configure Redis


You can find instruction how to install Redis on your server, it depends on OS version.

After installing Redis, run these commands:

sed -i "s/bind 127.0.0.1/bind 0.0.0.0/g" /etc/redis.conf
sed -i "561i maxmemory-policy allkeys-lru" /etc/redis.conf
sed -i "481i requirepass KXOeyNgDeTdpeu9q" /etc/redis.conf

This will allow to access Redis with password "KXOeyNgDeTdpeu9q". Please make sure to use a different password for your installation


Don't forget to configure your firewall to allow access to Redis on port 6379.


2. Install JumpServer

JumpServer Node1 is Ubuntu 22.04, IP: 10.10.50.11


Mount NFS directory


Install NFS client, mount NFS folder and enable auto-mount on startup:

$ sudo apt install nfs-common
mkdir /opt/jumpserver/core/data
mount -t nfs 10.10.50.10:/data /opt/jumpserver/core/data
echo "10.10.50.10:/data /opt/jumpserver/core/data nfs defaults 0 0" >> /etc/fstab

Edit JumpServer configuration

Edit file config-example.txt in installer folder

# 修改下面选项, 其他保持默认, 请勿直接复制此处内容
### 注意: SECRET_KEY 和要其他 JumpServer 服务器一致, 加密的数据将无法解密

VOLUME_DIR=/opt/jumpserver

SECRET_KEY=    
BOOTSTRAP_TOKEN=                                
LOG_LEVEL=ERROR                                                 
SESSION_EXPIRE_AT_BROWSER_CLOSE=True                            

# MySQL 

DB_HOST=10.10.50.10
DB_PORT=3306
DB_USER=jumpserver
DB_PASSWORD=KXOeyNgDeTdpeu9q
DB_NAME=jumpserver

# Redis 

REDIS_HOST=10.10.50.10
REDIS_PORT=6379
REDIS_PASSWORD=KXOeyNgDeTdpeu9q

# KoKo Lion 
SHARE_ROOM_TYPE=redis                                            
REUSE_CONNECTION=False

And then run installation, if everything is fine, after installation you will get values for

SECRET_KEY=kWQdmdCQKjaWlHYpPhkNQDkfaRulM6YnHctsHLlSPs8287o2kW    
BOOTSTRAP_TOKEN=KXOeyNgDeTdpeu9q

For other JumpServer Nodes you need to use THE SAME SECRET_KEY and BOOTSTRAP_KEY values and set them in:

# 修改下面选项, 其他保持默认, 请勿直接复制此处内容
### 注意: SECRET_KEY 和要其他 JumpServer 服务器一致, 加密的数据将无法解密

VOLUME_DIR=/opt/jumpserver

SECRET_KEY=kWQdmdCQKjaWlHYpPhkNQDkfaRulM6YnHctsHLlSPs8287o2kW    
BOOTSTRAP_TOKEN=KXOeyNgDeTdpeu9q                                
LOG_LEVEL=ERROR                                                 
SESSION_EXPIRE_AT_BROWSER_CLOSE=True                            

# MySQL 

DB_HOST=10.10.50.10
DB_PORT=3306
DB_USER=jumpserver
DB_PASSWORD=KXOeyNgDeTdpeu9q
DB_NAME=jumpserver

# Redis 

REDIS_HOST=10.10.50.10
REDIS_PORT=6379
REDIS_PASSWORD=KXOeyNgDeTdpeu9q

# KoKo Lion 
SHARE_ROOM_TYPE=redis                                            
REUSE_CONNECTION=False

After this you will get 2 JumpServer nodes, which use the same MySQL\Redis and NFS storage. You already can use any of nodes for accessing target devices or configure HAProxy, which automatically redirects users to one of alive node.

127 views0 comments

Recent Posts

See All

Comments

bottom of page