步骤版：==================================服务器的设置=======================================yum install -y openldap openldap-servers openldap-clients openldap-develcp /usr/share/openldap-servers/slapd.conf.obsolete /etc/openldap/slapd.conf && cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG      sed -ri 's/(suffix.*)"dc=my-domain,dc=com"/\1"dc=youyuan,dc=com"/g' /etc/openldap/slapd.conf && sed -ri 's/(rootdn.*)"cn=Manager,dc=my-domain,dc=com"/\1"cn=admin,dc=youyuan,dc=com"/g' /etc/openldap/slapd.conf && sed -ri 's/# (rootpw.*)secret/\112345678/g' /etc/openldap/slapd.confsed -i '/local7.*/a\#by openldap\nlocal4.*          /var/log/ldap.log' /etc/rsyslog.conf && service rsyslog restartservice slapd start && rm -rf /etc/openldap/slapd.d/* && slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d && chown -R ldap:ldap /etc/openldap/slapd.d/* && service slapd restartyum -y install migrationtools && sed -i 's/padl/youyuan/g' /usr/share/migrationtools/migrate_common.ph/usr/share/migrationtools/migrate_base.pl >/tmp/base.ldif ;; /usr/share/migrationtools/migrate_passwd.pl /etc/passwd >/tmp/passwd.ldif ;; /usr/share/migrationtools/migrate_group.pl /etc/group >/tmp/group.ldifldapadd -x -D "cn=admin,dc=youyuan,dc=com" -w 12345678 -f /tmp/base.ldifldapadd -x -D "cn=admin,dc=youyuan,dc=com" -w 12345678 -f /tmp/passwd.ldifldapadd -x -D "cn=admin,dc=youyuan,dc=com" -w 12345678 -f /tmp/group.ldifservice slapd restart=====================start设置sudoer==============cp /usr/share/doc/sudo-1.8.6p3/schema.OpenLDAP /etc/openldap/schema/sudo.schema && echo "include/etc/openldap/schema/sudo.schema" >> /etc/openldap/slapd.confrm -rf /etc/openldap/slapd.d/* ;  slaptest -f /etc/openldap/slapd.conf -F /etc/openldap/slapd.d; chown -R ldap:ldap /etc/openldap/slapd.d/*；service slapd restartcat >>/www/sudo.ldif<
     
      =0.11MySQL-python==1.2.5192.168.3.146 [/opt/jumpserver/scripts] 2014-12-22 13:21:20root@pts/0 #192.168.3.146 [/opt/jumpserver/scripts] 2014-12-22 13:22:03root@pts/0 # pip2.7 listDjango (1.7.1)ecdsa (0.11)MySQL-python (1.2.5)paramiko (1.15.1)pexpect (3.3)pip (1.5.6)pycrypto (2.6.1)python-ldap (2.4.18)setuptools (8.2.1)sphinx-me (0.3)wsgiref (0.1.2)192.168.3.146 [/opt/jumpserver/scripts] 2014-12-22 13:22:07root@pts/0 #配置文件:192.168.3.146 [/opt/jumpserver] 2014-12-22 13:24:34root@pts/0 # cat jumpserver.conf#coding:utf-8[db]host = 192.168.3.40port = 3306user = jumpserverpassword = youyuanopsdb = jumpserver[jumpserver]key = 88aaaf7ffe3c6c04ldap_host = ldap://127.0.0.1:389ldap_base_dn = dc=youyuan,dc=comadmin_cn = cn=admin,dc=youyuan,dc=comadmin_pass = VNLqNCjpNBIetEoCA2h3web_socket_host = 172.10.10.9:3000192.168.3.146 [/opt/jumpserver] 2014-12-22 13:24:38root@pts/0 #最后变为:192.168.3.146 [~] 2014-12-22 13:49:12root@pts/4 # cat /opt/jumpserver/jumpserver.conf#coding:utf-8[db]host = 192.168.3.40port = 3306user = jumpserverpassword = youyuanopsdb = jumpserver[jumpserver]key = 88aaaf7ffe3c6c04ldap_host = ldap://127.0.0.1:389ldap_base_dn = dc=youyuan,dc=comadmin_cn = cn=admin,dc=youyuan,dc=comadmin_pass = 12345678(不改会报错的)web_socket_host = 172.10.10.9:3000192.168.3.146 [~] 2014-12-22 13:49:15root@pts/4 #修改logs目录权限root@pts/0 # chmod 777 logsdjango sync db 到数据库192.168.3.146 [/opt/jumpserver/webroot/AutoSa] 2014-12-22 13:27:29root@pts/0 # python manage.py syncdbOperations to perform:Synchronize unmigrated apps: Assets, UserManageApply all migrations: admin, contenttypes, auth, sessionsSynchronizing apps without migrations:Creating tables...Creating table UserManage_groupCreating table UserManage_user_groupCreating table UserManage_userCreating table UserManage_logsCreating table UserManage_pidCreating table Assets_idcCreating table Assets_assetsCreating table Assets_assetsuserInstalling custom SQL...Installing indexes...Running migrations:Applying contenttypes.0001_initial... OKApplying auth.0001_initial... OKApplying admin.0001_initial... OKApplying sessions.0001_initial... OKYou have installed Django's auth system, and don't have anysuperusers defined.Would you like to create one now? (yes/no): no192.168.3.146 [/opt/jumpserver/webroot/AutoSa] 2014-12-22 13:27:50root@pts/0 #运行两个窗口:192.168.3.146 [/opt/jumpserver/webroot/AutoSa] 2014-12-22 13:28:44root@pts/0 # python manage.py runserver 0.0.0.0:81Performing system checks...System check identified no issues (0 silenced).December 22, 2014 - 13:28:59Django version 1.7.1, using settings 'AutoSa.settings'Starting development server at http://0.0.0.0:81/Quit the server with CONTROL-C.root@pts/1 # cd /opt/jumpserver/webroot/AutoSa/192.168.3.146 [/opt/jumpserver/webroot/AutoSa] 2014-12-22 13:29:51root@pts/1 # lsAssets AutoSa __init__.py log_handler.py manage.py static templates UserManage websocket192.168.3.146 [/opt/jumpserver/webroot/AutoSa] 2014-12-22 13:29:52root@pts/1 # pwd/opt/jumpserver/webroot/AutoSa192.168.3.146 [/opt/jumpserver/webroot/AutoSa] 2014-12-22 13:29:53root@pts/1 # python log_handler.py打开:http://192.168.3.146:81/install/成功:安装成功用户名及密码:http://192.168.3.146:81adminadmin安装Nodejs，功能实时刷新root@pts/2 # wget http://nodejs.org/dist/v0.10.34/node-v0.10.34.tar.gzroot@pts/2 # tar -zxvf node-v0.10.34.tar.gz192.168.3.146 [~/node-v0.10.34] 2014-12-22 14:12:30root@pts/0 # cd node-v0.10.34/;./configure --prefix=/opt/node/ && make && make install相关配置192.168.3.146 [/opt/node/bin] 2014-12-22 14:13:46root@pts/0 # touch /etc/profile.d/node.sh192.168.3.146 [/opt/node/bin] 2014-12-22 14:16:16root@pts/0 # vim /etc/profile.d/node.sh192.168.3.146 [/opt/node/bin] 2014-12-22 14:16:36root@pts/0 # vim /etc/profile.d/node.sh192.168.3.146 [/opt/node/bin] 2014-12-22 14:16:39root@pts/0 # source /etc/profile.d/node.sh192.168.3.146 [/opt/node/bin] 2014-12-22 14:16:47root@pts/0 #root@pts/0 # cat /etc/profile.d/node.shexport PATH=$PATH:/opt/node/bin192.168.3.146 [/opt/node/bin] 2014-12-22 14:17:23root@pts/0 #安装项目依赖module，或使用下载好的192.168.3.146 [/opt/jumpserver/webroot/AutoSa/websocket] 2014-12-22 14:18:25root@pts/0 # pwd/opt/jumpserver/webroot/AutoSa/websocket192.168.3.146 [/opt/jumpserver/webroot/AutoSa/websocket] 2014-12-22 14:18:27root@pts/0 # ll总用量 8-rw-r--r-- 1 root root 2832 12月 22 07:40 index.js-rw-r--r-- 1 root root 219 12月 22 07:40 package.json192.168.3.146 [/opt/jumpserver/webroot/AutoSa/websocket] 2014-12-22 14:18:28root@pts/0 # cat package.json{"name": "web-socket","version": "0.0.1","description": "my first realtime server","dependencies": {"express": "~4.10.1","socket.io": "~1.2.0","node-tail": "0.0.4","tail": "~0.4.0"}}192.168.3.146 [/opt/jumpserver/webroot/AutoSa/websocket] 2014-12-22 14:18:33root@pts/0 # npm install192.168.3.146 [/opt/jumpserver/webroot/AutoSa/websocket] 2014-12-22 14:19:17测试启动websocketroot@pts/0 # node index.jslistening on *:3000让用户登录jumpserver自动运行系统# cd /opt/jumpserver/scripts# vim jumpserver.sh...if [ $USER == 'guanghongwei' ];then # 修改特殊用户，结束后不退出...# cp jumpserver.sh /etc/profile.d/正常运行jumpserver系统# cd /opt/jumpserver/# ./runserver#说明：如果想结束系统#./stopserver脚本:192.168.3.146 [/opt/jumpserver] 2014-12-22 14:23:36root@pts/1 # cat runserver#!/bin/bashmanage_file="./webroot/AutoSa/manage.py"log_handler_file="./webroot/AutoSa/log_handler.py"websocket_file="./webroot/AutoSa/websocket/index.js"which node &> /dev/nullif [ $? != '0' ];thenecho "Please define the node.js binary file 'node' in the PATH."exitfinode $websocket_file &if [ -f $manage_file -a -e $manage_file ] && [ -f $log_handler_file -a -e $log_handler_file ];then$manage_file runserver 0.0.0.0:80 &> logs/access.log &$log_handler_file &> logs/handler.log &elseecho "manage.py or log_handler.py isn't exist or executable."fi192.168.3.146 [/opt/jumpserver] 2014-12-22 14:23:38stopserverroot@pts/1 # cat stopserver#!/bin/bashpids=$(ps axu | grep -E '(manage.py|log_handler|index.js)'| grep -v 'grep' | awk '{ print $2 }')for pid in $pids;dokill -15 $piddone192.168.3.146 [/opt/jumpserver] 2014-12-22 14:23:41root@pts/1 #WEB具体操作:http://laoguang.blog.51cto.com/6013350/1576502===========================客户端部分============================================安装LDAP客户端及完成客户端设置。yum -y install openldap openldap-clientsecho "session required pam_mkhomedir.so skel=/etc/skel umask=0077" >> /etc/pam.d/system-authauthconfig --enableldap --enableldapauth --enablemkhomedir --ldapserver=192.168.3.65 --ldapbasedn="dc=youyuan,dc=com" --update从jumpserver连接testuser测试ssh testuser@192.168.3.66  如果连接成功则继续客户端sudoer设置echo -e "uri ldap://192.168.3.65\nSudoers_base ou=Sudoers,dc=youyuan,dc=com" > /etc/sudo-ldap.conf echo "Sudoers: files ldap" >>  /etc/nsswitch.conf检查egrep -v "(^#|^$)" /etc/sudo-ldap.confgrep -i sudo /etc/nsswitch.conf 测试sudo# ssh testuser@192.168.3.65# sudo su  如果不提示输入密码，则成功。==============================遇到的问题==================================root@pts/0 # yum search setuptoolsThere was a problem importing one of the Python modulesrequired to run yum. The error leading to this problem was:   No module named yumPlease install a package which provides this module, orverify that the module is installed correctly.It's possible that the above module doesn't match thecurrent version of Python, which is:2.7.6 (default, Dec 26 2014, 14:06:44) [GCC 4.4.7 20120313 (Red Hat 4.4.7-11)]If you cannot solve this problem yourself, please go to the yum faq at:  http://yum.baseurl.org/wiki/Faq  192.168.3.65 [~] 2014-12-26 14:22:21解决：python升级完yum不可用：cat /usr/bin/yum#!/usr/bin/python2.6==============root@pts/0 # vim jumpserver.conf #coding:utf-8[db]host = 127.0.0.1port = 3306user = rootpassword = redhatdb = jumpserver[jumpserver]key = 88aaaf7ffe3c6c04ldap_host = ldap://127.0.0.1:389ldap_base_dn = dc=yolu,dc=comadmin_cn = cn=admin,dc=yolu,dc=comadmin_pass = VNLqNCjpNBIetEoCA2h3web_socket_host = 172.10.10.9:3000===================python manage.py syncdb问题；ImportError: libmysqlclient.so.18: cannot open shared object file: No such file or directory解决：ln -s /usr/local/mysql/lib/libmysqlclient.so.18 /usr/lib64/libmysqlclient.so.18问题：django.db.utils.OperationalError: (1045, "Access denied for user 'jumpserver'@'192.168.3.65' (using password: YES)")解决：mysql -uroot -p12345678 -h127.1GRANT ALL ON *.* TO 'jumpserver'192.168.%';set password for 'jumpserver'@'192.168.%' = PASSWORD('youyuanops');GRANT ALL ON *.* TO O 'jumpserver'@'localhost';set password for 'jumpserver'@'localhost' = PASSWORD('youyuanops');  flush privileges;