jumpserver集群模式部署

admin · 发表于 2023-3-8 10:00:11

部署 Elasticsearch 服务⚓︎
提示

集群部署请参考 (https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html)
1 准备工作⚓︎
1.1 环境信息⚓︎
Elasticsearch 服务器信息如下:

192.168.10.51
2 安装配置 Docker 环境⚓︎
2.1 安装 Docker⚓︎

yum install -y yum-utils device-mapper-persistent-data lvm2
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo
yum makecache fast
yum -y install docker-ce
2.2 配置 Docker⚓︎

mkdir /etc/docker/
vi /etc/docker/daemon.json

{
  "live-restore": true,
  "registry-mirrors": ["https://hub-mirror.c.163.com", "https://bmtrgdvx.mirror.aliyuncs.com", "http://f1361db2.m.daocloud.io"],
  "log-driver": "json-file",
  "log-opts": {"max-file": "3", "max-size": "10m"}
}
2.3 启动 Docker⚓︎

systemctl enable docker
systemctl start docker
3 安装配置 Elasticsearch⚓︎
3.1 下载 Elasticsearch 镜像⚓︎

docker pull docker.elastic.co/elasticsearch/elasticsearch:7.17.6

7a0437f04f83: Pull complete
7718d2f58c47: Pull complete
cc5c16bd8bb9: Pull complete
e3d829b4b297: Pull complete
1ad944c92c79: Pull complete
373fb8fbaf74: Pull complete
5908d3eb2989: Pull complete
Digest: sha256:81c126e4eddbc5576285670cb3e23d7ef7892ee5e757d6d9ba870b6fe99f1219
Status: Downloaded newer image for docker.elastic.co/elasticsearch/elasticsearch:7.17.6
docker.elastic.co/elasticsearch/elasticsearch:7.17.6

3.2 Elasticsearch 持久化数据目录创建⚓︎

mkdir -p /opt/jumpserver/elasticsearch/data /opt/jumpserver/elasticsearch/logs
3.3 启动 Elasticsearch 服务⚓︎

## 请自行修改账号密码并牢记，丢失后可以删掉容器后重新用新密码创建，数据不会丢失
# 9200                               # Web 访问端口
# 9300                               # 集群通信
# discovery.type=single-node          # 单节点
# bootstrap.memory_lock="true"       # 锁定物理内存, 不使用 swap
# xpack.security.enabled="true"       # 开启安全模块
# TAKE_FILE_OWNERSHIP="true"          # 自动修改挂载文件夹的所属用户
# ES_JAVA_OPTS="-Xms512m -Xmx512m"    # JVM 内存大小, 推荐设置为主机内存的一半
# elastic                            # Elasticsearch 账号
# ELASTIC_PASSWORD=KXOeyNgDeTdpeu9q    # Elasticsearch 密码

docker run --name jms_es -d -p 9200:9200 -p 9300:9300 -e cluster.name=docker-cluster -e discovery.type=single-node -e network.host=0.0.0.0 -e bootstrap.memory_lock="true" -e xpack.security.enabled="true" -e TAKE_FILE_OWNERSHIP="true" -e ES_JAVA_OPTS="-Xms512m -Xmx512m" -e ELASTIC_PASSWORD=KXOeyNgDeTdpeu9q -v /opt/jumpserver/elasticsearch/data:/usr/share/elasticsearch/data -v /opt/jumpserver/elasticsearch/logs:/usr/share/elasticsearch/logs --restart=always docker.elastic.co/elasticsearch/elasticsearch:7.17.6
3.4 在 JumpServer 中配置 Elasticsearch⚓︎
访问 JumpServer Web 页面并使用管理员账号进行登录。
点击左侧菜单栏的 [终端管理]，在页面的上方选择 [存储配置]，在 [命令存储] 下方选择 [创建] 选择 [Elasticsearch]
根据下方的说明进行填写，保存后在 [终端管理] 页面对所有组件进行 [更新]，命令存储选择 [jms-es]，提交。
选项

admin · 发表于 2023-3-8 10:00:12

注意事项⚓︎
1 关于集群模式的环境升级⚓︎
更新前请一定要做好备份工作

升级前请关闭所有 JumpServer 节点。
在任意一个 JumpServer 节点按照升级文档完成升级操作。
仔细检查该节点升级过程确保无异常。
然后按照升级文档对其他 JumpServer 节点升级即可。
从飞致云社区下载最新的 linux/amd64 离线包, 并上传到部署服务器的 /opt 目录。

cd /opt
tar -xf jumpserver-offline-installer-v3.0.3-amd64-246.tar.gz
cd jumpserver-offline-installer-v3.0.3-amd64-246

# 额外节点可以设置 SKIP_BACKUP_DB=1 跳过数据库备份, 第一个升级节点不要跳过备份
export SKIP_BACKUP_DB=1
./jmsctl.sh upgrade
./jmsctl.sh start

admin · 发表于 2023-3-8 10:00:13

在线安装⚓︎
1 环境要求⚓︎
Kubernetes 1.20+
Helm 3.0
2 安装部署⚓︎
2.1 添加 JumpServer 的 Helm 源地址⚓︎

helm repo add jumpserver https://jumpserver.github.io/helm-charts
helm repo list
2.2 编辑 JumpServer values.yaml 文件⚓︎

vi values.yaml

# 模板 https://github.com/jumpserver/he ... pserver/values.yaml
# Default values for jumpserver.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

nameOverride: ""
fullnameOverride: ""

## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.storageClass Global StorageClass for Persistent Volume(s)
## @param global.redis.password Global Redis™ password (overrides `auth.password`)
##
global:
  imageRegistry: "docker.io" # 国内可以使用华为云加速
  imageTag: v3.0.3          # 版本号
  ## E.g.
  #  imagePullSecrets:
  # - name: harborsecret
  #
  #  storageClass: "jumpserver-data"
  ##
  imagePullSecrets: []
# - name: yourSecretKey
  storageClass: ""             # (*必填) NFS SC

## Please configure your MySQL server first
## Jumpserver will not start the external MySQL server.
##
externalDatabase:             #  (*必填) 数据库相关设置
  engine: mysql
  host: localhost
  port: 3306
  user: root
  password: ""
  database: jumpserver

## Please configure your Redis server first
## Jumpserver will not start the external Redis server.
##
externalRedis:                #  (*必填) Redis 设置
  host: localhost
  port: 6379
  password: ""

serviceAccount:
  # Specifies whether a service account should be created
  create: false
  # The name of the service account to use.
  # If not set and create is true, a name is generated using the fullname template
  name:

ingress:
  enabled: true                            # 不使用 ingress 可以关闭
  annotations:
# kubernetes.io/tls-acme: "true"
compute-full-forwarded-for: "true"
use-forwarded-headers: "true"
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/configuration-snippet: |
   proxy_set_header Upgrade "websocket";
   proxy_set_header Connection "Upgrade";
  hosts:
- "test.jumpserver.org"                # 对外域名
  tls: []
  #  - secretName: chart-example-tls
  # hosts:
  #    - chart-example.local

core:
  enabled: true

  labels:
app.jumpserver.org/name: jms-core

  config:
# Generate a new random secret key by execute `cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`
# secretKey: "B3f2w8P2PfxIAS7s4URrD9YmSbtqX4vXdPUL217kL9XPUOWrmy"
secretKey: ""                         #  (*必填) 加密敏感信息的 secret_key, 长度推荐大于 50 位
# Generate a new random bootstrap token by execute `cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`
# bootstrapToken: "7Q11Vz6R2J6BLAdO"
bootstrapToken: ""                      #  (*必填) 组件认证使用的 token, 长度推荐大于 24 位
# Enabled it for debug
debug: false
log:
   level: ERROR

  replicaCount: 1

  image:
registry: docker.io
repository: jumpserver/core
tag: v3.0.3
pullPolicy: IfNotPresent

  command: []

  env:
# See: https://docs.jumpserver.org/zh/master/admin-guide/env/#core
SESSION_EXPIRE_AT_BROWSER_CLOSE: true
# SESSION_COOKIE_AGE: 86400
# SECURITY_VIEW_AUTH_NEED_MFA: true

  livenessProbe:
failureThreshold: 30
httpGet:
   path: /api/health/
   port: web

  readinessProbe:
failureThreshold: 30
httpGet:
   path: /api/health/
   port: web

  podSecurityContext: {}
# fsGroup: 2000

  securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000

  service:
type: ClusterIP
web:
   port: 8080

  resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 1000m
# memory: 2048Mi
# requests:
# cpu: 500m
# memory: 1024Mi

  persistence:
storageClassName: jumpserver-data
accessModes:
   - ReadWriteMany
size: 100Gi
# annotations: {}
finalizers:
   - kubernetes.io/pvc-protection
# subPath: ""
# existingClaim:

  volumeMounts: []

  volumes: []

  nodeSelector: {}

  tolerations: []

  affinity: {}

koko:
  enabled: true

  labels:
app.jumpserver.org/name: jms-koko

  config:
log:
   level: ERROR

  replicaCount: 1

  image:
registry: docker.io
repository: jumpserver/koko
tag: v3.0.3
pullPolicy: IfNotPresent

  command: []

  env: []
# See: https://docs.jumpserver.org/zh/master/admin-guide/env/#koko
# LANGUAGE_CODE: zh
# REUSE_CONNECTION: true
# ENABLE_LOCAL_PORT_FORWARD: true
# ENABLE_VSCODE_SUPPORT: true

  livenessProbe:
failureThreshold: 30
httpGet:
   path: /koko/health/
   port: web

  readinessProbe:
failureThreshold: 30
httpGet:
   path: /koko/health/
   port: web

  podSecurityContext: {}
# fsGroup: 2000

  securityContext:
privileged: true
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000

  service:
type: ClusterIP
web:
   port: 5000
ssh:
   port: 2222

  resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi

  persistence:
storageClassName: jumpserver-data
accessModes:
   - ReadWriteMany
size: 10Gi
# annotations: {}
finalizers:
   - kubernetes.io/pvc-protection

  volumeMounts: []

  volumes: []

  nodeSelector: {}

  tolerations: []

  affinity: {}

lion:
  enabled: true

  labels:
app.jumpserver.org/name: jms-lion

  config:
log:
   level: ERROR

  replicaCount: 1

  image:
registry: docker.io
repository: jumpserver/lion
tag: v3.0.3
pullPolicy: IfNotPresent

  command: []

  env:
# See: https://docs.jumpserver.org/zh/master/admin-guide/env/#lion
JUMPSERVER_ENABLE_FONT_SMOOTHING: true
# JUMPSERVER_COLOR_DEPTH: 32
# JUMPSERVER_ENABLE_WALLPAPER: true
# JUMPSERVER_ENABLE_THEMING: true
# JUMPSERVER_ENABLE_FULL_WINDOW_DRAG: true
# JUMPSERVER_ENABLE_DESKTOP_COMPOSITION: true
# JUMPSERVER_ENABLE_MENU_ANIMATIONS: true

  livenessProbe:
failureThreshold: 30
httpGet:
   path: /lion/health/
   port: web

  readinessProbe:
failureThreshold: 30
httpGet:
   path: /lion/health/
   port: web

  podSecurityContext: {}
# fsGroup: 2000

  securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000

  service:
type: ClusterIP
web:
   port: 8081

  resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 512Mi
# requests:
# cpu: 100m
# memory: 512Mi

  persistence:
storageClassName: jumpserver-data
accessModes:
   - ReadWriteMany
size: 50Gi
# annotations: {}
finalizers:
   - kubernetes.io/pvc-protection

  volumeMounts: []

  volumes: []

  nodeSelector: {}

  tolerations: []

  affinity: {}

magnus:
  enabled: true

  labels:
app.jumpserver.org/name: jms-magnus

  config:
log:
   level: ERROR

  replicaCount: 1

  image:
registry: docker.io
repository: jumpserver/magnus
tag: v3.0.3
pullPolicy: IfNotPresent

  command: []

  env: []

  livenessProbe:
failureThreshold: 30
tcpSocket:
   port: 9090

  readinessProbe:
failureThreshold: 30
tcpSocket:
   port: 9090

  podSecurityContext: {}
# fsGroup: 2000

  securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000

  service:
type: ClusterIP
mysql:
   port: 33061
mariadb:
   port: 33062
redis:
   port: 63790
postgresql:
   port: 54320
oracle:
   ports: 30000-30100

  resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 512Mi
# requests:
# cpu: 100m
# memory: 512Mi

  persistence:
storageClassName: jumpserver-data
accessModes:
   - ReadWriteMany
size: 10Gi
# annotations: {}
finalizers:
   - kubernetes.io/pvc-protection

  volumeMounts: []

  volumes: []

  nodeSelector: {}

  tolerations: []

  affinity: {}

xpack:
  enabled: false    # 企业版本打开此选项

omnidb:
  labels:
app.jumpserver.org/name: jms-omnidb

  config:
log:
   level: ERROR

  replicaCount: 1

  image:
registry: registry.fit2cloud.com
repository: jumpserver/omnidb
tag: v3.0.3
pullPolicy: IfNotPresent

  command: []

  env: []

  livenessProbe:
failureThreshold: 30
tcpSocket:
   port: web

  readinessProbe:
failureThreshold: 30
tcpSocket:
   port: web

  podSecurityContext: {}
# fsGroup: 2000

  securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000

  service:
type: ClusterIP
web:
   port: 8082

  resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi

  persistence:
storageClassName: jumpserver-data
accessModes:
   - ReadWriteMany
size: 10Gi
# annotations: {}
finalizers:
   - kubernetes.io/pvc-protection

  volumeMounts: []

  volumes: []

  nodeSelector: {}

  tolerations: []

  affinity: {}

razor:
  labels:
app.jumpserver.org/name: jms-razor

  config:
log:
   level: ERROR

  replicaCount: 1

  image:
registry: registry.fit2cloud.com
repository: jumpserver/razor
tag: v2.28.6
pullPolicy: IfNotPresent

  command: []

  env: []

  livenessProbe:
failureThreshold: 30
tcpSocket:
   port: rdp

  readinessProbe:
failureThreshold: 30
tcpSocket:
   port: rdp

  podSecurityContext: {}
# fsGroup: 2000

  securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000

  service:
type: ClusterIP
rdp:
   port: 3389

  resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi

  persistence:
storageClassName: jumpserver-data
accessModes:
   - ReadWriteMany
size: 50Gi
# annotations: {}
finalizers:
   - kubernetes.io/pvc-protection

  volumeMounts: []

  volumes: []

  nodeSelector: {}

  tolerations: []

  affinity: {}

web:
  enabled: true

  labels:
app.jumpserver.org/name: jms-web

  replicaCount: 1

  image:
registry: docker.io
repository: jumpserver/web
tag: v3.0.3
pullPolicy: IfNotPresent

  command: []

  env: []
# nginx client_max_body_size, default 4G
# CLIENT_MAX_BODY_SIZE: 4096m

  livenessProbe:
failureThreshold: 30
httpGet:
   path: /api/health/
   port: web

  readinessProbe:
failureThreshold: 30
httpGet:
   path: /api/health/
   port: web

  podSecurityContext: {}
# fsGroup: 2000

  securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000

  service:
type: ClusterIP
web:
   port: 80

  resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi

  persistence:
storageClassName: jumpserver-data
accessModes:
   - ReadWriteMany
size: 1Gi
# annotations: {}
finalizers:
   - kubernetes.io/pvc-protection

  volumeMounts: []

  volumes: []

  nodeSelector: {}

  tolerations: []

  affinity: {}
2.3 安装 JumpServer⚓︎

helm install jms-k8s jumpserver/jumpserver -n default -f values.yaml
2.4 卸载 JumpServer⚓︎

helm uninstall jms-k8s -n default

admin · 发表于 2023-3-8 10:00:14

远程应用⚓︎
注：社区版只支持 Website 方式。

1 功能简述⚓︎
远程应用（RemoteApp）功能是微软在 Windows Server 2008之后，在其系统中集成的一项服务功能，使用户可以通过远程桌面访问远端的桌面与程序，客户端本机无须安装系统与应用程序的情况下也能正常使用远端发布的各种的桌面与应用。
remoteapp03

2 应用发布机⚓︎
RemoteApp 功能需准备应用发布机环境来进行支持。
应用发布机是用来运行 Web 页面资产或者使用远程应用 Navicat 连接数据的程序运行主体。
2.1 版本要求⚓︎
应用发布机为 Windows Server 服务器，具体版本要求如下：
Windows Server 2016    Windows Server 2019    Windows Server 2022
2.2 安装 OpenSSH⚓︎
部署应用发布机前需要安装 OpenSSH 协议，可在 JumpServer 页面 - Web终端 - 帮助 - 下载页面找到 OpenSSH 安装包。
remoteapp01

OpenSSH 安装包传到应用发布机桌面后，双击进行安装。
remoteapp02

2.3 创建应用发布机⚓︎
点击应用发布机页面的创建按钮即新建一个应用发布机。
remoteapp04

详细参数说明：
参数说明
名称远程应用发布机的名称，识别信息。
IP/主机远程应用发布机的IP信息。
协议组远程应用发布机支持的协议族以及协议组的端口。
账号列表远程应用发布机的连接账号信息。
API 服务远程应用发布机的 Agent 与 JumpServer 后端 Core 组件服务的通信地址。
RDS 许可证 RDS 许可证启用选项。
RDS 许可服务器 RDS 许可服务器信息。
RDS 授权模式选择"设备"或"用户"设置授权模式。
A.设备：允许一台设备（任何用户使用的）连接到远程应用发布机。
B.用户：授予一个用户从无限数目的客户端计算机或设备访问远程应用发布机。
RDS 单用户单会话选择"禁用"或"启用"设置单用户单会话模式。
A.禁用：允许每个用户可以同时多台客户端电脑连接服务器远程桌面。
B.启用：禁止每个用户可以同时多台客户端电脑连接服务器远程桌面。
RDS 最大断开时间如果某个会话连接达到了此最大时间，连接即断开。
RDS 远程应用注销时间限制远程应用会话断开后的注销时间。
2.4 部署应用发布机⚓︎
创建应用发布机后需手动执行应用发布机部署，安装 Python、Chrome、Navicat、DBeaver 或自定义远程应用。
点击应用发布机名称按钮进入应用发布机详情页中，选择发布机部署页签，点击快速更新模块的初始化部署按钮，初始化应用发布机。
remoteapp05

2.5 查看应用发布机详情⚓︎
点击应用发布机名称按钮进入应用发布机详情页中。
此页面包含应用发布机详情信息，包括：远程应用发布机帐号列表、远程应用、发布机部署记录等。
remoteapp06

详细参数说明：
模块说明
详情该模块主要包含远程应用发布机的基本信息以及简单的自动化任务，更新硬件信息、测试可连接性等。
账号列表该模块主要操作远程应用发布机的账号，默认创建初 JumpServer 会创建100个系统用户支持远程应用会话。
远程应用该模块中包含默认的远程应用与自建的远程应用信息，在该模块可直接对远程应用进行部署。
发布机部署该模块中主要用于远程应用发布机的初始化部署，以及部署日志的查看。
活动记录该模块中记录了远程应用发布机的活动记录信息，点击可查看活动详情。
3 远程应用⚓︎
创建远程应用资源，实现远程访问目标资源，并实现密码代替功能。
当前举例访问 JumpServer 页面过程（实现密码代填）
3.1 创建 Website 资产⚓︎
点击切换至控制台视图资产管理 - 资产列表页面中。
选中 Web 页签，点击创建 Website 资产。
remoteapp08

其中选择器参数，需要根据目标 Url 页面中的代码参数中获取。
我们通过 F12 打开目标 Url 的开发者工具页面，步骤如下图：
remoteapp09

把获取到的参数填写至创建的目标 Website 资产，参考当前页面3.1 标题第一张图片。
3.2 创建资产授权规则⚓︎
点击切换至权限管理 - 资产授权页面中。
创建新的授权规则，如下图：
remoteapp10

3.3 访问 Website 资产⚓︎
通过 Web终端选中目标 Website 资产访问。
访问 Website 资产需要本地客户端安装 JumpServer 客户端程序，可在 JumpServer 页面 - Web终端 - 帮助 - 下载页面找到安装包。
remoteapp11

3.4 页面效果⚓︎
当前为远程应用页面访问效果图：
remoteapp06

4 自定义 Applet⚓︎
4.1 Applet 介绍⚓︎
Applet 是一个包含 Python 脚本的目录，必须至少包含以下文件：

├── i18n.yml
├── icon.png
├── main.py
├── manifest.yml
└── setup.yml
文件名称作用说明：
文件名称说明
main.py Python 代填的执行脚本。
icon.png Applet 的图标
manifest.yml Applet 的元数据。
setup.yml 拉起程序的安装描述。
i18n.yml 对 manifest.yml 的国际化文件。
4.2 元数据 manifest.yml⚓︎
manifes.yml 定义了 Applet 的元数据，如名称、作者、版本、支持的协议。

name: mysql_workbench8 （required）
display_name: MySQL Workbench8
comment: A tool for working with MySQL, to execute SQL and design tables (required）
version: 0.1 (required）
exec_type: python (reserved，暂未使用)
author: Eric (required）
type: general (required）
update_policy: none (暂未使用)
tags: (required）
  - database
protocols: (required）
  - mysql
详细字段说明：
字段说明
name 名称最好是字母数字，不要包含特殊字符。
protocols 此 Applet 脚本支持的协议。
tags 一些标签。
type 主要是 General 或 Web。
i18n.yml 对 manifest.yml 的国际化文件。
4.3 安装条件 setup.yml⚓︎
setup.yml 定义了 Applet 拉起程序的安装方式。

type: msi # exe, zip, manual
source: https://jms-pkg.oss-cn-beijing.a ... y-8.0.31-winx64.msi
arguments:
  - /qn
  - /norestart
destination: C:\Program Files\MySQL\MySQL Workbench 8.0 CE
program: C:\Program Files\MySQL\MySQL Workbench 8.0 CE\MySQLWorkbench.exe
md5: d628190252133c06dad399657666974a
详细字段说明：
字段说明
type 是软件安装的方式。
msi：安装软件。
exe：安装软件。
zip：解压安装方式。
manual：手动安装方式。
source 软件下载地址。
arguments msi 或者 exe 安装程序需要的参数，使用静默安装。
destination 程序安装目录地址。
program 具体的软件地址。
md5 program 软件的 md5 值，主要用于校验安装是否成功。
如果选择 manual 的方式，source 等保持为空，可不校验 MD5 值，需要手动登录 Applet host（应用发布机）上安装软件。
4.4 脚本执行 main.py⚓︎
main.py 是 Python 脚本主程序。
JumpServer 的 Remoteapp 程序 tinker 将通过调用 python main.py base64_json_data 的方式执行。
base64_json_data 是 JSON 数据进行 base64 之后的字符串，包含资产、账号等认证信息。数据格式大致如下，依据 api 变化做相应调整：

{
  "app_name": "mysql_workbench8",
  "protocol": "mysql",
  "user": {
"id": "2647CA35-5CAD-4DDF-8A88-6BD88F39BB30",
"name": "Administrator",
"username": "admin"
  },
  "asset": {
"asset_id": "46EE5F50-F1C1-468C-97EE-560E3436754C",
"asset_name": "test_mysql",
"address": "192.168.1.1",
"protocols": [
   {
      "id": 2,
      "name": "mysql",
      "port": 3306
   }
]
  },
  "account": {
"account_id": "9D5585DE-5132-458C-AABE-89A83C112A83",
"username": "root",
"secret": "test"
  },
  "platform": {
"charset": "UTF-8"
  }
}

		自动登录	找回密码
密码			注册