Deploying JumpServer is very easy, but due to the complexity of its components and their interdependencies, recovery can be quite cumbersome if a failure occurs. To avoid this hassle, I usually deploy JumpServer on a virtual machine in Proxmox VE and then back up the entire virtual machine. If needed, I can restore it completely from the PBS backup.

Proxmox VE 8 Installation of OpenSuse 15

According to the official JumpServer documentation, JumpServer supports mainstream Linux operating systems such as Debian, RedHat, and Ubuntu. I tried deploying JumpServer on FreeBSD but failed several times, mainly due to issues with installing iptables. After careful consideration, I chose OpenSuse to deploy JumpServer.

1. In the Proxmox VE 8 Web management console, create a virtual machine named `jmp104`, attach OpenSuse 15.5, and allocate disk space, memory, etc.

2. Start the virtual machine and begin the OS installation guide, move the cursor to the second option, and proceed to the next step.

3. Click “Yes” or “Next” a few times, accepting the default values until you reach the System Role interface. Select “Server” (minimal installation mode to save time and space) and proceed to the next step.

4. Since the entire OpenSuse system will only be used to deploy JumpServer, there is no need to partition the target disk; simply use the default settings.

5. Set the time zone to “chongqing”, then select “Skip Create User”, meaning no regular user will be created. Set the root account password twice, using a complex password.

6. Return to the main installation screen and click the “Network Configuration” link to set network parameters, including the static IP address, subnet mask, gateway, DNS server, and hostname.

7. By default, the network IP address is assigned by DHCP. As this is a server, a fixed IP address should be used, so this needs to be changed. Click “edit” at the bottom.

8. Set the network address to `172.16.35.102`, the mask to `255.255.255.0`, and the hostname to `jmp102`.

9. Similarly, set the DNS server address to `223.6.6.6`, and the default gateway to `172.16.35.254`. The default value for the gateway is a hyphen “-“, so it needs to be deleted when entering the local gateway.

10. Preview the summary information on the main installation screen. If there are no modifications needed, click the “Install” button at the bottom right to start the formal installation.

11. Once the OpenSuse installation is complete, reboot the system and connect remotely via SSH to verify the installation, such as by using the `curl` command to access the external network.

Deploying JumpServer on OpenSuse 15

Installing all the necessary JumpServer components one by one from source (including JumpServer Core, Lina, Luna, Koko, Magnus, MySQL/Redis, and Nginx) can be cumbersome and error-prone. Fortunately, the official JumpServer provides a one-click online installation script that installs these components as Docker images, greatly simplifying the process and improving efficiency.

1. Log in to OpenSUSE, ensure the system network is accessible, and visit [JumpServer](https://www.fit2cloud.com/jumpserver/index.html).

2. Next, copy the online installation command from the official website:

curl -sSL https://resource.fit2cloud.com/jumpserver/jumpserver/releases/latest/download/quick_start.sh | bash

As long as the operating system environment is problem-free, the rest of the installation will be handled by the script.

Once the script finishes running, the final screen output should indicate that the containers have successfully started.

3. At the command prompt, execute the `ps` and `netstat` commands to initially verify the correctness of the installation. Then, access the JumpServer system’s IP address from a remote browser. If the login screen appears, enter the username `admin` and password `admin`. You will be prompted to change the password. Set a complex password, log in, and if you can perform various management operations on JumpServer, the installation was successful.

JumpServer Backup and Recovery

Backing up a JumpServer deployed on Proxmox VE is very easy, and restoring it is equally simple, just a few clicks. You can find more detailed instructions online, so they are not covered here.

If JumpServer is not deployed as a virtual machine or is deployed on another virtualization platform, the MondoRescue tool can also be used for full system backup and recovery.

By default, MondoRescue cannot be installed using OpenSuse’s package manager `zypper`. You need to add the MondoRescue software repository. After some effort, I found the official URL for this is `ftp://ftp.mondorescue.org/opensuse/15.4/x86_64`.

1. In the command line of the OpenSuse system hosting JumpServer, execute the following command to add the MondoRescue repository to the system:

zypper ar ftp://ftp.mondorescue.org/opensuse/15.4/x86_64 mondo

After the command runs, execute `zypper lr` to check if it has been added correctly.

2. The newly added repository `mondo` is saved as a text file in the `/etc/zypp/repos.d` directory.

3. Once everything is ready, try entering the command `zypper install mondo`. If there are no errors, type “a” to proceed.

4. Next, type “y” to continue with the installation.

The process should go smoothly, and MondoRescue and its dependencies (such as afio, mindi, etc.) will be correctly installed. Based on the screen output, you can see that OpenSuse (and also Suse) uses RPM packages for binary installations.

5. To make management easier and prevent the system disk from becoming full, prepare an additional disk space to store the backup system archive ISO file, and mount it to the `/data` directory.

6. Before performing the JumpServer backup, modify the `/etc/mindi/mindi.conf` file by adding the line `EXTRA_SPACE= 8015200`. Otherwise, the backup process may exit due to insufficient space.

7. Once everything is prepared (backup file storage space, ramdisk storage space), carefully enter the command `mondoarchive` to initiate an interactive backup.

8. Back up the system to the hard drive. Here, the backup path is `/mnt/data`, but you can choose a different path based on your situation.

9. Enter the full path (or absolute path) `/mnt/data/cache/mondo`.

10. For the compression type, select “gzip”, or you can choose “bzip”.

11. Select maximum compression (the default value).

12. For the next few steps, use the default values. When you reach the “Exclude paths” step, exclude directories like the backup storage directory and temporary directories.

13. For the next few directories, you can use the default or customized values. When asked if you want to back up extensions, select “Yes” (the default value).

Backing up extensions refers to processing the operating system kernel.

14. When asked if verification is needed, and if you really want to proceed with the backup, just press Enter.

At this point, the interactive process is complete, and the program will automatically start the backup. You can monitor the progress in real-time, and use `tail -f /var/log/mondoarchive.log` to see detailed execution steps.

15. After the backup is complete, click the “ok” button to return to the OpenSuse command prompt. Go to the ISO storage directory specified before the backup, and copy the ISO generated during the `mondoarchive` execution to the target machine or burn it to a bootable USB or DVD for future use.

16. Using the prepared JumpServer bootable USB, or by directly attaching the ISO image file to a created virtual machine, start the machine (or virtual machine), enter the boot interface, and type “nuke”. The system will automatically perform a full recovery.

17. After the automatic recovery is complete, reboot the system, access JumpServer via a browser, and verify the correctness of the recovery.