Merge branch 'dev' of github.com:jumpserver/jumpserver into dev

2025-08-11 02:53:37 +00:00 · 2018-03-07 17:18:06 +08:00 · 2018-03-07 17:18:06 +08:00 · d1a2fe145d
commit d1a2fe145d
parent 83f83d9b07 c4afd04cbc
74 changed files with 1822 additions and 383 deletions
--- a/.gitignore
+++ b/.gitignore
@ -30,3 +30,4 @@ celerybeat.pid
 django.db
 celerybeat-schedule.db
 data/static
 _build/
--- a/apps/assets/models/node.py
+++ b/apps/assets/models/node.py
@ -12,7 +12,7 @@ __all__ = ['Node']
 class Node(models.Model):
    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
    key = models.CharField(unique=True, max_length=64, verbose_name=_("Key"))  # '1:1:1:1'
-    value = models.CharField(max_length=128, unique=True, verbose_name=_("Value"))
+    value = models.CharField(max_length=128, verbose_name=_("Value"))
    child_mark = models.IntegerField(default=0)
    date_create = models.DateTimeField(auto_now_add=True)
--- a/apps/assets/models/user.py
+++ b/apps/assets/models/user.py
@ -26,14 +26,14 @@ signer = get_signer()
 class AssetUser(models.Model):
    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
    name = models.CharField(max_length=128, unique=True, verbose_name=_('Name'))
-    username = models.CharField(max_length=16, verbose_name=_('Username'))
+    username = models.CharField(max_length=128, verbose_name=_('Username'))
    _password = models.CharField(max_length=256, blank=True, null=True, verbose_name=_('Password'))
    _private_key = models.TextField(max_length=4096, blank=True, null=True, verbose_name=_('SSH private key'), validators=[private_key_validator, ])
    _public_key = models.TextField(max_length=4096, blank=True, verbose_name=_('SSH public key'))
    comment = models.TextField(blank=True, verbose_name=_('Comment'))
    date_created = models.DateTimeField(auto_now_add=True)
    date_updated = models.DateTimeField(auto_now=True)
-    created_by = models.CharField(max_length=32, null=True, verbose_name=_('Created by'))
+    created_by = models.CharField(max_length=128, null=True, verbose_name=_('Created by'))
    @property
    def password(self):
--- a/apps/assets/tasks.py
+++ b/apps/assets/tasks.py
@ -91,7 +91,7 @@ def update_assets_hardware_info_util(assets, task_name=None):
    if task_name is None:
        task_name = _("Update some assets hardware info")
    tasks = const.UPDATE_ASSETS_HARDWARE_TASKS
-    hostname_list = [asset.hostname for asset in assets]
+    hostname_list = [asset.hostname for asset in assets if asset.is_active and asset.is_unixlike()]
    task, created = update_or_create_ansible_task(
        task_name, hosts=hostname_list, tasks=tasks, pattern='all',
        options=const.TASK_OPTIONS, run_as_admin=True, created_by='System',
@ -120,7 +120,10 @@ def update_assets_hardware_info_period():
    """
    from ops.utils import update_or_create_ansible_task
    task_name = _("Update assets hardware info period")
-    hostname_list = [asset.hostname for asset in Asset.objects.all()]
+    hostname_list = [
        asset.hostname for asset in Asset.objects.all()
        if asset.is_active and asset.is_unixlike()
    ]
    tasks = const.UPDATE_ASSETS_HARDWARE_TASKS
    # Only create, schedule by celery beat
@ -165,7 +168,8 @@ def test_admin_user_connectability_util(admin_user, task_name):
    from ops.utils import update_or_create_ansible_task
    assets = admin_user.get_related_assets()
-    hosts = [asset.hostname for asset in assets]
+    hosts = [asset.hostname for asset in assets
             if asset.is_active and asset.is_unixlike()]
    if not hosts:
        return
    tasks = const.TEST_ADMIN_USER_CONN_TASKS
@ -257,7 +261,7 @@ def test_system_user_connectability_util(system_user, task_name):
    """
    from ops.utils import update_or_create_ansible_task
    assets = system_user.assets
-    hosts = [asset.hostname for asset in assets]
+    hosts = [asset.hostname for asset in assets if asset.is_active and asset.is_unixlike()]
    tasks = const.TEST_SYSTEM_USER_CONN_TASKS
    if not hosts:
        logger.info("No hosts, passed")
@ -346,7 +350,7 @@ def push_system_user_util(system_users, assets, task_name):
        logger.info("Not tasks, passed")
        return {}
-    hosts = [asset.hostname for asset in assets]
+    hosts = [asset.hostname for asset in assets if asset.is_active and asset.is_unixlike()]
    if not hosts:
        logger.info("Not hosts, passed")
        return {}
--- a/apps/assets/templates/assets/_system_user.html
+++ b/apps/assets/templates/assets/_system_user.html
@ -13,7 +13,7 @@
            <div class="col-sm-12">
                <div class="ibox float-e-margins">
                    <div class="ibox-title">
-                        <h5>{% trans 'Create system user' %}</h5>
+                        <h5>{{ action }}</h5>
                        <div class="ibox-tools">
                            <a class="collapse-link">
                                <i class="fa fa-chevron-up"></i>
@ -81,6 +81,14 @@
 {% block custom_foot_js %}
    <script>
        var auto_generate_key = '#'+'{{ form.auto_generate_key.id_for_label }}';
        var protocol_id = '#' + '{{ form.protocol.id_for_label }}';
        var password_id = '#' + '{{ form.password.id_for_label }}';
        var private_key_id = '#' + '{{ form.private_key_file.id_for_label }}';
        var sudo_id = '#' + '{{ form.sudo.id_for_label }}';
        var shell_id = '#' + '{{ form.shell.id_for_label }}';
        var need_change_field = [auto_generate_key, private_key_id, sudo_id, shell_id] ;
        function authFieldsDisplay() {
            if ($(auto_generate_key).prop('checked')) {
                $('.auth-fields').addClass('hidden');
@ -88,9 +96,23 @@
                $('.auth-fields').removeClass('hidden');
            }
        }
        function protocolChange() {
            if ($(protocol_id).attr('value') === 'rdp') {
                $.each(need_change_field, function (index, value) {
                    $(value).addClass('hidden')
                });
                $(password_id).removeClass('hidden')
            } else {
                $.each(need_change_field, function (index, value) {
                    $(value).removeClass('hidden')
                });
            }
        }
        $(document).ready(function () {
            $('.select2').select2();
            authFieldsDisplay();
            protocolChange();
            $(auto_generate_key).change(function () {
                authFieldsDisplay();
            });
--- a/apps/assets/templates/assets/admin_user_create_update.html
+++ b/apps/assets/templates/assets/admin_user_create_update.html
@ -13,7 +13,7 @@
            <div class="col-sm-12">
                <div class="ibox float-e-margins">
                    <div class="ibox-title">
-                        <h5>{% trans 'Create admin user' %}</h5>
+                        <h5>{{ action }}</h5>
                        <div class="ibox-tools">
                            <a class="collapse-link">
                                <i class="fa fa-chevron-up"></i>
--- a/apps/assets/templates/assets/asset_list.html
+++ b/apps/assets/templates/assets/asset_list.html
@ -2,6 +2,12 @@
 {% load static %}
 {% load i18n %}
 {% block help_message %}
    <div class="alert alert-info help-message">
    左侧是资产树，右击可以新建、删除、更改树节点，授权资产也是以节点方式组织的，右侧是属于该节点下的资产
    </div>
 {% endblock %}
 {% block custom_head_css_js %}
    <link href="{% static 'css/plugins/ztree/awesomeStyle/awesome.css' %}" rel="stylesheet">
    <script type="text/javascript" src="{% static 'js/plugins/ztree/jquery.ztree.all.min.js' %}"></script>
@ -224,7 +230,9 @@ function editTreeNode() {
 	if (!current_node){
 	    return
    }
-    current_node.name = current_node.value;
+    if (current_node.value) {
        current_node.name = current_node.value;
    }
    zTree.editName(current_node);
 }
@ -313,38 +321,36 @@ function beforeDrag() {
    return true
 }
-function beforeDrop() {
+function beforeDrop(treeId, treeNodes, targetNode, moveType) {
-    return true
+    var treeNodesNames = [];
    $.each(treeNodes, function (index, value) {
        treeNodesNames.push(value.value);
    });
    var msg = "你想移动节点: `" + treeNodesNames.join(",") + "` 到 `" + targetNode.value + "` 下吗?";
    if (confirm(msg)){
        return true
    } else {
        return false
    }
 }
 function onDrag(event, treeId, treeNodes) {
 }
 function onDrop(event, treeId, treeNodes, targetNode, moveType) {
    console.log("DROP");
    console.log(event);
    console.log(treeNodes);
    console.log(targetNode);
    console.log(moveType);
    var treeNodesNames = [];
    var treeNodesIds = [];
    $.each(treeNodes, function (index, value) {
        treeNodesNames.push(value.value);
        treeNodesIds.push(value.id);
    });
    var msg = "你想移动节点: `" + treeNodesNames.join(",") + "` 到 `" + targetNode.value + "` 下吗?";
    var the_url = "{% url 'api-assets:node-add-children' pk=DEFAULT_PK %}".replace("{{ DEFAULT_PK }}", targetNode.id);
    var body = {nodes: treeNodesIds};
-    if (confirm(msg)){
+    APIUpdateAttr({
-        APIUpdateAttr({
+        url: the_url,
-            url: the_url,
+        method: "PUT",
-            method: "PUT",
+        body: JSON.stringify(body)
-            body: JSON.stringify(body)
+    })
        })
    }
 }
 function initTree() {
--- a/apps/assets/templates/assets/system_user_detail.html
+++ b/apps/assets/templates/assets/system_user_detail.html
@ -178,7 +178,7 @@
                                            </tr>
                                            <tr>
                                                <td colspan="2" class="no-borders">
-                                                    <button type="button" class="btn btn-info btn-sm" id="btn-add-to-cluster">{% trans 'Confirm' %}</button>
+                                                    <button type="button" class="btn btn-info btn-sm" id="btn-add-to-node">{% trans 'Confirm' %}</button>
                                                </td>
                                            </tr>
                                        </form>
@ -187,7 +187,7 @@
                                        <tr>
                                          <td ><b class="bdg_node" data-gid={{ node.id }}>{{ node.name }}</b></td>
                                          <td>
-                                              <button class="btn btn-danger pull-right btn-xs btn-remove-from-cluster" type="button"><i class="fa fa-minus"></i></button>
+                                              <button class="btn btn-danger pull-right btn-xs btn-remove-from-node" type="button"><i class="fa fa-minus"></i></button>
                                          </td>
                                        </tr>
                                        {% endfor %}
@ -204,27 +204,27 @@
 {% endblock %}
 {% block custom_foot_js %}
 <script>
-function updateSystemUserCluster(clusters) {
+function updateSystemUserCluster(nodes) {
    var the_url = "{% url 'api-assets:system-user-detail' pk=system_user.id %}";
    var body = {
-        cluster: Object.assign([], clusters)
+        nodes: Object.assign([], nodes)
    };
    var success = function(data) {
        // remove all the selected groups from select > option and rendered ul element;
        $('.select2-selection__rendered').empty();
        $('#cluster_selected').val('');
-        $.map(jumpserver.cluster_selected, function(cluster_name, index) {
+        $.map(jumpserver.nodes_selected, function(cluster_name, index) {
            $('#opt_' + index).remove();
            // change tr html of user groups.
            $('.cluster_edit tbody').append(
                '<tr>' +
                '<td><b class="bdg_node" data-gid="' + index + '">' + cluster_name + '</b></td>' +
-                '<td><button class="btn btn-danger btn-xs pull-right btn-remove-from-cluster" type="button"><i class="fa fa-minus"></i></button></td>' +
+                '<td><button class="btn btn-danger btn-xs pull-right btn-remove-from-node" type="button"><i class="fa fa-minus"></i></button></td>' +
                '</tr>'
            )
        });
        // clear jumpserver.groups_selected
-        jumpserver.cluster_selected = {};
+        jumpserver.nodes_selected = {};
    };
    APIUpdateAttr({
        url: the_url,
@ -232,16 +232,16 @@ function updateSystemUserCluster(clusters) {
        success: success
    });
 }
-jumpserver.cluster_selected = {};
+jumpserver.nodes_selected = {};
 $(document).ready(function () {
    $('.select2').select2()
    .on('select2:select', function(evt) {
            var data = evt.params.data;
-            jumpserver.cluster_selected[data.id] = data.text;
+            jumpserver.nodes_selected[data.id] = data.text;
    })
    .on('select2:unselect', function(evt) {
        var data = evt.params.data;
-        delete jumpserver.cluster_selected[data.id];
+        delete jumpserver.nodes_selected[data.id];
    });
 })
 .on('click', '#btn-auto-push', function () {
@ -255,26 +255,26 @@ $(document).ready(function () {
        body: JSON.stringify(body)
    });
 })
-.on('click', '#btn-add-to-cluster', function() {
+.on('click', '#btn-add-to-node', function() {
-    if (Object.keys(jumpserver.cluster_selected).length === 0) {
+    if (Object.keys(jumpserver.nodes_selected).length === 0) {
        return false;
    }
-    var clusters = $('.bdg_node').map(function() {
+    var nodes = $('.bdg_node').map(function() {
        return $(this).data('gid');
    }).get();
-    $.map(jumpserver.cluster_selected, function(value, index) {
+    $.map(jumpserver.nodes_selected, function(value, index) {
-        clusters.push(index);
+        nodes.push(index);
    });
-    updateSystemUserCluster(clusters);
+    updateSystemUserCluster(nodes);
 })
-.on('click', '.btn-remove-from-cluster', function() {
+.on('click', '.btn-remove-from-node', function() {
    var $this = $(this);
    var $tr = $this.closest('tr');
    var $badge = $tr.find('.bdg_node');
    var gid = $badge.data('gid');
-    var cluster_name = $badge.html() || $badge.text();
+    var node_name = $badge.html() || $badge.text();
    $('#groups_selected').append(
-        '<option value="' + gid + '" id="opt_' + gid + '">' + cluster_name + '</option>'
+        '<option value="' + gid + '" id="opt_' + gid + '">' + node_name + '</option>'
    );
    $tr.remove();
    var clusters = $('.bdg_node').map(function () {
--- a/apps/assets/views/asset.py
+++ b/apps/assets/views/asset.py
@ -58,8 +58,7 @@ class UserAssetListView(LoginRequiredMixin, TemplateView):
    def get_context_data(self, **kwargs):
        context = {
-            'app': _('Assets'),
+            'action': _('My assets'),
            'action': _('Asset list'),
            'system_users': SystemUser.objects.all(),
        }
        kwargs.update(context)
--- a/apps/common/api.py
+++ b/apps/common/api.py
@ -97,6 +97,9 @@ class LDAPTestingAPI(APIView):
 class DjangoSettingsAPI(APIView):
    def get(self, request):
        if not settings.DEBUG:
            return Response('Only debug mode support')
        configs = {}
        for i in dir(settings):
            if i.isupper():
--- a/apps/common/mixins.py
+++ b/apps/common/mixins.py
@ -99,9 +99,8 @@ class DatetimeSearchMixin:
        if date_from_s:
            date_from = timezone.datetime.strptime(date_from_s, self.date_format)
-            self.date_from = date_from.replace(
+            tz = timezone.get_current_timezone()
-                tzinfo=timezone.get_current_timezone()
+            self.date_from = tz.localize(date_from)
            )
        else:
            self.date_from = timezone.now() - timezone.timedelta(7)
--- a/apps/common/templatetags/common_tags.py
+++ b/apps/common/templatetags/common_tags.py
@ -73,17 +73,20 @@ def to_html(s):
@register.filter
 def time_util_with_seconds(date_from, date_to):
-    if date_from and date_to:
+    if not date_from:
        delta = date_to - date_from
        seconds = delta.seconds
        if seconds < 60:
            return '{} s'.format(seconds)
        elif seconds < 60*60:
            return '{} m'.format(seconds//60)
        else:
            return '{} h'.format(seconds//3600)
    else:
        return ''
    if not date_to:
        return ''
        date_to = timezone.now()
    delta = date_to - date_from
    seconds = delta.seconds
    if seconds < 60:
        return '{} s'.format(seconds)
    elif seconds < 60*60:
        return '{} m'.format(seconds//60)
    else:
        return '{} h'.format(seconds//3600)
@register.filter
--- a/apps/i18n/zh/LC_MESSAGES/django.mo
+++ b/apps/i18n/zh/LC_MESSAGES/django.mo
--- a/apps/i18n/zh/LC_MESSAGES/django.po
+++ b/apps/i18n/zh/LC_MESSAGES/django.po
--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@ -397,6 +397,6 @@ BOOTSTRAP3 = {
 }
 TOKEN_EXPIRATION = CONFIG.TOKEN_EXPIRATION or 3600
-DISPLAY_PER_PAGE = CONFIG.DISPLAY_PER_PAGE
+DISPLAY_PER_PAGE = CONFIG.DISPLAY_PER_PAGE or 25
 DEFAULT_EXPIRED_YEARS = 70
 USER_GUIDE_URL = ""
--- a/apps/jumpserver/urls.py
+++ b/apps/jumpserver/urls.py
@ -4,16 +4,16 @@ from __future__ import unicode_literals
 from django.conf.urls import url, include
 from django.conf import settings
 from django.conf.urls.static import static
 from django.views.static import serve as static_serve
 from rest_framework.schemas import get_schema_view
 from rest_framework_swagger.renderers import SwaggerUIRenderer, OpenAPIRenderer
-from .views import IndexView
+from .views import IndexView, LunaView
 schema_view = get_schema_view(title='Users API', renderer_classes=[OpenAPIRenderer, SwaggerUIRenderer])
 urlpatterns = [
    url(r'^$', IndexView.as_view(), name='index'),
    url(r'^luna/', LunaView.as_view(), name='luna-error'),
    url(r'^users/', include('users.urls.views_urls', namespace='users')),
    url(r'^assets/', include('assets.urls.views_urls', namespace='assets')),
    url(r'^perms/', include('perms.urls.views_urls', namespace='perms')),
--- a/apps/jumpserver/views.py
+++ b/apps/jumpserver/views.py
@ -1,4 +1,7 @@
-from django.views.generic import TemplateView
+import datetime
 from django.http import HttpResponse
 from django.views.generic import TemplateView, View
 from django.utils import timezone
 from django.db.models import Count
 from django.contrib.auth.mixins import LoginRequiredMixin
@ -45,15 +48,22 @@ class IndexView(LoginRequiredMixin, TemplateView):
        return self.session_week.values('user').distinct().count()
    def get_week_login_asset_count(self):
-        return self.session_week.values('asset').distinct().count()
+        return self.session_week.count()
        # return self.session_week.values('asset').distinct().count()
    def get_month_day_metrics(self):
        month_str = [d.strftime('%m-%d') for d in self.session_month_dates] or ['0']
        return month_str
    def get_month_login_metrics(self):
-        return [self.session_month.filter(date_start__date=d).count()
+        data = []
-                for d in self.session_month_dates]
+        time_min = datetime.datetime.min.time()
        time_max = datetime.datetime.max.time()
        for d in self.session_month_dates:
            ds = datetime.datetime.combine(d, time_min).replace(tzinfo=timezone.get_current_timezone())
            de = datetime.datetime.combine(d, time_max).replace(tzinfo=timezone.get_current_timezone())
            data.append(self.session_month.filter(date_start__range=(ds, de)).count())
        return data
    def get_month_active_user_metrics(self):
        if self.session_month_dates_archive:
@ -119,10 +129,18 @@ class IndexView(LoginRequiredMixin, TemplateView):
        self.session_week = Session.objects.filter(date_start__gt=week_ago)
        self.session_month = Session.objects.filter(date_start__gt=month_ago)
        self.session_month_dates = self.session_month.dates('date_start', 'day')
-        self.session_month_dates_archive = [
+
-            self.session_month.filter(date_start__date=d)
+        self.session_month_dates_archive = []
-            for d in self.session_month_dates
+        time_min = datetime.datetime.min.time()
-        ]
+        time_max = datetime.datetime.max.time()
        for d in self.session_month_dates:
            ds = datetime.datetime.combine(d, time_min).replace(
                tzinfo=timezone.get_current_timezone())
            de = datetime.datetime.combine(d, time_max).replace(
                tzinfo=timezone.get_current_timezone())
            self.session_month_dates_archive.append(
                self.session_month.filter(date_start__range=(ds, de)))
        context = {
            'assets_count': self.get_asset_count(),
@ -149,3 +167,12 @@ class IndexView(LoginRequiredMixin, TemplateView):
        kwargs.update(context)
        return super(IndexView, self).get_context_data(**kwargs)
 class LunaView(View):
    def get(self, request):
        msg = """
        Luna是单独部署的一个程序，你需要部署luna，coco，配置nginx做url分发, 
        如果你看到了这个页面，证明你访问的不是nginx监听的端口，祝你好运
        """
        return HttpResponse(msg)
--- a/apps/perms/serializers.py
+++ b/apps/perms/serializers.py
@ -12,7 +12,7 @@ class AssetPermissionCreateUpdateSerializer(serializers.ModelSerializer):
    class Meta:
        model = NodePermission
        fields = [
-            'node', 'user_group', 'system_user',
+            'id', 'node', 'user_group', 'system_user',
            'is_active', 'date_expired'
        ]
--- a/apps/perms/templates/perms/asset_permission_create_update.html
+++ b/apps/perms/templates/perms/asset_permission_create_update.html
@ -14,7 +14,7 @@
            <div class="col-sm-12">
                <div class="ibox float-e-margins">
                    <div class="ibox-title">
-                        <h5>{% trans 'Create asset permission ' %}</h5>
+                        <h5>{{ action }}</h5>
                        <div class="ibox-tools">
                            <a class="collapse-link">
                                <i class="fa fa-chevron-up"></i>
--- a/apps/perms/templates/perms/asset_permission_list.html
+++ b/apps/perms/templates/perms/asset_permission_list.html
@ -186,7 +186,7 @@ function initTree() {
            {#if (value["key"] === "0") {#}
            value["open"] = true;
            {# }#}
-            value["name"] = value["value"] + ' (' + value['assets_amount'] + ')'
+            value["name"] = value["value"]
        });
        zNodes = data;
        $.fn.zTree.init($("#assetTree"), setting, zNodes);
--- a/apps/static/css/jumpserver.css
+++ b/apps/static/css/jumpserver.css
@ -427,3 +427,9 @@ div.dataTables_wrapper div.dataTables_filter {
    text-align: center;
    padding: 5px 0;
 }
 .profile-dropdown li a {
    font-size: 12px !important;
 }
--- a/apps/static/css/style.css
+++ b/apps/static/css/style.css
@ -3299,7 +3299,7 @@ body.tour-open .animated {
  border-bottom: 1px solid #e7eaec;
 }
 body {
-  font-family: "open sans", "Helvetica Neue", Helvetica, Arial, sans-serif;
+  font-family: "open sans", "Helvetica Neue", "微软雅黑", Helvetica, Arial, sans-serif;
  background-color: #2f4050;
  font-size: 13px;
  color: #676a6c;
--- a/apps/static/img/logo-text.png
+++ b/apps/static/img/logo-text.png
--- a/apps/templates/_header_bar.html
+++ b/apps/templates/_header_bar.html
@ -14,8 +14,13 @@
 {#                <span class="m-r-sm text-muted welcome-message">{% trans 'Welcome to use Jumpserver system' %}</span>#}
 {#            </li>#}
            <li class="dropdown">
-                <a class="dropdown-toggle count-info" data-toggle="dropdown" href="#">
+                <a class="count-info" href="https://market.aliyun.com/products/53690006/cmgj026011.html?spm=5176.730005.0.0.cY2io1" target="_blank">
-                     <span class="m-r-sm text-muted welcome-message">{% trans 'Help' %}</span>
+                    <span class="m-r-sm text-muted welcome-message">{% trans 'Supports' %}</span>
                </a>
            </li>
            <li class="dropdown">
                <a class="count-info"  href="http://jumpserver.readthedocs.io/" target="_blank">
                     <span class="m-r-sm text-muted welcome-message">{% trans 'Docs' %}</span>
                </a>
            </li>
            <li class="dropdown">
@ -28,9 +33,8 @@
                        </span>
                    </span>
                </a>
-                <ul class="dropdown-menu animated fadeInRight m-t-xs">
+                <ul class="dropdown-menu animated fadeInRight m-t-xs profile-dropdown">
-                    <li><a href="{% url 'users:user-profile' %}"><i class="fa fa-cogs">  </i><span> {% trans 'Profile' %}</span></a></li>
+                    <li><a href="{% url 'users:user-profile' %}"><i class="fa fa-cogs"> </i><span> {% trans 'Profile' %}</span></a></li>
                    <li class="divider"></li>
                    {% if request.user.is_superuser %}
                        {% if request.COOKIES.IN_ADMIN_PAGE == 'No' %}
                            <li><a id="switch_admin"><i class="fa fa-exchange"></i><span> {% trans 'Admin page' %}</span></a></li>
@ -57,11 +61,11 @@
            <li>
                <a href="">{% trans 'Dashboard' %}</a>
            </li>
            <li>
            {% if app %}
            <li>
                <a>{{ app }}</a>
            {% endif %}
            </li>
            {% endif %}
            {% if action %}
            <li class="active">
                <strong>{{ action }}</strong>
--- a/apps/templates/_nav.html
+++ b/apps/templates/_nav.html
@ -42,6 +42,11 @@
        <li id="session-online"><a href="{% url 'terminal:session-online-list' %}">{% trans 'Session online' %}</a></li>
        <li id="session-offline"><a href="{% url 'terminal:session-offline-list' %}">{% trans 'Session offline' %}</a></li>
        <li id="command"><a href="{% url 'terminal:command-list' %}">{% trans 'Commands' %}</a></li>
        <li>
            <a href="{% url 'terminal:web-terminal' %}" target="_blank">
            <span class="nav-label">{% trans 'Web terminal' %}</span>
            </a>
        </li>
        <li id="terminal"><a href="{% url 'terminal:terminal-list' %}">{% trans 'Terminal' %}</a></li>
    </ul>
 </li>
--- a/apps/templates/_user_profile.html
+++ b/apps/templates/_user_profile.html
@ -3,7 +3,7 @@
 <li class="nav-header">
    <div class="dropdown profile-element">
        <div href="http://www.jumpserver.org" target="_blank">
-            <img alt="image" height="55" src="/static/img/logo-text.png" style="margin-left: 10px"/>
+            <img alt="logo" height="55" width="185" src="/static/img/logo-text.png" style="margin-left: 20px"/>
        </div>
    </div>
    <div class="clearfix"></div>
--- a/apps/templates/index.html
+++ b/apps/templates/index.html
@ -57,7 +57,7 @@
    <div class="row">
        <div class="col-sm-2 border-bottom white-bg dashboard-header" style="margin-left:15px;height: 346px">
            <h2>活跃用户TOP5</h2>
-            <small>过去一周共有<span class="text-info">{{ user_visit_count_weekly }}</span>位用户登录<span class="text-success">{{ asset_visit_count_weekly }}</span>次服务器.</small>
+            <small>过去一周共有<span class="text-info">{{ user_visit_count_weekly }}</span>位用户登录<span class="text-success">{{ asset_visit_count_weekly }}</span>次资产.</small>
            <ul class="list-group clear-list m-t">
                {% for data in user_visit_count_top_five %}
                    <li class="list-group-item fist-item">
--- a/apps/terminal/api.py
+++ b/apps/terminal/api.py
@ -5,14 +5,15 @@ import logging
 import os
 import uuid
 from rest_framework import viewsets, serializers
 from rest_framework.views import APIView, Response
 from rest_framework.permissions import AllowAny
 from django.core.cache import cache
 from django.shortcuts import get_object_or_404, redirect
 from django.utils import timezone
 from django.core.files.storage import default_storage
 from django.http import HttpResponseNotFound
 from rest_framework import viewsets, serializers
 from rest_framework.views import APIView, Response
 from rest_framework.permissions import AllowAny
 from rest_framework_bulk import BulkModelViewSet
 from common.utils import get_object_or_none
 from .models import Terminal, Status, Session, Task
@ -179,12 +180,29 @@ class SessionViewSet(viewsets.ModelViewSet):
        return self.queryset
-class TaskViewSet(viewsets.ModelViewSet):
+class TaskViewSet(BulkModelViewSet):
    queryset = Task.objects.all()
    serializer_class = TaskSerializer
    permission_classes = (IsSuperUserOrAppUser,)
 class KillSessionAPI(APIView):
    permission_classes = (IsSuperUserOrAppUser,)
    model = Task
    def post(self, request, *args, **kwargs):
        validated_session = []
        for session_id in request.data:
            session = get_object_or_none(Session, id=session_id)
            if session and not session.is_finished:
                validated_session.append(session_id)
                self.model.objects.create(
                    name="kill_session", args=session.id,
                    terminal=session.terminal,
                )
        return Response({"ok": validated_session})
 class CommandViewSet(viewsets.ViewSet):
    """接受app发送来的command log, 格式如下
    {
--- a/apps/terminal/models.py
+++ b/apps/terminal/models.py
@ -129,7 +129,7 @@ class Session(models.Model):
    has_command = models.BooleanField(default=False, verbose_name=_("Command"))
    terminal = models.ForeignKey(Terminal, null=True, on_delete=models.CASCADE)
    date_last_active = models.DateTimeField(verbose_name=_("Date last active"), default=timezone.now)
-    date_start = models.DateTimeField(verbose_name=_("Date start"))
+    date_start = models.DateTimeField(verbose_name=_("Date start"), db_index=True)
    date_end = models.DateTimeField(verbose_name=_("Date end"), null=True)
    class Meta:
--- a/apps/terminal/serializers.py
+++ b/apps/terminal/serializers.py
@ -3,7 +3,11 @@
 from django.utils import timezone
 from rest_framework import serializers
 from rest_framework_bulk.serializers import BulkListSerializer
 from common.mixins import BulkSerializerMixin
 from common.utils import get_object_or_none
 from .models import Terminal, Status, Session, Task
 from .backends import get_multi_command_store
@ -47,6 +51,7 @@ class SessionSerializer(serializers.ModelSerializer):
    class Meta:
        model = Session
        list_serializer_class = BulkListSerializer
        fields = '__all__'
    def get_command_amount(self, obj):
@ -60,11 +65,12 @@ class StatusSerializer(serializers.ModelSerializer):
        model = Status
-class TaskSerializer(serializers.ModelSerializer):
+class TaskSerializer(BulkSerializerMixin, serializers.ModelSerializer):
    class Meta:
        fields = '__all__'
        model = Task
        list_serializer_class = BulkListSerializer
 class ReplaySerializer(serializers.Serializer):
--- a/apps/terminal/tasks.py
+++ b/apps/terminal/tasks.py
@ -8,7 +8,7 @@ from django.utils import timezone
 from common.celery import register_as_period_task, after_app_ready_start, \
    after_app_shutdown_clean
-from .models import Status
+from .models import Status, Session
 CACHE_REFRESH_INTERVAL = 10
@ -20,11 +20,17 @@ RUNNING = False
@after_app_ready_start
@after_app_shutdown_clean
 def delete_terminal_status_period():
-    yesterday = timezone.now() - datetime.timedelta(days=1)
+    yesterday = timezone.now() - datetime.timedelta(days=3)
    Status.objects.filter(date_created__lt=yesterday).delete()
-
+@shared_task
-
+@register_as_period_task(interval=3600)
-
+@after_app_ready_start
-
+@after_app_shutdown_clean
 def clean_orphan_session():
    active_sessions = Session.objects.filter(is_finished=False)
    for session in active_sessions:
        if not session.terminal.is_active:
            session.is_finished = True
            session.save()
--- a/apps/terminal/templates/terminal/session_list.html
+++ b/apps/terminal/templates/terminal/session_list.html
@ -109,6 +109,21 @@
    {% endfor %}
 {% endblock %}
 {% block content_bottom_left %}
    <div id="actions" {% if type != "online" %} style="display: none" {% endif %}>
        <div class="input-group">
            <select class="form-control m-b" style="width: auto" id="slct_bulk_update">
                <option value="terminate">{% trans 'Terminate selected' %}</option>
            </select>
            <div class="input-group-btn pull-left" style="padding-left: 5px;">
                <button id='btn_bulk_update' style="height: 32px;"  class="btn btn-sm btn-primary">
                 {% trans 'Submit' %}
                </button>
            </div>
        </div>
    </div>
 {% endblock %}
 {% block custom_foot_js %}
    <script src="{% static 'js/plugins/datepicker/bootstrap-datepicker.js' %}"></script>
    <script>
@ -119,7 +134,7 @@
                }, 1000)
            }
            var success_message = '{% trans "Terminate task send, waiting ..." %}';
-            var the_url = "{% url 'api-terminal:tasks-list' %}";
+            var the_url = "{% url 'api-terminal:kill-session' %}";
            APIUpdateAttr({
                url: the_url,
                method: 'POST',
@ -150,14 +165,31 @@
        }).on('click', '.btn-term', function () {
            var $this = $(this);
            var session_id = $this.attr('value');
-            var terminal_id = $this.attr('terminal');
+            var data = [
-            var data = {
+                session_id
-                name: "kill_session",
+            ];
                args: session_id,
                terminal: terminal_id
            };
            terminateSession(data)
-        })
+        }).on('click', '#btn_bulk_update', function () {
            var action = $('#slct_bulk_update').val();
            var id_list = [];
            $(".cbx-term:checked").each(function (index, data) {
                id_list.push($(data).attr("value"))
            });
            if (id_list.length === 0) {
                return false;
            }
            function doTerminate() {
                terminateSession(id_list)
            }
            switch(action) {
                case 'terminate':
                    doTerminate();
                    break;
                default:
                    break;
            }
        });
    </script>
 {% endblock %}
--- a/apps/terminal/urls/api_urls.py
+++ b/apps/terminal/urls/api_urls.py
@ -22,6 +22,7 @@ urlpatterns = [
    url(r'^v1/sessions/(?P<pk>[0-9a-zA-Z\-]{36})/replay/$',
        api.SessionReplayViewSet.as_view({'get': 'retrieve', 'post': 'create'}),
        name='session-replay'),
    url(r'^v1/tasks/kill-session/', api.KillSessionAPI.as_view(), name='kill-session'),
    url(r'^v1/terminal/(?P<terminal>[a-zA-Z0-9\-]{36})/access-key', api.TerminalTokenApi.as_view(), name='terminal-access-key'),
    url(r'^v1/terminal/config', api.TerminalConfig.as_view(), name='terminal-config'),
 ]
--- a/apps/terminal/views/command.py
+++ b/apps/terminal/views/command.py
@ -6,7 +6,7 @@ from django.conf import settings
 from django.utils import timezone
 from django.utils.translation import ugettext as _
-from common.mixins import DatetimeSearchMixin
+from common.mixins import DatetimeSearchMixin, AdminUserRequiredMixin
 from ..models import Command
 from .. import utils
 from ..backends import get_multi_command_store
@ -15,7 +15,7 @@ __all__ = ['CommandListView']
 common_storage = get_multi_command_store()
-class CommandListView(DatetimeSearchMixin, ListView):
+class CommandListView(DatetimeSearchMixin, AdminUserRequiredMixin, ListView):
    model = Command
    template_name = "terminal/command_list.html"
    context_object_name = 'command_list'
--- a/apps/terminal/views/session.py
+++ b/apps/terminal/views/session.py
@ -74,6 +74,7 @@ class SessionOnlineListView(SessionListView):
        context = {
            'app': _('Terminal'),
            'action': _('Session online list'),
            'type': 'online',
            'now': timezone.now(),
        }
        kwargs.update(context)
@ -97,7 +98,7 @@ class SessionOfflineListView(SessionListView):
        return super().get_context_data(**kwargs)
-class SessionDetailView(SingleObjectMixin, ListView):
+class SessionDetailView(SingleObjectMixin, AdminUserRequiredMixin, ListView):
    template_name = 'terminal/session_detail.html'
    model = Session
    object = None
--- a/apps/users/api.py
+++ b/apps/users/api.py
@ -145,7 +145,8 @@ class UserAuthApi(APIView):
        if not login_ip:
            x_forwarded_for = request.META.get('HTTP_X_FORWARDED_FOR', '').split(',')
-            if x_forwarded_for:
+
            if x_forwarded_for and x_forwarded_for[0]:
                login_ip = x_forwarded_for[0]
            else:
                login_ip = request.META.get("REMOTE_ADDR")
--- a/apps/users/models/authentication.py
+++ b/apps/users/models/authentication.py
@ -16,7 +16,8 @@ class AccessKey(models.Model):
                          default=uuid.uuid4, editable=False)
    secret = models.UUIDField(verbose_name='AccessKeySecret',
                              default=uuid.uuid4, editable=False)
-    user = models.ForeignKey(User, verbose_name='User', on_delete=models.CASCADE, related_name='access_key')
+    user = models.ForeignKey(User, verbose_name='User',
                             on_delete=models.CASCADE, related_name='access_key')
    def get_id(self):
        return str(self.id)
--- a/apps/users/models/group.py
+++ b/apps/users/models/group.py
@ -22,6 +22,7 @@ class UserGroup(NoDeleteModelMixin):
    class Meta:
        ordering = ['name']
        verbose_name = _("User group")
    @classmethod
    def initial(cls):
--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@ -251,6 +251,7 @@ class User(AbstractUser):
    class Meta:
        ordering = ['username']
        verbose_name = _("User")
    #: Use this method initial user
    @classmethod
--- a/apps/users/templates/users/login.html
+++ b/apps/users/templates/users/login.html
@ -22,24 +22,27 @@
    <div class="loginColumns animated fadeInDown">
        <div class="row">
            <div class="col-md-6">
-                <h2 class="font-bold">欢迎使用Jumpserver开源跳板机</h2>
+                <h2 class="font-bold">欢迎使用Jumpserver开源堡垒机</h2>
                <p>
-                    符合4A规范的专业运维审计系统：拥有跳板机的所有功能，认证，授权，审计，文件上传；
+                    全球首款完全开源的堡垒机，使用GNU GPL v2.0开源协议，是符合 4A 的专业运维审计系统。
                </p>
                <p>
-                    极致的用户使用体验：拥有时尚外观是区别与以往版本和其他软件的铭牌，高雅的气质让你爱不释手；
+                    使用Python / Django 进行开发，遵循 Web 2.0 规范，配备了业界领先的 Web Terminal 解决方案，交互界面美观、用户体验好。
                </p>
                <p>
-                    混合云环境下的堡垒机：怎么能容忍传统堡垒机的繁琐步骤，Jumpserver让你极致省力;
+                    采纳分布式架构，支持多机房跨区域部署，中心节点提供 API，各机房部署登录节点，可横向扩展、无并发访问限制。
                </p>
                <p>
-                    <small>改变世界，从一点点开始。</small>
+                    改变世界，从一点点开始。
                </p>
            </div>
            <div class="col-md-6">
                <div class="ibox-content">
-                    <div><img src="{% static 'img/logo.png' %}" width="82" height="82"> <span class="font-bold text-center" style="font-size: 32px; font-family: inherit">{% trans 'Login' %}</span></div>
+                    <div>
                        <img src="{% static 'img/logo.png' %}" width="60" height="60">
                        <span class="font-bold text-center" style="font-size: 24px; font-family: inherit; margin-left: 20px">{% trans 'Login' %}</span>
                    </div>
                    <form class="m-t" role="form" method="post" action="">
                        {% csrf_token %}
                        {% if form.errors %}
@ -60,12 +63,16 @@
                        </div>
                        <button type="submit" class="btn btn-primary block full-width m-b">{% trans 'Login' %}</button>
                        {% if demo_mode %}
                        <p class="text-muted font-bold" style="color: red">
                            Demo账号: admin 密码: admin
                        </p>
                        {% endif %}
                        <a href="{% url 'users:forgot-password' %}">
                            <small>{% trans 'Forgot password' %}?</small>
                        </a>
                        <p class="text-muted text-center">
                        </p>
                    </form>
                    <p class="m-t">
                    </p>
--- a/apps/users/views/group.py
+++ b/apps/users/views/group.py
@ -92,8 +92,8 @@ class UserGroupGrantedAssetView(AdminUserRequiredMixin, DetailView):
    def get_context_data(self, **kwargs):
        context = {
-            'app': 'User',
+            'app': _('Users'),
-            'action': 'User group granted asset',
+            'action': _('User group granted asset'),
        }
        kwargs.update(context)
        return super().get_context_data(**kwargs)
--- a/apps/users/views/login.py
+++ b/apps/users/views/login.py
@ -1,6 +1,7 @@
 # ~*~ coding: utf-8 ~*~
 from __future__ import unicode_literals
 import os
 from django import forms
 from django.shortcuts import render
 from django.contrib.auth import login as auth_login, logout as auth_logout
@ -56,6 +57,7 @@ class UserLoginView(FormView):
            return HttpResponse(_("Please enable cookies and try again."))
        auth_login(self.request, form.get_user())
        x_forwarded_for = self.request.META.get('HTTP_X_FORWARDED_FOR', '').split(',')
        if x_forwarded_for and x_forwarded_for[0]:
            login_ip = x_forwarded_for[0]
        else:
@ -75,6 +77,13 @@ class UserLoginView(FormView):
            self.redirect_field_name,
            self.request.GET.get(self.redirect_field_name, reverse('index')))
    def get_context_data(self, **kwargs):
        context = {
            'demo_mode': os.environ.get("DEMO_MODE"),
        }
        kwargs.update(context)
        return super().get_context_data(**kwargs)
@method_decorator(never_cache, name='dispatch')
 class UserLogoutView(TemplateView):
@ -237,7 +246,7 @@ class LoginLogListView(DatetimeSearchMixin, ListView):
        if self.user:
            queryset = queryset.filter(username=self.user)
        if self.keyword:
-            queryset = self.queryset.filter(
+            queryset = queryset.filter(
                Q(ip__contains=self.keyword) |
                Q(city__contains=self.keyword) |
                Q(username__contains=self.keyword)
--- a/apps/users/views/user.py
+++ b/apps/users/views/user.py
@ -313,7 +313,6 @@ class UserProfileView(LoginRequiredMixin, TemplateView):
    def get_context_data(self, **kwargs):
        context = {
            'app': _('Users'),
            'action': _('Profile'),
        }
        kwargs.update(context)
--- a/docs/Makefile
+++ b/docs/Makefile
@ -0,0 +1,20 @@
 # Minimal makefile for Sphinx documentation
 #
 # You can set these variables from the command line.
 SPHINXOPTS    =
 SPHINXBUILD   = sphinx-build
 SPHINXPROJ    = Jumpserver
 SOURCEDIR     = .
 BUILDDIR      = _build
 # Put it first so that "make" without argument is like "make help".
 help:
 	@$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
 .PHONY: help Makefile
 # Catch-all target: route all unknown targets to Sphinx using the new
 # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
 %: Makefile
 	@$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
--- a/docs/_static/img/logo-text.png
+++ b/docs/_static/img/logo-text.png
--- a/docs/_static/img/structure.png
+++ b/docs/_static/img/structure.png
--- a/docs/admin_asset.rst
+++ b/docs/admin_asset.rst
@ -0,0 +1,2 @@
 资产管理模块
 =============
--- a/docs/admin_guide.rst
+++ b/docs/admin_guide.rst
@ -0,0 +1,10 @@
 管理文档
 =========
 这里介绍管理员功能。
 .. toctree::
   :maxdepth: 1
   admin_user
   admin_asset
--- a/docs/admin_user.rst
+++ b/docs/admin_user.rst
@ -0,0 +1,51 @@
 用户管理
 ========
 这里介绍用户管理模块的功能。
 点击页面左侧“用户列表”菜单下的“用户列表，进入用户列表页面。
 .. contents:: Topics
 .. _create_user:
 创建用户
 ````````
 点击页面左上角“创建用户”按钮，进入创建用户页面，填写账户，角色安全，个人等信息，点击“提交”按钮，用户创建完成。
 .. _update_user:
 更新用户
 ````````
 点击页面右边的“更新”按钮，进入编辑用户页面，编辑用户信息，点击“提交”按钮，更新用户完成。
 .. _delete_user:
 删除用户
 ````````
 点击页面右边的“删除”按钮，弹出是否删除确认框，点击“确定”按钮，删除用户完成。
 .. _export_user:
 导出用户
 ````````
 选中用户，点击右上角的“导出”按钮，导出用户完成。
 .. _inport_user:
 导入用户
 ````````
 点击右上角的“导入”按钮，弹出导入对话框，选择要导入的CSV格式文件，点击“确认”按钮，导入用户完成。
 .. _batch_operation:
 批量操作
 ````````
 选中用户，选择页面左下角的批量操作选项，点击”提交“按钮，批量操作完成。
--- a/docs/api_style_guide.rst
+++ b/docs/api_style_guide.rst
@ -0,0 +1,166 @@
 REST API规范约定
 ----------------
 这里仅考虑REST API的基本情况。参考
 `RESTful API 设计指南`_
 `github api文档`_
 协议
 ~~~~
 API与用户的通信协议，总是使用HTTPs协议。
 域名
 ~~~~
 这版api相对简单, 没有前后端分离, 没有独立app, 所以放在主域名下
 ::
    https://example.org/api/
 版本
 ~~~~
 将API的版本号放入URL中, 由于一个项目多个app所以Jumpserver使用以下风格,
 将版本号放到app后面
 ::
    https://example.com/api/:app:/:version:/:resource:
    https://example.com/api/assets/v1.0/assets [GET, POST]
    https://example.com/api/assets/v1.0/assets/1 [GET, PUT, DELETE]
 路径
 ~~~~
 路径又称“终点”（endpoint），表示API的具体网址。
 在RESTful架构中，每个网址代表一种资源（resource），所以网址中不能有动词，只能有名词，而且所用的名词往往与数据库的表格名对应。一般来说，数据库中的表都是同种记录的“集合”（collection），所以API中的名词也应该使用复数。
 举例来说 cmdb中的assets列表, idc列表
 ::
    https://example.com/api/:app:/:version:/:resource:
    https://example.com/api/assets/v1.0/assets [GET, POST]
    https://example.com/api/assets/v1.0/assets/1 [GET, PUT, DELETE]
    https://example.com/api/assets/v1.0/idcs [GET, POST]
 一般性的增删查改(CRUD)API，完全使用HTTP
 method加上url提供的语义，url中的可变部分（比如上面提到的）
 一般用来传递该API操作的核心实体对象的唯一ID，如果有更多的参数需要提供，GET方法请使用url
 parameter
 (例如：“?client_id=xxxxx&app_id=xxxxxx”)，PUT/POST/DELETE方法请使用请求体传递参数。
 HTTP Method
 ~~~~~~~~~~~
 对于资源的具体操作类型，由HTTP动词表示。
 常用的HTTP动词有下面五个（括号里是对应的SQL命令）。
 -  GET（SELECT）：从服务器取出资源（一项或多项）。
 -  POST（CREATE）：在服务器新建一个资源。
 -  PUT（UPDATE）：在服务器更新资源（客户端提供改变后的完整资源, 幂等
 -  PATCH（UPDATE）：在服务器更新资源（客户端提供改变的属性）。
 -  DELETE（DELETE）：从服务器删除资源。
 .. _RESTful API 设计指南: http://www.ruanyifeng.com/blog/2014/05/restful_api.html
 .. _github api文档: https://developer.github.com/v3/
 过滤信息
 ~~~~~~~~
 常见参数约定
 ::
    ?keyword=localhost 模糊搜索
    ?limit=10：指定返回记录的数量
    ?offset=10：指定返回记录的开始位置。
    ?page=2&per_page=100：指定第几页，以及每页的记录数。
    ?sort=name&order=asc：指定返回结果按照哪个属性排序，以及排序顺序。
    ?asset_id=1：指定筛选条件
 状态码
 ~~~~~~
 服务器向用户返回的状态码和提示信息，常见的有以下一些（方括号中是该状态码对应的HTTP动词）。
 -  200 OK -
   [GET]：服务器成功返回用户请求的数据，该操作是幂等的（Idempotent）。
 -  201 CREATED - [POST/PUT/PATCH]：用户新建或修改数据成功。
 -  202 Accepted - [*]：表示一个请求已经进入后台排队（异步任务）
 -  204 NO CONTENT - [DELETE]：用户删除数据成功。
 -  400 INVALID REQUEST -
   [POST/PUT/PATCH]：用户发出的请求有错误，服务器没有进行新建或修改数据的操作，该操作是幂等的。
 -  401 Unauthorized - [*]：表示用户没有权限（令牌、用户名、密码错误）。
 -  403 Forbidden - [*]
   表示用户得到授权（与401错误相对），但是访问是被禁止的。
 -  404 NOT FOUND -
   [*]：用户发出的请求针对的是不存在的记录，服务器没有进行操作，该操作是幂等的。
 -  406 Not Acceptable -
   [GET]：用户请求的格式不可得（比如用户请求JSON格式，但是只有XML格式）。
 -  410 Gone -[GET]：用户请求的资源被永久删除，且不会再得到的。
 -  422 Unprocesable entity - [POST/PUT/PATCH]
   当创建一个对象时，发生一个验证错误。
 -  500 INTERNAL SERVER ERROR -
   [*]：服务器发生错误，用户将无法判断发出的请求是否成功。
 错误处理
 ~~~~~~~~
 如果状态码是4xx，就应该向用户返回出错信息。一般来说，返回的信息中将error作为键名，出错信息作为键值即可。
 ::
    {
        error: "Invalid API key"
    }
 返回结果
 ~~~~~~~~
 针对不同操作，服务器向用户返回的结果应该符合以下规范。
 ::
    GET /collection：返回资源对象的列表（数组）
    GET /collection/resource：返回单个资源对象
    POST /collection：返回新生成的资源对象
    PUT /collection/resource：返回完整的资源对象
    PATCH /collection/resource：返回完整的资源对象
    DELETE /collection/resource：返回一个空文档
 Hypermedia API
 ~~~~~~~~~~~~~~
 RESTful
 API最好做到Hypermedia，即返回结果中提供链接，连向其他API方法，使得用户不查文档，也知道下一步应该做什么。
 比如，当用户向api.example.com的根目录发出请求，会得到这样一个文档。
 ::
    {"link": {
      "rel":   "collection https://www.example.com/zoos",
      "href":  "https://api.example.com/zoos",
      "title": "List of zoos",
      "type":  "application/vnd.yourformat+json"
    }}
 上面代码表示，文档中有一个link属性，用户读取这个属性就知道下一步该调用什么API了。
 rel表示这个API与当前网址的关系（collection关系，并给出该collection的网址），
 href表示API的路径，title表示API的标题，type表示返回类型。 Hypermedia
 API的设计被称为HATEOAS。 Github的API就是这种设计.
 其它
 ~~~~
 （1）API的身份认证应该使用OAuth 2.0框架。
 （2）服务器返回的数据格式，应该尽量使用JSON
--- a/docs/conf.py
+++ b/docs/conf.py
@ -0,0 +1,168 @@
 # -*- coding: utf-8 -*-
 #
 # Configuration file for the Sphinx documentation builder.
 #
 # This file does only contain a selection of the most common options. For a
 # full list see the documentation:
 # http://www.sphinx-doc.org/en/stable/config
 # -- Path setup --------------------------------------------------------------
 # If extensions (or modules to document with autodoc) are in another directory,
 # add these directories to sys.path here. If the directory is relative to the
 # documentation root, use os.path.abspath to make it absolute, like shown here.
 #
 # import os
 # import sys
 # sys.path.insert(0, os.path.abspath('.'))
 import sphinx_rtd_theme
 # -- Project information -----------------------------------------------------
 project = 'jumpserver'
 copyright = '北京堆栈科技有限公司 © 2014-2018'
 author = 'Jumpserver team'
 # The short X.Y version
 version = ''
 # The full version, including alpha/beta/rc tags
 release = '0.5.0'
 # -- General configuration ---------------------------------------------------
 # If your documentation needs a minimal Sphinx version, state it here.
 #
 # needs_sphinx = '1.0'
 # Add any Sphinx extension module names here, as strings. They can be
 # extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
 # ones.
 extensions = [
    'sphinx.ext.viewcode',
    'sphinx.ext.githubpages',
 ]
 # Add any paths that contain templates here, relative to this directory.
 templates_path = ['_templates']
 # The suffix(es) of source filenames.
 # You can specify multiple suffix as a list of string:
 #
 # source_suffix = ['.rst', '.md']
 source_suffix = '.rst'
 # The master toctree document.
 master_doc = 'index'
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
 #
 # This is also used if you do content translation via gettext catalogs.
 # Usually you set "language" from the command line for these cases.
 language = 'zh_CN'
 # List of patterns, relative to source directory, that match files and
 # directories to ignore when looking for source files.
 # This pattern also affects html_static_path and html_extra_path .
 exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
 # The name of the Pygments (syntax highlighting) style to use.
 pygments_style = 'sphinx'
 html_show_sourcelink = False
 # -- Options for HTML output -------------------------------------------------
 # The theme to use for HTML and HTML Help pages.  See the documentation for
 # a list of builtin themes.
 #
 # html_theme = 'alabaster'
 html_theme = "sphinx_rtd_theme"
 html_theme_path = [sphinx_rtd_theme.get_html_theme_path()]
 # Theme options are theme-specific and customize the look and feel of a theme
 # further.  For a list of options available for each theme, see the
 # documentation.
 #
 html_theme_options = {
    'logo_only': True,
    'display_version': False
 }
 # Add any paths that contain custom static files (such as style sheets) here,
 # relative to this directory. They are copied after the builtin static files,
 # so a file named "default.css" will overwrite the builtin "default.css".
 html_static_path = ['_static']
 # Custom sidebar templates, must be a dictionary that maps document names
 # to template names.
 #
 # The default sidebars (for documents that don't match any pattern) are
 # defined by theme itself.  Builtin themes are using these templates by
 # default: ``['localtoc.html', 'relations.html', 'sourcelink.html',
 # 'searchbox.html']``.
 #
 # html_sidebars = {}
 # -- Options for HTMLHelp output ---------------------------------------------
 # Output file base name for HTML help builder.
 htmlhelp_basename = 'Jumpserver 文档'
 # -- Options for LaTeX output ------------------------------------------------
 latex_elements = {
    # The paper size ('letterpaper' or 'a4paper').
    #
    # 'papersize': 'letterpaper',
    # The font size ('10pt', '11pt' or '12pt').
    #
    # 'pointsize': '10pt',
    # Additional stuff for the LaTeX preamble.
    #
    # 'preamble': '',
    # Latex figure (float) alignment
    #
    # 'figure_align': 'htbp',
 }
 # Grouping the document tree into LaTeX files. List of tuples
 # (source start file, target name, title,
 #  author, documentclass [howto, manual, or own class]).
 latex_documents = [
    (master_doc, 'jumpserver.tex', 'jumpserver Documentation',
     'Jumpserver team', 'manual'),
 ]
 # -- Options for manual page output ------------------------------------------
 # One entry per manual page. List of tuples
 # (source start file, name, description, authors, manual section).
 man_pages = [
    (master_doc, 'jumpserver', 'jumpserver Documentation',
     [author], 1)
 ]
 # -- Options for Texinfo output ----------------------------------------------
 # Grouping the document tree into Texinfo files. List of tuples
 # (source start file, target name, title, author,
 #  dir menu entry, description, category)
 texinfo_documents = [
    (master_doc, 'jumpserver', 'jumpserver Documentation',
     author, 'jumpserver', 'One line description of project.',
     'Miscellaneous'),
 ]
 # -- Extension configuration -------------------------------------------------
 html_logo = '_static/img/logo-text.png'
--- a/docs/contact.rst
+++ b/docs/contact.rst
@ -0,0 +1,33 @@
 联系方式
 +++++++++++++++++++++++++
 QQ群
 ~~~~~~~~
 群1: 390139816
 群2: 399218702
 群3: 552054376
 Github
 ~~~~~~~~
 https://github.com/jumpserver/jumpserver.git
 官网
 ~~~~~~~~
 http://www.jumpserver.org
 Demo
 ~~~~~~~~
 http://demo.jumpserver.org:8080
 邮件
 ~~~~~~~~
 ibuler#fit2cloud.com (#替换为@)
--- a/docs/contributor.rst
+++ b/docs/contributor.rst
@ -0,0 +1,13 @@
 贡献者
 ++++++++++++++++++++++++
 感谢一下朋友为Jumpserver做出的贡献，世界因你们而不同，排名不分先后
 - **小彧 <李磊>** Django资深开发者，为用户模块贡献了很多代码
 - **sofia <周小侠>** 资深前端工程师, 前端代码贡献者
 - **liuz <刘正> 全栈工程师** 编写了Web terminal大部分代码
 - **jiaxiangkong <陈尚委>** Jumpserver测试运营
 - **halcyon <王墉>** DevOps 资深开发者, 0.3.2 核心开发者之一
 - **yumaojun03 <喻茂峻>** DevOps 资深开发者，擅长Python, Go以及PAAS平台开发
 - **kelianchun <柯连春>** DevOps 资产开发者，fix了很多bug
--- a/docs/development.rst
+++ b/docs/development.rst
@ -0,0 +1,12 @@
 开发文档
 ======================================
 .. toctree::
   :maxdepth: 1
   :caption: 开发文档
   api_style_guide
   python_style_guide
   project_structure
--- a/docs/faq.rst
+++ b/docs/faq.rst
@ -0,0 +1,2 @@
 FAQ
 +++++++++++++++++++++
--- a/docs/index.rst
+++ b/docs/index.rst
@ -0,0 +1,29 @@
 .. jumpserver documentation master file, created by
   sphinx-quickstart on Mon Feb 26 23:28:27 2018.
   You can adapt this file completely to your liking, but it should at least
   contain the root `toctree` directive.
 Jumpserver 文档
 ======================================
 .. toctree::
   :maxdepth: 2
   :caption: 文档:
   intro
   installation
   admin_guide
   user_guide
   development
   contributor
   contact
   faq
 索引
 ==================
 * :ref:`genindex`
 * :ref:`modindex`
 * :ref:`search`
--- a/docs/installation.rst
+++ b/docs/installation.rst
@ -0,0 +1,9 @@
 安装文档
 ++++++++++++++++++++++++
 .. toctree::
   :maxdepth: 1
   quickstart
   step_by_step
   upgrade
--- a/docs/intro.rst
+++ b/docs/intro.rst
@ -0,0 +1,51 @@
 简介
 ============
 Jumpserver是混合云下更好用的堡垒机, 分布式架构设计无限扩展，轻松对接混合云资产，支持使用云存储（AWS S3, ES等）存储录像、命令
 Jumpserver颠覆传统堡垒机, 无主机和并发数量限制，支持水平扩容，FIT2CLOUD提供完备的商业服务支持，用户无后顾之忧
 Jumpserver拥有极致的用户体验, 极致UI体验，容器化的部署方式，部署过程方便快捷，可持续升级
 组件说明
 ++++++++++++++++++++++++
 Jumpserver
 ```````````
 现指Jumpserver管理后台，是核心组件(Core), 使用 Django Class Based View 风格开发，支持Restful API。
 `Github <https://github.com/jumpserver/jumpserver.git>`_
 Coco
 ````````
 实现了SSH Server 和 Web Terminal Server的组件，提供ssh和websocket接口, 使用 Paramiko 和 Flask 开发。
 `Github <https://github.com/jumpserver/coco.git>`__
 Luna
 ````````
 现在是Web Terminal前端，计划前端页面都由该项目提供，Jumpserver只提供API，不再负责后台渲染html等。
 `Github <https://github.com/jumpserver/luna.git>`__
 Guacamole
 ```````````
 Apache 跳板机项目，Jumpserver使用其组件实现RDP功能，Jumpserver并没有修改其代码而是添加了额外的插件，支持Jumpserver调用
 Jumpserver-python-sdk
 ```````````````````````
 Jumpserver API Python SDK，Coco目前使用该SDK与Jumpserver API交互
 `Github <https://github.com/jumpserver/jumpserver-python-sdk.git>`__
 组件架构图
 ++++++++++++++++++++++++
 .. image:: _static/img/structure.png
    :alt: 组件架构图
--- a/docs/old/README.md
+++ b/docs/old/README.md
--- a/docs/old/api_style_guide.md
+++ b/docs/old/api_style_guide.md
--- a/docs/old/django_class_base_view_inheritance.py
+++ b/docs/old/django_class_base_view_inheritance.py
--- a/docs/old/install.md
+++ b/docs/old/install.md
--- a/docs/old/project_structure.md
+++ b/docs/old/project_structure.md
--- a/docs/old/python_style_guide.md
+++ b/docs/old/python_style_guide.md
--- a/docs/old/table_design.xml
+++ b/docs/old/table_design.xml
--- a/docs/project_structure.rst
+++ b/docs/project_structure.rst
@ -0,0 +1,51 @@
 项目骨架
 --------
 说明如下：
 ::
    .
    ├── config-example.py               // 配置文件样例
    ├── docs                            // 所有doc文件放到该目录
    │   └── README.md
    ├── LICENSE
    ├── README.md
    ├── install                         // 安装说明
    ├── logs                            // 日志目录
    ├── apps                            // 管理后台目录，也是各app所在目录
    │   └── assets                      // app目录
    │   │   ├── admin.py
    │   │   ├── apps.py                 // 新版本django app设置文件
    │   │   ├── api.py                  // api文件
    │   │   ├── __init__.py             // 对外暴露的接口，放到该文件中，方便别的app引用
    │   │   ├── migrations              // models Migrations版本控制目录
    │   │   │   └── __init__.py
    │   │   ├── models.py               // 数据模型目录
    │   │   ├── static                  // app下静态资源目录,如果需要
    │   │   │   └── assets              // 多一层目录，防止资源重名
    │   │   │       └── some_image.png
    │   │   ├── templates               // app下模板目录
    │   │   │   └── assets              // 多一层目录，防止资源重名
    │   │   │       └── asset_list.html
    │   │   ├── templatetags            // 模板标签目录
    │   │   ├── tests.py                // 测试用例文件
    │   │   ├── urls.py                 // urlconf文件
    │   │   ├── utils.py                // 将views和api可复用的代码放在这里, api和views只是请求和返回不同
    │   │   └── views.py                // views文件
    │   ├── common
    │   │   ├── templatetags            // 通用template tag
    │   │   ├── utils.py                // 通用的函数方法
    │   │   └── views.py
    │   ├── fixtures                    // 初始化数据目录
    │   │   ├── init.json               // 初始化项目数据库
    │   │   └── fake.json               // 生成大量测试数据
    │   ├── jumpserver                  // 项目设置目录
    │   │    ├── __init__.py
    │   │    ├── settings.py            // 项目设置文件
    │   │    ├── urls.py                // 项目入口urlconf
    │   │    └── wsgi.py
    │   ├── manage.py
    │   ├── static                      // 项目静态资源目录
    │   ├── i18n                        // 项目多语言目录
    │   └── templates                   // 项目模板目录
--- a/docs/python_style_guide.rst
+++ b/docs/python_style_guide.rst
@ -0,0 +1,216 @@
 Jumpserver 项目规范（Draft）
 ============================
 语言框架
 --------
 1. Python 3.6.1 (当前最新)
 2. Django 1.11 (当前最新)
 3. Flask 0.12 Luna (当前最新)
 4. Paramiko 2.12 Coco (当前最新)
 Django规范
 ----------
 1. 尽量使用Class Base View编程，更少代码
 2. 使用Django Form
 3. 每个url独立命名，不要硬编码，同理static也是
 4. 数据库表名手动指定，不要使用默认
 5. 代码优雅简洁
 6. 注释明确优美
 7. 测试案例尽可能完整
 8. 尽可能利用Django造好的轮子
 代码风格
 --------
 Python方面大致的风格，我们采用pocoo的\ `Style
 Guidance`_\ ，但是有些细节部分会尽量放开 参考国内翻译
 基本的代码布局
 ~~~~~~~~~~~~~~
 缩进
 ^^^^
 1. Python严格采用4个空格的缩进，任何python代码都都必须遵守此规定。
 2. web部分代码(HTML, CSS,
   JavaScript)，Node.js采用2空格缩进，同样不使用tab (:raw-latex:`\t`)。
   之所以与Python不同，是因为js中有大量回调式的写法，2空格可以显著降低视觉上的负担。
 最大行长度
 ^^^^^^^^^^
 按PEP8规范，Python一般限制最大79个字符,
 但是Django的命名,url等通常比较长,
 而且21世纪都是宽屏了,所以我们限制最大120字符
 **补充说明：HTML代码不受此规范约束。**
 长语句缩进
 ^^^^^^^^^^
 编写长语句时，可以使用换行符（）换行。在这种情况下，下一行应该与上一行的最后
 一个“.”句点或“=”对齐，或者是缩进4个空格符
 ::
    this_is_a_very_long(function_call, 'with many parameters') \
        .that_returns_an_object_with_an_attribute
    MyModel.query.filter(MyModel.scalar > 120) \
                 .order_by(MyModel.name.desc()) \
                 .limit(10)
 如果你使用括号“()”或花括号“{}”为长语句换行，那么下一行应与括号或花括号对齐：
 ::
    this_is_a_very_long(function_call, 'with many parameters',
                        23, 42, 'and even more')
 对于元素众多的列表或元组，在第一个“[”或“(”之后马上换行：
 ::
    items = [
        'this is the first', 'set of items', 'with more items',
        'to come in this line', 'like this'
    ]
 .. _Style Guidance: http://www.pocoo.org/internal/styleguide/
 空行
 ^^^^
 顶层函数与类之间空两行，此外都只空一行。不要在代码中使用太多的空行来区分不同的逻辑模块。
 ::
    def hello(name):
        print 'Hello %s!' % name
    def goodbye(name):
        print 'See you %s.' % name
    class MyClass(object):
        """This is a simple docstring."""
        def __init__(self, name):
            self.name = name
        def get_annoying_name(self):
            return self.name.upper() + '!!!!111'
 语句和表达式
 ~~~~~~~~~~~~
 一般空格规则
 ^^^^^^^^^^^^
 1. 单目运算符与运算对象之间不空格（例如，-，~等），即使单目运算符位于括号内部也一样。
 2. 双目运算符与运算对象之间要空格。
 ::
    exp = -1.05
    value = (item_value / item_count) * offset / exp
    value = my_list[index]
    value = my_dict['key']
 比较
 ^^^^
 1. 任意类型之间的比较，使用“==”和“!=”。
 2. 与单例（singletons）进行比较时，使用is和is not。
 3. 永远不要与True或False进行比较（例如，不要这样写：foo ==
   False，而应该这样写：not foo）。
 否定成员关系检查
 ^^^^^^^^^^^^^^^^
 使用foo not in bar，而不是not foo in bar。
 命名约定
 ~~~~~~~~
 1. 类名称：采用骆驼拼写法（CamelCase），首字母缩略词保持大写不变（HTTPWriter，而不是HttpWriter）。
 2. 变量名：小写_以及_下划线（lowercase_with_underscores）。
 3. 方法与函数名：小写_以及_下划线（lowercase_with_underscores）。
 4. 常量：大写_以及_下划线（UPPERCASE_WITH_UNDERSCORES）。
 5. 预编译的正则表达式：name_re。
 6. 受保护的元素以一个下划线为前缀。双下划线前缀只有定义混入类（mixin
   classes）时才使用。
 7. 如果使用关键词（keywords）作为类名称，应在名称后添加后置下划线（trailing
   underscore）。
   允许与内建变量重名，不要在变量名后添加下划线进行区分。如果函数需要访问重名的内建变量，请将内建变量重新绑定为其他名称。
 8. 命名要有寓意, 不使用拼音,不使用无意义简单字母命名 (循环中计数例外 for
   i in)
 9. 命名缩写要谨慎, 尽量是大家认可的缩写
 函数和方法的参数：
 ^^^^^^^^^^^^^^^^^^
 1. 类方法：cls为第一个参数。
 2. 实例方法：self为第一个参数。
 3. property函数中使用匿名函数（lambdas）时，匿名函数的第一个参数可以用x替代，
   例如：display_name = property(lambda x: x.real_name or x.username)。
 文档注释(Docstring，即各方法，类的说明文档注释)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 所有文档字符串均以reStructuredText格式编写，方便Sphinx处理。文档字符串的行数不同，布局也不一样。
 如果只有一行，代表字符串结束的三个引号与代表字符串开始的三个引号在同一行。
 如果为多行，文档字符串中的文本紧接着代表字符串开始的三个引号编写，代表字符串结束的三个引号则自己独立成一行。
 (有能力尽可能用英文, 否则请中文优雅注释)
 ::
    def foo():
        """This is a simple docstring."""
    def bar():
        """This is a longer docstring with so much information in there
        that it spans three lines.  In this case, the closing triple quote
        is on its own line.
        """
 文档字符串应分成简短摘要（尽量一行）和详细介绍。如果必要的话，摘要与详细介绍之间空一行。
 模块头部
 ~~~~~~~~
 模块文件的头部包含有utf-8编码声明（如果模块中使用了非ASCII编码的字符，建议进行声明），以及标准的文档字符串。
 ::
    # -*- coding: utf-8 -*-
    """
        package.module
        ~~~~~~~~~~~~~~
        A brief description goes here.
        :copyright: (c) YEAR by AUTHOR.
        :license: LICENSE_NAME, see LICENSE_FILE for more details.
    """
 注释(comment)
 ~~~~~~~~~~~~~
 注释的规范与文档字符串编写规范类似。二者均以reStructuredText格式编写。
 如果使用注释来编写类属性的文档，请在#符号后添加一个冒号“:”。
 (有能力尽可能用英文, 否则请中文优雅注释)
 ::
    class User(object):
        #: the name of the user as unicode string
        name = Column(String)
        #: the sha1 hash of the password + inline salt
        pw_hash = Column(String)
--- a/docs/quickstart.rst
+++ b/docs/quickstart.rst
@ -0,0 +1,48 @@
 快速安装
 ==========================
 Jumpserver 封装了一个All in one Docker，可以快速启动。该镜像集成了所有需要的组件，可以使用外置db和redis
 Tips: 不建议在生产中使用
 Docker 安装见: `Docker官方安装文档 <https://docs.docker.com/install/>`_
 快速启动
 ```````````````
 使用root命令行输入::
    $ docker run -p 8080:80 -p 2222:2222 jumpserver/jumpserver:0.5.0-beta2
 访问
 ```````````````
 浏览器访问: http://localhost:8080
 ssh访问: ssh -p 2222 localhost
 额外环境变量
 ```````````````
 - DB_ENGINE = mysql
 - DB_HOST = mysql_host
 - DB_PORT = 3306
 - DB_USER = xxx
 - DB_PASSWORD = xxxx
 - DB_NAME = jumpserver
 - REDIS_HOST = ''
 - REDIS_PORT = ''
 - REDIS_PASSWORD = ''
 ::
   docker run -p 8080:80 -p 2222:2222 -e DB_ENGINE=mysql -e DB_HOST=192.168.1.1 -e DB_PORT=3306 -e DB_USER=root -e DB_PASSWORD=xxx -e DB_NAME=jumpserver  jumpserver/jumpserver:0.5.0-beta2
 仓库地址
 ```````````````
 https://github.com/jumpserver/Dockerfile
--- a/docs/step_by_step.rst
+++ b/docs/step_by_step.rst
@ -0,0 +1,294 @@
 一步一步安装
 --------------------------
 环境
 ~~~~
 -  系统: CentOS 7
 -  IP: 192.168.244.144
 -  关闭 selinux和防火墙
 ::
    # CentOS 7
    $ setenforce 0  # 可以设置配置文件永久关闭
    $ systemctl stop iptables.service
    $ systemctl stop firewalld.service
    # CentOS6
    $ setenforce 0
    $ service iptables stop
 一. 准备Python3和Python虚拟环境
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 **1.1 安装依赖包**
 ::
    $ yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release
 **1.2 编译安装**
 ::
    $ wget https://www.python.org/ftp/python/3.6.1/Python-3.6.1.tar.xz
    $ tar xvf Python-3.6.1.tar.xz  && cd Python-3.6.1
    $ ./configure && make && make install
 **1.3 建立python虚拟环境**
 因为CentOS
 6/7自带的是Python2，而Yum等工具依赖原来的Python，为了不扰乱原来的环境我们来使用Python虚拟环境
 ::
    $ cd /opt
    $ python3 -m venv py3
    $ source /opt/py3/bin/activate
    # 看到下面的提示符代表成功，以后运行jumpserver都要先运行以上source命令，以下所有命令均在该虚拟环境中运行
    (py3) [root@localhost py3]#
 二. 安装Jumpserver 0.5.0
 ~~~~~~~~~~~~~~~~~~~~~~~~
 **2.1 下载或clone项目**
 项目提交较多git clone时较大，你可以选择去github项目页面直接下载
 zip包，我的网速好，我直接clone了
 ::
    $ cd /opt/
    $ git clone --depth=1 https://github.com/jumpserver/jumpserver.git && cd jumpserver && git checkout dev
 **2.2 安装依赖rpm包**
 ::
    $ cd /opt/jumpserver/requirements
    $ yum -y install $(cat rpm_requirements.txt)  # 如果没有任何报错请继续
 **2.3 安装python库依赖**
 ::
    $ pip install -r requirements.txt  # 不要指定-i参数，因为镜像上可能没有最新的包，如果没有任何报错请继续
 **2.4 安装Redis, jumpserver使用redis做cache和celery broker**
 ::
    $ yum -y install redis
    $ service redis start
 **2.5 安装MySQL**
 本教程使用mysql作为数据库，如果不使用mysql可以跳过相关mysql安装和配置
 ::
    # centos7
    $ yum -y install mariadb mariadb-devel mariadb-server # centos7下安装的是mariadb
    $ service mariadb start
    # centos6
    $ yum -y install mysql mysql-devel mysql-server
    $ service mysqld start
 **2.6 创建数据库 jumpserver并授权**
 ::
    $ mysql
    > create database jumpserver default charset 'utf8';
    > grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'somepassword';
 **2.7 修改jumpserver配置文件**
 ::
    $ cd /opt/jumpserver
    $ cp config_example.py config.py
    $ vi config.py  # 我们计划修改 DevelopmentConfig中的配置，因为默认jumpserver是使用该配置，它继承自Config
 **注意: 配置文件是python格式，不要用tab，而要用空格** **注意:
 配置文件是python格式，不要用tab，而要用空格** **注意:
 配置文件是python格式，不要用tab，而要用空格**
 ::
    class DevelopmentConfig(Config):
        DEBUG = True
        DB_ENGINE = 'mysql'
        DB_HOST = '127.0.0.1'
        DB_PORT = 3306
        DB_USER = 'jumpserver'
        DB_PASSWORD = 'somepassword'
        DB_NAME = 'jumpserver'
    ...
    config = DevelopmentConfig()  # 确保使用的是刚才设置的配置文件
 **2.8 生成数据库表结构和初始化数据**
 ::
    $ cd /opt/jumpserver/utils
    $ bash make_migrations.sh
 **2.9 运行Jumpserver**
 ::
    $ cd /opt/jumpserver
    $ python run_server.py all
 运行不报错，请浏览器访问 http://192.168.244.144:8080/
 (这里只是jumpserver, 没有web terminal,所以访问web terminal会报错)
 账号:admin 密码: admin
 三. 安装 SSH Server和Web Socket Server: Coco
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 **3.1 下载clone项目**
 新开一个终端，连接测试机，别忘了 source /opt/py3/bin/activate
 ::
    $ cd /opt
    $ git clone https://github.com/jumpserver/coco.git && cd coco && git checkout dev
 **3.2 安装依赖**
 ::
    $ cd /opt/coco/requirements $ yum -y install $(cat rpm_requirements.txt) $ pip install requirements.txt
 **3.2 安装依赖**
 ::
    $ cd /opt/coco/requirements
    $ yum -y  install $(cat rpm_requirements.txt)
    $ pip install -r requirements.txt
 **3.3 查看配置文件并运行**
 ::
    $ cd /opt/coco
    $ cp conf_example.py conf.py
    $ python run_server.py
 这时需要去
 jumpserver管理后台-终端-终端(http://192.168.244.144:8080/terminal/terminal/)接受coco的注册
 ::
    Coco version 0.4.0, more see https://www.jumpserver.org
    Starting ssh server at 0.0.0.0:2222
    Quit the server with CONTROL-C.
 **3.4 测试连接**
 ::
    $ ssh -p2222 admin@192.168.244.144
    密码: admin
    如果是用在windows下，Xshell terminal登录语法如下
    $ssh admin@192.168.244.144 2222
    密码: admin
    如果能登陆代表部署成功
 四. 安装 Web Terminal 前端: Luna
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Luna已改为纯前端，需要nginx来运行访问
 下载 release包，直接解压，不需要编译
 访问 https://github.com/jumpserver/luna/releases，下载对应release包
 4.1 解压luna
 ::
    $ pwd
    /opt/
    $ tar xvf luna.tar.gz
    $ ls /opt/luna
    ...
 五. 安装Windows支持组件
 ~~~~~~~~~~~~~~~~~~~~~~~
 使用docker启动 guacamole
 .. code:: shell
    docker run \
      -p 8080:8080 \
      -e JUMPSERVER_SERVER=http://<jumpserver>:8080 \
      jumpserver/guacamole
 这里所需要注意的是guacamole暴露出来的端口是8080，若与jumpserver部署在同一主机上自定义一下。
 修改JUMPSERVER_SERVER的配置，填上jumpserver的内网地址
 六. 配置 nginx 整合各组件
 ~~~~~~~~~~~~~~~~~~~~~~~~~
 6.1 安装nginx 根据喜好选择安装方式和版本
 6.2 配置文件
 ::
    server {
        listen 80;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        location /luna/ {
            try_files $uri / /index.html;
            alias /opt/luna/;
        }
        location /media/ {
            add_header Content-Encoding gzip;
            root /opt/jumpserver/data/;
        }
        location /static/ {
            root /opt/jumpserver/data/;
        }
        location /socket.io/ {
            proxy_pass       http://localhost:5000/socket.io/;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }
        location /guacamole/ {
            proxy_pass http://<guacamole>:8080/;
        }
        location / {
            proxy_pass http://localhost:8080;
        }
    }
 6.3 运行 nginx
 6.4 访问 http://192.168.244.144
--- a/docs/upgrade.rst
+++ b/docs/upgrade.rst
@ -0,0 +1,18 @@
 升级
 ----
 1. 升级 jumpserver
 ::
    $ git pull && pip install -r requirements/requirements.txt && cd utils && sh make_migrations.sh
 2. 升级 coco
 ::
    $ git pull && cd requirements && pip install -r requirements.txt   # 不要指定 -i参数
 3. 升级 luna
 重新下载release包
--- a/docs/user_asset.rst
+++ b/docs/user_asset.rst
@ -0,0 +1,27 @@
 个人资产
 =========
 这里介绍用户个人资产相关的功能。
 .. contents:: Topics
 .. _view_personal_assets:
 查看个人资产
 ````````````
 登录个人用户，默认展示个人资产列表。点击主机名，查看资产的详细信息。
 .. _host_login:
 主机登录
 `````````
 点解页面左侧的"Web终端"，进入主机登录页，然后点击页面右侧的主机IP地址，连接主机，页面右侧会展示当前连接的终端信息。
 .. _host_logout:
 主机登出
 `````````
 在主机登录页面，选择左上角的“服务器”按钮，出现两个选项，一个“断开链接“按钮，断开当前连接的主机；另一个”断开所有链接“，断开当前所有连接的主机。
--- a/docs/user_guide.rst
+++ b/docs/user_guide.rst
@ -0,0 +1,10 @@
 用户使用文档
 =============
 这部分给您介绍Jumpserver的用户管理模块的使用方法。
 .. toctree::
   :maxdepth: 1
   user_asset
   user_info
--- a/docs/user_info.rst
+++ b/docs/user_info.rst
@ -0,0 +1,34 @@
 个人信息
 =========
 这里介绍个人信息相关的功能。
 .. contents:: Topics
 .. _view_personal_info:
 查看个人信息
 ````````````
 点击页面左侧的“个人信息”，查看用户的个人信息、SSH密钥。
 .. _modify_personal_info:
 修改个人信息
 ````````````
 在个人信息页，点击页面右上角的“设置”按钮，进入个人信息修改页面，填写个人信息，点击“提交”按钮，完成个人信息修改。
 .. _update_password:
 更新密码
 `````````
 在个人信息页，点击页面右上角的“重置密码“按钮，进入密码更新页面，填写原来密码、新密码等信息，点击“提交”按钮，完成密码更新。
 .. _update_ssh_key:
 密钥更新
 `````````
 在个人信息页，点击页面左上角的“重置SSH密钥“按钮，进入密钥更新页面，填写SSH公钥，点击“提交”按钮，完成密钥更新。
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@ -56,8 +56,8 @@ uritemplate==3.0.0
 urllib3==1.22
 vine==1.1.4
 gunicorn==19.7.1
-https://github.com/celery/django-celery-beat/zipball/master#egg=django-celery-beat
+#https://github.com/celery/django-celery-beat/zipball/master#egg=django-celery-beat
-#django_celery_beat==1.1.0
+django_celery_beat==1.1.1
 ephem==3.7.6.0
 python-gssapi==0.6.4
 jms-es-sdk