From d51b3eff6a1939e89e30d962645a88b0484cea51 Mon Sep 17 00:00:00 2001
From: ibuler <ibuler@qq.com>
Date: Thu, 21 Dec 2017 18:54:29 +0800
Subject: [PATCH] =?UTF-8?q?[Update]=20=E4=BF=AE=E6=94=B9settings=E5=92=8C?=
=?UTF-8?q?=E9=85=8D=E7=BD=AE=E6=96=87=E4=BB=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.gitignore | 1 +
Dockerfile | 7 +--
apps/jumpserver/settings.py | 69 ++++++++++-----------
apps/manage.py | 1 -
apps/perms/api.py | 3 +-
apps/terminal/backends/__init__.py | 2 +-
apps/users/models/user.py | 9 +--
config_docker.py | 50 ++-------------
config_example.py | 75 +++++------------------
install/example.sh => data/media/.gitkeep | 0
requirements/requirements.txt | 1 +
requirements/rpm_requirements.txt | 2 +-
12 files changed, 67 insertions(+), 153 deletions(-)
mode change 100644 => 100755 apps/manage.py
rename install/example.sh => data/media/.gitkeep (100%)
diff --git a/.gitignore b/.gitignore
index 89b6e1384..1cc61cd36 100644
--- a/.gitignore
+++ b/.gitignore
@@ -25,3 +25,4 @@ jumpserver.iml
.python-version
tmp/*
sessions/*
+media
diff --git a/Dockerfile b/Dockerfile
index 3e77af6f3..019b20510 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
-FROM jumpserver/python:v3.6.1
-LABEL MAINTAINER Jumpserver Team <ibuler@qq.com>
+FROM jumpserver/python:3
+MAINTAINER Jumpserver Team <ibuler@qq.com>
COPY . /opt/jumpserver
@@ -7,9 +7,8 @@ WORKDIR /opt/jumpserver
RUN yum -y install epel-release && yum clean all -y
RUN cd requirements && yum -y install $(cat rpm_requirements.txt) && yum clean all -y
-RUN cd requirements && pip install -r requirements.txt
+RUN cd requirements && pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple
-RUN rm -f data/db.sqlite3
RUN rm -r .git
RUN rm -f config.py
diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py
index a1c6bf388..040a92cc4 100644
--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@@ -119,31 +119,31 @@ SESSION_COOKIE_DOMAIN = CONFIG.SESSION_COOKIE_DOMAIN or None
CSRF_COOKIE_DOMAIN = CONFIG.CSRF_COOKIE_DOMAIN or None
SESSION_COOKIE_AGE = CONFIG.SESSION_COOKIE_AGE or 3600*24
-
MESSAGE_STORAGE = 'django.contrib.messages.storage.cookie.CookieStorage'
# Database
# https://docs.djangoproject.com/en/1.10/ref/settings/#databases
-if CONFIG.DB_ENGINE == 'sqlite':
- DATABASES = {
- 'default': {
- 'ENGINE': 'django.db.backends.sqlite3',
- 'NAME': CONFIG.DB_NAME or os.path.join(BASE_DIR, 'data', 'db.sqlite3'),
- 'ATOMIC_REQUESTS': True,
- }
- }
-else:
- DATABASES = {
- 'default': {
- 'ENGINE': 'django.db.backends.%s' % CONFIG.DB_ENGINE,
- 'NAME': CONFIG.DB_NAME,
- 'HOST': CONFIG.DB_HOST,
- 'PORT': CONFIG.DB_PORT,
- 'USER': CONFIG.DB_USER,
- 'PASSWORD': CONFIG.DB_PASSWORD,
- 'ATOMIC_REQUESTS': True,
- }
+# if CONFIG.DB_ENGINE == 'sqlite':
+# DATABASES = {
+# 'default': {
+# 'ENGINE': 'django.db.backends.sqlite3',
+# 'NAME': CONFIG.DB_NAME or os.path.join(BASE_DIR, 'data', 'db.sqlite3'),
+# 'ATOMIC_REQUESTS': True,
+# }
+# }
+
+print(CONFIG.DB_ENGINE)
+DATABASES = {
+ 'default': {
+ 'ENGINE': 'django.db.backends.{}'.format(CONFIG.DB_ENGINE),
+ 'NAME': CONFIG.DB_NAME,
+ 'HOST': CONFIG.DB_HOST,
+ 'PORT': CONFIG.DB_PORT,
+ 'USER': CONFIG.DB_USER,
+ 'PASSWORD': CONFIG.DB_PASSWORD,
+ 'ATOMIC_REQUESTS': True,
}
+}
# Password validation
# https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators
@@ -193,7 +193,7 @@ LOGGING = {
'level': 'DEBUG',
'class': 'logging.FileHandler',
'formatter': 'main',
- 'filename': os.path.join(PROJECT_DIR, 'logs', 'jumpserver.log')
+ 'filename': os.path.join(CONFIG.LOG_DIR, 'jumpserver.log')
},
'ansible_logs': {
'level': 'DEBUG',
@@ -275,7 +275,7 @@ MEDIA_ROOT = os.path.join(PROJECT_DIR, 'data', 'media').replace('\\', '/') + '/'
# BOOTSTRAP_COLUMN_COUNT = 11
# Init data or generate fake data source for development
-FIXTURE_DIRS = [os.path.join(BASE_DIR, 'fixtures'), ]
+FIXTURE_DIRS = [os.path.join(BASE_DIR, 'fixtures'),]
# Email config
EMAIL_HOST = CONFIG.EMAIL_HOST
@@ -313,17 +313,16 @@ AUTH_USER_MODEL = 'users.User'
# Auth LDAP settings
if CONFIG.AUTH_LDAP:
AUTHENTICATION_BACKENDS.insert(0, 'django_auth_ldap.backend.LDAPBackend')
-AUTH_LDAP_SERVER_URI = CONFIG.AUTH_LDAP_SERVER_URI
-AUTH_LDAP_BIND_DN = CONFIG.AUTH_LDAP_BIND_DN
-AUTH_LDAP_BIND_PASSWORD = CONFIG.AUTH_LDAP_BIND_PASSWORD
-# AUTH_LDAP_USER_DN_TEMPLATE = CONFIG.AUTH_LDAP_USER_DN_TEMPLATE
-AUTH_LDAP_USER_SEARCH = LDAPSearch(
- CONFIG.AUTH_LDAP_SEARCH_OU,
- ldap.SCOPE_SUBTREE,
- CONFIG.AUTH_LDAP_SEARCH_FILTER
-)
-AUTH_LDAP_START_TLS = CONFIG.AUTH_LDAP_START_TLS
-AUTH_LDAP_USER_ATTR_MAP = CONFIG.AUTH_LDAP_USER_ATTR_MAP
+ AUTH_LDAP_SERVER_URI = CONFIG.AUTH_LDAP_SERVER_URI
+ AUTH_LDAP_BIND_DN = CONFIG.AUTH_LDAP_BIND_DN
+ AUTH_LDAP_BIND_PASSWORD = CONFIG.AUTH_LDAP_BIND_PASSWORD
+ AUTH_LDAP_USER_SEARCH = LDAPSearch(
+ CONFIG.AUTH_LDAP_SEARCH_OU,
+ ldap.SCOPE_SUBTREE,
+ CONFIG.AUTH_LDAP_SEARCH_FILTER
+ )
+ AUTH_LDAP_START_TLS = CONFIG.AUTH_LDAP_START_TLS
+ AUTH_LDAP_USER_ATTR_MAP = CONFIG.AUTH_LDAP_USER_ATTR_MAP
# Celery using redis as broker
BROKER_URL = 'redis://:%(password)s@%(host)s:%(port)s/3' % {
@@ -360,9 +359,7 @@ CAPTCHA_FOREGROUND_COLOR = '#001100'
CAPTCHA_NOISE_FUNCTIONS = ('captcha.helpers.noise_dots',)
CAPTCHA_TEST_MODE = CONFIG.CAPTCHA_TEST_MODE
-COMMAND_STORE_BACKEND = 'terminal.backends.command.db'
-REPLAY_STORE_BACKEND = 'terminal.backends.replay.db'
-
+COMMAND_STORAGE_BACKEND = 'terminal.backends.command.db'
# Django bootstrap3 setting, more see http://django-bootstrap3.readthedocs.io/en/latest/settings.html
BOOTSTRAP3 = {
diff --git a/apps/manage.py b/apps/manage.py
old mode 100644
new mode 100755
index 4749e5693..d24c5fd38
--- a/apps/manage.py
+++ b/apps/manage.py
@@ -6,7 +6,6 @@ import errno
if __name__ == "__main__":
try:
os.makedirs('../logs')
- os.makedirs('../sessions')
except:
pass
diff --git a/apps/perms/api.py b/apps/perms/api.py
index b63d619b0..7a2a3b339 100644
--- a/apps/perms/api.py
+++ b/apps/perms/api.py
@@ -5,8 +5,9 @@ from django.shortcuts import get_object_or_404
from rest_framework.views import APIView, Response
from rest_framework.generics import ListAPIView, get_object_or_404, RetrieveUpdateAPIView
from rest_framework import viewsets
-from users.permissions import IsValidUser, IsSuperUser, IsAppUser, IsSuperUserOrAppUser
+
from common.utils import get_object_or_none
+from users.permissions import IsValidUser, IsSuperUser, IsAppUser, IsSuperUserOrAppUser
from .utils import get_user_granted_assets, get_user_granted_asset_groups, \
get_user_asset_permissions, get_user_group_asset_permissions, \
get_user_group_granted_assets, get_user_group_granted_asset_groups
diff --git a/apps/terminal/backends/__init__.py b/apps/terminal/backends/__init__.py
index 3696db49b..6baaed3c4 100644
--- a/apps/terminal/backends/__init__.py
+++ b/apps/terminal/backends/__init__.py
@@ -4,7 +4,7 @@ from .command.serializers import SessionCommandSerializer
def get_command_store():
- command_engine = import_module(settings.COMMAND_STORE_BACKEND)
+ command_engine = import_module(settings.COMMAND_STORAGE_BACKEND)
command_store = command_engine.CommandStore()
return command_store
diff --git a/apps/users/models/user.py b/apps/users/models/user.py
index 81faccf6c..eedb9786f 100644
--- a/apps/users/models/user.py
+++ b/apps/users/models/user.py
@@ -211,10 +211,11 @@ class User(AbstractUser):
@classmethod
def create_app_user(cls, name, comment):
from . import AccessKey
- domain_name = settings.CONFIG.DOMAIN_NAME or 'jumpserver.org'
- app = cls.objects.create(username=name, name=name, email='%s@%s' % (name, domain_name), is_active=False,
- role='App', enable_otp=False, comment=comment, is_first_login=False,
- created_by='System')
+ app = cls.objects.create(
+ username=name, name=name, email='%s@local.domain'.format(),
+ is_active=False, role='App', enable_otp=False, comment=comment,
+ is_first_login=False, created_by='System'
+ )
access_key = AccessKey.objects.create(user=app)
return app, access_key
diff --git a/config_docker.py b/config_docker.py
index 9208d855f..d23dbe4a1 100644
--- a/config_docker.py
+++ b/config_docker.py
@@ -24,7 +24,7 @@ class Config:
# It's used to identify your site, When we send a create mail to user, we only know login url is /login/
# But we should know the absolute url like: http://jms.jumpserver.org/login/, so SITE_URL is
# HTTP_PROTOCOL://HOST[:PORT]
- SITE_URL = 'http://localhost'
+ SITE_URL = os.environ.get("SITE_URL") or 'http://localhost'
# Domain name, If set app email will set as it
DOMAIN_NAME = 'jumpserver.org'
@@ -33,10 +33,10 @@ class Config:
ALLOWED_HOSTS = ['*']
# Development env open this, when error occur display the full process track, Production disable it
- DEBUG = True
+ DEBUG = os.environ.get("DEBUG") or False
# DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
- LOG_LEVEL = 'DEBUG'
+ LOG_LEVEL = os.environ.get('INFO') or 'INFO'
# Database setting, Support sqlite3, mysql, postgres ....
# See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
@@ -113,50 +113,8 @@ class Config:
return None
-class DevelopmentConfig(Config):
- DEBUG = True
- DISPLAY_PER_PAGE = 20
- DB_ENGINE = 'sqlite'
- DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
- EMAIL_HOST = 'smtp.exmail.qq.com'
- EMAIL_PORT = 465
- EMAIL_HOST_USER = 'a@jumpserver.org'
- EMAIL_HOST_PASSWORD = 'somepasswrd'
- EMAIL_USE_SSL = True
- EMAIL_USE_TLS = False
- EMAIL_SUBJECT_PREFIX = '[Jumpserver] '
- SITE_URL = 'http://localhost:8080'
-
-
-class ProductionConfig(Config):
- DEBUG = False
- DB_ENGINE = 'mysql'
- DB_HOST = '127.0.0.1'
- DB_PORT = 3306
- DB_USER = 'root'
- DB_PASSWORD = ''
- DB_NAME = 'jumpserver'
-
-
-class DockerConfig(Config):
- DB_ENGINE = 'sqlite'
- DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
- REDIS_HOST = os.environ.get('REDIS_HOST') or 'redis'
- EMAIL_HOST = os.environ.get('EMAIL_HOST') or 'smtp.qq.com'
- EMAIL_PORT = int(os.environ.get('EMAIL_PORT', 465))
- EMAIL_HOST_USER = os.environ.get('EMAIL_HOST_USER') or 'admin'
- EMAIL_HOST_PASSWORD = os.environ.get('EMAIL_HOST_PASSWORD') or 'somepasswrd'
- EMAIL_USE_SSL = True if EMAIL_PORT == 465 else False
- EMAIL_USE_TLS = True if EMAIL_PORT == 587 else False
- EMAIL_SUBJECT_PREFIX = os.environ.get('EMAIL_SUBJECT_PREFIX') or '[Jumpserver] '
- SITE_URL = os.environ.get('SITE_URL') or 'http://localhost:8080'
-
-
config = {
- 'development': DevelopmentConfig,
- 'production': ProductionConfig,
- 'default': DevelopmentConfig,
- 'docker': DockerConfig,
+ 'docker': Config,
}
env = 'docker'
diff --git a/config_example.py b/config_example.py
index f209ee261..95c6414c6 100644
--- a/config_example.py
+++ b/config_example.py
@@ -8,11 +8,8 @@
:license: GPL v2, see LICENSE for more details.
"""
import os
-import ldap
-from django_auth_ldap.config import LDAPSearch
BASE_DIR = os.path.dirname(os.path.abspath(__file__))
-LOG_DIR = os.path.join(BASE_DIR, 'logs')
class Config:
@@ -20,7 +17,7 @@ class Config:
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = os.environ.get('SECRET_KEY') or '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
- # How many line display every page, default 25
+ # How many line display every page if using django pager, default 25
DISPLAY_PER_PAGE = 25
# It's used to identify your site, When we send a create mail to user, we only know login url is /login/
@@ -28,9 +25,6 @@ class Config:
# HTTP_PROTOCOL://HOST[:PORT]
SITE_URL = 'http://localhost'
- # Domain name, If set app email will set as it
- DOMAIN_NAME = 'jumpserver.org'
-
# Django security setting, if your disable debug model, you should setting that
ALLOWED_HOSTS = ['*']
@@ -39,15 +33,16 @@ class Config:
# DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
LOG_LEVEL = 'DEBUG'
+ LOG_DIR = os.path.join(BASE_DIR, 'logs')
# Database setting, Support sqlite3, mysql, postgres ....
# See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
- # Sqlite setting:
- DATABASE_ENGINE = 'sqlite3'
+ # SQLite setting:
+ DB_ENGINE = 'sqlite3'
DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
- # Mysql or postgres setting like:
+ # MySQL or postgres setting like:
# DB_ENGINE = 'mysql'
# DB_HOST = '127.0.0.1'
# DB_PORT = 3306
@@ -55,12 +50,6 @@ class Config:
# DB_PASSWORD = ''
# DB_NAME = 'jumpserver'
- # When Django start it will bind this host and port
- # ./manage.py runserver 127.0.0.1:8080
- # Todo: Gunicorn or uwsgi run may be use it
- HTTP_BIND_HOST = '0.0.0.0'
- HTTP_LISTEN_PORT = 8080
-
# Use Redis as broker for celery and web socket
REDIS_HOST = '127.0.0.1'
REDIS_PORT = 6379
@@ -71,24 +60,20 @@ class Config:
'port': REDIS_PORT,
}
- # Api token expiration when create
+ # Api token expiration when create, Jumpserver refresh time when request arrive
TOKEN_EXPIRATION = 3600
- # Session and csrf domain settings, If you deploy jumpserver,coco,luna standby,
- # So than share cookie, and you need use a same top-level domain name
-
- # SESSION_COOKIE_DOMAIN = '.jms.com'
- # CSRF_COOKIE_DOMAIN = '.jms.com'
+ # Session and csrf domain settings
SESSION_COOKIE_AGE = 3600*24
# Email SMTP setting, we only support smtp send mail
- # EMAIL_HOST = 'smtp.qq.com'
- # EMAIL_PORT = 25
- # EMAIL_HOST_USER = ''
- # EMAIL_HOST_PASSWORD = ''
- # EMAIL_USE_SSL = False # If port is 465, set True
- # EMAIL_USE_TLS = False # If port is 587, set True
- # EMAIL_SUBJECT_PREFIX = '[Jumpserver] '
+ EMAIL_HOST = 'smtp.163.com'
+ EMAIL_PORT = 25
+ EMAIL_HOST_USER = ''
+ EMAIL_HOST_PASSWORD = '' # Caution: Some SMTP server using `Authorization Code` except password
+ EMAIL_USE_SSL = True if EMAIL_PORT == 465 else False
+ EMAIL_USE_TLS = True if EMAIL_PORT == 587 else False
+ EMAIL_SUBJECT_PREFIX = '[Jumpserver] '
CAPTCHA_TEST_MODE = False
@@ -116,36 +101,8 @@ class Config:
return None
-class DevelopmentConfig(Config):
- DEBUG = True
- DISPLAY_PER_PAGE = 20
- DB_ENGINE = 'sqlite'
- DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
- EMAIL_HOST = 'smtp.exmail.qq.com'
- EMAIL_PORT = 465
- EMAIL_HOST_USER = 'a@jumpserver.org'
- EMAIL_HOST_PASSWORD = 'somepasswrd'
- EMAIL_USE_SSL = True
- EMAIL_USE_TLS = False
- EMAIL_SUBJECT_PREFIX = '[Jumpserver] '
- SITE_URL = 'http://localhost:8080'
-
-
-class ProductionConfig(Config):
- DEBUG = False
- DB_ENGINE = 'mysql'
- DB_HOST = '127.0.0.1'
- DB_PORT = 3306
- DB_USER = 'root'
- DB_PASSWORD = ''
- DB_NAME = 'jumpserver'
-
-
config = {
- 'development': DevelopmentConfig,
- 'production': ProductionConfig,
-
- 'default': DevelopmentConfig,
+ 'default': Config,
}
-env = 'development'
+env = 'default'
diff --git a/install/example.sh b/data/media/.gitkeep
similarity index 100%
rename from install/example.sh
rename to data/media/.gitkeep
diff --git a/requirements/requirements.txt b/requirements/requirements.txt
index 293c97fea..b25089107 100644
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@@ -56,3 +56,4 @@ sshpubkeys==2.2.0
uritemplate==3.0.0
urllib3==1.22
vine==1.1.4
+gunicorn==19.7.1
diff --git a/requirements/rpm_requirements.txt b/requirements/rpm_requirements.txt
index 4a0d6c029..664c67228 100644
--- a/requirements/rpm_requirements.txt
+++ b/requirements/rpm_requirements.txt
@@ -1 +1 @@
-libtiff-devel libjpeg-devel libzip-devel freetype-devel lcms2-devel libwebp-devel tcl-devel tk-devel sshpass openldap-devel
+libtiff-devel libjpeg-devel libzip-devel freetype-devel lcms2-devel libwebp-devel tcl-devel tk-devel sshpass openldap-devel mysql-devel libffi-devel