Skip to content

J
jumpserver
Commit 0b9b94bc authored by yumaojun's avatar yumaojun
Browse files
Options

Merge branch 'bug_fix_yu' into dev 

# Conflicts:
#	service.sh
parents 77f69fbc 8aec0c1a
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 143 additions and 88 deletions
functions 0 → 100644
View file @ 0b9b94bc
This diff is collapsed.
install/install.py
View file @ 0b9b94bc
...@@ -5,16 +5,15 @@ import subprocess ...@@ -5,16 +5,15 @@ import subprocess
import time import time
import os import os
import sys import sys
import MySQLdb
from smtplib import SMTP, SMTPAuthenticationError, SMTPConnectError, SMTPSenderRefused from smtplib import SMTP, SMTPAuthenticationError, SMTPConnectError, SMTPSenderRefused
import ConfigParser import ConfigParser
import socket import socket
import fcntl
import struct
import readline
import random import random
import string import string
import re
import platform
jms_dir = os.path.dirname(os.path.abspath(os.path.dirname(__file__))) jms_dir = os.path.dirname(os.path.abspath(os.path.dirname(__file__)))
sys.path.append(jms_dir) sys.path.append(jms_dir)
...@@ -27,6 +26,13 @@ def bash(cmd): ...@@ -27,6 +26,13 @@ def bash(cmd):
return subprocess.call(cmd, shell=True) return subprocess.call(cmd, shell=True)
def valid_ip(ip):
if ('255' in ip) or (ip == "0.0.0.0"):
return False
else:
return True
def color_print(msg, color='red', exits=False): def color_print(msg, color='red', exits=False):
""" """
Print colorful string. Print colorful string.
...@@ -46,18 +52,17 @@ def color_print(msg, color='red', exits=False): ...@@ -46,18 +52,17 @@ def color_print(msg, color='red', exits=False):
return msg return msg
def get_ip_addr(ifname='eth0'): def get_ip_addr():
try: try:
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
return socket.inet_ntoa(fcntl.ioctl( s.connect(("8.8.8.8", 80))
s.fileno(), return s.getsockname()[0]
0x8915, except Exception:
struct.pack('256s', ifname[:15]) if_data = ''.join(os.popen("LANG=C ifconfig").readlines())
)[20:24]) ips = re.findall(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', if_data, flags=re.MULTILINE)
except: ip = filter(valid_ip, ips)
ips = os.popen("LANG=C ifconfig | grep \"inet addr\" | grep -v \"127.0.0.1\" | awk -F \":\" '{print $2}' | awk '{print $1}'").readlines() if ip:
if len(ips) > 0: return ip[0]
return ips[0]
return '' return ''
...@@ -75,6 +80,17 @@ class PreSetup(object): ...@@ -75,6 +80,17 @@ class PreSetup(object):
self.ip = '' self.ip = ''
self.key = ''.join(random.choice(string.ascii_lowercase + string.digits) \ self.key = ''.join(random.choice(string.ascii_lowercase + string.digits) \
for _ in range(16)) for _ in range(16))
self.dist = platform.dist()[0].lower()
@property
def _is_redhat(self):
if self.dist == "centos" or self.dist == "redhat":
return True
@property
def _is_ubuntu(self):
if self.dist == "ubuntu":
return True
def write_conf(self, conf_file=os.path.join(jms_dir, 'jumpserver.conf')): def write_conf(self, conf_file=os.path.join(jms_dir, 'jumpserver.conf')):
color_print('开始写入配置文件', 'green') color_print('开始写入配置文件', 'green')
...@@ -99,22 +115,38 @@ class PreSetup(object): ...@@ -99,22 +115,38 @@ class PreSetup(object):
def _setup_mysql(self): def _setup_mysql(self):
color_print('开始安装设置mysql (请手动设置mysql安全)', 'green') color_print('开始安装设置mysql (请手动设置mysql安全)', 'green')
color_print('默认用户名: %s 默认密码: %s' % (self.db_user, self.db_pass), 'green') color_print('默认用户名: %s 默认密码: %s' % (self.db_user, self.db_pass), 'green')
bash('yum -y install mysql-server') if self._is_redhat:
bash('service mysqld start') bash('yum -y install mysql-server')
bash('chkconfig mysqld on') bash('service mysqld start')
bash('mysql -e "create database %s default charset=utf8"' % self.db) bash('chkconfig mysqld on')
bash('mysql -e "grant all on %s.* to \'%s\'@\'%s\' identified by \'%s\'"' % (self.db, bash('mysql -e "create database %s default charset=utf8"' % self.db)
self.db_user, bash('mysql -e "grant all on %s.* to \'%s\'@\'%s\' identified by \'%s\'"' % (self.db,
self.db_host, self.db_user,
self.db_pass)) self.db_host,
self.db_pass))
@staticmethod if self._is_ubuntu:
def _set_env(): bash('echo mysql-server mysql-server/root_password select '' | debconf-set-selections')
bash('echo mysql-server mysql-server/root_password_again select '' | debconf-set-selections')
bash('apt-get -y install mysql-server')
bash('mysql -e "create database %s default charset=utf8"' % self.db)
bash('mysql -e "grant all on %s.* to \'%s\'@\'%s\' identified by \'%s\'"' % (self.db,
self.db_user,
self.db_host,
self.db_pass))
def _set_env(self):
color_print('开始关闭防火墙和selinux', 'green') color_print('开始关闭防火墙和selinux', 'green')
os.system("export LANG='en_US.UTF-8' && sed -i 's/LANG=.*/LANG=en_US.UTF-8/g' /etc/sysconfig/i18n") if self._is_redhat:
bash('service iptables stop && chkconfig iptables off && setenforce 0') os.system("export LANG='en_US.UTF-8' && sed -i 's/LANG=.*/LANG=en_US.UTF-8/g' /etc/sysconfig/i18n")
bash('service iptables stop && chkconfig iptables off && setenforce 0')
if self._is_ubuntu:
os.system("export LANG='en_US.UTF-8'")
bash("iptables -F")
bash('which selinux && setenforce 0')
def _test_db_conn(self): def _test_db_conn(self):
bash("pip install mysql-python")
import MySQLdb
try: try:
MySQLdb.connect(host=self.db_host, port=int(self.db_port), MySQLdb.connect(host=self.db_host, port=int(self.db_port),
user=self.db_user, passwd=self.db_pass, db=self.db) user=self.db_user, passwd=self.db_pass, db=self.db)
...@@ -141,15 +173,18 @@ class PreSetup(object): ...@@ -141,15 +173,18 @@ class PreSetup(object):
return True return True
return False return False
@staticmethod def _rpm_repo(self):
def _rpm_repo(): if self._is_redhat:
color_print('开始安装epel源', 'green') color_print('开始安装epel源', 'green')
bash('yum -y install epel-release') bash('yum -y install epel-release')
def _depend_rpm(self):
color_print('开始安装依赖包', 'green')
if self._is_redhat:
bash('yum -y install git python-pip mysql-devel gcc automake autoconf python-devel vim sshpass')
if self._is_ubuntu:
bash("apt-get -y install git python-pip gcc automake autoconf vim sshpass libmysqld-dev python-all-dev")
@staticmethod
def _depend_rpm():
color_print('开始安装依赖rpm包', 'green')
bash('yum -y install git python-pip mysql-devel gcc automake autoconf python-devel vim sshpass')
@staticmethod @staticmethod
def _require_pip(): def _require_pip():
...@@ -202,11 +237,11 @@ class PreSetup(object): ...@@ -202,11 +237,11 @@ class PreSetup(object):
print print
def start(self): def start(self):
# self._rpm_repo()
# self._depend_rpm()
# self._require_pip()
color_print('请务必先查看wiki https://github.com/ibuler/jumpserver/wiki/Quickinstall') color_print('请务必先查看wiki https://github.com/ibuler/jumpserver/wiki/Quickinstall')
time.sleep(3) time.sleep(3)
self._rpm_repo()
self._depend_rpm()
self._require_pip()
self._set_env() self._set_env()
self._input_ip() self._input_ip()
self._input_mysql() self._input_mysql()
......
install/next.py
View file @ 0b9b94bc
...@@ -8,6 +8,8 @@ from django.core.management import execute_from_command_line ...@@ -8,6 +8,8 @@ from django.core.management import execute_from_command_line
import shutil import shutil
import urllib import urllib
import socket import socket
import subprocess
jms_dir = os.path.dirname(os.path.abspath(os.path.dirname(__file__))) jms_dir = os.path.dirname(os.path.abspath(os.path.dirname(__file__)))
sys.path.append(jms_dir) sys.path.append(jms_dir)
...@@ -75,7 +77,8 @@ class Setup(object): ...@@ -75,7 +77,8 @@ class Setup(object):
user.delete() user.delete()
db_add_user(username=self.admin_user, password=self.admin_pass, role='SU', name='admin', groups='', db_add_user(username=self.admin_user, password=self.admin_pass, role='SU', name='admin', groups='',
admin_groups='', email='admin@jumpserver.org', uuid='MayBeYouAreTheFirstUser', is_active=True) admin_groups='', email='admin@jumpserver.org', uuid='MayBeYouAreTheFirstUser', is_active=True)
os.system('id %s &> /dev/null || useradd %s' % (self.admin_user, self.admin_user)) cmd = 'useradd %s' % self.admin_user
subprocess.call(cmd, shell=True)
@staticmethod @staticmethod
def _chmod_file(): def _chmod_file():
......
jperm/ansible_api.py
View file @ 0b9b94bc
...@@ -125,7 +125,7 @@ class MyRunner(MyInventory): ...@@ -125,7 +125,7 @@ class MyRunner(MyInventory):
self.results_raw = {} self.results_raw = {}
def run(self, module_name='shell', module_args='', timeout=10, forks=10, pattern='*', def run(self, module_name='shell', module_args='', timeout=10, forks=10, pattern='*',
become=False, become_method='sudo', become_user='root', become_pass='', transport='paramiko'): become=False, become_method='sudo', become_user='root', become_pass='', transport='smart'):
""" """
run module from andible ad-hoc. run module from andible ad-hoc.
module_name: ansible module_name module_name: ansible module_name
......
jperm/views.py
View file @ 0b9b94bc
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
from __future__ import unicode_literals
from django.db.models import Q from django.db.models import Q
from django.http import HttpResponseBadRequest, HttpResponseNotAllowed from django.http import HttpResponseBadRequest, HttpResponseNotAllowed
...@@ -705,8 +706,14 @@ def perm_role_recycle(request): ...@@ -705,8 +706,14 @@ def perm_role_recycle(request):
recycle_assets.append(asset) recycle_assets.append(asset)
recycle_resource = gen_resource(recycle_assets) recycle_resource = gen_resource(recycle_assets)
task = MyTask(recycle_resource) task = MyTask(recycle_resource)
# TODO: 判断返回结果,处理异常 try:
msg = task.del_user(get_object(PermRole, id=role_id).name) msg_del_user = task.del_user(get_object(PermRole, id=role_id).name)
msg_del_sudo = task.del_user_sudo(get_object(PermRole, id=role_id).name)
logger.info("recycle user msg: %s" % msg_del_user)
logger.info("recycle sudo msg: %s" % msg_del_sudo)
except Exception, e:
logger.warning("Recycle Role failed: %s" % e)
raise ServerError(u"回收已推送的系统用户失败: %s" % e)
for asset_id in asset_ids: for asset_id in asset_ids:
asset = get_object(Asset, id=asset_id) asset = get_object(Asset, id=asset_id)
......
service.sh
View file @ 0b9b94bc
...@@ -9,64 +9,77 @@ ...@@ -9,64 +9,77 @@
# Site: http://www.jumpserver.org # Site: http://www.jumpserver.org
# Author: Jumpserver Team # Author: Jumpserver Team
. /etc/init.d/functions base_dir=$(dirname $0)
. ${base_dir}/functions
export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/opt/node/bin export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/opt/node/bin
base_dir=$(dirname $0)
PROC_NAME="jumpsever" PROC_NAME="jumpsever"
lockfile=/var/lock/subsys/${PROC_NAME} lockfile=/var/lock/subsys/${PROC_NAME}
start() { start() {
jump_start=$"Starting ${PROC_NAME} service:" jump_start=$"Starting ${PROC_NAME} service:"
if [ -f $lockfile ];then if [ -f $lockfile ];then
echo "jumpserver is running..." echo "jumpserver is running..."
success "$jump_start" success "$jump_start"
else else
# daemon python $base_dir/manage.py runserver 0.0.0.0:80 &>> /tmp/jumpserver.log 2>&1 & daemon python $base_dir/manage.py runserver 0.0.0.0:80 &>> /tmp/jumpserver.log 2>&1 &
daemon python $base_dir/manage.py crontab add &>> /tmp/jumpserver.log 2>&1 daemon python $base_dir/manage.py crontab add &>> /tmp/jumpserver.log 2>&1
daemon python $base_dir/run_websocket.py &> /dev/null 2>&1 & daemon python $base_dir/run_websocket.py &> /dev/null 2>&1 &
sleep 4 sleep 4
echo -n "$jump_start" echo -n "$jump_start"
nums=0 nums=0
for i in manage.py run_websocket.py;do for i in manage.py run_websocket.py;do
ps aux | grep "$i" | grep -v 'grep' &> /dev/null && let nums+=1 || echo "$i not running" if ps aux | grep "$i" | grep -v 'grep' &> /dev/null; then
nums=$[nums+1]
else
echo "$i not running"
fi
done done
if [ "x$nums" == "x2" ];then if [ "x$nums" == "x2" ];then
success "$jump_start" success "$jump_start"
if [ ! -e $lockfile ]; then
lockfile_dir=`dirname $lockfile`
mkdir -pv $lockfile_dir
fi
touch "$lockfile" touch "$lockfile"
echo echo
else else
failure "$jump_start" failure "$jump_start"
echo echo
fi fi
fi fi
} }
stop() { stop() {
echo -n $"Stopping ${PROC_NAME} service:" echo -n $"Stopping ${PROC_NAME} service:"
daemon python $base_dir/manage.py crontab remove &>> /tmp/jumpserver.log 2>&1 daemon python $base_dir/manage.py crontab remove &>> /tmp/jumpserver.log 2>&1
ps aux | grep -E 'manage.py|run_websocket.py' | grep -v grep | awk '{print $2}' | xargs kill -9 &> /dev/null ps aux | grep -E 'manage.py|run_websocket.py' | grep -v grep | awk '{print $2}' | xargs kill -9 &> /dev/null
ret=$? ret=$?
if [ $ret -eq 0 ]; then if [ $ret -eq 0 ]; then
echo_success echo_success
echo echo
rm -f "$lockfile" rm -f "$lockfile"
else else
echo_failure echo_failure
echo echo
rm -f "$lockfile" rm -f "$lockfile"
fi fi
} }
...@@ -78,22 +91,19 @@ restart(){ ...@@ -78,22 +91,19 @@ restart(){
} }
# See how we were called. # See how we were called.
case "$1" in case "$1" in
start) start)
start start
;; ;;
stop) stop)
stop stop
;; ;;
restart) restart)
restart restart
;; ;;
*) *)
echo $"Usage: $0 {start|stop|restart}" echo $"Usage: $0 {start|stop|restart}"
exit 2 exit 2
esac esac
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment