Skip to content

J
jumpserver
Unverified Commit 319a19c5 authored by wojiushixiaobai's avatar wojiushixiaobai Committed by GitHub
Browse files
Options

Merge pull request #2088 from wojiushixiaobai/docs 

[Update]更新
parents a9686750 5311a8a8
Show whitespace changes
Inline Side-by-side
Showing with 248 additions and 9 deletions
docs/admin_create_asset.rst
View file @ 319a19c5
......@@ -3,7 +3,7 @@
说明
``````````
- 到 Jumpserver 会话管理-终端管理 接受 Coco Guacamole 等应用的注册
- 到 Jumpserver 会话管理-终端管理 查看 Coco Guacamole 等应用是否在线
一、系统设置
````````````````````
......
docs/upgrade.rst
View file @ 319a19c5
......@@ -188,7 +188,7 @@
# 到 Web 会话管理 - 终端管理 接受新的注册
1.4.4 升级到 1.4.5 (下个版本,当前还未开放,请勿执行)
1.4.4 升级到 1.4.5 (未开放, 等待更新)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- 当前版本必须是 1.4.4 版本,否则请先升级到 1.4.4
......@@ -202,16 +202,146 @@
$ git pull
$ source /opt/py3/bin/activate
$ ./jms stop
.. code-block:: shell
# 备份数据库表结构文件
$ jumpserver_backup=/tmp/jumpserver_backup
$ mkdir -p $jumpserver_backup
$ mv config.py $jumpserver_backup/
$ cd /opt/jumpserver/apps
$ for d in $(ls);do
if [ -d $d ] && [ -d $d/migrations ];then
mkdir -p $jumpserver_backup/${d}/migrations
cp ${d}/migrations/*.py $jumpserver_backup/${d}/migrations/
fi
done
.. code-block:: shell
$ cd /opt/jumpserver
$ git pull
$ pip install -r requirements/requirements.txt
# 更新 config.py ,请根据你原备份的 config.py 内容进行修改
$ cp config_example.py config.py
$ vi config.py
.. code-block:: python
"""
jumpserver.config
~~~~~~~~~~~~~~~~~
Jumpserver project setting file
:copyright: (c) 2014-2017 by Jumpserver Team
:license: GPL v2, see LICENSE for more details.
"""
import os
BASE_DIR = os.path.dirname(os.path.abspath(__file__))
class Config:
"""
Jumpserver Config File
Jumpserver 配置文件
Jumpserver use this config for drive django framework running,
You can set is value or set the same envirment value,
Jumpserver look for config order: file => env => default
Jumpserver使用配置来驱动Django框架的运行,
你可以在该文件中设置,或者设置同样名称的环境变量,
Jumpserver使用配置的顺序: 文件 => 环境变量 => 默认值
"""
# SECURITY WARNING: keep the secret key used in production secret!
# 加密秘钥 生产环境中请修改为随机字符串,请勿外泄
SECRET_KEY = '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
# SECURITY WARNING: keep the bootstrap token used in production secret!
# 预共享Token coco和guacamole用来注册服务账号,不在使用原来的注册接受机制
BOOTSTRAP_TOKEN = '9JO4#n!Xup2zKZ6V'
# Development env open this, when error occur display the full process track, Production disable it
# DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
# DEBUG = False
# DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
# 日志级别
# LOG_LEVEL = 'ERROR'
# LOG_DIR = os.path.join(BASE_DIR, 'logs')
# Database setting, Support sqlite3, mysql, postgres ....
# 数据库设置
# See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
# SQLite setting:
# 使用单文件sqlite数据库
# DB_ENGINE = 'sqlite3'
# DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
# MySQL or postgres setting like:
# 使用Mysql作为数据库
DB_ENGINE = 'mysql'
DB_HOST = '127.0.0.1'
DB_PORT = 3306
DB_USER = 'jumpserver'
DB_PASSWORD = 'weakPassword'
DB_NAME = 'jumpserver'
# When Django start it will bind this host and port
# ./manage.py runserver 127.0.0.1:8080
# 运行时绑定端口
HTTP_BIND_HOST = '0.0.0.0'
HTTP_LISTEN_PORT = 8080
# Use Redis as broker for celery and web socket
# Redis配置
REDIS_HOST = '127.0.0.1'
REDIS_PORT = 6379
# REDIS_PASSWORD = ''
# REDIS_DB_CELERY_BROKER = 3
# REDIS_DB_CACHE = 4
# Use OpenID authorization
# 使用OpenID 来进行认证设置
# BASE_SITE_URL = 'http://localhost:8080'
# AUTH_OPENID = False # True or False
# AUTH_OPENID_SERVER_URL = 'https://openid-auth-server.com/'
# AUTH_OPENID_REALM_NAME = 'realm-name'
# AUTH_OPENID_CLIENT_ID = 'client-id'
# AUTH_OPENID_CLIENT_SECRET = 'client-secret'
def __init__(self):
pass
def __getattr__(self, item):
return None
class DevelopmentConfig(Config):
pass
class TestConfig(Config):
pass
class ProductionConfig(Config):
pass
# Default using Config settings, you can write if/else for different env
config = DevelopmentConfig()
.. code-block:: shell
$ pip install -r requirements/requirements.txt
$ cd utils
$ sh 1.4.4_to_1.4.5_migrations.sh
$ sh make_migrations.sh
$ cd ../
$ ./jms start all
$ ./jms start all -d
**Coco**
......@@ -223,8 +353,109 @@
$ git pull
$ source /opt/py3/bin/activate
$ ./cocod stop
$ mv conf.py $jumpserver_backup/
# 更新 conf.py ,请根据你原备份的 conf.py 内容进行修改
$ cp conf_example.py conf.py
$ vi conf.py
.. code-block:: python
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
import os
BASE_DIR = os.path.dirname(__file__)
class Config:
"""
Coco config file, coco also load config from server update setting below
"""
# 项目名称, 会用来向Jumpserver注册, 识别而已, 不能重复
# NAME = "localhost"
NAME = "coco"
# Bootstrap Token, 预共享秘钥, 用来注册coco使用的service account和terminal
# 请和jumpserver 配置文件中保持一致,注册完成后可以删除
# BOOTSTRAP_TOKEN = "9JO4#n!Xup2zKZ6V"
# Jumpserver项目的url, api请求注册会使用, 如果Jumpserver没有运行在127.0.0.1:8080,请修改此处
# CORE_HOST = os.environ.get("CORE_HOST") or 'http://127.0.0.1:8080'
CORE_HOST = 'http://127.0.0.1:8080'
# 启动时绑定的ip, 默认 0.0.0.0
# BIND_HOST = '0.0.0.0'
# 监听的SSH端口号, 默认2222
# SSHD_PORT = 2222
# 监听的HTTP/WS端口号,默认5000
# HTTPD_PORT = 5000
# 项目使用的ACCESS KEY, 默认会注册,并保存到 ACCESS_KEY_STORE中,
# 如果有需求, 可以写到配置文件中, 格式 access_key_id:access_key_secret
# ACCESS_KEY = None
# ACCESS KEY 保存的地址, 默认注册后会保存到该文件中
# ACCESS_KEY_STORE = os.path.join(BASE_DIR, 'keys', '.access_key')
# 加密密钥
# SECRET_KEY = None
# 设置日志级别 ['DEBUG', 'INFO', 'WARN', 'ERROR', 'FATAL', 'CRITICAL']
# LOG_LEVEL = 'INFO'
LOG_LEVEL = 'WARN'
# 日志存放的目录
# LOG_DIR = os.path.join(BASE_DIR, 'logs')
# Session录像存放目录
# SESSION_DIR = os.path.join(BASE_DIR, 'sessions')
# 资产显示排序方式, ['ip', 'hostname']
# ASSET_LIST_SORT_BY = 'ip'
# 登录是否支持密码认证
# PASSWORD_AUTH = True
# 登录是否支持秘钥认证
# PUBLIC_KEY_AUTH = True
# SSH白名单
# ALLOW_SSH_USER = 'all' # ['test', 'test2']
# SSH黑名单, 如果用户同时在白名单和黑名单,黑名单优先生效
# BLOCK_SSH_USER = []
# 和Jumpserver 保持心跳时间间隔
# HEARTBEAT_INTERVAL = 5
# Admin的名字,出问题会提示给用户
# ADMINS = ''
COMMAND_STORAGE = {
"TYPE": "server"
}
REPLAY_STORAGE = {
"TYPE": "server"
}
# SSH连接超时时间 (default 15 seconds)
# SSH_TIMEOUT = 15
# 语言 = en
LANGUAGE_CODE = 'zh'
config = Config()
.. code-block:: shell
$ pip install -r requirements/requirements.txt
$ ./cocod start
$ ./cocod start -d
**Guacamole**
......@@ -236,13 +467,16 @@
$ git pull
$ /etc/init.d/guacd stop
$ sh /config/tomcat8/bin/shutdown.sh
$ cp guacamole-auth-jumpserver-0.9.14.jar /config/guacamole/extensions/guacamole-auth-jumpserver-0.9.14.jar
$ cp -r guacamole-auth-jumpserver-0.9.14.jar /config/guacamole/extensions/guacamole-auth-jumpserver-0.9.14.jar
$ cd /config
$ wget https://github.com/ibuler/ssh-forward/releases/download/v0.0.5/linux-amd64.tar.gz
$ tar xf linux-amd64.tar.gz -C /bin/
$ chmod +x /bin/ssh-forward
$ export BOOTSTRAP_TOKEN=9JO4#n!Xup2zKZ6V
$ echo "export BOOTSTRAP_TOKEN=9JO4#n!Xup2zKZ6V" >> ~/.bashrc
$ /etc/init.d/guacd start
$ sh /config/tomcat8/bin/startup.sh
......@@ -271,7 +505,12 @@
$ docker rm jms_guacamole
$ docker pull wojiushixiaobai/coco:1.4.5
$ docker pull wojiushixiaobai/guacamole:1.4.5
$ docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://<Jumpserver_url> wojiushixiaobai/coco:1.4.5
$ docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> wojiushixiaobai/guacamole:1.4.5
$ docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=9JO4#n!Xup2zKZ6V wojiushixiaobai/coco:1.4.5
$ docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=9JO4#n!Xup2zKZ6V wojiushixiaobai/guacamole:1.4.5
# 到 Web 会话管理 - 终端管理 接受新的注册
# 到 Web 会话管理 - 终端管理 查看组件是否已经在线
1.4.6 及之后版本升级说明 (未开放, 等待更新)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- 如果当前版本必须小于 1.4.5 ,请先升级到 1.4.5
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment