Config (#2322)

* [Update] 修改配置文件 * [Update] 修改配置文件形式

Config (#2322)
* [Update] 修改配置文件 * [Update] 修改配置文件形式
35403086 · 老广 · GitHub · 9ab3f044 · 35403086 · 35403086
Unverified Commit 35403086 authored Jan 07, 2019 by 老广 Committed by GitHub Jan 07, 2019
6 changed files
--- a/.gitignore
+++ b/.gitignore
@@ -17,6 +17,7 @@ dump.rdb
 .idea/
 db.sqlite3
 config.py
+config.yml
 *.log
 host_rsa_key
 *.bat

--- a/apps/jumpserver/conf.py
+++ b/apps/jumpserver/conf.py
@@ -286,8 +286,8 @@ class Config(dict):


 defaults = {
-    'SECRET_KEY': '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x',
-    'BOOTSTRAP_TOKEN': 'PleaseChangeMe',
+    'SECRET_KEY': '',
+    'BOOTSTRAP_TOKEN': '',
    'DEBUG': True,
    'SITE_URL': 'http://localhost',
    'LOG_LEVEL': 'DEBUG',
@@ -312,6 +312,7 @@ defaults = {
    'SESSION_COOKIE_AGE': 3600 * 24,
    'SESSION_EXPIRE_AT_BROWSER_CLOSE': False,
    'AUTH_OPENID': False,
+    'OTP_VALID_WINDOW': 0,
    'OTP_ISSUER_NAME': 'Jumpserver',
    'EMAIL_SUFFIX': 'jumpserver.org',
    'TERMINAL_PASSWORD_AUTH': True,
@@ -330,21 +331,40 @@ defaults = {
    'SECURITY_PASSWORD_LOWER_CASE': False,
    'SECURITY_PASSWORD_NUMBER': False,
    'SECURITY_PASSWORD_SPECIAL_CHAR': False,
+    'HTTP_BIND_HOST': '0.0.0.0',
+    'HTTP_LISTEN_PORT': 8080,
 }


 def load_user_config():
    sys.path.insert(0, PROJECT_DIR)
    config = Config(PROJECT_DIR, defaults)
+    loaded = False
+
+    for i in ['config.yml', 'config.yaml']:
+        if os.path.isfile(os.path.join(config.root_path, i)):
+            config.from_yaml(i)
+            loaded = True
+
    try:
        from config import config as c
        config.from_object(c)
+        loaded = True
    except ImportError:
+        pass
+
+    try:
+        config.from_yaml('config.yml')
+        loaded = True
+    except IOError:
+        pass
+
+    if not loaded:
        msg = """
    
        Error: No config file found.
    
-        You can run `cp config_example.py config.py`, and edit it.
+        You can run `cp config_example.yml config.yml`, and edit it.
        """
        raise ImportError(msg)
    return config
--- a/config_docker.py
+++ b/config_docker.py
-"""
-    jumpserver.config
-    ~~~~~~~~~~~~~~~~~
-
-    Jumpserver project setting file
-
-    :copyright: (c) 2014-2017 by Jumpserver Team
-    :license: GPL v2, see LICENSE for more details.
-"""
-import os
-import json
-
-BASE_DIR = os.path.dirname(os.path.abspath(__file__))
-
-
-class Config:
-    # Use it to encrypt or decrypt data
-    # SECURITY WARNING: keep the secret key used in production secret!
-    SECRET_KEY = os.environ.get('SECRET_KEY') or '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
-
-    # How many line display every page if using django pager, default 25
-    DISPLAY_PER_PAGE = 25
-
-    # It's used to identify your site, When we send a create mail to user, we only know login url is /login/
-    # But we should know the absolute url like: http://jms.jumpserver.org/login/, so SITE_URL is
-    # HTTP_PROTOCOL://HOST[:PORT]
-    SITE_URL = 'http://localhost'
-
-    # Django security setting, if your disable debug model, you should setting that
-    ALLOWED_HOSTS = ['*']
-
-    # Development env open this, when error occur display the full process track, Production disable it
-    DEBUG = True
-
-    # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
-    LOG_LEVEL = 'DEBUG'
-    LOG_DIR = os.path.join(BASE_DIR, 'logs')
-
-    # Database setting, Support sqlite3, mysql, postgres ....
-    # See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
-
-    # SQLite setting:
-    DB_ENGINE = 'sqlite3'
-    DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
-
-    # MySQL or postgres setting like:
-    # DB_ENGINE = 'mysql'
-    # DB_HOST = '127.0.0.1'
-    # DB_PORT = 3306
-    # DB_USER = 'root'
-    # DB_PASSWORD = ''
-    # DB_NAME = 'jumpserver'
-
-    # When Django start it will bind this host and port
-    # ./manage.py runserver 127.0.0.1:8080
-    HTTP_BIND_HOST = '0.0.0.0'
-    HTTP_LISTEN_PORT = 8080
-
-    # Use Redis as broker for celery and web socket
-    REDIS_HOST = '127.0.0.1'
-    REDIS_PORT = 6379
-    REDIS_PASSWORD = ''
-    BROKER_URL = 'redis://%(password)s%(host)s:%(port)s/3' % {
-        'password': REDIS_PASSWORD,
-        'host': REDIS_HOST,
-        'port': REDIS_PORT,
-    }
-
-    # Api token expiration when create, Jumpserver refresh time when request arrive
-    TOKEN_EXPIRATION = 3600
-
-    # Session and csrf domain settings
-    SESSION_COOKIE_AGE = 3600*24
-
-    # Email SMTP setting, we only support smtp send mail
-    EMAIL_HOST = 'smtp.163.com'
-    EMAIL_PORT = 25
-    EMAIL_HOST_USER = ''
-    EMAIL_HOST_PASSWORD = ''  # Caution: Some SMTP server using `Authorization Code` except password
-    EMAIL_USE_SSL = True if EMAIL_PORT == 465 else False
-    EMAIL_USE_TLS = True if EMAIL_PORT == 587 else False
-    EMAIL_SUBJECT_PREFIX = '[Jumpserver] '
-
-    CAPTCHA_TEST_MODE = False
-
-    # You can set jumpserver usage url here, that when user submit wizard redirect to
-    USER_GUIDE_URL = ''
-
-    # LDAP Auth settings
-    AUTH_LDAP = False
-    AUTH_LDAP_SERVER_URI = 'ldap://localhost:389'
-    AUTH_LDAP_BIND_DN = 'cn=admin,dc=jumpserver,dc=org'
-    AUTH_LDAP_BIND_PASSWORD = ''
-    AUTH_LDAP_SEARCH_OU = 'ou=tech,dc=jumpserver,dc=org'
-    AUTH_LDAP_SEARCH_FILTER = '(cn=%(user)s)'
-    AUTH_LDAP_USER_ATTR_MAP = {
-        "username": "cn",
-        "name": "sn",
-        "email": "mail"
-    }
-    AUTH_LDAP_START_TLS = False
-
-    #
-    # OTP_VALID_WINDOW = 0
-
-    def __init__(self):
-        pass
-
-    def __getattr__(self, item):
-        return None
-
-
-class DockerConfig(Config):
-    """
-    配置文件默认从环境变量里读取，如果没有会使用后面的默认值
-    """
-    # 用来加密数据的key, 可以修改，但务必保存好这个字符串,丢失它后加密会无法解开
-    # SECRET_KEY = "SOME_KEY_NO_ONE_GUESS"
-    SECRET_KEY = os.environ.get("SECRET_KEY") or "MD923lkSDi8213kl),3()&^%aM2q1mz;223lkM0o1"
-    # 访问的域名, 格式 http[s]://域名[:端口号]
-    # SITE_URL = "http://jumpserver.fit2cloud.com"
-    SITE_URL = os.environ.get("SITE_URL") or 'http://localhost'
-    # 是否开启DEBUG模式
-    # DEBUG = True, or DEBUG = False,
-    DEBUG = bool(os.environ.get("DEBUG")) if os.environ.get("DEBUG") else False
-    # 日志级别, 默认 INFO
-    # LOG_LEVEL = WARN
-    LOG_LEVEL = os.environ.get("LOG_LEVEL") or "INFO"
-    # 使用的数据库类型，支持 SQLite, MySQL, PostgreSQL, Oracle
-    # 数据库设置, 如果使用外部的mysql请设置，否则不要改动
-
-    # DB_ENGINE = "oracle" | "postgre" | "mysql" | "sqlite3"
-    DB_ENGINE = os.environ.get("DB_ENGINE") or 'mysql'
-    # DB_HOST = "192.168.1.1"
-    DB_HOST = os.environ.get("DB_HOST") or 'mysql'
-    # 端口号
-    # DB_PORT = 3306
-    DB_PORT = os.environ.get("DB_PORT") or 3306
-    # 数据库账号
-    # DB_USER = "jumpserver"
-    DB_USER = os.environ.get("DB_USER") or 'root'
-    # 数据库密码
-    # DB_PASSWORD = "db_jumpserver_password"
-    DB_PASSWORD = os.environ.get("DB_PASSWORD") or ''
-    # 数据库名称
-    # DB_NAME = "jumpserver"
-    DB_NAME = os.environ.get("DB_NAME") or 'jumpserver'
-
-    # Redis配置，如果不使用外部redis不要改动
-    # Redis地址
-    # REDIS_HOST = "192.168.1.1"
-    REDIS_HOST = os.environ.get("REDIS_HOST") or 'redis'
-    # Redis端口号
-    # REDIS_PORT = 6380
-    REDIS_PORT = os.environ.get("REDIS_PORT") or 6379
-    # Redis密码
-    # REDIS_PASSWORD = "redis_password"
-    REDIS_PASSWORD = os.environ.get("REDIS_PASSWORD") or ''
-
-    # 邮箱SMTP设置, 可以参考各运营商配置文档
-    # SMTP服务器地址
-    # EMAIL_HOST = 'smtp.qq.com'
-    EMAIL_HOST = 'smtp.163.com'
-    # SMTP端口号
-    # EMAIL_PORT = 465
-    EMAIL_PORT = 25
-    # SMTP连接邮箱地址
-    # EMAIL_HOST_USER = "noreply@jumpserver.org"
-    EMAIL_HOST_USER = ''
-    # SMTP邮箱的密码, 注意 一些运营商通常要求使用授权码来发SMTP邮件
-    EMAIL_HOST_PASSWORD = ''
-    # 是否启用SSL, 如果端口号是 465通常设置为True
-    # EMAIL_USE_SSL = True
-    EMAIL_USE_SSL = True if EMAIL_PORT == 465 else False
-    # 是否启用TLS, 如果端口号是 587通常设置为True
-    # EMAIL_USE_TLS = True
-    EMAIL_USE_TLS = True if EMAIL_PORT == 587 else False
-    # 邮件的主题前缀
-    EMAIL_SUBJECT_PREFIX = '[Jumpserver] '
-
-    # 认证启用LDAP的设置
-    # 是否启用LDAP，默认不启用
-    # AUTH_LDAP = True
-    AUTH_LDAP = False
-    # LDAP的地址
-    AUTH_LDAP_SERVER_URI = 'ldap://localhost:389'
-    # LDAP绑定的查询账户
-    AUTH_LDAP_BIND_DN = 'cn=admin,dc=jumpserver,dc=org'
-    # 密码
-    AUTH_LDAP_BIND_PASSWORD = ''
-    # 用户所在的ou
-    AUTH_LDAP_SEARCH_OU = 'ou=tech,dc=jumpserver,dc=org'
-    # 查询时使用的过滤器, 仅可以修改前面的表示符，可能是cn或uid, 也就是登录用户名所在字段
-    # AUTH_LDAP_SEARCH_FILTER = '(uid=%(user)s)'
-    AUTH_LDAP_SEARCH_FILTER = '(cn=%(user)s)'
-    # LDAP用户信息映射到Jumpserver
-    AUTH_LDAP_USER_ATTR_MAP = {
-        "username": "cn",  # 将LDAP信息中的 `cn` 字段映射为 `username(用户名)`
-        "name": "sn",  # 将 LDAP信息中的  `sn` 映射为 `name(姓名)`
-        "email": "mail"  # 将 LDAP信息中的 `mail` 映射为 `email(邮箱地址)`
-    }
-    # 是否启用TLS加密
-    AUTH_LDAP_START_TLS = False
-
-
-    #
-    OTP_VALID_WINDOW = int(os.environ.get("OTP_VALID_WINDOW")) if os.environ.get("OTP_VALID_WINDOW") else 0
-
-
-# Default using Config settings, you can write if/else for different env
-config = DockerConfig()
-
--- a/config_docker.yml
+++ b/config_docker.yml
+# SECURITY WARNING: keep the secret key used in production secret!
+# 加密秘钥 生产环境中请修改为随机字符串，请勿外泄
+SECRET_KEY:
+
+# SECURITY WARNING: keep the bootstrap token used in production secret!
+# 预共享Token coco和guacamole用来注册服务账号，不在使用原来的注册接受机制
+BOOTSTRAP_TOKEN:
+
+# Development env open this, when error occur display the full process track, Production disable it
+# DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
+# DEBUG: true
+
+# DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
+# 日志级别
+# LOG_LEVEL: DEBUG
+# LOG_DIR: 
+
+# Session expiration setting, Default 24 hour, Also set expired on on browser close
+# 浏览器Session过期时间，默认24小时, 也可以设置浏览器关闭则过期
+# SESSION_COOKIE_AGE: 3600 * 24
+# SESSION_EXPIRE_AT_BROWSER_CLOSE: False
+
+# Database setting, Support sqlite3, mysql, postgres ....
+# 数据库设置
+# See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
+
+# SQLite setting:
+# 使用单文件sqlite数据库
+# DB_ENGINE: sqlite3
+# DB_NAME: 
+
+# MySQL or postgres setting like:
+# 使用Mysql作为数据库
+DB_ENGINE: mysql
+DB_HOST: 127.0.0.1
+DB_PORT: 3306
+DB_USER: jumpserver
+DB_PASSWORD: 
+DB_NAME: jumpserver
+
+# When Django start it will bind this host and port
+# ./manage.py runserver 127.0.0.1:8080
+# 运行时绑定端口
+HTTP_BIND_HOST: 0.0.0.0
+HTTP_LISTEN_PORT: 8080
+
+# Use Redis as broker for celery and web socket
+# Redis配置
+REDIS_HOST: 127.0.0.1
+REDIS_PORT: 6379
+# REDIS_PASSWORD: 
+# REDIS_DB_CELERY: 3
+# REDIS_DB_CACHE: 4
+
+# Use OpenID authorization
+# 使用OpenID 来进行认证设置
+# BASE_SITE_URL: http://localhost:8080
+# AUTH_OPENID: false  # True or False
+# AUTH_OPENID_SERVER_URL: https://openid-auth-server.com/
+# AUTH_OPENID_REALM_NAME: realm-name
+# AUTH_OPENID_CLIENT_ID: client-id
+# AUTH_OPENID_CLIENT_SECRET: client-secret
+
+# OTP校验窗口大小，可以避免服务器时间稍有差异引起OTP校验失败
+# OTP_VALID_WINDOW: 0
\ No newline at end of file
--- a/config_example.py
+++ b/config_example.py
-#!/usr/bin/env python3
-# -*- coding: utf-8 -*-
-"""
-    jumpserver.config
-    ~~~~~~~~~~~~~~~~~
-
-    Jumpserver project setting file
-
-    :copyright: (c) 2014-2017 by Jumpserver Team
-    :license: GPL v2, see LICENSE for more details.
-"""
-import os
-
-BASE_DIR = os.path.dirname(os.path.abspath(__file__))
-
-
-class Config:
-    """
-    Jumpserver Config File
-    Jumpserver 配置文件
-
-    Jumpserver use this config for drive django framework running,
-    You can set is value or set the same envirment value,
-    Jumpserver look for config order: file => env => default
-
-    Jumpserver使用配置来驱动Django框架的运行，
-    你可以在该文件中设置，或者设置同样名称的环境变量,
-    Jumpserver使用配置的顺序: 文件 => 环境变量 => 默认值
-    """
-    # SECURITY WARNING: keep the secret key used in production secret!
-    # 加密秘钥 生产环境中请修改为随机字符串，请勿外泄
-    SECRET_KEY = '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
-
-    # SECURITY WARNING: keep the bootstrap token used in production secret!
-    # 预共享Token coco和guacamole用来注册服务账号，不在使用原来的注册接受机制
-    BOOTSTRAP_TOKEN = 'PleaseChangeMe'
-
-    # Development env open this, when error occur display the full process track, Production disable it
-    # DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
-    # DEBUG = True
-
-    # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
-    # 日志级别
-    # LOG_LEVEL = 'DEBUG'
-    # LOG_DIR = os.path.join(BASE_DIR, 'logs')
-
-    # Session expiration setting, Default 24 hour, Also set expired on on browser close
-    # 浏览器Session过期时间，默认24小时, 也可以设置浏览器关闭则过期
-    # SESSION_COOKIE_AGE = 3600 * 24
-    # SESSION_EXPIRE_AT_BROWSER_CLOSE = False
-
-    # Database setting, Support sqlite3, mysql, postgres ....
-    # 数据库设置
-    # See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
-
-    # SQLite setting:
-    # 使用单文件sqlite数据库
-    # DB_ENGINE = 'sqlite3'
-    # DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
-
-    # MySQL or postgres setting like:
-    # 使用Mysql作为数据库
-    DB_ENGINE = 'mysql'
-    DB_HOST = '127.0.0.1'
-    DB_PORT = 3306
-    DB_USER = 'jumpserver'
-    DB_PASSWORD = ''
-    DB_NAME = 'jumpserver'
-
-    # When Django start it will bind this host and port
-    # ./manage.py runserver 127.0.0.1:8080
-    # 运行时绑定端口
-    HTTP_BIND_HOST = '0.0.0.0'
-    HTTP_LISTEN_PORT = 8080
-
-    # Use Redis as broker for celery and web socket
-    # Redis配置
-    REDIS_HOST = '127.0.0.1'
-    REDIS_PORT = 6379
-    # REDIS_PASSWORD = ''
-    # REDIS_DB_CELERY = 3
-    # REDIS_DB_CACHE = 4
-
-    # Use OpenID authorization
-    # 使用OpenID 来进行认证设置
-    # BASE_SITE_URL = 'http://localhost:8080'
-    # AUTH_OPENID = False  # True or False
-    # AUTH_OPENID_SERVER_URL = 'https://openid-auth-server.com/'
-    # AUTH_OPENID_REALM_NAME = 'realm-name'
-    # AUTH_OPENID_CLIENT_ID = 'client-id'
-    # AUTH_OPENID_CLIENT_SECRET = 'client-secret'
-
-    #
-    # OTP_VALID_WINDOW = 0
-
-    def __init__(self):
-        pass
-
-    def __getattr__(self, item):
-        return None
-
-
-class DevelopmentConfig(Config):
-    pass
-
-
-class TestConfig(Config):
-    pass
-
-
-class ProductionConfig(Config):
-    pass
-
-
-# Default using Config settings, you can write if/else for different env
-config = DevelopmentConfig()
-
--- a/config_example.yml
+++ b/config_example.yml
+# SECURITY WARNING: keep the secret key used in production secret!
+# 加密秘钥 生产环境中请修改为随机字符串，请勿外泄
+SECRET_KEY:
+
+# SECURITY WARNING: keep the bootstrap token used in production secret!
+# 预共享Token coco和guacamole用来注册服务账号，不在使用原来的注册接受机制
+BOOTSTRAP_TOKEN:
+
+# Development env open this, when error occur display the full process track, Production disable it
+# DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
+# DEBUG: true
+
+# DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
+# 日志级别
+# LOG_LEVEL: DEBUG
+# LOG_DIR: 
+
+# Session expiration setting, Default 24 hour, Also set expired on on browser close
+# 浏览器Session过期时间，默认24小时, 也可以设置浏览器关闭则过期
+# SESSION_COOKIE_AGE: 3600 * 24
+# SESSION_EXPIRE_AT_BROWSER_CLOSE: False
+
+# Database setting, Support sqlite3, mysql, postgres ....
+# 数据库设置
+# See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
+
+# SQLite setting:
+# 使用单文件sqlite数据库
+# DB_ENGINE: sqlite3
+# DB_NAME: 
+
+# MySQL or postgres setting like:
+# 使用Mysql作为数据库
+DB_ENGINE: mysql
+DB_HOST: 127.0.0.1
+DB_PORT: 3306
+DB_USER: jumpserver
+DB_PASSWORD: 
+DB_NAME: jumpserver
+
+# When Django start it will bind this host and port
+# ./manage.py runserver 127.0.0.1:8080
+# 运行时绑定端口
+HTTP_BIND_HOST: 0.0.0.0
+HTTP_LISTEN_PORT: 8080
+
+# Use Redis as broker for celery and web socket
+# Redis配置
+REDIS_HOST: 127.0.0.1
+REDIS_PORT: 6379
+# REDIS_PASSWORD: 
+# REDIS_DB_CELERY: 3
+# REDIS_DB_CACHE: 4
+
+# Use OpenID authorization
+# 使用OpenID 来进行认证设置
+# BASE_SITE_URL: http://localhost:8080
+# AUTH_OPENID: false  # True or False
+# AUTH_OPENID_SERVER_URL: https://openid-auth-server.com/
+# AUTH_OPENID_REALM_NAME: realm-name
+# AUTH_OPENID_CLIENT_ID: client-id
+# AUTH_OPENID_CLIENT_SECRET: client-secret
+
+# OTP settings
+# OTP/MFA 配置
+# OTP_VALID_WINDOW: 0
+# OTP_ISSUER_NAME: Jumpserver
\ No newline at end of file