[Update]更新文档

docs/admin_create_asset.rst

@@ -39,6 +39,8 @@
     # DN 和 OU 一定要完整(如 "DN:cn=Manage,ou=Jumpserver,dc=jumpserver,ou=org")
     # 注：可借用第三方 gui 工具查看 ldap 用户的属性,新版本已经支持中文名登录,即cn=中文也可正常使用
 
+.. image:: _static/img/ldap_setting.jpg
+
 参考 `LDAP 使用说明 <faq_ldap.html>`_
 
 **1.4 终端设置**

docs/distributed_02.rst

@@ -59,7 +59,7 @@
 
     # 下载 luna
     $ cd /opt
-    $ wget https://github.com/jumpserver/luna/releases/download/1.4.6/luna.tar.gz
+    $ wget https://github.com/jumpserver/luna/releases/download/1.4.7/luna.tar.gz
     $ tar xf luna.tar.gz
     $ chown -R root:root luna
 

docs/distributed_05.rst

@@ -58,70 +58,45 @@
 
     # 修改 jumpserver 配置文件
     $ cd /opt/jumpserver
-    $ cp config_example.py config.py
-    $ vi config.py
+    $ cp config_example.yml config.yml
 
-    # 注意对齐,不要直接复制本文档的内容,实际内容以文件为准,本文仅供参考
+    $ SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50  # 生成随机SECRET_KEY
+    $ BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16  # 生成随机BOOTSTRAP_TOKEN
 
-**注意: 配置文件是 Python 格式,不要用 TAB,而要用空格**
+    $ sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
+    $ sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOSECRET_KEY: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
+    $ sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
+    $ sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
+    $ sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: False/SESSION_EXPIRE_AT_BROWSER_CLOSE: True/g" /opt/jumpserver/config.yml
 
-.. code-block:: python
+    $ echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"
+    $ echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"
 
-    """
-        jumpserver.config
-        ~~~~~~~~~~~~~~~~~
+    $ vi config.yml
 
-        Jumpserver project setting file
+.. code-block:: yaml
 
-        :copyright: (c) 2014-2017 by Jumpserver Team
-        :license: GPL v2, see LICENSE for more details.
-    """
-    import os
-
-    BASE_DIR = os.path.dirname(os.path.abspath(__file__))
-
-
-    class Config:
-        """
-        Jumpserver Config File
-        Jumpserver 配置文件
-
-        Jumpserver use this config for drive django framework running,
-        You can set is value or set the same envirment value,
-        Jumpserver look for config order: file => env => default
-
-        Jumpserver使用配置来驱动Django框架的运行，
-        你可以在该文件中设置，或者设置同样名称的环境变量,
-        Jumpserver使用配置的顺序: 文件 => 环境变量 => 默认值
-        """
     # SECURITY WARNING: keep the secret key used in production secret!
     # 加密秘钥 生产环境中请修改为随机字符串，请勿外泄
-        SECRET_KEY = '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
-
-        # Django security setting, if your disable debug model, you should setting that
-        ALLOWED_HOSTS = ['*']
+    SECRET_KEY:
 
     # SECURITY WARNING: keep the bootstrap token used in production secret!
     # 预共享Token coco和guacamole用来注册服务账号，不在使用原来的注册接受机制
-        BOOTSTRAP_TOKEN = 'nwv4RdXpM82LtSvmV'
+    BOOTSTRAP_TOKEN:
 
     # Development env open this, when error occur display the full process track, Production disable it
     # DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
-        # DEBUG = True
-        DEBUG = False
+    DEBUG: false
 
     # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
     # 日志级别
-        # LOG_LEVEL = 'DEBUG'
-        # LOG_DIR = os.path.join(BASE_DIR, 'logs')
-        LOG_LEVEL = 'ERROR'
-        LOG_DIR = os.path.join(BASE_DIR, 'logs')
+    LOG_LEVEL: ERROR
+    # LOG_DIR:
 
     # Session expiration setting, Default 24 hour, Also set expired on on browser close
     # 浏览器Session过期时间，默认24小时, 也可以设置浏览器关闭则过期
-        # SESSION_COOKIE_AGE = 3600 * 24
-        # SESSION_EXPIRE_AT_BROWSER_CLOSE = False
-        SESSION_EXPIRE_AT_BROWSER_CLOSE = True
+    # SESSION_COOKIE_AGE: 3600 * 24
+    SESSION_EXPIRE_AT_BROWSER_CLOSE: True
 
     # Database setting, Support sqlite3, mysql, postgres ....
     # 数据库设置
@@ -129,62 +104,45 @@
 
     # SQLite setting:
     # 使用单文件sqlite数据库
-        # DB_ENGINE = 'sqlite3'
-        # DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
+    # DB_ENGINE: sqlite3
+    # DB_NAME:
 
     # MySQL or postgres setting like:
     # 使用Mysql作为数据库
-        DB_ENGINE = 'mysql'
-        DB_HOST = '127.0.0.1'
-        DB_PORT = 3306
-        DB_USER = 'jumpserver'
-        DB_PASSWORD = 'weakPassword'
-        DB_NAME = 'jumpserver'
+    DB_ENGINE: mysql
+    DB_HOST: 127.0.0.1
+    DB_PORT: 3306
+    DB_USER: jumpserver
+    DB_PASSWORD: 你的数据库密码
+    DB_NAME: jumpserver
 
     # When Django start it will bind this host and port
     # ./manage.py runserver 127.0.0.1:8080
     # 运行时绑定端口
-        HTTP_BIND_HOST = '0.0.0.0'
-        HTTP_LISTEN_PORT = 8080
+    HTTP_BIND_HOST: 0.0.0.0
+    HTTP_LISTEN_PORT: 8080
 
     # Use Redis as broker for celery and web socket
     # Redis配置
-        REDIS_HOST = '127.0.0.1'
-        REDIS_PORT = 6379
-        # REDIS_PASSWORD = ''
-        # REDIS_DB_CELERY_BROKER = 3
-        # REDIS_DB_CACHE = 4
+    REDIS_HOST: 127.0.0.1
+    REDIS_PORT: 6379
+    # REDIS_PASSWORD:
+    # REDIS_DB_CELERY: 3
+    # REDIS_DB_CACHE: 4
 
     # Use OpenID authorization
     # 使用OpenID 来进行认证设置
-        # BASE_SITE_URL = 'http://localhost:8080'
-        # AUTH_OPENID = False  # True or False
-        # AUTH_OPENID_SERVER_URL = 'https://openid-auth-server.com/'
-        # AUTH_OPENID_REALM_NAME = 'realm-name'
-        # AUTH_OPENID_CLIENT_ID = 'client-id'
-        # AUTH_OPENID_CLIENT_SECRET = 'client-secret'
-
-        def __init__(self):
-            pass
-
-        def __getattr__(self, item):
-            return None
-
-
-    class DevelopmentConfig(Config):
-        pass
-
-
-    class TestConfig(Config):
-        pass
-
-
-    class ProductionConfig(Config):
-        pass
-
-
-    # Default using Config settings, you can write if/else for different env
-    config = DevelopmentConfig()
+    # BASE_SITE_URL: http://localhost:8080
+    # AUTH_OPENID: false  # True or False
+    # AUTH_OPENID_SERVER_URL: https://openid-auth-server.com/
+    # AUTH_OPENID_REALM_NAME: realm-name
+    # AUTH_OPENID_CLIENT_ID: client-id
+    # AUTH_OPENID_CLIENT_SECRET: client-secret
+
+    # OTP settings
+    # OTP/MFA 配置
+    # OTP_VALID_WINDOW: 0
+    # OTP_ISSUER_NAME: Jumpserver
 
 .. code-block:: nginx
 

docs/distributed_06.rst

@@ -47,8 +47,8 @@
         -p 2222:2222 \
         -p 5000:5000 \
         -e CORE_HOST=http://192.168.100.30:8080 \
-        -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV \
-        jumpserver/jms_coco:1.4.6
+        -e BOOTSTRAP_TOKEN=你的token \
+        jumpserver/jms_coco:1.4.7
 
     # 访问 http://192.168.100.100/terminal/terminal/ 检查 coco 注册
 
@@ -66,7 +66,7 @@
         -p 2223:2222 \
         -p 5001:5000 \
         -e CORE_HOST=http://192.168.100.30:8080 \
-        -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV \
-        jumpserver/jms_coco:1.4.6
+        -e BOOTSTRAP_TOKEN=你的token \
+        jumpserver/jms_coco:1.4.7
 
     # 访问 http://192.168.100.100/terminal/terminal/ 检查 coco 注册

docs/distributed_07.rst

@@ -47,8 +47,8 @@
         -p 8081:8081 \
         -e JUMPSERVER_KEY_DIR=/config/guacamole/key \
         -e JUMPSERVER_SERVER=http://192.168.100.30:8080 \
-        -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV \
-        jumpserver/jms_guacamole:1.4.6
+        -e BOOTSTRAP_TOKEN=你的token \
+        jumpserver/jms_guacamole:1.4.7
 
     # 访问 http://192.168.100.100/terminal/terminal/ 检查 guacamole 注册
 
@@ -64,7 +64,7 @@
         -p 8082:8081 \
         -e JUMPSERVER_KEY_DIR=/config/guacamole/key \
         -e JUMPSERVER_SERVER=http://192.168.100.30:8080 \
-        -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV \
-        jumpserver/jms_guacamole:1.4.6
+        -e BOOTSTRAP_TOKEN=你的token \
+        jumpserver/jms_guacamole:1.4.7
 
     # 访问 http://192.168.100.100/terminal/terminal/ 检查 guacamole 注册

docs/faq.rst

@@ -83,7 +83,7 @@ FAQ
 
 .. code-block:: shell
 
-    $ vi /opt/coco/conf.py
+    $ vi /opt/coco/conf.yml
 
     # 把 SSH_TIMEOUT = 15 修改成你想要的数字 单位为：秒
     SSH_TIMEOUT = 60
@@ -92,7 +92,7 @@ FAQ
 
 .. code-block:: shell
 
-    $ vi /opt/jumpserver/config.py
+    $ vi /opt/jumpserver/config.yml
 
 .. code-block:: python
 

docs/faq_install.rst

@@ -36,11 +36,11 @@
     # 如果是 Mariadb 大于 10 版本
     $ yum install MariaDB-shared
 
-6. sh make_migrations.sh 时报错 from config import config as CONFIG File "/opt/jumpserver/config.py", line 38
+6. sh make_migrations.sh 时报错 from config import config as CONFIG File "/opt/jumpserver/config.yml", line 38
 
 .. code-block:: vim
 
-    # 这是由于 config.py 里面的内容格式不对,请参考安装文档的说明,把提示的内容与上一行对齐即可
+    # 这是由于 config.yml 里面的内容格式不对,请参考安装文档的说明,把提示的内容与上一行对齐即可
 
 7. sh make_migrations.sh 时报错 Are you sure it's installed and available on your PYTHONPATH environment variable? Did you forget to activate a virtual environment?
 
@@ -91,7 +91,7 @@
 
 .. code-block:: vim
 
-    # 这是因为你在 config.py 里面设置了 DEBUG = False
+    # 这是因为你在 config.yml 里面设置了 DEBUG = False
     # 跟着教程继续操作,后面搭建 nginx 代理即可正常访问
 
 13. 执行 ./cocod start 后提示 No module named 'jms'
@@ -127,7 +127,7 @@
 
     这是因为当前系统的 hostname 有 coco 不支持的字符,需要手动指定 coco 的 NAME
     $ cd /opt/coco/
-    $ vi conf.py
+    $ vi conf.yml
 
     # 项目名称, 会用来向Jumpserver注册, 识别而已, 不能重复
     # NAME = "localhost"
@@ -149,8 +149,8 @@
 
 .. code-block:: vim
 
-    # 这是因为 coco 无法连接到 jumpserver 报的错误,确定 http://xxxx:8080 设置正确(配置文件 coco/conf.py)
-    # 如果 jumpserver 的IP和端口不对,请手动修改 conf.py 的 CORE_HOST
+    # 这是因为 coco 无法连接到 jumpserver 报的错误,确定 http://xxxx:8080 设置正确(配置文件 coco/conf.yml)
+    # 如果 jumpserver 的IP和端口不对,请手动修改 conf.yml 的 CORE_HOST
 
 18. 运行 ./cocod start 后提示 Unexpected error occur: 'AppService' object has no attribute 'get_system_user_cmd_filter_rules'
 

docs/faq_ssh.rst

@@ -81,7 +81,7 @@ SSH 协议资产连接错误排查思路
 
     # 这是因为当前系统的 hostname 有 coco 不支持的字符,需要手动指定 coco 的 NAME
     $ cd /opt/coco/
-    $ vi conf.py
+    $ vi conf.yml
 
     # 项目名称, 会用来向Jumpserver注册, 识别而已, 不能重复
     # NAME = "localhost"

docs/faq_upgrade.rst

@@ -59,8 +59,8 @@
     > quit
 
     # 修改配置文件
-    $ cp /opt/jumpserver_bak/config.py /opt/jumpserver/
-    $ vim /opt/jumpserver/config.py
+    $ cp /opt/jumpserver_bak/config.yml /opt/jumpserver/
+    $ vim /opt/jumpserver/config.yml
     DB_ENGINE = 'mysql'
     DB_HOST = '127.0.0.1'
     DB_PORT = 3306

docs/migration.rst

@@ -53,7 +53,7 @@
 .. code-block:: shell
 
     $ cd /opt/jumpserver
-    $ vi conf.py
+    $ vi conf.yml
     # 把数据库和 redis 信息修改并保存
 
 4. 启动 jumpserver

docs/quickinstall.rst

@@ -11,8 +11,8 @@
 
 端口说明
 ~~~~~~~~~~~~~~
-- Jumpserver 默认端口为 8080/tcp 配置文件在 jumpserver/config.py
-- Coco 默认 SSH 端口为 2222/tcp ,默认 Web Terminal 端口为 5000/tcp 配置文件在 coco/conf.py
+- Jumpserver 默认端口为 8080/tcp 配置文件在 jumpserver/config.yml
+- Coco 默认 SSH 端口为 2222/tcp ,默认 Web Terminal 端口为 5000/tcp 配置文件在 coco/conf.yml
 - Guacamole 默认端口为 8081/tcp 在 docker run 时指定
 - Nginx 默认端口为 80/tcp
 - Redis 默认端口为 6379/tcp

docs/setup_by_centos7.rst

@@ -58,11 +58,9 @@ CentOS 7 安装文档
     $ systemctl enable mariadb
     $ systemctl start mariadb
     # 创建数据库 Jumpserver 并授权
-    $ mysql -uroot
-    > create database jumpserver default charset 'utf8';
-    > grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'weakPassword';
-    > flush privileges;
-    > quit
+    $ DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24  # 生成随机数据库密码
+    $ echo -e "\033[31m 你的数据库密码是 $DB_PASSWORD \033[0m"
+    $ mysql -uroot -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD'; flush privileges;"
 
     # 安装 Nginx ,用作代理服务器整合 Jumpserver 与各个组件
     $ vi /etc/yum.repos.d/nginx.repo
@@ -103,68 +101,48 @@ CentOS 7 安装文档
 
     # 修改 Jumpserver 配置文件
     $ cd /opt/jumpserver
-    $ cp config_example.py config.py
-    $ vi config.py
+    $ cp config_example.yml config.yml
 
-**注意: 配置文件是 Python 格式,不要用 TAB,而要用空格**
+    $ SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50  # 生成随机SECRET_KEY
+    $ BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16  # 生成随机BOOTSTRAP_TOKEN
 
-.. code-block:: python
+    $ sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
+    $ sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOSECRET_KEY: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
+    $ sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
+    $ sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
+    $ sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: False/SESSION_EXPIRE_AT_BROWSER_CLOSE: True/g" /opt/jumpserver/config.yml
+    $ sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
+    $ Server_IP=`ip addr | grep inet | egrep -v '(127.0.0.1|inet6|docker)' | awk '{print $2}' | tr -d "addr:" | head -n 1 | cut -d / -f1` \
 
-    """
-        jumpserver.config
-        ~~~~~~~~~~~~~~~~~
+    $ echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"
+    $ echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"
+    $ echo -e "\033[31m 你的服务器IP是 $Server_IP \033[0m"
 
-        Jumpserver project setting file
+    $ vi config.yml  # 确认内容有没有错误
 
-        :copyright: (c) 2014-2017 by Jumpserver Team
-        :license: GPL v2, see LICENSE for more details.
-    """
-    import os
+.. code-block:: yaml
 
-    BASE_DIR = os.path.dirname(os.path.abspath(__file__))
-
-
-    class Config:
-        """
-        Jumpserver Config File
-        Jumpserver 配置文件
-
-        Jumpserver use this config for drive django framework running,
-        You can set is value or set the same envirment value,
-        Jumpserver look for config order: file => env => default
-
-        Jumpserver使用配置来驱动Django框架的运行，
-        你可以在该文件中设置，或者设置同样名称的环境变量,
-        Jumpserver使用配置的顺序: 文件 => 环境变量 => 默认值
-        """
     # SECURITY WARNING: keep the secret key used in production secret!
     # 加密秘钥 生产环境中请修改为随机字符串，请勿外泄
-        SECRET_KEY = '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
-
-        # Django security setting, if your disable debug model, you should setting that
-        ALLOWED_HOSTS = ['*']
+    SECRET_KEY:
 
     # SECURITY WARNING: keep the bootstrap token used in production secret!
     # 预共享Token coco和guacamole用来注册服务账号，不在使用原来的注册接受机制
-        BOOTSTRAP_TOKEN = 'nwv4RdXpM82LtSvmV'
+    BOOTSTRAP_TOKEN:
 
     # Development env open this, when error occur display the full process track, Production disable it
     # DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
-        # DEBUG = True
-        DEBUG = False
+    DEBUG: false
 
     # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
     # 日志级别
-        # LOG_LEVEL = 'DEBUG'
-        # LOG_DIR = os.path.join(BASE_DIR, 'logs')
-        LOG_LEVEL = 'ERROR'
-        LOG_DIR = os.path.join(BASE_DIR, 'logs')
+    LOG_LEVEL: ERROR
+    # LOG_DIR:
 
     # Session expiration setting, Default 24 hour, Also set expired on on browser close
     # 浏览器Session过期时间，默认24小时, 也可以设置浏览器关闭则过期
-        # SESSION_COOKIE_AGE = 3600 * 24
-        # SESSION_EXPIRE_AT_BROWSER_CLOSE = False
-        SESSION_EXPIRE_AT_BROWSER_CLOSE = True
+    # SESSION_COOKIE_AGE: 3600 * 24
+    SESSION_EXPIRE_AT_BROWSER_CLOSE: True
 
     # Database setting, Support sqlite3, mysql, postgres ....
     # 数据库设置
@@ -172,62 +150,45 @@ CentOS 7 安装文档
 
     # SQLite setting:
     # 使用单文件sqlite数据库
-        # DB_ENGINE = 'sqlite3'
-        # DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
+    # DB_ENGINE: sqlite3
+    # DB_NAME:
 
     # MySQL or postgres setting like:
     # 使用Mysql作为数据库
-        DB_ENGINE = 'mysql'
-        DB_HOST = '127.0.0.1'
-        DB_PORT = 3306
-        DB_USER = 'jumpserver'
-        DB_PASSWORD = 'weakPassword'
-        DB_NAME = 'jumpserver'
+    DB_ENGINE: mysql
+    DB_HOST: 127.0.0.1
+    DB_PORT: 3306
+    DB_USER: jumpserver
+    DB_PASSWORD:
+    DB_NAME: jumpserver
 
     # When Django start it will bind this host and port
     # ./manage.py runserver 127.0.0.1:8080
     # 运行时绑定端口
-        HTTP_BIND_HOST = '0.0.0.0'
-        HTTP_LISTEN_PORT = 8080
+    HTTP_BIND_HOST: 0.0.0.0
+    HTTP_LISTEN_PORT: 8080
 
     # Use Redis as broker for celery and web socket
     # Redis配置
-        REDIS_HOST = '127.0.0.1'
-        REDIS_PORT = 6379
-        # REDIS_PASSWORD = ''
-        # REDIS_DB_CELERY_BROKER = 3
-        # REDIS_DB_CACHE = 4
+    REDIS_HOST: 127.0.0.1
+    REDIS_PORT: 6379
+    # REDIS_PASSWORD:
+    # REDIS_DB_CELERY: 3
+    # REDIS_DB_CACHE: 4
 
     # Use OpenID authorization
     # 使用OpenID 来进行认证设置
-        # BASE_SITE_URL = 'http://localhost:8080'
-        # AUTH_OPENID = False  # True or False
-        # AUTH_OPENID_SERVER_URL = 'https://openid-auth-server.com/'
-        # AUTH_OPENID_REALM_NAME = 'realm-name'
-        # AUTH_OPENID_CLIENT_ID = 'client-id'
-        # AUTH_OPENID_CLIENT_SECRET = 'client-secret'
-
-        def __init__(self):
-            pass
-
-        def __getattr__(self, item):
-            return None
-
-
-    class DevelopmentConfig(Config):
-        pass
-
-
-    class TestConfig(Config):
-        pass
-
-
-    class ProductionConfig(Config):
-        pass
-
-
-    # Default using Config settings, you can write if/else for different env
-    config = DevelopmentConfig()
+    # BASE_SITE_URL: http://localhost:8080
+    # AUTH_OPENID: false  # True or False
+    # AUTH_OPENID_SERVER_URL: https://openid-auth-server.com/
+    # AUTH_OPENID_REALM_NAME: realm-name
+    # AUTH_OPENID_CLIENT_ID: client-id
+    # AUTH_OPENID_CLIENT_SECRET: client-secret
+
+    # OTP settings
+    # OTP/MFA 配置
+    # OTP_VALID_WINDOW: 0
+    # OTP_ISSUER_NAME: Jumpserver
 
 .. code-block:: shell
 
@@ -254,15 +215,15 @@ CentOS 7 安装文档
     # 172.17.0.x 是docker容器默认的IP池, 这里偷懒直接授权ip段了, 可以根据实际情况单独授权IP
 
     # http://<Jumpserver_url> 指向 jumpserver 的服务端口, 如 http://192.168.244.144:8080
-    # BOOTSTRAP_TOKEN 为 Jumpserver/config.py 里面的 BOOTSTRAP_TOKEN
-    $ docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV jumpserver/jms_coco:1.4.6
-    $ docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV jumpserver/jms_guacamole:1.4.6
+    # BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN
+    $ docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_coco:1.4.7
+    $ docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_guacamole:1.4.7
 
 .. code-block:: shell
 
     # 安装 Web Terminal 前端: Luna  需要 Nginx 来运行访问 访问(https://github.com/jumpserver/luna/releases)下载对应版本的 release 包,直接解压,不需要编译
     $ cd /opt
-    $ wget https://github.com/jumpserver/luna/releases/download/1.4.6/luna.tar.gz
+    $ wget https://github.com/jumpserver/luna/releases/download/1.4.7/luna.tar.gz
     $ tar xf luna.tar.gz
     $ chown -R root:root luna
 
@@ -362,13 +323,13 @@ CentOS 7 安装文档
 .. code-block:: shell
 
     # coco 服务默认运行在单核心下面, 当负载过高时会导致用户访问变慢, 这时可运行多个 docker 容器缓解
-    $ docker run --name jms_coco01 -d -p 2223:2222 -p 5001:5000 -e CORE_HOST=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV jumpserver/jms_coco:1.4.6
-    $ docker run --name jms_coco02 -d -p 2224:2222 -p 5002:5000 -e CORE_HOST=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV jumpserver/jms_coco:1.4.6
+    $ docker run --name jms_coco01 -d -p 2223:2222 -p 5001:5000 -e CORE_HOST=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV jumpserver/jms_coco:1.4.7
+    $ docker run --name jms_coco02 -d -p 2224:2222 -p 5002:5000 -e CORE_HOST=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV jumpserver/jms_coco:1.4.7
     ...
 
     # guacamole 也是一样
-    $ docker run --name jms_guacamole01 -d -p 8082:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV jumpserver/jms_guacamole:1.4.6
-    $ docker run --name jms_guacamole02 -d -p 8083:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV jumpserver/jms_guacamole:1.4.6
+    $ docker run --name jms_guacamole01 -d -p 8082:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV jumpserver/jms_guacamole:1.4.7
+    $ docker run --name jms_guacamole02 -d -p 8083:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV jumpserver/jms_guacamole:1.4.7
     ...
 
     # nginx 代理设置

docs/setup_by_fast.rst

@@ -48,15 +48,15 @@
 
     $ cd /opt \
       && git clone https://github.com/jumpserver/jumpserver.git \
-      && wget https://github.com/jumpserver/luna/releases/download/1.4.6/luna.tar.gz \
+      && wget https://github.com/jumpserver/luna/releases/download/1.4.7/luna.tar.gz \
       && yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt) \
       && source /opt/py3/bin/activate \
       && pip install --upgrade pip setuptools \
       && pip install -r /opt/jumpserver/requirements/requirements.txt \
       && curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io \
       && systemctl restart docker \
-      && docker pull jumpserver/jms_coco:1.4.6 \
-      && docker pull jumpserver/jms_guacamole:1.4.6 \
+      && docker pull jumpserver/jms_coco:1.4.7 \
+      && docker pull jumpserver/jms_guacamole:1.4.7 \
       && cd /opt \
       && tar xf luna.tar.gz \
       && chown -R root:root luna \
@@ -129,22 +129,25 @@
 
     $ systemctl start nginx \
       && DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24` \
+      && SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50` \
       && BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16` \
-      && cp /opt/jumpserver/config_example.py /opt/jumpserver/config.py \
+      && cp /opt/jumpserver/config_example.yml /opt/jumpserver/config.yml \
       && Server_IP=`ip addr | grep inet | egrep -v '(127.0.0.1|inet6|docker)' | awk '{print $2}' | tr -d "addr:" | head -n 1 | cut -d / -f1` \
       && mysql -uroot -e "create database jumpserver default charset 'utf8';grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD';flush privileges;" \
-      && sed -i "s/BOOTSTRAP_TOKEN = 'PleaseChangeMe'/BOOTSTRAP_TOKEN = '$BOOTSTRAP_TOKEN'/g" /opt/jumpserver/config.py \
-      && sed -i "s/# DEBUG = True/DEBUG = False/g" /opt/jumpserver/config.py \
-      && sed -i "s/# LOG_LEVEL = 'DEBUG'/LOG_LEVEL = 'ERROR'/g" /opt/jumpserver/config.py \
-      && sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE = False/SESSION_EXPIRE_AT_BROWSER_CLOSE = True/g" /opt/jumpserver/config.py \
-      && sed -i "s/DB_PASSWORD = ''/DB_PASSWORD = '$DB_PASSWORD'/g" /opt/jumpserver/config.py
+      && sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml \
+      && sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOSECRET_KEY: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml \
+      && sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml \
+      && sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml \
+      && sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: False/SESSION_EXPIRE_AT_BROWSER_CLOSE: True/g" /opt/jumpserver/config.yml \
+      && sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
 
 .. code-block:: shell
 
     $ cd /opt/jumpserver \
       && ./jms start all -d \
-      && docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_coco:1.4.6 \
-      && docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_guacamole:1.4.6 \
+      && docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_coco:1.4.7 \
+      && docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_guacamole:1.4.7 \
       && echo -e "\033[31m 你的数据库密码是 $DB_PASSWORD \033[0m" \
+      && echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m" \
       && echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m" \
       && echo -e "\033[31m 你的服务器IP是 $Server_IP \033[0m"

docs/setup_by_optimization.rst

@@ -9,23 +9,23 @@
 .. code-block:: shell
 
     $ cd /opt/jumpserver
-    $ vi config.py
+    $ vi config.yml
 
     # 调整 debug 模式和 log_level
     ...
-    DEBUG = os.environ.get("DEBUG") or False
+    DEBUG: false
     ...
-    LOG_LEVEL = os.environ.get("LOG_LEVEL") or 'ERROR'
+    LOG_LEVEL: ERROR
     ...
 
 .. code-block:: shell
 
     $ cd /opt/coco
-    $ vi conf.py
+    $ vi conf.yml
 
     # 调整 log_level
     ...
-    LOG_LEVEL = 'ERROR'
+    LOG_LEVEL: ERROR
     ...
 
     # 设置好后重启 jumpserver 和 coco

docs/setup_by_ubuntu.rst

@@ -113,81 +113,55 @@
 
 .. code-block:: shell
 
-    $ mysql -uroot
-    > create database jumpserver default charset 'utf8';
-    > grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'weakPassword';
-    > flush privileges;
-    > quit
+    $ DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24  # 生成随机数据库密码
+    $ echo -e "\033[31m 你的数据库密码是 $DB_PASSWORD \033[0m"
+    $ mysql -uroot -p -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD'; flush privileges;"
 
 **2.7 修改 Jumpserver 配置文件**
 
 .. code-block:: shell
 
     $ cd /opt/jumpserver
-    $ cp config_example.py config.py
-    $ vim config.py
+    $ cp config_example.yml config.yml
 
-    # 注意对齐,不要直接复制本文档的内容
+    $ SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50  # 生成随机SECRET_KEY
+    $ BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16  # 生成随机BOOTSTRAP_TOKEN
 
-**注意: 配置文件是 Python 格式,不要用 TAB,而要用空格**
+    $ sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
+    $ sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOSECRET_KEY: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
+    $ sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
+    $ sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
+    $ sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: False/SESSION_EXPIRE_AT_BROWSER_CLOSE: True/g" /opt/jumpserver/config.yml
+    $ sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
 
-.. code-block:: python
+    $ echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"
+    $ echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"
 
-    """
-        jumpserver.config
-        ~~~~~~~~~~~~~~~~~
+    $ vim config.yml  # 确认内容有没有错误
 
-        Jumpserver project setting file
+.. code-block:: yaml
 
-        :copyright: (c) 2014-2017 by Jumpserver Team
-        :license: GPL v2, see LICENSE for more details.
-    """
-    import os
-
-    BASE_DIR = os.path.dirname(os.path.abspath(__file__))
-
-
-    class Config:
-        """
-        Jumpserver Config File
-        Jumpserver 配置文件
-
-        Jumpserver use this config for drive django framework running,
-        You can set is value or set the same envirment value,
-        Jumpserver look for config order: file => env => default
-
-        Jumpserver使用配置来驱动Django框架的运行，
-        你可以在该文件中设置，或者设置同样名称的环境变量,
-        Jumpserver使用配置的顺序: 文件 => 环境变量 => 默认值
-        """
     # SECURITY WARNING: keep the secret key used in production secret!
     # 加密秘钥 生产环境中请修改为随机字符串，请勿外泄
-        SECRET_KEY = '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
-
-        # Django security setting, if your disable debug model, you should setting that
-        ALLOWED_HOSTS = ['*']
+    SECRET_KEY:
 
     # SECURITY WARNING: keep the bootstrap token used in production secret!
     # 预共享Token coco和guacamole用来注册服务账号，不在使用原来的注册接受机制
-        BOOTSTRAP_TOKEN = 'nwv4RdXpM82LtSvmV'
+    BOOTSTRAP_TOKEN:
 
     # Development env open this, when error occur display the full process track, Production disable it
     # DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
-        # DEBUG = True
-        DEBUG = False
+    DEBUG: false
 
     # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
     # 日志级别
-        # LOG_LEVEL = 'DEBUG'
-        # LOG_DIR = os.path.join(BASE_DIR, 'logs')
-        LOG_LEVEL = 'ERROR'
-        LOG_DIR = os.path.join(BASE_DIR, 'logs')
+    LOG_LEVEL: ERROR
+    # LOG_DIR:
 
     # Session expiration setting, Default 24 hour, Also set expired on on browser close
     # 浏览器Session过期时间，默认24小时, 也可以设置浏览器关闭则过期
-        # SESSION_COOKIE_AGE = 3600 * 24
-        # SESSION_EXPIRE_AT_BROWSER_CLOSE = False
-        SESSION_EXPIRE_AT_BROWSER_CLOSE = True
+    # SESSION_COOKIE_AGE: 3600 * 24
+    SESSION_EXPIRE_AT_BROWSER_CLOSE: True
 
     # Database setting, Support sqlite3, mysql, postgres ....
     # 数据库设置
@@ -195,62 +169,45 @@
 
     # SQLite setting:
     # 使用单文件sqlite数据库
-        # DB_ENGINE = 'sqlite3'
-        # DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
+    # DB_ENGINE: sqlite3
+    # DB_NAME:
 
     # MySQL or postgres setting like:
     # 使用Mysql作为数据库
-        DB_ENGINE = 'mysql'
-        DB_HOST = '127.0.0.1'
-        DB_PORT = 3306
-        DB_USER = 'jumpserver'
-        DB_PASSWORD = 'weakPassword'
-        DB_NAME = 'jumpserver'
+    DB_ENGINE: mysql
+    DB_HOST: 127.0.0.1
+    DB_PORT: 3306
+    DB_USER: jumpserver
+    DB_PASSWORD:
+    DB_NAME: jumpserver
 
     # When Django start it will bind this host and port
     # ./manage.py runserver 127.0.0.1:8080
     # 运行时绑定端口
-        HTTP_BIND_HOST = '0.0.0.0'
-        HTTP_LISTEN_PORT = 8080
+    HTTP_BIND_HOST: 0.0.0.0
+    HTTP_LISTEN_PORT: 8080
 
     # Use Redis as broker for celery and web socket
     # Redis配置
-        REDIS_HOST = '127.0.0.1'
-        REDIS_PORT = 6379
-        # REDIS_PASSWORD = ''
-        # REDIS_DB_CELERY_BROKER = 3
-        # REDIS_DB_CACHE = 4
+    REDIS_HOST: 127.0.0.1
+    REDIS_PORT: 6379
+    # REDIS_PASSWORD:
+    # REDIS_DB_CELERY: 3
+    # REDIS_DB_CACHE: 4
 
     # Use OpenID authorization
     # 使用OpenID 来进行认证设置
-        # BASE_SITE_URL = 'http://localhost:8080'
-        # AUTH_OPENID = False  # True or False
-        # AUTH_OPENID_SERVER_URL = 'https://openid-auth-server.com/'
-        # AUTH_OPENID_REALM_NAME = 'realm-name'
-        # AUTH_OPENID_CLIENT_ID = 'client-id'
-        # AUTH_OPENID_CLIENT_SECRET = 'client-secret'
-
-        def __init__(self):
-            pass
-
-        def __getattr__(self, item):
-            return None
-
-
-    class DevelopmentConfig(Config):
-        pass
-
-
-    class TestConfig(Config):
-        pass
-
-
-    class ProductionConfig(Config):
-        pass
-
-
-    # Default using Config settings, you can write if/else for different env
-    config = DevelopmentConfig()
+    # BASE_SITE_URL: http://localhost:8080
+    # AUTH_OPENID: false  # True or False
+    # AUTH_OPENID_SERVER_URL: https://openid-auth-server.com/
+    # AUTH_OPENID_REALM_NAME: realm-name
+    # AUTH_OPENID_CLIENT_ID: client-id
+    # AUTH_OPENID_CLIENT_SECRET: client-secret
+
+    # OTP settings
+    # OTP/MFA 配置
+    # OTP_VALID_WINDOW: 0
+    # OTP_ISSUER_NAME: Jumpserver
 
 **2.8 运行 Jumpserver**
 
@@ -293,104 +250,65 @@
 
     $ cd /opt/coco
     $ mkdir keys logs
-    $ cp conf_example.py conf.py  # 如果 coco 与 jumpserver 分开部署,请手动修改 conf.py
-    $ vim conf.py
-
-    # 注意对齐,不要直接复制本文档的内容,实际内容以文件为准,本文仅供参考
-
-**注意: 配置文件是 Python 格式,不要用 TAB,而要用空格**
-
-.. code-block:: python
+    $ cp conf_example.yml conf.yml
+    $ vim conf.yml
 
-    #!/usr/bin/env python3
-    # -*- coding: utf-8 -*-
-    #
+.. code-block:: yaml
 
-    import os
-
-    BASE_DIR = os.path.dirname(__file__)
-
-
-    class Config:
-        """
-        Coco config file, coco also load config from server update setting below
-        """
     # 项目名称, 会用来向Jumpserver注册, 识别而已, 不能重复
-        # NAME = "localhost"
+    # NAME: {{ Hostname }}
 
-        # Jumpserver项目的url, api请求注册会使用, 如果Jumpserver没有运行在127.0.0.1:8080,请修改此处
-        # CORE_HOST = os.environ.get("CORE_HOST") or 'http://127.0.0.1:8080'
-        CORE_HOST = 'http://127.0.0.1:8080'
+    # Jumpserver项目的url, api请求注册会使用
+    CORE_HOST: http://127.0.0.1:8080
 
     # Bootstrap Token, 预共享秘钥, 用来注册coco使用的service account和terminal
     # 请和jumpserver 配置文件中保持一致，注册完成后可以删除
-        # BOOTSTRAP_TOKEN = "PleaseChangeMe"
-        BOOTSTRAP_TOKEN = "nwv4RdXpM82LtSvmV"
+    BOOTSTRAP_TOKEN: <ChangeIT>
 
     # 启动时绑定的ip, 默认 0.0.0.0
-        # BIND_HOST = '0.0.0.0'
+    # BIND_HOST: 0.0.0.0
 
     # 监听的SSH端口号, 默认2222
-        # SSHD_PORT = 2222
+    # SSHD_PORT: 2222
 
-        # 监听的HTTP/WS端口号,默认5000
-        # HTTPD_PORT = 5000
+    # 监听的HTTP/WS端口号，默认5000
+    # HTTPD_PORT: 5000
 
     # 项目使用的ACCESS KEY, 默认会注册,并保存到 ACCESS_KEY_STORE中,
     # 如果有需求, 可以写到配置文件中, 格式 access_key_id:access_key_secret
-        # ACCESS_KEY = None
+    # ACCESS_KEY: null
 
     # ACCESS KEY 保存的地址, 默认注册后会保存到该文件中
-        # ACCESS_KEY_STORE = os.path.join(BASE_DIR, 'keys', '.access_key')
+    # ACCESS_KEY_STORE: keys/.access_key
 
     # 加密密钥
-        # SECRET_KEY = None
+    # SECRET_KEY: null
 
     # 设置日志级别 ['DEBUG', 'INFO', 'WARN', 'ERROR', 'FATAL', 'CRITICAL']
-        # LOG_LEVEL = 'INFO'
-        LOG_LEVEL = 'ERROR'
+    # LOG_LEVEL: INFO
+    LOG_LEVEL: ERROR
 
     # 日志存放的目录
-        # LOG_DIR = os.path.join(BASE_DIR, 'logs')
-
-        # Session录像存放目录
-        # SESSION_DIR = os.path.join(BASE_DIR, 'sessions')
-
-        # 资产显示排序方式, ['ip', 'hostname']
-        # ASSET_LIST_SORT_BY = 'ip'
-
-        # 登录是否支持密码认证
-        # PASSWORD_AUTH = True
-
-        # 登录是否支持秘钥认证
-        # PUBLIC_KEY_AUTH = True
+    # LOG_DIR: logs
 
     # SSH白名单
-        # ALLOW_SSH_USER = 'all'  # ['test', 'test2']
+    # ALLOW_SSH_USER: 'all'
 
-        # SSH黑名单, 如果用户同时在白名单和黑名单,黑名单优先生效
-        # BLOCK_SSH_USER = []
+    # SSH黑名单, 如果用户同时在白名单和黑名单，黑名单优先生效
+    # BLOCK_SSH_USER:
+    #   -
 
     # 和Jumpserver 保持心跳时间间隔
-        # HEARTBEAT_INTERVAL = 5
+    # HEARTBEAT_INTERVAL: 5
 
-        # Admin的名字,出问题会提示给用户
-        # ADMINS = ''
-        COMMAND_STORAGE = {
-            "TYPE": "server"
-        }
-        REPLAY_STORAGE = {
-            "TYPE": "server"
-        }
+    # Admin的名字，出问题会提示给用户
+    # ADMINS: ''
 
     # SSH连接超时时间 (default 15 seconds)
-        # SSH_TIMEOUT = 15
+    # SSH_TIMEOUT: 15
 
     # 语言 = en
-        LANGUAGE_CODE = 'zh'
-
-
-    config = Config()
+    # LANGUAGE_CODE: zh
 
 .. code-block:: shell
 
@@ -410,7 +328,7 @@ Luna 已改为纯前端,需要 Nginx 来运行访问
 .. code-block:: shell
 
     $ cd /opt/
-    $ wget https://github.com/jumpserver/luna/releases/download/1.4.6/luna.tar.gz
+    $ wget https://github.com/jumpserver/luna/releases/download/1.4.7/luna.tar.gz
     $ tar xf luna.tar.gz
     $ chown -R root:root luna
 
@@ -473,7 +391,7 @@ Luna 已改为纯前端,需要 Nginx 来运行访问
     $ export JUMPSERVER_SERVER=http://127.0.0.1:8080  # http://127.0.0.1:8080 指 jumpserver 访问地址
     $ echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
 
-    # BOOTSTRAP_TOKEN 为 Jumpserver/config.py 里面的 BOOTSTRAP_TOKEN
+    # BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN
     $ export BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV
     $ echo "export BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV" >> ~/.bashrc
     $ export JUMPSERVER_KEY_DIR=/config/guacamole/keys

docs/setup_by_ubuntu18.rst

@@ -54,11 +54,9 @@ Ubuntu 18.04 安装文档
 
 .. code-block:: shell
 
-    $ mysql -uroot
-    > create database jumpserver default charset 'utf8';
-    > grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'weakPassword';
-    > flush privileges;
-    > quit
+    $ DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24  # 生成随机数据库密码
+    $ echo -e "\033[31m 你的数据库密码是 $DB_PASSWORD \033[0m"
+    $ mysql -uroot -p -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD'; flush privileges;"
 
 **1.5 安装 Python3.6**
 
@@ -108,70 +106,48 @@ Ubuntu 18.04 安装文档
 .. code-block:: shell
 
     $ cd /opt/jumpserver
-    $ cp config_example.py config.py
-    $ vim config.py
+    $ cp config_example.yml config.yml
 
-    # 注意对齐,不要直接复制本文档的内容
+    $ SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50  # 生成随机SECRET_KEY
+    $ BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16  # 生成随机BOOTSTRAP_TOKEN
 
-**注意: 配置文件是 Python 格式,不要用 TAB,而要用空格**
+    $ sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
+    $ sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOSECRET_KEY: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
+    $ sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
+    $ sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
+    $ sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: False/SESSION_EXPIRE_AT_BROWSER_CLOSE: True/g" /opt/jumpserver/config.yml
+    $ sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
+    $ Server_IP=`ip addr | grep inet | egrep -v '(127.0.0.1|inet6|docker)' | awk '{print $2}' | tr -d "addr:" | head -n 1 | cut -d / -f1` \
 
-.. code-block:: python
+    $ echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"
+    $ echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"
+    $ echo -e "\033[31m 你的服务器IP是 $Server_IP \033[0m"
 
-    """
-        jumpserver.config
-        ~~~~~~~~~~~~~~~~~
+    $ vim config.yml  # 确认内容有没有错误
 
-        Jumpserver project setting file
+.. code-block:: yaml
 
-        :copyright: (c) 2014-2017 by Jumpserver Team
-        :license: GPL v2, see LICENSE for more details.
-    """
-    import os
-
-    BASE_DIR = os.path.dirname(os.path.abspath(__file__))
-
-
-    class Config:
-        """
-        Jumpserver Config File
-        Jumpserver 配置文件
-
-        Jumpserver use this config for drive django framework running,
-        You can set is value or set the same envirment value,
-        Jumpserver look for config order: file => env => default
-
-        Jumpserver使用配置来驱动Django框架的运行，
-        你可以在该文件中设置，或者设置同样名称的环境变量,
-        Jumpserver使用配置的顺序: 文件 => 环境变量 => 默认值
-        """
     # SECURITY WARNING: keep the secret key used in production secret!
     # 加密秘钥 生产环境中请修改为随机字符串，请勿外泄
-        SECRET_KEY = '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
-
-        # Django security setting, if your disable debug model, you should setting that
-        ALLOWED_HOSTS = ['*']
+    SECRET_KEY:
 
     # SECURITY WARNING: keep the bootstrap token used in production secret!
     # 预共享Token coco和guacamole用来注册服务账号，不在使用原来的注册接受机制
-        BOOTSTRAP_TOKEN = 'nwv4RdXpM82LtSvmV'
+    BOOTSTRAP_TOKEN:
 
     # Development env open this, when error occur display the full process track, Production disable it
     # DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
-        # DEBUG = True
-        DEBUG = False
+    DEBUG: false
 
     # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
     # 日志级别
-        # LOG_LEVEL = 'DEBUG'
-        # LOG_DIR = os.path.join(BASE_DIR, 'logs')
-        LOG_LEVEL = 'ERROR'
-        LOG_DIR = os.path.join(BASE_DIR, 'logs')
+    LOG_LEVEL: ERROR
+    # LOG_DIR:
 
     # Session expiration setting, Default 24 hour, Also set expired on on browser close
     # 浏览器Session过期时间，默认24小时, 也可以设置浏览器关闭则过期
-        # SESSION_COOKIE_AGE = 3600 * 24
-        # SESSION_EXPIRE_AT_BROWSER_CLOSE = False
-        SESSION_EXPIRE_AT_BROWSER_CLOSE = True
+    # SESSION_COOKIE_AGE: 3600 * 24
+    SESSION_EXPIRE_AT_BROWSER_CLOSE: True
 
     # Database setting, Support sqlite3, mysql, postgres ....
     # 数据库设置
@@ -179,62 +155,45 @@ Ubuntu 18.04 安装文档
 
     # SQLite setting:
     # 使用单文件sqlite数据库
-        # DB_ENGINE = 'sqlite3'
-        # DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
+    # DB_ENGINE: sqlite3
+    # DB_NAME:
 
     # MySQL or postgres setting like:
     # 使用Mysql作为数据库
-        DB_ENGINE = 'mysql'
-        DB_HOST = '127.0.0.1'
-        DB_PORT = 3306
-        DB_USER = 'jumpserver'
-        DB_PASSWORD = 'weakPassword'
-        DB_NAME = 'jumpserver'
+    DB_ENGINE: mysql
+    DB_HOST: 127.0.0.1
+    DB_PORT: 3306
+    DB_USER: jumpserver
+    DB_PASSWORD:
+    DB_NAME: jumpserver
 
     # When Django start it will bind this host and port
     # ./manage.py runserver 127.0.0.1:8080
     # 运行时绑定端口
-        HTTP_BIND_HOST = '0.0.0.0'
-        HTTP_LISTEN_PORT = 8080
+    HTTP_BIND_HOST: 0.0.0.0
+    HTTP_LISTEN_PORT: 8080
 
     # Use Redis as broker for celery and web socket
     # Redis配置
-        REDIS_HOST = '127.0.0.1'
-        REDIS_PORT = 6379
-        # REDIS_PASSWORD = ''
-        # REDIS_DB_CELERY_BROKER = 3
-        # REDIS_DB_CACHE = 4
+    REDIS_HOST: 127.0.0.1
+    REDIS_PORT: 6379
+    # REDIS_PASSWORD:
+    # REDIS_DB_CELERY: 3
+    # REDIS_DB_CACHE: 4
 
     # Use OpenID authorization
     # 使用OpenID 来进行认证设置
-        # BASE_SITE_URL = 'http://localhost:8080'
-        # AUTH_OPENID = False  # True or False
-        # AUTH_OPENID_SERVER_URL = 'https://openid-auth-server.com/'
-        # AUTH_OPENID_REALM_NAME = 'realm-name'
-        # AUTH_OPENID_CLIENT_ID = 'client-id'
-        # AUTH_OPENID_CLIENT_SECRET = 'client-secret'
-
-        def __init__(self):
-            pass
-
-        def __getattr__(self, item):
-            return None
-
-
-    class DevelopmentConfig(Config):
-        pass
-
-
-    class TestConfig(Config):
-        pass
-
-
-    class ProductionConfig(Config):
-        pass
-
-
-    # Default using Config settings, you can write if/else for different env
-    config = DevelopmentConfig()
+    # BASE_SITE_URL: http://localhost:8080
+    # AUTH_OPENID: false  # True or False
+    # AUTH_OPENID_SERVER_URL: https://openid-auth-server.com/
+    # AUTH_OPENID_REALM_NAME: realm-name
+    # AUTH_OPENID_CLIENT_ID: client-id
+    # AUTH_OPENID_CLIENT_SECRET: client-secret
+
+    # OTP settings
+    # OTP/MFA 配置
+    # OTP_VALID_WINDOW: 0
+    # OTP_ISSUER_NAME: Jumpserver
 
 **2.5 运行 Jumpserver**
 
@@ -266,10 +225,8 @@ Ubuntu 18.04 安装文档
 
 .. code-block:: shell
 
-    $ docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV jumpserver/jms_coco:1.4.6
-
-    # http://<Jumpserver_url> 指向 jumpserver 的服务端口, 如 http://192.168.244.144:8080
-    # BOOTSTRAP_TOKEN 为 Jumpserver/config.py 里面的 BOOTSTRAP_TOKEN
+    $ docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_coco:1.4.7
+    # BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN
 
 四. 安装 RDP Server 和 VNC Server: Guacamole
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -278,9 +235,8 @@ Ubuntu 18.04 安装文档
 
 .. code-block:: shell
 
-    $ docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV jumpserver/jms_guacamole:1.4.6
-    # http://<Jumpserver_url> 指向 jumpserver 的服务端口, 如 http://192.168.244.144:8080
-    # BOOTSTRAP_TOKEN 为 Jumpserver/config.py 里面的 BOOTSTRAP_TOKEN
+    $ docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_guacamole:1.4.7
+    # BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN
 
 五. 安装 Web Terminal 前端: Luna
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -292,7 +248,7 @@ Ubuntu 18.04 安装文档
 .. code-block:: shell
 
     $ cd /opt/
-    $ wget https://github.com/jumpserver/luna/releases/download/1.4.6/luna.tar.gz
+    $ wget https://github.com/jumpserver/luna/releases/download/1.4.7/luna.tar.gz
     $ tar xf luna.tar.gz
     $ chown -R root:root luna
 

docs/step_by_step.rst

@@ -127,81 +127,55 @@
 
 .. code-block:: shell
 
-    $ mysql -uroot
-    > create database jumpserver default charset 'utf8';
-    > grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by 'weakPassword';
-    > flush privileges;
-    > quit
+    $ DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24  # 生成随机数据库密码
+    $ echo -e "\033[31m 你的数据库密码是 $DB_PASSWORD \033[0m"
+    $ mysql -uroot -e "create database jumpserver default charset 'utf8'; grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD'; flush privileges;"
 
 **2.7 修改 Jumpserver 配置文件**
 
 .. code-block:: shell
 
     $ cd /opt/jumpserver
-    $ cp config_example.py config.py
-    $ vi config.py
+    $ cp config_example.yml config.yml
 
-    # 注意对齐,不要直接复制本文档的内容,实际内容以文件为准,本文仅供参考
+    $ SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50  # 生成随机SECRET_KEY
+    $ BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16  # 生成随机BOOTSTRAP_TOKEN
 
-**注意: 配置文件是 Python 格式,不要用 TAB,而要用空格**
+    $ sed -i "s/SECRET_KEY:/SECRET_KEY: $SECRET_KEY/g" /opt/jumpserver/config.yml
+    $ sed -i "s/BOOTSTRAP_TOKEN:/BOOTSTRAP_TOSECRET_KEY: $BOOTSTRAP_TOKEN/g" /opt/jumpserver/config.yml
+    $ sed -i "s/# DEBUG: true/DEBUG: false/g" /opt/jumpserver/config.yml
+    $ sed -i "s/# LOG_LEVEL: DEBUG/LOG_LEVEL: ERROR/g" /opt/jumpserver/config.yml
+    $ sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE: False/SESSION_EXPIRE_AT_BROWSER_CLOSE: True/g" /opt/jumpserver/config.yml
+    $ sed -i "s/DB_PASSWORD: /DB_PASSWORD: $DB_PASSWORD/g" /opt/jumpserver/config.yml
 
-.. code-block:: python
+    $ echo -e "\033[31m 你的SECRET_KEY是 $SECRET_KEY \033[0m"
+    $ echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m"
 
-    """
-        jumpserver.config
-        ~~~~~~~~~~~~~~~~~
+    $ vi config.yml  # 确认内容有没有错误
 
-        Jumpserver project setting file
+.. code-block:: yaml
 
-        :copyright: (c) 2014-2017 by Jumpserver Team
-        :license: GPL v2, see LICENSE for more details.
-    """
-    import os
-
-    BASE_DIR = os.path.dirname(os.path.abspath(__file__))
-
-
-    class Config:
-        """
-        Jumpserver Config File
-        Jumpserver 配置文件
-
-        Jumpserver use this config for drive django framework running,
-        You can set is value or set the same envirment value,
-        Jumpserver look for config order: file => env => default
-
-        Jumpserver使用配置来驱动Django框架的运行，
-        你可以在该文件中设置，或者设置同样名称的环境变量,
-        Jumpserver使用配置的顺序: 文件 => 环境变量 => 默认值
-        """
     # SECURITY WARNING: keep the secret key used in production secret!
     # 加密秘钥 生产环境中请修改为随机字符串，请勿外泄
-        SECRET_KEY = '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
-
-        # Django security setting, if your disable debug model, you should setting that
-        ALLOWED_HOSTS = ['*']
+    SECRET_KEY:
 
     # SECURITY WARNING: keep the bootstrap token used in production secret!
     # 预共享Token coco和guacamole用来注册服务账号，不在使用原来的注册接受机制
-        BOOTSTRAP_TOKEN = 'nwv4RdXpM82LtSvmV'
+    BOOTSTRAP_TOKEN:
 
     # Development env open this, when error occur display the full process track, Production disable it
     # DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
-        # DEBUG = True
-        DEBUG = False
+    DEBUG: false
 
     # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
     # 日志级别
-        # LOG_LEVEL = 'DEBUG'
-        # LOG_DIR = os.path.join(BASE_DIR, 'logs')
-        LOG_LEVEL = 'ERROR'
-        LOG_DIR = os.path.join(BASE_DIR, 'logs')
+    LOG_LEVEL: ERROR
+    # LOG_DIR:
 
     # Session expiration setting, Default 24 hour, Also set expired on on browser close
     # 浏览器Session过期时间，默认24小时, 也可以设置浏览器关闭则过期
-        # SESSION_COOKIE_AGE = 3600 * 24
-        # SESSION_EXPIRE_AT_BROWSER_CLOSE = False
-        SESSION_EXPIRE_AT_BROWSER_CLOSE = True
+    # SESSION_COOKIE_AGE: 3600 * 24
+    SESSION_EXPIRE_AT_BROWSER_CLOSE: True
 
     # Database setting, Support sqlite3, mysql, postgres ....
     # 数据库设置
@@ -209,69 +183,52 @@
 
     # SQLite setting:
     # 使用单文件sqlite数据库
-        # DB_ENGINE = 'sqlite3'
-        # DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
+    # DB_ENGINE: sqlite3
+    # DB_NAME:
 
     # MySQL or postgres setting like:
     # 使用Mysql作为数据库
-        DB_ENGINE = 'mysql'
-        DB_HOST = '127.0.0.1'
-        DB_PORT = 3306
-        DB_USER = 'jumpserver'
-        DB_PASSWORD = 'weakPassword'
-        DB_NAME = 'jumpserver'
+    DB_ENGINE: mysql
+    DB_HOST: 127.0.0.1
+    DB_PORT: 3306
+    DB_USER: jumpserver
+    DB_PASSWORD:
+    DB_NAME: jumpserver
 
     # When Django start it will bind this host and port
     # ./manage.py runserver 127.0.0.1:8080
     # 运行时绑定端口
-        HTTP_BIND_HOST = '0.0.0.0'
-        HTTP_LISTEN_PORT = 8080
+    HTTP_BIND_HOST: 0.0.0.0
+    HTTP_LISTEN_PORT: 8080
 
     # Use Redis as broker for celery and web socket
     # Redis配置
-        REDIS_HOST = '127.0.0.1'
-        REDIS_PORT = 6379
-        # REDIS_PASSWORD = ''
-        # REDIS_DB_CELERY_BROKER = 3
-        # REDIS_DB_CACHE = 4
+    REDIS_HOST: 127.0.0.1
+    REDIS_PORT: 6379
+    # REDIS_PASSWORD:
+    # REDIS_DB_CELERY: 3
+    # REDIS_DB_CACHE: 4
 
     # Use OpenID authorization
     # 使用OpenID 来进行认证设置
-        # BASE_SITE_URL = 'http://localhost:8080'
-        # AUTH_OPENID = False  # True or False
-        # AUTH_OPENID_SERVER_URL = 'https://openid-auth-server.com/'
-        # AUTH_OPENID_REALM_NAME = 'realm-name'
-        # AUTH_OPENID_CLIENT_ID = 'client-id'
-        # AUTH_OPENID_CLIENT_SECRET = 'client-secret'
-
-        def __init__(self):
-            pass
-
-        def __getattr__(self, item):
-            return None
-
-
-    class DevelopmentConfig(Config):
-        pass
-
-
-    class TestConfig(Config):
-        pass
-
-
-    class ProductionConfig(Config):
-        pass
-
-
-    # Default using Config settings, you can write if/else for different env
-    config = DevelopmentConfig()
+    # BASE_SITE_URL: http://localhost:8080
+    # AUTH_OPENID: false  # True or False
+    # AUTH_OPENID_SERVER_URL: https://openid-auth-server.com/
+    # AUTH_OPENID_REALM_NAME: realm-name
+    # AUTH_OPENID_CLIENT_ID: client-id
+    # AUTH_OPENID_CLIENT_SECRET: client-secret
+
+    # OTP settings
+    # OTP/MFA 配置
+    # OTP_VALID_WINDOW: 0
+    # OTP_ISSUER_NAME: Jumpserver
 
 **2.8 运行 Jumpserver**
 
 .. code-block:: shell
 
     $ cd /opt/jumpserver
-    $ ./jms start all  # 后台运行使用 -d 参数./jms start all -d
+    $ ./jms start all -d  # 后台运行使用 -d 参数./jms start all -d
 
     # 新版本更新了运行脚本,使用方式./jms start|stop|status|restart all  后台运行请添加 -d 参数
 
@@ -282,8 +239,6 @@
 
 **3.1 下载或 Clone 项目**
 
-新开一个终端,别忘了 source /opt/py3/bin/activate
-
 .. code-block:: shell
 
     $ cd /opt
@@ -308,108 +263,72 @@
 
     $ cd /opt/coco
     $ mkdir keys logs
-    $ cp conf_example.py conf.py  # 如果 coco 与 jumpserver 分开部署,请手动修改 conf.py
-    $ vi conf.py
-
-    # 注意对齐,不要直接复制本文档的内容
-
-**注意: 配置文件是 Python 格式,不要用 TAB,而要用空格**
+    $ cp conf_example.yml conf.yml
 
-.. code-block:: python
+    $ sed -i "s/BOOTSTRAP_TOKEN: <ChangeIT>/BOOTSTRAP_TOSECRET_KEY: $BOOTSTRAP_TOKEN/g" /opt/coco/conf.yml
+    $ sed -i "s/# LOG_LEVEL: INFO/LOG_LEVEL: ERROR/g" /opt/coco/conf.yml
 
-    #!/usr/bin/env python3
-    # -*- coding: utf-8 -*-
-    #
+    $ vi conf.yml
 
-    import os
+.. code-block:: yaml
 
-    BASE_DIR = os.path.dirname(__file__)
-
-
-    class Config:
-        """
-        Coco config file, coco also load config from server update setting below
-        """
     # 项目名称, 会用来向Jumpserver注册, 识别而已, 不能重复
-        # NAME = "localhost"
+    # NAME: {{ Hostname }}
 
-        # Jumpserver项目的url, api请求注册会使用, 如果Jumpserver没有运行在127.0.0.1:8080,请修改此处
-        # CORE_HOST = os.environ.get("CORE_HOST") or 'http://127.0.0.1:8080'
-        CORE_HOST = 'http://127.0.0.1:8080'
+    # Jumpserver项目的url, api请求注册会使用
+    CORE_HOST: http://127.0.0.1:8080
 
     # Bootstrap Token, 预共享秘钥, 用来注册coco使用的service account和terminal
     # 请和jumpserver 配置文件中保持一致，注册完成后可以删除
-        # BOOTSTRAP_TOKEN = "PleaseChangeMe"
-        BOOTSTRAP_TOKEN = "nwv4RdXpM82LtSvmV"
+    BOOTSTRAP_TOKEN: <ChangeIT>
 
     # 启动时绑定的ip, 默认 0.0.0.0
-        # BIND_HOST = '0.0.0.0'
+    # BIND_HOST: 0.0.0.0
 
     # 监听的SSH端口号, 默认2222
-        # SSHD_PORT = 2222
+    # SSHD_PORT: 2222
 
-        # 监听的HTTP/WS端口号,默认5000
-        # HTTPD_PORT = 5000
+    # 监听的HTTP/WS端口号，默认5000
+    # HTTPD_PORT: 5000
 
     # 项目使用的ACCESS KEY, 默认会注册,并保存到 ACCESS_KEY_STORE中,
     # 如果有需求, 可以写到配置文件中, 格式 access_key_id:access_key_secret
-        # ACCESS_KEY = None
+    # ACCESS_KEY: null
 
     # ACCESS KEY 保存的地址, 默认注册后会保存到该文件中
-        # ACCESS_KEY_STORE = os.path.join(BASE_DIR, 'keys', '.access_key')
+    # ACCESS_KEY_STORE: keys/.access_key
 
     # 加密密钥
-        # SECRET_KEY = None
+    # SECRET_KEY: null
 
     # 设置日志级别 ['DEBUG', 'INFO', 'WARN', 'ERROR', 'FATAL', 'CRITICAL']
-        # LOG_LEVEL = 'INFO'
-        LOG_LEVEL = 'ERROR'
+    LOG_LEVEL: ERROR
 
     # 日志存放的目录
-        # LOG_DIR = os.path.join(BASE_DIR, 'logs')
-
-        # Session录像存放目录
-        # SESSION_DIR = os.path.join(BASE_DIR, 'sessions')
-
-        # 资产显示排序方式, ['ip', 'hostname']
-        # ASSET_LIST_SORT_BY = 'ip'
-
-        # 登录是否支持密码认证
-        # PASSWORD_AUTH = True
-
-        # 登录是否支持秘钥认证
-        # PUBLIC_KEY_AUTH = True
+    # LOG_DIR: logs
 
     # SSH白名单
-        # ALLOW_SSH_USER = 'all'  # ['test', 'test2']
+    # ALLOW_SSH_USER: 'all'
 
-        # SSH黑名单, 如果用户同时在白名单和黑名单,黑名单优先生效
-        # BLOCK_SSH_USER = []
+    # SSH黑名单, 如果用户同时在白名单和黑名单，黑名单优先生效
+    # BLOCK_SSH_USER:
+    #   -
 
     # 和Jumpserver 保持心跳时间间隔
-        # HEARTBEAT_INTERVAL = 5
+    # HEARTBEAT_INTERVAL: 5
 
-        # Admin的名字,出问题会提示给用户
-        # ADMINS = ''
-        COMMAND_STORAGE = {
-            "TYPE": "server"
-        }
-        REPLAY_STORAGE = {
-            "TYPE": "server"
-        }
+    # Admin的名字，出问题会提示给用户
+    # ADMINS: ''
 
     # SSH连接超时时间 (default 15 seconds)
-        # SSH_TIMEOUT = 15
+    # SSH_TIMEOUT: 15
 
     # 语言 = en
-        LANGUAGE_CODE = 'zh'
-
-
-    config = Config()
+    # LANGUAGE_CODE: zh
 
 .. code-block:: shell
 
-    $ ./cocod start  # 后台运行使用 -d 参数./cocod start -d
+    $ ./cocod start -d  # 后台运行使用 -d 参数./cocod start -d
 
     # 新版本更新了运行脚本,使用方式./cocod start|stop|status|restart  后台运行请添加 -d 参数
 
@@ -425,7 +344,7 @@ Luna 已改为纯前端,需要 Nginx 来运行访问
 .. code-block:: shell
 
     $ cd /opt
-    $ wget https://github.com/jumpserver/luna/releases/download/1.4.6/luna.tar.gz
+    $ wget https://github.com/jumpserver/luna/releases/download/1.4.7/luna.tar.gz
     $ tar xf luna.tar.gz
     $ chown -R root:root luna
 
@@ -494,9 +413,9 @@ Guacamole 需要 Tomcat 来运行
     $ export JUMPSERVER_SERVER=http://127.0.0.1:8080  # http://127.0.0.1:8080 指 jumpserver 访问地址
     $ echo "export JUMPSERVER_SERVER=http://127.0.0.1:8080" >> ~/.bashrc
 
-    # BOOTSTRAP_TOKEN 为 Jumpserver/config.py 里面的 BOOTSTRAP_TOKEN
-    $ export BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV
-    $ echo "export BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV" >> ~/.bashrc
+    # BOOTSTRAP_TOKEN 为 Jumpserver/config.yml 里面的 BOOTSTRAP_TOKEN
+    $ export BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN
+    $ echo "export BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc
     $ export JUMPSERVER_KEY_DIR=/config/guacamole/keys
     $ echo "export JUMPSERVER_KEY_DIR=/config/guacamole/keys" >> ~/.bashrc
     $ export GUACAMOLE_HOME=/config/guacamole

docs/upgrade.rst

@@ -8,6 +8,7 @@
 - 不支持从 0.x 版本升级到 1.x 版本
 - 本文档仅针对 1.0 及之后的版本升级教程
 - 从 1.4.x 版本开始 mysql 版本需要大于等于 5.6,mariadb 版本需要大于等于 5.5.6
+- 更新配置文件需要把对应旧版本的设置复制到新的配置文件
 
 0. 检查数据库表结构文件是否完整
 
@@ -57,7 +58,7 @@
 
     $ mv config.py config_old.bak
     $ cp config_example.py config.py
-    $ vi config.py
+    $ vi config.py  # 把 config_old.bak 里面的对应设置填到新的配置文件
 
 .. code-block:: python
 
@@ -238,6 +239,7 @@
 
 - 当前版本必须是 1.4.4 版本,否则请先升级到 1.4.4
 - 从 1.4.5 版本开始,由官方维护唯一 migrations
+- 更新配置文件需要把对应旧版本的设置复制到新的配置文件
 
 **Jumpserver**
 
@@ -261,68 +263,34 @@
     $ git clean -df  # 清除未跟踪文件, 请一定要做好备份后再操作此步骤
     $ git reset --hard  # 还原所有修改, 请一定要做好备份后再操作此步骤
 
-    # 更新 config.py ,请根据你原备份的 config.py 内容进行修改
+    # 更新 config.yml ,请根据你原备份的 config.yml 内容进行修改
     $ mv config.py config_1.4.4.bak
-    $ cp config_example.py config.py
-    $ vi config.py
-
-.. code-block:: python
-
-    """
-        jumpserver.config
-        ~~~~~~~~~~~~~~~~~
-
-        Jumpserver project setting file
-
-        :copyright: (c) 2014-2017 by Jumpserver Team
-        :license: GPL v2, see LICENSE for more details.
-    """
-    import os
-
-    BASE_DIR = os.path.dirname(os.path.abspath(__file__))
-
-
-    class Config:
-        """
-        Jumpserver Config File
-        Jumpserver 配置文件
+    $ cp config_example.yml config.yml
+    $ vi config.yml
 
-        Jumpserver use this config for drive django framework running,
-        You can set is value or set the same envirment value,
-        Jumpserver look for config order: file => env => default
+.. code-block:: vim
 
-        Jumpserver使用配置来驱动Django框架的运行，
-        你可以在该文件中设置，或者设置同样名称的环境变量,
-        Jumpserver使用配置的顺序: 文件 => 环境变量 => 默认值
-        """
     # SECURITY WARNING: keep the secret key used in production secret!
     # 加密秘钥 生产环境中请修改为随机字符串，请勿外泄
-        SECRET_KEY = '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
-
-        # Django security setting, if your disable debug model, you should setting that
-        ALLOWED_HOSTS = ['*']
+    SECRET_KEY: *****
 
     # SECURITY WARNING: keep the bootstrap token used in production secret!
     # 预共享Token coco和guacamole用来注册服务账号，不在使用原来的注册接受机制
-        BOOTSTRAP_TOKEN = 'nwv4RdXpM82LtSvmV'
+    BOOTSTRAP_TOKEN: *****
 
     # Development env open this, when error occur display the full process track, Production disable it
     # DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
-        # DEBUG = True
-        DEBUG = False
+    DEBUG: false
 
     # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
     # 日志级别
-        # LOG_LEVEL = 'DEBUG'
-        # LOG_DIR = os.path.join(BASE_DIR, 'logs')
-        LOG_LEVEL = 'ERROR'
-        LOG_DIR = os.path.join(BASE_DIR, 'logs')
+    LOG_LEVEL: ERROR
+    # LOG_DIR:
 
     # Session expiration setting, Default 24 hour, Also set expired on on browser close
     # 浏览器Session过期时间，默认24小时, 也可以设置浏览器关闭则过期
-        # SESSION_COOKIE_AGE = 3600 * 24
-        # SESSION_EXPIRE_AT_BROWSER_CLOSE = False
-        SESSION_EXPIRE_AT_BROWSER_CLOSE = True
+    # SESSION_COOKIE_AGE: 3600 * 24
+    SESSION_EXPIRE_AT_BROWSER_CLOSE: True
 
     # Database setting, Support sqlite3, mysql, postgres ....
     # 数据库设置
@@ -330,62 +298,45 @@
 
     # SQLite setting:
     # 使用单文件sqlite数据库
-        # DB_ENGINE = 'sqlite3'
-        # DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
+    # DB_ENGINE: sqlite3
+    # DB_NAME:
 
     # MySQL or postgres setting like:
     # 使用Mysql作为数据库
-        DB_ENGINE = 'mysql'
-        DB_HOST = '127.0.0.1'
-        DB_PORT = 3306
-        DB_USER = 'jumpserver'
-        DB_PASSWORD = 'weakPassword'
-        DB_NAME = 'jumpserver'
+    DB_ENGINE: mysql
+    DB_HOST: 127.0.0.1
+    DB_PORT: 3306
+    DB_USER: jumpserver
+    DB_PASSWORD: *****
+    DB_NAME: jumpserver
 
     # When Django start it will bind this host and port
     # ./manage.py runserver 127.0.0.1:8080
     # 运行时绑定端口
-        HTTP_BIND_HOST = '0.0.0.0'
-        HTTP_LISTEN_PORT = 8080
+    HTTP_BIND_HOST: 0.0.0.0
+    HTTP_LISTEN_PORT: 8080
 
     # Use Redis as broker for celery and web socket
     # Redis配置
-        REDIS_HOST = '127.0.0.1'
-        REDIS_PORT = 6379
-        # REDIS_PASSWORD = ''
-        # REDIS_DB_CELERY_BROKER = 3
-        # REDIS_DB_CACHE = 4
+    REDIS_HOST: 127.0.0.1
+    REDIS_PORT: 6379
+    # REDIS_PASSWORD:
+    # REDIS_DB_CELERY: 3
+    # REDIS_DB_CACHE: 4
 
     # Use OpenID authorization
     # 使用OpenID 来进行认证设置
-        # BASE_SITE_URL = 'http://localhost:8080'
-        # AUTH_OPENID = False  # True or False
-        # AUTH_OPENID_SERVER_URL = 'https://openid-auth-server.com/'
-        # AUTH_OPENID_REALM_NAME = 'realm-name'
-        # AUTH_OPENID_CLIENT_ID = 'client-id'
-        # AUTH_OPENID_CLIENT_SECRET = 'client-secret'
-
-        def __init__(self):
-            pass
-
-        def __getattr__(self, item):
-            return None
-
-
-    class DevelopmentConfig(Config):
-        pass
-
-
-    class TestConfig(Config):
-        pass
-
-
-    class ProductionConfig(Config):
-        pass
-
-
-    # Default using Config settings, you can write if/else for different env
-    config = DevelopmentConfig()
+    # BASE_SITE_URL: http://localhost:8080
+    # AUTH_OPENID: false  # True or False
+    # AUTH_OPENID_SERVER_URL: https://openid-auth-server.com/
+    # AUTH_OPENID_REALM_NAME: realm-name
+    # AUTH_OPENID_CLIENT_ID: client-id
+    # AUTH_OPENID_CLIENT_SECRET: client-secret
+
+    # OTP settings
+    # OTP/MFA 配置
+    # OTP_VALID_WINDOW: 0
+    # OTP_ISSUER_NAME: Jumpserver
 
 .. code-block:: shell
 
@@ -433,101 +384,525 @@
     $ ./cocod stop
     $ mv conf.py conf.bak
 
-    # 更新 conf.py ,请根据你原备份的 conf.py 内容进行修改
-    $ cp conf_example.py conf.py
-    $ vi conf.py
+    # 更新 conf.yml ,请根据你原备份的 conf.yml 内容进行修改
+    $ cp conf_example.yml conf.yml
+    $ vi conf.yml
 
-.. code-block:: python
+.. code-block:: vim
 
-    #!/usr/bin/env python3
-    # -*- coding: utf-8 -*-
-    #
+    # 项目名称, 会用来向Jumpserver注册, 识别而已, 不能重复
+    # NAME: {{ Hostname }}
 
-    import os
+    # Jumpserver项目的url, api请求注册会使用
+    CORE_HOST: http://127.0.0.1:8080
 
-    BASE_DIR = os.path.dirname(__file__)
+    # Bootstrap Token, 预共享秘钥, 用来注册coco使用的service account和terminal
+    # 请和jumpserver 配置文件中保持一致，注册完成后可以删除
+    BOOTSTRAP_TOKEN: *****
 
+    # 启动时绑定的ip, 默认 0.0.0.0
+    # BIND_HOST: 0.0.0.0
+
+    # 监听的SSH端口号, 默认2222
+    # SSHD_PORT: 2222
+
+    # 监听的HTTP/WS端口号，默认5000
+    # HTTPD_PORT: 5000
+
+    # 项目使用的ACCESS KEY, 默认会注册,并保存到 ACCESS_KEY_STORE中,
+    # 如果有需求, 可以写到配置文件中, 格式 access_key_id:access_key_secret
+    # ACCESS_KEY: null
+
+    # ACCESS KEY 保存的地址, 默认注册后会保存到该文件中
+    # ACCESS_KEY_STORE: keys/.access_key
+
+    # 加密密钥
+    # SECRET_KEY: null
+
+    # 设置日志级别 ['DEBUG', 'INFO', 'WARN', 'ERROR', 'FATAL', 'CRITICAL']
+    LOG_LEVEL: ERROR
+
+    # 日志存放的目录
+    # LOG_DIR: logs
+
+    # SSH白名单
+    # ALLOW_SSH_USER: 'all'
+
+    # SSH黑名单, 如果用户同时在白名单和黑名单，黑名单优先生效
+    # BLOCK_SSH_USER:
+    #   -
+
+    # 和Jumpserver 保持心跳时间间隔
+    # HEARTBEAT_INTERVAL: 5
+
+    # Admin的名字，出问题会提示给用户
+    # ADMINS: ''
+
+    # SSH连接超时时间 (default 15 seconds)
+    # SSH_TIMEOUT: 15
+
+    # 语言 = en
+    # LANGUAGE_CODE: zh
+
+.. code-block:: shell
+
+    $ pip install -r requirements/requirements.txt
+    $ ./cocod start -d
+
+**Guacamole**
+
+说明: Docker 部署的请跳过
+
+.. code-block:: shell
+
+    $ cd /opt/docker-guacamole
+    $ git pull
+    $ /etc/init.d/guacd stop
+    $ sh /config/tomcat8/bin/shutdown.sh
+    $ ln -sf guacamole-auth-jumpserver-0.9.14.jar /config/guacamole/extensions/guacamole-auth-jumpserver-0.9.14.jar
+
+    $ cd /config
+    $ wget https://github.com/ibuler/ssh-forward/releases/download/v0.0.5/linux-amd64.tar.gz
+    $ tar xf linux-amd64.tar.gz -C /bin/
+    $ chmod +x /bin/ssh-forward
+
+    # BOOTSTRAP_TOKEN 请和 jumpserver 配置文件中保持一致
+    $ export BOOTSTRAP_TOKEN=*****
+    $ echo "export BOOTSTRAP_TOKEN=*****" >> ~/.bashrc
+
+    $ /etc/init.d/guacd start
+    $ sh /config/tomcat8/bin/startup.sh
+
+**Luna**
+
+说明: 直接下载 release 包
+
+.. code-block:: shell
+
+    $ cd /opt
+    $ rm -rf luna
+    $ wget https://github.com/jumpserver/luna/releases/download/1.4.7/luna.tar.gz
+    $ tar xf luna.tar.gz
+    $ chown -R root:root luna
+
+    # 注意把浏览器缓存清理下
+
+**Docker Coco Guacamole**
+
+说明: Docker 部署的 coco 与 guacamole 升级说明
+
+.. code-block:: shell
+
+    # 先到 Web 会话管理 - 终端管理 删掉所有组件
+    $ docker stop jms_coco
+    $ docker stop jms_guacamole
+    $ docker rm jms_coco
+    $ docker rm jms_guacamole
+    $ docker pull jumpserver/jms_coco:1.4.7
+    $ docker pull jumpserver/jms_guacamole:1.4.7
+
+    # BOOTSTRAP_TOKEN 请和 jumpserver 配置文件中保持一致
+    $ docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=***** jumpserver/jms_coco:1.4.7
+    $ docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=***** jumpserver/jms_guacamole:1.4.7
+
+    # 到 Web 会话管理 - 终端管理 查看组件是否已经在线
+
+1.4.5 升级到最新版本
+~~~~~~~~~~~~~~~~~~~~~
+
+- 更新配置文件需要把对应旧版本的设置复制到新的配置文件
+
+**Jumpserver**
+
+.. code-block:: shell
+
+    $ cd /opt/jumpserver
+    $ source /opt/py3/bin/activate
+    $ ./jms stop
+    $ cd /opt/jumpserver
+    $ git pull
+
+    # 更新 config.yml ,请根据你原来的 config.bak 内容进行修改
+    $ mv config.py config_1.4.5.bak
+    $ cp config_example.yml config.yml
+    $ vi config.yml
+
+.. code-block:: vim
+
+    # SECURITY WARNING: keep the secret key used in production secret!
+    # 加密秘钥 生产环境中请修改为随机字符串，请勿外泄
+    SECRET_KEY: *****
+
+    # SECURITY WARNING: keep the bootstrap token used in production secret!
+    # 预共享Token coco和guacamole用来注册服务账号，不在使用原来的注册接受机制
+    BOOTSTRAP_TOKEN: *****
+
+    # Development env open this, when error occur display the full process track, Production disable it
+    # DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
+    DEBUG: false
+
+    # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
+    # 日志级别
+    LOG_LEVEL: ERROR
+    # LOG_DIR:
+
+    # Session expiration setting, Default 24 hour, Also set expired on on browser close
+    # 浏览器Session过期时间，默认24小时, 也可以设置浏览器关闭则过期
+    # SESSION_COOKIE_AGE: 3600 * 24
+    SESSION_EXPIRE_AT_BROWSER_CLOSE: True
+
+    # Database setting, Support sqlite3, mysql, postgres ....
+    # 数据库设置
+    # See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
+
+    # SQLite setting:
+    # 使用单文件sqlite数据库
+    # DB_ENGINE: sqlite3
+    # DB_NAME:
+
+    # MySQL or postgres setting like:
+    # 使用Mysql作为数据库
+    DB_ENGINE: mysql
+    DB_HOST: 127.0.0.1
+    DB_PORT: 3306
+    DB_USER: jumpserver
+    DB_PASSWORD: *****
+    DB_NAME: jumpserver
+
+    # When Django start it will bind this host and port
+    # ./manage.py runserver 127.0.0.1:8080
+    # 运行时绑定端口
+    HTTP_BIND_HOST: 0.0.0.0
+    HTTP_LISTEN_PORT: 8080
+
+    # Use Redis as broker for celery and web socket
+    # Redis配置
+    REDIS_HOST: 127.0.0.1
+    REDIS_PORT: 6379
+    # REDIS_PASSWORD:
+    # REDIS_DB_CELERY: 3
+    # REDIS_DB_CACHE: 4
+
+    # Use OpenID authorization
+    # 使用OpenID 来进行认证设置
+    # BASE_SITE_URL: http://localhost:8080
+    # AUTH_OPENID: false  # True or False
+    # AUTH_OPENID_SERVER_URL: https://openid-auth-server.com/
+    # AUTH_OPENID_REALM_NAME: realm-name
+    # AUTH_OPENID_CLIENT_ID: client-id
+    # AUTH_OPENID_CLIENT_SECRET: client-secret
+
+    # OTP settings
+    # OTP/MFA 配置
+    # OTP_VALID_WINDOW: 0
+    # OTP_ISSUER_NAME: Jumpserver
+
+.. code-block:: shell
+
+    $ pip install -r requirements/requirements.txt
+    $ ./jms start all -d
+
+**Coco**
+
+说明: Docker 部署的请跳过
+
+.. code-block:: shell
+
+    $ cd /opt/coco
+    $ git pull
+    $ source /opt/py3/bin/activate
+    $ ./cocod stop
+    $ mv conf.py conf.bak
+
+    # 更新 conf.yml ,请根据你原备份的 conf.bak 内容进行修改
+    $ cp conf_example.yml conf.yml
+    $ vi conf.yml
+
+.. code-block:: vim
 
-    class Config:
-        """
-        Coco config file, coco also load config from server update setting below
-        """
     # 项目名称, 会用来向Jumpserver注册, 识别而已, 不能重复
-        # NAME = "localhost"
+    # NAME: {{ Hostname }}
 
-        # Jumpserver项目的url, api请求注册会使用, 如果Jumpserver没有运行在127.0.0.1:8080,请修改此处
-        # CORE_HOST = os.environ.get("CORE_HOST") or 'http://127.0.0.1:8080'
-        CORE_HOST = 'http://127.0.0.1:8080'
+    # Jumpserver项目的url, api请求注册会使用
+    CORE_HOST: http://127.0.0.1:8080
 
     # Bootstrap Token, 预共享秘钥, 用来注册coco使用的service account和terminal
     # 请和jumpserver 配置文件中保持一致，注册完成后可以删除
-        # BOOTSTRAP_TOKEN = "PleaseChangeMe"
-        BOOTSTRAP_TOKEN = "nwv4RdXpM82LtSvmV"
+    BOOTSTRAP_TOKEN: *****
 
     # 启动时绑定的ip, 默认 0.0.0.0
-        # BIND_HOST = '0.0.0.0'
+    # BIND_HOST: 0.0.0.0
 
     # 监听的SSH端口号, 默认2222
-        # SSHD_PORT = 2222
+    # SSHD_PORT: 2222
 
-        # 监听的HTTP/WS端口号,默认5000
-        # HTTPD_PORT = 5000
+    # 监听的HTTP/WS端口号，默认5000
+    # HTTPD_PORT: 5000
 
     # 项目使用的ACCESS KEY, 默认会注册,并保存到 ACCESS_KEY_STORE中,
     # 如果有需求, 可以写到配置文件中, 格式 access_key_id:access_key_secret
-        # ACCESS_KEY = None
+    # ACCESS_KEY: null
 
     # ACCESS KEY 保存的地址, 默认注册后会保存到该文件中
-        # ACCESS_KEY_STORE = os.path.join(BASE_DIR, 'keys', '.access_key')
+    # ACCESS_KEY_STORE: keys/.access_key
 
     # 加密密钥
-        # SECRET_KEY = None
+    # SECRET_KEY: null
 
     # 设置日志级别 ['DEBUG', 'INFO', 'WARN', 'ERROR', 'FATAL', 'CRITICAL']
-        # LOG_LEVEL = 'INFO'
-        LOG_LEVEL = 'ERROR'
+    LOG_LEVEL: ERROR
 
     # 日志存放的目录
-        # LOG_DIR = os.path.join(BASE_DIR, 'logs')
+    # LOG_DIR: logs
+
+    # SSH白名单
+    # ALLOW_SSH_USER: 'all'
+
+    # SSH黑名单, 如果用户同时在白名单和黑名单，黑名单优先生效
+    # BLOCK_SSH_USER:
+    #   -
+
+    # 和Jumpserver 保持心跳时间间隔
+    # HEARTBEAT_INTERVAL: 5
+
+    # Admin的名字，出问题会提示给用户
+    # ADMINS: ''
+
+    # SSH连接超时时间 (default 15 seconds)
+    # SSH_TIMEOUT: 15
+
+    # 语言 = en
+    # LANGUAGE_CODE: zh
+
+.. code-block:: shell
+
+    $ pip install -r requirements/requirements.txt
+    $ ./cocod start -d
+
+**Guacamole**
+
+说明: Docker 部署的请跳过
+
+.. code-block:: shell
+
+    $ cd /opt/docker-guacamole
+    $ git pull
+    $ /etc/init.d/guacd stop
+    $ sh /config/tomcat8/bin/shutdown.sh
+    $ ln -sf guacamole-auth-jumpserver-0.9.14.jar /config/guacamole/extensions/guacamole-auth-jumpserver-0.9.14.jar
+
+    $ cd /config
+    $ wget https://github.com/ibuler/ssh-forward/releases/download/v0.0.5/linux-amd64.tar.gz
+    $ tar xf linux-amd64.tar.gz -C /bin/
+    $ chmod +x /bin/ssh-forward
+
+    # BOOTSTRAP_TOKEN 请和 jumpserver 配置文件中保持一致
+    $ export BOOTSTRAP_TOKEN=*****
+    $ echo "export BOOTSTRAP_TOKEN=*****" >> ~/.bashrc
+
+    $ /etc/init.d/guacd start
+    $ sh /config/tomcat8/bin/startup.sh
+
+**Luna**
+
+说明: 直接下载 release 包
+
+.. code-block:: shell
+
+    $ cd /opt
+    $ rm -rf luna
+    $ wget https://github.com/jumpserver/luna/releases/download/1.4.7/luna.tar.gz
+    $ tar xf luna.tar.gz
+    $ chown -R root:root luna
+
+    # 注意把浏览器缓存清理下
+
+**Docker Coco Guacamole**
+
+说明: Docker 部署的 coco 与 guacamole 升级说明
+
+.. code-block:: shell
+
+    # 先到 Web 会话管理 - 终端管理 删掉所有组件
+    $ docker stop jms_coco
+    $ docker stop jms_guacamole
+    $ docker rm jms_coco
+    $ docker rm jms_guacamole
+    $ docker pull jumpserver/jms_coco:1.4.7
+    $ docker pull jumpserver/jms_guacamole:1.4.7
+
+    # BOOTSTRAP_TOKEN 请和 jumpserver 配置文件中保持一致
+    $ docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=***** jumpserver/jms_coco:1.4.7
+    $ docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=***** jumpserver/jms_guacamole:1.4.7
+
+    # 到 Web 会话管理 - 终端管理 查看组件是否已经在线
+
+1.4.6 升级到最新版本
+~~~~~~~~~~~~~~~~~~~~~
+
+- 更新配置文件需要把对应旧版本的设置复制到新的配置文件
+
+**Jumpserver**
+
+.. code-block:: shell
+
+    $ cd /opt/jumpserver
+    $ source /opt/py3/bin/activate
+    $ ./jms stop
+    $ cd /opt/jumpserver
+    $ git pull
+
+    # 更新 config.yml ,请根据你原来的 config.bak 内容进行修改
+    $ mv config.py config_1.4.6.bak
+    $ cp config_example.yml config.yml
+    $ vi config.yml
+
+.. code-block:: vim
 
-        # Session录像存放目录
-        # SESSION_DIR = os.path.join(BASE_DIR, 'sessions')
+    # SECURITY WARNING: keep the secret key used in production secret!
+    # 加密秘钥 生产环境中请修改为随机字符串，请勿外泄
+    SECRET_KEY: *****
+
+    # SECURITY WARNING: keep the bootstrap token used in production secret!
+    # 预共享Token coco和guacamole用来注册服务账号，不在使用原来的注册接受机制
+    BOOTSTRAP_TOKEN: *****
 
-        # 资产显示排序方式, ['ip', 'hostname']
-        # ASSET_LIST_SORT_BY = 'ip'
+    # Development env open this, when error occur display the full process track, Production disable it
+    # DEBUG 模式 开启DEBUG后遇到错误时可以看到更多日志
+    DEBUG: false
 
-        # 登录是否支持密码认证
-        # PASSWORD_AUTH = True
+    # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
+    # 日志级别
+    LOG_LEVEL: ERROR
+    # LOG_DIR:
 
-        # 登录是否支持秘钥认证
-        # PUBLIC_KEY_AUTH = True
+    # Session expiration setting, Default 24 hour, Also set expired on on browser close
+    # 浏览器Session过期时间，默认24小时, 也可以设置浏览器关闭则过期
+    # SESSION_COOKIE_AGE: 3600 * 24
+    SESSION_EXPIRE_AT_BROWSER_CLOSE: True
+
+    # Database setting, Support sqlite3, mysql, postgres ....
+    # 数据库设置
+    # See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
+
+    # SQLite setting:
+    # 使用单文件sqlite数据库
+    # DB_ENGINE: sqlite3
+    # DB_NAME:
+
+    # MySQL or postgres setting like:
+    # 使用Mysql作为数据库
+    DB_ENGINE: mysql
+    DB_HOST: 127.0.0.1
+    DB_PORT: 3306
+    DB_USER: jumpserver
+    DB_PASSWORD: *****
+    DB_NAME: jumpserver
+
+    # When Django start it will bind this host and port
+    # ./manage.py runserver 127.0.0.1:8080
+    # 运行时绑定端口
+    HTTP_BIND_HOST: 0.0.0.0
+    HTTP_LISTEN_PORT: 8080
+
+    # Use Redis as broker for celery and web socket
+    # Redis配置
+    REDIS_HOST: 127.0.0.1
+    REDIS_PORT: 6379
+    # REDIS_PASSWORD:
+    # REDIS_DB_CELERY: 3
+    # REDIS_DB_CACHE: 4
+
+    # Use OpenID authorization
+    # 使用OpenID 来进行认证设置
+    # BASE_SITE_URL: http://localhost:8080
+    # AUTH_OPENID: false  # True or False
+    # AUTH_OPENID_SERVER_URL: https://openid-auth-server.com/
+    # AUTH_OPENID_REALM_NAME: realm-name
+    # AUTH_OPENID_CLIENT_ID: client-id
+    # AUTH_OPENID_CLIENT_SECRET: client-secret
+
+    # OTP settings
+    # OTP/MFA 配置
+    # OTP_VALID_WINDOW: 0
+    # OTP_ISSUER_NAME: Jumpserver
+
+.. code-block:: shell
+
+    $ pip install -r requirements/requirements.txt
+    $ ./jms start all -d
+
+**Coco**
+
+说明: Docker 部署的请跳过
+
+.. code-block:: shell
+
+    $ cd /opt/coco
+    $ git pull
+    $ source /opt/py3/bin/activate
+    $ ./cocod stop
+    $ mv conf.py conf.bak
+
+    # 更新 conf.yml ,请根据你原备份的 conf.yml 内容进行修改
+    $ cp conf_example.yml conf.yml
+    $ vi conf.yml
+
+.. code-block:: vim
+
+    # 项目名称, 会用来向Jumpserver注册, 识别而已, 不能重复
+    # NAME: {{ Hostname }}
+
+    # Jumpserver项目的url, api请求注册会使用
+    CORE_HOST: http://127.0.0.1:8080
+
+    # Bootstrap Token, 预共享秘钥, 用来注册coco使用的service account和terminal
+    # 请和jumpserver 配置文件中保持一致，注册完成后可以删除
+    BOOTSTRAP_TOKEN: *****
+
+    # 启动时绑定的ip, 默认 0.0.0.0
+    # BIND_HOST: 0.0.0.0
+
+    # 监听的SSH端口号, 默认2222
+    # SSHD_PORT: 2222
+
+    # 监听的HTTP/WS端口号，默认5000
+    # HTTPD_PORT: 5000
+
+    # 项目使用的ACCESS KEY, 默认会注册,并保存到 ACCESS_KEY_STORE中,
+    # 如果有需求, 可以写到配置文件中, 格式 access_key_id:access_key_secret
+    # ACCESS_KEY: null
+
+    # ACCESS KEY 保存的地址, 默认注册后会保存到该文件中
+    # ACCESS_KEY_STORE: keys/.access_key
+
+    # 加密密钥
+    # SECRET_KEY: null
+
+    # 设置日志级别 ['DEBUG', 'INFO', 'WARN', 'ERROR', 'FATAL', 'CRITICAL']
+    LOG_LEVEL: ERROR
+
+    # 日志存放的目录
+    # LOG_DIR: logs
 
     # SSH白名单
-        # ALLOW_SSH_USER = 'all'  # ['test', 'test2']
+    # ALLOW_SSH_USER: 'all'
 
-        # SSH黑名单, 如果用户同时在白名单和黑名单,黑名单优先生效
-        # BLOCK_SSH_USER = []
+    # SSH黑名单, 如果用户同时在白名单和黑名单，黑名单优先生效
+    # BLOCK_SSH_USER:
+    #   -
 
     # 和Jumpserver 保持心跳时间间隔
-        # HEARTBEAT_INTERVAL = 5
+    # HEARTBEAT_INTERVAL: 5
 
-        # Admin的名字,出问题会提示给用户
-        # ADMINS = ''
-        COMMAND_STORAGE = {
-            "TYPE": "server"
-        }
-        REPLAY_STORAGE = {
-            "TYPE": "server"
-        }
+    # Admin的名字，出问题会提示给用户
+    # ADMINS: ''
 
     # SSH连接超时时间 (default 15 seconds)
-        # SSH_TIMEOUT = 15
+    # SSH_TIMEOUT: 15
 
     # 语言 = en
-        LANGUAGE_CODE = 'zh'
-
-
-    config = Config()
+    # LANGUAGE_CODE: zh
 
 .. code-block:: shell
 
@@ -551,8 +926,9 @@
     $ tar xf linux-amd64.tar.gz -C /bin/
     $ chmod +x /bin/ssh-forward
 
-    $ export BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV
-    $ echo "export BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV" >> ~/.bashrc
+    # BOOTSTRAP_TOKEN 请和 jumpserver 配置文件中保持一致
+    $ export BOOTSTRAP_TOKEN=*****
+    $ echo "export BOOTSTRAP_TOKEN=*****" >> ~/.bashrc
 
     $ /etc/init.d/guacd start
     $ sh /config/tomcat8/bin/startup.sh
@@ -565,7 +941,7 @@
 
     $ cd /opt
     $ rm -rf luna
-    $ wget https://github.com/jumpserver/luna/releases/download/1.4.6/luna.tar.gz
+    $ wget https://github.com/jumpserver/luna/releases/download/1.4.7/luna.tar.gz
     $ tar xf luna.tar.gz
     $ chown -R root:root luna
 
@@ -582,15 +958,16 @@
     $ docker stop jms_guacamole
     $ docker rm jms_coco
     $ docker rm jms_guacamole
-    $ docker pull jumpserver/jms_coco:1.4.6
-    $ docker pull jumpserver/jms_guacamole:1.4.6
-    $ docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV jumpserver/jms_coco:1.4.6
-    $ docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV jumpserver/jms_guacamole:1.4.6
+    $ docker pull jumpserver/jms_coco:1.4.7
+    $ docker pull jumpserver/jms_guacamole:1.4.7
 
-    # 到 Web 会话管理 - 终端管理 查看组件是否已经在线
+    # BOOTSTRAP_TOKEN 请和 jumpserver 配置文件中保持一致
+    $ docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=***** jumpserver/jms_coco:1.4.7
+    $ docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=***** jumpserver/jms_guacamole:1.4.7
 
+    # 到 Web 会话管理 - 终端管理 查看组件是否已经在线
 
-1.4.5 升级到最新版本
+1.4.7 升级到最新版本 (未开放)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 **Jumpserver**
@@ -598,6 +975,7 @@
 .. code-block:: shell
 
     $ cd /opt/jumpserver
+    $ source /opt/py3/bin/activate
     $ git pull
     $ pip install -r requirements/requirements.txt
 
@@ -638,7 +1016,7 @@
 
     $ cd /opt
     $ rm -rf luna
-    $ wget https://github.com/jumpserver/luna/releases/download/1.4.6/luna.tar.gz
+    $ wget https://github.com/jumpserver/luna/releases/download/1.4.8/luna.tar.gz
     $ tar xf luna.tar.gz
     $ chown -R root:root luna
 
@@ -655,9 +1033,9 @@
     $ docker stop jms_guacamole
     $ docker rm jms_coco
     $ docker rm jms_guacamole
-    $ docker pull jumpserver/jms_coco:1.4.6
-    $ docker pull jumpserver/jms_guacamole:1.4.6
-    $ docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV jumpserver/jms_coco:1.4.6
-    $ docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV jumpserver/jms_guacamole:1.4.6
+    $ docker pull jumpserver/jms_coco:1.4.8
+    $ docker pull jumpserver/jms_guacamole:1.4.8
+    $ docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV jumpserver/jms_coco:1.4.8
+    $ docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV jumpserver/jms_guacamole:1.4.8
 
     # 到 Web 会话管理 - 终端管理 查看组件是否已经在线

docs/user_api.rst

@@ -6,7 +6,7 @@ API 文档
     通过访问 http://Jumpserver的URL地址/docs 来访问( 如 http://192.168.244.144/docs )
     注：需要打开 debug 模式,
 
-    $ vi jumpserver/config.py
+    $ vi jumpserver/config.yml
 
     ...
     Debug=True