Merge pull request #1068 from jumpserver/dev

merge dev to master

Merge pull request #1068 from jumpserver/dev
merge dev to master
9f235207 · 老广 · GitHub · 240faee2 · 63f1ec83 · 9f235207
Unverified Commit 9f235207 authored Mar 14, 2018 by 老广 Committed by GitHub Mar 14, 2018
34 changed files
--- a/.gitignore
+++ b/.gitignore
@@ -5,6 +5,7 @@
 .env
 env
 env*
+venv
 dist
 build
 *.egg

--- a/README.md
+++ b/README.md
@@ -12,7 +12,7 @@ Jumpserver是全球首款完全开源的堡垒机，使用GNU GPL v2.0开源协
 Jumpserver使用Python / Django 进行开发，遵循 Web 2.0 规范，配备了业界领先的 Web Terminal 解决方案，交互界面美观、用户体验好。
-Jumpserver采纳分布式架构，支持多机房跨区域部署，中心节点提供 API，各机房部署登录节点，可横向扩展、无并发访问限制。
+Jumpserver采纳分布式架构，支持多机房跨区域部署，中心节点提供 API，各机房部署登录节点，可横向扩展、无并发限制。
 改变世界，从一点点开始。
@@ -52,7 +52,7 @@ Jumpserver采纳分布式架构，支持多机房跨区域部署，中心节点
 ### License & Copyright
-Copyright (c) 2014-2017 Beijing Duizhan Tech, Inc., All rights reserved.
+Copyright (c) 2014-2018 Beijing Duizhan Tech, Inc., All rights reserved.
 Licensed under The GNU General Public License version 2 (GPLv2)  (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

--- a/apps/assets/api/node.py
+++ b/apps/assets/api/node.py
@@ -18,10 +18,12 @@ from rest_framework.views import APIView
 from rest_framework.response import Response
 from rest_framework_bulk import BulkModelViewSet
 from django.utils.translation import ugettext_lazy as _
+from django.shortcuts import get_object_or_404
 from common.utils import get_logger, get_object_or_none
 from ..hands import IsSuperUser
 from ..models import Node
+from ..tasks import update_assets_hardware_info_util, test_asset_connectability_util
 from .. import serializers
@@ -29,7 +31,8 @@ logger = get_logger(__file__)
 __all__ = [
    'NodeViewSet', 'NodeChildrenApi',
    'NodeAddAssetsApi', 'NodeRemoveAssetsApi',
-    'NodeAddChildrenApi',
+    'NodeAddChildrenApi', 'RefreshNodeHardwareInfoApi',
+    'TestNodeConnectiveApi'
 ]
@@ -117,3 +120,31 @@ class NodeRemoveAssetsApi(generics.UpdateAPIView):
        instance = self.get_object()
        if instance != Node.root():
            instance.assets.remove(*tuple(assets))
+class RefreshNodeHardwareInfoApi(APIView):
+    permission_classes = (IsSuperUser,)
+    model = Node
+    def get(self, request, *args, **kwargs):
+        node_id = kwargs.get('pk')
+        node = get_object_or_404(self.model, id=node_id)
+        assets = node.assets.all()
+        # task_name = _("Refresh node assets hardware info: {}".format(node.name))
+        task_name = _("更新节点资产硬件信息: {}".format(node.name))
+        update_assets_hardware_info_util.delay(assets, task_name=task_name)
+        return Response({"msg": "Task created"})
+class TestNodeConnectiveApi(APIView):
+    permission_classes = (IsSuperUser,)
+    model = Node
+    def get(self, request, *args, **kwargs):
+        node_id = kwargs.get('pk')
+        node = get_object_or_404(self.model, id=node_id)
+        assets = node.assets.all()
+        task_name = _("测试节点下资产是否可连接: {}".format(node.name))
+        test_asset_connectability_util.delay(assets, task_name=task_name)
+        return Response({"msg": "Task created"})
--- a/apps/assets/api/system_user.py
+++ b/apps/assets/api/system_user.py
@@ -40,23 +40,22 @@ class SystemUserViewSet(BulkModelViewSet):
    permission_classes = (IsSuperUserOrAppUser,)
-class SystemUserAuthInfoApi(generics.RetrieveAPIView):
+class SystemUserAuthInfoApi(generics.RetrieveUpdateAPIView):
    """
    Get system user auth info
    """
    queryset = SystemUser.objects.all()
    permission_classes = (IsSuperUserOrAppUser,)
+    serializer_class = serializers.SystemUserAuthSerializer
-    def retrieve(self, request, *args, **kwargs):
+    def update(self, request, *args, **kwargs):
-        system_user = self.get_object()
+        password = request.data.pop("password", None)
-        data = {
+        private_key = request.data.pop("private_key", None)
-            'id': system_user.id,
+        instance = self.get_object()
-            'name': system_user.name,
-            'username': system_user.username,
+        if password or private_key:
-            'password': system_user.password,
+            instance.set_auth(password=password, private_key=private_key)
-            'private_key': system_user.private_key,
+        return super().update(request, *args, **kwargs)
-        }
-        return Response(data)
 class SystemUserPushApi(generics.RetrieveAPIView):

--- a/apps/assets/forms/asset.py
+++ b/apps/assets/forms/asset.py
@@ -35,10 +35,10 @@ class AssetCreateForm(forms.ModelForm):
            'ip': '* required',
            'port': '* required',
            'admin_user': _(
-                'Admin user is a privilege user exist on this asset,'
+                'root or other NOPASSWD sudo privilege user existed in asset,'
-                'Example: root or other NOPASSWD sudo privilege user'
+                'If asset is windows or other set any one, more see admin user left menu'
-                'If asset not support ansible, set any one'
+            ),
-            )
+            'platform': _("* required Must set exact system platform, Windows, Linux ...")
        }
@@ -67,10 +67,10 @@ class AssetUpdateForm(forms.ModelForm):
            'port': '* required',
            'cluster': '* required',
            'admin_user': _(
-                'Admin user is a privilege user exist on this asset,'
+                'root or other NOPASSWD sudo privilege user existed in asset,'
-                'Example: root or other NOPASSWD sudo privilege user'
+                'If asset is windows or other set any one, more see admin user left menu'
-                'If asset not support ansible, set any one'
+            ),
-            )
+            'platform': _("* required Must set exact system platform, Windows, Linux ...")
        }
@@ -102,7 +102,7 @@ class AssetBulkUpdateForm(forms.ModelForm):
    class Meta:
        model = Asset
        fields = [
-            'assets', 'port',  'admin_user', 'labels', 'nodes',
+            'assets', 'port',  'admin_user', 'labels', 'nodes', 'platform'
        ]
        widgets = {
            'labels': forms.SelectMultiple(

--- a/apps/assets/serializers/system_user.py
+++ b/apps/assets/serializers/system_user.py
@@ -36,6 +36,21 @@ class SystemUserSerializer(serializers.ModelSerializer):
        return len(obj.assets)
+class SystemUserAuthSerializer(serializers.ModelSerializer):
+    """
+    系统用户认证信息
+    """
+    password = serializers.CharField(max_length=1024)
+    private_key = serializers.CharField(max_length=4096)
+    class Meta:
+        model = SystemUser
+        fields = [
+            "id", "name", "username", "protocol",
+            "password", "private_key",
+        ]
 class AssetSystemUserSerializer(serializers.ModelSerializer):
    """
    查看授权的资产系统用户的数据结构，这个和AssetSerializer不同，字段少

--- a/apps/assets/signals_handler.py
+++ b/apps/assets/signals_handler.py
@@ -21,7 +21,7 @@ def update_asset_hardware_info_on_created(asset):
 def test_asset_conn_on_created(asset):
    logger.debug("Test asset `{}` connectability".format(asset))
-    test_asset_connectability_util.delay(asset)
+    test_asset_connectability_util.delay([asset])
 def set_asset_root_node(asset):

--- a/apps/assets/tasks.py
+++ b/apps/assets/tasks.py
 # ~*~ coding: utf-8 ~*~
 import json
 import re
+import os
 from celery import shared_task
 from django.core.cache import cache
@@ -20,6 +21,7 @@ TIMEOUT = 60
 logger = get_logger(__file__)
 CACHE_MAX_TIME = 60*60*60
 disk_pattern = re.compile(r'^hd|sd|xvd|vd')
+PERIOD_TASK = os.environ.get("PERIOD_TASK", "on")
 @shared_task
@@ -89,7 +91,8 @@ def update_assets_hardware_info_util(assets, task_name=None):
    """
    from ops.utils import update_or_create_ansible_task
    if task_name is None:
-        task_name = _("Update some assets hardware info")
+        # task_name = _("Update some assets hardware info")
+        task_name = _("更新资产硬件信息")
    tasks = const.UPDATE_ASSETS_HARDWARE_TASKS
    hostname_list = [asset.hostname for asset in assets if asset.is_active and asset.is_unixlike()]
    task, created = update_or_create_ansible_task(
@@ -105,7 +108,8 @@ def update_assets_hardware_info_util(assets, task_name=None):
 @shared_task
 def update_asset_hardware_info_manual(asset):
-    task_name = _("Update asset hardware info")
+    # task_name = _("Update asset hardware info")
+    task_name = _("更新资产硬件信息")
    return update_assets_hardware_info_util([asset], task_name=task_name)
@@ -118,8 +122,13 @@ def update_assets_hardware_info_period():
    Update asset hardware period task
    :return:
    """
+    if PERIOD_TASK != "on":
+        logger.debug("Period task disabled, update assets hardware info pass")
+        return
    from ops.utils import update_or_create_ansible_task
-    task_name = _("Update assets hardware info period")
+    # task_name = _("Update assets hardware info period")
+    task_name = _("定期更新资产硬件信息")
    hostname_list = [
        asset.hostname for asset in Asset.objects.all()
        if asset.is_active and asset.is_unixlike()
@@ -190,25 +199,32 @@ def test_admin_user_connectability_period():
    """
    A period task that update the ansible task period
    """
+    if PERIOD_TASK != "on":
+        logger.debug("Period task disabled, test admin user connectability pass")
+        return
    admin_users = AdminUser.objects.all()
    for admin_user in admin_users:
-        task_name = _("Test admin user connectability period: {}".format(admin_user.name))
+        # task_name = _("Test admin user connectability period: {}".format(admin_user.name))
+        task_name = _("定期测试管理账号可连接性: {}".format(admin_user.name))
        test_admin_user_connectability_util(admin_user, task_name)
 @shared_task
 def test_admin_user_connectability_manual(admin_user):
-    task_name = _("Test admin user connectability: {}").format(admin_user.name)
+    # task_name = _("Test admin user connectability: {}").format(admin_user.name)
+    task_name = _("测试管理行号可连接性: {}").format(admin_user.name)
    return test_admin_user_connectability_util.delay(admin_user, task_name)
 @shared_task
-def test_asset_connectability_util(asset, task_name=None):
+def test_asset_connectability_util(assets, task_name=None):
    from ops.utils import update_or_create_ansible_task
    if task_name is None:
-        task_name = _("Test asset connectability")
+        # task_name = _("Test assets connectability")
-    hosts = [asset.hostname]
+        task_name = _("测试资产可连接性")
+    hosts = [asset.hostname for asset in assets if asset.is_active and asset.is_unixlike()]
    if not hosts:
        logger.info("No hosts, passed")
        return {}
@@ -219,18 +235,17 @@ def test_asset_connectability_util(asset, task_name=None):
    )
    result = task.run()
    summary = result[1]
-    if summary.get('dark'):
+    for k in summary.get('dark'):
-        cache.set(const.ASSET_ADMIN_CONN_CACHE_KEY.format(asset.hostname), 0,
+        cache.set(const.ASSET_ADMIN_CONN_CACHE_KEY.format(k), 0, CACHE_MAX_TIME)
-                  CACHE_MAX_TIME)
-    else:
+    for k in summary.get('contacted'):
-        cache.set(const.ASSET_ADMIN_CONN_CACHE_KEY.format(asset.hostname), 1,
+        cache.set(const.ASSET_ADMIN_CONN_CACHE_KEY.format(k), 1, CACHE_MAX_TIME)
-                  CACHE_MAX_TIME)
    return summary
 @shared_task
 def test_asset_connectability_manual(asset):
-    summary = test_asset_connectability_util(asset)
+    summary = test_asset_connectability_util([asset])
    if summary.get('dark'):
        return False, summary['dark']
@@ -287,9 +302,14 @@ def test_system_user_connectability_manual(system_user):
 @after_app_ready_start
 @after_app_shutdown_clean
 def test_system_user_connectability_period():
+    if PERIOD_TASK != "on":
+        logger.debug("Period task disabled, test system user connectability pass")
+        return
    system_users = SystemUser.objects.all()
    for system_user in system_users:
-        task_name = _("test system user connectability period: {}".format(system_user))
+        # task_name = _("Test system user connectability period: {}".format(system_user))
+        task_name = _("定期测试系统用户可连接性: {}".format(system_user))
        test_system_user_connectability_util(system_user, task_name)
@@ -366,7 +386,9 @@ def push_system_user_util(system_users, assets, task_name):
 def get_node_push_system_user_task_name(system_user, node):
-    return _("Push system user to node: {} => {}").format(
+    # return _("Push system user to node: {} => {}").format(
+    return _("推送系统用户到节点资产: {} => {}").format(
        system_user.name,
        node.value
    )
@@ -404,7 +426,8 @@ def push_node_system_users_to_asset(node, assets):
        system_users.extend(list(n.systemuser_set.all()))
    if system_users:
-        task_name = _("Push system users to node: {}").format(node.value)
+        # task_name = _("Push system users to node: {}").format(node.value)
+        task_name = _("推送节点系统用户到新加入资产中: {}").format(node.value)
        push_system_user_util.delay(system_users, assets, task_name)

--- a/apps/assets/templates/assets/admin_user_list.html
+++ b/apps/assets/templates/assets/admin_user_list.html
@@ -5,7 +5,8 @@
 {% block help_message %}
    <div class="alert alert-info help-message">
-    管理用户是 服务器上已存在的特权用户，Jumpserver使用该用户来 `推送系统用户`、`获取资产硬件信息`等。
+    管理用户是服务器的root，或拥有 NOPASSWD: ALL sudo权限的用户，Jumpserver使用该用户来 `推送系统用户`、`获取资产硬件信息`等。
+    Windows或其它硬件可以随意设置一个
    </div>
 {% endblock %}

--- a/apps/assets/templates/assets/asset_detail.html
+++ b/apps/assets/templates/assets/asset_detail.html
@@ -155,6 +155,7 @@
                                              </span>
                                          </td>
                                        </tr>
+                                        {% if asset.is_unixlike %}
                                        <tr>
                                            <td>{% trans 'Refresh hardware' %}:</td>
                                            <td>
@@ -171,6 +172,7 @@
                                                </span>
                                            </td>
                                        </tr>
+                                        {% endif %}
                                        </tbody>
                                    </table>
                                </div>

--- a/apps/assets/templates/assets/asset_list.html
+++ b/apps/assets/templates/assets/asset_list.html
@@ -119,6 +119,8 @@
    <ul class="dropdown-menu">
        <li id="menu_asset_create" class="btn-create-asset" tabindex="-1"><a>{% trans 'Create asset' %}</a></li>
        <li id="menu_asset_add" class="btn-add-asset" data-toggle="modal" data-target="#asset_list_modal" tabindex="0"><a>{% trans 'Add asset' %}</a></li>
+        <li id="menu_refresh_hardware_info" class="btn-refresh-hardware" tabindex="-1"><a>{% trans 'Refresh node hardware info' %}</a></li>
+        <li id="menu_test_connective" class="btn-test-connective" tabindex="-1"><a>{% trans 'Test node connective' %}</a></li>
        <li class="divider"></li>
        <li id="m_create" tabindex="-1" onclick="addTreeNode();"><a>{% trans 'Add node' %}</a></li>
        <li id="m_del" tabindex="-1" onclick="editTreeNode();"><a>{% trans 'Rename node' %}</a></li>
@@ -476,6 +478,49 @@ $(document).ready(function(){
    }
    window.open(url, '_self');
 })
+.on('click', '.btn-refresh-hardware', function () {
+    var url = "{% url 'api-assets:node-refresh-hardware-info' pk=DEFAULT_PK %}";
+    var nodes = zTree.getSelectedNodes();
+    var current_node;
+    if (nodes && nodes.length ===1 ){
+        current_node = nodes[0];
+    } else {
+        return null;
+    }
+    var the_url = url.replace("{{ DEFAULT_PK }}", current_node.id);
+    function success() {
+        rMenu.css({"visibility" : "hidden"});
+    }
+    APIUpdateAttr({
+        url: the_url,
+        method: "GET",
+        success_message: "更新硬件信息任务下发成功",
+        success: success
+    });
+})
+.on('click', '.btn-test-connective', function () {
+    var url = "{% url 'api-assets:node-test-connective' pk=DEFAULT_PK %}";
+    var nodes = zTree.getSelectedNodes();
+    var current_node;
+    if (nodes && nodes.length ===1 ){
+        current_node = nodes[0];
+    } else {
+        return null;
+    }
+    var the_url = url.replace("{{ DEFAULT_PK }}", current_node.id);
+    function success() {
+        rMenu.css({"visibility" : "hidden"});
+    }
+    APIUpdateAttr({
+        url: the_url,
+        method: "GET",
+        success_message: "测试可连接性任务下发成功",
+        success: success
+    });
+})
 .on('click', '.btn_asset_delete', function () {
    var $this = $(this);
    var $data_table = $("#asset_list_table").DataTable();

--- a/apps/assets/templates/assets/system_user_list.html
+++ b/apps/assets/templates/assets/system_user_list.html
@@ -3,8 +3,10 @@
 {% block help_message %}
    <div class="alert alert-info help-message">
-    系统用户是 用户登录资产(服务器)时使用的用户，如 web, sa, dba等具有特殊功能的用户。系统用户创建时，如果选择了自动推送
+    系统用户是 Jumpserver跳转登录资产时使用的用户，可以理解为登录资产用户，如 web, sa, dba(`ssh web@some-host`), 而不是使用某个用户的用户名跳转登录服务器(`ssh xiaoming@some-host`);
-    Jumpserver会使用ansible自动推送系统用户到资产中，如果资产(交换机、windows)不支持ansible, 请手动填写账号密码。
+    简单来说是 用户使用自己的用户名登录Jumpserver, Jumpserver使用系统用户登录资产。
+    系统用户创建时，如果选择了自动推送 Jumpserver会使用ansible自动推送系统用户到资产中，如果资产(交换机、windows)不支持ansible, 请手动填写账号密码。
+    目前还不支持Windows的自动推送
    </div>
 {% endblock %}

--- a/apps/assets/urls/api_urls.py
+++ b/apps/assets/urls/api_urls.py
@@ -47,6 +47,8 @@ urlpatterns = [
    url(r'^v1/nodes/(?P<pk>[0-9a-zA-Z\-]{36})/children/add/$', api.NodeAddChildrenApi.as_view(), name='node-add-children'),
    url(r'^v1/nodes/(?P<pk>[0-9a-zA-Z\-]{36})/assets/add/$', api.NodeAddAssetsApi.as_view(), name='node-add-assets'),
    url(r'^v1/nodes/(?P<pk>[0-9a-zA-Z\-]{36})/assets/remove/$', api.NodeRemoveAssetsApi.as_view(), name='node-remove-assets'),
+    url(r'^v1/nodes/(?P<pk>[0-9a-zA-Z\-]{36})/refresh-hardware-info/$', api.RefreshNodeHardwareInfoApi.as_view(), name='node-refresh-hardware-info'),
+    url(r'^v1/nodes/(?P<pk>[0-9a-zA-Z\-]{36})/test-connective/$', api.TestNodeConnectiveApi.as_view(), name='node-test-connective'),
 ]
 urlpatterns += router.urls

--- a/apps/i18n/zh/LC_MESSAGES/django.mo
+++ b/apps/i18n/zh/LC_MESSAGES/django.mo
--- a/apps/i18n/zh/LC_MESSAGES/django.po
+++ b/apps/i18n/zh/LC_MESSAGES/django.po
--- a/apps/jumpserver/settings.py
+++ b/apps/jumpserver/settings.py
@@ -27,7 +27,14 @@ sys.path.append(PROJECT_DIR)
 try:
    from config import config as CONFIG
 except ImportError:
-    CONFIG = type('_', (), {'__getattr__': lambda arg1, arg2: None})()
+    msg = """
+    Error: No config file found.
+    You can run `cp config_example.py config.py`, and edit it.
+    """
+    raise ImportError(msg)
+    # CONFIG = type('_', (), {'__getattr__': lambda arg1, arg2: None})()
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/1.10/howto/deployment/checklist/
@@ -177,7 +184,7 @@ LOGGING = {
            'level': 'DEBUG',
            'class': 'logging.FileHandler',
            'formatter': 'main',
-            'filename': os.path.join(CONFIG.LOG_DIR, 'jumpserver.log')
+            'filename': os.path.join(PROJECT_DIR, 'logs', 'jumpserver.log')
        },
        'ansible_logs': {
            'level': 'DEBUG',

--- a/apps/ops/models.py
+++ b/apps/ops/models.py
@@ -234,7 +234,7 @@ class AdHoc(models.Model):
            result = runner.run(self.tasks, self.pattern, self.task.name)
            return result.results_raw, result.results_summary
        except AnsibleError as e:
-            logger.error("Failed run adhoc {}, {}".format(self.task.name, e))
+            logger.warn("Failed run adhoc {}, {}".format(self.task.name, e))
            pass
    @become.setter

--- a/apps/ops/templates/ops/task_list.html
+++ b/apps/ops/templates/ops/task_list.html
@@ -112,9 +112,7 @@ $(document).ready(function() {
        alert(data)
    };
    var success = function () {
-        setTimeout(function () {
+        alert("任务开始执行，重定向到任务详情页面，多刷新几次查看结果")
-            console.log("ok")
-        }, 1000);
        window.location = "{% url 'ops:task-detail' pk=DEFAULT_PK %}".replace('{{ DEFAULT_PK }}', uid);
    };
    APIUpdateAttr({

--- a/apps/static/css/jumpserver.css
+++ b/apps/static/css/jumpserver.css
@@ -432,4 +432,10 @@ div.dataTables_wrapper div.dataTables_filter {
    font-size: 12px !important;
 }
+.ellipsis {
+    overflow: hidden;
+    text-overflow: ellipsis;
+    white-space: nowrap;
+}
--- a/apps/templates/index.html
+++ b/apps/templates/index.html
@@ -125,9 +125,9 @@
                        {% for data in week_asset_hot_ten %}
                            <div class="timeline-item">
                                <div class="row">
-                                    <div class="col-xs-5 date">
+                                    <div class="col-xs-5 date ellipsis">
                                        <i class="fa fa-info-circle"></i>
-                                        <strong>{{ data.asset }}</strong>
+                                        <strong data-toggle="tooltip" title="{{ data.asset }}">{{ data.asset }}</strong>
                                        <br/>
                                        <small class="text-navy">{{ data.total }}次</small>
                                    </div>
@@ -213,9 +213,9 @@
                        {% for data in week_user_hot_ten %}
                            <div class="timeline-item">
                                <div class="row">
-                                    <div class="col-xs-5 date">
+                                    <div class="col-xs-5 date ellipsis">
                                        <i class="fa fa-info-circle"></i>
-                                        <strong>{{ data.user }}</strong>
+                                        <strong data-toggle="tooltip" title="{{ data.user }}">{{ data.user }}</strong>
                                        <br/>
                                        <small class="text-navy">{{ data.total }}次</small>
                                    </div>
@@ -245,7 +245,8 @@ $(document).ready(function(){
    $('#show').click(function(){
        $('#show').css('display', 'none');
        $('#more').css('display', 'block');
-    })
+    });
+    $("[data-toggle='tooltip']").tooltip();
 });
    require.config({
        paths: {

--- a/apps/terminal/api.py
+++ b/apps/terminal/api.py
@@ -4,7 +4,6 @@ from collections import OrderedDict
 import logging
 import os
 import uuid
-import boto3  # AWS S3 sdk
 from django.core.cache import cache
 from django.shortcuts import get_object_or_404, redirect
@@ -13,6 +12,8 @@ from django.core.files.storage import default_storage
 from django.http import HttpResponseNotFound
 from django.conf import settings
+import jms_storage
 from rest_framework import viewsets, serializers
 from rest_framework.views import APIView, Response
 from rest_framework.permissions import AllowAny
@@ -282,36 +283,20 @@ class SessionReplayViewSet(viewsets.ViewSet):
            url = default_storage.url(path)
            return redirect(url)
        else:
-            config = settings.TERMINAL_REPLAY_STORAGE.items()
+            configs = settings.TERMINAL_REPLAY_STORAGE.items()
-            if config:
+            if not configs:
-                for name, value in config:
+                return HttpResponseNotFound()
-                    if value.get("TYPE", '') == "s3":
-                        client, bucket = self.s3Client(value)
+            for name, config in configs:
-                        try:
+                client = jms_storage.init(config)
-                            date = self.session.date_start.strftime('%Y-%m-%d')
+                date = self.session.date_start.strftime('%Y-%m-%d')
+                file_path = os.path.join(date, str(self.session.id) + '.replay.gz')
-                            client.head_object(Bucket=bucket,
+                target_path = default_storage.base_location + '/' + path
-                                               Key=os.path.join(date, str(self.session.id) + '.replay.gz'))
-                            client.download_file(bucket, os.path.join(date, str(self.session.id) + '.replay.gz'),
+                if client and client.has_file(file_path) and \
-                                                 default_storage.base_location + '/' + path)
+                        client.download_file(file_path, target_path):
-                            return redirect(default_storage.url(path))
+                    return redirect(default_storage.url(path))
-                        except:
+        return HttpResponseNotFound()
-                            pass
-            return HttpResponseNotFound()
-    def s3Client(self, config):
-        bucket = config.get("BUCKET", "jumpserver")
-        REGION = config.get("REGION", None)
-        ACCESS_KEY = config.get("ACCESS_KEY", None)
-        SECRET_KEY = config.get("SECRET_KEY", None)
-        if ACCESS_KEY and REGION and SECRET_KEY:
-            s3 = boto3.client('s3',
-                              region_name=REGION,
-                              aws_access_key_id=ACCESS_KEY,
-                              aws_secret_access_key=SECRET_KEY)
-        else:
-            s3 = boto3.client('s3')
-        return s3, bucket
 class TerminalConfig(APIView):

--- a/apps/terminal/forms.py
+++ b/apps/terminal/forms.py
@@ -27,20 +27,20 @@ def get_all_replay_storage():
 class TerminalForm(forms.ModelForm):
    command_storage = forms.ChoiceField(
        choices=get_all_command_storage(),
-        label=_("Command storage")
+        label=_("Command storage"),
+        help_text=_("Command can store in server db or ES, default to server, more see docs"),
    )
    replay_storage = forms.ChoiceField(
        choices=get_all_replay_storage(),
-        label=_("Replay storage")
+        label=_("Replay storage"),
+        help_text=_("Replay file can store in server disk, AWS S3, Aliyun OSS, default to server, more see docs"),
    )
    class Meta:
        model = Terminal
        fields = [
-            'name', 'remote_addr', 'ssh_port', 'http_port', 'comment',
+            'name', 'remote_addr', 'comment',
            'command_storage', 'replay_storage',
        ]
        help_texts = {
-            'ssh_port': _("Coco ssh listen port"),
-            'http_port': _("Coco http/ws listen port"),
        }
--- a/apps/terminal/templates/terminal/terminal_list.html
+++ b/apps/terminal/templates/terminal/terminal_list.html
@@ -28,8 +28,8 @@
            </th>
            <th class="text-center">{% trans 'Name' %}</th>
            <th class="text-center">{% trans 'Addr' %}</th>
-            <th class="text-center">{% trans 'SSH port' %}</th>
+{#            <th class="text-center">{% trans 'SSH port' %}</th>#}
-            <th class="text-center">{% trans 'Http port' %}</th>
+{#            <th class="text-center">{% trans 'Http port' %}</th>#}
            <th class="text-center">{% trans 'Session' %}</th>
            <th class="text-center">{% trans 'Active' %}</th>
            <th class="text-center">{% trans 'Alive' %}</th>
@@ -53,21 +53,21 @@ function initTable() {
                var detail_btn = '<a href="{% url "terminal:terminal-detail" pk=DEFAULT_PK %}">' + cellData + '</a>';
                $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
             }},
-            {targets: 6, createdCell: function (td, cellData) {
+            {targets: 4, createdCell: function (td, cellData) {
                if (!cellData) {
                    $(td).html('<i class="fa fa-times text-danger"></i>')
                } else {
                    $(td).html('<i class="fa fa-check text-navy"></i>')
                }
             }},
-            {targets: 7, createdCell: function (td, cellData) {
+            {targets: 5, createdCell: function (td, cellData) {
                if (!cellData) {
                    $(td).html('<i class="fa fa-circle text-danger"></i>')
                } else {
                    $(td).html('<i class="fa fa-circle text-navy"></i>')
                }
            }},
-            {targets: 8, createdCell: function (td, cellData, rowData) {
+            {targets: 6, createdCell: function (td, cellData, rowData) {
                var update_btn = '<a href="{% url "terminal:terminal-update" pk=DEFAULT_PK %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'
                        .replace('{{ DEFAULT_PK }}', cellData);
                var delete_btn = '<a class="btn btn-xs btn-danger m-l-xs btn-del" data-id="{{ DEFAULT_PK }}" data-name="99991938">{% trans "Delete" %}</a>'
@@ -88,7 +88,7 @@ function initTable() {
             }}
        ],
        ajax_url: '{% url "api-terminal:terminal-list" %}',
-        columns: [{data: function(){return ""}}, {data: "name" }, {data: "remote_addr" }, {data: "ssh_port"}, {data: "http_port"},
+        columns: [{data: function(){return ""}}, {data: "name" }, {data: "remote_addr" },
                  {data: "session_online"}, {data: "is_active" }, {data: 'is_alive'}, {data: "id"}],
        op_html: $('#actions').html()
    };

--- a/apps/terminal/templates/terminal/terminal_modal_accept.html
+++ b/apps/terminal/templates/terminal/terminal_modal_accept.html
@@ -10,8 +10,8 @@
    <p class="alert alert-danger" id="modal-error" style="display: none"></p>
    {% bootstrap_field form.name layout="horizontal" %}
    {% bootstrap_field form.remote_addr layout="horizontal" %}
-    {% bootstrap_field form.ssh_port layout="horizontal" %}
+{#    {% bootstrap_field form.ssh_port layout="horizontal" %}#}
-    {% bootstrap_field form.http_port layout="horizontal" %}
+{#    {% bootstrap_field form.http_port layout="horizontal" %}#}
    {% bootstrap_field form.command_storage layout="horizontal" %}
    {% bootstrap_field form.replay_storage layout="horizontal" %}
    {% bootstrap_field form.comment layout="horizontal" %}

--- a/apps/terminal/templates/terminal/terminal_update.html
+++ b/apps/terminal/templates/terminal/terminal_update.html
@@ -33,8 +33,8 @@
                            <h3>{% trans 'Info' %}</h3>
                            {% bootstrap_field form.name layout="horizontal" %}
                            {% bootstrap_field form.remote_addr layout="horizontal" %}
-                            {% bootstrap_field form.ssh_port layout="horizontal" %}
+{#                            {% bootstrap_field form.ssh_port layout="horizontal" %}#}
-                            {% bootstrap_field form.http_port layout="horizontal" %}
+{#                            {% bootstrap_field form.http_port layout="horizontal" %}#}
                            {% bootstrap_field form.command_storage layout="horizontal" %}
                            {% bootstrap_field form.replay_storage layout="horizontal" %}

--- a/apps/users/api.py
+++ b/apps/users/api.py
@@ -180,15 +180,23 @@ class UserConnectionTokenApi(APIView):
            'asset': asset_id,
            'system_user': system_user_id
        }
-        cache.set(token, value, timeout=3600)
+        cache.set(token, value, timeout=20)
        return Response({"token": token}, status=201)
    def get(self, request):
        token = request.query_params.get('token')
+        user_only = request.query_params.get('user-only', None)
        value = cache.get(token, None)
-        if value:
-            cache.delete(token)
-        return Response(value)
+        if not value:
+            return Response('', status=404)
+        if not user_only:
+            return Response(value)
+        else:
+            return Response({'user': value['user']})
+    def get_permissions(self):
+        if self.request.query_params.get('user-only', None):
+            self.permission_classes = (AllowAny,)
+        return super().get_permissions()
--- a/apps/users/forms.py
+++ b/apps/users/forms.py
@@ -20,10 +20,12 @@ class UserLoginForm(AuthenticationForm):
 class UserCreateUpdateForm(forms.ModelForm):
+    role_choices = ((i, n) for i, n in User.ROLE_CHOICES if i != User.ROLE_APP)
    password = forms.CharField(
        label=_('Password'), widget=forms.PasswordInput,
        max_length=128, strip=False, required=False,
    )
+    role = forms.ChoiceField(choices=role_choices, required=True, initial=User.ROLE_USER, label=_("Role"))
    class Meta:
        model = User

--- a/docs/contact.rst
+++ b/docs/contact.rst
@@ -4,14 +4,17 @@
 商业支持
 ~~~~~~~~~~~
-https://market.aliyun.com/products/53690006/cmgj026011.html
+`阿里云市场购买: <https://market.aliyun.com/products/53690006/cmgj026011.html>`_
-QQ群
+QQ 群
 ~~~~~~~~
-群1: 390139816
+群1: 390139816 (推荐)
-群2: 399218702
-群3: 552054376
+群2: 399218702 (满)
+群3: 552054376 (满)
 Github
@@ -29,10 +32,10 @@ http://www.jumpserver.org
 Demo
 ~~~~~~~~
-http://demo.jumpserver.org:8080
+http://demo.jumpserver.org
 邮件
 ~~~~~~~~
-ibuler#fit2cloud.com (#替换为@)
+support@fit2cloud.com (#替换为@)
\ No newline at end of file
--- a/docs/faq.rst
+++ b/docs/faq.rst
 FAQ
-+++++++++++++++++++++
+==========
\ No newline at end of file
+1. Windows 无法连接
+::
+    (1). 如果白屏  可能是nginx设置的不对，也可能运行guacamole的docker容器有问题，总之请求到不了guacamole
+    (2). 如果显示没有权限 可能是你在 终端管理里没有接受 guacamole的注册，请接受一下，如果还是不行，就删除刚才的注册，重启guacamole的docker重新注册
+    (3). 如果显示未知问题 可能是你的资产填写的端口不对，或者授权的系统用户的协议不是rdp
+2. 用户、系统用户、管理用户的关系
+::
+    用户：每个公司的同事创建一个用户账号，用来登录Jumpserver
+    系统用户：使用来登录到服务器的用户，如 web, dba, root等
+    管理用户：是服务器上已存在的特权用户，Ansible用来获取硬件信息, 如 root, 或者其它拥有 sudo NOPASSWD: ALL权限的用户
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -19,3 +19,4 @@ Jumpserver 文档
   contributor
   contact
   snapshot
+   faq
--- a/docs/intro.rst
+++ b/docs/intro.rst
-简介
-============
-Jumpserver是混合云下更好用的堡垒机, 分布式架构设计无限扩展，轻松对接混合云资产，支持使用云存储（AWS S3, ES等）存储录像、命令
-Jumpserver颠覆传统堡垒机, 无主机和并发数量限制，支持水平扩容，FIT2CLOUD提供完备的商业服务支持，用户无后顾之忧
-Jumpserver拥有极致的用户体验, 极致UI体验，容器化的部署方式，部署过程方便快捷，可持续升级
-组件说明
-++++++++++++++++++++++++
-Jumpserver
-```````````
-现指Jumpserver管理后台，是核心组件(Core), 使用 Django Class Based View 风格开发，支持Restful API。
-`Github <https://github.com/jumpserver/jumpserver.git>`_
-Coco
-````````
-实现了SSH Server 和 Web Terminal Server的组件，提供ssh和websocket接口, 使用 Paramiko 和 Flask 开发。
-`Github <https://github.com/jumpserver/coco.git>`__
-Luna
-````````
-现在是Web Terminal前端，计划前端页面都由该项目提供，Jumpserver只提供API，不再负责后台渲染html等。
-`Github <https://github.com/jumpserver/luna.git>`__
-Guacamole
-```````````
-Apache 跳板机项目，Jumpserver使用其组件实现RDP功能，Jumpserver并没有修改其代码而是添加了额外的插件，支持Jumpserver调用
-Jumpserver-python-sdk
-```````````````````````
-Jumpserver API Python SDK，Coco目前使用该SDK与Jumpserver API交互
-`Github <https://github.com/jumpserver/jumpserver-python-sdk.git>`__
-组件架构图
-++++++++++++++++++++++++
-.. image:: _static/img/structure.png
-    :alt: 组件架构图
--- a/docs/quickstart.rst
+++ b/docs/quickstart.rst
 快速安装
 ==========================
-Jumpserver 封装了一个 All in one Docker，可以快速启动。该镜像集成了所有需要的组件，可以使用外置 Database 和 Redis
+Jumpserver 封装了一个 All in one Docker，可以快速启动。该镜像集成了所需要的组件(Windows组件未暂未集成)，也支持使用外置 Database 和 Redis
-Tips: 不建议在生产中使用
+Tips: 不建议在生产中使用, 生产中请使用 详细安装 `详细安装 <https://docs.docker.com/install/>`_
 Docker 安装见: `Docker官方安装文档 <https://docs.docker.com/install/>`_
@@ -18,9 +18,12 @@ Docker 安装见: `Docker官方安装文档 <https://docs.docker.com/install/>`_
 访问
 ```````````````
-浏览器访问: http://localhost:8080
+浏览器访问: http://<容器所在服务器IP>:8080
+SSH访问: ssh -p 2222 <容器所在服务器IP>
+XShell等工具请添加connection连接
-SSH访问: ssh -p 2222 localhost
 额外环境变量
@@ -33,9 +36,9 @@ SSH访问: ssh -p 2222 localhost
 - DB_PASSWORD = xxxx
 - DB_NAME = jumpserver
- REDIS_HOST = ''
+- REDIS_HOST = <redis-host>
- REDIS_PORT = ''
+- REDIS_PORT = <redis-port>
- REDIS_PASSWORD = ''
+- REDIS_PASSWORD = <
 ::

--- a/docs/step_by_step.rst
+++ b/docs/step_by_step.rst
@@ -26,7 +26,7 @@
 ::
-    $ yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release
+    $ yum -y install wget sqlite-devel xz gcc automake zlib-devel openssl-devel epel-release git
 **1.2 编译安装**
@@ -222,22 +222,33 @@ Luna 已改为纯前端，需要 Nginx 来运行访问
 .. code:: shell
+    # 注意：这里一定要改写一下本机的IP地址, 否则会出错
    docker run -d \
-      -p 8081:8080 \
+      -p 8081:8080 -v /opt/guacamole/key:/config/guacamole/key \
+      -e JUMPSERVER_KEY_DIR=/config/guacamole/key \
      -e JUMPSERVER_SERVER=http://<填写本机的IP地址>:8080 \
      registry.jumpserver.org/public/guacamole:latest
 这里所需要注意的是 guacamole 暴露出来的端口是 8081，若与主机上其他端口冲突请自定义一下。
-修改 JUMPSERVER SERVER 的配置，填上 Jumpserver 的内网地址
+再次强调：修改 JUMPSERVER_SERVER 环境变量的配置，填上 Jumpserver 的内网地址, 这时
+去 Jumpserver-会话管理-终端管理 接受[Gua]开头的一个注册
 六. 配置 Nginx 整合各组件
 ~~~~~~~~~~~~~~~~~~~~~~~~~
 6.1 安装 Nginx 根据喜好选择安装方式和版本
-6.2 配置文件
+.. code:: shell
+    yum -y install nginx
+6.2 准备配置文件 修改 /etc/nginx/nginx.conf
 ::
@@ -287,4 +298,10 @@ Luna 已改为纯前端，需要 Nginx 来运行访问
 6.3 运行 Nginx
+::
+    nginx -t
+    service nginx start
 6.4 访问 http://192.168.244.144
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@@ -61,6 +61,7 @@ pytz==2017.3
 PyYAML==3.12
 redis==2.10.6
 requests==2.18.4
+jms-storage==0.0.13
 s3transfer==0.1.13
 simplejson==3.13.2
 six==1.11.0