From a8f1d170b8d6441b23440d4ed1165f60baae8c8e Mon Sep 17 00:00:00 2001
From: wojiushixiaobai <296015668@qq.com>
Date: Mon, 26 Nov 2018 08:51:24 +0800
Subject: [PATCH] =?UTF-8?q?[Update]=E6=9B=B4=E6=96=B0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
docs/admin_create_asset.rst | 2 +-
docs/upgrade.rst | 251 ++++++++++++++++++++++++++++++++++--
2 files changed, 244 insertions(+), 9 deletions(-)
diff --git a/docs/admin_create_asset.rst b/docs/admin_create_asset.rst
index e71f8df9..60c6650c 100644
--- a/docs/admin_create_asset.rst
+++ b/docs/admin_create_asset.rst
@@ -3,7 +3,7 @@
说明
``````````
-- 到 Jumpserver 会è¯ç®¡ç†-ç»ˆç«¯ç®¡ç† æŽ¥å— Coco Guacamole ç‰åº”用的注册
+- 到 Jumpserver 会è¯ç®¡ç†-ç»ˆç«¯ç®¡ç† æŸ¥çœ‹ Coco Guacamole ç‰åº”用是å¦åœ¨çº¿
一ã€ç³»ç»Ÿè®¾ç½®
````````````````````
diff --git a/docs/upgrade.rst b/docs/upgrade.rst
index 2648f1a1..1dbb5143 100644
--- a/docs/upgrade.rst
+++ b/docs/upgrade.rst
@@ -188,7 +188,7 @@
# 到 Web 会è¯ç®¡ç† - ç»ˆç«¯ç®¡ç† æŽ¥å—新的注册
-1.4.4 å‡çº§åˆ° 1.4.5 (下个版本,当å‰è¿˜æœªå¼€æ”¾,请勿执行)
+1.4.4 å‡çº§åˆ° 1.4.5 (未开放, ç‰å¾…æ›´æ–°)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- 当å‰ç‰ˆæœ¬å¿…须是 1.4.4 版本,å¦åˆ™è¯·å…ˆå‡çº§åˆ° 1.4.4
@@ -202,16 +202,144 @@
$ git pull
$ source /opt/py3/bin/activate
$ ./jms stop
+
+.. code-block:: shell
+
+ # 备份数æ®åº“表结构文件
+ $ jumpserver_backup=/tmp/jumpserver_backup
+ $ mkdir -p $jumpserver_backup
+ $ mv config.py $jumpserver_backup/
+ $ cd /opt/jumpserver/apps
+ $ for d in $(ls);do
+ if [ -d $d ] && [ -d $d/migrations ];then
+ mkdir -p $jumpserver_backup/${d}/migrations
+ cp ${d}/migrations/*.py $jumpserver_backup/${d}/migrations/
+ fi
+ done
+
+.. code-block:: shell
+
+ $ cd /opt/jumpserver
$ git pull
+ $ cp config_example.py config.py
+ $ vi config.py
+
+.. code-block:: python
+
+ """
+ jumpserver.config
+ ~~~~~~~~~~~~~~~~~
+
+ Jumpserver project setting file
- $ pip install -r requirements/requirements.txt
+ :copyright: (c) 2014-2017 by Jumpserver Team
+ :license: GPL v2, see LICENSE for more details.
+ """
+ import os
+
+ BASE_DIR = os.path.dirname(os.path.abspath(__file__))
+
+
+ class Config:
+ """
+ Jumpserver Config File
+ Jumpserver é…置文件
+ Jumpserver use this config for drive django framework running,
+ You can set is value or set the same envirment value,
+ Jumpserver look for config order: file => env => default
+ Jumpserver使用é…ç½®æ¥é©±åŠ¨Django框架的è¿è¡Œï¼Œ
+ ä½ å¯ä»¥åœ¨è¯¥æ–‡ä»¶ä¸è®¾ç½®ï¼Œæˆ–者设置åŒæ ·å称的环境å˜é‡,
+ Jumpserver使用é…置的顺åº: 文件 => 环境å˜é‡ => 默认值
+ """
+ # SECURITY WARNING: keep the secret key used in production secret!
+ # åŠ å¯†ç§˜é’¥ 生产环境ä¸è¯·ä¿®æ”¹ä¸ºéšæœºå—符串,请勿外泄
+ SECRET_KEY = '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
+ # SECURITY WARNING: keep the bootstrap token used in production secret!
+ # 预共享Token cocoå’Œguacamole用æ¥æ³¨å†ŒæœåŠ¡è´¦å·ï¼Œä¸åœ¨ä½¿ç”¨åŽŸæ¥çš„注册接å—机制
+ BOOTSTRAP_TOKEN = '9JO4#n!Xup2zKZ6V'
+
+ # Development env open this, when error occur display the full process track, Production disable it
+ # DEBUG æ¨¡å¼ å¼€å¯DEBUGåŽé‡åˆ°é”™è¯¯æ—¶å¯ä»¥çœ‹åˆ°æ›´å¤šæ—¥å¿—
+ # DEBUG = False
+
+ # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
+ # 日志级别
+ # LOG_LEVEL = 'ERROR'
+ # LOG_DIR = os.path.join(BASE_DIR, 'logs')
+
+ # Database setting, Support sqlite3, mysql, postgres ....
+ # æ•°æ®åº“设置
+ # See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
+
+ # SQLite setting:
+ # 使用å•æ–‡ä»¶sqliteæ•°æ®åº“
+ # DB_ENGINE = 'sqlite3'
+ # DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
+
+ # MySQL or postgres setting like:
+ # 使用Mysql作为数æ®åº“
+ DB_ENGINE = 'mysql'
+ DB_HOST = '127.0.0.1'
+ DB_PORT = 3306
+ DB_USER = 'jumpserver'
+ DB_PASSWORD = 'weakPassword'
+ DB_NAME = 'jumpserver'
+
+ # When Django start it will bind this host and port
+ # ./manage.py runserver 127.0.0.1:8080
+ # è¿è¡Œæ—¶ç»‘定端å£
+ HTTP_BIND_HOST = '0.0.0.0'
+ HTTP_LISTEN_PORT = 8080
+
+ # Use Redis as broker for celery and web socket
+ # Redisé…ç½®
+ REDIS_HOST = '127.0.0.1'
+ REDIS_PORT = 6379
+ # REDIS_PASSWORD = ''
+ # REDIS_DB_CELERY_BROKER = 3
+ # REDIS_DB_CACHE = 4
+
+ # Use OpenID authorization
+ # 使用OpenID æ¥è¿›è¡Œè®¤è¯è®¾ç½®
+ # BASE_SITE_URL = 'http://localhost:8080'
+ # AUTH_OPENID = False # True or False
+ # AUTH_OPENID_SERVER_URL = 'https://openid-auth-server.com/'
+ # AUTH_OPENID_REALM_NAME = 'realm-name'
+ # AUTH_OPENID_CLIENT_ID = 'client-id'
+ # AUTH_OPENID_CLIENT_SECRET = 'client-secret'
+
+ def __init__(self):
+ pass
+
+ def __getattr__(self, item):
+ return None
+
+
+ class DevelopmentConfig(Config):
+ pass
+
+
+ class TestConfig(Config):
+ pass
+
+
+ class ProductionConfig(Config):
+ pass
+
+
+ # Default using Config settings, you can write if/else for different env
+ config = DevelopmentConfig()
+
+.. code-block:: shell
+
+ $ pip install -r requirements/requirements.txt
$ cd utils
$ sh 1.4.4_to_1.4.5_migrations.sh
$ sh make_migrations.sh
$ cd ../
- $ ./jms start all
+ $ ./jms start all -d
**Coco**
@@ -223,8 +351,107 @@
$ git pull
$ source /opt/py3/bin/activate
$ ./cocod stop
+
+ $ mv conf.py $jumpserver_backup/
+ $ cp conf_example.py conf.py
+ $ vi conf.py
+
+.. code-block:: python
+
+ #!/usr/bin/env python3
+ # -*- coding: utf-8 -*-
+ #
+
+ import os
+
+ BASE_DIR = os.path.dirname(__file__)
+
+
+ class Config:
+ """
+ Coco config file, coco also load config from server update setting below
+ """
+ # 项目å称, 会用æ¥å‘Jumpserver注册, 识别而已, ä¸èƒ½é‡å¤
+ # NAME = "localhost"
+ NAME = "coco"
+
+ # Bootstrap Token, 预共享秘钥, 用æ¥æ³¨å†Œcoco使用的service accountå’Œterminal
+ # 请和jumpserver é…置文件ä¸ä¿æŒä¸€è‡´ï¼Œæ³¨å†Œå®ŒæˆåŽå¯ä»¥åˆ 除
+ # BOOTSTRAP_TOKEN = "9JO4#n!Xup2zKZ6V"
+
+ # Jumpserver项目的url, api请求注册会使用, 如果Jumpserver没有è¿è¡Œåœ¨127.0.0.1:8080,请修改æ¤å¤„
+ # CORE_HOST = os.environ.get("CORE_HOST") or 'http://127.0.0.1:8080'
+ CORE_HOST = 'http://127.0.0.1:8080'
+
+ # å¯åŠ¨æ—¶ç»‘定的ip, 默认 0.0.0.0
+ # BIND_HOST = '0.0.0.0'
+
+ # 监å¬çš„SSH端å£å·, 默认2222
+ # SSHD_PORT = 2222
+
+ # 监å¬çš„HTTP/WS端å£å·,默认5000
+ # HTTPD_PORT = 5000
+
+ # 项目使用的ACCESS KEY, 默认会注册,并ä¿å˜åˆ° ACCESS_KEY_STOREä¸,
+ # 如果有需求, å¯ä»¥å†™åˆ°é…置文件ä¸, æ ¼å¼ access_key_id:access_key_secret
+ # ACCESS_KEY = None
+
+ # ACCESS KEY ä¿å˜çš„地å€, 默认注册åŽä¼šä¿å˜åˆ°è¯¥æ–‡ä»¶ä¸
+ # ACCESS_KEY_STORE = os.path.join(BASE_DIR, 'keys', '.access_key')
+
+ # åŠ å¯†å¯†é’¥
+ # SECRET_KEY = None
+
+ # 设置日志级别 ['DEBUG', 'INFO', 'WARN', 'ERROR', 'FATAL', 'CRITICAL']
+ # LOG_LEVEL = 'INFO'
+ LOG_LEVEL = 'WARN'
+
+ # 日志å˜æ”¾çš„目录
+ # LOG_DIR = os.path.join(BASE_DIR, 'logs')
+
+ # Session录åƒå˜æ”¾ç›®å½•
+ # SESSION_DIR = os.path.join(BASE_DIR, 'sessions')
+
+ # 资产显示排åºæ–¹å¼, ['ip', 'hostname']
+ # ASSET_LIST_SORT_BY = 'ip'
+
+ # 登录是å¦æ”¯æŒå¯†ç 认è¯
+ # PASSWORD_AUTH = True
+
+ # 登录是å¦æ”¯æŒç§˜é’¥è®¤è¯
+ # PUBLIC_KEY_AUTH = True
+
+ # SSH白åå•
+ # ALLOW_SSH_USER = 'all' # ['test', 'test2']
+
+ # SSH黑åå•, 如果用户åŒæ—¶åœ¨ç™½åå•å’Œé»‘åå•,黑åå•ä¼˜å…ˆç”Ÿæ•ˆ
+ # BLOCK_SSH_USER = []
+
+ # å’ŒJumpserver ä¿æŒå¿ƒè·³æ—¶é—´é—´éš”
+ # HEARTBEAT_INTERVAL = 5
+
+ # Adminçš„åå—,出问题会æ示给用户
+ # ADMINS = ''
+ COMMAND_STORAGE = {
+ "TYPE": "server"
+ }
+ REPLAY_STORAGE = {
+ "TYPE": "server"
+ }
+
+ # SSH连接超时时间 (default 15 seconds)
+ # SSH_TIMEOUT = 15
+
+ # è¯è¨€ = en
+ LANGUAGE_CODE = 'zh'
+
+
+ config = Config()
+
+.. code-block:: shell
+
$ pip install -r requirements/requirements.txt
- $ ./cocod start
+ $ ./cocod start -d
**Guacamole**
@@ -236,13 +463,16 @@
$ git pull
$ /etc/init.d/guacd stop
$ sh /config/tomcat8/bin/shutdown.sh
- $ cp guacamole-auth-jumpserver-0.9.14.jar /config/guacamole/extensions/guacamole-auth-jumpserver-0.9.14.jar
+ $ cp -r guacamole-auth-jumpserver-0.9.14.jar /config/guacamole/extensions/guacamole-auth-jumpserver-0.9.14.jar
$ cd /config
$ wget https://github.com/ibuler/ssh-forward/releases/download/v0.0.5/linux-amd64.tar.gz
$ tar xf linux-amd64.tar.gz -C /bin/
$ chmod +x /bin/ssh-forward
+ $ export BOOTSTRAP_TOKEN=9JO4#n!Xup2zKZ6V
+ $ echo "export BOOTSTRAP_TOKEN=9JO4#n!Xup2zKZ6V" >> ~/.bashrc
+
$ /etc/init.d/guacd start
$ sh /config/tomcat8/bin/startup.sh
@@ -271,7 +501,12 @@
$ docker rm jms_guacamole
$ docker pull wojiushixiaobai/coco:1.4.5
$ docker pull wojiushixiaobai/guacamole:1.4.5
- $ docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://<Jumpserver_url> wojiushixiaobai/coco:1.4.5
- $ docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> wojiushixiaobai/guacamole:1.4.5
+ $ docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=9JO4#n!Xup2zKZ6V wojiushixiaobai/coco:1.4.5
+ $ docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=9JO4#n!Xup2zKZ6V wojiushixiaobai/guacamole:1.4.5
- # 到 Web 会è¯ç®¡ç† - ç»ˆç«¯ç®¡ç† æŽ¥å—新的注册
+ # 到 Web 会è¯ç®¡ç† - ç»ˆç«¯ç®¡ç† æŸ¥çœ‹ç»„ä»¶æ˜¯å¦å·²ç»åœ¨çº¿
+
+
+1.4.6 åŠä¹‹åŽç‰ˆæœ¬å‡çº§è¯´æ˜Ž (未开放, ç‰å¾…æ›´æ–°)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+- 如果当å‰ç‰ˆæœ¬å¿…é¡»å°äºŽ 1.4.5 ,请先å‡çº§åˆ° 1.4.5
--
2.18.0