Update

ac2f25d4 · wojiushixiaobai · 4038492f · ac2f25d4 · ac2f25d4 · ac2f25d4
Commit ac2f25d4 authored Dec 19, 2018 by wojiushixiaobai
5 changed files
--- a/docs/change_log.rst
+++ b/docs/change_log.rst
 更新日志
 ===========
+1.4.6
+------------------------
+2018年12月19日
+* 会话日志可以定时清理，保证硬盘够用
+* coco里 p可以自定义是否分页了
+* 优化树形结构，不怕资产太多了
+* 其他bug
 1.4.5
 ------------------------
 2018年12月12日

--- a/docs/installation.rst
+++ b/docs/installation.rst
@@ -4,6 +4,7 @@
 .. toctree::
   :maxdepth: 1
+   setup_by_fast
   dockerinstall
   step_by_step
   setup_by_ubuntu

--- a/docs/setup_by_fast.rst
+++ b/docs/setup_by_fast.rst
+极速安装
+--------
+说明
+~~~~~~~
+- 本文档没有说明 (=・ω・=)
+开始安装
+~~~~~~~~~~~~
+.. code-block:: shell
+    $ yum update -y \
+      && systemctl enable firewalld \
+      && systemctl start firewalld \
+      && firewall-cmd --zone=public --add-port=80/tcp --permanent \
+      && firewall-cmd --zone=public --add-port=2222/tcp --permanent \
+      && firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="172.17.0.0/16" port protocol="tcp" port="8080" accept" \
+      && firewall-cmd --reload \
+      && setenforce 0 \
+      && sed -i "s/enforcing/disabled/g" /etc/selinux/config \
+      && ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime \
+      && yum -y install kde-l10n-Chinese \
+      && yum -y reinstall glibc-common \
+      && localedef -c -f UTF-8 -i zh_CN zh_CN.UTF-8 \
+      && export LC_ALL=zh_CN.UTF-8 \
+      && echo 'LANG="zh_CN.UTF-8"' > /etc/locale.conf \
+      && yum -y install wget gcc epel-release git \
+      && echo -e "[nginx]\nname=nginx repo\nbaseurl=http://nginx.org/packages/centos/7/\$basearch/\ngpgcheck=0\nenabled=1\n" > /etc/yum.repos.d/nginx.repo \
+      && yum -y install redis mariadb mariadb-devel mariadb-server nginx \
+      && systemctl enable redis mariadb nginx \
+      && systemctl start redis mariadb \
+      && yum -y install python36 python36-devel \
+      && python3.6 -m venv /opt/py3 \
+      && source /opt/py3/bin/activate \
+      && cd /opt \
+      && git clone https://github.com/jumpserver/jumpserver.git \
+      && yum -y install $(cat /opt/jumpserver/requirements/rpm_requirements.txt) \
+      && pip install --upgrade pip setuptools \
+      && pip install -r /opt/jumpserver/requirements/requirements.txt \
+      && yum install -y yum-utils device-mapper-persistent-data lvm2 \
+      && yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo \
+      && yum makecache fast \
+      && rpm --import https://mirrors.aliyun.com/docker-ce/linux/centos/gpg \
+      && yum -y install docker-ce \
+      && systemctl enable docker \
+      && curl -sSL https://get.daocloud.io/daotools/set_mirror.sh | sh -s http://f1361db2.m.daocloud.io \
+      && systemctl restart docker \
+      && docker pull jumpserver/jms_coco:1.4.5 \
+      && docker pull jumpserver/jms_guacamole:1.4.5 \
+      && cd /opt \
+      && wget https://github.com/jumpserver/luna/releases/download/1.4.5/luna.tar.gz \
+      && tar xf luna.tar.gz \
+      && chown -R root:root luna \
+      && rm /etc/nginx/conf.d/default.conf
+    # nginx 配置文件
+    $ cat << EOF > /etc/nginx/conf.d/jumpserver.conf
+    server {
+        listen 80;
+        client_max_body_size 100m;  # 录像及文件上传大小限制
+        location /luna/ {
+            try_files $uri / /index.html;
+            alias /opt/luna/;
+        }
+        location /media/ {
+            add_header Content-Encoding gzip;
+            root /opt/jumpserver/data/;
+        }
+        location /static/ {
+            root /opt/jumpserver/data/;
+        }
+        location /socket.io/ {
+            proxy_pass       http://localhost:5000/socket.io/;
+            proxy_buffering off;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            access_log off;
+        }
+        location /coco/ {
+            proxy_pass       http://localhost:5000/coco/;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            access_log off;
+        }
+        location /guacamole/ {
+            proxy_pass       http://localhost:8081/;
+            proxy_buffering off;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection $http_connection;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            access_log off;
+        }
+        location / {
+            proxy_pass http://localhost:8080;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        }
+    }
+    EOF
+.. code-block:: shell
+    # 配置
+    $ systemctl start nginx \
+      && cp /opt/jumpserver/config_example.py /opt/jumpserver/config.py \
+      && DB_PASSWORD=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 24` \
+      && mysql -uroot -e "create database jumpserver default charset 'utf8';grant all on jumpserver.* to 'jumpserver'@'127.0.0.1' identified by '$DB_PASSWORD';flush privileges;" \
+      && BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16` \
+      && sed -i "s/BOOTSTRAP_TOKEN = 'PleaseChangeMe'/BOOTSTRAP_TOKEN = '$BOOTSTRAP_TOKEN'/g" /opt/jumpserver/config.py \
+      && sed -i "s/# DEBUG = True/DEBUG = False/g" /opt/jumpserver/config.py \
+      && sed -i "s/# LOG_LEVEL = 'DEBUG'/LOG_LEVEL = 'ERROR'/g" /opt/jumpserver/config.py \
+      && sed -i "s/# SESSION_EXPIRE_AT_BROWSER_CLOSE = False/SESSION_EXPIRE_AT_BROWSER_CLOSE = True/g" /opt/jumpserver/config.py \
+      && sed -i "s/DB_PASSWORD = ''/DB_PASSWORD = '$DB_PASSWORD'/g" /opt/jumpserver/config.py \
+      && cd /opt/jumpserver/utils \
+      && sh make_migrations.sh \
+      && cd /opt/jumpserver \
+      && ./jms start all -d \
+      && Server_IP=`ip addr | grep inet | egrep -v '(127.0.0.1|inet6|docker)' | awk '{print $2}' | tr -d "addr:" | head -n 1 | cut -d / -f1` \
+      && docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_coco:1.4.5 \
+      && docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://$Server_IP:8080 -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN jumpserver/jms_guacamole:1.4.5 \
+      && echo -e "\033[31m 你的数据库密码是 $DB_PASSWORD \033[0m" \
+      && echo -e "\033[31m 你的BOOTSTRAP_TOKEN是 $BOOTSTRAP_TOKEN \033[0m" \
+      && echo -e "\033[31m 你的服务器IP是 $Server_IP \033[0m"
--- a/docs/start_automatically.rst
+++ b/docs/start_automatically.rst
@@ -143,7 +143,6 @@ Systemd 管理启动 Jumpserver
    # 适合按照一步一步文档进行安装的用户, Centos 7
    # Jumpserver
-    $ sed -i "s/START_TIMEOUT = 15/START_TIMEOUT = 40/g" /opt/jumpserver/jms
    $ cat << EOF > /usr/lib/systemd/system/jms.service
    [Unit]
    Description=jms

--- a/docs/upgrade.rst
+++ b/docs/upgrade.rst
@@ -31,7 +31,7 @@
 .. code-block:: shell
    $ cp -r /opt/jumpserver /opt/jumpserver_bak
-    $ mysqldump -uroot -p jumpserver --ignore-table=jumpserver.django_migrations > /opt/jumpserver.sql
+    $ mysqldump -uroot -p jumpserver > /opt/jumpserver.sql
 .. code-block:: shell
@@ -346,19 +346,7 @@
 .. code-block:: shell
-    $ cd /opt/docker-guacamole
+    # 跳过
-    $ git pull
-    $ /etc/init.d/guacd stop
-    $ sh /config/tomcat8/bin/shutdown.sh
-    $ cp guacamole-auth-jumpserver-0.9.14.jar /config/guacamole/extensions/guacamole-auth-jumpserver-0.9.14.jar
-    $ cd /config
-    $ wget https://github.com/ibuler/ssh-forward/releases/download/v0.0.5/linux-amd64.tar.gz
-    $ tar xf linux-amd64.tar.gz -C /bin/
-    $ chmod +x /bin/ssh-forward
-    $ /etc/init.d/guacd start
-    $ sh /config/tomcat8/bin/startup.sh
 5. 升级 Luna
@@ -392,7 +380,7 @@
 1.4.4 升级到 1.4.5
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 - 当前版本必须是 1.4.4 版本,否则请先升级到 1.4.4
 - 从 1.4.5 版本开始,由官方维护唯一 migrations
@@ -750,6 +738,70 @@
    # 到 Web 会话管理 - 终端管理 查看组件是否已经在线
-1.4.6 及之后版本升级说明 (未开放, 等待更新)
+1.4.5 升级到 1.4.6 及之后版本
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- 如果当前版本必须小于 1.4.5 ,请先升级到 1.4.5
+**Jumpserver**
+.. code-block:: shell
+    $ cd /opt/jumpserver
+    $ git pull
+    $ pip install -r requirements/requirements.txt
+    $ cd utils
+    $ sh make_migrations.sh
+    $ cd ../
+    $ ./jms start all -d
+**Coco**
+说明: Docker 部署的请跳过
+.. code-block:: shell
+    $ cd /opt/coco
+    $ git pull
+    $ source /opt/py3/bin/activate
+    $ pip install -r requirements/requirements.txt
+    $ ./cocod start -d
+**Guacamole**
+说明: Docker 部署的请跳过
+.. code-block:: shell
+    # 1.4.6 无更新, 跳过
+**Luna**
+说明: 直接下载 release 包
+.. code-block:: shell
+    $ cd /opt
+    $ rm -rf luna
+    $ wget https://github.com/jumpserver/luna/releases/download/1.4.6/luna.tar.gz
+    $ tar xf luna.tar.gz
+    $ chown -R root:root luna
+    # 注意把浏览器缓存清理下
+**Docker Coco Guacamole**
+说明: Docker 部署的 coco 与 guacamole 升级说明
+.. code-block:: shell
+    # 先到 Web 会话管理 - 终端管理 删掉所有组件
+    $ docker sop jms_coco
+    $ docker stop jms_guacamole
+    $ docker rm jms_coco
+    $ docker rm jms_guacamole
+    $ docker pull jumpserver/jms_coco:1.4.5
+    $ docker pull jumpserver/jms_guacamole:1.4.5
+    $ docker run --name jms_coco -d -p 2222:2222 -p 5000:5000 -e CORE_HOST=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV jumpserver/jms_coco:1.4.6
+    $ docker run --name jms_guacamole -d -p 8081:8081 -e JUMPSERVER_SERVER=http://<Jumpserver_url> -e BOOTSTRAP_TOKEN=nwv4RdXpM82LtSvmV jumpserver/jms_guacamole:1.4.6
+    # 到 Web 会话管理 - 终端管理 查看组件是否已经在线