[Update] 修改settings和配置文件

.gitignore

@@ -25,3 +25,4 @@ jumpserver.iml
 .python-version
 tmp/*
 sessions/*
+media

Dockerfile

-FROM jumpserver/python:v3.6.1
-LABEL MAINTAINER Jumpserver Team <ibuler@qq.com>
+FROM jumpserver/python:3
+MAINTAINER Jumpserver Team <ibuler@qq.com>
 
 
 COPY . /opt/jumpserver
@@ -7,9 +7,8 @@ WORKDIR /opt/jumpserver
 
 RUN yum -y install epel-release && yum clean all -y
 RUN cd requirements && yum -y install $(cat rpm_requirements.txt) && yum clean all -y
-RUN cd requirements && pip install -r requirements.txt 
+RUN cd requirements && pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple
 
-RUN rm -f data/db.sqlite3
 RUN rm -r .git
 RUN rm -f config.py
 

apps/jumpserver/settings.py

@@ -119,31 +119,31 @@ SESSION_COOKIE_DOMAIN = CONFIG.SESSION_COOKIE_DOMAIN or None
 CSRF_COOKIE_DOMAIN = CONFIG.CSRF_COOKIE_DOMAIN or None
 SESSION_COOKIE_AGE = CONFIG.SESSION_COOKIE_AGE or 3600*24
 
-
 MESSAGE_STORAGE = 'django.contrib.messages.storage.cookie.CookieStorage'
 # Database
 # https://docs.djangoproject.com/en/1.10/ref/settings/#databases
 
-if CONFIG.DB_ENGINE == 'sqlite':
-    DATABASES = {
-        'default': {
-            'ENGINE': 'django.db.backends.sqlite3',
-            'NAME': CONFIG.DB_NAME or os.path.join(BASE_DIR, 'data', 'db.sqlite3'),
-            'ATOMIC_REQUESTS': True,
-        }
-    }
-else:
-    DATABASES = {
-        'default': {
-            'ENGINE': 'django.db.backends.%s' % CONFIG.DB_ENGINE,
-            'NAME': CONFIG.DB_NAME,
-            'HOST': CONFIG.DB_HOST,
-            'PORT': CONFIG.DB_PORT,
-            'USER': CONFIG.DB_USER,
-            'PASSWORD': CONFIG.DB_PASSWORD,
-            'ATOMIC_REQUESTS': True,
-        }
+# if CONFIG.DB_ENGINE == 'sqlite':
+#     DATABASES = {
+#         'default': {
+#             'ENGINE': 'django.db.backends.sqlite3',
+#             'NAME': CONFIG.DB_NAME or os.path.join(BASE_DIR, 'data', 'db.sqlite3'),
+#             'ATOMIC_REQUESTS': True,
+#         }
+#     }
+
+print(CONFIG.DB_ENGINE)
+DATABASES = {
+    'default': {
+        'ENGINE': 'django.db.backends.{}'.format(CONFIG.DB_ENGINE),
+        'NAME': CONFIG.DB_NAME,
+        'HOST': CONFIG.DB_HOST,
+        'PORT': CONFIG.DB_PORT,
+        'USER': CONFIG.DB_USER,
+        'PASSWORD': CONFIG.DB_PASSWORD,
+        'ATOMIC_REQUESTS': True,
     }
+}
 
 # Password validation
 # https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators
@@ -193,7 +193,7 @@ LOGGING = {
             'level': 'DEBUG',
             'class': 'logging.FileHandler',
             'formatter': 'main',
-            'filename': os.path.join(PROJECT_DIR, 'logs', 'jumpserver.log')
+            'filename': os.path.join(CONFIG.LOG_DIR, 'jumpserver.log')
         },
         'ansible_logs': {
             'level': 'DEBUG',
@@ -275,7 +275,7 @@ MEDIA_ROOT = os.path.join(PROJECT_DIR, 'data', 'media').replace('\\', '/') + '/'
 # BOOTSTRAP_COLUMN_COUNT = 11
 
 # Init data or generate fake data source for development
-FIXTURE_DIRS = [os.path.join(BASE_DIR, 'fixtures'), ]
+FIXTURE_DIRS = [os.path.join(BASE_DIR, 'fixtures'),]
 
 # Email config
 EMAIL_HOST = CONFIG.EMAIL_HOST
@@ -313,17 +313,16 @@ AUTH_USER_MODEL = 'users.User'
 # Auth LDAP settings
 if CONFIG.AUTH_LDAP:
     AUTHENTICATION_BACKENDS.insert(0, 'django_auth_ldap.backend.LDAPBackend')
-AUTH_LDAP_SERVER_URI = CONFIG.AUTH_LDAP_SERVER_URI
-AUTH_LDAP_BIND_DN = CONFIG.AUTH_LDAP_BIND_DN
-AUTH_LDAP_BIND_PASSWORD = CONFIG.AUTH_LDAP_BIND_PASSWORD
-# AUTH_LDAP_USER_DN_TEMPLATE = CONFIG.AUTH_LDAP_USER_DN_TEMPLATE
-AUTH_LDAP_USER_SEARCH = LDAPSearch(
-    CONFIG.AUTH_LDAP_SEARCH_OU,
-    ldap.SCOPE_SUBTREE,
-    CONFIG.AUTH_LDAP_SEARCH_FILTER
-)
-AUTH_LDAP_START_TLS = CONFIG.AUTH_LDAP_START_TLS
-AUTH_LDAP_USER_ATTR_MAP = CONFIG.AUTH_LDAP_USER_ATTR_MAP
+    AUTH_LDAP_SERVER_URI = CONFIG.AUTH_LDAP_SERVER_URI
+    AUTH_LDAP_BIND_DN = CONFIG.AUTH_LDAP_BIND_DN
+    AUTH_LDAP_BIND_PASSWORD = CONFIG.AUTH_LDAP_BIND_PASSWORD
+    AUTH_LDAP_USER_SEARCH = LDAPSearch(
+        CONFIG.AUTH_LDAP_SEARCH_OU,
+        ldap.SCOPE_SUBTREE,
+        CONFIG.AUTH_LDAP_SEARCH_FILTER
+    )
+    AUTH_LDAP_START_TLS = CONFIG.AUTH_LDAP_START_TLS
+    AUTH_LDAP_USER_ATTR_MAP = CONFIG.AUTH_LDAP_USER_ATTR_MAP
 
 # Celery using redis as broker
 BROKER_URL = 'redis://:%(password)s@%(host)s:%(port)s/3' % {
@@ -360,9 +359,7 @@ CAPTCHA_FOREGROUND_COLOR = '#001100'
 CAPTCHA_NOISE_FUNCTIONS = ('captcha.helpers.noise_dots',)
 CAPTCHA_TEST_MODE = CONFIG.CAPTCHA_TEST_MODE
 
-COMMAND_STORE_BACKEND = 'terminal.backends.command.db'
-REPLAY_STORE_BACKEND = 'terminal.backends.replay.db'
-
+COMMAND_STORAGE_BACKEND = 'terminal.backends.command.db'
 
 # Django bootstrap3 setting, more see http://django-bootstrap3.readthedocs.io/en/latest/settings.html
 BOOTSTRAP3 = {

apps/manage.py

@@ -6,7 +6,6 @@ import errno
 if __name__ == "__main__":
     try:
         os.makedirs('../logs')
-        os.makedirs('../sessions')
     except:
         pass
 

apps/perms/api.py

@@ -5,8 +5,9 @@ from django.shortcuts import get_object_or_404
 from rest_framework.views import APIView, Response
 from rest_framework.generics import ListAPIView, get_object_or_404, RetrieveUpdateAPIView
 from rest_framework import viewsets
-from users.permissions import IsValidUser, IsSuperUser, IsAppUser, IsSuperUserOrAppUser
+
 from common.utils import get_object_or_none
+from users.permissions import IsValidUser, IsSuperUser, IsAppUser, IsSuperUserOrAppUser
 from .utils import get_user_granted_assets, get_user_granted_asset_groups, \
     get_user_asset_permissions, get_user_group_asset_permissions, \
     get_user_group_granted_assets, get_user_group_granted_asset_groups

apps/terminal/backends/__init__.py

@@ -4,7 +4,7 @@ from .command.serializers import SessionCommandSerializer
 
 
 def get_command_store():
-    command_engine = import_module(settings.COMMAND_STORE_BACKEND)
+    command_engine = import_module(settings.COMMAND_STORAGE_BACKEND)
     command_store = command_engine.CommandStore()
     return command_store
 

apps/users/models/user.py

@@ -211,10 +211,11 @@ class User(AbstractUser):
     @classmethod
     def create_app_user(cls, name, comment):
         from . import AccessKey
-        domain_name = settings.CONFIG.DOMAIN_NAME or 'jumpserver.org'
-        app = cls.objects.create(username=name, name=name, email='%s@%s' % (name, domain_name), is_active=False,
-                                 role='App', enable_otp=False, comment=comment, is_first_login=False,
-                                 created_by='System')
+        app = cls.objects.create(
+            username=name, name=name, email='%s@local.domain'.format(),
+            is_active=False, role='App', enable_otp=False, comment=comment,
+            is_first_login=False, created_by='System'
+        )
         access_key = AccessKey.objects.create(user=app)
         return app, access_key
 

config_docker.py

@@ -24,7 +24,7 @@ class Config:
     # It's used to identify your site, When we send a create mail to user, we only know login url is /login/
     # But we should know the absolute url like: http://jms.jumpserver.org/login/, so SITE_URL is
     # HTTP_PROTOCOL://HOST[:PORT]
-    SITE_URL = 'http://localhost'
+    SITE_URL = os.environ.get("SITE_URL") or 'http://localhost'
 
     # Domain name, If set app email will set as it
     DOMAIN_NAME = 'jumpserver.org'
@@ -33,10 +33,10 @@ class Config:
     ALLOWED_HOSTS = ['*']
 
     # Development env open this, when error occur display the full process track, Production disable it
-    DEBUG = True
+    DEBUG = os.environ.get("DEBUG") or False
 
     # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
-    LOG_LEVEL = 'DEBUG'
+    LOG_LEVEL = os.environ.get('INFO') or 'INFO'
 
     # Database setting, Support sqlite3, mysql, postgres ....
     # See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
@@ -113,50 +113,8 @@ class Config:
         return None
 
 
-class DevelopmentConfig(Config):
-    DEBUG = True
-    DISPLAY_PER_PAGE = 20
-    DB_ENGINE = 'sqlite'
-    DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
-    EMAIL_HOST = 'smtp.exmail.qq.com'
-    EMAIL_PORT = 465
-    EMAIL_HOST_USER = 'a@jumpserver.org'
-    EMAIL_HOST_PASSWORD = 'somepasswrd'
-    EMAIL_USE_SSL = True
-    EMAIL_USE_TLS = False
-    EMAIL_SUBJECT_PREFIX = '[Jumpserver] '
-    SITE_URL = 'http://localhost:8080'
-
-
-class ProductionConfig(Config):
-    DEBUG = False
-    DB_ENGINE = 'mysql'
-    DB_HOST = '127.0.0.1'
-    DB_PORT = 3306
-    DB_USER = 'root'
-    DB_PASSWORD = ''
-    DB_NAME = 'jumpserver'
-
-
-class DockerConfig(Config):
-    DB_ENGINE = 'sqlite'
-    DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
-    REDIS_HOST = os.environ.get('REDIS_HOST') or 'redis'
-    EMAIL_HOST = os.environ.get('EMAIL_HOST') or 'smtp.qq.com'
-    EMAIL_PORT = int(os.environ.get('EMAIL_PORT', 465))
-    EMAIL_HOST_USER = os.environ.get('EMAIL_HOST_USER') or 'admin'
-    EMAIL_HOST_PASSWORD = os.environ.get('EMAIL_HOST_PASSWORD') or 'somepasswrd'
-    EMAIL_USE_SSL = True if EMAIL_PORT == 465 else False
-    EMAIL_USE_TLS = True if EMAIL_PORT == 587 else False
-    EMAIL_SUBJECT_PREFIX = os.environ.get('EMAIL_SUBJECT_PREFIX') or '[Jumpserver] '
-    SITE_URL = os.environ.get('SITE_URL') or 'http://localhost:8080'
-
-
 config = {
-    'development': DevelopmentConfig,
-    'production': ProductionConfig,
-    'default': DevelopmentConfig,
-    'docker': DockerConfig,
+    'docker': Config,
 }
 
 env = 'docker'

config_example.py

@@ -8,11 +8,8 @@
     :license: GPL v2, see LICENSE for more details.
 """
 import os
-import ldap
-from django_auth_ldap.config import LDAPSearch
 
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
-LOG_DIR = os.path.join(BASE_DIR, 'logs')
 
 
 class Config:
@@ -20,7 +17,7 @@ class Config:
     # SECURITY WARNING: keep the secret key used in production secret!
     SECRET_KEY = os.environ.get('SECRET_KEY') or '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
 
-    # How many line display every page, default 25
+    # How many line display every page if using django pager, default 25
     DISPLAY_PER_PAGE = 25
 
     # It's used to identify your site, When we send a create mail to user, we only know login url is /login/
@@ -28,9 +25,6 @@ class Config:
     # HTTP_PROTOCOL://HOST[:PORT]
     SITE_URL = 'http://localhost'
 
-    # Domain name, If set app email will set as it
-    DOMAIN_NAME = 'jumpserver.org'
-
     # Django security setting, if your disable debug model, you should setting that
     ALLOWED_HOSTS = ['*']
 
@@ -39,15 +33,16 @@ class Config:
 
     # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
     LOG_LEVEL = 'DEBUG'
+    LOG_DIR = os.path.join(BASE_DIR, 'logs')
 
     # Database setting, Support sqlite3, mysql, postgres ....
     # See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
 
-    # Sqlite setting:
-    DATABASE_ENGINE = 'sqlite3'
+    # SQLite setting:
+    DB_ENGINE = 'sqlite3'
     DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
 
-    # Mysql or postgres setting like:
+    # MySQL or postgres setting like:
     # DB_ENGINE = 'mysql'
     # DB_HOST = '127.0.0.1'
     # DB_PORT = 3306
@@ -55,12 +50,6 @@ class Config:
     # DB_PASSWORD = ''
     # DB_NAME = 'jumpserver'
 
-    # When Django start it will bind this host and port
-    # ./manage.py runserver 127.0.0.1:8080
-    # Todo: Gunicorn or uwsgi run may be use it
-    HTTP_BIND_HOST = '0.0.0.0'
-    HTTP_LISTEN_PORT = 8080
-
     # Use Redis as broker for celery and web socket
     REDIS_HOST = '127.0.0.1'
     REDIS_PORT = 6379
@@ -71,24 +60,20 @@ class Config:
         'port': REDIS_PORT,
     }
 
-    # Api token expiration when create
+    # Api token expiration when create, Jumpserver refresh time when request arrive
     TOKEN_EXPIRATION = 3600
 
-    # Session and csrf domain settings, If you deploy jumpserver,coco,luna standby,
-    # So than share cookie, and you need use a same top-level domain name
-
-    # SESSION_COOKIE_DOMAIN = '.jms.com'
-    # CSRF_COOKIE_DOMAIN = '.jms.com'
+    # Session and csrf domain settings
     SESSION_COOKIE_AGE = 3600*24
 
     # Email SMTP setting, we only support smtp send mail
-    # EMAIL_HOST = 'smtp.qq.com'
-    # EMAIL_PORT = 25
-    # EMAIL_HOST_USER = ''
-    # EMAIL_HOST_PASSWORD = ''
-    # EMAIL_USE_SSL = False  # If port is 465, set True
-    # EMAIL_USE_TLS = False  # If port is 587, set True
-    # EMAIL_SUBJECT_PREFIX = '[Jumpserver] '
+    EMAIL_HOST = 'smtp.163.com'
+    EMAIL_PORT = 25
+    EMAIL_HOST_USER = ''
+    EMAIL_HOST_PASSWORD = ''  # Caution: Some SMTP server using `Authorization Code` except password
+    EMAIL_USE_SSL = True if EMAIL_PORT == 465 else False
+    EMAIL_USE_TLS = True if EMAIL_PORT == 587 else False
+    EMAIL_SUBJECT_PREFIX = '[Jumpserver] '
 
     CAPTCHA_TEST_MODE = False
 
@@ -116,36 +101,8 @@ class Config:
         return None
 
 
-class DevelopmentConfig(Config):
-    DEBUG = True
-    DISPLAY_PER_PAGE = 20
-    DB_ENGINE = 'sqlite'
-    DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
-    EMAIL_HOST = 'smtp.exmail.qq.com'
-    EMAIL_PORT = 465
-    EMAIL_HOST_USER = 'a@jumpserver.org'
-    EMAIL_HOST_PASSWORD = 'somepasswrd'
-    EMAIL_USE_SSL = True
-    EMAIL_USE_TLS = False
-    EMAIL_SUBJECT_PREFIX = '[Jumpserver] '
-    SITE_URL = 'http://localhost:8080'
-
-
-class ProductionConfig(Config):
-    DEBUG = False
-    DB_ENGINE = 'mysql'
-    DB_HOST = '127.0.0.1'
-    DB_PORT = 3306
-    DB_USER = 'root'
-    DB_PASSWORD = ''
-    DB_NAME = 'jumpserver'
-
-
 config = {
-    'development': DevelopmentConfig,
-    'production': ProductionConfig,
-
-    'default': DevelopmentConfig,
+    'default': Config,
 }
 
-env = 'development'
+env = 'default'

requirements/requirements.txt

@@ -56,3 +56,4 @@ sshpubkeys==2.2.0
 uritemplate==3.0.0
 urllib3==1.22
 vine==1.1.4
+gunicorn==19.7.1

requirements/rpm_requirements.txt

-libtiff-devel libjpeg-devel libzip-devel freetype-devel lcms2-devel libwebp-devel tcl-devel tk-devel sshpass openldap-devel
+libtiff-devel libjpeg-devel libzip-devel freetype-devel lcms2-devel libwebp-devel tcl-devel tk-devel sshpass openldap-devel mysql-devel libffi-devel