Commit d51b3eff authored by ibuler's avatar ibuler

[Update] 修改settings和配置文件

parent ec45c568
...@@ -25,3 +25,4 @@ jumpserver.iml ...@@ -25,3 +25,4 @@ jumpserver.iml
.python-version .python-version
tmp/* tmp/*
sessions/* sessions/*
media
FROM jumpserver/python:v3.6.1 FROM jumpserver/python:3
LABEL MAINTAINER Jumpserver Team <ibuler@qq.com> MAINTAINER Jumpserver Team <ibuler@qq.com>
COPY . /opt/jumpserver COPY . /opt/jumpserver
...@@ -7,9 +7,8 @@ WORKDIR /opt/jumpserver ...@@ -7,9 +7,8 @@ WORKDIR /opt/jumpserver
RUN yum -y install epel-release && yum clean all -y RUN yum -y install epel-release && yum clean all -y
RUN cd requirements && yum -y install $(cat rpm_requirements.txt) && yum clean all -y RUN cd requirements && yum -y install $(cat rpm_requirements.txt) && yum clean all -y
RUN cd requirements && pip install -r requirements.txt RUN cd requirements && pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple
RUN rm -f data/db.sqlite3
RUN rm -r .git RUN rm -r .git
RUN rm -f config.py RUN rm -f config.py
......
...@@ -119,23 +119,23 @@ SESSION_COOKIE_DOMAIN = CONFIG.SESSION_COOKIE_DOMAIN or None ...@@ -119,23 +119,23 @@ SESSION_COOKIE_DOMAIN = CONFIG.SESSION_COOKIE_DOMAIN or None
CSRF_COOKIE_DOMAIN = CONFIG.CSRF_COOKIE_DOMAIN or None CSRF_COOKIE_DOMAIN = CONFIG.CSRF_COOKIE_DOMAIN or None
SESSION_COOKIE_AGE = CONFIG.SESSION_COOKIE_AGE or 3600*24 SESSION_COOKIE_AGE = CONFIG.SESSION_COOKIE_AGE or 3600*24
MESSAGE_STORAGE = 'django.contrib.messages.storage.cookie.CookieStorage' MESSAGE_STORAGE = 'django.contrib.messages.storage.cookie.CookieStorage'
# Database # Database
# https://docs.djangoproject.com/en/1.10/ref/settings/#databases # https://docs.djangoproject.com/en/1.10/ref/settings/#databases
if CONFIG.DB_ENGINE == 'sqlite': # if CONFIG.DB_ENGINE == 'sqlite':
DATABASES = { # DATABASES = {
'default': { # 'default': {
'ENGINE': 'django.db.backends.sqlite3', # 'ENGINE': 'django.db.backends.sqlite3',
'NAME': CONFIG.DB_NAME or os.path.join(BASE_DIR, 'data', 'db.sqlite3'), # 'NAME': CONFIG.DB_NAME or os.path.join(BASE_DIR, 'data', 'db.sqlite3'),
'ATOMIC_REQUESTS': True, # 'ATOMIC_REQUESTS': True,
} # }
} # }
else:
DATABASES = { print(CONFIG.DB_ENGINE)
DATABASES = {
'default': { 'default': {
'ENGINE': 'django.db.backends.%s' % CONFIG.DB_ENGINE, 'ENGINE': 'django.db.backends.{}'.format(CONFIG.DB_ENGINE),
'NAME': CONFIG.DB_NAME, 'NAME': CONFIG.DB_NAME,
'HOST': CONFIG.DB_HOST, 'HOST': CONFIG.DB_HOST,
'PORT': CONFIG.DB_PORT, 'PORT': CONFIG.DB_PORT,
...@@ -143,7 +143,7 @@ else: ...@@ -143,7 +143,7 @@ else:
'PASSWORD': CONFIG.DB_PASSWORD, 'PASSWORD': CONFIG.DB_PASSWORD,
'ATOMIC_REQUESTS': True, 'ATOMIC_REQUESTS': True,
} }
} }
# Password validation # Password validation
# https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators # https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators
...@@ -193,7 +193,7 @@ LOGGING = { ...@@ -193,7 +193,7 @@ LOGGING = {
'level': 'DEBUG', 'level': 'DEBUG',
'class': 'logging.FileHandler', 'class': 'logging.FileHandler',
'formatter': 'main', 'formatter': 'main',
'filename': os.path.join(PROJECT_DIR, 'logs', 'jumpserver.log') 'filename': os.path.join(CONFIG.LOG_DIR, 'jumpserver.log')
}, },
'ansible_logs': { 'ansible_logs': {
'level': 'DEBUG', 'level': 'DEBUG',
...@@ -275,7 +275,7 @@ MEDIA_ROOT = os.path.join(PROJECT_DIR, 'data', 'media').replace('\\', '/') + '/' ...@@ -275,7 +275,7 @@ MEDIA_ROOT = os.path.join(PROJECT_DIR, 'data', 'media').replace('\\', '/') + '/'
# BOOTSTRAP_COLUMN_COUNT = 11 # BOOTSTRAP_COLUMN_COUNT = 11
# Init data or generate fake data source for development # Init data or generate fake data source for development
FIXTURE_DIRS = [os.path.join(BASE_DIR, 'fixtures'), ] FIXTURE_DIRS = [os.path.join(BASE_DIR, 'fixtures'),]
# Email config # Email config
EMAIL_HOST = CONFIG.EMAIL_HOST EMAIL_HOST = CONFIG.EMAIL_HOST
...@@ -313,17 +313,16 @@ AUTH_USER_MODEL = 'users.User' ...@@ -313,17 +313,16 @@ AUTH_USER_MODEL = 'users.User'
# Auth LDAP settings # Auth LDAP settings
if CONFIG.AUTH_LDAP: if CONFIG.AUTH_LDAP:
AUTHENTICATION_BACKENDS.insert(0, 'django_auth_ldap.backend.LDAPBackend') AUTHENTICATION_BACKENDS.insert(0, 'django_auth_ldap.backend.LDAPBackend')
AUTH_LDAP_SERVER_URI = CONFIG.AUTH_LDAP_SERVER_URI AUTH_LDAP_SERVER_URI = CONFIG.AUTH_LDAP_SERVER_URI
AUTH_LDAP_BIND_DN = CONFIG.AUTH_LDAP_BIND_DN AUTH_LDAP_BIND_DN = CONFIG.AUTH_LDAP_BIND_DN
AUTH_LDAP_BIND_PASSWORD = CONFIG.AUTH_LDAP_BIND_PASSWORD AUTH_LDAP_BIND_PASSWORD = CONFIG.AUTH_LDAP_BIND_PASSWORD
# AUTH_LDAP_USER_DN_TEMPLATE = CONFIG.AUTH_LDAP_USER_DN_TEMPLATE AUTH_LDAP_USER_SEARCH = LDAPSearch(
AUTH_LDAP_USER_SEARCH = LDAPSearch(
CONFIG.AUTH_LDAP_SEARCH_OU, CONFIG.AUTH_LDAP_SEARCH_OU,
ldap.SCOPE_SUBTREE, ldap.SCOPE_SUBTREE,
CONFIG.AUTH_LDAP_SEARCH_FILTER CONFIG.AUTH_LDAP_SEARCH_FILTER
) )
AUTH_LDAP_START_TLS = CONFIG.AUTH_LDAP_START_TLS AUTH_LDAP_START_TLS = CONFIG.AUTH_LDAP_START_TLS
AUTH_LDAP_USER_ATTR_MAP = CONFIG.AUTH_LDAP_USER_ATTR_MAP AUTH_LDAP_USER_ATTR_MAP = CONFIG.AUTH_LDAP_USER_ATTR_MAP
# Celery using redis as broker # Celery using redis as broker
BROKER_URL = 'redis://:%(password)s@%(host)s:%(port)s/3' % { BROKER_URL = 'redis://:%(password)s@%(host)s:%(port)s/3' % {
...@@ -360,9 +359,7 @@ CAPTCHA_FOREGROUND_COLOR = '#001100' ...@@ -360,9 +359,7 @@ CAPTCHA_FOREGROUND_COLOR = '#001100'
CAPTCHA_NOISE_FUNCTIONS = ('captcha.helpers.noise_dots',) CAPTCHA_NOISE_FUNCTIONS = ('captcha.helpers.noise_dots',)
CAPTCHA_TEST_MODE = CONFIG.CAPTCHA_TEST_MODE CAPTCHA_TEST_MODE = CONFIG.CAPTCHA_TEST_MODE
COMMAND_STORE_BACKEND = 'terminal.backends.command.db' COMMAND_STORAGE_BACKEND = 'terminal.backends.command.db'
REPLAY_STORE_BACKEND = 'terminal.backends.replay.db'
# Django bootstrap3 setting, more see http://django-bootstrap3.readthedocs.io/en/latest/settings.html # Django bootstrap3 setting, more see http://django-bootstrap3.readthedocs.io/en/latest/settings.html
BOOTSTRAP3 = { BOOTSTRAP3 = {
......
...@@ -6,7 +6,6 @@ import errno ...@@ -6,7 +6,6 @@ import errno
if __name__ == "__main__": if __name__ == "__main__":
try: try:
os.makedirs('../logs') os.makedirs('../logs')
os.makedirs('../sessions')
except: except:
pass pass
......
...@@ -5,8 +5,9 @@ from django.shortcuts import get_object_or_404 ...@@ -5,8 +5,9 @@ from django.shortcuts import get_object_or_404
from rest_framework.views import APIView, Response from rest_framework.views import APIView, Response
from rest_framework.generics import ListAPIView, get_object_or_404, RetrieveUpdateAPIView from rest_framework.generics import ListAPIView, get_object_or_404, RetrieveUpdateAPIView
from rest_framework import viewsets from rest_framework import viewsets
from users.permissions import IsValidUser, IsSuperUser, IsAppUser, IsSuperUserOrAppUser
from common.utils import get_object_or_none from common.utils import get_object_or_none
from users.permissions import IsValidUser, IsSuperUser, IsAppUser, IsSuperUserOrAppUser
from .utils import get_user_granted_assets, get_user_granted_asset_groups, \ from .utils import get_user_granted_assets, get_user_granted_asset_groups, \
get_user_asset_permissions, get_user_group_asset_permissions, \ get_user_asset_permissions, get_user_group_asset_permissions, \
get_user_group_granted_assets, get_user_group_granted_asset_groups get_user_group_granted_assets, get_user_group_granted_asset_groups
......
...@@ -4,7 +4,7 @@ from .command.serializers import SessionCommandSerializer ...@@ -4,7 +4,7 @@ from .command.serializers import SessionCommandSerializer
def get_command_store(): def get_command_store():
command_engine = import_module(settings.COMMAND_STORE_BACKEND) command_engine = import_module(settings.COMMAND_STORAGE_BACKEND)
command_store = command_engine.CommandStore() command_store = command_engine.CommandStore()
return command_store return command_store
...@@ -211,10 +211,11 @@ class User(AbstractUser): ...@@ -211,10 +211,11 @@ class User(AbstractUser):
@classmethod @classmethod
def create_app_user(cls, name, comment): def create_app_user(cls, name, comment):
from . import AccessKey from . import AccessKey
domain_name = settings.CONFIG.DOMAIN_NAME or 'jumpserver.org' app = cls.objects.create(
app = cls.objects.create(username=name, name=name, email='%s@%s' % (name, domain_name), is_active=False, username=name, name=name, email='%s@local.domain'.format(),
role='App', enable_otp=False, comment=comment, is_first_login=False, is_active=False, role='App', enable_otp=False, comment=comment,
created_by='System') is_first_login=False, created_by='System'
)
access_key = AccessKey.objects.create(user=app) access_key = AccessKey.objects.create(user=app)
return app, access_key return app, access_key
......
...@@ -24,7 +24,7 @@ class Config: ...@@ -24,7 +24,7 @@ class Config:
# It's used to identify your site, When we send a create mail to user, we only know login url is /login/ # It's used to identify your site, When we send a create mail to user, we only know login url is /login/
# But we should know the absolute url like: http://jms.jumpserver.org/login/, so SITE_URL is # But we should know the absolute url like: http://jms.jumpserver.org/login/, so SITE_URL is
# HTTP_PROTOCOL://HOST[:PORT] # HTTP_PROTOCOL://HOST[:PORT]
SITE_URL = 'http://localhost' SITE_URL = os.environ.get("SITE_URL") or 'http://localhost'
# Domain name, If set app email will set as it # Domain name, If set app email will set as it
DOMAIN_NAME = 'jumpserver.org' DOMAIN_NAME = 'jumpserver.org'
...@@ -33,10 +33,10 @@ class Config: ...@@ -33,10 +33,10 @@ class Config:
ALLOWED_HOSTS = ['*'] ALLOWED_HOSTS = ['*']
# Development env open this, when error occur display the full process track, Production disable it # Development env open this, when error occur display the full process track, Production disable it
DEBUG = True DEBUG = os.environ.get("DEBUG") or False
# DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/ # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
LOG_LEVEL = 'DEBUG' LOG_LEVEL = os.environ.get('INFO') or 'INFO'
# Database setting, Support sqlite3, mysql, postgres .... # Database setting, Support sqlite3, mysql, postgres ....
# See https://docs.djangoproject.com/en/1.10/ref/settings/#databases # See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
...@@ -113,50 +113,8 @@ class Config: ...@@ -113,50 +113,8 @@ class Config:
return None return None
class DevelopmentConfig(Config):
DEBUG = True
DISPLAY_PER_PAGE = 20
DB_ENGINE = 'sqlite'
DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
EMAIL_HOST = 'smtp.exmail.qq.com'
EMAIL_PORT = 465
EMAIL_HOST_USER = 'a@jumpserver.org'
EMAIL_HOST_PASSWORD = 'somepasswrd'
EMAIL_USE_SSL = True
EMAIL_USE_TLS = False
EMAIL_SUBJECT_PREFIX = '[Jumpserver] '
SITE_URL = 'http://localhost:8080'
class ProductionConfig(Config):
DEBUG = False
DB_ENGINE = 'mysql'
DB_HOST = '127.0.0.1'
DB_PORT = 3306
DB_USER = 'root'
DB_PASSWORD = ''
DB_NAME = 'jumpserver'
class DockerConfig(Config):
DB_ENGINE = 'sqlite'
DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
REDIS_HOST = os.environ.get('REDIS_HOST') or 'redis'
EMAIL_HOST = os.environ.get('EMAIL_HOST') or 'smtp.qq.com'
EMAIL_PORT = int(os.environ.get('EMAIL_PORT', 465))
EMAIL_HOST_USER = os.environ.get('EMAIL_HOST_USER') or 'admin'
EMAIL_HOST_PASSWORD = os.environ.get('EMAIL_HOST_PASSWORD') or 'somepasswrd'
EMAIL_USE_SSL = True if EMAIL_PORT == 465 else False
EMAIL_USE_TLS = True if EMAIL_PORT == 587 else False
EMAIL_SUBJECT_PREFIX = os.environ.get('EMAIL_SUBJECT_PREFIX') or '[Jumpserver] '
SITE_URL = os.environ.get('SITE_URL') or 'http://localhost:8080'
config = { config = {
'development': DevelopmentConfig, 'docker': Config,
'production': ProductionConfig,
'default': DevelopmentConfig,
'docker': DockerConfig,
} }
env = 'docker' env = 'docker'
...@@ -8,11 +8,8 @@ ...@@ -8,11 +8,8 @@
:license: GPL v2, see LICENSE for more details. :license: GPL v2, see LICENSE for more details.
""" """
import os import os
import ldap
from django_auth_ldap.config import LDAPSearch
BASE_DIR = os.path.dirname(os.path.abspath(__file__)) BASE_DIR = os.path.dirname(os.path.abspath(__file__))
LOG_DIR = os.path.join(BASE_DIR, 'logs')
class Config: class Config:
...@@ -20,7 +17,7 @@ class Config: ...@@ -20,7 +17,7 @@ class Config:
# SECURITY WARNING: keep the secret key used in production secret! # SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = os.environ.get('SECRET_KEY') or '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x' SECRET_KEY = os.environ.get('SECRET_KEY') or '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
# How many line display every page, default 25 # How many line display every page if using django pager, default 25
DISPLAY_PER_PAGE = 25 DISPLAY_PER_PAGE = 25
# It's used to identify your site, When we send a create mail to user, we only know login url is /login/ # It's used to identify your site, When we send a create mail to user, we only know login url is /login/
...@@ -28,9 +25,6 @@ class Config: ...@@ -28,9 +25,6 @@ class Config:
# HTTP_PROTOCOL://HOST[:PORT] # HTTP_PROTOCOL://HOST[:PORT]
SITE_URL = 'http://localhost' SITE_URL = 'http://localhost'
# Domain name, If set app email will set as it
DOMAIN_NAME = 'jumpserver.org'
# Django security setting, if your disable debug model, you should setting that # Django security setting, if your disable debug model, you should setting that
ALLOWED_HOSTS = ['*'] ALLOWED_HOSTS = ['*']
...@@ -39,15 +33,16 @@ class Config: ...@@ -39,15 +33,16 @@ class Config:
# DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/ # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
LOG_LEVEL = 'DEBUG' LOG_LEVEL = 'DEBUG'
LOG_DIR = os.path.join(BASE_DIR, 'logs')
# Database setting, Support sqlite3, mysql, postgres .... # Database setting, Support sqlite3, mysql, postgres ....
# See https://docs.djangoproject.com/en/1.10/ref/settings/#databases # See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
# Sqlite setting: # SQLite setting:
DATABASE_ENGINE = 'sqlite3' DB_ENGINE = 'sqlite3'
DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3') DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
# Mysql or postgres setting like: # MySQL or postgres setting like:
# DB_ENGINE = 'mysql' # DB_ENGINE = 'mysql'
# DB_HOST = '127.0.0.1' # DB_HOST = '127.0.0.1'
# DB_PORT = 3306 # DB_PORT = 3306
...@@ -55,12 +50,6 @@ class Config: ...@@ -55,12 +50,6 @@ class Config:
# DB_PASSWORD = '' # DB_PASSWORD = ''
# DB_NAME = 'jumpserver' # DB_NAME = 'jumpserver'
# When Django start it will bind this host and port
# ./manage.py runserver 127.0.0.1:8080
# Todo: Gunicorn or uwsgi run may be use it
HTTP_BIND_HOST = '0.0.0.0'
HTTP_LISTEN_PORT = 8080
# Use Redis as broker for celery and web socket # Use Redis as broker for celery and web socket
REDIS_HOST = '127.0.0.1' REDIS_HOST = '127.0.0.1'
REDIS_PORT = 6379 REDIS_PORT = 6379
...@@ -71,24 +60,20 @@ class Config: ...@@ -71,24 +60,20 @@ class Config:
'port': REDIS_PORT, 'port': REDIS_PORT,
} }
# Api token expiration when create # Api token expiration when create, Jumpserver refresh time when request arrive
TOKEN_EXPIRATION = 3600 TOKEN_EXPIRATION = 3600
# Session and csrf domain settings, If you deploy jumpserver,coco,luna standby, # Session and csrf domain settings
# So than share cookie, and you need use a same top-level domain name
# SESSION_COOKIE_DOMAIN = '.jms.com'
# CSRF_COOKIE_DOMAIN = '.jms.com'
SESSION_COOKIE_AGE = 3600*24 SESSION_COOKIE_AGE = 3600*24
# Email SMTP setting, we only support smtp send mail # Email SMTP setting, we only support smtp send mail
# EMAIL_HOST = 'smtp.qq.com' EMAIL_HOST = 'smtp.163.com'
# EMAIL_PORT = 25 EMAIL_PORT = 25
# EMAIL_HOST_USER = '' EMAIL_HOST_USER = ''
# EMAIL_HOST_PASSWORD = '' EMAIL_HOST_PASSWORD = '' # Caution: Some SMTP server using `Authorization Code` except password
# EMAIL_USE_SSL = False # If port is 465, set True EMAIL_USE_SSL = True if EMAIL_PORT == 465 else False
# EMAIL_USE_TLS = False # If port is 587, set True EMAIL_USE_TLS = True if EMAIL_PORT == 587 else False
# EMAIL_SUBJECT_PREFIX = '[Jumpserver] ' EMAIL_SUBJECT_PREFIX = '[Jumpserver] '
CAPTCHA_TEST_MODE = False CAPTCHA_TEST_MODE = False
...@@ -116,36 +101,8 @@ class Config: ...@@ -116,36 +101,8 @@ class Config:
return None return None
class DevelopmentConfig(Config):
DEBUG = True
DISPLAY_PER_PAGE = 20
DB_ENGINE = 'sqlite'
DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
EMAIL_HOST = 'smtp.exmail.qq.com'
EMAIL_PORT = 465
EMAIL_HOST_USER = 'a@jumpserver.org'
EMAIL_HOST_PASSWORD = 'somepasswrd'
EMAIL_USE_SSL = True
EMAIL_USE_TLS = False
EMAIL_SUBJECT_PREFIX = '[Jumpserver] '
SITE_URL = 'http://localhost:8080'
class ProductionConfig(Config):
DEBUG = False
DB_ENGINE = 'mysql'
DB_HOST = '127.0.0.1'
DB_PORT = 3306
DB_USER = 'root'
DB_PASSWORD = ''
DB_NAME = 'jumpserver'
config = { config = {
'development': DevelopmentConfig, 'default': Config,
'production': ProductionConfig,
'default': DevelopmentConfig,
} }
env = 'development' env = 'default'
...@@ -56,3 +56,4 @@ sshpubkeys==2.2.0 ...@@ -56,3 +56,4 @@ sshpubkeys==2.2.0
uritemplate==3.0.0 uritemplate==3.0.0
urllib3==1.22 urllib3==1.22
vine==1.1.4 vine==1.1.4
gunicorn==19.7.1
libtiff-devel libjpeg-devel libzip-devel freetype-devel lcms2-devel libwebp-devel tcl-devel tk-devel sshpass openldap-devel libtiff-devel libjpeg-devel libzip-devel freetype-devel lcms2-devel libwebp-devel tcl-devel tk-devel sshpass openldap-devel mysql-devel libffi-devel
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment