From d51b3eff6a1939e89e30d962645a88b0484cea51 Mon Sep 17 00:00:00 2001 From: ibuler Date: Thu, 21 Dec 2017 18:54:29 +0800 Subject: [PATCH] =?UTF-8?q?[Update]=20=E4=BF=AE=E6=94=B9settings=E5=92=8C?= =?UTF-8?q?=E9=85=8D=E7=BD=AE=E6=96=87=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .gitignore | 1 + Dockerfile | 7 +-- apps/jumpserver/settings.py | 69 ++++++++++----------- apps/manage.py | 1 - apps/perms/api.py | 3 +- apps/terminal/backends/__init__.py | 2 +- apps/users/models/user.py | 9 +-- config_docker.py | 50 ++------------- config_example.py | 75 +++++------------------ install/example.sh => data/media/.gitkeep | 0 requirements/requirements.txt | 1 + requirements/rpm_requirements.txt | 2 +- 12 files changed, 67 insertions(+), 153 deletions(-) mode change 100644 => 100755 apps/manage.py rename install/example.sh => data/media/.gitkeep (100%) diff --git a/.gitignore b/.gitignore index 89b6e1384..1cc61cd36 100644 --- a/.gitignore +++ b/.gitignore @@ -25,3 +25,4 @@ jumpserver.iml .python-version tmp/* sessions/* +media diff --git a/Dockerfile b/Dockerfile index 3e77af6f3..019b20510 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ -FROM jumpserver/python:v3.6.1 -LABEL MAINTAINER Jumpserver Team +FROM jumpserver/python:3 +MAINTAINER Jumpserver Team COPY . /opt/jumpserver @@ -7,9 +7,8 @@ WORKDIR /opt/jumpserver RUN yum -y install epel-release && yum clean all -y RUN cd requirements && yum -y install $(cat rpm_requirements.txt) && yum clean all -y -RUN cd requirements && pip install -r requirements.txt +RUN cd requirements && pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple -RUN rm -f data/db.sqlite3 RUN rm -r .git RUN rm -f config.py diff --git a/apps/jumpserver/settings.py b/apps/jumpserver/settings.py index a1c6bf388..040a92cc4 100644 --- a/apps/jumpserver/settings.py +++ b/apps/jumpserver/settings.py @@ -119,31 +119,31 @@ SESSION_COOKIE_DOMAIN = CONFIG.SESSION_COOKIE_DOMAIN or None CSRF_COOKIE_DOMAIN = CONFIG.CSRF_COOKIE_DOMAIN or None SESSION_COOKIE_AGE = CONFIG.SESSION_COOKIE_AGE or 3600*24 - MESSAGE_STORAGE = 'django.contrib.messages.storage.cookie.CookieStorage' # Database # https://docs.djangoproject.com/en/1.10/ref/settings/#databases -if CONFIG.DB_ENGINE == 'sqlite': - DATABASES = { - 'default': { - 'ENGINE': 'django.db.backends.sqlite3', - 'NAME': CONFIG.DB_NAME or os.path.join(BASE_DIR, 'data', 'db.sqlite3'), - 'ATOMIC_REQUESTS': True, - } - } -else: - DATABASES = { - 'default': { - 'ENGINE': 'django.db.backends.%s' % CONFIG.DB_ENGINE, - 'NAME': CONFIG.DB_NAME, - 'HOST': CONFIG.DB_HOST, - 'PORT': CONFIG.DB_PORT, - 'USER': CONFIG.DB_USER, - 'PASSWORD': CONFIG.DB_PASSWORD, - 'ATOMIC_REQUESTS': True, - } +# if CONFIG.DB_ENGINE == 'sqlite': +# DATABASES = { +# 'default': { +# 'ENGINE': 'django.db.backends.sqlite3', +# 'NAME': CONFIG.DB_NAME or os.path.join(BASE_DIR, 'data', 'db.sqlite3'), +# 'ATOMIC_REQUESTS': True, +# } +# } + +print(CONFIG.DB_ENGINE) +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.{}'.format(CONFIG.DB_ENGINE), + 'NAME': CONFIG.DB_NAME, + 'HOST': CONFIG.DB_HOST, + 'PORT': CONFIG.DB_PORT, + 'USER': CONFIG.DB_USER, + 'PASSWORD': CONFIG.DB_PASSWORD, + 'ATOMIC_REQUESTS': True, } +} # Password validation # https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators @@ -193,7 +193,7 @@ LOGGING = { 'level': 'DEBUG', 'class': 'logging.FileHandler', 'formatter': 'main', - 'filename': os.path.join(PROJECT_DIR, 'logs', 'jumpserver.log') + 'filename': os.path.join(CONFIG.LOG_DIR, 'jumpserver.log') }, 'ansible_logs': { 'level': 'DEBUG', @@ -275,7 +275,7 @@ MEDIA_ROOT = os.path.join(PROJECT_DIR, 'data', 'media').replace('\\', '/') + '/' # BOOTSTRAP_COLUMN_COUNT = 11 # Init data or generate fake data source for development -FIXTURE_DIRS = [os.path.join(BASE_DIR, 'fixtures'), ] +FIXTURE_DIRS = [os.path.join(BASE_DIR, 'fixtures'),] # Email config EMAIL_HOST = CONFIG.EMAIL_HOST @@ -313,17 +313,16 @@ AUTH_USER_MODEL = 'users.User' # Auth LDAP settings if CONFIG.AUTH_LDAP: AUTHENTICATION_BACKENDS.insert(0, 'django_auth_ldap.backend.LDAPBackend') -AUTH_LDAP_SERVER_URI = CONFIG.AUTH_LDAP_SERVER_URI -AUTH_LDAP_BIND_DN = CONFIG.AUTH_LDAP_BIND_DN -AUTH_LDAP_BIND_PASSWORD = CONFIG.AUTH_LDAP_BIND_PASSWORD -# AUTH_LDAP_USER_DN_TEMPLATE = CONFIG.AUTH_LDAP_USER_DN_TEMPLATE -AUTH_LDAP_USER_SEARCH = LDAPSearch( - CONFIG.AUTH_LDAP_SEARCH_OU, - ldap.SCOPE_SUBTREE, - CONFIG.AUTH_LDAP_SEARCH_FILTER -) -AUTH_LDAP_START_TLS = CONFIG.AUTH_LDAP_START_TLS -AUTH_LDAP_USER_ATTR_MAP = CONFIG.AUTH_LDAP_USER_ATTR_MAP + AUTH_LDAP_SERVER_URI = CONFIG.AUTH_LDAP_SERVER_URI + AUTH_LDAP_BIND_DN = CONFIG.AUTH_LDAP_BIND_DN + AUTH_LDAP_BIND_PASSWORD = CONFIG.AUTH_LDAP_BIND_PASSWORD + AUTH_LDAP_USER_SEARCH = LDAPSearch( + CONFIG.AUTH_LDAP_SEARCH_OU, + ldap.SCOPE_SUBTREE, + CONFIG.AUTH_LDAP_SEARCH_FILTER + ) + AUTH_LDAP_START_TLS = CONFIG.AUTH_LDAP_START_TLS + AUTH_LDAP_USER_ATTR_MAP = CONFIG.AUTH_LDAP_USER_ATTR_MAP # Celery using redis as broker BROKER_URL = 'redis://:%(password)s@%(host)s:%(port)s/3' % { @@ -360,9 +359,7 @@ CAPTCHA_FOREGROUND_COLOR = '#001100' CAPTCHA_NOISE_FUNCTIONS = ('captcha.helpers.noise_dots',) CAPTCHA_TEST_MODE = CONFIG.CAPTCHA_TEST_MODE -COMMAND_STORE_BACKEND = 'terminal.backends.command.db' -REPLAY_STORE_BACKEND = 'terminal.backends.replay.db' - +COMMAND_STORAGE_BACKEND = 'terminal.backends.command.db' # Django bootstrap3 setting, more see http://django-bootstrap3.readthedocs.io/en/latest/settings.html BOOTSTRAP3 = { diff --git a/apps/manage.py b/apps/manage.py old mode 100644 new mode 100755 index 4749e5693..d24c5fd38 --- a/apps/manage.py +++ b/apps/manage.py @@ -6,7 +6,6 @@ import errno if __name__ == "__main__": try: os.makedirs('../logs') - os.makedirs('../sessions') except: pass diff --git a/apps/perms/api.py b/apps/perms/api.py index b63d619b0..7a2a3b339 100644 --- a/apps/perms/api.py +++ b/apps/perms/api.py @@ -5,8 +5,9 @@ from django.shortcuts import get_object_or_404 from rest_framework.views import APIView, Response from rest_framework.generics import ListAPIView, get_object_or_404, RetrieveUpdateAPIView from rest_framework import viewsets -from users.permissions import IsValidUser, IsSuperUser, IsAppUser, IsSuperUserOrAppUser + from common.utils import get_object_or_none +from users.permissions import IsValidUser, IsSuperUser, IsAppUser, IsSuperUserOrAppUser from .utils import get_user_granted_assets, get_user_granted_asset_groups, \ get_user_asset_permissions, get_user_group_asset_permissions, \ get_user_group_granted_assets, get_user_group_granted_asset_groups diff --git a/apps/terminal/backends/__init__.py b/apps/terminal/backends/__init__.py index 3696db49b..6baaed3c4 100644 --- a/apps/terminal/backends/__init__.py +++ b/apps/terminal/backends/__init__.py @@ -4,7 +4,7 @@ from .command.serializers import SessionCommandSerializer def get_command_store(): - command_engine = import_module(settings.COMMAND_STORE_BACKEND) + command_engine = import_module(settings.COMMAND_STORAGE_BACKEND) command_store = command_engine.CommandStore() return command_store diff --git a/apps/users/models/user.py b/apps/users/models/user.py index 81faccf6c..eedb9786f 100644 --- a/apps/users/models/user.py +++ b/apps/users/models/user.py @@ -211,10 +211,11 @@ class User(AbstractUser): @classmethod def create_app_user(cls, name, comment): from . import AccessKey - domain_name = settings.CONFIG.DOMAIN_NAME or 'jumpserver.org' - app = cls.objects.create(username=name, name=name, email='%s@%s' % (name, domain_name), is_active=False, - role='App', enable_otp=False, comment=comment, is_first_login=False, - created_by='System') + app = cls.objects.create( + username=name, name=name, email='%s@local.domain'.format(), + is_active=False, role='App', enable_otp=False, comment=comment, + is_first_login=False, created_by='System' + ) access_key = AccessKey.objects.create(user=app) return app, access_key diff --git a/config_docker.py b/config_docker.py index 9208d855f..d23dbe4a1 100644 --- a/config_docker.py +++ b/config_docker.py @@ -24,7 +24,7 @@ class Config: # It's used to identify your site, When we send a create mail to user, we only know login url is /login/ # But we should know the absolute url like: http://jms.jumpserver.org/login/, so SITE_URL is # HTTP_PROTOCOL://HOST[:PORT] - SITE_URL = 'http://localhost' + SITE_URL = os.environ.get("SITE_URL") or 'http://localhost' # Domain name, If set app email will set as it DOMAIN_NAME = 'jumpserver.org' @@ -33,10 +33,10 @@ class Config: ALLOWED_HOSTS = ['*'] # Development env open this, when error occur display the full process track, Production disable it - DEBUG = True + DEBUG = os.environ.get("DEBUG") or False # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/ - LOG_LEVEL = 'DEBUG' + LOG_LEVEL = os.environ.get('INFO') or 'INFO' # Database setting, Support sqlite3, mysql, postgres .... # See https://docs.djangoproject.com/en/1.10/ref/settings/#databases @@ -113,50 +113,8 @@ class Config: return None -class DevelopmentConfig(Config): - DEBUG = True - DISPLAY_PER_PAGE = 20 - DB_ENGINE = 'sqlite' - DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3') - EMAIL_HOST = 'smtp.exmail.qq.com' - EMAIL_PORT = 465 - EMAIL_HOST_USER = 'a@jumpserver.org' - EMAIL_HOST_PASSWORD = 'somepasswrd' - EMAIL_USE_SSL = True - EMAIL_USE_TLS = False - EMAIL_SUBJECT_PREFIX = '[Jumpserver] ' - SITE_URL = 'http://localhost:8080' - - -class ProductionConfig(Config): - DEBUG = False - DB_ENGINE = 'mysql' - DB_HOST = '127.0.0.1' - DB_PORT = 3306 - DB_USER = 'root' - DB_PASSWORD = '' - DB_NAME = 'jumpserver' - - -class DockerConfig(Config): - DB_ENGINE = 'sqlite' - DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3') - REDIS_HOST = os.environ.get('REDIS_HOST') or 'redis' - EMAIL_HOST = os.environ.get('EMAIL_HOST') or 'smtp.qq.com' - EMAIL_PORT = int(os.environ.get('EMAIL_PORT', 465)) - EMAIL_HOST_USER = os.environ.get('EMAIL_HOST_USER') or 'admin' - EMAIL_HOST_PASSWORD = os.environ.get('EMAIL_HOST_PASSWORD') or 'somepasswrd' - EMAIL_USE_SSL = True if EMAIL_PORT == 465 else False - EMAIL_USE_TLS = True if EMAIL_PORT == 587 else False - EMAIL_SUBJECT_PREFIX = os.environ.get('EMAIL_SUBJECT_PREFIX') or '[Jumpserver] ' - SITE_URL = os.environ.get('SITE_URL') or 'http://localhost:8080' - - config = { - 'development': DevelopmentConfig, - 'production': ProductionConfig, - 'default': DevelopmentConfig, - 'docker': DockerConfig, + 'docker': Config, } env = 'docker' diff --git a/config_example.py b/config_example.py index f209ee261..95c6414c6 100644 --- a/config_example.py +++ b/config_example.py @@ -8,11 +8,8 @@ :license: GPL v2, see LICENSE for more details. """ import os -import ldap -from django_auth_ldap.config import LDAPSearch BASE_DIR = os.path.dirname(os.path.abspath(__file__)) -LOG_DIR = os.path.join(BASE_DIR, 'logs') class Config: @@ -20,7 +17,7 @@ class Config: # SECURITY WARNING: keep the secret key used in production secret! SECRET_KEY = os.environ.get('SECRET_KEY') or '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x' - # How many line display every page, default 25 + # How many line display every page if using django pager, default 25 DISPLAY_PER_PAGE = 25 # It's used to identify your site, When we send a create mail to user, we only know login url is /login/ @@ -28,9 +25,6 @@ class Config: # HTTP_PROTOCOL://HOST[:PORT] SITE_URL = 'http://localhost' - # Domain name, If set app email will set as it - DOMAIN_NAME = 'jumpserver.org' - # Django security setting, if your disable debug model, you should setting that ALLOWED_HOSTS = ['*'] @@ -39,15 +33,16 @@ class Config: # DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/ LOG_LEVEL = 'DEBUG' + LOG_DIR = os.path.join(BASE_DIR, 'logs') # Database setting, Support sqlite3, mysql, postgres .... # See https://docs.djangoproject.com/en/1.10/ref/settings/#databases - # Sqlite setting: - DATABASE_ENGINE = 'sqlite3' + # SQLite setting: + DB_ENGINE = 'sqlite3' DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3') - # Mysql or postgres setting like: + # MySQL or postgres setting like: # DB_ENGINE = 'mysql' # DB_HOST = '127.0.0.1' # DB_PORT = 3306 @@ -55,12 +50,6 @@ class Config: # DB_PASSWORD = '' # DB_NAME = 'jumpserver' - # When Django start it will bind this host and port - # ./manage.py runserver 127.0.0.1:8080 - # Todo: Gunicorn or uwsgi run may be use it - HTTP_BIND_HOST = '0.0.0.0' - HTTP_LISTEN_PORT = 8080 - # Use Redis as broker for celery and web socket REDIS_HOST = '127.0.0.1' REDIS_PORT = 6379 @@ -71,24 +60,20 @@ class Config: 'port': REDIS_PORT, } - # Api token expiration when create + # Api token expiration when create, Jumpserver refresh time when request arrive TOKEN_EXPIRATION = 3600 - # Session and csrf domain settings, If you deploy jumpserver,coco,luna standby, - # So than share cookie, and you need use a same top-level domain name - - # SESSION_COOKIE_DOMAIN = '.jms.com' - # CSRF_COOKIE_DOMAIN = '.jms.com' + # Session and csrf domain settings SESSION_COOKIE_AGE = 3600*24 # Email SMTP setting, we only support smtp send mail - # EMAIL_HOST = 'smtp.qq.com' - # EMAIL_PORT = 25 - # EMAIL_HOST_USER = '' - # EMAIL_HOST_PASSWORD = '' - # EMAIL_USE_SSL = False # If port is 465, set True - # EMAIL_USE_TLS = False # If port is 587, set True - # EMAIL_SUBJECT_PREFIX = '[Jumpserver] ' + EMAIL_HOST = 'smtp.163.com' + EMAIL_PORT = 25 + EMAIL_HOST_USER = '' + EMAIL_HOST_PASSWORD = '' # Caution: Some SMTP server using `Authorization Code` except password + EMAIL_USE_SSL = True if EMAIL_PORT == 465 else False + EMAIL_USE_TLS = True if EMAIL_PORT == 587 else False + EMAIL_SUBJECT_PREFIX = '[Jumpserver] ' CAPTCHA_TEST_MODE = False @@ -116,36 +101,8 @@ class Config: return None -class DevelopmentConfig(Config): - DEBUG = True - DISPLAY_PER_PAGE = 20 - DB_ENGINE = 'sqlite' - DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3') - EMAIL_HOST = 'smtp.exmail.qq.com' - EMAIL_PORT = 465 - EMAIL_HOST_USER = 'a@jumpserver.org' - EMAIL_HOST_PASSWORD = 'somepasswrd' - EMAIL_USE_SSL = True - EMAIL_USE_TLS = False - EMAIL_SUBJECT_PREFIX = '[Jumpserver] ' - SITE_URL = 'http://localhost:8080' - - -class ProductionConfig(Config): - DEBUG = False - DB_ENGINE = 'mysql' - DB_HOST = '127.0.0.1' - DB_PORT = 3306 - DB_USER = 'root' - DB_PASSWORD = '' - DB_NAME = 'jumpserver' - - config = { - 'development': DevelopmentConfig, - 'production': ProductionConfig, - - 'default': DevelopmentConfig, + 'default': Config, } -env = 'development' +env = 'default' diff --git a/install/example.sh b/data/media/.gitkeep similarity index 100% rename from install/example.sh rename to data/media/.gitkeep diff --git a/requirements/requirements.txt b/requirements/requirements.txt index 293c97fea..b25089107 100644 --- a/requirements/requirements.txt +++ b/requirements/requirements.txt @@ -56,3 +56,4 @@ sshpubkeys==2.2.0 uritemplate==3.0.0 urllib3==1.22 vine==1.1.4 +gunicorn==19.7.1 diff --git a/requirements/rpm_requirements.txt b/requirements/rpm_requirements.txt index 4a0d6c029..664c67228 100644 --- a/requirements/rpm_requirements.txt +++ b/requirements/rpm_requirements.txt @@ -1 +1 @@ -libtiff-devel libjpeg-devel libzip-devel freetype-devel lcms2-devel libwebp-devel tcl-devel tk-devel sshpass openldap-devel +libtiff-devel libjpeg-devel libzip-devel freetype-devel lcms2-devel libwebp-devel tcl-devel tk-devel sshpass openldap-devel mysql-devel libffi-devel -- GitLab