From 835706f780b734dc1e7154205d2c33bee331bbb2 Mon Sep 17 00:00:00 2001 From: yumaojun <719118794@qq.com> Date: Thu, 25 Feb 2016 11:59:29 +0800 Subject: [PATCH 1/3] =?UTF-8?q?fix=20(jperm.view):=20=20=E4=BF=AE=E5=A4=8D?= =?UTF-8?q?=E5=9B=9E=E6=94=B6=E4=B8=BB=E6=9C=BA=E6=97=B6,=E3=80=80?= =?UTF-8?q?=E6=9C=AA=E4=BF=AE=E6=94=B9sudoers=E6=96=87=E4=BB=B6=E7=9A=84bu?= =?UTF-8?q?g?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 1. 恢复ansible 使用的 连接器配置未 smart 2. 修改perm_role_recycle 删除, 添加回收sudo配置. --- jperm/ansible_api.py | 2 +- jperm/views.py | 11 +++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/jperm/ansible_api.py b/jperm/ansible_api.py index 20725908c..0b63b48f8 100644 --- a/jperm/ansible_api.py +++ b/jperm/ansible_api.py @@ -125,7 +125,7 @@ class MyRunner(MyInventory): self.results_raw = {} def run(self, module_name='shell', module_args='', timeout=10, forks=10, pattern='*', - become=False, become_method='sudo', become_user='root', become_pass='', transport='paramiko'): + become=False, become_method='sudo', become_user='root', become_pass='', transport='smart'): """ run module from andible ad-hoc. module_name: ansible module_name diff --git a/jperm/views.py b/jperm/views.py index d9d19da74..d7207b698 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -1,4 +1,5 @@ # -*- coding: utf-8 -*- +from __future__ import unicode_literals from django.db.models import Q from django.http import HttpResponseBadRequest, HttpResponseNotAllowed @@ -705,8 +706,14 @@ def perm_role_recycle(request): recycle_assets.append(asset) recycle_resource = gen_resource(recycle_assets) task = MyTask(recycle_resource) - # TODO: 判断返回结果,处理异常 - msg = task.del_user(get_object(PermRole, id=role_id).name) + try: + msg_del_user = task.del_user(get_object(PermRole, id=role_id).name) + msg_del_sudo = task.del_user_sudo(get_object(PermRole, id=role_id).name) + logger.info("recycle user msg: %s" % msg_del_user) + logger.info("recycle sudo msg: %s" % msg_del_sudo) + except Exception, e: + logger.warning("Recycle Role failed: %s" % e) + raise ServerError(u"回收已推送的系统用户失败: %s" % e) for asset_id in asset_ids: asset = get_object(Asset, id=asset_id) From e8db8addd7cf4fbb50dc00c02f1d3fd6d0843e78 Mon Sep 17 00:00:00 2001 From: yumaojun <719118794@qq.com> Date: Thu, 25 Feb 2016 13:26:18 +0800 Subject: [PATCH 2/3] =?UTF-8?q?fix=20(service.sh):=20=20ubuntu=20service.s?= =?UTF-8?q?h=20=E8=84=9A=E6=9C=AC=E4=B8=8D=E5=8F=AF=E7=94=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 由于service.sh 脚本依赖外部的函数库 /etc/init.d/functions, 而ubuntu 和其他一起系统并没有这个文件,所以直接把 这个文件copy 到了当前目录下 不在依赖外部环境。 --- functions | 594 +++++++++++++++++++++++++++++++++++++++++++++++++++++ service.sh | 9 +- 2 files changed, 601 insertions(+), 2 deletions(-) create mode 100644 functions diff --git a/functions b/functions new file mode 100644 index 000000000..8c4d25730 --- /dev/null +++ b/functions @@ -0,0 +1,594 @@ +# -*-Shell-script-*- +# +# functions This file contains functions to be used by most or all +# shell scripts in the /etc/init.d directory. +# + +TEXTDOMAIN=initscripts + +# Make sure umask is sane +umask 022 + +# Set up a default search path. +PATH="/sbin:/usr/sbin:/bin:/usr/bin" +export PATH + +if [ $PPID -ne 1 -a -z "$SYSTEMCTL_SKIP_REDIRECT" ] && \ + ( /bin/mountpoint -q /cgroup/systemd || /bin/mountpoint -q /sys/fs/cgroup/systemd ) ; then + case "$0" in + /etc/init.d/*|/etc/rc.d/init.d/*) + _use_systemctl=1 + ;; + esac +fi + +systemctl_redirect () { + local s + local prog=${1##*/} + local command=$2 + local options="" + + case "$command" in + start) + s=$"Starting $prog (via systemctl): " + ;; + stop) + s=$"Stopping $prog (via systemctl): " + ;; + reload|try-reload) + s=$"Reloading $prog configuration (via systemctl): " + ;; + restart|try-restart|condrestart) + s=$"Restarting $prog (via systemctl): " + ;; + esac + + if [ -n "$SYSTEMCTL_IGNORE_DEPENDENCIES" ] ; then + options="--ignore-dependencies" + fi + + action "$s" /bin/systemctl $options $command "$prog.service" +} + +# Get a sane screen width +[ -z "${COLUMNS:-}" ] && COLUMNS=80 + +if [ -z "${CONSOLETYPE:-}" ]; then + if [ -c "/dev/stderr" -a -r "/dev/stderr" ]; then + CONSOLETYPE="$(/sbin/consoletype < /dev/stderr 2>/dev/null)" + else + CONSOLETYPE="serial" + fi +fi + +if [ -z "${NOLOCALE:-}" ] && [ -z "${LANGSH_SOURCED:-}" ] && [ -f /etc/sysconfig/i18n -o -f /etc/locale.conf ] ; then + . /etc/profile.d/lang.sh 2>/dev/null + # avoid propagating LANGSH_SOURCED any further + unset LANGSH_SOURCED +fi + +# Read in our configuration +if [ -z "${BOOTUP:-}" ]; then + if [ -f /etc/sysconfig/init ]; then + . /etc/sysconfig/init + else + # This all seem confusing? Look in /etc/sysconfig/init, + # or in /usr/share/doc/initscripts-*/sysconfig.txt + BOOTUP=color + RES_COL=60 + MOVE_TO_COL="echo -en \\033[${RES_COL}G" + SETCOLOR_SUCCESS="echo -en \\033[1;32m" + SETCOLOR_FAILURE="echo -en \\033[1;31m" + SETCOLOR_WARNING="echo -en \\033[1;33m" + SETCOLOR_NORMAL="echo -en \\033[0;39m" + LOGLEVEL=1 + fi + if [ "$CONSOLETYPE" = "serial" ]; then + BOOTUP=serial + MOVE_TO_COL= + SETCOLOR_SUCCESS= + SETCOLOR_FAILURE= + SETCOLOR_WARNING= + SETCOLOR_NORMAL= + fi +fi + +# Check if any of $pid (could be plural) are running +checkpid() { + local i + + for i in $* ; do + [ -d "/proc/$i" ] && return 0 + done + return 1 +} + +# __proc_pids {program} [pidfile] +# Set $pid to pids from /var/run* for {program}. $pid should be declared +# local in the caller. +# Returns LSB exit code for the 'status' action. +__pids_var_run() { + local base=${1##*/} + local pid_file=${2:-/var/run/$base.pid} + + pid= + if [ -f "$pid_file" ] ; then + local line p + + [ ! -r "$pid_file" ] && return 4 # "user had insufficient privilege" + while : ; do + read line + [ -z "$line" ] && break + for p in $line ; do + [ -z "${p//[0-9]/}" ] && [ -d "/proc/$p" ] && pid="$pid $p" + done + done < "$pid_file" + + if [ -n "$pid" ]; then + return 0 + fi + return 1 # "Program is dead and /var/run pid file exists" + fi + return 3 # "Program is not running" +} + +# Output PIDs of matching processes, found using pidof +__pids_pidof() { + pidof -c -m -o $$ -o $PPID -o %PPID -x "$1" || \ + pidof -c -m -o $$ -o $PPID -o %PPID -x "${1##*/}" +} + + +# A function to start a program. +daemon() { + # Test syntax. + local gotbase= force= nicelevel corelimit + local pid base= user= nice= bg= pid_file= + local cgroup= + nicelevel=0 + while [ "$1" != "${1##[-+]}" ]; do + case $1 in + '') echo $"$0: Usage: daemon [+/-nicelevel] {program}" + return 1;; + --check) + base=$2 + gotbase="yes" + shift 2 + ;; + --check=?*) + base=${1#--check=} + gotbase="yes" + shift + ;; + --user) + user=$2 + shift 2 + ;; + --user=?*) + user=${1#--user=} + shift + ;; + --pidfile) + pid_file=$2 + shift 2 + ;; + --pidfile=?*) + pid_file=${1#--pidfile=} + shift + ;; + --force) + force="force" + shift + ;; + [-+][0-9]*) + nice="nice -n $1" + shift + ;; + *) echo $"$0: Usage: daemon [+/-nicelevel] {program}" + return 1;; + esac + done + + # Save basename. + [ -z "$gotbase" ] && base=${1##*/} + + # See if it's already running. Look *only* at the pid file. + __pids_var_run "$base" "$pid_file" + + [ -n "$pid" -a -z "$force" ] && return + + # make sure it doesn't core dump anywhere unless requested + corelimit="ulimit -S -c ${DAEMON_COREFILE_LIMIT:-0}" + + # if they set NICELEVEL in /etc/sysconfig/foo, honor it + [ -n "${NICELEVEL:-}" ] && nice="nice -n $NICELEVEL" + + # if they set CGROUP_DAEMON in /etc/sysconfig/foo, honor it + if [ -n "${CGROUP_DAEMON}" ]; then + if [ ! -x /bin/cgexec ]; then + echo -n "Cgroups not installed"; warning + echo + else + cgroup="/bin/cgexec"; + for i in $CGROUP_DAEMON; do + cgroup="$cgroup -g $i"; + done + fi + fi + + # Echo daemon + [ "${BOOTUP:-}" = "verbose" -a -z "${LSB:-}" ] && echo -n " $base" + + # And start it up. + if [ -z "$user" ]; then + $cgroup $nice /bin/bash -c "$corelimit >/dev/null 2>&1 ; $*" + else + $cgroup $nice runuser -s /bin/bash $user -c "$corelimit >/dev/null 2>&1 ; $*" + fi + + [ "$?" -eq 0 ] && success $"$base startup" || failure $"$base startup" +} + +# A function to stop a program. +killproc() { + local RC killlevel= base pid pid_file= delay try + + RC=0; delay=3; try=0 + # Test syntax. + if [ "$#" -eq 0 ]; then + echo $"Usage: killproc [-p pidfile] [ -d delay] {program} [-signal]" + return 1 + fi + if [ "$1" = "-p" ]; then + pid_file=$2 + shift 2 + fi + if [ "$1" = "-d" ]; then + delay=$(echo $2 | awk -v RS=' ' -v IGNORECASE=1 '{if($1!~/^[0-9.]+[smhd]?$/) exit 1;d=$1~/s$|^[0-9.]*$/?1:$1~/m$/?60:$1~/h$/?60*60:$1~/d$/?24*60*60:-1;if(d==-1) exit 1;delay+=d*$1} END {printf("%d",delay+0.5)}') + if [ "$?" -eq 1 ]; then + echo $"Usage: killproc [-p pidfile] [ -d delay] {program} [-signal]" + return 1 + fi + shift 2 + fi + + + # check for second arg to be kill level + [ -n "${2:-}" ] && killlevel=$2 + + # Save basename. + base=${1##*/} + + # Find pid. + __pids_var_run "$1" "$pid_file" + RC=$? + if [ -z "$pid" ]; then + if [ -z "$pid_file" ]; then + pid="$(__pids_pidof "$1")" + else + [ "$RC" = "4" ] && { failure $"$base shutdown" ; return $RC ;} + fi + fi + + # Kill it. + if [ -n "$pid" ] ; then + [ "$BOOTUP" = "verbose" -a -z "${LSB:-}" ] && echo -n "$base " + if [ -z "$killlevel" ] ; then + if checkpid $pid 2>&1; then + # TERM first, then KILL if not dead + kill -TERM $pid >/dev/null 2>&1 + usleep 50000 + if checkpid $pid ; then + try=0 + while [ $try -lt $delay ] ; do + checkpid $pid || break + sleep 1 + let try+=1 + done + if checkpid $pid ; then + kill -KILL $pid >/dev/null 2>&1 + usleep 50000 + fi + fi + fi + checkpid $pid + RC=$? + [ "$RC" -eq 0 ] && failure $"$base shutdown" || success $"$base shutdown" + RC=$((! $RC)) + # use specified level only + else + if checkpid $pid; then + kill $killlevel $pid >/dev/null 2>&1 + RC=$? + [ "$RC" -eq 0 ] && success $"$base $killlevel" || failure $"$base $killlevel" + elif [ -n "${LSB:-}" ]; then + RC=7 # Program is not running + fi + fi + else + if [ -n "${LSB:-}" -a -n "$killlevel" ]; then + RC=7 # Program is not running + else + failure $"$base shutdown" + RC=0 + fi + fi + + # Remove pid file if any. + if [ -z "$killlevel" ]; then + rm -f "${pid_file:-/var/run/$base.pid}" + fi + return $RC +} + +# A function to find the pid of a program. Looks *only* at the pidfile +pidfileofproc() { + local pid + + # Test syntax. + if [ "$#" = 0 ] ; then + echo $"Usage: pidfileofproc {program}" + return 1 + fi + + __pids_var_run "$1" + [ -n "$pid" ] && echo $pid + return 0 +} + +# A function to find the pid of a program. +pidofproc() { + local RC pid pid_file= + + # Test syntax. + if [ "$#" = 0 ]; then + echo $"Usage: pidofproc [-p pidfile] {program}" + return 1 + fi + if [ "$1" = "-p" ]; then + pid_file=$2 + shift 2 + fi + fail_code=3 # "Program is not running" + + # First try "/var/run/*.pid" files + __pids_var_run "$1" "$pid_file" + RC=$? + if [ -n "$pid" ]; then + echo $pid + return 0 + fi + + [ -n "$pid_file" ] && return $RC + __pids_pidof "$1" || return $RC +} + +status() { + local base pid lock_file= pid_file= + + # Test syntax. + if [ "$#" = 0 ] ; then + echo $"Usage: status [-p pidfile] {program}" + return 1 + fi + if [ "$1" = "-p" ]; then + pid_file=$2 + shift 2 + fi + if [ "$1" = "-l" ]; then + lock_file=$2 + shift 2 + fi + base=${1##*/} + + if [ "$_use_systemctl" = "1" ]; then + systemctl status ${0##*/}.service + return $? + fi + + # First try "pidof" + __pids_var_run "$1" "$pid_file" + RC=$? + if [ -z "$pid_file" -a -z "$pid" ]; then + pid="$(__pids_pidof "$1")" + fi + if [ -n "$pid" ]; then + echo $"${base} (pid $pid) is running..." + return 0 + fi + + case "$RC" in + 0) + echo $"${base} (pid $pid) is running..." + return 0 + ;; + 1) + echo $"${base} dead but pid file exists" + return 1 + ;; + 4) + echo $"${base} status unknown due to insufficient privileges." + return 4 + ;; + esac + if [ -z "${lock_file}" ]; then + lock_file=${base} + fi + # See if /var/lock/subsys/${lock_file} exists + if [ -f /var/lock/subsys/${lock_file} ]; then + echo $"${base} dead but subsys locked" + return 2 + fi + echo $"${base} is stopped" + return 3 +} + +echo_success() { + [ "$BOOTUP" = "color" ] && $MOVE_TO_COL + echo -n "[" + [ "$BOOTUP" = "color" ] && $SETCOLOR_SUCCESS + echo -n $" OK " + [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL + echo -n "]" + echo -ne "\r" + return 0 +} + +echo_failure() { + [ "$BOOTUP" = "color" ] && $MOVE_TO_COL + echo -n "[" + [ "$BOOTUP" = "color" ] && $SETCOLOR_FAILURE + echo -n $"FAILED" + [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL + echo -n "]" + echo -ne "\r" + return 1 +} + +echo_passed() { + [ "$BOOTUP" = "color" ] && $MOVE_TO_COL + echo -n "[" + [ "$BOOTUP" = "color" ] && $SETCOLOR_WARNING + echo -n $"PASSED" + [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL + echo -n "]" + echo -ne "\r" + return 1 +} + +echo_warning() { + [ "$BOOTUP" = "color" ] && $MOVE_TO_COL + echo -n "[" + [ "$BOOTUP" = "color" ] && $SETCOLOR_WARNING + echo -n $"WARNING" + [ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL + echo -n "]" + echo -ne "\r" + return 1 +} + +# Inform the graphical boot of our current state +update_boot_stage() { + if [ -x /bin/plymouth ]; then + /bin/plymouth --update="$1" + fi + return 0 +} + +# Log that something succeeded +success() { + [ "$BOOTUP" != "verbose" -a -z "${LSB:-}" ] && echo_success + return 0 +} + +# Log that something failed +failure() { + local rc=$? + [ "$BOOTUP" != "verbose" -a -z "${LSB:-}" ] && echo_failure + [ -x /bin/plymouth ] && /bin/plymouth --details + return $rc +} + +# Log that something passed, but may have had errors. Useful for fsck +passed() { + local rc=$? + [ "$BOOTUP" != "verbose" -a -z "${LSB:-}" ] && echo_passed + return $rc +} + +# Log a warning +warning() { + local rc=$? + [ "$BOOTUP" != "verbose" -a -z "${LSB:-}" ] && echo_warning + return $rc +} + +# Run some action. Log its output. +action() { + local STRING rc + + STRING=$1 + echo -n "$STRING " + shift + "$@" && success $"$STRING" || failure $"$STRING" + rc=$? + echo + return $rc +} + +# returns OK if $1 contains $2 +strstr() { + [ "${1#*$2*}" = "$1" ] && return 1 + return 0 +} + +# Check whether file $1 is a backup or rpm-generated file and should be ignored +is_ignored_file() { + case "$1" in + *~ | *.bak | *.orig | *.rpmnew | *.rpmorig | *.rpmsave) + return 0 + ;; + esac + return 1 +} + +# Evaluate shvar-style booleans +is_true() { + case "$1" in + [tT] | [yY] | [yY][eE][sS] | [tT][rR][uU][eE]) + return 0 + ;; + esac + return 1 +} + +# Evaluate shvar-style booleans +is_false() { + case "$1" in + [fF] | [nN] | [nN][oO] | [fF][aA][lL][sS][eE]) + return 0 + ;; + esac + return 1 +} + +# Apply sysctl settings, including files in /etc/sysctl.d +apply_sysctl() { + if [ -x /lib/systemd/systemd-sysctl ]; then + /lib/systemd/systemd-sysctl + else + for file in /usr/lib/sysctl.d/*.conf ; do + is_ignored_file "$file" && continue + [ -f /run/sysctl.d/${file##*/} ] && continue + [ -f /etc/sysctl.d/${file##*/} ] && continue + test -f "$file" && sysctl -e -p "$file" >/dev/null 2>&1 + done + for file in /run/sysctl.d/*.conf ; do + is_ignored_file "$file" && continue + [ -f /etc/sysctl.d/${file##*/} ] && continue + test -f "$file" && sysctl -e -p "$file" >/dev/null 2>&1 + done + for file in /etc/sysctl.d/*.conf ; do + is_ignored_file "$file" && continue + test -f "$file" && sysctl -e -p "$file" >/dev/null 2>&1 + done + sysctl -e -p /etc/sysctl.conf >/dev/null 2>&1 + fi +} + +# A sed expression to filter out the files that is_ignored_file recognizes +__sed_discard_ignored_files='/\(~\|\.bak\|\.orig\|\.rpmnew\|\.rpmorig\|\.rpmsave\)$/d' + +if [ "$_use_systemctl" = "1" ]; then + if [ "x$1" = xstart -o \ + "x$1" = xstop -o \ + "x$1" = xrestart -o \ + "x$1" = xreload -o \ + "x$1" = xtry-restart -o \ + "x$1" = xforce-reload -o \ + "x$1" = xcondrestart ] ; then + + systemctl_redirect $0 $1 + exit $? + fi +fi diff --git a/service.sh b/service.sh index 3eca1bf05..9bbbf2f9a 100755 --- a/service.sh +++ b/service.sh @@ -9,10 +9,15 @@ # Site: http://www.jumpserver.org # Author: Jumpserver Team -. /etc/init.d/functions +base_dir=$(dirname $0) + +. ${base_dir}/functions export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/opt/node/bin -base_dir=$(dirname $0) + + + + PROC_NAME="jumpsever" lockfile=/var/lock/subsys/${PROC_NAME} From 8aec0c1ac72b480d26690a48a065c759a31d0345 Mon Sep 17 00:00:00 2001 From: yumaojun <719118794@qq.com> Date: Fri, 26 Feb 2016 14:13:21 +0800 Subject: [PATCH 3/3] fix (install jumpserver): install jumpserver compatible with ubuntu 1. install.py add platform judge, fix get_ip_addr function 2. next.py little adjust 3. service.sh little adjust --- install/install.py | 109 ++++++++++++++++++++++++++++++--------------- install/next.py | 5 ++- service.sh | 93 ++++++++++++++++++++------------------ 3 files changed, 125 insertions(+), 82 deletions(-) diff --git a/install/install.py b/install/install.py index c5765ff12..bb3b2027e 100755 --- a/install/install.py +++ b/install/install.py @@ -5,16 +5,15 @@ import subprocess import time import os import sys -import MySQLdb from smtplib import SMTP, SMTPAuthenticationError, SMTPConnectError, SMTPSenderRefused import ConfigParser import socket -import fcntl -import struct -import readline import random import string +import re +import platform + jms_dir = os.path.dirname(os.path.abspath(os.path.dirname(__file__))) sys.path.append(jms_dir) @@ -27,6 +26,13 @@ def bash(cmd): return subprocess.call(cmd, shell=True) +def valid_ip(ip): + if ('255' in ip) or (ip == "0.0.0.0"): + return False + else: + return True + + def color_print(msg, color='red', exits=False): """ Print colorful string. @@ -46,18 +52,17 @@ def color_print(msg, color='red', exits=False): return msg -def get_ip_addr(ifname='eth0'): +def get_ip_addr(): try: s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) - return socket.inet_ntoa(fcntl.ioctl( - s.fileno(), - 0x8915, - struct.pack('256s', ifname[:15]) - )[20:24]) - except: - ips = os.popen("LANG=C ifconfig | grep \"inet addr\" | grep -v \"127.0.0.1\" | awk -F \":\" '{print $2}' | awk '{print $1}'").readlines() - if len(ips) > 0: - return ips[0] + s.connect(("8.8.8.8", 80)) + return s.getsockname()[0] + except Exception: + if_data = ''.join(os.popen("LANG=C ifconfig").readlines()) + ips = re.findall(r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}', if_data, flags=re.MULTILINE) + ip = filter(valid_ip, ips) + if ip: + return ip[0] return '' @@ -75,6 +80,17 @@ class PreSetup(object): self.ip = '' self.key = ''.join(random.choice(string.ascii_lowercase + string.digits) \ for _ in range(16)) + self.dist = platform.dist()[0].lower() + + @property + def _is_redhat(self): + if self.dist == "centos" or self.dist == "redhat": + return True + + @property + def _is_ubuntu(self): + if self.dist == "ubuntu": + return True def write_conf(self, conf_file=os.path.join(jms_dir, 'jumpserver.conf')): color_print('开始写入配置文件', 'green') @@ -99,22 +115,38 @@ class PreSetup(object): def _setup_mysql(self): color_print('开始安装设置mysql (请手动设置mysql安全)', 'green') color_print('默认用户名: %s 默认密码: %s' % (self.db_user, self.db_pass), 'green') - bash('yum -y install mysql-server') - bash('service mysqld start') - bash('chkconfig mysqld on') - bash('mysql -e "create database %s default charset=utf8"' % self.db) - bash('mysql -e "grant all on %s.* to \'%s\'@\'%s\' identified by \'%s\'"' % (self.db, - self.db_user, - self.db_host, - self.db_pass)) + if self._is_redhat: + bash('yum -y install mysql-server') + bash('service mysqld start') + bash('chkconfig mysqld on') + bash('mysql -e "create database %s default charset=utf8"' % self.db) + bash('mysql -e "grant all on %s.* to \'%s\'@\'%s\' identified by \'%s\'"' % (self.db, + self.db_user, + self.db_host, + self.db_pass)) + if self._is_ubuntu: + bash('echo mysql-server mysql-server/root_password select '' | debconf-set-selections') + bash('echo mysql-server mysql-server/root_password_again select '' | debconf-set-selections') + bash('apt-get -y install mysql-server') + bash('mysql -e "create database %s default charset=utf8"' % self.db) + bash('mysql -e "grant all on %s.* to \'%s\'@\'%s\' identified by \'%s\'"' % (self.db, + self.db_user, + self.db_host, + self.db_pass)) - @staticmethod - def _set_env(): + def _set_env(self): color_print('开始关闭防火墙和selinux', 'green') - os.system("export LANG='en_US.UTF-8' && sed -i 's/LANG=.*/LANG=en_US.UTF-8/g' /etc/sysconfig/i18n") - bash('service iptables stop && chkconfig iptables off && setenforce 0') + if self._is_redhat: + os.system("export LANG='en_US.UTF-8' && sed -i 's/LANG=.*/LANG=en_US.UTF-8/g' /etc/sysconfig/i18n") + bash('service iptables stop && chkconfig iptables off && setenforce 0') + if self._is_ubuntu: + os.system("export LANG='en_US.UTF-8'") + bash("iptables -F") + bash('which selinux && setenforce 0') def _test_db_conn(self): + bash("pip install mysql-python") + import MySQLdb try: MySQLdb.connect(host=self.db_host, port=int(self.db_port), user=self.db_user, passwd=self.db_pass, db=self.db) @@ -141,15 +173,18 @@ class PreSetup(object): return True return False - @staticmethod - def _rpm_repo(): - color_print('开始安装epel源', 'green') - bash('yum -y install epel-release') + def _rpm_repo(self): + if self._is_redhat: + color_print('开始安装epel源', 'green') + bash('yum -y install epel-release') + + def _depend_rpm(self): + color_print('开始安装依赖包', 'green') + if self._is_redhat: + bash('yum -y install git python-pip mysql-devel gcc automake autoconf python-devel vim sshpass') + if self._is_ubuntu: + bash("apt-get -y install git python-pip gcc automake autoconf vim sshpass libmysqld-dev python-all-dev") - @staticmethod - def _depend_rpm(): - color_print('开始安装依赖rpm包', 'green') - bash('yum -y install git python-pip mysql-devel gcc automake autoconf python-devel vim sshpass') @staticmethod def _require_pip(): @@ -202,11 +237,11 @@ class PreSetup(object): print def start(self): - # self._rpm_repo() - # self._depend_rpm() - # self._require_pip() color_print('请务必先查看wiki https://github.com/ibuler/jumpserver/wiki/Quickinstall') time.sleep(3) + self._rpm_repo() + self._depend_rpm() + self._require_pip() self._set_env() self._input_ip() self._input_mysql() diff --git a/install/next.py b/install/next.py index 48a518b71..49d62db25 100755 --- a/install/next.py +++ b/install/next.py @@ -8,6 +8,8 @@ from django.core.management import execute_from_command_line import shutil import urllib import socket +import subprocess + jms_dir = os.path.dirname(os.path.abspath(os.path.dirname(__file__))) sys.path.append(jms_dir) @@ -75,7 +77,8 @@ class Setup(object): user.delete() db_add_user(username=self.admin_user, password=self.admin_pass, role='SU', name='admin', groups='', admin_groups='', email='admin@jumpserver.org', uuid='MayBeYouAreTheFirstUser', is_active=True) - os.system('id %s &> /dev/null || useradd %s' % (self.admin_user, self.admin_user)) + cmd = 'useradd %s' % self.admin_user + subprocess.call(cmd, shell=True) @staticmethod def _chmod_file(): diff --git a/service.sh b/service.sh index 9bbbf2f9a..d2a9d06c0 100755 --- a/service.sh +++ b/service.sh @@ -24,54 +24,62 @@ lockfile=/var/lock/subsys/${PROC_NAME} start() { - jump_start=$"Starting ${PROC_NAME} service:" - - if [ -f $lockfile ];then - echo "jumpserver is running..." - success "$jump_start" - else - daemon python $base_dir/manage.py runserver 0.0.0.0:80 &>> /tmp/jumpserver.log 2>&1 & - daemon python $base_dir/manage.py crontab add &>> /tmp/jumpserver.log 2>&1 - daemon python $base_dir/run_websocket.py &> /dev/null 2>&1 & + jump_start=$"Starting ${PROC_NAME} service:" + + if [ -f $lockfile ];then + echo "jumpserver is running..." + success "$jump_start" + else + daemon python $base_dir/manage.py runserver 0.0.0.0:80 &>> /tmp/jumpserver.log 2>&1 & + daemon python $base_dir/manage.py crontab add &>> /tmp/jumpserver.log 2>&1 + daemon python $base_dir/run_websocket.py &> /dev/null 2>&1 & sleep 4 - echo -n "$jump_start" - nums=0 + echo -n "$jump_start" + nums=0 for i in manage.py run_websocket.py;do - ps aux | grep "$i" | grep -v 'grep' &> /dev/null && let nums+=1 || echo "$i not running" + if ps aux | grep "$i" | grep -v 'grep' &> /dev/null; then + nums=$[nums+1] + else + echo "$i not running" + fi done if [ "x$nums" == "x2" ];then success "$jump_start" + if [ ! -e $lockfile ]; then + lockfile_dir=`dirname $lockfile` + mkdir -pv $lockfile_dir + fi touch "$lockfile" echo else failure "$jump_start" echo fi - fi - - + fi + + } stop() { - echo -n $"Stopping ${PROC_NAME} service:" - - daemon python $base_dir/manage.py crontab remove &>> /tmp/jumpserver.log 2>&1 - ps aux | grep -E 'manage.py|run_websocket.py' | grep -v grep | awk '{print $2}' | xargs kill -9 &> /dev/null - ret=$? + echo -n $"Stopping ${PROC_NAME} service:" - if [ $ret -eq 0 ]; then - echo_success - echo + daemon python $base_dir/manage.py crontab remove &>> /tmp/jumpserver.log 2>&1 + ps aux | grep -E 'manage.py|run_websocket.py' | grep -v grep | awk '{print $2}' | xargs kill -9 &> /dev/null + ret=$? + + if [ $ret -eq 0 ]; then + echo_success + echo rm -f "$lockfile" - else - echo_failure - echo + else + echo_failure + echo rm -f "$lockfile" - fi + fi } @@ -83,22 +91,19 @@ restart(){ } # See how we were called. -case "$1" in - start) - start - ;; - stop) - stop - ;; +case "$1" in + start) + start + ;; + stop) + stop + ;; - restart) - restart - ;; - - *) + restart) + restart + ;; + + *) echo $"Usage: $0 {start|stop|restart}" - exit 2 -esac - - - + exit 2 +esac