Merge pull request #129 from jumpserver/bug_fix_100_and_127

fix (jperm): 统一调整系统用户仅使用秘钥进行通信，已存在的用户不会修改密码
2016-03-19 13:18:06 +08:00 · 2016-03-19 13:18:06 +08:00 · 0e5fd68e6c
parent f11016f57c c0e8ff8620
commit 0e5fd68e6c
4 changed files with 12 additions and 21 deletions
--- a/jperm/perm_api.py
+++ b/jperm/perm_api.py
@ -182,8 +182,9 @@ def gen_resource(ob, perm=None):
                info = {'hostname': asset.hostname,
                        'ip': asset.ip,
                        'port': asset_info.get('port', 22),
+                        'ansible_ssh_private_key_file': role_key,
                        'username': role.name,
-                        'password': CRYPTOR.decrypt(role.password)
+                        # 'password': CRYPTOR.decrypt(role.password)
                       }

                if os.path.isfile(role_key):
--- a/jperm/views.py
+++ b/jperm/views.py
@ -519,12 +519,12 @@ def perm_role_push(request):
            ret["pass_push"] = task.add_user(role.name)
            ret["key_push"] = task.push_key(role.name, os.path.join(role.key_path, 'id_rsa.pub'))

-        # 2. 推送账号密码
-        elif password_push:
-            ret["pass_push"] = task.add_user(role.name, CRYPTOR.decrypt(role.password))
+        # 2. 推送账号密码 <为了安全 系统用户统一使用秘钥进行通信， 不再提供密码方式的推送>
+        # elif password_push:
+        #     ret["pass_push"] = task.add_user(role.name, CRYPTOR.decrypt(role.password))

        # 3. 推送sudo配置文件
-        if password_push or key_push:
+        if key_push:
            sudo_list = set([sudo for sudo in role.sudo.all()])  # set(sudo1, sudo2, sudo3)
            if sudo_list:
                ret['sudo'] = task.push_sudo_file([role], sudo_list)
--- a/jumpserver.conf
+++ b/jumpserver.conf
@ -1,6 +1,6 @@
 [base]
-url = http://192.168.244.129
-key = i6k2zeu8x6mncl76
+url = http://192.168.10.165
+key = 941enj9neshd1wes
 ip = 0.0.0.0
 port = 80
 log = debug
@ -14,9 +14,9 @@ database = jumpserver

 [mail]
 mail_enable = 1
-email_host = smtp.exmail.qq.com
-email_port = 25
-email_host_user = noreply@jumpserver.org
-email_host_password = xxxxxxxxxx
+email_host = 
+email_port = 587
+email_host_user = 
+email_host_password = 
 email_use_tls = True

--- a/templates/jperm/perm_role_push.html
+++ b/templates/jperm/perm_role_push.html
@ -74,16 +74,6 @@
                                        </div>
                                    </div>
                                </div>
-                                <div class="form-group">
-                                    <label for="j_group" class="col-sm-2 control-label">使用密码</label>
-                                    <div class="col-sm-1">
-                                        <div class="radio i-checks">
-                                            <label>
-                                                <input type="checkbox" value="1" id="use_password" name="use_password">
-                                            </label>
-                                        </div>
-                                    </div>
-                                </div>
                            </div>
                            <div class="hr-line-dashed"></div>
                            <div class="form-group">