add docker support

Dockerfile

@@ -0,0 +1,37 @@
+FROM alpine
+MAINTAINER xRain <xrain@simcu.com>
+RUN apk add --update openssh sshpass python py-mysqldb py-psutil py-crypto && \
+	rm -rf /var/cache/apk/* 
+COPY . /jumpserver
+WORKDIR /jumpserver
+RUN python /jumpserver/install/docker/get-pip.py && \
+ 	pip install -r /jumpserver/install/docker/piprequires.txt && \
+	 rm -rf /jumpserver/docs && \
+ 	cp /jumpserver/install/docker/run.sh /run.sh && \
+  	rm -rf /etc/motd && chmod +x /run.sh && \
+  	rm -rf /jumpserver/keys && \
+  	rm -rf /jumpserver/logs && \
+  	rm -rf /home && \
+  	rm -rf /etc/ssh && \
+  	rm -rf /etc/shadow && \
+  	rm -rf /etc/passwd && \
+  	cp -r /jumpserver/install/docker/useradd /usr/sbin/useradd && \
+  	cp -r /jumpserver/install/docker/userdel /usr/sbin/userdel && \
+  	chmod +x /usr/sbin/useradd && \
+  	chmod +x /usr/sbin/userdel && \
+  	mkdir -p /data/home && \
+  	mkdir -p /data/logs && \
+  	mkdir -p /data/keys && \
+  	mkdir -p /data/ssh && \
+  	cp -r /jumpserver/install/docker/shadow /data/shadow && \
+  	cp -r /jumpserver/install/docker/passwd /data/passwd && \
+  	ln -s /data/logs /jumpserver/logs && \
+  	ln -s /data/keys /jumpserver/keys && \
+  	ln -s /data/home /home && \
+  	ln -s /data/ssh /etc/ssh && \
+  	ln -s /data/passwd /etc/passwd && \
+  	ln -s /data/shadow /etc/shadow && \
+  	chmod -R 777 /jumpserver
+VOLUME /data
+EXPOSE 80 22
+CMD /run.sh

docker-compose.yaml

@@ -0,0 +1,17 @@
+version: '2'
+services:
+  jumpserver:
+    build: .
+    container_name: jumpserver
+    restart: always
+    ports:
+      - "8888:80"
+      - "2222:22"
+    # environment:
+    #   - USE_MYSQL=true
+    #   - MYSQL_HOST=192.168.64.5
+    #   - MYSQL_PORT=3306
+    #   - MYSQL_USER=root
+    #   - MYSQL_PASS=love1314
+    #   - MYSQL_NAME=jumpserver
+    #   - MAIL_ENABLED=false

init.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
 #
 
 trap '' SIGINT

install/docker/config_tmpl.conf

@@ -0,0 +1,26 @@
+[base]
+url = 
+key = 941enj9neshd1wes
+ip = 0.0.0.0
+port = 80
+log = debug
+
+[db]
+use_mysql = __USE_MYSQL__
+host = __MYSQL_HOST__
+port = __MYSQL_PORT__
+user = __MYSQL_USER__
+password = __MYSQL_PASS__
+database = __MYSQL_NAME__
+sqlite3_path = /data/jumpserver.sqlite
+
+[mail]
+mail_enable = __MAIL_ENABLED__
+email_host = __MAIL_HOST__
+email_port = __MAIL_PORT__
+email_host_user = __MAIL_USER__
+email_host_password = __MAIL_PASS__
+email_use_tls = __MAIL_USE_TLS__
+
+[connect]
+nav_sort_by = ip

install/docker/passwd

@@ -0,0 +1,29 @@
+root:x:0:0:root:/root:/bin/ash
+bin:x:1:1:bin:/bin:/sbin/nologin
+daemon:x:2:2:daemon:/sbin:/sbin/nologin
+adm:x:3:4:adm:/var/adm:/sbin/nologin
+lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
+sync:x:5:0:sync:/sbin:/bin/sync
+shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
+halt:x:7:0:halt:/sbin:/sbin/halt
+mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
+news:x:9:13:news:/usr/lib/news:/sbin/nologin
+uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin
+operator:x:11:0:operator:/root:/bin/sh
+man:x:13:15:man:/usr/man:/sbin/nologin
+postmaster:x:14:12:postmaster:/var/spool/mail:/sbin/nologin
+cron:x:16:16:cron:/var/spool/cron:/sbin/nologin
+ftp:x:21:21::/var/lib/ftp:/sbin/nologin
+sshd:x:22:22:sshd:/dev/null:/sbin/nologin
+at:x:25:25:at:/var/spool/cron/atjobs:/sbin/nologin
+squid:x:31:31:Squid:/var/cache/squid:/sbin/nologin
+xfs:x:33:33:X Font Server:/etc/X11/fs:/sbin/nologin
+games:x:35:35:games:/usr/games:/sbin/nologin
+postgres:x:70:70::/var/lib/postgresql:/bin/sh
+nut:x:84:84:nut:/var/state/nut:/sbin/nologin
+cyrus:x:85:12::/usr/cyrus:/sbin/nologin
+vpopmail:x:89:89::/var/vpopmail:/sbin/nologin
+ntp:x:123:123:NTP:/var/empty:/sbin/nologin
+smmsp:x:209:209:smmsp:/var/spool/mqueue:/sbin/nologin
+guest:x:405:100:guest:/dev/null:/sbin/nologin
+nobody:x:65534:65534:nobody:/:/sbin/nologin

install/docker/piprequires.txt

@@ -0,0 +1,19 @@
+#sphinx-me==0.3
+django==1.6
+#pycrypto==2.4.1
+paramiko==1.16.0
+ecdsa==0.13
+#MySQL-python==1.2.5
+#django-uuidfield==0.5.0
+#psutil==3.3.0
+xlsxwriter==0.7.7
+xlrd==0.9.4
+django-bootstrap-form==3.2
+tornado==4.3
+ansible==1.9.4
+pyinotify==0.9.6
+passlib==1.6.5
+argparse==1.4.0
+django-crontab==0.6.0
+django-smtp-ssl==1.0
+pyte==0.5.2

install/docker/run.sh

@@ -0,0 +1,53 @@
+#!/bin/sh
+cp -r /jumpserver/install/docker/config_tmpl.conf /jumpserver/jumpserver.conf
+if [ ! -n "${USE_MYSQL}" ]; then
+sed -i "s/__USE_MYSQL__/false/" /jumpserver/jumpserver.conf
+else
+sed -i "s/__USE_MYSQL__/true/" /jumpserver/jumpserver.conf
+sed -i "s/__MYSQL_HOST__/${MYSQL_HOST}/" /jumpserver/jumpserver.conf
+sed -i "s/__MYSQL_PORT__/${MYSQL_PORT}/" /jumpserver/jumpserver.conf
+sed -i "s/__MYSQL_USER__/${MYSQL_USER}/" /jumpserver/jumpserver.conf
+sed -i "s/__MYSQL_PASS__/${MYSQL_PASS}/" /jumpserver/jumpserver.conf
+sed -i "s/__MYSQL_NAME__/${MYSQL_NAME}/" /jumpserver/jumpserver.conf
+fi
+
+if [ ! -n "${MAIL_ENABLED}" ]; then
+sed -i "s/__MAIL_ENABLED__/false/" /jumpserver/jumpserver.conf
+else
+sed -i "s/__MAIL_ENABLED__/${MAIL_ENABLED}/" /jumpserver/jumpserver.conf
+sed -i "s/__MAIL_HOST__/${MAIL_HOST}/" /jumpserver/jumpserver.conf
+sed -i "s/__MAIL_PORT__/${MAIL_PORT}/" /jumpserver/jumpserver.conf
+sed -i "s/__MAIL_USER__/${MAIL_USER}/" /jumpserver/jumpserver.conf
+sed -i "s/__MAIL_PASS__/${MAIL_PASS}/" /jumpserver/jumpserver.conf
+fi
+if [ ! -n "${MAIL_USE_TLS}" ]; then
+sed -i "s/__MAIL_USE_TLS__/false/" /jumpserver/jumpserver.conf
+else
+sed -i "s/__MAIL_USE_TLS__/${MAIL_USE_TLS}/" /jumpserver/jumpserver.conf
+fi
+
+if [ ! -f "/etc/ssh/sshd_config" ]; then
+	cp -r /jumpserver/install/docker/sshd_config /etc/ssh/sshd_config
+fi
+if [ ! -f "/etc/ssh/ssh_host_rsa_key" ]; then
+  ssh-keygen -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''
+fi
+if [ ! -f "/etc/ssh/ssh_host_dsa_key" ]; then
+  ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N ''
+fi
+if [ ! -f "/etc/ssh/ssh_host_ecdsa_key" ]; then
+  ssh-keygen -t ecdsa -b 521 -f /etc/ssh/ssh_host_ecdsa_key -N ''
+fi
+if [ ! -f "/etc/ssh/ssh_host_ed25519_key" ]; then
+  ssh-keygen -t ed25519 -b 1024 -f /etc/ssh/ssh_host_ed25519_key -N ''
+fi
+
+/usr/sbin/sshd -E /data/logs/jumpserver.log
+python /jumpserver/manage.py syncdb --noinput
+if [ ! -f "/home/init.locked" ]; then
+	python manage.py loaddata install/initial_data.yaml
+	date > /home/init.locked
+fi
+python /jumpserver/run_server.py >> /data/logs/jumpserver.log &
+chmod -R 777 /data/logs/jumpserver.log
+tail -f /data/logs/jumpserver.log

install/docker/shadow

@@ -0,0 +1,29 @@
+root:::0:::::
+bin:!::0:::::
+daemon:!::0:::::
+adm:!::0:::::
+lp:!::0:::::
+sync:!::0:::::
+shutdown:!::0:::::
+halt:!::0:::::
+mail:!::0:::::
+news:!::0:::::
+uucp:!::0:::::
+operator:!::0:::::
+man:!::0:::::
+postmaster:!::0:::::
+cron:!::0:::::
+ftp:!::0:::::
+sshd:!::0:::::
+at:!::0:::::
+squid:!::0:::::
+xfs:!::0:::::
+games:!::0:::::
+postgres:!::0:::::
+nut:!::0:::::
+cyrus:!::0:::::
+vpopmail:!::0:::::
+ntp:!::0:::::
+smmsp:!::0:::::
+guest:!::0:::::
+nobody:!::0:::::

install/docker/sshd_config

@@ -0,0 +1,146 @@
+#	$OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $
+
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/bin:/usr/bin:/sbin:/usr/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+# The default requires explicit activation of protocol 1
+#Protocol 2
+
+# HostKey for protocol version 1
+#HostKey /etc/ssh/ssh_host_key
+# HostKeys for protocol version 2
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Lifetime and size of ephemeral version 1 server key
+#KeyRegenerationInterval 1h
+#ServerKeyBits 1024
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+# obsoletes QuietMode and FascistLogging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin prohibit-password
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#RSAAuthentication yes
+#PubkeyAuthentication yes
+PasswordAuthentication no
+ChallengeResponseAuthentication no
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile	.ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#RhostsRSAAuthentication no
+# similar for protocol version 2
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+#UsePAM no
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+#UsePrivilegeSeparation sandbox
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem	sftp	/usr/lib/ssh/sftp-server
+
+# the following are HPN related configuration options
+# tcp receive buffer polling. disable in non autotuning kernels
+#TcpRcvBufPoll yes
+
+# disable hpn performance boosts
+#HPNDisabled no
+
+# buffer size for hpn to non-hpn connections
+#HPNBufferSize 2048
+
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#	X11Forwarding no
+#	AllowTcpForwarding no
+#	PermitTTY no
+#	ForceCommand cvs server

install/docker/useradd

@@ -0,0 +1,2 @@
+#!/bin/sh
+adduser $@

install/docker/userdel

@@ -0,0 +1,2 @@
+#!/bin/sh
+deluser --remove-home $3

jumpserver/settings.py

@@ -19,12 +19,6 @@ BASE_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))
 config.read(os.path.join(BASE_DIR, 'jumpserver.conf'))
 KEY_DIR = os.path.join(BASE_DIR, 'keys')
 
-
-DB_HOST = config.get('db', 'host')
-DB_PORT = config.getint('db', 'port')
-DB_USER = config.get('db', 'user')
-DB_PASSWORD = config.get('db', 'password')
-DB_DATABASE = config.get('db', 'database')
 AUTH_USER_MODEL = 'juser.User'
 # mail config
 MAIL_ENABLE = config.get('mail', 'mail_enable')
@@ -104,24 +98,30 @@ WSGI_APPLICATION = 'jumpserver.wsgi.application'
 
 # Database
 # https://docs.djangoproject.com/en/1.7/ref/settings/#databases
-
-DATABASES = {
-    'default': {
-        'ENGINE': 'django.db.backends.mysql',
-        'NAME': DB_DATABASE,
-        'USER': DB_USER,
-        'PASSWORD': DB_PASSWORD,
-        'HOST': DB_HOST,
-        'PORT': DB_PORT,
+DATABASES = {}
+if config.get('db', 'use_mysql') == 'true': 
+    DB_HOST = config.get('db', 'host')
+    DB_PORT = config.getint('db', 'port')
+    DB_USER = config.get('db', 'user')
+    DB_PASSWORD = config.get('db', 'password')
+    DB_DATABASE = config.get('db', 'database')
+    DATABASES = {
+        'default': {
+            'ENGINE': 'django.db.backends.mysql',
+            'NAME': DB_DATABASE,
+            'USER': DB_USER,
+            'PASSWORD': DB_PASSWORD,
+            'HOST': DB_HOST,
+            'PORT': DB_PORT,
+        }
+    }
+else:
+    DATABASES = {
+        'default': {
+            'ENGINE': 'django.db.backends.sqlite3',
+            'NAME': config.get('db', 'sqlite3_path'),
+        }
     }
-}
-
-# DATABASES = {
-#     'default': {
-#         'ENGINE': 'django.db.backends.sqlite3',
-#         'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
-#     }
-# }
 TEMPLATE_CONTEXT_PROCESSORS = (
     'django.contrib.auth.context_processors.auth',
     'django.core.context_processors.debug',

juser/user_api.py

@@ -151,7 +151,7 @@ def server_add_user(username, ssh_key_pwd=''):
     add a system user in jumpserver
     在jumpserver服务器上添加一个用户
     """
-    bash("useradd -s '%s' '%s'" % (os.path.join(BASE_DIR, 'init.sh'), username))
+    bash("adduser -s '%s' '%s'" % (os.path.join(BASE_DIR, 'init.sh'), username))
     gen_ssh_key(username, ssh_key_pwd)