mirror of https://github.com/jumpserver/jumpserver
[Update] 修改settings和配置文件
ibuler
parent
ec45c56868
commit
d51b3eff6a
|
|
@ -25,3 +25,4 @@ jumpserver.iml
|
|||
.python-version
|
||||
tmp/*
|
||||
sessions/*
|
||||
media
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
FROM jumpserver/python:v3.6.1
|
||||
LABEL MAINTAINER Jumpserver Team <ibuler@qq.com>
|
||||
FROM jumpserver/python:3
|
||||
MAINTAINER Jumpserver Team <ibuler@qq.com>
|
||||
|
||||
|
||||
COPY . /opt/jumpserver
|
||||
|
|
@ -7,9 +7,8 @@ WORKDIR /opt/jumpserver
|
|||
|
||||
RUN yum -y install epel-release && yum clean all -y
|
||||
RUN cd requirements && yum -y install $(cat rpm_requirements.txt) && yum clean all -y
|
||||
RUN cd requirements && pip install -r requirements.txt
|
||||
RUN cd requirements && pip install -r requirements.txt -i https://pypi.tuna.tsinghua.edu.cn/simple
|
||||
|
||||
RUN rm -f data/db.sqlite3
|
||||
RUN rm -r .git
|
||||
RUN rm -f config.py
|
||||
|
||||
|
|
|
|||
|
|
@ -119,31 +119,31 @@ SESSION_COOKIE_DOMAIN = CONFIG.SESSION_COOKIE_DOMAIN or None
|
|||
CSRF_COOKIE_DOMAIN = CONFIG.CSRF_COOKIE_DOMAIN or None
|
||||
SESSION_COOKIE_AGE = CONFIG.SESSION_COOKIE_AGE or 3600*24
|
||||
|
||||
|
||||
MESSAGE_STORAGE = 'django.contrib.messages.storage.cookie.CookieStorage'
|
||||
# Database
|
||||
# https://docs.djangoproject.com/en/1.10/ref/settings/#databases
|
||||
|
||||
if CONFIG.DB_ENGINE == 'sqlite':
|
||||
DATABASES = {
|
||||
'default': {
|
||||
'ENGINE': 'django.db.backends.sqlite3',
|
||||
'NAME': CONFIG.DB_NAME or os.path.join(BASE_DIR, 'data', 'db.sqlite3'),
|
||||
'ATOMIC_REQUESTS': True,
|
||||
}
|
||||
}
|
||||
else:
|
||||
DATABASES = {
|
||||
'default': {
|
||||
'ENGINE': 'django.db.backends.%s' % CONFIG.DB_ENGINE,
|
||||
'NAME': CONFIG.DB_NAME,
|
||||
'HOST': CONFIG.DB_HOST,
|
||||
'PORT': CONFIG.DB_PORT,
|
||||
'USER': CONFIG.DB_USER,
|
||||
'PASSWORD': CONFIG.DB_PASSWORD,
|
||||
'ATOMIC_REQUESTS': True,
|
||||
}
|
||||
# if CONFIG.DB_ENGINE == 'sqlite':
|
||||
# DATABASES = {
|
||||
# 'default': {
|
||||
# 'ENGINE': 'django.db.backends.sqlite3',
|
||||
# 'NAME': CONFIG.DB_NAME or os.path.join(BASE_DIR, 'data', 'db.sqlite3'),
|
||||
# 'ATOMIC_REQUESTS': True,
|
||||
# }
|
||||
# }
|
||||
|
||||
print(CONFIG.DB_ENGINE)
|
||||
DATABASES = {
|
||||
'default': {
|
||||
'ENGINE': 'django.db.backends.{}'.format(CONFIG.DB_ENGINE),
|
||||
'NAME': CONFIG.DB_NAME,
|
||||
'HOST': CONFIG.DB_HOST,
|
||||
'PORT': CONFIG.DB_PORT,
|
||||
'USER': CONFIG.DB_USER,
|
||||
'PASSWORD': CONFIG.DB_PASSWORD,
|
||||
'ATOMIC_REQUESTS': True,
|
||||
}
|
||||
}
|
||||
|
||||
# Password validation
|
||||
# https://docs.djangoproject.com/en/1.10/ref/settings/#auth-password-validators
|
||||
|
|
@ -193,7 +193,7 @@ LOGGING = {
|
|||
'level': 'DEBUG',
|
||||
'class': 'logging.FileHandler',
|
||||
'formatter': 'main',
|
||||
'filename': os.path.join(PROJECT_DIR, 'logs', 'jumpserver.log')
|
||||
'filename': os.path.join(CONFIG.LOG_DIR, 'jumpserver.log')
|
||||
},
|
||||
'ansible_logs': {
|
||||
'level': 'DEBUG',
|
||||
|
|
@ -275,7 +275,7 @@ MEDIA_ROOT = os.path.join(PROJECT_DIR, 'data', 'media').replace('\\', '/') + '/'
|
|||
# BOOTSTRAP_COLUMN_COUNT = 11
|
||||
|
||||
# Init data or generate fake data source for development
|
||||
FIXTURE_DIRS = [os.path.join(BASE_DIR, 'fixtures'), ]
|
||||
FIXTURE_DIRS = [os.path.join(BASE_DIR, 'fixtures'),]
|
||||
|
||||
# Email config
|
||||
EMAIL_HOST = CONFIG.EMAIL_HOST
|
||||
|
|
@ -313,17 +313,16 @@ AUTH_USER_MODEL = 'users.User'
|
|||
# Auth LDAP settings
|
||||
if CONFIG.AUTH_LDAP:
|
||||
AUTHENTICATION_BACKENDS.insert(0, 'django_auth_ldap.backend.LDAPBackend')
|
||||
AUTH_LDAP_SERVER_URI = CONFIG.AUTH_LDAP_SERVER_URI
|
||||
AUTH_LDAP_BIND_DN = CONFIG.AUTH_LDAP_BIND_DN
|
||||
AUTH_LDAP_BIND_PASSWORD = CONFIG.AUTH_LDAP_BIND_PASSWORD
|
||||
# AUTH_LDAP_USER_DN_TEMPLATE = CONFIG.AUTH_LDAP_USER_DN_TEMPLATE
|
||||
AUTH_LDAP_USER_SEARCH = LDAPSearch(
|
||||
CONFIG.AUTH_LDAP_SEARCH_OU,
|
||||
ldap.SCOPE_SUBTREE,
|
||||
CONFIG.AUTH_LDAP_SEARCH_FILTER
|
||||
)
|
||||
AUTH_LDAP_START_TLS = CONFIG.AUTH_LDAP_START_TLS
|
||||
AUTH_LDAP_USER_ATTR_MAP = CONFIG.AUTH_LDAP_USER_ATTR_MAP
|
||||
AUTH_LDAP_SERVER_URI = CONFIG.AUTH_LDAP_SERVER_URI
|
||||
AUTH_LDAP_BIND_DN = CONFIG.AUTH_LDAP_BIND_DN
|
||||
AUTH_LDAP_BIND_PASSWORD = CONFIG.AUTH_LDAP_BIND_PASSWORD
|
||||
AUTH_LDAP_USER_SEARCH = LDAPSearch(
|
||||
CONFIG.AUTH_LDAP_SEARCH_OU,
|
||||
ldap.SCOPE_SUBTREE,
|
||||
CONFIG.AUTH_LDAP_SEARCH_FILTER
|
||||
)
|
||||
AUTH_LDAP_START_TLS = CONFIG.AUTH_LDAP_START_TLS
|
||||
AUTH_LDAP_USER_ATTR_MAP = CONFIG.AUTH_LDAP_USER_ATTR_MAP
|
||||
|
||||
# Celery using redis as broker
|
||||
BROKER_URL = 'redis://:%(password)s@%(host)s:%(port)s/3' % {
|
||||
|
|
@ -360,9 +359,7 @@ CAPTCHA_FOREGROUND_COLOR = '#001100'
|
|||
CAPTCHA_NOISE_FUNCTIONS = ('captcha.helpers.noise_dots',)
|
||||
CAPTCHA_TEST_MODE = CONFIG.CAPTCHA_TEST_MODE
|
||||
|
||||
COMMAND_STORE_BACKEND = 'terminal.backends.command.db'
|
||||
REPLAY_STORE_BACKEND = 'terminal.backends.replay.db'
|
||||
|
||||
COMMAND_STORAGE_BACKEND = 'terminal.backends.command.db'
|
||||
|
||||
# Django bootstrap3 setting, more see http://django-bootstrap3.readthedocs.io/en/latest/settings.html
|
||||
BOOTSTRAP3 = {
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ import errno
|
|||
if __name__ == "__main__":
|
||||
try:
|
||||
os.makedirs('../logs')
|
||||
os.makedirs('../sessions')
|
||||
except:
|
||||
pass
|
||||
|
||||
|
|
|
|||
|
|
@ -5,8 +5,9 @@ from django.shortcuts import get_object_or_404
|
|||
from rest_framework.views import APIView, Response
|
||||
from rest_framework.generics import ListAPIView, get_object_or_404, RetrieveUpdateAPIView
|
||||
from rest_framework import viewsets
|
||||
from users.permissions import IsValidUser, IsSuperUser, IsAppUser, IsSuperUserOrAppUser
|
||||
|
||||
from common.utils import get_object_or_none
|
||||
from users.permissions import IsValidUser, IsSuperUser, IsAppUser, IsSuperUserOrAppUser
|
||||
from .utils import get_user_granted_assets, get_user_granted_asset_groups, \
|
||||
get_user_asset_permissions, get_user_group_asset_permissions, \
|
||||
get_user_group_granted_assets, get_user_group_granted_asset_groups
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ from .command.serializers import SessionCommandSerializer
|
|||
|
||||
|
||||
def get_command_store():
|
||||
command_engine = import_module(settings.COMMAND_STORE_BACKEND)
|
||||
command_engine = import_module(settings.COMMAND_STORAGE_BACKEND)
|
||||
command_store = command_engine.CommandStore()
|
||||
return command_store
|
||||
|
||||
|
|
|
|||
|
|
@ -211,10 +211,11 @@ class User(AbstractUser):
|
|||
@classmethod
|
||||
def create_app_user(cls, name, comment):
|
||||
from . import AccessKey
|
||||
domain_name = settings.CONFIG.DOMAIN_NAME or 'jumpserver.org'
|
||||
app = cls.objects.create(username=name, name=name, email='%s@%s' % (name, domain_name), is_active=False,
|
||||
role='App', enable_otp=False, comment=comment, is_first_login=False,
|
||||
created_by='System')
|
||||
app = cls.objects.create(
|
||||
username=name, name=name, email='%s@local.domain'.format(),
|
||||
is_active=False, role='App', enable_otp=False, comment=comment,
|
||||
is_first_login=False, created_by='System'
|
||||
)
|
||||
access_key = AccessKey.objects.create(user=app)
|
||||
return app, access_key
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ class Config:
|
|||
# It's used to identify your site, When we send a create mail to user, we only know login url is /login/
|
||||
# But we should know the absolute url like: http://jms.jumpserver.org/login/, so SITE_URL is
|
||||
# HTTP_PROTOCOL://HOST[:PORT]
|
||||
SITE_URL = 'http://localhost'
|
||||
SITE_URL = os.environ.get("SITE_URL") or 'http://localhost'
|
||||
|
||||
# Domain name, If set app email will set as it
|
||||
DOMAIN_NAME = 'jumpserver.org'
|
||||
|
|
@ -33,10 +33,10 @@ class Config:
|
|||
ALLOWED_HOSTS = ['*']
|
||||
|
||||
# Development env open this, when error occur display the full process track, Production disable it
|
||||
DEBUG = True
|
||||
DEBUG = os.environ.get("DEBUG") or False
|
||||
|
||||
# DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
|
||||
LOG_LEVEL = 'DEBUG'
|
||||
LOG_LEVEL = os.environ.get('INFO') or 'INFO'
|
||||
|
||||
# Database setting, Support sqlite3, mysql, postgres ....
|
||||
# See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
|
||||
|
|
@ -113,50 +113,8 @@ class Config:
|
|||
return None
|
||||
|
||||
|
||||
class DevelopmentConfig(Config):
|
||||
DEBUG = True
|
||||
DISPLAY_PER_PAGE = 20
|
||||
DB_ENGINE = 'sqlite'
|
||||
DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
|
||||
EMAIL_HOST = 'smtp.exmail.qq.com'
|
||||
EMAIL_PORT = 465
|
||||
EMAIL_HOST_USER = 'a@jumpserver.org'
|
||||
EMAIL_HOST_PASSWORD = 'somepasswrd'
|
||||
EMAIL_USE_SSL = True
|
||||
EMAIL_USE_TLS = False
|
||||
EMAIL_SUBJECT_PREFIX = '[Jumpserver] '
|
||||
SITE_URL = 'http://localhost:8080'
|
||||
|
||||
|
||||
class ProductionConfig(Config):
|
||||
DEBUG = False
|
||||
DB_ENGINE = 'mysql'
|
||||
DB_HOST = '127.0.0.1'
|
||||
DB_PORT = 3306
|
||||
DB_USER = 'root'
|
||||
DB_PASSWORD = ''
|
||||
DB_NAME = 'jumpserver'
|
||||
|
||||
|
||||
class DockerConfig(Config):
|
||||
DB_ENGINE = 'sqlite'
|
||||
DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
|
||||
REDIS_HOST = os.environ.get('REDIS_HOST') or 'redis'
|
||||
EMAIL_HOST = os.environ.get('EMAIL_HOST') or 'smtp.qq.com'
|
||||
EMAIL_PORT = int(os.environ.get('EMAIL_PORT', 465))
|
||||
EMAIL_HOST_USER = os.environ.get('EMAIL_HOST_USER') or 'admin'
|
||||
EMAIL_HOST_PASSWORD = os.environ.get('EMAIL_HOST_PASSWORD') or 'somepasswrd'
|
||||
EMAIL_USE_SSL = True if EMAIL_PORT == 465 else False
|
||||
EMAIL_USE_TLS = True if EMAIL_PORT == 587 else False
|
||||
EMAIL_SUBJECT_PREFIX = os.environ.get('EMAIL_SUBJECT_PREFIX') or '[Jumpserver] '
|
||||
SITE_URL = os.environ.get('SITE_URL') or 'http://localhost:8080'
|
||||
|
||||
|
||||
config = {
|
||||
'development': DevelopmentConfig,
|
||||
'production': ProductionConfig,
|
||||
'default': DevelopmentConfig,
|
||||
'docker': DockerConfig,
|
||||
'docker': Config,
|
||||
}
|
||||
|
||||
env = 'docker'
|
||||
|
|
|
|||
|
|
@ -8,11 +8,8 @@
|
|||
:license: GPL v2, see LICENSE for more details.
|
||||
"""
|
||||
import os
|
||||
import ldap
|
||||
from django_auth_ldap.config import LDAPSearch
|
||||
|
||||
BASE_DIR = os.path.dirname(os.path.abspath(__file__))
|
||||
LOG_DIR = os.path.join(BASE_DIR, 'logs')
|
||||
|
||||
|
||||
class Config:
|
||||
|
|
@ -20,7 +17,7 @@ class Config:
|
|||
# SECURITY WARNING: keep the secret key used in production secret!
|
||||
SECRET_KEY = os.environ.get('SECRET_KEY') or '2vym+ky!997d5kkcc64mnz06y1mmui3lut#(^wd=%s_qj$1%x'
|
||||
|
||||
# How many line display every page, default 25
|
||||
# How many line display every page if using django pager, default 25
|
||||
DISPLAY_PER_PAGE = 25
|
||||
|
||||
# It's used to identify your site, When we send a create mail to user, we only know login url is /login/
|
||||
|
|
@ -28,9 +25,6 @@ class Config:
|
|||
# HTTP_PROTOCOL://HOST[:PORT]
|
||||
SITE_URL = 'http://localhost'
|
||||
|
||||
# Domain name, If set app email will set as it
|
||||
DOMAIN_NAME = 'jumpserver.org'
|
||||
|
||||
# Django security setting, if your disable debug model, you should setting that
|
||||
ALLOWED_HOSTS = ['*']
|
||||
|
||||
|
|
@ -39,15 +33,16 @@ class Config:
|
|||
|
||||
# DEBUG, INFO, WARNING, ERROR, CRITICAL can set. See https://docs.djangoproject.com/en/1.10/topics/logging/
|
||||
LOG_LEVEL = 'DEBUG'
|
||||
LOG_DIR = os.path.join(BASE_DIR, 'logs')
|
||||
|
||||
# Database setting, Support sqlite3, mysql, postgres ....
|
||||
# See https://docs.djangoproject.com/en/1.10/ref/settings/#databases
|
||||
|
||||
# Sqlite setting:
|
||||
DATABASE_ENGINE = 'sqlite3'
|
||||
# SQLite setting:
|
||||
DB_ENGINE = 'sqlite3'
|
||||
DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
|
||||
|
||||
# Mysql or postgres setting like:
|
||||
# MySQL or postgres setting like:
|
||||
# DB_ENGINE = 'mysql'
|
||||
# DB_HOST = '127.0.0.1'
|
||||
# DB_PORT = 3306
|
||||
|
|
@ -55,12 +50,6 @@ class Config:
|
|||
# DB_PASSWORD = ''
|
||||
# DB_NAME = 'jumpserver'
|
||||
|
||||
# When Django start it will bind this host and port
|
||||
# ./manage.py runserver 127.0.0.1:8080
|
||||
# Todo: Gunicorn or uwsgi run may be use it
|
||||
HTTP_BIND_HOST = '0.0.0.0'
|
||||
HTTP_LISTEN_PORT = 8080
|
||||
|
||||
# Use Redis as broker for celery and web socket
|
||||
REDIS_HOST = '127.0.0.1'
|
||||
REDIS_PORT = 6379
|
||||
|
|
@ -71,24 +60,20 @@ class Config:
|
|||
'port': REDIS_PORT,
|
||||
}
|
||||
|
||||
# Api token expiration when create
|
||||
# Api token expiration when create, Jumpserver refresh time when request arrive
|
||||
TOKEN_EXPIRATION = 3600
|
||||
|
||||
# Session and csrf domain settings, If you deploy jumpserver,coco,luna standby,
|
||||
# So than share cookie, and you need use a same top-level domain name
|
||||
|
||||
# SESSION_COOKIE_DOMAIN = '.jms.com'
|
||||
# CSRF_COOKIE_DOMAIN = '.jms.com'
|
||||
# Session and csrf domain settings
|
||||
SESSION_COOKIE_AGE = 3600*24
|
||||
|
||||
# Email SMTP setting, we only support smtp send mail
|
||||
# EMAIL_HOST = 'smtp.qq.com'
|
||||
# EMAIL_PORT = 25
|
||||
# EMAIL_HOST_USER = ''
|
||||
# EMAIL_HOST_PASSWORD = ''
|
||||
# EMAIL_USE_SSL = False # If port is 465, set True
|
||||
# EMAIL_USE_TLS = False # If port is 587, set True
|
||||
# EMAIL_SUBJECT_PREFIX = '[Jumpserver] '
|
||||
EMAIL_HOST = 'smtp.163.com'
|
||||
EMAIL_PORT = 25
|
||||
EMAIL_HOST_USER = ''
|
||||
EMAIL_HOST_PASSWORD = '' # Caution: Some SMTP server using `Authorization Code` except password
|
||||
EMAIL_USE_SSL = True if EMAIL_PORT == 465 else False
|
||||
EMAIL_USE_TLS = True if EMAIL_PORT == 587 else False
|
||||
EMAIL_SUBJECT_PREFIX = '[Jumpserver] '
|
||||
|
||||
CAPTCHA_TEST_MODE = False
|
||||
|
||||
|
|
@ -116,36 +101,8 @@ class Config:
|
|||
return None
|
||||
|
||||
|
||||
class DevelopmentConfig(Config):
|
||||
DEBUG = True
|
||||
DISPLAY_PER_PAGE = 20
|
||||
DB_ENGINE = 'sqlite'
|
||||
DB_NAME = os.path.join(BASE_DIR, 'data', 'db.sqlite3')
|
||||
EMAIL_HOST = 'smtp.exmail.qq.com'
|
||||
EMAIL_PORT = 465
|
||||
EMAIL_HOST_USER = 'a@jumpserver.org'
|
||||
EMAIL_HOST_PASSWORD = 'somepasswrd'
|
||||
EMAIL_USE_SSL = True
|
||||
EMAIL_USE_TLS = False
|
||||
EMAIL_SUBJECT_PREFIX = '[Jumpserver] '
|
||||
SITE_URL = 'http://localhost:8080'
|
||||
|
||||
|
||||
class ProductionConfig(Config):
|
||||
DEBUG = False
|
||||
DB_ENGINE = 'mysql'
|
||||
DB_HOST = '127.0.0.1'
|
||||
DB_PORT = 3306
|
||||
DB_USER = 'root'
|
||||
DB_PASSWORD = ''
|
||||
DB_NAME = 'jumpserver'
|
||||
|
||||
|
||||
config = {
|
||||
'development': DevelopmentConfig,
|
||||
'production': ProductionConfig,
|
||||
|
||||
'default': DevelopmentConfig,
|
||||
'default': Config,
|
||||
}
|
||||
|
||||
env = 'development'
|
||||
env = 'default'
|
||||
|
|
|
|||
|
|
@ -56,3 +56,4 @@ sshpubkeys==2.2.0
|
|||
uritemplate==3.0.0
|
||||
urllib3==1.22
|
||||
vine==1.1.4
|
||||
gunicorn==19.7.1
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
libtiff-devel libjpeg-devel libzip-devel freetype-devel lcms2-devel libwebp-devel tcl-devel tk-devel sshpass openldap-devel
|
||||
libtiff-devel libjpeg-devel libzip-devel freetype-devel lcms2-devel libwebp-devel tcl-devel tk-devel sshpass openldap-devel mysql-devel libffi-devel
|
||||
|
|
|
|||
Loading…
Reference in New Issue