Permalink
Browse files

add docker support

1 parent 3176156 commit 57ba8ed2fb743f4bc6e4a88ed6ac3bfac340a497 @xrain0610 xrain0610 committed Jun 7, 2016
View
@@ -0,0 +1,37 @@
+FROM alpine
+MAINTAINER xRain <xrain@simcu.com>
+RUN apk add --update openssh sshpass python py-mysqldb py-psutil py-crypto && \
+ rm -rf /var/cache/apk/*
+COPY . /jumpserver
+WORKDIR /jumpserver
+RUN python /jumpserver/install/docker/get-pip.py && \
+ pip install -r /jumpserver/install/docker/piprequires.txt && \
+ rm -rf /jumpserver/docs && \
+ cp /jumpserver/install/docker/run.sh /run.sh && \
+ rm -rf /etc/motd && chmod +x /run.sh && \
+ rm -rf /jumpserver/keys && \
+ rm -rf /jumpserver/logs && \
+ rm -rf /home && \
+ rm -rf /etc/ssh && \
+ rm -rf /etc/shadow && \
+ rm -rf /etc/passwd && \
+ cp -r /jumpserver/install/docker/useradd /usr/sbin/useradd && \
+ cp -r /jumpserver/install/docker/userdel /usr/sbin/userdel && \
+ chmod +x /usr/sbin/useradd && \
+ chmod +x /usr/sbin/userdel && \
+ mkdir -p /data/home && \
+ mkdir -p /data/logs && \
+ mkdir -p /data/keys && \
+ mkdir -p /data/ssh && \
+ cp -r /jumpserver/install/docker/shadow /data/shadow && \
+ cp -r /jumpserver/install/docker/passwd /data/passwd && \
+ ln -s /data/logs /jumpserver/logs && \
+ ln -s /data/keys /jumpserver/keys && \
+ ln -s /data/home /home && \
+ ln -s /data/ssh /etc/ssh && \
+ ln -s /data/passwd /etc/passwd && \
+ ln -s /data/shadow /etc/shadow && \
+ chmod -R 777 /jumpserver
+VOLUME /data
+EXPOSE 80 22
+CMD /run.sh
View
@@ -0,0 +1,17 @@
+version: '2'
+services:
+ jumpserver:
+ build: .
+ container_name: jumpserver
+ restart: always
+ ports:
+ - "8888:80"
+ - "2222:22"
+ # environment:
+ # - USE_MYSQL=true
+ # - MYSQL_HOST=192.168.64.5
+ # - MYSQL_PORT=3306
+ # - MYSQL_USER=root
+ # - MYSQL_PASS=love1314
+ # - MYSQL_NAME=jumpserver
+ # - MAIL_ENABLED=false
View
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
#
trap '' SIGINT
@@ -0,0 +1,26 @@
+[base]
+url =
+key = 941enj9neshd1wes
+ip = 0.0.0.0
+port = 80
+log = debug
+
+[db]
+use_mysql = __USE_MYSQL__
+host = __MYSQL_HOST__
+port = __MYSQL_PORT__
+user = __MYSQL_USER__
+password = __MYSQL_PASS__
+database = __MYSQL_NAME__
+sqlite3_path = /data/jumpserver.sqlite
+
+[mail]
+mail_enable = __MAIL_ENABLED__
+email_host = __MAIL_HOST__
+email_port = __MAIL_PORT__
+email_host_user = __MAIL_USER__
+email_host_password = __MAIL_PASS__
+email_use_tls = __MAIL_USE_TLS__
+
+[connect]
+nav_sort_by = ip
View
Oops, something went wrong.
View
@@ -0,0 +1,29 @@
+root:x:0:0:root:/root:/bin/ash
+bin:x:1:1:bin:/bin:/sbin/nologin
+daemon:x:2:2:daemon:/sbin:/sbin/nologin
+adm:x:3:4:adm:/var/adm:/sbin/nologin
+lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
+sync:x:5:0:sync:/sbin:/bin/sync
+shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
+halt:x:7:0:halt:/sbin:/sbin/halt
+mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
+news:x:9:13:news:/usr/lib/news:/sbin/nologin
+uucp:x:10:14:uucp:/var/spool/uucppublic:/sbin/nologin
+operator:x:11:0:operator:/root:/bin/sh
+man:x:13:15:man:/usr/man:/sbin/nologin
+postmaster:x:14:12:postmaster:/var/spool/mail:/sbin/nologin
+cron:x:16:16:cron:/var/spool/cron:/sbin/nologin
+ftp:x:21:21::/var/lib/ftp:/sbin/nologin
+sshd:x:22:22:sshd:/dev/null:/sbin/nologin
+at:x:25:25:at:/var/spool/cron/atjobs:/sbin/nologin
+squid:x:31:31:Squid:/var/cache/squid:/sbin/nologin
+xfs:x:33:33:X Font Server:/etc/X11/fs:/sbin/nologin
+games:x:35:35:games:/usr/games:/sbin/nologin
+postgres:x:70:70::/var/lib/postgresql:/bin/sh
+nut:x:84:84:nut:/var/state/nut:/sbin/nologin
+cyrus:x:85:12::/usr/cyrus:/sbin/nologin
+vpopmail:x:89:89::/var/vpopmail:/sbin/nologin
+ntp:x:123:123:NTP:/var/empty:/sbin/nologin
+smmsp:x:209:209:smmsp:/var/spool/mqueue:/sbin/nologin
+guest:x:405:100:guest:/dev/null:/sbin/nologin
+nobody:x:65534:65534:nobody:/:/sbin/nologin
@@ -0,0 +1,19 @@
+#sphinx-me==0.3
+django==1.6
+#pycrypto==2.4.1
+paramiko==1.16.0
+ecdsa==0.13
+#MySQL-python==1.2.5
+#django-uuidfield==0.5.0
+#psutil==3.3.0
+xlsxwriter==0.7.7
+xlrd==0.9.4
+django-bootstrap-form==3.2
+tornado==4.3
+ansible==1.9.4
+pyinotify==0.9.6
+passlib==1.6.5
+argparse==1.4.0
+django-crontab==0.6.0
+django-smtp-ssl==1.0
+pyte==0.5.2
View
@@ -0,0 +1,53 @@
+#!/bin/sh
+cp -r /jumpserver/install/docker/config_tmpl.conf /jumpserver/jumpserver.conf
+if [ ! -n "${USE_MYSQL}" ]; then
+sed -i "s/__USE_MYSQL__/false/" /jumpserver/jumpserver.conf
+else
+sed -i "s/__USE_MYSQL__/true/" /jumpserver/jumpserver.conf
+sed -i "s/__MYSQL_HOST__/${MYSQL_HOST}/" /jumpserver/jumpserver.conf
+sed -i "s/__MYSQL_PORT__/${MYSQL_PORT}/" /jumpserver/jumpserver.conf
+sed -i "s/__MYSQL_USER__/${MYSQL_USER}/" /jumpserver/jumpserver.conf
+sed -i "s/__MYSQL_PASS__/${MYSQL_PASS}/" /jumpserver/jumpserver.conf
+sed -i "s/__MYSQL_NAME__/${MYSQL_NAME}/" /jumpserver/jumpserver.conf
+fi
+
+if [ ! -n "${MAIL_ENABLED}" ]; then
+sed -i "s/__MAIL_ENABLED__/false/" /jumpserver/jumpserver.conf
+else
+sed -i "s/__MAIL_ENABLED__/${MAIL_ENABLED}/" /jumpserver/jumpserver.conf
+sed -i "s/__MAIL_HOST__/${MAIL_HOST}/" /jumpserver/jumpserver.conf
+sed -i "s/__MAIL_PORT__/${MAIL_PORT}/" /jumpserver/jumpserver.conf
+sed -i "s/__MAIL_USER__/${MAIL_USER}/" /jumpserver/jumpserver.conf
+sed -i "s/__MAIL_PASS__/${MAIL_PASS}/" /jumpserver/jumpserver.conf
+fi
+if [ ! -n "${MAIL_USE_TLS}" ]; then
+sed -i "s/__MAIL_USE_TLS__/false/" /jumpserver/jumpserver.conf
+else
+sed -i "s/__MAIL_USE_TLS__/${MAIL_USE_TLS}/" /jumpserver/jumpserver.conf
+fi
+
+if [ ! -f "/etc/ssh/sshd_config" ]; then
+ cp -r /jumpserver/install/docker/sshd_config /etc/ssh/sshd_config
+fi
+if [ ! -f "/etc/ssh/ssh_host_rsa_key" ]; then
+ ssh-keygen -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N ''
+fi
+if [ ! -f "/etc/ssh/ssh_host_dsa_key" ]; then
+ ssh-keygen -t dsa -b 1024 -f /etc/ssh/ssh_host_dsa_key -N ''
+fi
+if [ ! -f "/etc/ssh/ssh_host_ecdsa_key" ]; then
+ ssh-keygen -t ecdsa -b 521 -f /etc/ssh/ssh_host_ecdsa_key -N ''
+fi
+if [ ! -f "/etc/ssh/ssh_host_ed25519_key" ]; then
+ ssh-keygen -t ed25519 -b 1024 -f /etc/ssh/ssh_host_ed25519_key -N ''
+fi
+
+/usr/sbin/sshd -E /data/logs/jumpserver.log
+python /jumpserver/manage.py syncdb --noinput
+if [ ! -f "/home/init.locked" ]; then
+ python manage.py loaddata install/initial_data.yaml
+ date > /home/init.locked
+fi
+python /jumpserver/run_server.py >> /data/logs/jumpserver.log &
+chmod -R 777 /data/logs/jumpserver.log
+tail -f /data/logs/jumpserver.log
View
@@ -0,0 +1,29 @@
+root:::0:::::
+bin:!::0:::::
+daemon:!::0:::::
+adm:!::0:::::
+lp:!::0:::::
+sync:!::0:::::
+shutdown:!::0:::::
+halt:!::0:::::
+mail:!::0:::::
+news:!::0:::::
+uucp:!::0:::::
+operator:!::0:::::
+man:!::0:::::
+postmaster:!::0:::::
+cron:!::0:::::
+ftp:!::0:::::
+sshd:!::0:::::
+at:!::0:::::
+squid:!::0:::::
+xfs:!::0:::::
+games:!::0:::::
+postgres:!::0:::::
+nut:!::0:::::
+cyrus:!::0:::::
+vpopmail:!::0:::::
+ntp:!::0:::::
+smmsp:!::0:::::
+guest:!::0:::::
+nobody:!::0:::::
@@ -0,0 +1,146 @@
+# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $
+
+# This is the sshd server system-wide configuration file. See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/bin:/usr/bin:/sbin:/usr/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented. Uncommented options override the
+# default value.
+
+#Port 22
+#AddressFamily any
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+# The default requires explicit activation of protocol 1
+#Protocol 2
+
+# HostKey for protocol version 1
+#HostKey /etc/ssh/ssh_host_key
+# HostKeys for protocol version 2
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Lifetime and size of ephemeral version 1 server key
+#KeyRegenerationInterval 1h
+#ServerKeyBits 1024
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+# obsoletes QuietMode and FascistLogging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin prohibit-password
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#RSAAuthentication yes
+#PubkeyAuthentication yes
+PasswordAuthentication no
+ChallengeResponseAuthentication no
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile .ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#RhostsRSAAuthentication no
+# similar for protocol version 2
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+#PasswordAuthentication yes
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+#ChallengeResponseAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication. Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+#UsePAM no
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+#PrintMotd yes
+#PrintLastLog yes
+#TCPKeepAlive yes
+#UseLogin no
+#UsePrivilegeSeparation sandbox
+#PermitUserEnvironment no
+#Compression delayed
+#ClientAliveInterval 0
+#ClientAliveCountMax 3
+#UseDNS no
+#PidFile /run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem sftp /usr/lib/ssh/sftp-server
+
+# the following are HPN related configuration options
+# tcp receive buffer polling. disable in non autotuning kernels
+#TcpRcvBufPoll yes
+
+# disable hpn performance boosts
+#HPNDisabled no
+
+# buffer size for hpn to non-hpn connections
+#HPNBufferSize 2048
+
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+# X11Forwarding no
+# AllowTcpForwarding no
+# PermitTTY no
+# ForceCommand cvs server
@@ -0,0 +1,2 @@
+#!/bin/sh
+adduser $@
@@ -0,0 +1,2 @@
+#!/bin/sh
+deluser --remove-home $3
Oops, something went wrong.

0 comments on commit 57ba8ed

Please sign in to comment.