feat: 适配 v4.0

jumpserver · Jul 3, 2024 · 125759a · 125759a
1 parent 4bd0971
commit 125759a
Show file tree

Hide file tree

Showing 15 changed files with 51 additions and 444 deletions.
diff --git a/README.md b/README.md
@@ -100,9 +100,6 @@ GUA_PORT=4822
 # Web
 HTTP_PORT=80
 SSH_PORT=2222
-MAGNUS_MYSQL_PORT=33061
-MAGNUS_MARIADB_PORT=33062
-MAGNUS_REDIS_PORT=63790
 
 ##
 # SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。
@@ -185,9 +182,6 @@ GUA_PORT=4822
 # Web
 HTTP_PORT=80
 SSH_PORT=2222
-MAGNUS_MYSQL_PORT=33061
-MAGNUS_MARIADB_PORT=33062
-MAGNUS_REDIS_PORT=63790
 
 ##
 # SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。

diff --git a/README_EN.md b/README_EN.md
@@ -100,9 +100,6 @@ GUA_PORT=4822
 # Web
 HTTP_PORT=80
 SSH_PORT=2222
-MAGNUS_MYSQL_PORT=33061
-MAGNUS_MARIADB_PORT=33062
-MAGNUS_REDIS_PORT=63790
 
 ##
 # SECRET_KEY is the key to protect signed data. Please be sure to modify and remember it for the first installation. It cannot be changed during subsequent upgrades and migrations, otherwise the encrypted data will not be decrypted.
@@ -185,9 +182,6 @@ GUA_PORT=4822
 # Web
 HTTP_PORT=80
 SSH_PORT=2222
-MAGNUS_MYSQL_PORT=33061
-MAGNUS_MARIADB_PORT=33062
-MAGNUS_REDIS_PORT=63790
 
 ##
 # SECRET_KEY is the key to protect signed data. Please be sure to modify and remember it for the first installation. It cannot be changed during subsequent upgrades and migrations, otherwise the encrypted data will not be decrypted.

diff --git a/allinone/Dockerfile b/allinone/Dockerfile
@@ -22,31 +22,6 @@ RUN set -ex \
 
 WORKDIR /opt
 
-ARG MONGOSH_VERSION=2.2.10
-RUN set -ex \
-    && \
-    case "${TARGETARCH}" in \
-        amd64) \
-            wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-x64.tgz \
-            && tar -xf mongosh-${MONGOSH_VERSION}-linux-x64.tgz \
-            && chown root:root mongosh-${MONGOSH_VERSION}-linux-x64/bin/* \
-            && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh /usr/local/bin/ \
-            && mv mongosh-${MONGOSH_VERSION}-linux-x64/bin/mongosh_crypt_v1.so /usr/local/lib/ \
-            && rm -rf mongosh-${MONGOSH_VERSION}-linux-x64* \
-            ;; \
-        arm64|s390x|ppc64le) \
-            wget https://downloads.mongodb.com/compass/mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \
-            && tar -xf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}.tgz \
-            && chown root:root mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/* \
-            && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh /usr/local/bin/ \
-            && mv mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}/bin/mongosh_crypt_v1.so /usr/local/lib/ \
-            && rm -rf mongosh-${MONGOSH_VERSION}-linux-${TARGETARCH}* \
-            ;; \
-        *) \
-            echo "Unsupported architecture: ${TARGETARCH}" \
-            ;; \
-    esac
-
 ARG HELM_VERSION=v3.15.2
 ARG KUBECTL_VERSION=v1.30.2
 RUN set -ex \
@@ -88,6 +63,20 @@ RUN set -ex \
 
 COPY --from=redis /usr/local/bin/redis-cli /usr/local/bin/redis-cli
 
+RUN set -ex \
+    && mkdir -p /opt/lina \
+    && wget https://github.com/jumpserver/lina/releases/download/${VERSION}/lina-${VERSION}.tar.gz \
+    && tar -xf lina-${VERSION}.tar.gz -C /opt/lina --strip-components=1 \
+    && chown -R root:root /opt/lina \
+    && rm -f /opt/*.tar.gz
+
+RUN set -ex \
+    && mkdir -p /opt/luna \
+    && wget https://github.com/jumpserver/luna/releases/download/${VERSION}/luna-${VERSION}.tar.gz \
+    && tar -xf luna-${VERSION}.tar.gz -C /opt/luna --strip-components=1 \
+    && chown -R root:root /opt/luna \
+    && rm -f /opt/*.tar.gz
+
 RUN set -ex \
     && mkdir -p /opt/koko \
     && wget https://github.com/jumpserver/koko/releases/download/${VERSION}/koko-${VERSION}-linux-${TARGETARCH}.tar.gz \
@@ -105,35 +94,13 @@ RUN set -ex \
     && chown -R root:root /opt/lion \
     && rm -f /opt/*.tar.gz
 
-RUN set -ex \
-    && mkdir -p /opt/kael \
-    && wget https://github.com/jumpserver/kael/releases/download/${VERSION}/kael-${VERSION}-linux-${TARGETARCH}.tar.gz \
-    && tar -xf kael-${VERSION}-linux-${TARGETARCH}.tar.gz -C /opt/kael --strip-components=1 \
-    && chmod 755 /opt/kael/kael \
-    && chown -R root:root /opt/kael \
-    && rm -f /opt/*.tar.gz
-
 RUN set -ex \
     && mkdir -p /opt/chen \
     && wget https://github.com/jumpserver/chen/releases/download/${VERSION}/chen-${VERSION}.tar.gz \
     && tar -xf chen-${VERSION}.tar.gz -C /opt/chen --strip-components=1 \
     && chown -R root:root /opt/chen \
     && rm -f /opt/*.tar.gz
 
-RUN set -ex \
-    && mkdir -p /opt/lina \
-    && wget https://github.com/jumpserver/lina/releases/download/${VERSION}/lina-${VERSION}.tar.gz \
-    && tar -xf lina-${VERSION}.tar.gz -C /opt/lina --strip-components=1 \
-    && chown -R root:root /opt/lina \
-    && rm -f /opt/*.tar.gz
-
-RUN set -ex \
-    && mkdir -p /opt/luna \
-    && wget https://github.com/jumpserver/luna/releases/download/${VERSION}/luna-${VERSION}.tar.gz \
-    && tar -xf luna-${VERSION}.tar.gz -C /opt/luna --strip-components=1 \
-    && chown -R root:root /opt/luna \
-    && rm -f /opt/*.tar.gz
-
 RUN set -ex \
     && STATIC_VERSION=$(curl -sSL https://github.com/jumpserver/web-static/raw/v3/VERSION) \
     && wget -O /opt/prepare.sh https://github.com/jumpserver/web-static/raw/${STATIC_VERSION}/prepare.sh \
@@ -146,9 +113,6 @@ COPY nginx.conf /etc/nginx/nginx.conf
 COPY supervisord.conf /etc/supervisor/conf.d/
 RUN chmod +x ./entrypoint.sh
 
-ENV TERMINAL_MAGNUS_ENABLED=False \
-    TERMINAL_KOKO_SSH_ENABLED=False
-
 VOLUME /opt/jumpserver/data
 VOLUME /opt/koko/data
 VOLUME /opt/lion/data

diff --git a/chen/Dockerfile b/chen/Dockerfile
@@ -19,11 +19,10 @@ WORKDIR /opt
 ARG CHECK_VERSION=v1.0.3
 RUN set -e \
     && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
-    && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
-    && mv check /usr/local/bin/ \
+    && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ check \
     && chown root:root /usr/local/bin/check \
     && chmod 755 /usr/local/bin/check \
-    && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz
+    && rm -f /opt/*.tar.gz
 
 ARG WISP_VERSION=v0.1.21
 RUN set -e \

diff --git a/config_example.conf b/config_example.conf
@@ -17,14 +17,15 @@ VOLUME_DIR=/opt/jumpserver
 # 时区
 TZ=Asia/Shanghai
 
-# MySQL
+# DB, 支持 MySQL, PostgreSQL
+DB_ENGINE=mysql
 DB_HOST=mysql
 DB_PORT=3306
 DB_USER=root
 DB_PASSWORD=nu4x599Wq7u0Bn8EABh3J91G
 DB_NAME=jumpserver
 
-# Redis
+# Redis, 支持 Sentinel
 REDIS_HOST=redis
 REDIS_PORT=6379
 REDIS_PASSWORD=8URXPL2x3HZMi7xoGTdk3Upj
@@ -42,10 +43,7 @@ GUA_PORT=4822
 # Web
 HTTP_PORT=80
 SSH_PORT=2222
-MAGNUS_MYSQL_PORT=33061
-MAGNUS_MARIADB_PORT=33062
-MAGNUS_REDIS_PORT=63790
 
 ##
 # SECRET_KEY 保护签名数据的密匙, 首次安装请一定要修改并牢记, 后续升级和迁移不可更改, 否则将导致加密的数据不可解密。
-# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko, lion, magnus, kael, chen ...
+# BOOTSTRAP_TOKEN 为组件认证使用的密钥, 仅组件注册时使用。组件指 koko, lion, chen ...
diff --git a/core/Dockerfile b/core/Dockerfile
@@ -4,7 +4,6 @@ ARG TARGETARCH
 ARG DEPENDENCIES="                    \
         ca-certificates               \
         git                           \
-        git-lfs                       \
         wget"
 
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
@@ -21,27 +20,27 @@ WORKDIR /opt
 ARG CHECK_VERSION=v1.0.3
 RUN set -e \
     && wget --quiet https://github.com/jumpserver-dev/healthcheck/releases/download/${CHECK_VERSION}/check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
-    && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz \
-    && mv check /usr/local/bin/ \
+    && tar -xf check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz -C /usr/local/bin/ check \
     && chown root:root /usr/local/bin/check \
     && chmod 755 /usr/local/bin/check \
-    && rm -f check-${CHECK_VERSION}-linux-${TARGETARCH}.tar.gz
+    && rm -f /opt/*.tar.gz
 
 ARG VERSION=v3.10.11
 ENV VERSION=$VERSION
 
 RUN set -e \
-    && git clone -b ${VERSION} --depth=1 https://github.com/jumpserver/jumpserver /opt/jumpserver \
-    && sed -i "s@VERSION = .*@VERSION = \"${VERSION}\"@g" /opt/jumpserver/apps/jumpserver/const.py \
-    && chmod +x /opt/jumpserver/entrypoint.sh \
-    && rm -rf /opt/jumpserver/.git /opt/jumpserver/.github
+    && git clone -b ${VERSION} --depth=1 https://github.com/jumpserver/jumpserver /opt/jumpserver
 
 WORKDIR /opt/jumpserver
 
 RUN set -e \
     && echo > /opt/jumpserver/config.yml \
-    && cd utils \
-    && bash -ixeu build.sh
+    && \
+    if [ -n "${VERSION}" ]; then \
+        sed -i "s@VERSION = .*@VERSION = '${VERSION}'@g" apps/jumpserver/const.py; \
+    fi \
+    && chmod +x /opt/jumpserver/entrypoint.sh \
+    && rm -rf /opt/jumpserver/.git /opt/jumpserver/.github
 
 FROM python:3.11-slim-bookworm as stage-2
 ARG TARGETARCH
@@ -107,6 +106,14 @@ RUN --mount=type=cache,target=/root/.cache,sharing=locked \
     && . /opt/py3/bin/activate \
     && poetry install --only=main
 
+COPY --from=stage-1 /opt/jumpserver /opt/jumpserver
+
+RUN set -e \
+    && export SECRET_KEY=$(head -c100 < /dev/urandom | base64 | tr -dc A-Za-z0-9 | head -c 48) \
+    && . /opt/py3/bin/activate \
+    && cd apps \
+    && python manage.py compilemessages
+
 FROM python:3.11-slim-bookworm
 ENV LANG=en_US.UTF-8 \
     PATH=/opt/py3/bin:$PATH
@@ -139,9 +146,9 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     && sed -i "s@# export @export @g" ~/.bashrc \
     && sed -i "s@# alias @alias @g" ~/.bashrc
 
-COPY --from=stage-2 /opt/py3 /opt/py3
+COPY --from=stage-2 /opt /opt
 COPY --from=stage-1 /usr/local/bin /usr/local/bin
-COPY --from=stage-1 /opt/jumpserver/release/jumpserver /opt/jumpserver
+COPY --from=stage-1 /opt/jumpserver/apps/libs/ansible/ansible.cfg /etc/ansible/
 
 WORKDIR /opt/jumpserver
 

diff --git a/docker-compose-build.yml b/docker-compose-build.yml
@@ -108,35 +108,6 @@ services:
     networks:
       - net
 
-  magnus:
-    build:
-      context: .
-      dockerfile: magnus/Dockerfile
-      args:
-        VERSION: ${VERSION}
-        TARGETARCH: ${TARGETARCH}
-    image: jumpserver/jms_magnus:${VERSION}
-    container_name: jms_magnus
-    restart: always
-    env_file: .env
-    depends_on:
-      core:
-        condition: service_healthy
-    healthcheck:
-      test: "check tcp://127.0.0.1:$$MAGNUS_MYSQL_PORT"
-      interval: 10s
-      timeout: 5s
-      retries: 3
-      start_period: 10s
-    volumes:
-      - ${VOLUME_DIR}/magnus/data:/opt/magnus/data
-    ports:
-      - ${MAGNUS_MYSQL_PORT:-33061}:33061
-      - ${MAGNUS_MARIADB_PORT:-33062}:33062
-      - ${MAGNUS_REDIS_PORT:-63790}:63790
-    networks:
-      - net
-
   chen:
     build:
       context: .
@@ -162,31 +133,6 @@ services:
     networks:
       - net
 
-  kael:
-    build:
-      context: .
-      dockerfile: kael/Dockerfile
-      args:
-        VERSION: ${VERSION}
-        TARGETARCH: ${TARGETARCH}
-    image: jumpserver/jms_kael:${VERSION}
-    container_name: jms_kael
-    restart: always
-    env_file: .env
-    volumes:
-      - ${VOLUME_DIR}/kael/data:/opt/kael/data
-    depends_on:
-      core:
-        condition: service_healthy
-    healthcheck:
-      test: "check http://localhost:8083/kael/health/"
-      interval: 10s
-      timeout: 5s
-      retries: 3
-      start_period: 60s
-    networks:
-      - net
-
   web:
     build:
       context: .

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -136,37 +136,6 @@ services:
     networks:
       - net
 
-  magnus:
-    image: jumpserver/jms_magnus:${VERSION}
-    container_name: jms_magnus
-    deploy:
-      mode: replicated
-      replicas: 1
-      # resources:
-        # limits:
-          # cpus: "0.1"
-          # memory: 128M
-      restart_policy:
-        condition: on-failure
-      placement:
-        constraints:
-          - "node.role==worker"
-    env_file: .env
-    healthcheck:
-      test: "check http://localhost:8088/health"
-      interval: 10s
-      timeout: 5s
-      retries: 3
-      start_period: 10s
-    volumes:
-      - ${VOLUME_DIR}/magnus/data:/opt/magnus/data
-    ports:
-      - ${MAGNUS_MYSQL_PORT:-33061}:33061
-      - ${MAGNUS_MARIADB_PORT:-33062}:33062
-      - ${MAGNUS_REDIS_PORT:-63790}:63790
-    networks:
-      - net
-
   chen:
     image: jumpserver/jms_chen:${VERSION}
     container_name: jms_chen
@@ -194,33 +163,6 @@ services:
     networks:
       - net
 
-  kael:
-    image: jumpserver/jms_kael:${VERSION}
-    container_name: jms_kael
-    deploy:
-      mode: replicated
-      replicas: 1
-      # resources:
-        # limits:
-          # cpus: "0.1"
-          # memory: 128M
-      restart_policy:
-        condition: on-failure
-      placement:
-        constraints:
-          - "node.role==worker"
-    env_file: .env
-    volumes:
-      - ${VOLUME_DIR}/kael/data:/opt/kael/data
-    healthcheck:
-      test: "check http://localhost:8083/kael/health/"
-      interval: 10s
-      timeout: 5s
-      retries: 3
-      start_period: 60s
-    networks:
-      - net
-
   web:
     image: jumpserver/jms_web:${VERSION}
     container_name: jms_web