welliamcao · flyfish0087 · Sep 16, 2017 · Sep 16, 2017 · Sep 16, 2017 · Sep 16, 2017
diff --git a/GateOne.md b/GateOne.md
@@ -0,0 +1,81 @@
+## 安装配置GateOne
+本文用来介绍OpsManage结合Gateone实现Webssh功能
+
+
+## 下载GateOne：
+ * （方式一）网盘地址：[https://pan.baidu.com/s/1i5tcEvb](https://pan.baidu.com/s/1i5tcEvb)
+ * （方式二）Github地址：[https://github.com/liftoff/GateOne](https://github.com/liftoff/GateOne)
+
+
+## 安装GateOne
+```
+# cd gateone
+# python setup.py install
+```
+
+## 配置GateOne
+一、生成api_key
+```
+# cd /etc/gateone/conf.d
+# gateone --new_api_key
+# vim 10server.conf
+```
+修改origins的值，改成下面一样
+```
+"origins": ["*"],
+```
+配置api认证方式
+```
+# vim 20authentication.conf
+把"auth": "none" 修改为 "auth": "api",
+```
+查看key与secret
+```
+# cat 30api_keys.conf
+{
+    "*": {
+        "gateone": {
+            "api_keys": {
+                "NTA3ZGY5Y2VjZjg3NGRhOGI3YjE3NTZmMjViNzRhNjY3O": "ZjFkMzFjNzk0MjI4NGYwYmJlMDM5MjFkOGJmMTEwMmFlO"
+            }
+        }
+    }
+}
+```
+启动GateOne
+```
+# /etc/init.d/gateone start
+```
+## 配置OpsManage
+一、修改settings.py配置文件
+```
+# cd /path/OpsManage/OpsManage
+# vim settings.py
+修改GateOne配置
+'''GateOne Setting'''
+GATEONE_SERVER = 'https://192.168.88.233'   ##改成GateOne运行的地址
+GATEONE_API_URL = 'http://192.168.88.233:8000'  #改成OpsManage运行的地址
+GATEONE_KEY = 'NTA3ZGY5Y2VjZjg3NGRhOGI3YjE3NTZmMjViNzRhNjY3O' #对应30api_keys.conf的key
+GATEONE_SECRET = 'ZjFkMzFjNzk0MjI4NGYwYmJlMDM5MjFkOGJmMTEwMmFlO' #对应30api_keys.conf的secret
+```
+二、安装OpsManage
+>  参照OpsManage的[readme.md](https://github.com/welliamcao/OpsManage/blob/beta/README.md)进行安装
+
+
+三、开启WebSSH功能
+> 全局配置 -> 开启WebSSH
+
+配置OpsManage平台管理员账户
+```
+# mkdir -p /var/lib/gateone/users/admin/.ssh   #注意这里的admin是你的OpsManage管理员账户
+# cd /var/lib/gateone/users/admin/.ssh/
+# cp /root/.ssh/id* .              #这里的证书需要有权限能够登陆其他远程服务器
+# echo id_rsa > ./.default_ids
+```
+
+
+
+四、常见问题
+
+ * [Unit gateone.service not found](https://github.com/welliamcao/OpsManage/issues/31)
+ * [SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib](https://github.com/welliamcao/OpsManage/issues/34)
diff --git a/OpsManage/models.py b/OpsManage/models.py
@@ -2,9 +2,14 @@
 # _#_ coding:utf-8 _*_  
 from django.db import models
 import sys
+from django.contrib.auth.models import User
 reload(sys)
 sys.setdefaultencoding("utf-8")
 
+
+
+
+
 class Assets(models.Model):
     assets_type_choices = (
                           ('server',u'服务器'),
@@ -463,6 +468,7 @@ class Global_Config(models.Model):
     assets = models.SmallIntegerField(verbose_name='是否开启资产操作记录',blank=True,null=True)
     server = models.SmallIntegerField(verbose_name='是否开启服务器命令记录',blank=True,null=True)
     email = models.SmallIntegerField(verbose_name='是否开启邮件通知',blank=True,null=True)
+    webssh = models.SmallIntegerField(verbose_name='是否开启WebSSH',blank=True,null=True)
     class Meta:
         db_table = 'opsmanage_global_config'
 
@@ -500,4 +506,19 @@ class Ansible_CallBack_Model_Result(models.Model):
 
 class Ansible_CallBack_PlayBook_Result(models.Model):
     logId = models.ForeignKey('Log_Ansible_Playbook')
-    content = models.TextField(verbose_name='输出内容',blank=True,null=True)
+    content = models.TextField(verbose_name='输出内容',blank=True,null=True)
+
+class User_Server(models.Model):
+    server_id = models.SmallIntegerField(verbose_name='服务器资产id')
+    user_id = models.SmallIntegerField(verbose_name='用户id')
+    class Meta:
+        db_table = 'opsmanage_user_server'
+        permissions = (
+            ("can_read_user_server", "读取用户服务器表权限"),
+            ("can_change_user_server", "更改用户服务器表权限"),
+            ("can_add_user_server", "添加用户服务器表权限"),
+            ("can_delete_user_server", "删除用户服务器表权限"),              
+        )
+        unique_together = (("server_id", "user_id"))
+        verbose_name = '用户服务器表'  
+        verbose_name_plural = '用户服务器表' 
diff --git a/OpsManage/restfull/users_api.py b/OpsManage/restfull/users_api.py
@@ -7,6 +7,8 @@
 from rest_framework.decorators import api_view
 from django.contrib.auth.models import User
 from django.contrib.auth.decorators import permission_required
+from OpsManage.models import Global_Config
+from OpsManage.utils import base
 
 @api_view(['GET', 'POST' ])
 @permission_required('OpsManage.add_user',raise_exception=True)
@@ -50,5 +52,11 @@ def user_detail(request, id,format=None):
     elif request.method == 'DELETE':
         if not request.user.has_perm('OpsManage.delete_user'):
             return Response(status=status.HTTP_403_FORBIDDEN)
+        try:
+            config = Global_Config.objects.get(id=1)
+            if config.webssh == 1:
+                base.delUserIds(snippet.username)
+        except:
+            pass        
         snippet.delete()
         return Response(status=status.HTTP_204_NO_CONTENT)  
diff --git a/OpsManage/settings.py b/OpsManage/settings.py
@@ -19,7 +19,7 @@
 
 ''' celery config '''
 djcelery.setup_loader()
-BROKER_URL = 'redis://192.168.1.233:6379/3'
+BROKER_URL = 'redis://192.168.88.233:6379/3'
 CELERY_RESULT_BACKEND = 'djcelery.backends.database.DatabaseBackend'
 CELERY_TASK_SERIALIZER = 'json'
 CELERY_RESULT_SERIALIZER = 'pickle'
@@ -31,7 +31,7 @@
 CELERY_TIMEZONE='Asia/Shanghai'
 platforms.C_FORCE_ROOT = True
 
-REDSI_KWARGS_LPUSH = {"host":'192.168.1.233','port':6379,'db':3}
+REDSI_KWARGS_LPUSH = {"host":'192.168.88.233','port':6379,'db':3}
 REDSI_LPUSH_POOL = None
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/1.9/howto/deployment/checklist/
@@ -109,7 +109,7 @@
         'NAME':'opsmanage',
         'USER':'root',
         'PASSWORD':'welliam',
-        'HOST':'192.168.1.233'                
+        'HOST':'192.168.88.201',             
 #         'ENGINE': 'django.db.backends.sqlite3',
 #         'NAME': os.path.join(BASE_DIR, 'db.sqlite3'),
     }
@@ -162,3 +162,10 @@
 
 
 LOGIN_URL = '/login'
+
+
+'''GateOne Setting'''
+GATEONE_SERVER = 'https://192.168.88.233'
+GATEONE_API_URL = 'http://192.168.88.233:8000'
+GATEONE_KEY = 'NTA3ZGY5Y2VjZjg3NGRhOGI3YjE3NTZmMjViNzRhNjY3O'
+GATEONE_SECRET = 'ZjFkMzFjNzk0MjI4NGYwYmJlMDM5MjFkOGJmMTEwMmFlO'