MySQL 审核工具 archery
系统: Centos6.8
ip:192.168.122.150
安装 Python 和 virtualenv
编译安装[[emailprotected]~]#yum install wget gcc make zlib-devel openssl openssl-devel
[[emailprotected]src]#wget""
[[emailprotected]src]#tar-xvfPython-3.6.5.tar.xz
[[emailprotected]src]#cdPython-3.6.5
[[emailprotected]Python-3.6.5]#./configure prefix=/usr/local/python3
[[emailprotected]Python-3.6.5]#make&&make install
[[emailprotected]Python-3.6.5]#ln-fs/usr/local/python3/bin/python3/usr/bin/python3
[[emailprotected]Python-3.6.5]#ln-fs/usr/local/python3/bin/pip3/usr/bin/pip3
virtualenv
[[emailprotected]~]#pip3 install virtualenv-i https://mirrors.ustc.edu.cn/pypi/web/simple/
[[emailprotected]~]#pip3 install-U pip
[[emailprotected]~]#ln-fs/usr/local/python3/bin/virtualenv/usr/bin/virtualenv
安装 Archery
准备虚拟环境
编译安装 python 的使用
[[email protected] ~]# virtualenv venv4archery --python=python3
切换 python 运行环境到虚拟环境
[[email protected] ~]# source venv4archery/bin/activate
安装 ODBC 依赖
[[email protected] Archery-1.5.3]# yum install unixODBC-devel -y
下载 release 包, 安装依赖库[[emailprotected]~]#wget""
[[emailprotected]~]#tar-xzvf v1.5.3.tar.gz
安装系统依赖
[[email protected] ~]# yum -y install gcc gcc-c++ python-devel MySQL-devel openldap-devel unixODBC-devel gettext
安装依赖库[[emailprotected]~]#cdArchery-1.5.3/
[[emailprotected]Archery-1.5.3]#pip3 install-r requirements.txt-i https://mirrors.ustc.edu.cn/pypi/web/simple/
如果出现报一下错误
解决方法:
安装 mysql5.7, 然后安装以下依赖即可[[emailprotected]Archery-1.5.3]#yum installMySQL-devel-y
(venv4archery)[[emailprotected]Archery-1.5.3]#find/-name mysql_config.1.gz
/usr/share/man/man1/mysql_config.1.gz
(venv4archery)[[emailprotected]Archery-1.5.3]#find/-name mysql_config
/usr/bin/mysql_config
[[emailprotected]Archery-1.5.3]#pip3 install-r requirements.txt-i https://mirrors.ustc.edu.cn/pypi/web/simple/
出现报错
解决方法:[[emailprotected]Archery-1.5.3]#yum install openldap-y
[[emailprotected]Archery-1.5.3]#yum install openldap-clients-y
[[emailprotected]Archery-1.5.3]#yum install openldap-devel-y
[[emailprotected]Archery-1.5.3]#pip3 install-r requirements.txt-i https://mirrors.ustc.edu.cn/pypi/web/simple/
(venv4archery)[[emailprotected]Archery-1.5.3]#echo $?
0
修改配置
[[email protected] Archery-1.5.3]# VIM archery/settings.py
安全修改
修改 Prpcrypt 的 key 信息, 该 key 用于数据库密码等信息加密, 目前是硬编码在代码内 aes_decryptor.py
基础配置
关闭 debug 模式
DEBUG = False
设置 ALLOWED_HOSTS, 建议限制内网访问
ALLOWED_HOSTS = ['*']
请求大小限制, 如果提交 SQL 语句过大可以修改该值
DATA_UPLOAD_MAX_MEMORY_SIZE = 15728640
密码校验, 用户注册和添加密码校验规则AUTH_PASSWORD_VALIDATORS=[
{
'NAME':'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
},
{
'NAME':'django.contrib.auth.password_validation.MinimumLengthValidator',
'OPTIONS':{
'min_length':9,
}
},
{
'NAME':'django.contrib.auth.password_validation.CommonPasswordValidator',
},
{
'NAME':'django.contrib.auth.password_validation.NumericPasswordValidator',
},
]
MySQL 配置
建议 MySQL 版本 5.6 以上
MongoDB 配置
themis 审核需要执行 eval() 命令, 参考配置 Allow user to execute eval() command on MongoDB 3.x}
创建角色useadmin
switched to db admin
db.createRole({
role:"executeFunctions",privileges:[{
resource:{
anyResource:true
},actions:["anyAction"]
}],roles:[]
})
{
"role":"executeFunctions",
"privileges":[
{
"resource":{
"anyResource":true
},
"actions":[
"anyAction"
]
}
],
"roles":[]
}
给用户分配角色usethemis
switched to db themis
db.grantRolesToUser("dbuser",[{
role:"executeFunctions",db:"admin"
}])
修改配置MONGODB_DATABASES={
"default":{
"NAME":'themis',# 数据库
"USER":'',# 用户名"PASSWORD":'', # 密码
"HOST":'127.0.0.1',# 数据库 HOST
"PORT":27017,# 数据库端口
},
}
Django-Q 配置
默认配置即可, 也可参考 django-q 文档修改Q_CLUSTER={
'name':'archery',
'workers':4,
'recycle':500,
'timeout':60,
'compress':True,
'cpu_affinity':1,
'save_limit':0,
'queue_limit':50,
'label':'Django Q',
'django_redis':'default'
}
缓存配置
缓存使用 RedisCACHES={
"default":{
"BACKEND":"django_redis.cache.RedisCache",
"LOCATION":"redis://127.0.0.1:6379/0",# Redis://host:port/db
"OPTIONS":{
"CLIENT_CLASS":"django_redis.client.DefaultClient",
}
}
}
MySQL>create database archerydefaultcharactersetutf8;
QueryOK,1row affected(0.14sec)
MySQL>grant all privileges on archery.*to[emailprotected]'127.0.0.1'identifiedby'abc123';
QueryOK,0rows affected,1warning(0.46sec)
MySQL>flush privileges;
QueryOK,0rows affected(0.14sec)
MySQL>exit
安装 Redis 略
启动准备
数据库初始化
[[email protected] Archery-1.5.3]# python3 manage.py makemigrations sqlpython3 manage.py migrate
[[email protected] Archery-1.5.3]# python3 manage.py migrate
编译翻译文件
[[email protected] Archery-1.5.3]# python3 manage.py compilemessages
创建管理用户python3 manage.py createsuperuser
(venv4archery)[[emailprotected]Archery-1.5.3]#python3 manage.py createsuperuser
Username:admin#用户
Emailaddress:#填写你的邮箱地址
Password:admin123
Password(again):admin123
Superuser created successfully.
启动 Django-Q
需要保持后台运行, 用于消息推送, 工单执行, 定时执行, 可使用 supervisor 进行管理source/opt/venv4archery/bin/activate
python3 manage.py qcluster&
启动服务
runserver 启动source/root/venv4archery/bin/activate
python3 manage.py runserver0.0.0.0:9123--insecure
关闭防火墙, 或者开放 9123 端口 账号密码就是刚刚创建的 admin admin123
来源: http://www.bubuko.com/infodetail-3064101.html