github地址:https://github.com/liftoff/GateOne
官方网站:http://liftoffsoftware.com/Products/GateOne
安装要求:
Python 2.6+ or 3.2+
Tornado Framework 2.2+
pip install tornado kerberos
下载源代码,然后运行python setup.py install即可。
运行:目前最新版本已经将gateone文件放入/usr/bin/中,直接运行gateone即可。
这里的gateone内容为:
[root@liuxt2-001 ~]# cat /usr/bin/gateone
#!/usr/bin/python
# EASY-INSTALL-ENTRY-SCRIPT: 'gateone==1.2.0','console_scripts','gateone'
__requires__ = 'gateone==1.2.0'
import sys
from pkg_resources import load_entry_point
if __name__ == '__main__':
sys.exit(
load_entry_point('gateone==1.2.0', 'console_scripts', 'gateone')()
)
[root@liuxt2-001 ~]#
这里使用了pkg_resources包中的load_entry_point。
load_entry_point('gateone==1.2.0', 'console_scripts', 'gateone')()的意思是首先根据第一个参数'gateone==1.2.0‘在/usr/lib/python2.6/site-packages/中找到gateone-1.2.0版本,然后进入EGG-INFO目录,找到entry_points.txt文件,然后根据第二个参数’console_scripts‘找到相应的组名为console_scriipts的组,最后根据第三个参数'gateone’找到相关属性gateone = gateone.core.server:main,等号后就是要执行的方法。
[root@liuxt2-001 EGG-INFO]# pwd
/usr/lib/python2.6/site-packages/gateone-1.2.0-py2.6.egg/EGG-INFO
[root@liuxt2-001 EGG-INFO]# ll
total 56
-rw-r--r-- 1 root root 1 May 25 16:44 dependency_links.txt
-rw-r--r-- 1 root root 696 May 25 16:44 entry_points.txt
-rw-r--r-- 1 root root 1 May 25 16:44 not-zip-safe
-rw-r--r-- 1 root root 1305 May 25 16:44 PKG-INFO
-rw-r--r-- 1 root root 51 May 25 16:44 requires.txt
-rw-r--r-- 1 root root 32573 May 25 16:44 SOURCES.txt
-rw-r--r-- 1 root root 30 May 25 16:44 top_level.txt
[root@liuxt2-001 EGG-INFO]# cat entry_points.txt
[go_plugins]
editor = gateone.plugins.editor
help = gateone.plugins.help
[go_terminal_plugins]
notice = gateone.applications.terminal.plugins.notice
logging = gateone.applications.terminal.plugins.logging
html = gateone.applications.terminal.plugins.html
convenience = gateone.applications.terminal.plugins.convenience
playback = gateone.applications.terminal.plugins.playback
ssh = gateone.applications.terminal.plugins.ssh
bookmarks = gateone.applications.terminal.plugins.bookmarks
example = gateone.applications.terminal.plugins.example
[console_scripts]
gateone = gateone.core.server:main
[go_applications]
terminal = gateone.applications.terminal
example = gateone.applications.example
[root@liuxt2-001 EGG-INFO]#
运行后使用https://hostname登录即可。如果要修改端口等配置,则进入/etc/gateone/conf.d目录修改配置文件即可。
下面介绍如何将gateone集成如web中,具体方法参考:http://liftoff.github.io/GateOne/Developer/embedding.html
1 配置gateone启动参数:
{
"*": {
"gateone": {
// These are what's important for the tutorial:
"origins": ["*"], // Disable origin checks (insecure but OK for a tutorial)
"port": 8000, // The examples all use this port
"url_prefix": "/",
"auth": "none" // Note: This can be overridden by 20authentication.conf if you put it in 10server.conf
// These settings are just to avoid conflics with a regular Gate One installation:
"cache_dir": "/tmp/gateone_tutorial_cache",
"user_dir": "/var/lib/gateone/users",
"session_dir": "/tmp/gateone_tutorial",
"pid_file": "/tmp/gateone_tutorial.pid"
}
}
}
2 在页面中加入div,js脚本,例如如下。
其中GateOne.init方法中的参数可以根据情况修改。
<!-- Include gateone.js somewhere on your page -->
<script src="https://gateone.mycompany.com/static/gateone.js"></script>
<!-- Decide where you want to put Gate One -->
<div id="gateone_container" style="position: relative; width: 60em; height: 30em;">
<div id="gateone"></div>
</div>
<!-- Call GateOne.init() at some point after the page is done loading -->
<script>
window.onload = function() {
// Initialize Gate One:
GateOne.init({url: 'https://gateone.mycompany.com/'});
}
</script>
<!-- That's it! -->
GateOne启动后,会有一个进程。但是当用户连接后会启动其他进程:
[root@liuxt2-001 conf.d]# ps -ef|grep gateone #刚启动
root 3170 3142 0 09:40 pts/0 00:00:00 /usr/bin/python /usr/bin/gateone
root 3293 3189 0 10:09 pts/1 00:00:00 grep gateone
[root@liuxt2-001 conf.d]#
[root@liuxt2-001 conf.d]# ps -ef|grep gateone #用户https方法连接到gateone,但没有登入
root 3170 3142 0 09:40 pts/0 00:00:01 /usr/bin/python /usr/bin/gateone
root 3297 3170 0 10:10 pts/0 00:00:00 /usr/bin/python /usr/bin/gateone
root 3298 3170 0 10:10 pts/0 00:00:00 /usr/bin/python /usr/bin/gateone
root 3299 3170 0 10:10 pts/0 00:00:00 /usr/bin/python /usr/bin/gateone
root 3300 3170 0 10:10 pts/0 00:00:00 /usr/bin/python /usr/bin/gateone
root 3305 3189 0 10:10 pts/1 00:00:00 grep gateone
[root@liuxt2-001 conf.d]# ps -ef|grep gateone #用户https方法连接到gateone,点击按钮进入登录但是没有完成登录过程
root 3170 3142 0 09:40 pts/0 00:00:01 /usr/bin/python /usr/bin/gateone
root 3297 3170 0 10:10 pts/0 00:00:00 /usr/bin/python /usr/bin/gateone
root 3298 3170 0 10:10 pts/0 00:00:00 /usr/bin/python /usr/bin/gateone
root 3299 3170 0 10:10 pts/0 00:00:00 /usr/bin/python /usr/bin/gateone
root 3300 3170 0 10:10 pts/0 00:00:00 /usr/bin/python /usr/bin/gateone
root 3306 3170 0 10:10 pts/3 00:00:00 /bin/sh -c /usr/lib/python2.6/site-packages/gateone-1.2.0-py2.6.egg/gateone/applications/terminal/plugins/ssh/scripts/ssh_connect.py -S '/tmp/gateone/OWFjMWU1NWM2MGI1NDcwYmEzZDVlMjA3Yjk2MWYwMmU4O/%SHORT_SOCKET%' --sshfp -a '-oUserKnownHostsFile=\"/var/lib/gateone/users/ANONYMOUS/.ssh/known_hosts\"'; sleep .1
root 3307 3306 3 10:10 pts/3 00:00:00 python /usr/lib/python2.6/site-packages/gateone-1.2.0-py2.6.egg/gateone/applications/terminal/plugins/ssh/scripts/ssh_connect.py -S /tmp/gateone/OWFjMWU1NWM2MGI1NDcwYmEzZDVlMjA3Yjk2MWYwMmU4O/%SHORT_SOCKET% --sshfp -a -oUserKnownHostsFile=\"/var/lib/gateone/users/ANONYMOUS/.ssh/known_hosts\"
root 3312 3189 0 10:10 pts/1 00:00:00 grep gateone
[root@liuxt2-001 conf.d]#
[root@liuxt2-001 conf.d]# ps -ef|grep gateone #用户https方法连接到gateone,并且已经成功登入
root 3170 3142 0 09:40 pts/0 00:00:01 /usr/bin/python /usr/bin/gateone
root 3297 3170 0 10:10 pts/0 00:00:00 /usr/bin/python /usr/bin/gateone
root 3298 3170 0 10:10 pts/0 00:00:00 /usr/bin/python /usr/bin/gateone
root 3299 3170 0 10:10 pts/0 00:00:00 /usr/bin/python /usr/bin/gateone
root 3300 3170 0 10:10 pts/0 00:00:00 /usr/bin/python /usr/bin/gateone
root 3306 3170 0 10:10 pts/3 00:00:00 /bin/sh -c /usr/lib/python2.6/site-packages/gateone-1.2.0-py2.6.egg/gateone/applications/terminal/plugins/ssh/scripts/ssh_connect.py -S '/tmp/gateone/OWFjMWU1NWM2MGI1NDcwYmEzZDVlMjA3Yjk2MWYwMmU4O/%SHORT_SOCKET%' --sshfp -a '-oUserKnownHostsFile=\"/var/lib/gateone/users/ANONYMOUS/.ssh/known_hosts\"'; sleep .1
root 3307 3306 0 10:10 pts/3 00:00:00 /bin/sh /tmp/gateone/OWFjMWU1NWM2MGI1NDcwYmEzZDVlMjA3Yjk2MWYwMmU4O/ssh:default:1:appadmin@10.120.21.188:22
root 3317 3307 0 10:11 pts/3 00:00:00 ssh -M -S/tmp/gateone/OWFjMWU1NWM2MGI1NDcwYmEzZDVlMjA3Yjk2MWYwMmU4O/V1dHn41F -x -F/var/lib/gateone/users/ANONYMOUS/.ssh/config -oNoHostAuthenticationForLocalhost=yes -oVerifyHostKeyDNS=yes -oPreferredAuthentications=keyboard-interactive,password -oIdentitiesOnly=yes -oSendEnv=GO_TERM GO_LOCATION GO_SESSION -p 22 -l appadmin -oUserKnownHostsFile="/var/lib/gateone/users/ANONYMOUS/.ssh/known_hosts" 10.120.21.188
root 3320 3189 0 10:11 pts/1 00:00:00 grep gateone
[root@liuxt2-001 conf.d]#
经过测试和观察,用户在页面登入后,即开启一个session,gateone将针对用户登入的每台host产生一个子进程A,子进程A发起子进程B,子进程B发起子进程C。如果用户duplicate一个session,那么将会有新的A B C三个父子进程出现。
从原理上讲,web端使用了HTML5,并使用了其中的WebSocket技术。websocket是先使用http方式建立连接,连接建立后不再使用http协议,而是使用了websocket自己的协议通讯。
目前面临的困难:
将GateOne可以很容易的集成进web程序,但是目前我的期望是是用户可以在web页面上不输入用户名密码就可以直接登录进入,这样可以非常方便的节省时间,给工作带来极大的便利。但目前看来需要在GateOne上做修改,目前无参考文档,只有源码可以看,但源码太复杂,难以掌握。