Mysql审核工具archery
系统:Centos6.8
ip:192.168.122.150
安装Python和virtualenv
编译安装
[root@www ~]# yum install wget gcc make zlib-devel openssl openssl-devel
[root@www src]# wget "https://www.python.org/ftp/python/3.6.5/Python-3.6.5.tar.xz"
[root@www src]# tar -xvf Python-3.6.5.tar.xz
[root@www src]# cd Python-3.6.5
[root@www Python-3.6.5]# ./configure prefix=/usr/local/python3
[root@www Python-3.6.5]# make && make install
[root@www Python-3.6.5]# ln -fs /usr/local/python3/bin/python3 /usr/bin/python3
[root@www Python-3.6.5]# ln -fs /usr/local/python3/bin/pip3 /usr/bin/pip3
virtualenv
[root@www ~]# pip3 install virtualenv -i https://mirrors.ustc.edu.cn/pypi/web/simple/
[root@www ~]# pip3 install -U pip
[root@www ~]# ln -fs /usr/local/python3/bin/virtualenv /usr/bin/virtualenv
安装Archery
准备虚拟环境
编译安装python的使用
[root@www ~]# virtualenv venv4archery --python=python3
切换python运行环境到虚拟环境
[root@www ~]# source venv4archery/bin/activate
安装ODBC依赖
[root@www Archery-1.5.3]# yum install unixODBC-devel -y
下载release包,安装依赖库
[root@www ~]# wget "https://github.com/hhyo/archery/archive/v1.5.3.tar.gz"
[root@www ~]# tar -xzvf v1.5.3.tar.gz
安装系统依赖
[root@www ~]# yum -y install gcc gcc-c++ python-devel mysql-devel openldap-devel unixODBC-devel gettext
安装依赖库
[root@www ~]# cd Archery-1.5.3/
[root@www Archery-1.5.3]# pip3 install -r requirements.txt -i https://mirrors.ustc.edu.cn/pypi/web/simple/
如果出现报一下错误
解决方法:
安装mysql5.7,然后安装以下依赖即可
[root@www Archery-1.5.3]# yum install mysql-devel -y
(venv4archery) [root@www Archery-1.5.3]# find / -name mysql_config.1.gz
/usr/share/man/man1/mysql_config.1.gz
(venv4archery) [root@www Archery-1.5.3]# find / -name mysql_config
/usr/bin/mysql_config
[root@www Archery-1.5.3]# pip3 install -r requirements.txt -i https://mirrors.ustc.edu.cn/pypi/web/simple/
出现报错
解决方法:
[root@www Archery-1.5.3]# yum install openldap -y
[root@www Archery-1.5.3]# yum install openldap-clients -y
[root@www Archery-1.5.3]# yum install openldap-devel -y
[root@www Archery-1.5.3]# pip3 install -r requirements.txt -i https://mirrors.ustc.edu.cn/pypi/web/simple/
(venv4archery) [root@www Archery-1.5.3]# echo $?
0
修改配置
[root@www Archery-1.5.3]# vim archery/settings.py
安全修改
修改Prpcrypt的key信息,该key用于数据库密码等信息加密,目前是硬编码在代码内 aes_decryptor.py
基础配置
关闭debug模式
DEBUG = False
设置ALLOWED_HOSTS,建议限制内网访问
ALLOWED_HOSTS = ['*']
请求大小限制,如果提交SQL语句过大可以修改该值
DATA_UPLOAD_MAX_MEMORY_SIZE = 15728640
密码校验,用户注册和添加密码校验规则
AUTH_PASSWORD_VALIDATORS = [
{
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
'OPTIONS': {
'min_length': 9,
}
},
{
'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
},
{
'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
},
]
MongoDB配置
themis审核需要执行eval()命令,参考配置Allow user to execute eval() command on MongoDB 3.x}
创建角色
use admin
switched to db admin
db.createRole( { role: "executeFunctions", privileges: [ { resource: { anyResource: true }, actions: [ "anyAction" ] } ], roles: [] } )
{
"role" : "executeFunctions",
"privileges" : [
{
"resource" : {
"anyResource" : true
},
"actions" : [
"anyAction"
]
}
],
"roles" : [ ]
}给用户分配角色
use themis
switched to db themis
db.grantRolesToUser("dbuser", [ { role: "executeFunctions", db: "admin" } ])
修改配置
MONGODB_DATABASES = {
"default": {
"NAME": 'themis', # 数据库
"USER": '', # 用户名
"PASSWORD": '', # 密码
"HOST": '127.0.0.1', # 数据库HOST
"PORT": 27017, # 数据库端口
},
}
Django-Q配置
默认配置即可,也可参考django-q文档修改
Q_CLUSTER = {
'name': 'archery',
'workers': 4,
'recycle': 500,
'timeout': 60,
'compress': True,
'cpu_affinity': 1,
'save_limit': 0,
'queue_limit': 50,
'label': 'Django Q',
'django_redis': 'default'
}
缓存配置
缓存使用redis
CACHES = {
"default": {
"BACKEND": "django_redis.cache.RedisCache",
"LOCATION": "redis://127.0.0.1:6379/0", # redis://host:port/db
"OPTIONS": {
"CLIENT_CLASS": "django_redis.client.DefaultClient",
}
}
}
mysql> create database archery default character set utf8;
Query OK, 1 row affected (0.14 sec)
mysql> grant all privileges on archery.* to root@'127.0.0.1' identified by 'abc123';
Query OK, 0 rows affected, 1 warning (0.46 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.14 sec)
mysql>exit
安装redis略
启动准备
数据库初始化
[root@www Archery-1.5.3]# python3 manage.py makemigrations sqlpython3 manage.py migrate
[root@www Archery-1.5.3]# python3 manage.py migrate
编译翻译文件
[root@www Archery-1.5.3]# python3 manage.py compilemessages
创建管理用户
python3 manage.py createsuperuser
(venv4archery) [root@www Archery-1.5.3]# python3 manage.py createsuperuser
Username: admin #用户
Email address: #填写你的邮箱地址
Password: admin123
Password (again): admin123
Superuser created successfully.
启动Django-Q
需要保持后台运行,用于消息推送、工单执行、定时执行,可使用supervisor进行管理
source /opt/venv4archery/bin/activate
python3 manage.py qcluster &
启动服务
runserver启动
source /root/venv4archery/bin/activate
python3 manage.py runserver 0.0.0.0:9123 --insecure
关闭防火墙,或者开放9123端口 账号密码就是刚刚创建的admin admin123