因爲項目中使用了gateone實現webssh功能,因此研究了一下geteone的部署方式。發現物理機上經常會出現gateone部署失敗的情況,因此使用了docker方式實現gateone的部署。
直接使用官方提供的gateone鏡像時,因爲tornado版本原因,造成無法啓動情況,報錯如下:
TypeError: __init__() got an unexpected keyword argument 'io_loop'
Exception AttributeError: "'AutoExpireDict' object has no attribute '_key_watcher'" in <bound method AutoExpireDict.__del__ of {}> ignored
因此自己重新制作鏡像,注意:python-imaging需要更換爲:python-pil,同時更改了啓動腳本代碼:update_and_run_gateone.py
目錄結構:
[root@container1 gateone]# cat Dockerfile
FROM ubuntu
MAINTAINER Dan McDougall <[email protected]>
ENV GATEONE_REPO_URL https://github.com/liftoff/GateOne.git
# Ensure everything is up-to-date
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update --fix-missing && apt-get -y upgrade
# Install dependencies
RUN apt-get -y \
install python-pip \
python-pil \
python-setuptools \
python-mutagen \
python-pam \
python-dev \
git \
telnet \
openssh-client && \
apt-get -y clean && \
apt-get -q -y autoremove
#RUN pip install --upgrade futures tornado cssmin slimit psutil
RUN pip install --upgrade futures cssmin slimit psutil && pip install tornado==4.5.3
# Create the necessary directories, clone the repo, and install everything
RUN mkdir -p /gateone/logs /gateone/users /etc/gateone/conf.d /etc/gateone/ssl && \
cd /gateone && \
git clone $GATEONE_REPO_URL && \
cd GateOne && \
python setup.py install && \
cp docker/60docker.conf /etc/gateone/conf.d/60docker.conf
# This ensures our configuration files/dirs are created:
RUN /usr/local/bin/gateone --configure \
--log_file_prefix="/gateone/logs/gateone.log"
# Remove the auto-generated key/certificate so that a new one gets created the
# first time the container is started:
RUN rm -f /etc/gateone/ssl/key.pem && \
rm -f /etc/gateone/ssl/certificate.pem
# (We don't want everyone using the same SSL key/certificate)
COPY ./script/update_and_run_gateone.py /usr/local/bin/update_and_run_gateone
EXPOSE 8000
CMD ["/usr/local/bin/update_and_run_gateone", "--log_file_prefix=/gateone/logs/gateone.log"]
[root@interkgcentos7 gateone]# cat update_and_run_gateone.py
#!/usr/bin/env python
"""
Checks if Gate One is up-to-date inside the container by performing a
`git pull`. If new code was pulled it will be automatically installed via
`python setup.py install`
Once that's done it will automatically run the 'gateone' command; passing it any
arguments that were passed to this script.
To disable the automatic update mechanism simply pass --noupdate as a command
line argument to this script.
.. note::
This script will also update the Tornado framework via the pip command.
"""
import os, sys
try:
from commands import getstatusoutput
except ImportError: # Python 3
from subprocess import getstatusoutput
if __name__ == "__main__":
os.chdir('/gateone/GateOne')
os.execvp('/usr/bin/python', [
'/usr/bin/python', '/usr/local/bin/gateone'])
os._exit(0)
[root@container1 gateone]# cat docker-compose.yml
version: "3"
services:
gateone:
image: mygateone
container_name: gateone
volumes:
#將gateone配置文件掛載到本機,爲了以後進行修改,如https改爲http
- ./etc/conf.d:/etc/gateone/conf.d
#將默認ssh免密碼登錄路徑掛載到本機
- ./gateone/users:/gateone/users
ports:
- 6001:8000
restart: always
networks:
- zabbix
networks:
zabbix:
external: true
操作步驟:
1、創建鏡像:docker build -t mygateone ./
2、創建網絡:docker network create zabbix
3、啓動容器:docker-compose up -d
4、停止容器,同時將https改爲http訪問
5、重新啓動容器,同時檢查是否使用http協議和8000端口:docker-compose up -d && docker logs -f gateone
6、檢查gateone是否正常工作
gateone實現ssh免密碼登錄
cp ~xxx/.ssh/id_rsa* /www/xxx/.ssh/ # 其中www爲10server.conf中user_dir中指定的目錄, xxx爲gateone訪問時upn用戶
echo id_rsa > .default_ids
注意:需要同時將id_rsa和id_rsa.pub都拷貝到該目錄才能實現免密碼登錄