Simplified spawner, added GitLab/OAuth

* Now we avoid using localusers and use a DockerSpawner directy * There is an option to select other oauthenticator classes
7 years ago · 0bb2ea7963
parent f8289e37ee
commit 0bb2ea7963
9 changed files with 61 additions and 99 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -1 +1,3 @@
 env
+output
+.*
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+/.env
--- a/8
+++ b/8
@ -14,13 +14,13 @@ RUN pip install git+git://github.com/jupyter/dockerspawner.git
 RUN mkdir /srv/oauthenticator
 WORKDIR /srv/oauthenticator
 ENV OAUTHENTICATOR_DIR /srv/oauthenticator
-ADD addusers.sh /srv/oauthenticator/addusers.sh
-ADD userlist /srv/oauthenticator/userlist
 ADD ssl /srv/oauthenticator/ssl
 RUN chmod 700 /srv/oauthenticator
 RUN groupadd hubadmin
 RUN echo "%hubadmin ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers

-VOLUME /home
+ADD jupyterhub_config.py /srv/jupyterhub/jupyterhub_config.py

-RUN ["sh", "/srv/oauthenticator/addusers.sh"]
+ENV USERS_DIR /output
+
+VOLUME /home
--- a/24
+++ b/24
@ -0,0 +1,24 @@
+VERSION=`cat VERSION`
+REPO="balkian/jupyterhub-oauth"
+TEST=$(REPO):test-$(VERSION)
+FINAL=$(REPO):$(VERSION)
+
+
+build:
+	docker build -t $(TEST) .
+
+run:
+	docker run -v $$PWD/output:/output -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock -v $(PWD)/jupyterhub_config.py:/srv/jupyterhub/jupyterhub_config.py --env-file .env $(TEST) jupyterhub --config /srv/jupyterhub/jupyterhub_config.py --no-ssl
+
+push:
+
+.PHONY: build run
+
+push: build
+	docker tag $(TEST) $(FINAL)
+	docker tag $(TEST) $(REPO)
+	docker rmi $(TEST)
+	docker push $(FINAL)
+	docker push $(REPO)
+
+.PHONY: build run push
--- a/1
+++ b/1
@ -0,0 +1 @@
+1.6
--- a/addusers.sh
+++ b/addusers.sh
@ -1,17 +0,0 @@
-#!/bin/sh
-
-IFS="
-"
-for line in `cat userlist`; do
-  test -z "$line" && continue
-  user=`echo $line | cut -f 1 -d' '`
-  admin=`echo $line | cut -f 2 -d' '`
-  echo "adding user $user"
-  useradd -m -s /bin/bash $user
-  if [ "$admin" = "admin" ]; then
-    echo "Making $user admin"
-      usermod -a -G hubadmin $user
-  fi
-  #cp -r /srv/ipython/examples /shared/$user/examples
-  #chown -R $user /home/$user/examples
-done
--- a/download_users.py
+++ b/download_users.py
@ -1,32 +0,0 @@
-from github import GitHub
-import os
-import sys
-import json
-
-ACCESS_TOKEN = os.environ.get("GH_ACCESS_TOKEN", None)
-ORG = os.environ.get("GH_ORG", "gsi-upm")
-
-
-gh = GitHub(access_token=ACCESS_TOKEN)
-
-users = []
-
-tfilter = sys.argv[1:]
-allteams = gh.orgs(ORG).teams.get()
-print(list(t["name"] for t in allteams))
-tlist = list(t for t in allteams if t["name"] in tfilter)
-print(tlist)
-
-for t in tlist:
-    print("Getting team: %s" % t["name"])
-    t["members"] = gh.teams(t["id"]).members.get()
-    for m in t["members"]:
-        login = m["login"]
-        users.append(login)
-
-with open("userlist", "w") as f:
-    for user in set(users):
-        f.write(user)
-        if user in ("oaraque", "balkian", "cif2cif"):
-            f.write(" admin")
-        f.write("\n")
--- a/jupyterhub_config.py
+++ b/jupyterhub_config.py
@ -2,45 +2,47 @@

 import os
 import sys
+import json
+import grp
+from os.path import join

 c = get_config()

+PREADMINS = set(os.environ.get('ADMINS', '').split(','))
+OAUTH_CLASS = os.environ.get('OAUTH_CLASS', 'oauthenticator.GitHub')
+HOME_FORMAT_STRING = os.environ.get('HOST_HOMEDIR', '/mnt/home/{username}')
+here = os.path.dirname(__file__)
+root = os.environ.get('OAUTHENTICATOR_DIR', here)
+udir = os.environ.get('USERS_DIR', root)
+sys.path.insert(0, root)
+teams = os.environ.get('OAUTHENTICATOR_TEAMS', None)
+
 c.JupyterHub.log_level = 10
-c.JupyterHub.spawner_class = 'dockerspawner.SystemUserSpawner'
+c.JupyterHub.spawner_class = 'dockerspawner.DockerSpawner'
 c.DockerSpawner.container_image = 'jupyter/scipy-singleuser'
 c.DockerSpawner.use_internal_ip = True

-c.SystemUserSpawner.host_homedir_format_string = '/data/shared/{username}'
+notebook_dir = os.environ.get('DOCKER_NOTEBOOK_DIR') or '/home/jovyan/work'
+c.DockerSpawner.notebook_dir = notebook_dir
+
+# Mount the real user's Docker volume on the host to the notebook user's
+# notebook directory in the container
+c.DockerSpawner.volumes = { HOME_FORMAT_STRING: notebook_dir }

 import socket
 ips = ([ip for ip in socket.gethostbyname_ex(socket.gethostname())[2] if not ip.startswith("127.")][:1])
 c.JupyterHub.hub_ip = ips[0]

-
-c.JupyterHub.authenticator_class = 'oauthenticator.LocalGitHubOAuthenticator'
-c.LocalGitHubOAuthenticator.create_system_users = True
+# c.JupyterHub.authenticator_class = 'oauthenticator.{}'.format(auth_class_name)
+c.JupyterHub.authenticator_class = OAUTH_CLASS
+# auth_class = getattr(c, 'auth_class_name')
+# auth_class = getattr(c, 'GitHubOAuthenticator')
+# auth_class.oauth_callback_url = os.environ['OAUTH_CALLBACK_URL']
+# auth_class = getattr(c, auth_short_name)
+# auth_class.create_system_users = False

 c.Authenticator.whitelist = whitelist = set()
-c.Authenticator.admin_users = admin = set()
-
-join = os.path.join
-
-here = os.path.dirname(__file__)
-root = os.environ.get('OAUTHENTICATOR_DIR', here)
-sys.path.insert(0, root)
-
-with open(join(root, 'userlist')) as f:
-    for line in f:
-        if not line:
-            continue
-        parts = line.split()
-        name = parts[0]
-        whitelist.add(name)
-        if len(parts) > 1 and parts[1] == 'admin':
-            admin.add(name)
-
-c.GitHubOAuthenticator.oauth_callback_url = os.environ['OAUTH_CALLBACK_URL']
-
+c.Authenticator.admin_users = admin = PREADMINS
 # ssl config
 ssl = join(root, 'ssl')
 keyfile = join(ssl, 'ssl.key')
@ -49,3 +51,5 @@ if os.path.exists(keyfile):
    c.JupyterHub.ssl_key = keyfile
 if os.path.exists(certfile):
    c.JupyterHub.ssl_cert = certfile
+
+# load_from_json()
--- a/21
+++ b/21
@ -1,21 +0,0 @@
-jochoaserna
-SergioML9
-emilioserra
-oaraque admin
-Drozzer
-constanr
-antoniom-diaz
-Lorena25
-NachoCP
-rodbarest
-alvarocarrera
-gpoveda
-hopple
-AlbertoED
-sunshengjing
-balkian admin
-pepos
-antoniofll
-enriquecs
-miguelcb84
-JesusMSM