mirror of
https://github.com/balkian/jupyterhub-oauth.git
synced 2024-12-21 19:48:13 +00:00
Simplified spawner, added GitLab/OAuth
* Now we avoid using localusers and use a DockerSpawner directy * There is an option to select other oauthenticator classes
This commit is contained in:
parent
f8289e37ee
commit
0bb2ea7963
@ -1 +1,3 @@
|
|||||||
env
|
env
|
||||||
|
output
|
||||||
|
.*
|
||||||
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
/.env
|
@ -14,13 +14,13 @@ RUN pip install git+git://github.com/jupyter/dockerspawner.git
|
|||||||
RUN mkdir /srv/oauthenticator
|
RUN mkdir /srv/oauthenticator
|
||||||
WORKDIR /srv/oauthenticator
|
WORKDIR /srv/oauthenticator
|
||||||
ENV OAUTHENTICATOR_DIR /srv/oauthenticator
|
ENV OAUTHENTICATOR_DIR /srv/oauthenticator
|
||||||
ADD addusers.sh /srv/oauthenticator/addusers.sh
|
|
||||||
ADD userlist /srv/oauthenticator/userlist
|
|
||||||
ADD ssl /srv/oauthenticator/ssl
|
ADD ssl /srv/oauthenticator/ssl
|
||||||
RUN chmod 700 /srv/oauthenticator
|
RUN chmod 700 /srv/oauthenticator
|
||||||
RUN groupadd hubadmin
|
RUN groupadd hubadmin
|
||||||
RUN echo "%hubadmin ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
|
RUN echo "%hubadmin ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
|
||||||
|
|
||||||
VOLUME /home
|
ADD jupyterhub_config.py /srv/jupyterhub/jupyterhub_config.py
|
||||||
|
|
||||||
RUN ["sh", "/srv/oauthenticator/addusers.sh"]
|
ENV USERS_DIR /output
|
||||||
|
|
||||||
|
VOLUME /home
|
24
Makefile
Normal file
24
Makefile
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
VERSION=`cat VERSION`
|
||||||
|
REPO="balkian/jupyterhub-oauth"
|
||||||
|
TEST=$(REPO):test-$(VERSION)
|
||||||
|
FINAL=$(REPO):$(VERSION)
|
||||||
|
|
||||||
|
|
||||||
|
build:
|
||||||
|
docker build -t $(TEST) .
|
||||||
|
|
||||||
|
run:
|
||||||
|
docker run -v $$PWD/output:/output -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock -v $(PWD)/jupyterhub_config.py:/srv/jupyterhub/jupyterhub_config.py --env-file .env $(TEST) jupyterhub --config /srv/jupyterhub/jupyterhub_config.py --no-ssl
|
||||||
|
|
||||||
|
push:
|
||||||
|
|
||||||
|
.PHONY: build run
|
||||||
|
|
||||||
|
push: build
|
||||||
|
docker tag $(TEST) $(FINAL)
|
||||||
|
docker tag $(TEST) $(REPO)
|
||||||
|
docker rmi $(TEST)
|
||||||
|
docker push $(FINAL)
|
||||||
|
docker push $(REPO)
|
||||||
|
|
||||||
|
.PHONY: build run push
|
17
addusers.sh
17
addusers.sh
@ -1,17 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
|
|
||||||
IFS="
|
|
||||||
"
|
|
||||||
for line in `cat userlist`; do
|
|
||||||
test -z "$line" && continue
|
|
||||||
user=`echo $line | cut -f 1 -d' '`
|
|
||||||
admin=`echo $line | cut -f 2 -d' '`
|
|
||||||
echo "adding user $user"
|
|
||||||
useradd -m -s /bin/bash $user
|
|
||||||
if [ "$admin" = "admin" ]; then
|
|
||||||
echo "Making $user admin"
|
|
||||||
usermod -a -G hubadmin $user
|
|
||||||
fi
|
|
||||||
#cp -r /srv/ipython/examples /shared/$user/examples
|
|
||||||
#chown -R $user /home/$user/examples
|
|
||||||
done
|
|
@ -1,32 +0,0 @@
|
|||||||
from github import GitHub
|
|
||||||
import os
|
|
||||||
import sys
|
|
||||||
import json
|
|
||||||
|
|
||||||
ACCESS_TOKEN = os.environ.get("GH_ACCESS_TOKEN", None)
|
|
||||||
ORG = os.environ.get("GH_ORG", "gsi-upm")
|
|
||||||
|
|
||||||
|
|
||||||
gh = GitHub(access_token=ACCESS_TOKEN)
|
|
||||||
|
|
||||||
users = []
|
|
||||||
|
|
||||||
tfilter = sys.argv[1:]
|
|
||||||
allteams = gh.orgs(ORG).teams.get()
|
|
||||||
print(list(t["name"] for t in allteams))
|
|
||||||
tlist = list(t for t in allteams if t["name"] in tfilter)
|
|
||||||
print(tlist)
|
|
||||||
|
|
||||||
for t in tlist:
|
|
||||||
print("Getting team: %s" % t["name"])
|
|
||||||
t["members"] = gh.teams(t["id"]).members.get()
|
|
||||||
for m in t["members"]:
|
|
||||||
login = m["login"]
|
|
||||||
users.append(login)
|
|
||||||
|
|
||||||
with open("userlist", "w") as f:
|
|
||||||
for user in set(users):
|
|
||||||
f.write(user)
|
|
||||||
if user in ("oaraque", "balkian", "cif2cif"):
|
|
||||||
f.write(" admin")
|
|
||||||
f.write("\n")
|
|
@ -2,45 +2,47 @@
|
|||||||
|
|
||||||
import os
|
import os
|
||||||
import sys
|
import sys
|
||||||
|
import json
|
||||||
|
import grp
|
||||||
|
from os.path import join
|
||||||
|
|
||||||
c = get_config()
|
c = get_config()
|
||||||
|
|
||||||
|
PREADMINS = set(os.environ.get('ADMINS', '').split(','))
|
||||||
|
OAUTH_CLASS = os.environ.get('OAUTH_CLASS', 'oauthenticator.GitHub')
|
||||||
|
HOME_FORMAT_STRING = os.environ.get('HOST_HOMEDIR', '/mnt/home/{username}')
|
||||||
|
here = os.path.dirname(__file__)
|
||||||
|
root = os.environ.get('OAUTHENTICATOR_DIR', here)
|
||||||
|
udir = os.environ.get('USERS_DIR', root)
|
||||||
|
sys.path.insert(0, root)
|
||||||
|
teams = os.environ.get('OAUTHENTICATOR_TEAMS', None)
|
||||||
|
|
||||||
c.JupyterHub.log_level = 10
|
c.JupyterHub.log_level = 10
|
||||||
c.JupyterHub.spawner_class = 'dockerspawner.SystemUserSpawner'
|
c.JupyterHub.spawner_class = 'dockerspawner.DockerSpawner'
|
||||||
c.DockerSpawner.container_image = 'jupyter/scipy-singleuser'
|
c.DockerSpawner.container_image = 'jupyter/scipy-singleuser'
|
||||||
c.DockerSpawner.use_internal_ip = True
|
c.DockerSpawner.use_internal_ip = True
|
||||||
|
|
||||||
c.SystemUserSpawner.host_homedir_format_string = '/data/shared/{username}'
|
notebook_dir = os.environ.get('DOCKER_NOTEBOOK_DIR') or '/home/jovyan/work'
|
||||||
|
c.DockerSpawner.notebook_dir = notebook_dir
|
||||||
|
|
||||||
|
# Mount the real user's Docker volume on the host to the notebook user's
|
||||||
|
# notebook directory in the container
|
||||||
|
c.DockerSpawner.volumes = { HOME_FORMAT_STRING: notebook_dir }
|
||||||
|
|
||||||
import socket
|
import socket
|
||||||
ips = ([ip for ip in socket.gethostbyname_ex(socket.gethostname())[2] if not ip.startswith("127.")][:1])
|
ips = ([ip for ip in socket.gethostbyname_ex(socket.gethostname())[2] if not ip.startswith("127.")][:1])
|
||||||
c.JupyterHub.hub_ip = ips[0]
|
c.JupyterHub.hub_ip = ips[0]
|
||||||
|
|
||||||
|
# c.JupyterHub.authenticator_class = 'oauthenticator.{}'.format(auth_class_name)
|
||||||
c.JupyterHub.authenticator_class = 'oauthenticator.LocalGitHubOAuthenticator'
|
c.JupyterHub.authenticator_class = OAUTH_CLASS
|
||||||
c.LocalGitHubOAuthenticator.create_system_users = True
|
# auth_class = getattr(c, 'auth_class_name')
|
||||||
|
# auth_class = getattr(c, 'GitHubOAuthenticator')
|
||||||
|
# auth_class.oauth_callback_url = os.environ['OAUTH_CALLBACK_URL']
|
||||||
|
# auth_class = getattr(c, auth_short_name)
|
||||||
|
# auth_class.create_system_users = False
|
||||||
|
|
||||||
c.Authenticator.whitelist = whitelist = set()
|
c.Authenticator.whitelist = whitelist = set()
|
||||||
c.Authenticator.admin_users = admin = set()
|
c.Authenticator.admin_users = admin = PREADMINS
|
||||||
|
|
||||||
join = os.path.join
|
|
||||||
|
|
||||||
here = os.path.dirname(__file__)
|
|
||||||
root = os.environ.get('OAUTHENTICATOR_DIR', here)
|
|
||||||
sys.path.insert(0, root)
|
|
||||||
|
|
||||||
with open(join(root, 'userlist')) as f:
|
|
||||||
for line in f:
|
|
||||||
if not line:
|
|
||||||
continue
|
|
||||||
parts = line.split()
|
|
||||||
name = parts[0]
|
|
||||||
whitelist.add(name)
|
|
||||||
if len(parts) > 1 and parts[1] == 'admin':
|
|
||||||
admin.add(name)
|
|
||||||
|
|
||||||
c.GitHubOAuthenticator.oauth_callback_url = os.environ['OAUTH_CALLBACK_URL']
|
|
||||||
|
|
||||||
# ssl config
|
# ssl config
|
||||||
ssl = join(root, 'ssl')
|
ssl = join(root, 'ssl')
|
||||||
keyfile = join(ssl, 'ssl.key')
|
keyfile = join(ssl, 'ssl.key')
|
||||||
@ -49,3 +51,5 @@ if os.path.exists(keyfile):
|
|||||||
c.JupyterHub.ssl_key = keyfile
|
c.JupyterHub.ssl_key = keyfile
|
||||||
if os.path.exists(certfile):
|
if os.path.exists(certfile):
|
||||||
c.JupyterHub.ssl_cert = certfile
|
c.JupyterHub.ssl_cert = certfile
|
||||||
|
|
||||||
|
# load_from_json()
|
||||||
|
Loading…
Reference in New Issue
Block a user