1
0
mirror of https://github.com/balkian/jupyterhub-oauth.git synced 2024-12-21 19:48:13 +00:00

Simplified spawner, added GitLab/OAuth

* Now we avoid using localusers and use a DockerSpawner directy
* There is an option to select other oauthenticator classes
This commit is contained in:
J. Fernando Sánchez 2017-01-25 00:35:44 +01:00
parent f8289e37ee
commit 0bb2ea7963
9 changed files with 61 additions and 99 deletions

View File

@ -1 +1,3 @@
env env
output
.*

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
/.env

View File

@ -14,13 +14,13 @@ RUN pip install git+git://github.com/jupyter/dockerspawner.git
RUN mkdir /srv/oauthenticator RUN mkdir /srv/oauthenticator
WORKDIR /srv/oauthenticator WORKDIR /srv/oauthenticator
ENV OAUTHENTICATOR_DIR /srv/oauthenticator ENV OAUTHENTICATOR_DIR /srv/oauthenticator
ADD addusers.sh /srv/oauthenticator/addusers.sh
ADD userlist /srv/oauthenticator/userlist
ADD ssl /srv/oauthenticator/ssl ADD ssl /srv/oauthenticator/ssl
RUN chmod 700 /srv/oauthenticator RUN chmod 700 /srv/oauthenticator
RUN groupadd hubadmin RUN groupadd hubadmin
RUN echo "%hubadmin ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers RUN echo "%hubadmin ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
VOLUME /home ADD jupyterhub_config.py /srv/jupyterhub/jupyterhub_config.py
RUN ["sh", "/srv/oauthenticator/addusers.sh"] ENV USERS_DIR /output
VOLUME /home

24
Makefile Normal file
View File

@ -0,0 +1,24 @@
VERSION=`cat VERSION`
REPO="balkian/jupyterhub-oauth"
TEST=$(REPO):test-$(VERSION)
FINAL=$(REPO):$(VERSION)
build:
docker build -t $(TEST) .
run:
docker run -v $$PWD/output:/output -p 8000:8000 -v /var/run/docker.sock:/var/run/docker.sock -v $(PWD)/jupyterhub_config.py:/srv/jupyterhub/jupyterhub_config.py --env-file .env $(TEST) jupyterhub --config /srv/jupyterhub/jupyterhub_config.py --no-ssl
push:
.PHONY: build run
push: build
docker tag $(TEST) $(FINAL)
docker tag $(TEST) $(REPO)
docker rmi $(TEST)
docker push $(FINAL)
docker push $(REPO)
.PHONY: build run push

1
VERSION Normal file
View File

@ -0,0 +1 @@
1.6

View File

@ -1,17 +0,0 @@
#!/bin/sh
IFS="
"
for line in `cat userlist`; do
test -z "$line" && continue
user=`echo $line | cut -f 1 -d' '`
admin=`echo $line | cut -f 2 -d' '`
echo "adding user $user"
useradd -m -s /bin/bash $user
if [ "$admin" = "admin" ]; then
echo "Making $user admin"
usermod -a -G hubadmin $user
fi
#cp -r /srv/ipython/examples /shared/$user/examples
#chown -R $user /home/$user/examples
done

View File

@ -1,32 +0,0 @@
from github import GitHub
import os
import sys
import json
ACCESS_TOKEN = os.environ.get("GH_ACCESS_TOKEN", None)
ORG = os.environ.get("GH_ORG", "gsi-upm")
gh = GitHub(access_token=ACCESS_TOKEN)
users = []
tfilter = sys.argv[1:]
allteams = gh.orgs(ORG).teams.get()
print(list(t["name"] for t in allteams))
tlist = list(t for t in allteams if t["name"] in tfilter)
print(tlist)
for t in tlist:
print("Getting team: %s" % t["name"])
t["members"] = gh.teams(t["id"]).members.get()
for m in t["members"]:
login = m["login"]
users.append(login)
with open("userlist", "w") as f:
for user in set(users):
f.write(user)
if user in ("oaraque", "balkian", "cif2cif"):
f.write(" admin")
f.write("\n")

View File

@ -2,45 +2,47 @@
import os import os
import sys import sys
import json
import grp
from os.path import join
c = get_config() c = get_config()
PREADMINS = set(os.environ.get('ADMINS', '').split(','))
OAUTH_CLASS = os.environ.get('OAUTH_CLASS', 'oauthenticator.GitHub')
HOME_FORMAT_STRING = os.environ.get('HOST_HOMEDIR', '/mnt/home/{username}')
here = os.path.dirname(__file__)
root = os.environ.get('OAUTHENTICATOR_DIR', here)
udir = os.environ.get('USERS_DIR', root)
sys.path.insert(0, root)
teams = os.environ.get('OAUTHENTICATOR_TEAMS', None)
c.JupyterHub.log_level = 10 c.JupyterHub.log_level = 10
c.JupyterHub.spawner_class = 'dockerspawner.SystemUserSpawner' c.JupyterHub.spawner_class = 'dockerspawner.DockerSpawner'
c.DockerSpawner.container_image = 'jupyter/scipy-singleuser' c.DockerSpawner.container_image = 'jupyter/scipy-singleuser'
c.DockerSpawner.use_internal_ip = True c.DockerSpawner.use_internal_ip = True
c.SystemUserSpawner.host_homedir_format_string = '/data/shared/{username}' notebook_dir = os.environ.get('DOCKER_NOTEBOOK_DIR') or '/home/jovyan/work'
c.DockerSpawner.notebook_dir = notebook_dir
# Mount the real user's Docker volume on the host to the notebook user's
# notebook directory in the container
c.DockerSpawner.volumes = { HOME_FORMAT_STRING: notebook_dir }
import socket import socket
ips = ([ip for ip in socket.gethostbyname_ex(socket.gethostname())[2] if not ip.startswith("127.")][:1]) ips = ([ip for ip in socket.gethostbyname_ex(socket.gethostname())[2] if not ip.startswith("127.")][:1])
c.JupyterHub.hub_ip = ips[0] c.JupyterHub.hub_ip = ips[0]
# c.JupyterHub.authenticator_class = 'oauthenticator.{}'.format(auth_class_name)
c.JupyterHub.authenticator_class = 'oauthenticator.LocalGitHubOAuthenticator' c.JupyterHub.authenticator_class = OAUTH_CLASS
c.LocalGitHubOAuthenticator.create_system_users = True # auth_class = getattr(c, 'auth_class_name')
# auth_class = getattr(c, 'GitHubOAuthenticator')
# auth_class.oauth_callback_url = os.environ['OAUTH_CALLBACK_URL']
# auth_class = getattr(c, auth_short_name)
# auth_class.create_system_users = False
c.Authenticator.whitelist = whitelist = set() c.Authenticator.whitelist = whitelist = set()
c.Authenticator.admin_users = admin = set() c.Authenticator.admin_users = admin = PREADMINS
join = os.path.join
here = os.path.dirname(__file__)
root = os.environ.get('OAUTHENTICATOR_DIR', here)
sys.path.insert(0, root)
with open(join(root, 'userlist')) as f:
for line in f:
if not line:
continue
parts = line.split()
name = parts[0]
whitelist.add(name)
if len(parts) > 1 and parts[1] == 'admin':
admin.add(name)
c.GitHubOAuthenticator.oauth_callback_url = os.environ['OAUTH_CALLBACK_URL']
# ssl config # ssl config
ssl = join(root, 'ssl') ssl = join(root, 'ssl')
keyfile = join(ssl, 'ssl.key') keyfile = join(ssl, 'ssl.key')
@ -49,3 +51,5 @@ if os.path.exists(keyfile):
c.JupyterHub.ssl_key = keyfile c.JupyterHub.ssl_key = keyfile
if os.path.exists(certfile): if os.path.exists(certfile):
c.JupyterHub.ssl_cert = certfile c.JupyterHub.ssl_cert = certfile
# load_from_json()

View File

@ -1,21 +0,0 @@
jochoaserna
SergioML9
emilioserra
oaraque admin
Drozzer
constanr
antoniom-diaz
Lorena25
NachoCP
rodbarest
alvarocarrera
gpoveda
hopple
AlbertoED
sunshengjing
balkian admin
pepos
antoniofll
enriquecs
miguelcb84
JesusMSM