From 7be39b76cddcc9ae9af601467df96975646b0192 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=2E=20Fernando=20S=C3=A1nchez?= Date: Wed, 13 Apr 2016 17:38:30 +0200 Subject: [PATCH] First commit --- .dockerignore | 1 + Dockerfile | 26 ++++++++++++++++++++++ README.md | 42 ++++++++++++++++++++++++++++++++++++ addusers.sh | 17 +++++++++++++++ env | 5 +++++ jupyterhub_config.py | 51 ++++++++++++++++++++++++++++++++++++++++++++ ssl/README.md | 3 +++ userlist | 36 +++++++++++++++++++++++++++++++ 8 files changed, 181 insertions(+) create mode 100644 .dockerignore create mode 100644 Dockerfile create mode 100644 README.md create mode 100644 addusers.sh create mode 100644 env create mode 100644 jupyterhub_config.py create mode 100644 ssl/README.md create mode 100644 userlist diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..0a764a4 --- /dev/null +++ b/.dockerignore @@ -0,0 +1 @@ +env diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..fa27972 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,26 @@ +# Designed to be run as +# +# docker run -it -p 8000:8000 jupyter/oauthenticator + +FROM jupyter/jupyterhub + +MAINTAINER Project Jupyter + +# Install oauthenticator from git +RUN pip install git+git://github.com/jupyter/oauthenticator.git +RUN pip install git+git://github.com/jupyter/dockerspawner.git + +# Create oauthenticator directory and put necessary files in it +RUN mkdir /srv/oauthenticator +WORKDIR /srv/oauthenticator +ENV OAUTHENTICATOR_DIR /srv/oauthenticator +ADD addusers.sh /srv/oauthenticator/addusers.sh +ADD userlist /srv/oauthenticator/userlist +ADD ssl /srv/oauthenticator/ssl +RUN chmod 700 /srv/oauthenticator +RUN groupadd hubadmin +RUN echo "%hubadmin ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers + +VOLUME /home + +RUN ["sh", "/srv/oauthenticator/addusers.sh"] diff --git a/README.md b/README.md new file mode 100644 index 0000000..8adcfd4 --- /dev/null +++ b/README.md @@ -0,0 +1,42 @@ +# OAuthenticator + +Example of running [JupyterHub](https://github.com/jupyter/jupyterhub) +with [GitHub OAuth](https://developer.github.com/v3/oauth/) for authentication. + +## setup + +Edit the file called `userlist` to include one GitHub user name per line. +If that user should be an admin (you!), add `admin` after a space. + +For example: + +``` +mal admin +zoe admin +wash +inara admin +kaylee +jayne +simon +river +``` + +## build + +Build the container with: + + docker build -t jupyter/oauthenticator . + +### ssl + +To run the server on HTTPS, put your ssl key and cert in ssl/ssl.key and +ssl/ssl.cert. + +## run + +Add your oauth client id, client secret, and callback URL to the `env file`. +Once you have built the container, you can run it with: + + docker run -it -p 8000:8000 --env-file=env jupyter/oauthenticator + +Which will run the Jupyter server. diff --git a/addusers.sh b/addusers.sh new file mode 100644 index 0000000..39416e9 --- /dev/null +++ b/addusers.sh @@ -0,0 +1,17 @@ +#!/bin/sh + +IFS=" +" +for line in `cat userlist`; do + test -z "$line" && continue + user=`echo $line | cut -f 1 -d' '` + admin=`echo $line | cut -f 2 -d' '` + echo "adding user $user" + useradd -m -s /bin/bash $user + if [ "$admin" = "admin" ]; then + echo "Making $user admin" + usermod -a -G hubadmin $user + fi + #cp -r /srv/ipython/examples /shared/$user/examples + #chown -R $user /home/$user/examples +done diff --git a/env b/env new file mode 100644 index 0000000..9f32b5c --- /dev/null +++ b/env @@ -0,0 +1,5 @@ +# add your github oauth config to this file, +# and run the container with `docker run -it -p 9000:8000 --env-file=env jupyter/oauthenticator` +GITHUB_CLIENT_ID= +GITHUB_CLIENT_SECRET= +OAUTH_CALLBACK_URL= diff --git a/jupyterhub_config.py b/jupyterhub_config.py new file mode 100644 index 0000000..4dda388 --- /dev/null +++ b/jupyterhub_config.py @@ -0,0 +1,51 @@ +# Configuration file for Jupyter Hub + +import os +import sys + +c = get_config() + +c.JupyterHub.log_level = 10 +c.JupyterHub.spawner_class = 'dockerspawner.SystemUserSpawner' +c.DockerSpawner.container_image = 'jupyter/scipy-singleuser' +c.DockerSpawner.use_internal_ip = True + +c.SystemUserSpawner.host_homedir_format_string = '/data/shared/{username}' + +import socket +ips = ([ip for ip in socket.gethostbyname_ex(socket.gethostname())[2] if not ip.startswith("127.")][:1]) +c.JupyterHub.hub_ip = ips[0] + + +c.JupyterHub.authenticator_class = 'oauthenticator.LocalGitHubOAuthenticator' +c.LocalGitHubOAuthenticator.create_system_users = True + +c.Authenticator.whitelist = whitelist = set() +c.Authenticator.admin_users = admin = set() + +join = os.path.join + +here = os.path.dirname(__file__) +root = os.environ.get('OAUTHENTICATOR_DIR', here) +sys.path.insert(0, root) + +with open(join(root, 'userlist')) as f: + for line in f: + if not line: + continue + parts = line.split() + name = parts[0] + whitelist.add(name) + if len(parts) > 1 and parts[1] == 'admin': + admin.add(name) + +c.GitHubOAuthenticator.oauth_callback_url = os.environ['OAUTH_CALLBACK_URL'] + +# ssl config +ssl = join(root, 'ssl') +keyfile = join(ssl, 'ssl.key') +certfile = join(ssl, 'ssl.cert') +if os.path.exists(keyfile): + c.JupyterHub.ssl_key = keyfile +if os.path.exists(certfile): + c.JupyterHub.ssl_cert = certfile diff --git a/ssl/README.md b/ssl/README.md new file mode 100644 index 0000000..342fbfe --- /dev/null +++ b/ssl/README.md @@ -0,0 +1,3 @@ +If you want the server to run with SSL, +put an SSL cert here in `ssl.cert` +and an SSL key in `ssl.key` diff --git a/userlist b/userlist new file mode 100644 index 0000000..c0aeb58 --- /dev/null +++ b/userlist @@ -0,0 +1,36 @@ +balkian admin +cif2cif admin +nachtkatze admin +adri87 +AlbertoED +alejandroSaura +allopezf +alvarocarrera +amardomingo +antoniom-diaz +arturomtm +Batlin +carloscrespog +constanr +DanielLara +dmorenob +emilioserra +enriquecs +gpoveda +gsi-bot +hopple +javiherrera +JesusMSM +Krun +ladvan +miguelcb84 +mtorresl +NachoCP +neburdv +neoner2002 +pmoncadaisla +RBermejo +rmaestre +rongil +sunshengjing +toniprada