zhangyiss/the-littlest-jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/the-littlest-jupyterhub.git synced 2025-12-18 21:54:05 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
c2c4d708f52f611110aa640ea5b35a6e07f90d9a
the-littlest-jupyterhub/tljh/configurer.py

328 lines
8.6 KiB
Python
Raw Normal View History

Load user lists & auth config from a YAML file - Load config only once at startup. A lot of jupyterhub config (like user lists) take effect only at startup, so live reload is not super useful. It will make the software more complex, so let's not do it. - Add pyyaml as a dependency of tljh. - Remove escapism dependency since it is not actually used
2018-06-27 01:18:07 -07:00
"""
Parse YAML config file & update JupyterHub config.
Config should never append or mutate, only set. Functions here could
be called many times per lifetime of a jupyterhub.
Traitlets that modify the startup of JupyterHub should not be here.
FIXME: A strong feeling that JSON Schema should be involved somehow.
"""
add load_config top-level function to configurer for easy loading of the full config
2018-07-21 00:18:58 -07:00
import os
Added Idle Culler
2019-06-06 16:52:04 +03:00
import sys
add load_config top-level function to configurer for easy loading of the full config
2018-07-21 00:18:58 -07:00
Generate random traefik api password
2019-02-13 14:10:28 +02:00
from .config import CONFIG_FILE, STATE_DIR
single yaml implementation consolidate to a single yaml implementation, removing pyyaml
2019-02-11 13:27:08 +01:00
from .yaml import yaml
add load_config top-level function to configurer for easy loading of the full config
2018-07-21 00:18:58 -07:00
Load user lists & auth config from a YAML file - Load config only once at startup. A lot of jupyterhub config (like user lists) take effect only at startup, so live reload is not super useful. It will make the software more complex, so let's not do it. - Add pyyaml as a dependency of tljh. - Remove escapism dependency since it is not actually used
2018-06-27 01:18:07 -07:00
# Default configuration for tljh
# User provided config is merged into this
default = {
Adding update_base_url from tljh config
2020-10-19 19:48:23 +02:00
'base_url': '/',
Load user lists & auth config from a YAML file - Load config only once at startup. A lot of jupyterhub config (like user lists) take effect only at startup, so live reload is not super useful. It will make the software more complex, so let's not do it. - Add pyyaml as a dependency of tljh. - Remove escapism dependency since it is not actually used
2018-06-27 01:18:07 -07:00
'auth': {
Do not special case *any* authenticator No two ways to set authenticator options - just one way. It's slightly 'ugly' because of the mixing of camel case & snake case, but is worth the massive reductions in complexity!
2018-07-16 16:05:44 -07:00
'type': 'firstuseauthenticator.FirstUseAuthenticator',
'FirstUseAuthenticator': {
Dynamically set authenticator properties from YAML We don't wanna explicitly map keys from the YAML to traitlet config for the authentication - that's a lot of busywork for no gain. We instead switch to using snake_case everywhere, and dynamically set traitlet config from YAML config!
2018-07-15 13:40:17 -07:00
'create_users': False
Disable user creation by default With firstuseauthenticator, users need to be manually created in the admin console before they can log in. This makes for a far more secure default experience.
2018-07-03 16:28:20 -07:00
}
Load user lists & auth config from a YAML file - Load config only once at startup. A lot of jupyterhub config (like user lists) take effect only at startup, so live reload is not super useful. It will make the software more complex, so let's not do it. - Add pyyaml as a dependency of tljh. - Remove escapism dependency since it is not actually used
2018-06-27 01:18:07 -07:00
},
'users': {
'allowed': [],
'banned': [],
Add traefik in front of CHP introduces configuration for manual tls and letsencrypt
2018-07-21 00:20:29 -07:00
'admin': [],
Renamed group config option
2019-06-21 11:38:26 +03:00
'extra_user_groups': {}
Support user resource limits Set default limit to 1G. Possibly controversial!
2018-06-27 01:30:34 -07:00
},
'limits': {
Don't set a memory limit by default Users should set up their own memory limits after install. Better than a surprise when they try using more than 1G.
2018-08-23 07:12:07 -04:00
'memory': None,
Add traefik in front of CHP introduces configuration for manual tls and letsencrypt
2018-07-21 00:20:29 -07:00
'cpu': None,
},
'http': {
'port': 80,
},
'https': {
'enabled': False,
'port': 443,
'tls': {
'cert': '',
'key': '',
},
'letsencrypt': {
'email': '',
'domains': [],
},
Allow configuring default notebook interface from config.yaml Also fix bug in how overrides were being done in config.yaml
2018-06-29 00:47:08 -07:00
},
move generating traefik basic auth to traefik.py compute this when we write the template, not when we load config
2019-02-22 10:53:36 +01:00
'traefik_api': {
Fixed some issues
2019-02-11 09:24:16 +02:00
'ip': "127.0.0.1",
'port': 8099,
'username': 'api_admin',
Generate random traefik api password
2019-02-13 14:10:28 +02:00
'password': '',
Fixed some issues
2019-02-11 09:24:16 +02:00
},
Dynamically set authenticator properties from YAML We don't wanna explicitly map keys from the YAML to traitlet config for the authentication - that's a lot of busywork for no gain. We instead switch to using snake_case everywhere, and dynamically set traitlet config from YAML config!
2018-07-15 13:40:17 -07:00
'user_environment': {
Add traefik in front of CHP introduces configuration for manual tls and letsencrypt
2018-07-21 00:20:29 -07:00
'default_app': 'classic',
},
Added Idle Culler
2019-06-06 16:52:04 +03:00
'services': {
'cull': {
'enabled': True,
'timeout': 600,
'every': 60,
'concurrency': 5,
'users': False,
'max_age': 0
Add the jupyterhub-configurator service
2021-04-01 14:26:54 +03:00
},
'configurator': {
Make configurator disabled by default
2021-04-05 21:42:01 +03:00
'enabled': False
Added Idle Culler
2019-06-06 16:52:04 +03:00
}
}
Load user lists & auth config from a YAML file - Load config only once at startup. A lot of jupyterhub config (like user lists) take effect only at startup, so live reload is not super useful. It will make the software more complex, so let's not do it. - Add pyyaml as a dependency of tljh. - Remove escapism dependency since it is not actually used
2018-06-27 01:18:07 -07:00
}
Adding update_base_url from tljh config
2020-10-19 19:48:23 +02:00
add load_config top-level function to configurer for easy loading of the full config
2018-07-21 00:18:58 -07:00
def load_config(config_file=CONFIG_FILE):
"""Load the current config as a dictionary
merges overrides from config.yaml with default config
"""
if os.path.exists(config_file):
with open(config_file) as f:
single yaml implementation consolidate to a single yaml implementation, removing pyyaml
2019-02-11 13:27:08 +01:00
config_overrides = yaml.load(f)
add load_config top-level function to configurer for easy loading of the full config
2018-07-21 00:18:58 -07:00
else:
config_overrides = {}
Fixed some issues
2019-02-11 09:24:16 +02:00
add load_secrets as an explicit stage during load_config rather than applying directly to defaults, which should be left static
2019-02-22 11:41:50 +01:00
secrets = load_secrets()
config = _merge_dictionaries(dict(default), secrets)
config = _merge_dictionaries(config, config_overrides)
return config
add load_config top-level function to configurer for easy loading of the full config
2018-07-21 00:18:58 -07:00
Dynamically set authenticator properties from YAML We don't wanna explicitly map keys from the YAML to traitlet config for the authentication - that's a lot of busywork for no gain. We instead switch to using snake_case everywhere, and dynamically set traitlet config from YAML config!
2018-07-15 13:40:17 -07:00
def apply_config(config_overrides, c):
"""
Merge config_overrides with config defaults & apply to JupyterHub config c
"""
tljh_config = _merge_dictionaries(dict(default), config_overrides)
Load user lists & auth config from a YAML file - Load config only once at startup. A lot of jupyterhub config (like user lists) take effect only at startup, so live reload is not super useful. It will make the software more complex, so let's not do it. - Add pyyaml as a dependency of tljh. - Remove escapism dependency since it is not actually used
2018-06-27 01:18:07 -07:00
Adding update_base_url from tljh config
2020-10-19 19:48:23 +02:00
update_base_url(c, tljh_config)
Support user resource limits Set default limit to 1G. Possibly controversial!
2018-06-27 01:30:34 -07:00
update_auth(c, tljh_config)
update_userlists(c, tljh_config)
Allow adding users to specific groups
2019-06-20 21:54:51 +03:00
update_usergroups(c, tljh_config)
Support user resource limits Set default limit to 1G. Possibly controversial!
2018-06-27 01:30:34 -07:00
update_limits(c, tljh_config)
Allow configuring default notebook interface from config.yaml Also fix bug in how overrides were being done in config.yaml
2018-06-29 00:47:08 -07:00
update_user_environment(c, tljh_config)
Prefix user accounts we create - Helps protect against users named 'root' - Makes it clearer that you should not rely on these users for general PAM work, because they are prefixed. Fixes #9
2018-07-12 13:33:24 -07:00
update_user_account_config(c, tljh_config)
move generating traefik basic auth to traefik.py compute this when we write the template, not when we load config
2019-02-22 10:53:36 +01:00
update_traefik_api(c, tljh_config)
Added Idle Culler
2019-06-06 16:52:04 +03:00
update_services(c, tljh_config)
Load user lists & auth config from a YAML file - Load config only once at startup. A lot of jupyterhub config (like user lists) take effect only at startup, so live reload is not super useful. It will make the software more complex, so let's not do it. - Add pyyaml as a dependency of tljh. - Remove escapism dependency since it is not actually used
2018-06-27 01:18:07 -07:00
Dynamically set authenticator properties from YAML We don't wanna explicitly map keys from the YAML to traitlet config for the authentication - that's a lot of busywork for no gain. We instead switch to using snake_case everywhere, and dynamically set traitlet config from YAML config!
2018-07-15 13:40:17 -07:00
def set_if_not_none(parent, key, value):
"""
Set attribute 'key' on parent if value is not None
"""
if value is not None:
setattr(parent, key, value)
add load_secrets as an explicit stage during load_config rather than applying directly to defaults, which should be left static
2019-02-22 11:41:50 +01:00
def load_traefik_api_credentials():
"""Load traefik api secret from a file"""
Generate random traefik api password
2019-02-13 14:10:28 +02:00
proxy_secret_path = os.path.join(STATE_DIR, 'traefik-api.secret')
add load_secrets as an explicit stage during load_config rather than applying directly to defaults, which should be left static
2019-02-22 11:41:50 +01:00
if not os.path.exists(proxy_secret_path):
return {}
pyupgrade fixes
2021-10-31 11:26:40 +01:00
with open(proxy_secret_path) as f:
Generate random traefik api password
2019-02-13 14:10:28 +02:00
password = f.read()
add load_secrets as an explicit stage during load_config rather than applying directly to defaults, which should be left static
2019-02-22 11:41:50 +01:00
return {
'traefik_api': {
'password': password,
}
}
Fixed some issues
2019-02-11 09:24:16 +02:00
add load_secrets as an explicit stage during load_config rather than applying directly to defaults, which should be left static
2019-02-22 11:41:50 +01:00
def load_secrets():
"""Load any secret values stored on disk
Returns dict to be merged into config during load
"""
config = {}
config = _merge_dictionaries(config, load_traefik_api_credentials())
return config
Fixed some issues
2019-02-11 09:24:16 +02:00
Dynamically set authenticator properties from YAML We don't wanna explicitly map keys from the YAML to traitlet config for the authentication - that's a lot of busywork for no gain. We instead switch to using snake_case everywhere, and dynamically set traitlet config from YAML config!
2018-07-15 13:40:17 -07:00
Adding update_base_url from tljh config
2020-10-19 19:48:23 +02:00
def update_base_url(c, config):
"""
Update base_url of JupyterHub through tljh config
"""
c.JupyterHub.base_url = config['base_url']
Load user lists & auth config from a YAML file - Load config only once at startup. A lot of jupyterhub config (like user lists) take effect only at startup, so live reload is not super useful. It will make the software more complex, so let's not do it. - Add pyyaml as a dependency of tljh. - Remove escapism dependency since it is not actually used
2018-06-27 01:18:07 -07:00
def update_auth(c, config):
"""
Apply TLJH auth config with less assumptions
2021-10-20 20:40:33 +02:00
Set auth related configuration from YAML config file.
As an example, this function should update the following TLJH auth
configuration:
```yaml
auth:
type: oauthenticator.github.GitHubOAuthenticator
GitHubOAuthenticator:
client_id: "..."
client_secret: "..."
oauth_callback_url: "..."
remove addressed FIXMEs in update_auth These are both addressed by the use of traitlets.config - an informative error is raised if the auth class cannot be imported - only configurable traits can be set, not any attribute on any object also fix a couple of typos in the docstring that I introduced during review
2021-10-27 09:11:44 +02:00
ArbitraryClass:
Apply TLJH auth config with less assumptions
2021-10-20 20:40:33 +02:00
arbitrary_key: "..."
arbitrary_key_with_none_value:
```
by applying the following configuration:
```python
c.JupyterHub.authenticator_class = "oauthenticator.github.GitHubOAuthenticator"
c.GitHubOAuthenticator.client_id = "..."
c.GitHubOAuthenticator.client_secret = "..."
c.GitHubOAuthenticator.oauth_callback_url = "..."
remove addressed FIXMEs in update_auth These are both addressed by the use of traitlets.config - an informative error is raised if the auth class cannot be imported - only configurable traits can be set, not any attribute on any object also fix a couple of typos in the docstring that I introduced during review
2021-10-27 09:11:44 +02:00
c.ArbitraryClass.arbitrary_key = "..."
Apply TLJH auth config with less assumptions
2021-10-20 20:40:33 +02:00
```
remove addressed FIXMEs in update_auth These are both addressed by the use of traitlets.config - an informative error is raised if the auth class cannot be imported - only configurable traits can be set, not any attribute on any object also fix a couple of typos in the docstring that I introduced during review
2021-10-27 09:11:44 +02:00
Note that "auth.type" and "auth.ArbitraryClass.arbitrary_key_with_none_value"
Apply TLJH auth config with less assumptions
2021-10-20 20:40:33 +02:00
are treated a bit differently. auth.type will always map to
c.JupyterHub.authenticator_class and any configured value being None won't
be set.
Load user lists & auth config from a YAML file - Load config only once at startup. A lot of jupyterhub config (like user lists) take effect only at startup, so live reload is not super useful. It will make the software more complex, so let's not do it. - Add pyyaml as a dependency of tljh. - Remove escapism dependency since it is not actually used
2018-06-27 01:18:07 -07:00
"""
Apply TLJH auth config with less assumptions
2021-10-20 20:40:33 +02:00
tljh_auth_config = config['auth']
Add back FIXME notes unchanged
2021-10-27 00:15:26 +02:00
Apply TLJH auth config with less assumptions
2021-10-20 20:40:33 +02:00
c.JupyterHub.authenticator_class = tljh_auth_config['type']
for auth_key, auth_value in tljh_auth_config.items():
Apply suggestions from code review Co-authored-by: Min RK <benjaminrk@gmail.com>
2021-10-22 15:32:45 +02:00
if not (auth_key[0] == auth_key[0].upper() and isinstance(auth_value, dict)):
raise on ignored config in auth Co-authored-by: Erik Sundell <erik.i.sundell@gmail.com>
2021-10-27 08:46:46 +02:00
if auth_key == 'type':
continue
raise ValueError(f"Error: auth.{auth_key} was ignored, it didn't look like a valid configuration")
Apply suggestions from code review Co-authored-by: Min RK <benjaminrk@gmail.com>
2021-10-22 15:32:45 +02:00
class_name = auth_key
class_config_to_set = auth_value
class_config = c[class_name]
for config_name, config_value in class_config_to_set.items():
set_if_not_none(class_config, config_name, config_value)
Load user lists & auth config from a YAML file - Load config only once at startup. A lot of jupyterhub config (like user lists) take effect only at startup, so live reload is not super useful. It will make the software more complex, so let's not do it. - Add pyyaml as a dependency of tljh. - Remove escapism dependency since it is not actually used
2018-06-27 01:18:07 -07:00
def update_userlists(c, config):
"""
Set user whitelists & admin lists
"""
users = config['users']
Add the jupyterhub-configurator service
2021-04-01 14:26:54 +03:00
c.Authenticator.allowed_users = set(users['allowed'])
c.Authenticator.blocked_users = set(users['banned'])
Load user lists & auth config from a YAML file - Load config only once at startup. A lot of jupyterhub config (like user lists) take effect only at startup, so live reload is not super useful. It will make the software more complex, so let's not do it. - Add pyyaml as a dependency of tljh. - Remove escapism dependency since it is not actually used
2018-06-27 01:18:07 -07:00
c.Authenticator.admin_users = set(users['admin'])
Allow adding users to specific groups
2019-06-20 21:54:51 +03:00
def update_usergroups(c, config):
"""
Set user groups
"""
users = config['users']
Renamed group config option
2019-06-21 11:38:26 +03:00
c.UserCreatingSpawner.user_groups = users['extra_user_groups']
Allow adding users to specific groups
2019-06-20 21:54:51 +03:00
Support user resource limits Set default limit to 1G. Possibly controversial!
2018-06-27 01:30:34 -07:00
def update_limits(c, config):
"""
Set user server limits
"""
limits = config['limits']
Use c.Spawner to set mem_limit & cpu_limit mem_limit & cpu_limit are traitlets on the parent Spawner class. Setting these here allows plugins to do the dangerous job of swapping the SystemdSpawner out for something else
2019-05-18 13:43:34 -07:00
c.Spawner.mem_limit = limits['memory']
c.Spawner.cpu_limit = limits['cpu']
Support user resource limits Set default limit to 1G. Possibly controversial!
2018-06-27 01:30:34 -07:00
Allow configuring default notebook interface from config.yaml Also fix bug in how overrides were being done in config.yaml
2018-06-29 00:47:08 -07:00
def update_user_environment(c, config):
"""
Set user environment configuration
"""
Dynamically set authenticator properties from YAML We don't wanna explicitly map keys from the YAML to traitlet config for the authentication - that's a lot of busywork for no gain. We instead switch to using snake_case everywhere, and dynamically set traitlet config from YAML config!
2018-07-15 13:40:17 -07:00
user_env = config['user_environment']
Allow configuring default notebook interface from config.yaml Also fix bug in how overrides were being done in config.yaml
2018-06-29 00:47:08 -07:00
# Set default application users are launched into
Dynamically set authenticator properties from YAML We don't wanna explicitly map keys from the YAML to traitlet config for the authentication - that's a lot of busywork for no gain. We instead switch to using snake_case everywhere, and dynamically set traitlet config from YAML config!
2018-07-15 13:40:17 -07:00
if user_env['default_app'] == 'jupyterlab':
Allow configuring default notebook interface from config.yaml Also fix bug in how overrides were being done in config.yaml
2018-06-29 00:47:08 -07:00
c.Spawner.default_url = '/lab'
Dynamically set authenticator properties from YAML We don't wanna explicitly map keys from the YAML to traitlet config for the authentication - that's a lot of busywork for no gain. We instead switch to using snake_case everywhere, and dynamically set traitlet config from YAML config!
2018-07-15 13:40:17 -07:00
elif user_env['default_app'] == 'nteract':
Allow configuring default notebook interface from config.yaml Also fix bug in how overrides were being done in config.yaml
2018-06-29 00:47:08 -07:00
c.Spawner.default_url = '/nteract'
Prefix user accounts we create - Helps protect against users named 'root' - Makes it clearer that you should not rely on these users for general PAM work, because they are prefixed. Fixes #9
2018-07-12 13:33:24 -07:00
def update_user_account_config(c, config):
c.SystemdSpawner.username_template = 'jupyter-{USERNAME}'
move generating traefik basic auth to traefik.py compute this when we write the template, not when we load config
2019-02-22 10:53:36 +01:00
def update_traefik_api(c, config):
Fixed some issues
2019-02-11 09:24:16 +02:00
"""
Set traefik api endpoint credentials
"""
move generating traefik basic auth to traefik.py compute this when we write the template, not when we load config
2019-02-22 10:53:36 +01:00
c.TraefikTomlProxy.traefik_api_username = config['traefik_api']['username']
c.TraefikTomlProxy.traefik_api_password = config['traefik_api']['password']
Fixed some issues
2019-02-11 09:24:16 +02:00
Enforce the type of idle culler options
2019-06-12 17:05:01 +03:00
def set_cull_idle_service(config):
Added Idle Culler
2019-06-06 16:52:04 +03:00
"""
Set Idle Culler service
"""
cull_cmd = [
Adding update_base_url from tljh config
2020-10-19 19:48:23 +02:00
sys.executable, '-m', 'jupyterhub_idle_culler'
Added Idle Culler
2019-06-06 16:52:04 +03:00
]
Enforce the type of idle culler options
2019-06-12 17:05:01 +03:00
cull_config = config['services']['cull']
print()
Added Idle Culler
2019-06-06 16:52:04 +03:00
Enforce the type of idle culler options
2019-06-12 17:05:01 +03:00
cull_cmd += ['--timeout=%d' % cull_config['timeout']]
cull_cmd += ['--cull-every=%d' % cull_config['every']]
cull_cmd += ['--concurrency=%d' % cull_config['concurrency']]
cull_cmd += ['--max-age=%d' % cull_config['max_age']]
if cull_config['users']:
cull_cmd += ['--cull-users']
Added Idle Culler
2019-06-06 16:52:04 +03:00
cull_service = {
'name': 'cull-idle',
'admin': True,
'command': cull_cmd,
}
return cull_service
Add the jupyterhub-configurator service
2021-04-01 14:26:54 +03:00
def set_configurator(config):
"""
Set the JupyterHub Configurator service
"""
HERE = os.path.abspath(os.path.dirname(__file__))
configurator_cmd = [
sys.executable, "-m", "jupyterhub_configurator.app",
f"--Configurator.config_file={HERE}/jupyterhub_configurator_config.py"
]
configurator_service = {
'name': 'configurator',
'url': 'http://127.0.0.1:10101',
'command': configurator_cmd,
}
return configurator_service
Added Idle Culler
2019-06-06 16:52:04 +03:00
def update_services(c, config):
Fix services init
2019-06-06 17:42:10 +03:00
c.JupyterHub.services = []
Add the jupyterhub-configurator service
2021-04-01 14:26:54 +03:00
Fix services init
2019-06-06 17:42:10 +03:00
if config['services']['cull']['enabled']:
Enforce the type of idle culler options
2019-06-12 17:05:01 +03:00
c.JupyterHub.services.append(set_cull_idle_service(config))
Add the jupyterhub-configurator service
2021-04-01 14:26:54 +03:00
if config['services']['configurator']['enabled']:
c.JupyterHub.services.append(set_configurator(config))
Added Idle Culler
2019-06-06 16:52:04 +03:00
Load user lists & auth config from a YAML file - Load config only once at startup. A lot of jupyterhub config (like user lists) take effect only at startup, so live reload is not super useful. It will make the software more complex, so let's not do it. - Add pyyaml as a dependency of tljh. - Remove escapism dependency since it is not actually used
2018-06-27 01:18:07 -07:00
def _merge_dictionaries(a, b, path=None, update=True):
"""
Merge two dictionaries recursively.
Don't handle merging lists Doesn't work clearly
2018-07-10 11:45:07 -07:00
From https://stackoverflow.com/a/7205107
Load user lists & auth config from a YAML file - Load config only once at startup. A lot of jupyterhub config (like user lists) take effect only at startup, so live reload is not super useful. It will make the software more complex, so let's not do it. - Add pyyaml as a dependency of tljh. - Remove escapism dependency since it is not actually used
2018-06-27 01:18:07 -07:00
"""
if path is None:
path = []
for key in b:
if key in a:
if isinstance(a[key], dict) and isinstance(b[key], dict):
_merge_dictionaries(a[key], b[key], path + [str(key)])
elif a[key] == b[key]:
pass # same leaf value
elif update:
a[key] = b[key]
else:
raise Exception('Conflict at %s' % '.'.join(path + [str(key)]))
else:
a[key] = b[key]
return a
Reference in New Issue Copy Permalink