zhangyiss/the-littlest-jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/the-littlest-jupyterhub.git synced 2025-12-18 21:54:05 +08:00
Code Issues Packages Projects Releases Wiki Activity

move proxy secret to state dir

Browse Source
This commit is contained in:
Min RK
2018-07-17 08:36:06 -07:00
parent 54532997d5
commit 24b535d524
3 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
tljh/installer.py
View File

@@ -14,6 +14,8 @@ INSTALL_PREFIX = os.environ.get('TLJH_INSTALL_PREFIX', '/opt/tljh')
HUB_ENV_PREFIX = os.path.join(INSTALL_PREFIX, 'hub') HUB_ENV_PREFIX = os.path.join(INSTALL_PREFIX, 'hub')
USER_ENV_PREFIX = os.path.join(INSTALL_PREFIX, 'user') USER_ENV_PREFIX = os.path.join(INSTALL_PREFIX, 'user')
STATE_DIR = os.path.join(HUB_ENV_PREFIX, 'state')
HERE = os.path.abspath(os.path.dirname(__file__)) HERE = os.path.abspath(os.path.dirname(__file__))
rt_yaml = YAML() rt_yaml = YAML()
@@ -38,16 +40,16 @@ def ensure_jupyterhub_service(prefix):
systemd.install_unit('jupyterhub.service', hub_unit_template.format(**unit_params)) systemd.install_unit('jupyterhub.service', hub_unit_template.format(**unit_params))
systemd.reload_daemon() systemd.reload_daemon()
os.makedirs(STATE_DIR, mode=0o700, exist_ok=True)
# Set up proxy / hub secret oken if it is not already setup # Set up proxy / hub secret oken if it is not already setup
# FIXME: Check umask here properly proxy_secret_path = os.path.join(STATE_DIR, 'configurable-http-proxy.secret')
proxy_secret_path = os.path.join(INSTALL_PREFIX, 'configurable-http-proxy.secret')
if not os.path.exists(proxy_secret_path): if not os.path.exists(proxy_secret_path):
with open(proxy_secret_path, 'w') as f: with open(proxy_secret_path, 'w') as f:
f.write('CONFIGPROXY_AUTH_TOKEN=' + secrets.token_hex(32)) f.write('CONFIGPROXY_AUTH_TOKEN=' + secrets.token_hex(32))
# If we are changing CONFIGPROXY_AUTH_TOKEN, restart configurable-http-proxy! # If we are changing CONFIGPROXY_AUTH_TOKEN, restart configurable-http-proxy!
systemd.restart_service('configurable-http-proxy') systemd.restart_service('configurable-http-proxy')
os.makedirs(os.path.join(INSTALL_PREFIX, 'hub', 'state'), mode=0o700, exist_ok=True)
# Start CHP if it has already not been started # Start CHP if it has already not been started
systemd.start_service('configurable-http-proxy') systemd.start_service('configurable-http-proxy')
# If JupyterHub is running, we want to restart it. # If JupyterHub is running, we want to restart it.

2
tljh/systemd-units/configurable-http-proxy.service
View File

@@ -14,7 +14,7 @@ PrivateTmp=yes
PrivateDevices=yes PrivateDevices=yes
ProtectKernelTunables=yes ProtectKernelTunables=yes
ProtectKernelModules=yes ProtectKernelModules=yes
EnvironmentFile={install_prefix}/configurable-http-proxy.secret EnvironmentFile={install_prefix}/hub/state/configurable-http-proxy.secret
# Set PATH so env can find correct node # Set PATH so env can find correct node
Environment=PATH=$PATH:{install_prefix}/hub/bin Environment=PATH=$PATH:{install_prefix}/hub/bin
ExecStart={install_prefix}/hub/bin/configurable-http-proxy \ ExecStart={install_prefix}/hub/bin/configurable-http-proxy \

2
tljh/systemd-units/jupyterhub.service
View File

@@ -17,7 +17,7 @@ PrivateDevices=yes
ProtectKernelTunables=yes ProtectKernelTunables=yes
ProtectKernelModules=yes ProtectKernelModules=yes
# Source CONFIGPROXY_AUTH_TOKEN from here! # Source CONFIGPROXY_AUTH_TOKEN from here!
EnvironmentFile={install_prefix}/configurable-http-proxy.secret EnvironmentFile={install_prefix}/hub/state/configurable-http-proxy.secret
Environment=TLJH_INSTALL_PREFIX={install_prefix} Environment=TLJH_INSTALL_PREFIX={install_prefix}
ExecStart={python_interpreter_path} -m jupyterhub.app -f {jupyterhub_config_path} ExecStart={python_interpreter_path} -m jupyterhub.app -f {jupyterhub_config_path}