From e56aa52739fa592cc114ccd8d640d51e6cd6d2be Mon Sep 17 00:00:00 2001 From: ciangottini Date: Thu, 26 May 2022 09:57:07 +0200 Subject: [PATCH] fix child process values --- stable/analysis-facility/Chart.yaml | 2 +- stable/analysis-facility/values.yaml | 992 +++++++++++++-------------- 2 files changed, 497 insertions(+), 497 deletions(-) diff --git a/stable/analysis-facility/Chart.yaml b/stable/analysis-facility/Chart.yaml index 55ab832..26fe733 100644 --- a/stable/analysis-facility/Chart.yaml +++ b/stable/analysis-facility/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: stable apiVersion: v1 name: af -version: 0.0.5 +version: 0.0.6 appVersion: 0.0.0 description: CMS INFN Analysis Facility umbrella chart keywords: diff --git a/stable/analysis-facility/values.yaml b/stable/analysis-facility/values.yaml index dbc6dc7..382b512 100644 --- a/stable/analysis-facility/values.yaml +++ b/stable/analysis-facility/values.yaml @@ -1,545 +1,545 @@ -htcondor: - - cluster: - secret: - - schedd: - enabled: true - mapfile: | - PASSWORD (*.) condor - GSI (.*) anonymous - extraconfig: "" - hostname: .myip.cloud.infn.it - service: - type: NodePort - nodePort: 31618 - targetPort: 31618 - image: - name: ghcr.io/comp-dev-cms-ita/htcondor-schedd - tag: "v2.0.0-pre1" - pullPolicy: IfNotPresent - persistence: - spooldir: - enabled: true - storageClass: rook-cephfs - size: 40Gi - requests: - memory: "500M" - cpu: "100m" - - master: - enabled: true - publicIP: - extraconfig: "" - hostname: .myip.cloud.infn.it - service: - type: NodePort - nodePort: 30618 - targetPort: 30618 - image: - name: dodasts/cm - tag: "9.8.0-el7" - pullPolicy: IfNotPresent - requests: - memory: "500M" - cpu: "100m" - - wn: - enabled: false - replicas: 0 - image: - name: ghcr.io/comp-dev-cms-ita/htc-dask-wn - tag: v2.0.0-pre1 - pullPolicy: IfNotPresent - # Condor slot type - slotType: cpus=1, mem=2000 - requests: - memory: "1500M" - cpu: 1 - # Define you own persistent volume to mount - persistentVolume: - pv: - name: "" - spec: "" - pvc: - name: "" - mountPath: "" - spec: "" - # Additional custom config file - config: "" - # e.g. classAds - # MachineOwner = "chemistry" - # STARTD_ATTRS = $(STARTD_ATTRS) MachineOwner - # ConfigMap site-Local - siteConfCMS: - enabled: false - numCPUS: 1 - files: - - name: sitetest - path: test - filename: test.txt - content: | - test - - # Enable Squid server - squid: - enabled: false - image: dodasts/squid - tag: v1.1.0-dodas - pullPolicy: IfNotPresent - - # Service Port - port: 31128 - - # CVMFS mount on slave: configuration - cvmfs: - enabled: true - image: dodasts/cvmfs - tag: v1.4-reloaded - pullPolicy: IfNotPresent - - # List of repos to be mounted - repoList: cms.cern.ch grid.cern.ch cms.dodas.infn.it - - privKey: [] - # content: | - # -----BEGIN PUBLIC KEY----- - # MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+tRiuIATB34qt+4JVuY - # kVRaIHE8wvGGCT9xQtItEB9uxzdnreMKjpWyS8LReS2Af5AXqiXNX8BYqVWMcQa3 - # O4WkQfUA/a65k6uKTMaptZu0hFCKU38Op2lMgq+vCWw1PmRmbJ77Zsrp+Gh5oJCw - # tUwKvYxGu0ONE7GmcbymCv9J9Z6MTzTazXbR4ntm6A03EtTps9hDceNH7/v8HoJz - # 5bW5rAe9lwYoJiaXVPWmfKV3PeNPdQp0BOu/iFOJzzRrVWkTew1NBH4DDnx2Chsu - # BPv1RaGNzMJiNNxEIBbPZbDwTg5irlbT32d/qZDygWIdl3o0YcVSQr6w1gd+aTr6cwIDAQAB - # -----END PUBLIC KEY----- - # filename: cms.dodas.infn.it.pub, - # name: cms-dodas, - # path: keys/cms.dodas.infn.it - # - name: spiga - # path: spiga.local.repo - # filename: spiga.local.repo.pub - # content: | - # test - # default.local file content - defaultLocalConfig: - - content: | - CVMFS_SERVER_URL=http://131.154.97.118/cvmfs/cms.dodas.infn.it - CVMFS_PUBLIC_KEY=/etc/cvmfs/keys/cms.dodas.infn.it/cms.dodas.infn.it.pub - CVMFS_HTTP_PROXY=DIRECT - CVMFS_DEBUGFILE=/tmp/cvmfs_cms_dodas.log - file: cms.dodas.infn.it.conf - -JHUBaaS: - #overide defaault ingress - hostname: jhub..myip.cloud.infn.it - ingress: true - # Show options for htcondor integration - htcondor: true - - sshForwarder: - enabled: true - redis: - image: - pullPolicy: IfNotPresent - name: redis - tag: 6.2.5 - requests: - cpu: 900m - memory: 900M - limits: - cpu: 1 - memory: 1G - sshListener: - image: - pullPolicy: Always - name: dodasts/dask-ssh-listener - tag: v0.1.2 - requests: - cpu: 900m - memory: 900M - limits: - cpu: 1 - memory: 1G - sshFWD: - image: - pullPolicy: Always - name: dodasts/dask-ssh-forwarder - tag: v0.1.2 - nodePort: 31022 - requests: - cpu: 900m - memory: 900M - limits: - cpu: 1 - memory: 1G - - jupyterhub: - - scheduling: - userScheduler: - enabled: false - podPriority: - enabled: false - userPlaceholder: - enabled: false - - cull: - enabled: true - timeout: 3600 - every: 600 - - proxy: - chp: - networkPolicy: - enabled: false - secretToken: 72077073d819ce7a118a7dd7e2ce3eb74328cd306faa0540b1045d56113fdd0e - # - - singleuser: - networkPolicy: - enabled: false - storage: - dynamic: - storageClass: openebs-hostpath - extraVolumeMounts: - - mountPath: cvmfs - name: cvmfs - - mountPath: /opt/conda/lib/python3.9/site-packages/dask_labextension/labextension.yaml - name: labext - subPath: labextension.yaml - - mountPath: /opt/conda/etc/jupyter/jupyter_notebook_config.json - name: ruciolabcfg - subPath: jupyter_notebook_config.json - - mountPath: /etc/rucio - name: ruciocfg - - mountPath: /etc/xrootd/client.plugins.d - name: xcachecfg - extraVolumes: - - hostPath: - path: /cvmfs-af-htc - type: Directory - name: cvmfs - - configMap: - name: labext - name: labext - - configMap: - name: ruciolabcfg - name: ruciolabcfg - - configMap: - name: ruciocfg - name: ruciocfg - - configMap: - name: xcachecfg - name: xcachecfg - hub: - image: - name: ghcr.io/dodas-ts/jhub - tag: 'v5.0.1-pre15' - cookieSecret: 72077073d819ce7a118a7dd7e2ce3eb74328cd306faa0540b1045d56113fdd0e - # - networkPolicy: - enabled: false - args: - - jupyterhub - - --config - - /etc/jupyterhub/jupyterhub_config.py - - --upgrade-db - db: - type: sqlite-pvc - upgrade: - pvc: - accessModes: - - ReadWriteOnce - storage: 1Gi - storageClassName: openebs-hostpath - extraEnv: - OAUTH_CALLBACK_URL: https://jhub.131.154.96.124.myip.cloud.infn.it/hub/oauth_callback - OAUTH_ENDPOINT: https://cms-auth.web.cern.ch/ - OAUTH_GROUPS: /cms - ADMIN_OAUTH_GROUPS: /cms/itcms - WITH_GPU: "false" - HTCONDOR_COLLECTOR_URL: .myip.cloud.infn.it:30618 - HTCONDOR_SCHEDD_NAME: .myip.cloud.infn.it - ACCESS_TOKEN: - SSH_NAMESPACE: - extraConfig: - myConfig.py: | - #!/usr/bin/env python - # -*- coding: utf-8 -*- - import os - import socket - import json - #from oauthenticator.github import GitHubOAuthenticator - from oauthenticator.oauth2 import OAuthenticator - from oauthenticator.generic import GenericOAuthenticator - from tornado import gen - import kubespawner - import subprocess - import warnings - import os - - from subprocess import check_call - c.JupyterHub.tornado_settings = {'max_body_size': 1048576000, 'max_buffer_size': 1048576000} - c.JupyterHub.log_level = 30 - - callback = os.environ["OAUTH_CALLBACK_URL"] - os.environ["OAUTH_CALLBACK"] = callback - iam_server = os.environ["OAUTH_ENDPOINT"] - - server_host = socket.gethostbyname(socket.getfqdn()) - os.environ["IAM_INSTANCE"] = iam_server - - myenv = os.environ.copy() - - c.Spawner.default_url = '/lab' - - cache_file = './iam_secret' - - if os.path.isfile(cache_file): - with open(cache_file) as f: - cache_results = json.load(f) - else: - response = subprocess.check_output(['/srv/.init/dodas-IAMClientRec', server_host+"-jhub"], env=myenv) - response_list = response.decode('utf-8').split("\n") - client_id = response_list[len(response_list)-3] - client_secret = response_list[len(response_list)-2] - - cache_results = { - "client_id": server_host+"-jhub", - "client_secret": "testmepls" - } - with open(cache_file, "w") as w: - json.dump(cache_results, w) - - client_id = cache_results["client_id"] - - client_secret = cache_results["client_secret"] - - - class EnvAuthenticator(GenericOAuthenticator): - - @gen.coroutine - def pre_spawn_start(self, user, spawner): - auth_state = yield user.get_auth_state() - import pprint - pprint.pprint(auth_state) - if not auth_state: - # user has no auth state - return - # define some environment variables from auth_state - self.log.info(auth_state) - spawner.environment['IAM_SERVER'] = iam_server - spawner.environment['IAM_CLIENT_ID'] = client_id - spawner.environment['IAM_CLIENT_SECRET'] = client_secret - spawner.environment['ACCESS_TOKEN'] = auth_state['access_token'] - spawner.environment['REFRESH_TOKEN'] = auth_state['refresh_token'] - spawner.environment['USERNAME'] = auth_state['oauth_user']['preferred_username'] - spawner.environment['JUPYTERHUB_ACTIVITY_INTERVAL'] = "15" - spawner.environment['SSH_NAMESPACE'] = os.environ.get("SSH_NAMESPACE") - - amIAllowed = False +htcondor: {} + + # cluster: + # secret: + + # schedd: + # enabled: true + # mapfile: | + # PASSWORD (*.) condor + # GSI (.*) anonymous + # extraconfig: "" + # hostname: .myip.cloud.infn.it + # service: + # type: NodePort + # nodePort: 31618 + # targetPort: 31618 + # image: + # name: ghcr.io/comp-dev-cms-ita/htcondor-schedd + # tag: "v2.0.0-pre1" + # pullPolicy: IfNotPresent + # persistence: + # spooldir: + # enabled: true + # storageClass: rook-cephfs + # size: 40Gi + # requests: + # memory: "500M" + # cpu: "100m" + + # master: + # enabled: true + # publicIP: + # extraconfig: "" + # hostname: .myip.cloud.infn.it + # service: + # type: NodePort + # nodePort: 30618 + # targetPort: 30618 + # image: + # name: dodasts/cm + # tag: "9.8.0-el7" + # pullPolicy: IfNotPresent + # requests: + # memory: "500M" + # cpu: "100m" + + # wn: + # enabled: false + # replicas: 0 + # image: + # name: ghcr.io/comp-dev-cms-ita/htc-dask-wn + # tag: v2.0.0-pre1 + # pullPolicy: IfNotPresent + # # Condor slot type + # slotType: cpus=1, mem=2000 + # requests: + # memory: "1500M" + # cpu: 1 + # # Define you own persistent volume to mount + # persistentVolume: + # pv: + # name: "" + # spec: "" + # pvc: + # name: "" + # mountPath: "" + # spec: "" + # # Additional custom config file + # config: "" + # # e.g. classAds + # # MachineOwner = "chemistry" + # # STARTD_ATTRS = $(STARTD_ATTRS) MachineOwner + # # ConfigMap site-Local + # siteConfCMS: + # enabled: false + # numCPUS: 1 + # files: + # - name: sitetest + # path: test + # filename: test.txt + # content: | + # test + + # # Enable Squid server + # squid: + # enabled: false + # image: dodasts/squid + # tag: v1.1.0-dodas + # pullPolicy: IfNotPresent + + # # Service Port + # port: 31128 + + # # CVMFS mount on slave: configuration + # cvmfs: + # enabled: true + # image: dodasts/cvmfs + # tag: v1.4-reloaded + # pullPolicy: IfNotPresent + + # # List of repos to be mounted + # repoList: cms.cern.ch grid.cern.ch cms.dodas.infn.it + + # privKey: [] + # # content: | + # # -----BEGIN PUBLIC KEY----- + # # MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+tRiuIATB34qt+4JVuY + # # kVRaIHE8wvGGCT9xQtItEB9uxzdnreMKjpWyS8LReS2Af5AXqiXNX8BYqVWMcQa3 + # # O4WkQfUA/a65k6uKTMaptZu0hFCKU38Op2lMgq+vCWw1PmRmbJ77Zsrp+Gh5oJCw + # # tUwKvYxGu0ONE7GmcbymCv9J9Z6MTzTazXbR4ntm6A03EtTps9hDceNH7/v8HoJz + # # 5bW5rAe9lwYoJiaXVPWmfKV3PeNPdQp0BOu/iFOJzzRrVWkTew1NBH4DDnx2Chsu + # # BPv1RaGNzMJiNNxEIBbPZbDwTg5irlbT32d/qZDygWIdl3o0YcVSQr6w1gd+aTr6cwIDAQAB + # # -----END PUBLIC KEY----- + # # filename: cms.dodas.infn.it.pub, + # # name: cms-dodas, + # # path: keys/cms.dodas.infn.it + # # - name: spiga + # # path: spiga.local.repo + # # filename: spiga.local.repo.pub + # # content: | + # # test + # # default.local file content + # defaultLocalConfig: + # - content: | + # CVMFS_SERVER_URL=http://131.154.97.118/cvmfs/cms.dodas.infn.it + # CVMFS_PUBLIC_KEY=/etc/cvmfs/keys/cms.dodas.infn.it/cms.dodas.infn.it.pub + # CVMFS_HTTP_PROXY=DIRECT + # CVMFS_DEBUGFILE=/tmp/cvmfs_cms_dodas.log + # file: cms.dodas.infn.it.conf + +JHUBaaS: {} + # #overide defaault ingress + # hostname: jhub..myip.cloud.infn.it + # ingress: true + # # Show options for htcondor integration + # htcondor: true + + # sshForwarder: + # enabled: true + # redis: + # image: + # pullPolicy: IfNotPresent + # name: redis + # tag: 6.2.5 + # requests: + # cpu: 900m + # memory: 900M + # limits: + # cpu: 1 + # memory: 1G + # sshListener: + # image: + # pullPolicy: Always + # name: dodasts/dask-ssh-listener + # tag: v0.1.2 + # requests: + # cpu: 900m + # memory: 900M + # limits: + # cpu: 1 + # memory: 1G + # sshFWD: + # image: + # pullPolicy: Always + # name: dodasts/dask-ssh-forwarder + # tag: v0.1.2 + # nodePort: 31022 + # requests: + # cpu: 900m + # memory: 900M + # limits: + # cpu: 1 + # memory: 1G + + # jupyterhub: + + # scheduling: + # userScheduler: + # enabled: false + # podPriority: + # enabled: false + # userPlaceholder: + # enabled: false + + # cull: + # enabled: true + # timeout: 3600 + # every: 600 + + # proxy: + # chp: + # networkPolicy: + # enabled: false + # secretToken: 72077073d819ce7a118a7dd7e2ce3eb74328cd306faa0540b1045d56113fdd0e + # # + + # singleuser: + # networkPolicy: + # enabled: false + # storage: + # dynamic: + # storageClass: openebs-hostpath + # extraVolumeMounts: + # - mountPath: cvmfs + # name: cvmfs + # - mountPath: /opt/conda/lib/python3.9/site-packages/dask_labextension/labextension.yaml + # name: labext + # subPath: labextension.yaml + # - mountPath: /opt/conda/etc/jupyter/jupyter_notebook_config.json + # name: ruciolabcfg + # subPath: jupyter_notebook_config.json + # - mountPath: /etc/rucio + # name: ruciocfg + # - mountPath: /etc/xrootd/client.plugins.d + # name: xcachecfg + # extraVolumes: + # - hostPath: + # path: /cvmfs-af-htc + # type: Directory + # name: cvmfs + # - configMap: + # name: labext + # name: labext + # - configMap: + # name: ruciolabcfg + # name: ruciolabcfg + # - configMap: + # name: ruciocfg + # name: ruciocfg + # - configMap: + # name: xcachecfg + # name: xcachecfg + # hub: + # image: + # name: ghcr.io/dodas-ts/jhub + # tag: 'v5.0.1-pre15' + # cookieSecret: 72077073d819ce7a118a7dd7e2ce3eb74328cd306faa0540b1045d56113fdd0e + # # + # networkPolicy: + # enabled: false + # args: + # - jupyterhub + # - --config + # - /etc/jupyterhub/jupyterhub_config.py + # - --upgrade-db + # db: + # type: sqlite-pvc + # upgrade: + # pvc: + # accessModes: + # - ReadWriteOnce + # storage: 1Gi + # storageClassName: openebs-hostpath + # extraEnv: + # OAUTH_CALLBACK_URL: https://jhub.131.154.96.124.myip.cloud.infn.it/hub/oauth_callback + # OAUTH_ENDPOINT: https://cms-auth.web.cern.ch/ + # OAUTH_GROUPS: /cms + # ADMIN_OAUTH_GROUPS: /cms/itcms + # WITH_GPU: "false" + # HTCONDOR_COLLECTOR_URL: .myip.cloud.infn.it:30618 + # HTCONDOR_SCHEDD_NAME: .myip.cloud.infn.it + # ACCESS_TOKEN: + # SSH_NAMESPACE: + # extraConfig: + # myConfig.py: | + # #!/usr/bin/env python + # # -*- coding: utf-8 -*- + # import os + # import socket + # import json + # #from oauthenticator.github import GitHubOAuthenticator + # from oauthenticator.oauth2 import OAuthenticator + # from oauthenticator.generic import GenericOAuthenticator + # from tornado import gen + # import kubespawner + # import subprocess + # import warnings + # import os + + # from subprocess import check_call + # c.JupyterHub.tornado_settings = {'max_body_size': 1048576000, 'max_buffer_size': 1048576000} + # c.JupyterHub.log_level = 30 + + # callback = os.environ["OAUTH_CALLBACK_URL"] + # os.environ["OAUTH_CALLBACK"] = callback + # iam_server = os.environ["OAUTH_ENDPOINT"] + + # server_host = socket.gethostbyname(socket.getfqdn()) + # os.environ["IAM_INSTANCE"] = iam_server + + # myenv = os.environ.copy() + + # c.Spawner.default_url = '/lab' + + # cache_file = './iam_secret' + + # if os.path.isfile(cache_file): + # with open(cache_file) as f: + # cache_results = json.load(f) + # else: + # response = subprocess.check_output(['/srv/.init/dodas-IAMClientRec', server_host+"-jhub"], env=myenv) + # response_list = response.decode('utf-8').split("\n") + # client_id = response_list[len(response_list)-3] + # client_secret = response_list[len(response_list)-2] + + # cache_results = { + # "client_id": server_host+"-jhub", + # "client_secret": "testmepls" + # } + # with open(cache_file, "w") as w: + # json.dump(cache_results, w) + + # client_id = cache_results["client_id"] + + # client_secret = cache_results["client_secret"] + + + # class EnvAuthenticator(GenericOAuthenticator): + + # @gen.coroutine + # def pre_spawn_start(self, user, spawner): + # auth_state = yield user.get_auth_state() + # import pprint + # pprint.pprint(auth_state) + # if not auth_state: + # # user has no auth state + # return + # # define some environment variables from auth_state + # self.log.info(auth_state) + # spawner.environment['IAM_SERVER'] = iam_server + # spawner.environment['IAM_CLIENT_ID'] = client_id + # spawner.environment['IAM_CLIENT_SECRET'] = client_secret + # spawner.environment['ACCESS_TOKEN'] = auth_state['access_token'] + # spawner.environment['REFRESH_TOKEN'] = auth_state['refresh_token'] + # spawner.environment['USERNAME'] = auth_state['oauth_user']['preferred_username'] + # spawner.environment['JUPYTERHUB_ACTIVITY_INTERVAL'] = "15" + # spawner.environment['SSH_NAMESPACE'] = os.environ.get("SSH_NAMESPACE") + + # amIAllowed = False - import jwt - groups = jwt.decode(auth_state["access_token"], options={"verify_signature": False, "verify_aud": False})["wlcg.groups"] + # import jwt + # groups = jwt.decode(auth_state["access_token"], options={"verify_signature": False, "verify_aud": False})["wlcg.groups"] - if os.environ.get("OAUTH_GROUPS"): - spawner.environment['GROUPS'] = " ".join(groups) - allowed_groups = os.environ["OAUTH_GROUPS"].split(" ") - self.log.info(groups) - for gr in allowed_groups: - if gr in groups: - amIAllowed = True - else: - amIAllowed = True - - if not amIAllowed: - self.log.error( - "OAuth user contains not in group the allowed groups %s" % allowed_groups - ) - raise Exception("OAuth user not in the allowed groups %s" % allowed_groups) - - async def authenticate(self, handler, data=None): - code = handler.get_argument("code") - # TODO: Configure the curl_httpclient for tornado - http_client = self.http_client() - - params = dict( - redirect_uri=self.get_callback_url(handler), - code=code, - grant_type='authorization_code', - ) - params.update(self.extra_params) - - headers = self._get_headers() - - token_resp_json = await self._get_token(http_client, headers, params) - - user_data_resp_json = await self._get_user_data(http_client, token_resp_json) - - if callable(self.username_key): - name = self.username_key(user_data_resp_json) - else: - name = user_data_resp_json.get(self.username_key) - if not name: - self.log.error( - "OAuth user contains no key %s: %s", self.username_key, user_data_resp_json - ) - return - - auth_state = self._create_auth_state(token_resp_json, user_data_resp_json) - import pprint - pprint.pprint(auth_state) + # if os.environ.get("OAUTH_GROUPS"): + # spawner.environment['GROUPS'] = " ".join(groups) + # allowed_groups = os.environ["OAUTH_GROUPS"].split(" ") + # self.log.info(groups) + # for gr in allowed_groups: + # if gr in groups: + # amIAllowed = True + # else: + # amIAllowed = True + + # if not amIAllowed: + # self.log.error( + # "OAuth user contains not in group the allowed groups %s" % allowed_groups + # ) + # raise Exception("OAuth user not in the allowed groups %s" % allowed_groups) + + # async def authenticate(self, handler, data=None): + # code = handler.get_argument("code") + # # TODO: Configure the curl_httpclient for tornado + # http_client = self.http_client() + + # params = dict( + # redirect_uri=self.get_callback_url(handler), + # code=code, + # grant_type='authorization_code', + # ) + # params.update(self.extra_params) + + # headers = self._get_headers() + + # token_resp_json = await self._get_token(http_client, headers, params) + + # user_data_resp_json = await self._get_user_data(http_client, token_resp_json) + + # if callable(self.username_key): + # name = self.username_key(user_data_resp_json) + # else: + # name = user_data_resp_json.get(self.username_key) + # if not name: + # self.log.error( + # "OAuth user contains no key %s: %s", self.username_key, user_data_resp_json + # ) + # return + + # auth_state = self._create_auth_state(token_resp_json, user_data_resp_json) + # import pprint + # pprint.pprint(auth_state) - import jwt - groups = jwt.decode(auth_state["access_token"], options={"verify_signature": False, "verify_aud": False})["wlcg.groups"] + # import jwt + # groups = jwt.decode(auth_state["access_token"], options={"verify_signature": False, "verify_aud": False})["wlcg.groups"] - pprint.pprint(groups) + # pprint.pprint(groups) - is_admin = False - if os.environ.get("ADMIN_OAUTH_GROUPS") in groups: - self.log.info("%s : %s is in %s" , (name, os.environ.get("ADMIN_OAUTH_GROUPS"), groups)) - is_admin = True - else: - self.log.info(" %s is not in admin group ", name) + # is_admin = False + # if os.environ.get("ADMIN_OAUTH_GROUPS") in groups: + # self.log.info("%s : %s is in %s" , (name, os.environ.get("ADMIN_OAUTH_GROUPS"), groups)) + # is_admin = True + # else: + # self.log.info(" %s is not in admin group ", name) - return { - 'name': name, - 'admin': is_admin, - 'auth_state': auth_state #self._create_auth_state(token_resp_json, user_data_resp_json) - } + # return { + # 'name': name, + # 'admin': is_admin, + # 'auth_state': auth_state #self._create_auth_state(token_resp_json, user_data_resp_json) + # } - #c.JupyterHub.authenticator_class = GitHubEnvAuthenticator + # #c.JupyterHub.authenticator_class = GitHubEnvAuthenticator - c.JupyterHub.authenticator_class = EnvAuthenticator + # c.JupyterHub.authenticator_class = EnvAuthenticator - c.GenericOAuthenticator.oauth_callback_url = callback + # c.GenericOAuthenticator.oauth_callback_url = callback - # PUT IN SECRET + # # PUT IN SECRET - c.GenericOAuthenticator.client_id = client_id + # c.GenericOAuthenticator.client_id = client_id - c.GenericOAuthenticator.client_secret = client_secret + # c.GenericOAuthenticator.client_secret = client_secret - c.GenericOAuthenticator.authorize_url = iam_server.strip('/') + '/authorize' + # c.GenericOAuthenticator.authorize_url = iam_server.strip('/') + '/authorize' - c.GenericOAuthenticator.token_url = iam_server.strip('/') + '/token' + # c.GenericOAuthenticator.token_url = iam_server.strip('/') + '/token' - c.GenericOAuthenticator.userdata_url = iam_server.strip('/') + '/userinfo' + # c.GenericOAuthenticator.userdata_url = iam_server.strip('/') + '/userinfo' - c.GenericOAuthenticator.scope = ['openid', 'profile', 'email', 'address', 'offline_access', 'wlcg', 'wlcg.groups'] + # c.GenericOAuthenticator.scope = ['openid', 'profile', 'email', 'address', 'offline_access', 'wlcg', 'wlcg.groups'] - c.GenericOAuthenticator.username_key = "preferred_username" + # c.GenericOAuthenticator.username_key = "preferred_username" - c.GenericOAuthenticator.enable_auth_state = True + # c.GenericOAuthenticator.enable_auth_state = True - if 'JUPYTERHUB_CRYPT_KEY' not in os.environ: - warnings.warn( - "Need JUPYTERHUB_CRYPT_KEY env for persistent auth_state.\n" - " export JUPYTERHUB_CRYPT_KEY=$(openssl rand -hex 32)" - ) - c.CryptKeeper.keys = [ os.urandom(32) ] + # if 'JUPYTERHUB_CRYPT_KEY' not in os.environ: + # warnings.warn( + # "Need JUPYTERHUB_CRYPT_KEY env for persistent auth_state.\n" + # " export JUPYTERHUB_CRYPT_KEY=$(openssl rand -hex 32)" + # ) + # c.CryptKeeper.keys = [ os.urandom(32) ] - class CustomSpawner(kubespawner.KubeSpawner): - def _options_form_default(self): - return """ - - - - - -
- - + # class CustomSpawner(kubespawner.KubeSpawner): + # def _options_form_default(self): + # return """ + # + # + # + # + # + #
+ # + # -
- - + #
+ # + # -
+ #
- """ + # """ - def options_from_form(self, formdata): - options = {} - options['img'] = formdata['img'] - container_image = ''.join(formdata['img']) - print("SPAWN: " + container_image + " IMAGE" ) - self.image = container_image + # def options_from_form(self, formdata): + # options = {} + # options['img'] = formdata['img'] + # container_image = ''.join(formdata['img']) + # print("SPAWN: " + container_image + " IMAGE" ) + # self.image = container_image - options['cpu'] = formdata['cpu'] - cpu = ''.join(formdata['cpu']) - self.cpu_guarantee = float(cpu) - self.cpu_limit = float(cpu) + # options['cpu'] = formdata['cpu'] + # cpu = ''.join(formdata['cpu']) + # self.cpu_guarantee = float(cpu) + # self.cpu_limit = float(cpu) - options['mem'] = formdata['mem'] - memory = ''.join(formdata['mem']) - self.mem_guarantee = memory - self.mem_limit = memory + # options['mem'] = formdata['mem'] + # memory = ''.join(formdata['mem']) + # self.mem_guarantee = memory + # self.mem_limit = memory - #options['gpu'] = formdata['gpu'] - #use_gpu = True if ''.join(formdata['gpu'])=="Y" else False - #if use_gpu: - # self.extra_resource_guarantees = {"nvidia.com/gpu": "1"} - # self.extra_resource_limit = {"nvidia.com/gpu": "1"} - return options + # #options['gpu'] = formdata['gpu'] + # #use_gpu = True if ''.join(formdata['gpu'])=="Y" else False + # #if use_gpu: + # # self.extra_resource_guarantees = {"nvidia.com/gpu": "1"} + # # self.extra_resource_limit = {"nvidia.com/gpu": "1"} + # return options - c.JupyterHub.spawner_class = CustomSpawner + # c.JupyterHub.spawner_class = CustomSpawner - c.KubeSpawner.cmd = ["/usr/local/bin/jupyterhub-singleuser.sh"] + # c.KubeSpawner.cmd = ["/usr/local/bin/jupyterhub-singleuser.sh"] - c.KubeSpawner.args = ["--allow-root"] + # c.KubeSpawner.args = ["--allow-root"] - c.KubeSpawner.privileged = True + # c.KubeSpawner.privileged = True - c.KubeSpawner.extra_pod_config = { - "automountServiceAccountToken": True, - } + # c.KubeSpawner.extra_pod_config = { + # "automountServiceAccountToken": True, + # } - c.KubeSpawner.environment = { - "_condor_COLLECTOR_HOST": os.environ["HTCONDOR_COLLECTOR_URL"], - "_condor_SCHEDD_HOST": os.environ["HTCONDOR_SCHEDD_NAME"], - "_condor_SCHEDD_NAME": os.environ["HTCONDOR_SCHEDD_NAME"], - "_condor_AUTH_SSL_CLIENT_CAFILE": "/ca.crt", - "_condor_SEC_DEFAULT_AUTHENTICATION_METHODS": "SCITOKENS", - "_condor_SCITOKENS_FILE": "/tmp/token", - "_condor_TOOL_DEBUG": "D_FULLDEBUG,D_SECURITY", - "JUPYTERLAB_DIR": "/opt/conda/share/jupyter/lab/" - } + # c.KubeSpawner.environment = { + # "_condor_COLLECTOR_HOST": os.environ["HTCONDOR_COLLECTOR_URL"], + # "_condor_SCHEDD_HOST": os.environ["HTCONDOR_SCHEDD_NAME"], + # "_condor_SCHEDD_NAME": os.environ["HTCONDOR_SCHEDD_NAME"], + # "_condor_AUTH_SSL_CLIENT_CAFILE": "/ca.crt", + # "_condor_SEC_DEFAULT_AUTHENTICATION_METHODS": "SCITOKENS", + # "_condor_SCITOKENS_FILE": "/tmp/token", + # "_condor_TOOL_DEBUG": "D_FULLDEBUG,D_SECURITY", + # "JUPYTERLAB_DIR": "/opt/conda/share/jupyter/lab/" + # } - c.KubeSpawner.extra_container_config = { - "securityContext": { - "privileged": True, - "capabilities": { - "add": ["SYS_ADMIN"] - } - }, - "imagePullPolicy": "Always" - } + # c.KubeSpawner.extra_container_config = { + # "securityContext": { + # "privileged": True, + # "capabilities": { + # "add": ["SYS_ADMIN"] + # } + # }, + # "imagePullPolicy": "Always" + # } - c.KubeSpawner.http_timeout = 600 + # c.KubeSpawner.http_timeout = 600 - c.KubeSpawner.start_timeout = 600 + # c.KubeSpawner.start_timeout = 600 - c.JupyterHub.hub_connect_ip = 'hub.default.svc.cluster.local' + # c.JupyterHub.hub_connect_ip = 'hub.default.svc.cluster.local' - c.KubeSpawner.notebook_dir = "/opt/workspace" + # c.KubeSpawner.notebook_dir = "/opt/workspace" - spark: - enabled: false + # spark: + # enabled: false