search

defeo / jupyterhub-docker

A configuration for a JupyterHub+DockerSpawner+CASAuthenticator server with Traefik proxy, based on docker-compose
https://opendreamkit.org/2018/10/17/jupyterhub-docker/
MIT License
201 stars 112 forks source link

Using GitlabOAuthenticator #2

Closed MaxRichter closed 5 years ago

MaxRichter commented 5 years ago

Hi,

in order to use the GitlabOAuthenticator, can you please provide an example of what I have to change in jupyterhub-docker/jupyterhub/jupyterhub_config.py in order to use GitLabOAuthenticator instead of GenericOAuthenticator

from oauthenticator.gitlab import GitLabOAuthenticator
c.JupyterHub.authenticator_class = GitLabOAuthenticator

Thank you, Max

defeo commented 5 years ago

Hello, Max. Yes, the two lines you gave should do it. Is it not working?

MaxRichter commented 5 years ago

Hi Luca,

I realized that this Authenticator uses the cloud hosted version of Gitlab - I have one hosted myself - maybe this is why I did not manage to make it run.

  1. LDAPAuthenticator

As I have also an LDAP running, when I use the LDAPAuthenticator, do I have to remove the oauth2_server part in the docker-compose.yml?

This would also make the UVSQAuthenticator class in jupyterhub_config.py unnecessary or?

  1. X509 failure When I run your project straight out of the box I am getting the following error:

level=error msg="failed to load X509 key pair: tls: failed to find any PEM data in certificate input"

Is this coming from the OAuth and should be gone when using the LDAPAuthenticator?

Thanks, Max

defeo commented 5 years ago

To use GitLabOAuthenticator with your own version of GitLab, simply set an environment variable GITLAB_URL to gitlab instance. See https://github.com/jupyterhub/oauthenticator/blob/master/oauthenticator/gitlab.py#L27-L45

You can add the variable to the environment section of the jupyterhub service.

And, yes, you don't need the oauth2_server service, unless you're using my hack to authenticate to a CAS server.

MaxRichter commented 5 years ago

I had some time to progress, I remove the oauth2_server part and replaced in jupyterhub_config.py the UVSQAuthenticator with GitLabOAuthenticator - so far all fine.

I have set the GITLAB_URL in jupyterhub/Dockerfile I further changed "traefik.frontend.rule=Host: in docker-compose.yml with the URL of Gitlab.

I can reach the reverse proxy on port 8080. Now I am stuck and do not know how to access the hub - on port 8000 I get an ERR_CONNECTION_REFUSED and on 80 a 404 page not found. I have currently deactived https for testing purposes.

You have any clue what I am missing here?

defeo commented 5 years ago

I have set the GITLAB_URL in jupyterhub/Dockerfile

I would have done it in docker-compose.yml, but this should make no difference

I further changed "traefik.frontend.rule=Host: in docker-compose.yml with the URL of Gitlab.

In the jupyterhub service? That doesn't look right: that rule is meant to route external connections to your jupyterhub instance, you shouldn't route them to Gitlab.

MaxRichter commented 5 years ago

I have moved GITLAB_URL to docker-compose.yml looks fine. I have also changed "traefik.frontend.rule=Host: to my actual hostname, which works fine.

However I am not able to start the docker Spawner with the command you have provided in your example

I am getting the following error:

jupyterhub       |       File "/opt/conda/lib/python3.6/site-packages/jupyterhub/user.py", line 489, in spawn
jupyterhub       |         raise e
jupyterhub       |       File "/opt/conda/lib/python3.6/site-packages/jupyterhub/user.py", line 420, in spawn
jupyterhub       |         server.ip = urlinfo.hostname
jupyterhub       |       File "/opt/conda/lib/python3.6/site-packages/traitlets/traitlets.py", line 585, in __set__
jupyterhub       |         self.set(obj, value)
jupyterhub       |       File "/opt/conda/lib/python3.6/site-packages/traitlets/traitlets.py", line 559, in set
jupyterhub       |         new_value = self._validate(obj, value)
jupyterhub       |       File "/opt/conda/lib/python3.6/site-packages/traitlets/traitlets.py", line 591, in _validate
jupyterhub       |         value = self.validate(obj, value)
jupyterhub       |       File "/opt/conda/lib/python3.6/site-packages/traitlets/traitlets.py", line 2054, in validate
jupyterhub       |         self.error(obj, value)
jupyterhub       |       File "/opt/conda/lib/python3.6/site-packages/traitlets/traitlets.py", line 625, in error
jupyterhub       |         raise TraitError(e)
jupyterhub       |     traitlets.traitlets.TraitError: The 'ip' trait of a Server instance must be a unicode string, but a value of None <class 'NoneType'> was specified.
defeo commented 5 years ago

I've never seen such error. It seems that the spawner is having some problem instantiating the single-user Jupyter server, apparently not returning the IP address of the spawned server. Maybe have a look in the docker logs?

MaxRichter commented 5 years ago

uff - I just realized that I was missing the .env file, so it did not use the same network... looks good now!

One more question, do you have a logout button on the jupyterlab container? I do not see any. Only if I switch to the Jupyter Notebook overview.

defeo commented 5 years ago

Oh, sorry about that. I completely forgot about the .env hack. I wish there was an easier way to control the names generated by docker-compose (maybe there is).

One more question, do you have a logout button on the jupyterlab container? I do not see any. Only if I switch to the Jupyter Notebook overview.

You just need to point to the /hub/logout URL. There is no menu item for this, but I assume it would be easy to write an extension (maybe there is one already).

MaxRichter commented 5 years ago

No problem, I figured it out. But maybe you can write a note in your repo for other users.

I have also found the project that enables the hub logout.

When I have time this week, I will grab everything together in a project and link it to yours.