Mount ownCloud endpoints inside home directory

086d2cba · František Dvořák · 30386390 · 086d2cba
Commit 086d2cba authored 8 months ago by František Dvořák
--- a/cesnet-central/deployments/fullhub.yaml
+++ b/cesnet-central/deployments/fullhub.yaml
@@ -25,16 +25,8 @@ singleuser:
        hostPath:
          path: /cvmfs
          type: Directory
-      - name: b2drop
-        # sizeLimit problematic in this environment,
-        # not needed for remote mounts
-        empty_dir:
      - name: owncloud-home
        empty_dir:
-      - name: owncloud-shared
-        empty_dir:
-      - name: owncloud-spaces
-        empty_dir:
      # - name: scratch
      #   ephemeral:
      #     volumeClaimTemplate:
@@ -47,14 +39,8 @@ singleuser:
    extraVolumeMounts:
      - name: cvmfs-host
        mountPath: "/cvmfs:shared"
-      - name: b2drop
-        mountPath: '/home/jovyan/b2drop:shared'
      - name: owncloud-home
        mountPath: '/home/jovyan:shared'
-      - name: owncloud-shared
-        mountPath: '/owncloud/Shared:shared'
-      - name: owncloud-spaces
-        mountPath: '/owncloud/Spaces:shared'
      # - name: scratch
      #   mountPath: '/scratch'
  memory:
@@ -206,30 +192,29 @@ hub:
                      b2drop_pwd = base64.b64decode(secret.data.get("b2drop-pwd", "")).decode()
              if b2drop_user and b2drop_pwd:
                  volume_mounts = [
-                    {"mountPath": "/b2drop:shared", "name": "b2drop"},
+                    {"mountPath": "/owncloud:shared", "name": "owncloud-home"},
                  ]
                  spawner.extra_containers.append(
                    {
                        "name": "b2drop",
-                        "image": "eginotebooks/webdav-sidecar:sha-e5e8df2",
+                        "image": "eginotebooks/webdav-rclone-sidecar:sha-0a62679",
                        "env": [
                            {"name": "WEBDAV_URL", "value": "https://b2drop.eudat.eu/remote.php/webdav"},
                            {"name": "WEBDAV_PWD", "value": b2drop_pwd},
                            {"name": "WEBDAV_USER", "value": b2drop_user},
-                            {"name": "MOUNT_PATH", "value": "/b2drop"},
+                            {"name": "WEBDAV_VENDOR", "value": "other"},
+                            {"name": "MOUNT_PATH", "value": "/owncloud/b2drop"},
+                            {"name": "MOUNT_WAIT_POINT", "value": "webdav-fs: /owncloud fuse.rclone"},
                        ],
                        "resources": self.sidecar_resources,
                        "securityContext": {
-                            "runAsUser": 0,
+                            "runAsUser": 1000,
+                            "fsUser": 1000,
+                            "fsGroup": 100,
                            "privileged": True,
                            "capabilities": {"add": ["SYS_ADMIN"]},
                        },
                        "volumeMounts": volume_mounts,
-                        "lifecycle": {
-                            "preStop": {
-                                "exec": {"command": ["umount", "-l", "/b2drop"]}
-                            },
-                        },
                    }
                  )
              if b2drop_remember:
@@ -280,25 +265,32 @@ hub:
              if owncloud_url is None:
                  return
+              if type == "home":
+                  subpath = ""
+              else:
+                 subpath = "/" + type.capitalize()
+              env = [
+                  {"name": "WEBDAV_URL", "value": owncloud_url},
+                  {"name": "WEBDAV_VENDOR", "value": "owncloud"},
+                  # XXX: strict permissions needed for .local/share/jupyter/runtime/jupyter_cookie_secret
+                  # quicker directory cache and polling
+                  {"name": "MOUNT_OPTS", "value": "--file-perms=0600 --dir-perms=0770 --dir-cache-time=1m0s --poll-interval=0m20s"},
+                  {"name": "MOUNT_PATH", "value": "/owncloud" + subpath},
+                  # default mode is "full"
+                  {"name": "VFS_CACHE_MODE", "value": "full"},
+              ]
+              if type != "home":
+                  env.append({"name": "MOUNT_WAIT_POINT", "value": "webdav-fs: /owncloud fuse.rclone"})
              volume_mounts = [
-                  {"mountPath": "/owncloud:shared", "name": "owncloud-" + type},
+                  {"mountPath": "/owncloud:shared", "name": "owncloud-home"},
                  {"mountPath": self.token_mount_path, "name": self.token_secret_volume_name, "readOnly": True},
              ]
              spawner.extra_containers.append(
                  {
                      "name": "owncloud-" + type,
-                      "image": "eginotebooks/webdav-rclone-sidecar:sha-95b4f95",
+                      "image": "eginotebooks/webdav-rclone-sidecar:sha-0a62679",
                      "args": ["bearer_token_command=cat " + self.token_path],
-                      "env": [
+                      "env": env,
-                          {"name": "WEBDAV_URL", "value": owncloud_url},
-                          {"name": "WEBDAV_VENDOR", "value": "owncloud"},
-                          # XXX: strict permissions needed for .local/share/jupyter/runtime/jupyter_cookie_secret
-                          # quicker directory cache and polling
-                          {"name": "MOUNT_OPTS", "value": "--file-perms=0600 --dir-perms=0770 --dir-cache-time=1m0s --poll-interval=0m20s"},
-                          {"name": "MOUNT_PATH", "value": "/owncloud"},
-                          # default mode is "full"
-                          {"name": "VFS_CACHE_MODE", "value": "full"},
-                      ],
                      "resources": self.sidecar_resources,
                      "securityContext": {
                          "runAsUser": 1000,
@@ -328,10 +320,11 @@ hub:
                      "Authorization": "Bearer %s" % access_token,
                  }
-                  # ownCloud user home
                  await self.append_owncloud_sidecar(spawner, "home", self.OCIS_PERSONAL_SPACE, headers=headers)
-                  await self.append_owncloud_sidecar(spawner, "shared", self.OCIS_SHARED_WITH_ME, headers=headers)
+                  await self.append_owncloud_sidecar(spawner, "shares", self.OCIS_SHARED_WITH_ME, headers=headers)
                  await self.append_owncloud_sidecar(spawner, "spaces", self.OCIS_SPACES, headers=headers)
+              else:
+                self.log.info("No auth state, skipping ownCloud")
      c.JupyterHub.spawner_class = WebDavOIDCSpawner