From 80bf0358fdcb7ed153599f49626bb3a045dc2951 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jarom=C3=ADr=20Hradil?= <jaromir.hradil@cesnet.cz>
Date: Thu, 28 Nov 2024 13:45:50 +0000
Subject: [PATCH] Upgrading test+devel environments
---
eosc-devel/deployments/fullhub.yaml | 38 ++++++++++++-----------------
eosc-testing/deployments/hub.yaml | 24 +++++++++++-------
2 files changed, 30 insertions(+), 32 deletions(-)
diff --git a/eosc-devel/deployments/fullhub.yaml b/eosc-devel/deployments/fullhub.yaml
index 8113e5e..6b9e35f 100644
--- a/eosc-devel/deployments/fullhub.yaml
+++ b/eosc-devel/deployments/fullhub.yaml
@@ -50,28 +50,8 @@ singleuser:
k8s-app: cluster-ingress
image:
name: eginotebooks/single-user-eosc
- tag: "sha-7052495"
+ tag: "sha-d822021"
profileList:
- - display_name: Small Environment - 2 vCPU / 4 GB RAM (non-collaboratice)
- description: >
- The notebook environment includes Python, R, Julia and Octave kernels. Non-collaborative.
- default: true
- kubespawner_override:
- args:
- - "--CondaKernelSpecManager.env_filter='/opt/conda$'"
- extra_annotations:
- "egi.eu/flavor": "small-environment-2-vcpu-4-gb-ram"
- - display_name: Small Environment - 2 vCPU / 4 GB RAM (collaboratice)
- description: >
- The notebook environment includes Python, R, Julia and Octave kernels. Collaborative.
- kubespawner_override:
- args:
- - "--CondaKernelSpecManager.env_filter='/opt/conda$'"
- environment:
- JUPYTERHUB_ALLOW_TOKEN_IN_URL: "1"
- image: "valtri/single-user:jupyter-4e-collab"
- extra_annotations:
- "egi.eu/flavor": "small-environment-2-vcpu-4-gb-ram"
- display_name: Small Environment - 2 vCPU / 4 GB RAM
description: >
The notebook environment includes Python, R, Julia and Octave kernels.
@@ -181,6 +161,11 @@ hub:
name: eginotebooks/hub
# k8s-hub 4.0.0
tag: "sha-b20ead2"
+ loadRoles:
+ #user roles required for user initiated sharing API
+ user:
+ scopes: ["self", "shares!user"]
+
config:
Authenticator:
enable_auth_state: true
@@ -232,7 +217,7 @@ hub:
class WebDavOIDCSpawner(OnedataSpawner):
# ownCloud Infinite Scale parameters
# (https://owncloud.dev/apis/http/graph/spaces/#list-my-spaces-get-medrives)
- OCIS_URL = "https://ocis-testing.apps.bst2-test.paas.psnc.pl"
+ OCIS_URL = "https://ocis.aaitest.owncloud.works"
# personal space
OCIS_PERSONAL_SPACE = "/graph/v1.0/me/drives?%24filter=driveType+eq+personal"
# shared space
@@ -278,7 +263,7 @@ hub:
{"name": "WEBDAV_VENDOR", "value": "owncloud"},
# XXX: strict permissions needed for .local/share/jupyter/runtime/jupyter_cookie_secret
# quicker directory cache and polling
- {"name": "MOUNT_OPTS", "value": "--file-perms=0600 --dir-perms=0770 --dir-cache-time=1m0s --poll-interval=0m20s"},
+ {"name": "MOUNT_OPTS", "value": "--file-perms=0700 --dir-perms=0770 --dir-cache-time=1m0s --poll-interval=0m20s"},
{"name": "MOUNT_PATH", "value": "/owncloud" + subpath},
# default mode is "full"
{"name": "VFS_CACHE_MODE", "value": "full"},
@@ -337,6 +322,13 @@ hub:
c.JupyterHub.spawner_class = WebDavOIDCSpawner
c.WebDavOIDCSpawner.token_mount_path = "/var/run/secrets/oidc/"
c.WebDavOIDCSpawner.http_timeout = 90
+
+ #Scopes for user sharing api extension to be able to
+ #use browser token for API queries
+ c.WebDavOIDCSpawner.oauth_client_allowed_scopes = [
+ "access:servers!server",
+ "shares!server"
+ ]
{% endraw %}
templatePaths:
- /egi-notebooks-hub/ec-templates
diff --git a/eosc-testing/deployments/hub.yaml b/eosc-testing/deployments/hub.yaml
index b349199..fe3e8d1 100644
--- a/eosc-testing/deployments/hub.yaml
+++ b/eosc-testing/deployments/hub.yaml
@@ -51,7 +51,7 @@ singleuser:
k8s-app: cluster-ingress
image:
name: eginotebooks/single-user-eosc
- tag: "sha-7052495"
+ tag: "sha-d822021"
profileList:
- display_name: Small Environment - 2 vCPU / 4 GB RAM
description: >
@@ -60,8 +60,6 @@ singleuser:
kubespawner_override:
args:
- "--CondaKernelSpecManager.env_filter='/opt/conda$'"
- environment:
- JUPYTERHUB_ALLOW_TOKEN_IN_URL: "1"
extra_annotations:
"egi.eu/flavor": "small-environment-2-vcpu-4-gb-ram"
vo_claims:
@@ -72,8 +70,6 @@ singleuser:
kubespawner_override:
args:
- "--CondaKernelSpecManager.env_filter='/opt/conda$'"
- environment:
- JUPYTERHUB_ALLOW_TOKEN_IN_URL: "1"
extra_annotations:
"egi.eu/flavor": "medium-environment-4-vcpu-8-gb-ram"
cpu_guarantee: 0.4
@@ -88,8 +84,6 @@ singleuser:
kubespawner_override:
args:
- "--CondaKernelSpecManager.env_filter='/opt/conda$'"
- environment:
- JUPYTERHUB_ALLOW_TOKEN_IN_URL: "1"
cpu_guarantee: 0.8
cpu_limit: 8
mem_guarantee: 2G
@@ -167,6 +161,11 @@ hub:
name: eginotebooks/hub
# k8s-hub 4.0.0
tag: "sha-b20ead2"
+ loadRoles:
+ #user roles required for user initiated sharing API
+ user:
+ scopes: ["self", "shares!user"]
+
config:
Authenticator:
enable_auth_state: true
@@ -217,7 +216,7 @@ hub:
class WebDavOIDCSpawner(OnedataSpawner):
# ownCloud Infinite Scale parameters
# (https://owncloud.dev/apis/http/graph/spaces/#list-my-spaces-get-medrives)
- OCIS_URL = "https://ocis-testing.apps.bst2-test.paas.psnc.pl"
+ OCIS_URL = "https://ocis.aaitest.owncloud.works"
# personal space
OCIS_PERSONAL_SPACE = "/graph/v1.0/me/drives?%24filter=driveType+eq+personal"
# shared space
@@ -263,7 +262,7 @@ hub:
{"name": "WEBDAV_VENDOR", "value": "owncloud"},
# XXX: strict permissions needed for .local/share/jupyter/runtime/jupyter_cookie_secret
# quicker directory cache and polling
- {"name": "MOUNT_OPTS", "value": "--file-perms=0600 --dir-perms=0770 --dir-cache-time=1m0s --poll-interval=0m20s"},
+ {"name": "MOUNT_OPTS", "value": "--file-perms=0700 --dir-perms=0770 --dir-cache-time=1m0s --poll-interval=0m20s"},
{"name": "MOUNT_PATH", "value": "/owncloud" + subpath},
# default mode is "full"
{"name": "VFS_CACHE_MODE", "value": "full"},
@@ -322,6 +321,13 @@ hub:
c.JupyterHub.spawner_class = WebDavOIDCSpawner
c.WebDavOIDCSpawner.token_mount_path = "/var/run/secrets/oidc/"
c.WebDavOIDCSpawner.http_timeout = 90
+
+ #Scopes for user sharing api extension to be able to
+ #use browser token for API queries
+ c.WebDavOIDCSpawner.oauth_client_allowed_scopes = [
+ "access:servers!server",
+ "shares!server"
+ ]
{% endraw %}
templatePaths:
- /egi-notebooks-hub/ec-templates
--
GitLab