From ac73b0016fa12dc9909f8c7c98259b273ebbad78 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= <valtri@civ.zcu.cz>
Date: Tue, 16 Jul 2024 21:51:50 +0000
Subject: [PATCH] Update testing environment - mounting, b2drop
---
testing/deployments/hub.yaml | 79 ++++++++++++++----------------------
1 file changed, 31 insertions(+), 48 deletions(-)
diff --git a/testing/deployments/hub.yaml b/testing/deployments/hub.yaml
index debd205..e98a42f 100644
--- a/testing/deployments/hub.yaml
+++ b/testing/deployments/hub.yaml
@@ -26,16 +26,8 @@ singleuser:
hostPath:
path: /cvmfs
type: Directory
- - name: b2drop
- # sizeLimit problematic in this environment,
- # not needed for remote mounts
- empty_dir:
- name: owncloud-home
empty_dir:
- - name: owncloud-shared
- empty_dir:
- - name: owncloud-spaces
- empty_dir:
# - name: scratch
# ephemeral:
# volumeClaimTemplate:
@@ -48,14 +40,8 @@ singleuser:
extraVolumeMounts:
- name: cvmfs-host
mountPath: "/cvmfs:shared"
- - name: b2drop
- mountPath: '/home/jovyan/b2drop:shared'
- name: owncloud-home
mountPath: '/home/jovyan:shared'
- - name: owncloud-shared
- mountPath: '/owncloud/Shared:shared'
- - name: owncloud-spaces
- mountPath: '/owncloud/Spaces:shared'
# - name: scratch
# mountPath: '/scratch'
memory:
@@ -161,6 +147,7 @@ hub:
client_id: "{{ secret['client_id'] }}"
client_secret: "{{ secret['client_secret'] }}"
oauth_callback_url: "https://{{ notebooks_hostname }}/hub/oauth_callback"
+ openid_configuration_url: "https://proxy.testing.eosc-federation.eu/.well-known/openid-configuration"
scope: ["openid", "profile", "email", "offline_access", "entitlements"]
username_claim: "sub"
extra_authorize_params:
@@ -214,7 +201,6 @@ hub:
await super(B2DropSpawner, self).pre_spawn_hook(spawner)
b2drop_user = self.user_options.get("b2drop-user", "")
b2drop_pwd = self.user_options.get("b2drop-pwd", "")
- b2drop_remember = self.user_options.get("b2drop-remember", None)
if not (b2drop_user and b2drop_pwd):
secret = await self.api.read_namespaced_secret(self.token_secret_name, self.namespace)
if secret and secret.data:
@@ -222,42 +208,35 @@ hub:
b2drop_pwd = base64.b64decode(secret.data.get("b2drop-pwd", "")).decode()
if b2drop_user and b2drop_pwd:
volume_mounts = [
- {"mountPath": "/b2drop:shared", "name": "b2drop"},
+ {"mountPath": "/owncloud:shared", "name": "owncloud-home"},
]
spawner.extra_containers.append(
{
"name": "b2drop",
- "image": "eginotebooks/webdav-sidecar:sha-e5e8df2",
+ "image": "eginotebooks/webdav-rclone-sidecar:sha-0a62679",
"env": [
{"name": "WEBDAV_URL", "value": "https://b2drop.eudat.eu/remote.php/webdav"},
{"name": "WEBDAV_PWD", "value": b2drop_pwd},
{"name": "WEBDAV_USER", "value": b2drop_user},
- {"name": "MOUNT_PATH", "value": "/b2drop"},
+ {"name": "WEBDAV_VENDOR", "value": "other"},
+ {"name": "MOUNT_PATH", "value": "/owncloud/b2drop"},
+ {"name": "MOUNT_WAIT_POINT", "value": "webdav-fs: /owncloud fuse.rclone"},
],
"resources": self.sidecar_resources,
"securityContext": {
- "runAsUser": 0,
+ "runAsUser": 1000,
+ "fsUser": 1000,
+ "fsGroup": 100,
"privileged": True,
"capabilities": {"add": ["SYS_ADMIN"]},
},
"volumeMounts": volume_mounts,
- "lifecycle": {
- "preStop": {
- "exec": {"command": ["umount", "-l", "/b2drop"]}
- },
- },
}
)
- if b2drop_remember:
- await self._update_secret({"b2drop-user": b2drop_user,
- "b2drop-pwd": b2drop_pwd})
- else:
- await self._update_secret({"b2drop-user": "", "b2drop-pwd": ""})
def options_from_form(self, formdata):
data = super(B2DropSpawner, self)._options_from_form(formdata)
data.update({'b2drop-user': formdata.get('b2drop-user', [None])[0],
- 'b2drop-remember': formdata.get('b2drop-remember', [None])[0],
'b2drop-pwd': formdata.get('b2drop-pwd', [None])[0]})
return data
@@ -296,25 +275,32 @@ hub:
if owncloud_url is None:
return
+ if type == "home":
+ subpath = ""
+ else:
+ subpath = "/" + type.capitalize()
+ env = [
+ {"name": "WEBDAV_URL", "value": owncloud_url},
+ {"name": "WEBDAV_VENDOR", "value": "owncloud"},
+ # XXX: strict permissions needed for .local/share/jupyter/runtime/jupyter_cookie_secret
+ # quicker directory cache and polling
+ {"name": "MOUNT_OPTS", "value": "--file-perms=0600 --dir-perms=0770 --dir-cache-time=1m0s --poll-interval=0m20s"},
+ {"name": "MOUNT_PATH", "value": "/owncloud" + subpath},
+ # default mode is "full"
+ {"name": "VFS_CACHE_MODE", "value": "full"},
+ ]
+ if type != "home":
+ env.append({"name": "MOUNT_WAIT_POINT", "value": "webdav-fs: /owncloud fuse.rclone"})
volume_mounts = [
- {"mountPath": "/owncloud:shared", "name": "owncloud-" + type},
+ {"mountPath": "/owncloud:shared", "name": "owncloud-home"},
{"mountPath": self.token_mount_path, "name": self.token_secret_volume_name, "readOnly": True},
]
spawner.extra_containers.append(
{
"name": "owncloud-" + type,
- "image": "eginotebooks/webdav-rclone-sidecar:sha-95b4f95",
+ "image": "eginotebooks/webdav-rclone-sidecar:sha-0a62679",
"args": ["bearer_token_command=cat " + self.token_path],
- "env": [
- {"name": "WEBDAV_URL", "value": owncloud_url},
- {"name": "WEBDAV_VENDOR", "value": "owncloud"},
- # XXX: strict permissions needed for .local/share/jupyter/runtime/jupyter_cookie_secret
- # quicker directory cache and polling
- {"name": "MOUNT_OPTS", "value": "--file-perms=0600 --dir-perms=0770 --dir-cache-time=1m0s --poll-interval=0m20s"},
- {"name": "MOUNT_PATH", "value": "/owncloud"},
- # default mode is "full"
- {"name": "VFS_CACHE_MODE", "value": "full"},
- ],
+ "env": env,
"resources": self.sidecar_resources,
"securityContext": {
"runAsUser": 1000,
@@ -344,10 +330,11 @@ hub:
"Authorization": "Bearer %s" % access_token,
}
- # ownCloud user home
await self.append_owncloud_sidecar(spawner, "home", self.OCIS_PERSONAL_SPACE, headers=headers)
- await self.append_owncloud_sidecar(spawner, "shared", self.OCIS_SHARED_WITH_ME, headers=headers)
+ await self.append_owncloud_sidecar(spawner, "shares", self.OCIS_SHARED_WITH_ME, headers=headers)
await self.append_owncloud_sidecar(spawner, "spaces", self.OCIS_SPACES, headers=headers)
+ else:
+ self.log.info("No auth state, skipping ownCloud")
c.JupyterHub.spawner_class = WebDavOIDCSpawner
@@ -438,10 +425,6 @@ hub:
<label for="b2drop-pwd" class="form-label">B2DROP app Password</label>
<input type="password" class="form-control" name="b2drop-pwd" id="b2drop-pwd" value="{{ b2drop_pwd }}">
</div>
- <div class='form-group'>
- <input type="checkbox" id="b2drop-remember" name="b2drop-remember" {%if b2drop_ready %}checked{% endif %}>
- <label class="form-check-label" for="from-check-input">Remember B2DROP credentials</label>
- </div>
</div>
</div>
</div>
--
GitLab