defeo/jupyterhub-docker

Using GitlabOAuthenticator

MaxRichter opened this issue · 10 comments

Hi,

in order to use the GitlabOAuthenticator, can you please provide an example of what I have to change in jupyterhub-docker/jupyterhub/jupyterhub_config.py in order to use GitLabOAuthenticator instead of GenericOAuthenticator

from oauthenticator.gitlab import GitLabOAuthenticator
c.JupyterHub.authenticator_class = GitLabOAuthenticator

Thank you,
Max

defeo commented

Hello, Max. Yes, the two lines you gave should do it. Is it not working?

Hi Luca,

I realized that this Authenticator uses the cloud hosted version of Gitlab - I have one hosted myself - maybe this is why I did not manage to make it run.

  1. LDAPAuthenticator

As I have also an LDAP running, when I use the LDAPAuthenticator, do I have to remove the oauth2_server part in the docker-compose.yml?

This would also make the UVSQAuthenticator class in jupyterhub_config.py unnecessary or?

  1. X509 failure
    When I run your project straight out of the box I am getting the following error:

level=error msg="failed to load X509 key pair: tls: failed to find any PEM data in certificate input"

Is this coming from the OAuth and should be gone when using the LDAPAuthenticator?

Thanks,
Max

defeo commented

To use GitLabOAuthenticator with your own version of GitLab, simply set an environment variable GITLAB_URL to gitlab instance. See https://github.com/jupyterhub/oauthenticator/blob/master/oauthenticator/gitlab.py#L27-L45

You can add the variable to the environment section of the jupyterhub service.

And, yes, you don't need the oauth2_server service, unless you're using my hack to authenticate to a CAS server.

I had some time to progress, I remove the oauth2_server part and replaced in jupyterhub_config.py the UVSQAuthenticator with GitLabOAuthenticator - so far all fine.

I have set the GITLAB_URL in jupyterhub/Dockerfile
I further changed "traefik.frontend.rule=Host: in docker-compose.yml with the URL of Gitlab.

I can reach the reverse proxy on port 8080.
Now I am stuck and do not know how to access the hub - on port 8000 I get an ERR_CONNECTION_REFUSED and on 80 a 404 page not found.
I have currently deactived https for testing purposes.

You have any clue what I am missing here?

defeo commented

I have set the GITLAB_URL in jupyterhub/Dockerfile

I would have done it in docker-compose.yml, but this should make no difference

I further changed "traefik.frontend.rule=Host: in docker-compose.yml with the URL of Gitlab.

In the jupyterhub service? That doesn't look right: that rule is meant to route external connections to your jupyterhub instance, you shouldn't route them to Gitlab.

I have moved GITLAB_URL to docker-compose.yml looks fine.
I have also changed "traefik.frontend.rule=Host: to my actual hostname, which works fine.

However I am not able to start the docker Spawner with the command you have provided in your example

I am getting the following error:

jupyterhub       |       File "/opt/conda/lib/python3.6/site-packages/jupyterhub/user.py", line 489, in spawn
jupyterhub       |         raise e
jupyterhub       |       File "/opt/conda/lib/python3.6/site-packages/jupyterhub/user.py", line 420, in spawn
jupyterhub       |         server.ip = urlinfo.hostname
jupyterhub       |       File "/opt/conda/lib/python3.6/site-packages/traitlets/traitlets.py", line 585, in __set__
jupyterhub       |         self.set(obj, value)
jupyterhub       |       File "/opt/conda/lib/python3.6/site-packages/traitlets/traitlets.py", line 559, in set
jupyterhub       |         new_value = self._validate(obj, value)
jupyterhub       |       File "/opt/conda/lib/python3.6/site-packages/traitlets/traitlets.py", line 591, in _validate
jupyterhub       |         value = self.validate(obj, value)
jupyterhub       |       File "/opt/conda/lib/python3.6/site-packages/traitlets/traitlets.py", line 2054, in validate
jupyterhub       |         self.error(obj, value)
jupyterhub       |       File "/opt/conda/lib/python3.6/site-packages/traitlets/traitlets.py", line 625, in error
jupyterhub       |         raise TraitError(e)
jupyterhub       |     traitlets.traitlets.TraitError: The 'ip' trait of a Server instance must be a unicode string, but a value of None <class 'NoneType'> was specified.

defeo commented

I've never seen such error. It seems that the spawner is having some problem instantiating the single-user Jupyter server, apparently not returning the IP address of the spawned server. Maybe have a look in the docker logs?

uff - I just realized that I was missing the .env file, so it did not use the same network... looks good now!

One more question, do you have a logout button on the jupyterlab container? I do not see any. Only if I switch to the Jupyter Notebook overview.

defeo commented

Oh, sorry about that. I completely forgot about the .env hack. I wish there was an easier way to control the names generated by docker-compose (maybe there is).

One more question, do you have a logout button on the jupyterlab container? I do not see any. Only if I switch to the Jupyter Notebook overview.

You just need to point to the /hub/logout URL. There is no menu item for this, but I assume it would be easy to write an extension (maybe there is one already).

No problem, I figured it out. But maybe you can write a note in your repo for other users.

I have also found the project that enables the hub logout.

When I have time this week, I will grab everything together in a project and link it to yours.