diff --git a/.github/workflows/docker-jhub-nb.yml b/.github/workflows/docker-jhub-nb.yml index 6c843508..8c10182b 100644 --- a/.github/workflows/docker-jhub-nb.yml +++ b/.github/workflows/docker-jhub-nb.yml @@ -46,6 +46,16 @@ jobs: file: ./stable/jhub-aas/docker/Dockerfile.base-htc platforms: linux/amd64 build-args: "NOTEBOOK_VERSION=${{ env.RELEASE_VERSION }}" + - name: Build container base+HTC+DASK image + uses: docker/build-push-action@v2 + with: + context: ./stable/jhub-aas/docker/ + outputs: "type=registry,push=true" + tags: | + ghcr.io/${{ steps.get_repo_owner.outputs.repo_owner }}/notebook:${{ env.RELEASE_VERSION }}-dask + file: ./stable/jhub-aas/docker/Dockerfile.dask + platforms: linux/amd64 + build-args: "NOTEBOOK_VERSION=${{ env.RELEASE_VERSION }}" - name: Build container base+htc+ROOT image uses: docker/build-push-action@v2 with: diff --git a/stable/spark/Chart.yaml b/dev/spark/Chart.yaml similarity index 100% rename from stable/spark/Chart.yaml rename to dev/spark/Chart.yaml diff --git a/stable/spark/README.md b/dev/spark/README.md similarity index 100% rename from stable/spark/README.md rename to dev/spark/README.md diff --git a/stable/spark/templates/spark-master-deployment.yaml b/dev/spark/templates/spark-master-deployment.yaml similarity index 100% rename from stable/spark/templates/spark-master-deployment.yaml rename to dev/spark/templates/spark-master-deployment.yaml diff --git a/stable/spark/values.yaml b/dev/spark/values.yaml similarity index 100% rename from stable/spark/values.yaml rename to dev/spark/values.yaml diff --git a/stable/cachingondemand/Chart.yaml b/stable/cachingondemand/Chart.yaml index 3cfa8d84..6d80f0b0 100755 --- a/stable/cachingondemand/Chart.yaml +++ b/stable/cachingondemand/Chart.yaml @@ -3,8 +3,8 @@ annotations: apiVersion: v1 appVersion: "4.11" description: A Helm chart for the deployment of a XCache cluster -name: cachingondemand -version: 1.0.6 +name: XCache-aaS +version: 1.0.7 icon: https://xrootd.slac.stanford.edu/images/xrootd-logo.png maintainers: - name: dciangot diff --git a/stable/fermi/Chart.yaml b/stable/fermi/Chart.yaml index 041fec52..2cabfb00 100644 --- a/stable/fermi/Chart.yaml +++ b/stable/fermi/Chart.yaml @@ -1,8 +1,8 @@ annotations: - category: stable + category: test apiVersion: v1 name: Fermi-experiment -version: 1.0.4 +version: 1.0.5 appVersion: 8.9.9 description: HTCondor pool for Fermi experiment keywords: diff --git a/stable/htcondor-aas/Chart.yaml b/stable/htcondor-aas/Chart.yaml index b6610b8f..50f55e27 100644 --- a/stable/htcondor-aas/Chart.yaml +++ b/stable/htcondor-aas/Chart.yaml @@ -4,7 +4,7 @@ apiVersion: v1 appVersion: 8.9.9 description: A Helm chart for the deployment of HTCondor cluster name: htcondor -version: 2.1.11 +version: 2.1.13 icon: https://research.cs.wisc.edu/htcondor/images/HTCondor_wiki_logo_small.png maintainers: - name: ttedesch diff --git a/stable/htcondor-aas/templates/deployment_schedd.yaml b/stable/htcondor-aas/templates/deployment_schedd.yaml index bf00b740..c8e7e2b2 100644 --- a/stable/htcondor-aas/templates/deployment_schedd.yaml +++ b/stable/htcondor-aas/templates/deployment_schedd.yaml @@ -25,6 +25,10 @@ spec: values: - schedd topologyKey: kubernetes.io/hostname + hostAliases: + - hostnames: + - {{ .Values.schedd.hostname }} + ip: {{ .Values.master.publicIP }} containers: - name: schedd resources: diff --git a/stable/htcondor-aas/templates/deployment_wn.yaml b/stable/htcondor-aas/templates/deployment_wn.yaml index ec049343..9f0cdbce 100644 --- a/stable/htcondor-aas/templates/deployment_wn.yaml +++ b/stable/htcondor-aas/templates/deployment_wn.yaml @@ -76,8 +76,9 @@ spec: livenessProbe: exec: command: - - ls - - /cvmfs/* + - bash + - -c + - "ls /cvmfs/*" initialDelaySeconds: 30 periodSeconds: 30 {{- end }} diff --git a/stable/htcondor-aas/templates/external_apps/cvmfs-pod.yaml b/stable/htcondor-aas/templates/external_apps/cvmfs-pod.yaml index 88a24ea6..0f846523 100644 --- a/stable/htcondor-aas/templates/external_apps/cvmfs-pod.yaml +++ b/stable/htcondor-aas/templates/external_apps/cvmfs-pod.yaml @@ -70,8 +70,9 @@ spec: livenessProbe: exec: command: - - ls - - /cvmfs/* + - bash + - -c + - "ls /cvmfs/*" initialDelaySeconds: 30 periodSeconds: 600 image: "{{ .Values.cvmfs.image }}:{{ .Values.cvmfs.tag }}" diff --git a/stable/jhub-aas/Chart.yaml b/stable/jhub-aas/Chart.yaml index 707343eb..84f3dc8d 100644 --- a/stable/jhub-aas/Chart.yaml +++ b/stable/jhub-aas/Chart.yaml @@ -2,7 +2,7 @@ annotations: category: stable apiVersion: v1 name: JHUBaaS -version: 1.0.0 +version: 3.0.3 appVersion: 1.3.0 description: JHUBaaS Hub umbrella chart keywords: diff --git a/stable/jhub-aas/docker/Dockerfile b/stable/jhub-aas/docker/Dockerfile index c16af1d3..6c26b85f 100644 --- a/stable/jhub-aas/docker/Dockerfile +++ b/stable/jhub-aas/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/dodas-ts/dodas-iam-client-rec:v0.0.5 as REGISTRATION +FROM ghcr.io/dodas-ts/dodas-iam-client-rec:v0.0.6-pre3 as REGISTRATION FROM jupyterhub/k8s-hub:0.11.1 @@ -17,11 +17,8 @@ RUN echo "jovyan ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers && \ rm /bin/sh && \ ln -s /bin/bash /bin/sh -USER $NB_UID - RUN mkdir -p .init COPY --from=REGISTRATION /usr/local/bin/dodas-IAMClientRec /srv/.init/dodas-IAMClientRec - CMD ["/usr/bin/start.sh", "jupyterhub"] diff --git a/stable/jhub-aas/docker/Dockerfile.base b/stable/jhub-aas/docker/Dockerfile.base index 337a6844..c58005a5 100644 --- a/stable/jhub-aas/docker/Dockerfile.base +++ b/stable/jhub-aas/docker/Dockerfile.base @@ -17,10 +17,43 @@ RUN chmod +x /usr/local/bin/jupyterhub-singleuser && chmod +x /root/.init/spawn. RUN apt-get update \ && apt-get install -y gnupg2 software-properties-common -RUN apt-key adv --keyserver hkp://pgp.surfnet.nl --recv-keys ACDFB08FDC962044D87FF00B512839863D487A87 \ - && add-apt-repository "deb http://repo.data.kit.edu/ubuntu/bionic ./" - -RUN apt-get install -y oidc-agent +#RUN apt-key adv --keyserver hkp://pgp.surfnet.nl --recv-keys ACDFB08FDC962044D87FF00B512839863D487A87 \ +# && add-apt-repository "deb http://repo.data.kit.edu/ubuntu/bionic ./" + +RUN apt-get update && apt-get install -y \ + software-properties-common \ + help2man \ + check \ + devscripts \ + make \ + sudo \ + ca-certificates \ + libcurl4-openssl-dev \ + libsodium-dev \ + libseccomp-dev \ + libmicrohttpd-dev \ + libsecret-1-dev \ + python3 \ + python3-pip \ + wget \ + fuse \ + git \ + build-essential \ + debhelper \ + pkg-config \ + perl \ + sed \ + libqrencode-dev \ + fakeroot + + +RUN cd /opt/ && git clone https://github.com/indigo-dc/oidc-agent \ + && cd oidc-agent \ + && make \ + && make install_lib \ + && make install + +#RUN apt-get install -y oidc-agent COPY ./ca.crt /ca.crt diff --git a/stable/jhub-aas/docker/Dockerfile.base-htc b/stable/jhub-aas/docker/Dockerfile.base-htc index c341c524..92d9811c 100644 --- a/stable/jhub-aas/docker/Dockerfile.base-htc +++ b/stable/jhub-aas/docker/Dockerfile.base-htc @@ -5,17 +5,13 @@ USER root WORKDIR /tmp -RUN wget https://research.cs.wisc.edu/htcondor/tarball/8.9/8.9.9/release/condor-8.9.9-x86_64_Ubuntu20-stripped.tar.gz && \ - tar -xzvf condor-8.9.9-x86_64_Ubuntu20-stripped.tar.gz && \ - sudo mv condor-8.9.9-x86_64_Ubuntu20-stripped/bin/* /usr/bin/ && \ - sudo mkdir /usr/lib/condor && \ - sudo mv condor-8.9.9-x86_64_Ubuntu20-stripped/lib/condor/* /usr/lib/condor/ && \ - sudo mv condor-8.9.9-x86_64_Ubuntu20-stripped/lib/python3/* /usr/lib/python3/ && \ - sudo rm -r condor-8.9.9-x86_64_Ubuntu20-stripped/lib/condor condor-8.9.9-x86_64_Ubuntu20-stripped/lib/python3 && \ - sudo mv condor-8.9.9-x86_64_Ubuntu20-stripped/lib/* /usr/lib/ && \ - sudo mkdir -p /usr/libexec/ && sudo mv condor-8.9.9-x86_64_Ubuntu20-stripped/libexec/* /usr/libexec/ && \ - sudo mkdir /etc/condor +RUN apt-get install -y curl -COPY ./condor_config /etc/condor/condor_config +RUN curl -fsSL https://research.cs.wisc.edu/htcondor/repo/keys/HTCondor-Release.gpg.key | apt-key add - \ + && echo -e "deb [arch=amd64] https://research.cs.wisc.edu/htcondor/repo/ubuntu/8.9 focal main\ndeb-src https://research.cs.wisc.edu/htcondor/repo/ubuntu/8.9 focal main" > /etc/apt/sources.list.d/htcondor.list + +RUN apt update && apt-get install -y htcondor +COPY ./condor_config /etc/condor/condor_config +COPY ./htc-demo /opt/workspace/htc-example WORKDIR /opt/workspace diff --git a/stable/jhub-aas/docker/Dockerfile.dask b/stable/jhub-aas/docker/Dockerfile.dask new file mode 100644 index 00000000..8bfe0d3f --- /dev/null +++ b/stable/jhub-aas/docker/Dockerfile.dask @@ -0,0 +1,70 @@ +ARG NOTEBOOK_VERSION +FROM ghcr.io/dodas-ts/notebook:${NOTEBOOK_VERSION}-htc +USER root + +RUN apt-get install -y dpkg-dev cmake g++ gcc binutils libx11-dev libxpm-dev \ + libxft-dev libxext-dev python libssl-dev \ + gfortran libpcre3-dev \ + xlibmesa-glu-dev libglew1.5-dev libftgl-dev \ + libmysqlclient-dev libfftw3-dev libcfitsio-dev \ + graphviz-dev libavahi-compat-libdnssd-dev \ + libldap2-dev python-dev libxml2-dev libkrb5-dev \ + libgsl0-dev + +WORKDIR /usr/local/share/ +RUN mkdir root6build root6 +RUN git clone --branch distrdf-dask https://github.com/vepadulano/root.git root6source + +WORKDIR /usr/local/share/root6source + +WORKDIR /usr/local/share/root6build +RUN cmake \ + -DCMAKE_INSTALL_PREFIX=/usr/local/share/root6 \ + -DPython3_EXECUTABLE=/opt/conda/bin/python \ + /usr/local/share/root6source + +RUN cmake --build . --target install -- -j4 + +# Dask and jupyterhub +RUN python3 -m pip install --upgrade pip +RUN python3 -m pip install --upgrade setuptools +RUN python3 -m pip install dask \ + dask_jobqueue \ + click==7.1.2 \ + numpy \ + bokeh \ + ipython \ + jupyterhub \ + jupyterlab \ + notebook \ + jupyter-server-proxy \ + ipywidgets +RUN python3 -m pip install "dask[dataframe]" + +# Install DASK jobqueue +RUN pip install dask-remote-jobqueue==0.4.19 + +WORKDIR /opt/workspace +# Old approach +# RUN python3 -m pip install dask-labextension "dask[dataframe]" +# COPY labextension.yaml /usr/local/lib/python3.6/site-packages/dask_labextension/labextension.yaml +RUN curl -fsSL https://deb.nodesource.com/setup_14.x | bash - +RUN DEBIAN_FRONTEND=noninteractive apt install -y nodejs +RUN npm install npm@latest -g +RUN npm install -g typescript yarn + +RUN python -m pip install jupyter-packaging \ + && git clone --branch custom_clusters https://github.com/DODAS-TS/dask-labextension.git + +WORKDIR /opt/workspace/dask-labextension +RUN jlpm +RUN npm run build && npm install +RUN jupyter labextension install . + +RUN mkdir -p /root/.ipython + +COPY labextension.yaml /opt/conda/lib/python3.9/site-packages/dask_labextension/labextension.yaml + +COPY ./jupyterhub-singleuser.sh /usr/local/bin/jupyterhub-singleuser.sh +RUN chmod +x /usr/local/bin/jupyterhub-singleuser.sh +WORKDIR /opt/workspace diff --git a/stable/jhub-aas/docker/htc-demo/simple b/stable/jhub-aas/docker/htc-demo/simple new file mode 100644 index 00000000..f1a22e17 --- /dev/null +++ b/stable/jhub-aas/docker/htc-demo/simple @@ -0,0 +1,4 @@ +#!/bin/bash + +sleep 100 +echo $HOSTNAME \ No newline at end of file diff --git a/stable/jhub-aas/docker/htc-demo/sub b/stable/jhub-aas/docker/htc-demo/sub new file mode 100644 index 00000000..b11ba79f --- /dev/null +++ b/stable/jhub-aas/docker/htc-demo/sub @@ -0,0 +1,7 @@ +universe = vanilla +executable = simple +log = simple.log +output = simple.out +error = simple.error ++OWNER = "condor" +queue \ No newline at end of file diff --git a/stable/jhub-aas/docker/jupyterhub-singleuser b/stable/jhub-aas/docker/jupyterhub-singleuser index 38d1d823..2eba15a9 100644 --- a/stable/jhub-aas/docker/jupyterhub-singleuser +++ b/stable/jhub-aas/docker/jupyterhub-singleuser @@ -5,7 +5,7 @@ import re import sys import time -from jupyterhub.singleuser import main +from jupyterlab.labhubapp import main from subprocess import Popen, DEVNULL if __name__ == '__main__': diff --git a/stable/jhub-aas/docker/jupyterhub-singleuser.sh b/stable/jhub-aas/docker/jupyterhub-singleuser.sh new file mode 100644 index 00000000..1f8f8a56 --- /dev/null +++ b/stable/jhub-aas/docker/jupyterhub-singleuser.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +#source /cvmfs/cms.dodas.infn.it/miniconda3/etc/profile.d/conda.sh +#conda activate cms-dodas + +#export PYTHONPATH=/opt/conda/lib/python3.9/site-packages/:$PYTHONPATH + +source /usr/local/share/root6/bin/thisroot.sh + +#export LD_LIBRARY_PATH=/cvmfs/cms.dodas.infn.it/miniconda3/envs/cms-dodas/lib:$LD_LIBRARY_PATH +#export JUPYTER_PATH=/opt/conda/etc/jupyter +#export JUPYTER_CONFIG_DIR=/opt/conda/etc/jupyter + +python /usr/local/bin/jupyterhub-singleuser "$@" \ No newline at end of file diff --git a/stable/jhub-aas/docker/labextension.yaml b/stable/jhub-aas/docker/labextension.yaml new file mode 100644 index 00000000..5e952bc5 --- /dev/null +++ b/stable/jhub-aas/docker/labextension.yaml @@ -0,0 +1,14 @@ +labextension: + factory: + module: 'dask_remote_jobqueue' + class: 'RemoteHTCondor' + args: [] + kwargs: {} + default: + workers: null + adapt: + null + # minimum: 0 + # maximum: 10 + initial: + [] \ No newline at end of file diff --git a/stable/jhub-aas/docker/spawn.sh b/stable/jhub-aas/docker/spawn.sh index 86249835..3db7aadc 100644 --- a/stable/jhub-aas/docker/spawn.sh +++ b/stable/jhub-aas/docker/spawn.sh @@ -8,8 +8,17 @@ oidc-gen dodas --issuer $IAM_SERVER \ --client-secret $IAM_CLIENT_SECRET \ --rt $REFRESH_TOKEN \ --confirm-yes \ - --scope "openid profile email" \ + --scope "openid profile email wlcg wlcg.groups" \ --redirect-uri http://localhost:8843 \ --pw-cmd "echo \"DUMMY PWD\"" while true; do oidc-token dodas --time 1200 > /tmp/token; sleep 600; done & + +if [[ -f "cvmfs/cms.dodas.infn.it/miniconda3/etc/profile.d/conda.sh" ]]; then + source /cvmfs/cms.dodas.infn.it/miniconda3/etc/profile.d/conda.sh + conda activate cms-dodas + export PYTHONPATH=/opt/conda/lib/python3.9/site-packages/:$PYTHONPATH + source /cvmfs/cms.dodas.infn.it/miniconda3/envs/cms-dodas/bin/thisroot.sh + export JUPYTER_PATH=/opt/conda/etc/jupyter + export JUPYTER_CONFIG_DIR=/opt/conda/etc/jupyter +fi \ No newline at end of file diff --git a/stable/jhub-aas/templates/ssh-forwarder/deployment-ssh-forwarder.yaml b/stable/jhub-aas/templates/ssh-forwarder/deployment-ssh-forwarder.yaml new file mode 100644 index 00000000..17a9857e --- /dev/null +++ b/stable/jhub-aas/templates/ssh-forwarder/deployment-ssh-forwarder.yaml @@ -0,0 +1,56 @@ +{{- if .Values.sshForwarder.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ssh-fwd + labels: + app.kubernetes.io/name: ssh-fwd +spec: + template: + metadata: + labels: + app.kubernetes.io/name: ssh-fwd + spec: + priorityClassName: system-node-critical + containers: + - name: redis + resources: + requests: + memory: {{ .Values.sshForwarder.redis.requests.memory }} + cpu: {{ .Values.sshForwarder.redis.requests.cpu }} + limits: + memory: {{ .Values.sshForwarder.redis.limits.memory }} + cpu: {{ .Values.sshForwarder.redis.limits.cpu }} + imagePullPolicy: {{ .Values.sshForwarder.redis.image.pullPolicy }} + image: "{{ .Values.sshForwarder.redis.image.name }}:{{ .Values.sshForwarder.redis.image.tag }}" + volumeMounts: [] + - name: ssh-fwd + resources: + requests: + memory: {{ .Values.sshForwarder.sshFWD.requests.memory }} + cpu: {{ .Values.sshForwarder.sshFWD.requests.cpu }} + limits: + memory: {{ .Values.sshForwarder.sshFWD.limits.memory }} + cpu: {{ .Values.sshForwarder.sshFWD.limits.cpu }} + imagePullPolicy: {{ .Values.sshForwarder.sshFWD.image.pullPolicy }} + image: "{{ .Values.sshForwarder.sshFWD.image.name }}:{{ .Values.sshForwarder.sshFWD.image.tag | default .Chart.AppVersion }}" + - name: listener + resources: + requests: + memory: {{ .Values.sshForwarder.sshListener.requests.memory }} + cpu: {{ .Values.sshForwarder.sshListener.requests.cpu }} + limits: + memory: {{ .Values.sshForwarder.sshListener.limits.memory }} + cpu: {{ .Values.sshForwarder.sshListener.limits.cpu }} + imagePullPolicy: {{ .Values.sshForwarder.sshListener.image.pullPolicy }} + image: "{{ .Values.sshForwarder.sshListener.image.name }}:{{ .Values.sshForwarder.sshListener.image.tag | default .Chart.AppVersion }}" + volumes: + selector: + matchLabels: + app.kubernetes.io/name: ssh-fwd + + + replicas: 1 + strategy: + type: Recreate +{{- end }} \ No newline at end of file diff --git a/stable/jhub-aas/templates/ssh-forwarder/svc-ssh-forwarder.yaml b/stable/jhub-aas/templates/ssh-forwarder/svc-ssh-forwarder.yaml new file mode 100644 index 00000000..0d22ddaf --- /dev/null +++ b/stable/jhub-aas/templates/ssh-forwarder/svc-ssh-forwarder.yaml @@ -0,0 +1,31 @@ +{{- if .Values.sshForwarder.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: ssh-fwd +spec: + type: NodePort + ports: + - port: 8022 + nodePort: {{ .Values.sshForwarder.sshFWD.nodePort }} + protocol: TCP + name: ssh-fwd + selector: + app.kubernetes.io/name: ssh-fwd + +--- + +apiVersion: v1 +kind: Service +metadata: + name: ssh-listener +spec: + type: ClusterIP + ports: + - port: 8122 + targetPort: 8122 + protocol: TCP + name: listener + selector: + app.kubernetes.io/name: ssh-fwd +{{- end }} \ No newline at end of file diff --git a/stable/jhub-aas/values.schema.json b/stable/jhub-aas/values.schema.json index a99c1911..3b30aa60 100644 --- a/stable/jhub-aas/values.schema.json +++ b/stable/jhub-aas/values.schema.json @@ -2,6 +2,140 @@ "$schema": "http://json-schema.org/schema#", "type": "object", "properties": { + "ssh-forwarder": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "redis": { + "type": "object", + "properties": { + "image": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "pullPolicy": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "integer" + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + }, + "sshFWD": { + "type": "object", + "properties": { + "image": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "pullPolicy": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "integer" + }, + "memory": { + "type": "string" + } + } + }, + "nodePort": { + "type": "integer" + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + }, + "sshListener": { + "type": "object", + "properties": { + "image": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "pullPolicy": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + }, + "limits": { + "type": "object", + "properties": { + "cpu": { + "type": "integer" + }, + "memory": { + "type": "string" + } + } + }, + "requests": { + "type": "object", + "properties": { + "cpu": { + "type": "string" + }, + "memory": { + "type": "string" + } + } + } + } + } + } + }, "ingress": { "type": "boolean", "form": true, @@ -53,6 +187,12 @@ "extraEnv": { "type": "object", "properties": { + "ACCESS_TOKEN": { + "type": "string", + "form": true, + "title": "Insert you IAM access token", + "description": "Enable the cluster to instantiate a IAM Client for you" + }, "ADMIN_OAUTH_GROUPS": { "type": "string" }, diff --git a/stable/jhub-aas/values.yaml b/stable/jhub-aas/values.yaml index 050c6a21..7982c30a 100644 --- a/stable/jhub-aas/values.yaml +++ b/stable/jhub-aas/values.yaml @@ -3,6 +3,44 @@ hostname: jhub..myip.cloud.infn.it ingress: true # Show options for htcondor integration htcondor: false + +sshForwarder: + enabled: false + redis: + image: + pullPolicy: IfNotPresent + name: redis + tag: 6.2.5 + requests: + cpu: 900m + memory: 900M + limits: + cpu: 1 + memory: 1G + sshListener: + image: + pullPolicy: Always + name: dodasts/dask-ssh-listener + tag: v0.1.1 + requests: + cpu: 900m + memory: 900M + limits: + cpu: 1 + memory: 1G + sshFWD: + image: + pullPolicy: Always + name: dodasts/dask-ssh-forwarder + tag: v0.1.1 + nodePort: 31022 + requests: + cpu: 900m + memory: 900M + limits: + cpu: 1 + memory: 1G + # ==== jupyterhub: ingress: @@ -48,10 +86,19 @@ jupyterhub: dynamic: storageClass: longhorn + # extraVolumeMounts: [ { mountPath: /etc/certs, name: hostcerts } ], + # extraVolumes: + # [ + # { + # name: hostcerts, + # secret: { defaultMode: 420, secretName: dask-tls } + # } + # ], + hub: image: name: ghcr.io/dodas-ts/jhub - tag: 'v4.0.1' + tag: 'v5.0.1-pre15' cookieSecret: 72077073d819ce7a118a7dd7e2ce3eb74328cd306faa0540b1045d56113fdd0e # networkPolicy: @@ -76,7 +123,9 @@ jupyterhub: ADMIN_OAUTH_GROUPS: /admins WITH_GPU: "false" HTCONDOR_COLLECTOR_URL: .myip.cloud.infn.it:30618 - HTCONDOR_SCHEDD_NAME: .myip.cloud.infn.it:31618 + HTCONDOR_SCHEDD_NAME: .myip.cloud.infn.it + ACCESS_TOKEN: "" + SSH_NAMESPACE: default extraConfig: myConfig.py: | #!/usr/bin/env python @@ -116,14 +165,14 @@ jupyterhub: with open(cache_file) as f: cache_results = json.load(f) else: - response = subprocess.check_output(['/srv/.init/dodas-IAMClientRec', server_host], env=myenv) + response = subprocess.check_output(['/srv/.init/dodas-IAMClientRec', server_host+"-jhub"], env=myenv) response_list = response.decode('utf-8').split("\n") client_id = response_list[len(response_list)-3] client_secret = response_list[len(response_list)-2] cache_results = { - "client_id": client_id, - "client_secret": client_secret + "client_id": server_host+"-jhub", + "client_secret": "testmepls" } with open(cache_file, "w") as w: json.dump(cache_results, w) @@ -150,6 +199,7 @@ jupyterhub: spawner.environment['REFRESH_TOKEN'] = auth_state['refresh_token'] spawner.environment['USERNAME'] = auth_state['oauth_user']['preferred_username'] spawner.environment['JUPYTERHUB_ACTIVITY_INTERVAL'] = "15" + spawner.environment['SSH_NAMESPACE'] = os.environ.get("SSH_NAMESPACE") amIAllowed = False @@ -253,9 +303,9 @@ jupyterhub: - - - + + +
@@ -310,10 +360,11 @@ jupyterhub: c.KubeSpawner.environment = { "_condor_COLLECTOR_HOST": os.environ["HTCONDOR_COLLECTOR_URL"], "_condor_SCHEDD_HOST": os.environ["HTCONDOR_SCHEDD_NAME"], + "_condor_SCHEDD_NAME": os.environ["HTCONDOR_SCHEDD_NAME"], "_condor_AUTH_SSL_CLIENT_CAFILE": "/ca.crt", "_condor_SEC_DEFAULT_AUTHENTICATION_METHODS": "SCITOKENS", "_condor_SCITOKENS_FILE": "/tmp/token", - "_condot_TOOL_DEBUG": "D_FULLDEBUG,D_SECURITY" + "_condor_TOOL_DEBUG": "D_FULLDEBUG,D_SECURITY" } c.KubeSpawner.extra_container_config = {