Merge pull request 'feat: add jupyterhub role' (#173) from neoloc/jupyterhub into develop
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/173
This commit was merged in pull request #173.
This commit is contained in:
@@ -0,0 +1,115 @@
|
||||
# profiles::jupyter::jupyterhub
|
||||
class profiles::jupyter::jupyterhub (
|
||||
Stdlib::AbsolutePath $base_path = '/opt/jupyterhub',
|
||||
Stdlib::AbsolutePath $venv_path = "${base_path}/venv",
|
||||
Stdlib::AbsolutePath $config_path = "${base_path}/config.py",
|
||||
Hash $vault_config = {},
|
||||
String $owner = 'jupyterhub',
|
||||
String $group = 'jupyterhub',
|
||||
Boolean $systempkgs = false,
|
||||
String $version = '3.12',
|
||||
Array[String[1]] $packages = [
|
||||
'jupyterhub',
|
||||
'dockerspawner',
|
||||
'jupyterhub-ldapauthenticator',
|
||||
],
|
||||
String $ldap_server_address = 'ldap://ldap.service.consul',
|
||||
String $ldap_bind_dn_template = 'cn={username},ou=people,ou=users,dc=main,dc=unkin,dc=net',
|
||||
Boolean $ldap_use_ssl = false,
|
||||
Array $ldap_allowed_groups = ['ou=jupyterhub_user,ou=groups,dc=main,dc=unkin,dc=net'],
|
||||
Array $ldap_admin_groups = ['ou=jupyterhub_admin,ou=groups,dc=main,dc=unkin,dc=net'],
|
||||
){
|
||||
|
||||
# ensure nodejs:20 is installed
|
||||
package { 'nodejs_module':
|
||||
ensure => '20',
|
||||
name => 'nodejs',
|
||||
provider => 'dnfmodule',
|
||||
enable_only => true,
|
||||
}
|
||||
-> package { 'nodejs':
|
||||
ensure => 'installed',
|
||||
provider => 'dnf',
|
||||
}
|
||||
-> package { 'npm':
|
||||
ensure => 'installed',
|
||||
provider => 'dnf',
|
||||
}
|
||||
-> package { 'configurable-http-proxy':
|
||||
ensure => installed,
|
||||
provider => 'npm',
|
||||
}
|
||||
|
||||
# ensure python3.12 is installed
|
||||
if $::facts['python3_version'] {
|
||||
|
||||
$python_version = $version ? {
|
||||
'system' => $::facts['python3_version'],
|
||||
default => $version,
|
||||
}
|
||||
|
||||
# ensure the base_path exists
|
||||
file { $base_path:
|
||||
ensure => directory,
|
||||
mode => '0755',
|
||||
owner => $owner,
|
||||
group => $group,
|
||||
require => Profiles::Base::Account['jupyterhub'],
|
||||
}
|
||||
|
||||
# create a venv
|
||||
python::pyvenv { $venv_path :
|
||||
ensure => present,
|
||||
version => $python_version,
|
||||
systempkgs => $systempkgs,
|
||||
venv_dir => $venv_path,
|
||||
owner => $owner,
|
||||
group => $group,
|
||||
require => File[$base_path],
|
||||
}
|
||||
|
||||
# install the required pip packages
|
||||
$packages.each |String $package| {
|
||||
python::pip { "${venv_path}_${package}":
|
||||
ensure => present,
|
||||
pkgname => $package,
|
||||
virtualenv => $venv_path,
|
||||
}
|
||||
}
|
||||
|
||||
# create the config from a template
|
||||
file { $config_path:
|
||||
ensure => file,
|
||||
mode => '0660',
|
||||
owner => $owner,
|
||||
group => $group,
|
||||
content => Sensitive(template('profiles/jupyterhub/config.py.erb')),
|
||||
require => Python::Pyvenv[$venv_path],
|
||||
}
|
||||
|
||||
profiles::base::account {$owner:
|
||||
username => $owner,
|
||||
uid => 1101,
|
||||
gid => 1101,
|
||||
groups => ['systemd-journal'],
|
||||
system => true,
|
||||
}
|
||||
|
||||
systemd::unit_file { 'jupyterhub.service':
|
||||
content => template('profiles/jupyterhub/jupyterhub.service.erb'),
|
||||
enable => true,
|
||||
active => true,
|
||||
subscribe => File[$config_path],
|
||||
require => [
|
||||
File[$config_path],
|
||||
],
|
||||
}
|
||||
|
||||
## create symbolic link in $PATH
|
||||
#file { "/usr/local/bin/${script_name}":
|
||||
# ensure => 'link',
|
||||
# target => "${base_path}/${script_name}",
|
||||
# require => File["${base_path}/${script_name}"],
|
||||
#}
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,43 @@
|
||||
# jupyterhub_config.py
|
||||
|
||||
from dockerspawner import DockerSpawner
|
||||
import os
|
||||
|
||||
c = get_config()
|
||||
|
||||
# Basic JupyterHub settings
|
||||
c.JupyterHub.bind_url = 'http://:8000'
|
||||
c.JupyterHub.hub_ip = '0.0.0.0'
|
||||
c.JupyterHub.hub_port = 8081
|
||||
|
||||
# Configure the DockerSpawner
|
||||
c.JupyterHub.spawner_class = DockerSpawner
|
||||
c.DockerSpawner.image = '<%= @docker_image %>'
|
||||
c.DockerSpawner.network_name = '<%= @docker_network %>'
|
||||
|
||||
# Notebook directory and mount location
|
||||
notebook_dir = '/home/jupyter/work'
|
||||
c.DockerSpawner.notebook_dir = notebook_dir
|
||||
|
||||
# Optional: Volume mapping for user data persistence
|
||||
c.DockerSpawner.volumes = {
|
||||
'jupyterhub-user-{username}': notebook_dir
|
||||
}
|
||||
|
||||
# DockerSpawner options
|
||||
c.DockerSpawner.remove = True
|
||||
c.DockerSpawner.debug = True
|
||||
|
||||
# LDAP Authentication
|
||||
c.JupyterHub.authenticator_class = 'ldapauthenticator.LDAPAuthenticator'
|
||||
|
||||
# LDAP Server settings
|
||||
c.LDAPAuthenticator.server_address = '<%= @ldap_server_address %>'
|
||||
c.LDAPAuthenticator.bind_dn_template = '<%= @ldap_bind_dn_template %>'
|
||||
c.LDAPAuthenticator.use_ssl = <%= @ldap_use_ssl ? 'True' : 'False' %>
|
||||
|
||||
# Restrict access to a specific LDAP group
|
||||
c.LDAPAuthenticator.allowed_groups = <%= @ldap_allowed_groups.to_s %>
|
||||
|
||||
# Set an LDAP group as admins
|
||||
c.LDAPAuthenticator.admin_groups = <%= @ldap_admin_groups.to_s %>
|
||||
@@ -0,0 +1,16 @@
|
||||
[Unit]
|
||||
Description=JupyterHub
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
ExecStart=/opt/jupyterhub/venv/bin/jupyterhub -f /opt/jupyterhub/config.py
|
||||
WorkingDirectory=/opt/jupyterhub
|
||||
User=<%= @owner %>
|
||||
Group=<%= @group %>
|
||||
|
||||
Environment="PATH=/opt/jupyterhub/venv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user