Docker 安装自定制 jupyterhub
- 官方最新 jupyterhub 镜像存在问题,这里使用1.0.0版本
- 默认使用 linux 用户体系进行用户认证,需要在 jupyterhub 的 Docker 容器中,/home 路径需要加创建文件夹的权限
部署流程
- 拉取镜像
docker pull jupyterhub/jupyterhub:1.0.0 docker pull jupyterhub/singleuser:1.0.0 - 创建 jupyterhub_network 网络
docker network create --driver bridge jupyterhub_network
- 创建 jupyterhub 的 volume
mkdir -pv /data/jupyterhub/jupyterhub-custom # 用于创建自定制的文件 mkdir -pv /data/jupyterhub/jupyterhub-docker-con # 用于映射docker容器内部的路径,如/home chmod -R 777 /data/jupyterhub
- 在
/data/jupyterhub/jupyterhub-custom下创建jupyterhub_config.py文件使用jwt对进行自定义token认证# coding:utf-8 from tornado import gen from jupyterhub.auth import Authenticator import os import pwd import requests class MyAuthenticator(Authenticator): def system_user_exists(self, username): """Check if the user exists on the system""" try: self.log.info('create user: %s' % username) pwd.getpwnam(username) except Exception as e: self.log.error('create password for user error: %s' % e) return False else: return True def add_system_user(self, username, password): """Create a new local UNIX user on the system. Tested to work on FreeBSD and Linux, at least. """ res = os.system('useradd %(name1)s ' % {'name1': username}) if res: self.log.warn('user %s create failure: %s' % (username, res)) return False # res = os.system('echo %(pass)s |passwd --stdin %(name1)s' % {'name1': username, 'pass': password}) res = os.system('echo %(name1)s:%(pass)s | chpasswd' % {'name1': username, 'pass': password}) if res: self.log.warn('user %s password create failure: %s' % (username, res)) return False return True def check_token_local(self, token): sec = 'l55cj)hh95jorr6!vmhleo0tuyors)xy@@+jaj-^l6wp)))=d$' algorithm = 'HS256' try: d = jwt.decode(token, sec, algorithm) return d.get('user_id') except: return None @gen.coroutine def authenticate(self, handler, data): ''' :param handler: :param data: :return: 成功:username,失败:None ''' self.log.warn(data) token = data.get('token') self.log.warn('request token is: %s' % token) if not token: return None # 验证token user_id, username = self.check_token_local(token) self.log.warn('--- current user id: %s' % user_id) if not user_id or not username: return None user = 'user_%s' %user_id password = 'deault_jupyter_pwd_random_string_for_user' if not self.system_user_exists(user): if self.add_system_user(user, password): return user else: return None return user #user = handler.request.headers.get("User_info") #if user is not None: # user = json.loads(user) # username = user.get("username") # return username c.JupyterHub.authenticator_class = MyAuthenticator c.PAMAuthenticator.encoding = 'utf8' # 指定cookie secret的文件,内容必须是64位哈希字符串,如6dd65ff19de7b8cb6d53031b0ad940e7379e15cf7ab612094d19e8b5141cc52c # c.JupyterHub.cookie_secret_file = '/srv/jupyterhub/jupyterhub_cookie_secret' #创建用户时已经开指定的目录,这里就不需要在指定工作目了 #c.Spawner.notebook_dir = '/data/file' #开启管理员用户 c.JupyterHub.admin_access = True c.JupyterHub.admin_users = {"jupyterhub", "root"} # 白名单 # c.Authenticator.whitelist = {} # Jupyterhub service setting # c.JupyterHub.spawner_class = 'sudospawner.SudoSpawner' c.JupyterHub.base_url = '/jupyter/' c.JupyterHub.cookie_max_age_days = 1 # cookie有效期为1天,默认值14为2周 # customer templstes path, default is [] c.JupyterHub.template_paths = ["templates"]